CERIAS Weekly Security Seminar - Purdue University

Students: This is a hybrid event. You are encouraged to attend in person in STEW 050B (G52) Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Space Policy Directive-5 Cybersecurity Principles for Space Systems describes both the cyber threat to space systems and the need for these systems to be secure and resilient against cyber-attacks. Most cyber defenses for space systems rely on the ability to detect the adversary. Reliance on detection is a risky proposition, given that anomaly and threat detection remains an open research challenge for both terrestrial and space systems. Furthermore, cyber defenses for space systems must be implemented in size, weight, and power (SWAP)-constrained, real-time operating environments that cannot tolerate increased latency and other common detrimental side-effects of cyber defenses. To overcome these challenges, we have been researching the use to moving target defenses (MTD) to protect space systems against cyber-attacks. MTDs create dynamic, uncertain environments on space systems and can be used to defeat cyber threats against these systems. Furthermore, MTDs do not require detection of an adversary to mitigate the effects of an attack. Our multi-stage-stage research approach is as follows:Development of a generalized MTD algorithm: though conceptually simple, implementation of MTD can be complex. The first research phase focused on the development of a generalized MTD algorithm that implements randomization schemes with limited impact to nominal operations and failsafe commands to re-sync devices, if needed. Application of the MTD algorithms to an exemplar: we demonstrated the MTD algorithm on real MIL-STD-1553 hardware using 4 MTD commands Functional experiments: we evaluated the reliability of the MTD algorithms and whether the use of MTD added unacceptable operational overhead. Cyber resilience experimentation and validation: we exposed the hardware and MTD to cyber-attacks to determine the effectiveness of the MTD algorithms at thwarting attacks and thereby increasing resilience to the attacks. Machine learning experiments: we used machine learning models to analyze whether the MTD algorithm introduced vulnerabilities and if the machine learning models could “crack” the MTD algorithm and predict randomization sequences. The MTD performed well in each of the experiments. Most notably, the cyber resilience experiments showed a 97% reduction in adversarial knowledge. Furthermore, small changes in the MTD algorithm substantially decreased the ability of the machine learning model to decipher randomization sequences.

Students: This is a hybrid event. You are encouraged to attend in person in STEW 050B (G52)Space systems provide many critical functions to the military, federal agencies, and infrastructure networks. Space Policy Directive-5 Cybersecurity Principles for Space Systems describes both the cyber threat to space systems and the need for these systems to be secure and resilient against cyber-attacks. Most cyber defenses for space systems rely on the ability to detect the adversary. Reliance on detection is a risky proposition, given that anomaly and threat detection remains an open research challenge for both terrestrial and space systems. Furthermore, cyber defenses for space systems must be implemented in size, weight, and power (SWAP)-constrained, real-time operating environments that cannot tolerate increased latency and other common detrimental side-effects of cyber defenses. To overcome these challenges, we have been researching the use to moving target defenses (MTD) to protect space systems against cyber-attacks. MTDs create dynamic, uncertain environments on space systems and can be used to defeat cyber threats against these systems. Furthermore, MTDs do not require detection of an adversary to mitigate the effects of an attack. Our multi-stage-stage research approach is as follows:Development of a generalized MTD algorithm: though conceptually simple, implementation of MTD can be complex. The first research phase focused on the development of a generalized MTD algorithm that implements randomization schemes with limited impact to nominal operations and failsafe commands to re-sync devices, if needed. Application of the MTD algorithms to an exemplar: we demonstrated the MTD algorithm on real MIL-STD-1553 hardware using 4 MTD commandsFunctional experiments: we evaluated the reliability of the MTD algorithms and whether the use of MTD added unacceptable operational overhead.Cyber resilience experimentation and validation: we exposed the hardware and MTD to cyber-attacks to determine the effectiveness of the MTD algorithms at thwarting attacks and thereby increasing resilience to the attacks.Machine learning experiments: we used machine learning models to analyze whether the MTD algorithm introduced vulnerabilities and if the machine learning models could "crack" the MTD algorithm and predict randomization sequences. The MTD performed well in each of the experiments. Most notably, the cyber resilience experiments showed a 97% reduction in adversarial knowledge. Furthermore, small changes in the MTD algorithm substantially decreased the ability of the machine learning model to decipher randomization sequences. About the speaker: Chris is a principal member of technical staff in the Systems Security Research Department as part of Sandia's Information Operations Center. Chris supports Sandia's mission in three key areas: cyber-physical cybersecurity research, high-performance computing, and provides cybersecurity expertise outside the lab. Chris regularly publishes in the open literature, is responsible for multiple technical advances and granted patents, and actively seeks opportunities to transition technology outside of Sandia. Chris leads a team researching innovative ways to protect critical infrastructure and other high-consequence operational technology. His work utilizes a technology called moving target defense to protect these systems from adversary attack. He has partnered with Purdue University over the last 2 years to determine the strength of the innovative, patent-awarded MTD algorithm he has created. His work has explored adapting communication security primitives to utilize his algorithm for space systems and other national security relevant communications architectures. He current research represents Sandia's national commitment to space systems and Sandia's strategic investment in the Science and Technology Advancing Resilience for Contested Space Mission Campaign. Chris has a long history of mentoring, whether through work with Sandia interns and the Center for Cyber Defenders, invited lectures and presentations to university students, and professional conferences. Chris also stewards early career Sandia staff. Chris participates in the Black Leadership Committee and also contributed to the Division 5000 Workplace Enhancement Team for several years—one year as co-chair. Chris actively seeks training opportunities to broaden and strengthen his technical skills and is a participant in the Strategic Engagement Training program at Sandia. Lastly, he was awarded the 2022 Black Engineer of the Year Award for Research Leadership.

