Department of Computer Science and Electrical Engineering
Visiting Prof. Ed Raff’s forthcoming book: Inside Deep Learning
Visiting Prof. Ed Raff’s forthcoming book Inside Deep Learning
Congratulation to Dr. Edward Raff for his forthcoming book Inside Deep Learning being published by Manning. The first three chapters are now available free online via Manning’s Early Access Program, with more to come. Dr. Raff is a Chief Scientist at Booz Allen Hamilton and both an alumnus of and visiting assistant professor in the UMBC CSEE department.
He describes the target audience for his book as “the middle between “give me a tool” and ‘CS/Stats/ML Ph.D. graduate book’ that gives utility and understanding.” He gives thanks to his UMBC students in his Computer Science and Data Science classes who have been “guinea pigs for this book/course material.”
Here’s how the publisher describes the book: “Inside Deep Learning is a fast-paced beginners guide to solving common technical problems with deep learning. Written for everyday developers, there are no complex mathematical proofs or unnecessary academic theory. You’ll learn how deep learning works through plain language, annotated code, and equations as you work through dozens of instantly useful PyTorch examples. As you go, you’ll build a French-English translator that works on the same principles as professional machine translation and discover cutting-edge techniques just emerging from the latest research. Best of all, every deep learning solution in this book can run in less than fifteen minutes using free GPU hardware!”
Ed Raff received a Ph.D. in Computer Science in 2018 with a dissertation on “Malware Detection and Cyber Security via Compression.” He is currently a Chief Scientist at Booz Allen Hamilton. He has done research on deep learning, malware detection, reproducibility in machine learning, detecting fairness and bias in machine learning models and data analytics, and high-performance computing. He has also been a visiting Assistant Professor at UMBC since 2018 and taught in both the Computer Science and Data Science programs. Dr. Raff has over 40 peer-reviewed publications, three best paper awards, and has presented at many major conferences.
event: UMBC INSuRE Research Projects from Fall 2020, 12-1:30 ET 12/18
UMBC’s Cyber Defense Lab presents
Presentations of the UMBC INSuRE Research Projects from Fall 2020
The Information Security Research and Education (INSuRE) research collaborative is a network of National Centers of Academic Excellence in Cyber Defense Research (CAE-Rs) universities that cooperate to engage students in solving applied cybersecurity research problems. Since fall 2012, INSuRE has fielded a multi-institutional cybersecurity research course in which BS, MS, and Ph.D. students work in small groups to solve unclassified problems proposed by the National Security Agency (NSA) and by other government and private organizations and laboratories.
Schedule 12:00-12:15pm poster presentations 12:15-12:40pm Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories 12:40-1:05pm Meeting Mayhem: A Network Adversary Game 1:05-1:30pm Analysis of the 5G AKA protocol with Comparison to 4G AKA
Detecting Web-Based Cryptomining Malware by Mining Open-Source Repositories Naomi Albert, Elias Enamorado, Benjamin Padgette, Anshika Patel Technical Director: William J. La Cholter (APL) UMBC Expert: Charles Nicholas
Meeting Mayhem: A Network Adversary Game Richard Baldwin, Trenton Foster Technical Director: Edward Zieglar (NSA) UMBC Experts: Marc Olano, Linda Oliva
Meeting Mayhem, a web-based educational game, teaches adversarial thinking through the Dolev-Yao security model. Meeting Mayhem is based on the paper-and-pencil “Protocol Analysis Game,” introduced by Edward Zieglar and adapted by UMBC PhD student Enis Golaszewski. Two or more users try to arrange a meeting time and place by sending messages through an insecure network controlled by an adversary. Through self discovery, players learn the dangers of network communications and the value of sound protocols supported by encryption, hashing, and digital signatures.
Formal Methods Analysis of the 5G AKA protocol, with Comparison to 4G AKA Prajna Bhandary, Ryan Jahnige, Jason Schneck Technical Director: Edward Zieglar (NSA)
We analyze the Fifth Generation (5G) Authentication and Key Agreement (AKA) protocol and the Fourth Generation (4G) Evolved Packet System Authentication and Key Agreement (EPS-AKA) protocol for possible structural faults using the Cryptographic Protocol Shapes Analyzer (CPSA). It is fundamental to provide authentication and key management in the security of cellular networks. 5G AKA provides mutual authentication between subscribers and the network, by providing the keys to protect both signaling and user plane data. 4G defines an authentication method, EPS-AKA, whereas 5G offers several different authentication techniques: 5G AKA, 5G EAP-AKA, and 5G EAP-TLS. In addition to our formal method analysis of 5G AKA and 4G EPS-AKA, we also analyze the differences in security properties between the 4G EPS-AKA protocol, and 5G AKA protocol. We verify that the upgrades made to 4G EPS-AKA improves control of the Home Network (HN) in 5G AKA. Additionally, we found that the ambiguous nature of the documentation regarding the channel between Serving Network (SN) and HN results in authentication concerns and we propose a solution.
