A boardroom election is an election with a small number of voters carried out with public communications. We present BVOT, a self-tallying boardroom voting protocol with ballot secrecy, fairness (no tally information is available before the polls close), and dispute-freeness (voters can observe that all voters correctly followed the protocol).
BVOT works by using a multiparty threshold homomorphic encryption system in which each candidate is associated with a masked unique prime. Each voter engages in an oblivious transfer with an untrusted distributor: the voter selects the index of a prime associated with a candidate and receives the selected prime in a masked form. The voter then casts their vote by encrypting their masked prime and broadcasting it to everyone. The distributor does not learn the voter’s choice, and no one learns the mapping between primes and candidates until the audit phase. By hiding the mapping between primes and candidates, BVOT provides voters with insufficient information to carry out effective cheating. The threshold feature prevents anyone from computing any partial tally—until everyone has voted. Multiplying all votes, their decryption shares, and the unmasking factor yields a product of the primes each raised to the number of votes received.
In contrast to some existing boardroom voting protocols, BVOT does not rely on any zero-knowledge proof; instead, it uses oblivious transfer to assure ballot secrecy and correct vote casting. Also, BVOT can handle multiple candidates in one election. BVOT prevents cheating by hiding crucial information: an attempt to increase the tally of one candidate might increase the tally of another candidate. After all votes are cast, any party can tally the votes.
Farid Javani is a Ph.D. candidate in computer science at UMBC, working with Alan Sherman. His research interests include algorithms, security, applied cryptography, and distributed systems. He is the manager of the Enterprise Architecture team at CCC Information Services in Chicago. email:
Host: Alan T. Sherman, Support for this event was provided in part by the National Science Foundation under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays 12-1:00 pm. All meetings are open to the public. Upcoming CDL Meetings: Oct. 30, Jonathan Katz (UMCP), [possibly on secure distributed computation]; Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]; and Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]
talk: Tracking Hacking: The Disturbing Proliferation of Commercial Spyware, 1pm Oct. 23
Distinguished Speaker Series
The UMBC Center for Cybersecurity and Dept. of Computer Science & Electrical Engineering
Tracking Hacking: The Disturbing Proliferation of Commercial Spyware
Ronald J. Deibert, Ph.D. Prof. of Political Science, Director of Citizen Lab Munk School of Global Affairs and Public Policy, University of Toronto
Political struggles in and through the global Internet and related technologies are entering into a particularly dangerous phase for openness, security, and human rights. A growing number of governments and private companies have turned to “offensive” operations, with means ranging from sophisticated and expensive to homegrown and cheap. A large and largely unregulated market for commercial surveillance technology is finding willing clientele among the world’s least accountable regimes. Powerful spyware tools are used to infiltrate civil society networks, targeting the devices of journalists, human rights defenders, minority movements, and political opposition, often with lethal consequences. Drawing from the last decade of research at the University of Toronto’s Citizen Lab, I will provide an overview of these disturbing trends and discuss some pathways to repairing and restoring the Internet as a sphere that supports, rather than diminishes, human rights.
Ronald J. Deibert is Professor of Political Science and Director of the Citizen Lab at the Munk School of Global Affairs and Public Policy, University of Toronto. The Citizen Lab undertakes interdisciplinary research at the intersection of global security, ICTs, and human rights. The research outputs of the Citizen Lab are routinely covered in global media, including over two dozen reports receiving front-page coverage in the New York Times, Washington Post, and other media over the last decade. Deibert is the author of Black Code: Surveillance, Privacy, and the Dark Side of the Internet (Random House: 2013) Reset: Reclaiming the Internet for Civil Society (House of Anansi: 2020) as well as numerous books, chapters, articles, and reports on Internet censorship, surveillance, and cybersecurity. In 2013, he was appointed to the Order of Ontario and awarded the Queen Elizabeth II Diamond Jubilee medal, for being “among the first to recognize and take measures to mitigate growing threats to communications rights, openness and security worldwide.”