The mission of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University is to provide the defense and intelligence community with the knowledge, methodology, solutions, and highly skilled cybersecurity professionals to mitigate penetration and manipulation of our nation's cyber-physical infrastructure. Internet of Things (IoT) devices permeate all areas of life and work, with unprecedented economic effects. Critical infrastructures in transportation, smart grid, manufacturing, health care, and many others depend on embedded systems for distributed control, tracking, and data collection. While protecting these systems from hacking, intrusion, and physical tampering is paramount, current solutions rely on unsustainable patchwork solutions. Transformative solutions are required to protect systems where the ubiquity of connectivity and heterogeneity of IoT devices exacerbate the attack surface. Our research focuses on the convergence of IoT, 5G, and artificial intelligence in the context of the Zero Trust networks. We will present our security-in-depth approach to provide secure and resilient operation. About the speaker: Dr. Kevin T. Kornegay received the B.S. degree in electrical engineering from Pratt Institute, Brooklyn, NY, in 1985 and the M.S. and Ph.D. degrees in electrical engineering from the University of California at Berkeley in 1990 and 1992, respectively. He is currently the Eugene Deloatch IoT Security Endowed Professor and Director of the Cybersecurity Assurance and Policy (CAP) Center for Academic Excellence in the Electrical and Computer Engineering Department at Morgan State University in Baltimore, MD. His research interests include hardware assurance, reverse engineering, secure embedded systems, side-­‐channel analysis, and differential fault analysis. Dr. Kornegay serves or has served on the technical program committees of several international conferences, including the IEEE Symposium on Hardware Oriented Security and Trust (HOST), USENIX Security, the IEEE Physical Assurance and Inspection of Electronics (PAINE), and the ACM Great Lakes Symposium on VLSI (GLSVLSI). He is the recipient of numerous awards, including He is the recipient of multiple awards, including the NSF CAREER Award, IBM Faculty Partnership Award, National Semiconductor Faculty Development Award, and the General Motors Faculty Fellowship Award. He is currently a senior member of the IEEE, and Eta Kappa Nu, Sigma Xi, and Tau Beta Pi engineering honor societies.