Course Instructor: Alan T. Sherman
Support for this event is provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL meetings:
Biweekly CDL talks will resume in the spring 2021 semester. The 2021 UMBC SFS/CySP Research Study will take place remotely in January (likely January 11-15).
talk: Intelligence Community Election Security 2020, 12-1 Fri Dec 11
talk: Tim Brennan on “Economics of Law” – Insights into Cybersecurity Policy, 12pm Tue 12/8
The UMBC Center for Cybersecurity (UCYBR) Presents
“Economics of Law” – Insights into Cybersecurity Policy
Cybersecurity raises questions about who owns data and how best to discourage security breaches. This talk will offer some unexpected and perhaps controversial perspectives from economics on relevant questions, including: Who presumptively should own data? What is the purpose of liability law? Should those who violate data security always be liable, or only if they fail to take appropriate measures to prevent leaks? Could “the market” solve the problem, e.g., by people choosing where to shop on the basis of data security? Would regulation be a better means than liability to promote cybersecurity? Don’t expect answers to these questions; my hope is to stimulate and hopefully inform the discussion. If time allows, I’ll review some major actions by the Federal Trade Commission, who is the lead national agency policing privacy-related conduct.
Dr. Tim Brennan is professor emeritus of public policy and economics at UMBC, retiring in July 2020 after thirty years on the UMBC faculty. He has also been FCC Chief Economist, held the T.D. MacDonald Chair in the Canadian government’s Competition Bureau, and served on the staff of the White House Council of Economic Advisers. Before UMBC, he was an associate professor of telecommunications and public policy at George Washington University and a staff economist at the US Department of Justice Antitrust Division. He has over 130 articles and book chapters and books on competition policy, economic regulation, telecommunications and energy policy, intellectual property, and economic methods. His MA in math and Ph..D. in economics are from the University of Wisconsin.
talk: Medical Informatics – Promise and Barriers Towards Precise Medicine, 10am ET Mon 11/23, Webex
The challenging time facing the pandemic forced us to relate to the human being’s broadband picture and his surrounding as one functioning system across countries and continents. The need is to relate both to the Micro (including in-body, physical, and mental conditions) and the Macro (such as environmental, cultural, and economic factors) providing a comprehensive understanding of the human body functioning in the surrounding, towards a precise, personalized “disease signature,” definition, especially these days. A systematic literature review on the “disease signature” term revealed no clear definition. In many articles, the “disease signature” phrase appears as a single biomarker (often genetic), mainly related to neurology or oncology. (Stemmer, A. at All, 2019. Journal of Molecular Neuroscience, 67(4)). The major goal is the unity of nature, science, and technology, from the nanoscale towards converging knowledge and tools, at a confluence of disciplines, as was envisioned by the NSF in 2001 (NBIC) and further at the joint EU-US WTEC effort “Converging of Knowledge, Technology, Society,” Roco et al., Springer 2013.
The COVID-19 global health emergency increased the need for early precise diagnosis and treatment while facing major physical and mental threat and stress, such as Post Traumatic Stress Disorder (PTSD). These understandings reemphasized the need to join all forces, converge, verify and embed all knowledge, expertise, and new advanced technologies in the various disciplines. Furthermore, it enforced to verify the data originated by various sources while bridging all cultural, conceptual, curation and technology barriers, preserving privacy and ethics regulations and ensuring reliable advanced analysis tools. All of the above provide profound insight into the human body and brain functioning in the surrounding and reliable “Disease Signature,” followed by suitable therapeutic treatment.