In this talk, Maria Vachino from Easy Dynamics and Dr. James P. Howard from APL will provide an overview of what blockchain is and isn’t, focusing on non-cryptocurrency use cases, will explain the results of their research for the DHS S&T Cybersecurity Directorate, and will provide insight into the value (or lack therefore) of the technology.
Maria Vachino is the Director of Digital Identity at Easy Dynamics where she is focused on Identity Credential & Access Management (ICAM) technologies, policies, & standards, Cybersecurity, and IT modernization for the US Federal Government. She started investigating applications for blockchain technology in 2015 as the Technical and Government Engagement Lead for the DHS S&T Cyber Security Directorate’s Identity Management Research & Development Program while a member of the Senior Professional Staff at the Johns Hopkins Applied Physics Lab. Maria has a BS in Computer Science from UMBC and an MS in Cybersecurity.
Dr. James P. Howard, II (UMBC Ph.D. ’14) is a scientist at the Johns Hopkins Applied Physics Laboratory. Previously, he was a consultant to numerous government agencies, including the Securities and Exchange Commission, the Executive Office of the President, and the United States Department of Homeland Security, and worked for the Board of Governors of the Federal Reserve System as an internal consultant on scientific computing. He is a passionate educator, teaching mathematics and statistics at the University of Maryland Global Campus since 2010 and has taught public management at Central Michigan University, Penn State, and the University of Baltimore. His most recent work has modeled the spread of infectious respiratory diseases and Ebolavirus, predicted global disruptive events, researched using blockchain for government services, and created devices for rescuing victims of building collapse. He is the author of two books.
talk: From UMBC to CEO
The Alex. Brown Center For Entrepreneurship The Raymond V. Haysbert, Sr. Entrepreneurship Lecture Series presents
12:00-1:00 pm Wednesday, 30 September 2020 online via Webex
Come listen to Delali, CEO and Founder of Fearless, talk about his entrepreneurial journey after he left UMBC. Every day Delali strives to make a difference in technology and in his surrounding community. He is passionate about increasing the rate of city youth heading into STEM fields and works closely with city nonprofits to provide funding and mentorship programs in city schools, as well as other educator initiatives. Fearless is a full stack digital services firm in Baltimore, Maryland with a mission to create software with a soul – tools that empower communities and make a difference. Fearless delivers sleek, modern, and user-friendly software designed to push the boundaries of possibility, to create a world where good software powers the things that matter.
Every day Delali strives to make a difference in technology and in his surrounding community. He is passionate about increasing the rate of city youth heading into STEM fields and works closely with city nonprofits to provide funding and mentorship programs in city schools, as well as other educator initiatives.
Delali Dzirasa ‘04 is the CEO and Founder, of Fearless. He received a B.S. in computer engineering from UMBC in 2004. His awards and affiliations include UMBC Outstanding Young Alumni of the Year, 2011; Board Member, Downtown Partnership of Baltimore; Board Member, UMBC College of Engineering & Information Technology; Co-Founder / Chair DevOpsDays, Baltimore; BBJ’s 40 under 40, 2017; Co-Founder, Digital Services Coalition, 2018; Co-Founder, Hack Baltimore, 2018; GBC LEADERship class of 2018; BBJ’s National List of Influential 100; Young Executives, 2018; and BBJ’s Tech 10, 2019.
The Raymond V. Haysbert, Sr. Entrepreneurship Lecture Series provides a platform for successful entrepreneurs to candidly share their experiences and insights with UMBC students, faculty, alumni and the Baltimore business community. The series highlights experiences, lessons learned and unique issues and challenges faced by entrepreneurs in the creation of a new enterprise.
talk: Psychometric Evaluation of the Cybersecurity Concept Inventory, 12-1 Fri 9/18
The UMBC Cyber Defense Lab presents
Psychometric Evaluation of the Cybersecurity Concept Inventory
Computer Science University of Illinois at Urbana-Champaign
Joint work with Geoffrey Herman, Alan Sherman, Linda Oliva, Peter Peterson, Enis Golaszewski, Travis Scheponik, and Akshita Gorti.