The mission of the Cybersecurity Assurance and Policy (CAP) Center at Morgan State University is to provide the defense and intelligence community with the knowledge, methodology, solutions, and highly skilled cybersecurity professionals to mitigate penetration and manipulation of our nation’s cyber-physical infrastructure. Internet of Things (IoT) devices permeate all areas of life and work, with unprecedented economic effects. Critical infrastructures in transportation, smart grid, manufacturing, health care, and many others depend on embedded systems for distributed control, tracking, and data collection. While protecting these systems from hacking, intrusion, and physical tampering is paramount, current solutions rely on unsustainable patchwork solutions. Transformative solutions are required to protect systems where the ubiquity of connectivity and heterogeneity of IoT devices exacerbate the attack surface. Our research focuses on the convergence of IoT, 5G, and artificial intelligence in the context of the Zero Trust networks. We will present our security-in-depth approach to provide secure and resilient operation.

With the rapidproliferation of pervasive electronic devices in our lives, the internet ofthings (IoT) has become a reality and its influence on our day to dayactivities is set to further increase with a projected 125 Billion connecteddevices by 2030. However, this poses serious security and privacy issues as wewill no longer have direct control over with whom and what our devicescommunicate. Counterfeit, hacked, or cloned devices acting on a network are asignificant threat. In addition, IoT devices are often low-cost in area,low-power and typically are restricted in both memory and computing power. This talk will outlinethe challenges in addressing security for resource-constrained IoT devices and discussthe opportunities offered by research solutions proposed at the Centre forSecure Information Technologies (CSIT), Queen's University Belfast, inproviding effective security for IoT devices. The talk will detail our researchin Physical Unclonable Functions (PUFs), Hardware Trojan detection, Side-channelanalysis and post-quantum cryptography. About the speaker: Professor Máire O'Neill has a stronginternational reputation for her research in hardware security and appliedcryptography. She is Regius Professor in Electronics and Computer Engineeringand Director of the Centre for Secure Information Technologies (CSIT) atQueen's. She is also Director of the £5M UK Research Institute in SecureHardware and Embedded Systems (RISE: www.ukrise.org) and is a member of the UKAI Council. She has received numerous awards which include a BlavatnikEngineering and Physical Sciences medal, 2019 and a Royal Academy ofEngineering Silver Medal. She has authored two research books and over 175peer-reviewed conference and journal publications. She is a Fellow of the RoyalAcademy of Engineering, a member of the Royal Irish Academy and Fellow of theIrish Academy of Engineering.

With the rapidproliferation of pervasive electronic devices in our lives, the internet ofthings (IoT) has become a reality and its influence on our day to dayactivities is set to further increase with a projected 125 Billion connecteddevices by 2030. However, this poses serious security and privacy issues as wewill no longer have direct control over with whom and what our devicescommunicate. Counterfeit, hacked, or cloned devices acting on a network are asignificant threat. In addition, IoT devices are often low-cost in area,low-power and typically are restricted in both memory and computing power. This talk will outlinethe challenges in addressing security for resource-constrained IoT devices and discussthe opportunities offered by research solutions proposed at the Centre forSecure Information Technologies (CSIT), Queen’s University Belfast, inproviding effective security for IoT devices. The talk will detail our researchin Physical Unclonable Functions (PUFs), Hardware Trojan detection, Side-channelanalysis and post-quantum cryptography.

The mobile network (e.g., 4G LTE and 5G NR), the only large-scale wireless network infrastructure on par with the Internet, plays a critical role in interconnecting various mobile devices (e.g., smartphones, massive/critical IoT devices) and providing them with ubiquitous network services. In recent years, more users are accessing the Internet through mobile networks; since the first quarter of 2021, mobile devices (excluding tablets) have generated more than 54% of global website traffic. However, the security of the nowadays mobile networked systems is still far from being satisfactory. Unprecedented malicious attacks against mobile devices and the mobile network infrastructure cannot be effectively defended by the current complicated and error-prone design and pose real threats to a large number of users. In this talk, I would like to share with you my research experience in identifying various security vulnerabilities in essential mobile network services using formal and/or empirical approaches and securing billions of mobile users and the infrastructure. About the speaker: Dr. Guan-Hua Tu is an assistant professor in the department of computer science and engineering at Michigan State University. He is the director of the Security, Networking, and Mobile Systems Research (SNMS) laboratory. He received his Ph.D. degree in Computer Science from the University of California, Los Angeles. Prior to that, he worked at MediaTek as a wireless communication software engineer, project manager, and researcher (invented eight U.S. patents). His research interests are in the broad areas of security, IoT, mobile systems, and wireless networking, with a recent focus on innovating 5G/4G mobile network architecture/protocol/technologies, cellular/Wi-Fi IoT, secure cloud computing/services, blockchain technologies. He and his research group have identified a large number of security vulnerabilities in operational 4G/5G mobile ecosystems. The research results have been published in the most prestigious networking and security conferences and journals, e.g., ACM CCS, MobiCom, MobiSys, ACM/IEEE Transactions on Networking, IEEE Transactions on Mobile Computing, etc. The solutions they proposed have been adopted by tier-one industrial partners, e.g., AT&T, T-Mobile, Verizon, and Facebook. He was a recipient of the Facebook security award, Google security rewards, best paper award at IEEE CNS'18, UCLA dissertation year fellowship award, and the IBM Ph.D. fellowship award.https://www.cse.msu.edu/~ghtu