The question to be asked: Are we able to collect Big enough data, distributed and representative enough, while bridging all barriers and accurate analysis tools to ensure reliable, replicable, reproducible outcome towards precise, personalized medicine? The Brain Medical Informatics Platform (MIP), developed by the EU Human Brain Flagship Project, as part of the EBRAINS platform, is a key feasibility study along these lines. It involves broad clinical data collections from 30 hospitals, converging knowledge and data, embedding new technologies for data privacy, preservation, and curation, as well as sophisticated analysis tools. The MIP and EBRAINS framework goal is to identify “BRAIN Disease Signatures” towards reliable medical treatment. A 3C (Categorize, Classify, Cluster) Methodology, developed in our lab, is one of the tools available on the MIP. It incorporates expert medical knowledge and experience into the analysis process of disease manifestation and potential biomarkers towards reliable insights. The 3C approach was applied to the ADNI (Alzheimer’s disease Neuro Imaging) cohort, discovering association with new subtypes, which were later verified using the Rome Gemelli hospital labs clinical data. Other case studies were Parkinson’s Disease, genetic and biomarker research: (Tal Kozlovski, et al., 2019, Frontiers in Neurology, Movement Disorders), as well as PTSD research (Ben-Zion et al., 2020, Translational Psychiatry), both in collaboration with the Tel Aviv Medical Center. The COVID-19 global health emergency increased the need for early precise diagnosis and treatment while facing major physical and mental threat and stress, such as Post Traumatic Stress Disorder (PTSD). These understandings reemphasized the need to join all forces, converge, verify and embed all knowledge, expertise, and new advanced technologies in the various disciplines. Furthermore, it enforced to verify the data originated by various sources while bridging all cultural, conceptual, curation and technology barriers, preserving privacy and ethics regulations and ensuring reliable advanced analysis tools. All of the above to provide profound insight into the human body and brain functioning in the surrounding as well as reliable “Disease Signature”, followed by suitable therapeutic treatment.
Providing “Healthy Aging” to the elderly is a perfect example conceiving all, these days, as the elderly became one of the vulnerable groups at risk. The loneliness and isolation forced by the current pandemic results in severe conditions, including stress disorders and PTSD. Thus, an International “Healthy Aging” initiative was established at TAU, promoting broad interdisciplinary research, combining knowledge and data analysis as well as advanced technologies, from most areas of science: including economics, art, social sciences, mental and physical health, lifestyle, engineering, etc. All that to ensure the best fitted reliable treatment and a balanced quality of life to the elderly in general, and in these days, in particular.
Dr. Mira Marcus-Kalish is the Director of International Research Collaborations at Tel Aviv University. Her main areas of research are mathematical modeling, converging technologies, and data mining. Dr. Kalish holds a Ph.D. in Operations Research from the Technion, Israel Institute of Technology, where she developed one of the first computerized systems for electrocardiogram (ECG) diagnosis. Her postdoctoral training was at Harvard University, the MBCRR (Molecular Biology Computer Research and Resource) laboratory, and at the Dana Farber Cancer Institute. She was awarded her B.Sc. in Statistics and Biology from the Hebrew University of Jerusalem
talk: Elisa Bertino on Security and Privacy in the IoT, 1-2 Fri 11/20
The Internet of Things (IoT) paradigm refers to the network of physical objects or”things” embedded with electronics, software, sensors, and connectivity to enable objects to exchange data with servers, centralized systems, and/or other connected devices based on a variety of communication infrastructures. IoT makes it possible to sense and control objects creating opportunities for more direct integration between the physical world and computer-based systems. IoT will usher automation in a large number of application domains, ranging from manufacturing and energy management (e.g., Smart Grid), to healthcare management and urban life (e.g. Smart City). However, because of its fine-grained, continuous, and pervasive data acquisition and control capabilities, IoT raises concerns about security and privacy. Deploying existing security solutions to IoT is not straightforward because of device heterogeneity, highly dynamic and possibly unprotected environments, and large scale. In this talk, after outlining key challenges in IoT security and privacy, we present initial approaches to securing IoT data and then focus on our recent work on security analysis for cellular network protocols and edge-based anomaly detection.
Elisa Bertino is a professor of Computer Science at Purdue University. Prior to joining Purdue, she was a professor and department head at the Department of Computer Science and Communication of the University of Milan. She has been a visiting researcher at the IBM Research Laboratory (now Almaden) in San Jose, at the Microelectronics and Computer Technology Corporation, at Rutgers University, and at Telcordia Technologies. Her main research interests include security, privacy, database systems, distributed systems, and sensor networks. Her research focuses on digital identity management, biometrics, IoT security, security of 4G and 5G cellular network protocols, and policy infrastructures for managing distributed systems. Prof. Bertino has published more than 700 papers in all major refereed journals, and in proceedings of international conferences and symposia. She has given keynotes, tutorials, and invited presentations at conferences and other events. She is a Fellow member of ACM, IEEE, and AAAS. She received the 2002 IEEE Computer Society Technical Achievement Award “For outstanding contributions to database systems and database security and advanced data management systems”, the 2005 IEEE Computer Society Tsutomu Kanai Award for “Pioneering and innovative research contributions to secure distributed systems”, and the ACM 2019-2020 Athena Lecturer Award.