We present a psychometric evaluation of a revised version of the Cybersecurity Concept Inventory (CCI) completed by 355 students from 29 colleges and universities. The CCI is a conceptual test of understanding created to enable research on instruction quality in cybersecurity education. This work extends previous expert review and small-scale pilot testing of the CCI. Results show that the CCI aligns with a curriculum many instructors expect from an introductory cybersecurity course, and that it is a valid and reliable tool for assessing what cybersecurity conceptual knowledge students learned.
Seth Poulsen is a PhD candidate in computer science at the University of Illinois at Urbana-Champaign. I’m interested in Computing Education, Programming Language design and implementation, Math Education, and any interesting intersections of the above. Previously, he was a Software Engineer at Amazon.com, working on Kindle Web Rendering and the Kindle Lite Android app. email: ,
Support for this research was provided in part by the U.S. Department of Defense under CAE-R grants H98230-15-1-0294, H98230-15-1-0273, H98230-17-1-0349, H98230-17-1-0347; and by the National Science Foundation under UMBC SFS grants DGE-1241576, 1753681, and SFS Capacity Grants DGE-1819521, 1820531. For more on the educational Cybersecurity Assessment Tools (CATS) Project: https://arxiv.org/pdf/2004.05248.pdf
Host: Alan T. Sherman,
The UMBC Cyber Defense Lab meets biweekly Fridays 12-1pm. All meetings are open to the public. Upcoming CDL Meetings:
Oct. 2, TBA [possibly: security of payment infrastructure]
Oct. 16, TBA [possibly: Jonathan Katz (GMU)]
Oct. 30, TBA
Nov. 13, TBA, [possibly: David R Imbordino (NSA), Security of the 2020 presidential election]
Dec. 11, TBA, [possibly: Peter A. H. Peterson (Univ. of Minnesota Duluth), Adversarial Thinking]
UMBC Data Science Meetup: Data Analytics Challenges in Healthcare
Best Practices for Handling Data Analytics Challenges in Healthcare
5:30 – 7:00 pm EDT, Tuesday, 15 September 2020 free and online; register here to get the link
Aaron specializes in Healthcare & Federal and has worked with numerous private companies & federal agencies around reaching better healthcare outcomes and minimizing fraud through smarter data. Previously Aaron worked at a predictive analytics firm APT helping Fortune 200 companies drive to better data-driven decisions.
We investigate the problem of automating the development of adaptive chosen-ciphertext attacks on systems that contain vulnerable format oracles. Rather than simply automate the execution of known attacks, we consider a more challenging problem: to programmatically derive a novel attack strategy, given only a machine-readable description of the plaintext verification function and the malleability characteristics of the encryption scheme. We present a new set of algorithms that use SAT and SMT solvers to reason deeply over the design of the system, producing an automated attack strategy that can decrypt protected messages entirely.
Matthew Green is an Associate Professor at the Johns Hopkins Information Security Institute. His research includes techniques for privacy-enhanced information storage, anonymous payment systems, and bilinear map- based cryptography. He is one of the creators of the Zerocash protocol, which is used by the Zcash cryptocurrency, and a founder of an encryption startup Zeutro. He was formerly a partner in Independent Security Evaluators, a custom security evaluation and design consultancy, and currently consults independently. From 1999-2003, he served as a senior technical staff member at AT&T Laboratories/Research in Florham Park, NJ. email: Dr. Green writes a popular blog on applied cryptography, A Few Thoughts on Cryptographic Engineering, A Few Thoughts on Cryptographic Engineering
Host: Alan T. Sherman,, Support for this event was provided in part by the NSF under SFS grant DGE-1753681. The UMBC Cyber Defense Lab meets biweekly Fridays. All meetings are open to the public. Upcoming CDL Meetings:
The Cyber Defense Lab hosts biweekly talks on Fridays 12-1pm.
talk: Identifying and Addressing Concerning Behavior in the Digital Age, 12-1 Fri 5/8
talk: Cybersecurity during COVID-19 and other emergencies, 12-1 Tue May 5