The mobile network (e.g., 4G LTE and 5G NR), the only large-scale wireless network infrastructure on par with the Internet, plays a critical role in interconnecting various mobile devices (e.g., smartphones, massive/critical IoT devices) and providing them with ubiquitous network services. In recent years, more users are accessing the Internet through mobile networks; since the first quarter of 2021, mobile devices (excluding tablets) have generated more than 54% of global website traffic. However, the security of the nowadays mobile networked systems is still far from being satisfactory. Unprecedented malicious attacks against mobile devices and the mobile network infrastructure cannot be effectively defended by the current complicated and error-prone design and pose real threats to a large number of users. In this talk, I would like to share with you my research experience in identifying various security vulnerabilities in essential mobile network services using formal and/or empirical approaches and securing billions of mobile users and the infrastructure.

For at least two decades, the U.S. intelligence community and special projects agencies have been exploring the potential of prediction markets and crowd-forecasting platforms to better forecast geopolitical and technical trends. Similarly, a number of prominent corporations, including Google, Ford, Yahoo, Hewlett-Packard, and Eli Lilly, have likewise turned to these tools to predict everything from which product lines will be most profitable to whether a deadline is likely to be met. Yet despite this seeming opportunity, there remains a significant gap: almost nobody has deployed the tools for crowd-forecasting to cybersecurity problems. We propose to change that paradigm. We believe that a cybersecurity-focused forecasting market can create useful value-added information for decision-makers. To test this hypothesis we have begun a small beta test applying the principles of crowd-forecasting directly to a set of cybersecurity questions.This talk will provide background on the use of crowd-forecasting for policy and discuss some interim results of the ongoing beta test. About the speaker: Paul Rosenzweig is the founder of Red Branch Consulting PLLC, a homeland security consulting company. He is also a Senior Advisor to The Chertoff Group. Mr. Rosenzweig formerly served as Deputy Assistant Secretary for Policy in the Department of Homeland Security. He is a Professorial Lecturer in Law at George Washington University, and a Senior Fellow in the Tech, Law &Security Program at the American University, Washington College of Law. He serves as an advisor to and former member of the American Bar Association Standing Committee on Law and National Security,and a Contributing Editor of the Lawfare blog. He is a member of the ABA Cybersecurity Legal Task Force and of the United States Court of Appeals for the District of Columbia Circuit Advisory Committee on Admissions and Grievances. He serves, as well, as a Hearing Committee Member of the District of Columbia Board of Professional Responsibility. In 2011 he was a Carnegie Fellow in National Security Journalism at the Medill School of Journalism, Northwestern University.Mr. Rosenzweig is a cum laude graduate of the University of Chicago Law School. He has an M.S. in Chemical Oceanography from the Scripps Institution of Oceanography, University of California at San Diego and a B.A from Haverford College. Following graduation from law school he served as a law clerk to the Honorable R. Lanier Anderson, III of the United States Court of Appeals for the Eleventh Circuit. He is the author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World and of three video lecture series from The Great Courses, Thinking About Cybersecurity: From Cyber Crime to Cyber Warfare; The Surveillance State: Big Data, Freedom,and You; and Investigating American Presidents. He is the co-author (with James Jay Carafano) of Winning the Long War: Lessons from the Cold War for Defeating Terrorism and Preserving Freedom and co-editor (with Jill D. Rhodes and Robert S. Litt) of the Cybersecurity Handbook (3rd ed.). He is also co-editor (with Timothy McNulty and Ellen Shearer) of two books, Whistleblowers, Leaks and the Media: The First Amendment and National Security, and National Security Law in the News: A Guide for Journalists, Scholars,and Policymakers. Mr. Rosenzweig is a member of the Literary Society of Washington.