talk: Cybersecurity & Local Government: Findings from a Nationwide Survey, 12-12 EST 11/19
Cybersecurity and Local Government: Findings from a Nationwide Survey
This talk will discuss data and results from the first nationwide survey of cybersecurity among local or grassroots governments in the United States, examines how these governments manage this important function. As we have shown elsewhere, cybersecurity among local governments is increasingly important because these governments are under constant or nearly constant cyberattack. Due to the frequency of cyberattacks, as well as the probability that at least some attacks will succeed and cause damage to local government information systems, these governments have a great responsibility to protect their information assets. This, in turn, requires these governments to manage cybersecurity effectively, something our data show is largely absent at the American grassroots. That is, on average, local governments fail to manage cybersecurity well. After discussing our findings, we conclude and make recommendations for ways of improving local government cybersecurity management.
Donald F. Norris is Professor Emeritus, School of Public Policy, University of Maryland, Baltimore County. His principal field of study is public management, specifically information technology in governmental organizations, including electronic government and cybersecurity. He has published extensively in refereed journals in these areas. He received a B.S. in history from the University of Memphis and an M.A. and a Ph. D. in political science from the University of Virginia.
Laura Mateczun is a graduate of the University of Maryland Francis King Carey School of Law, and a member of the Maryland Bar. She is currently a Ph.D. student at the University of Maryland, Baltimore County School of Public Policy studying public management. Her research interests involve local government cybersecurity, criminal justice, and the importance of equity in
Alan Sherman and collaborators develop VoteXX with new strategies for secure online voting
Alan Sherman and collaborators develop VoteXX with new strategies for secure online voting
Over the past several months, the topic of online voting has been at the top of the minds of millions of Americans and has been widely debated. Supporters often highlight how it would increase voter turnout through improved accessibility and convenience. Privacy and election integrity are among the top concerns about implementing an online voting system.
Researchers from UMBC and xx.network have been working to design an online voting system that is resistant to coercion and would provide a secure way for people to cast their ballots from computers, tablets, and smartphones in the future. Alan Sherman, professor of computer science and electrical engineering, is developing the system, VoteXX, with David Chaum, a cryptographer known for his work on privacy-centered technology, and Richard Carback ‘05, M.S. ‘08, Ph.D. ‘10, computer science, who has spent his career deflecting would-be hackers.
The security of devices that voters might use to cast their ballot is a significant concern, notes Sherman. He explains that malware on the devices that voters use might change the votes or spy on the voter.
As described in a press release and the researchers’ new whitepaper, VoteXX allows voters to confirm that their ballots were accurately cast, collected, and counted. This system uses ideas from an earlier system, Remotegrity, that the collaborators developed and used in a municipal election in Takoma Park, Maryland, in 2011. Voters received secret vote codes on a scratch-off card via traditional mail, which they used to hide their votes from the software and hardware. Remotegrity was based on Scantegrity, an earlier in-person verifiable voting that was also used in binding elections in Takoma Park, Maryland.
VoteXX uses a combination of simple strategies and complex cryptography to create a more secure online voting scheme. For example, to address the issues of coercion and vote selling, VoteXX allows voters to cancel or change their vote up to a certain deadline. David Chalm explains how this simple capability undermines vote selling. “You make it possible to flip (change or cancel) that vote outside the voting process. Because a vote buyer cannot be sure you didn’t or won’t flip your vote, they can’t be sure that a voter has been honest with them, making it useless to buy votes.”
This “vote flipping” approach provides a subversively simple yet powerful tool to voters. It’s accomplished by creating a “flip code” during the registration process that allows the voter to flip their vote after casting.
A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol).
BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a masked unique prime. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in a masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter’s choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally—until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received.
In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes.
Farid Javani is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests include algorithms, security, applied cryptography, and distributed systems. He is the manager of the Enterprise Architecture team at CCC Information Services in Chicago. email:
Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1:00 pm. All meetings are open to the public. Upcoming CDL Meetings: Oct. 30, Jonathan Katz (UMCP), [possibly on secure distributed computation]; Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; and Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]