For at least two decades, the U.S. intelligence community and special projects agencies have been exploring the potential of prediction markets and crowd-forecasting platforms to better forecast geopolitical and technical trends. Similarly, a number of prominent corporations, including Google, Ford, Yahoo, Hewlett-Packard, and Eli Lilly, have likewise turned to these tools to predict everything from which product lines will be most profitable to whether a deadline is likely to be met. Yet despite this seeming opportunity, there remains a significant gap: almost nobody has deployed the tools for crowd-forecasting to cybersecurity problems. We propose to change that paradigm. We believe that a cybersecurity-focused forecasting market can create useful value-added information for decision-makers. To test this hypothesis we have begun a small beta test applying the principles of crowd-forecasting directly to a set of cybersecurity questions. This talk will provide background on the use of crowd-forecasting for policy and discuss some interim results of the ongoing beta test.

Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically patch or mitigate those vulnerabilities. The insertion of security mechanisms that operate at function boundaries (e.g, control flow mitigation, stack guards)require automated detection of those boundaries. This talk discusses the problem, related research and a new technique that is more accurate than other reported approaches. The presentation also discusses some of the limitations and ramifications of typical approaches compare and present these types of experimental results. About the speaker: Dr. Jim Alves-Foss joined the University of Idaho (UI) in Fall of 1991 after receiving his PhD in Computer Science at the University of California, Davis. He taught UIs first cybersecurity course in Spring of 1992. He is Director of the University of Idaho's Center for Secure and Dependable Systems. During his tenure he has published over 125 peer reviewed conference and journal papers, primarily in the cybersecurity area. He has mentored 22 PhD students, over 40 MS students and numerous undergraduates to completion. His research has been sponsored by federal agencies including NSF, DoD, and industry. In 2014-2015 he led UIs2-person team in a DARPA sponsored cybersecurity competition, as the smallest team they placed 2nd in the qualification round, outperforming 100 teams including larger teams from defense contractors and other notable universities.For his efforts he was named a Distinguished Professor, the university's highest faculty rank. 

Automated cyber defense tools require the ability to analyze binary applications, detect vulnerabilities and automatically patch or mitigate those vulnerabilities. The insertion of security mechanisms that operate at function boundaries (e.g, control flow mitigation, stack guards)require automated detection of those boundaries. This talk discusses the problem, related research and a new technique that is more accurate than other reported approaches. The presentation also discusses some of the limitations and ramifications of typical approaches compare and present these types of experimental results.

The war Russia has waged on Ukraine has seemed largely kinetic, but the most effective weapons weilded thus far have been consumer technologies. Putin has pursued a hybrid warfare strategy, yet the Ukrainians have fought his mendacious claims with the realities of conflict captured by mobile devices and social media. Bogged down by guerilla fighting in Ukrainian cities, Putin will view offensive cyber action and aggressive information warfare as increasingly appealing options. Richard Clarke, former U.S. National Coordinator for Security, Infrastructure Protection and Counterterrorism, and the nation’s first “Cyber Czar,” will give us an inside look at what the world has learned about the spillover of warfare in an era of advanced cyber threats. In his latest book, The Fifth Domain: Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats, Clarke delves deep into the political and economic calculations of cyber conflict. He also provides concrete steps that can be taken to achieve cyber resilience, during peacetime and amidst international conflict, including building more resistant systems and raising the costs for escalations in cyberspace.

What kind of projects does one get to lead at an applied cybersecurity center within the National Institute of Standards and Technology (NIST)?This talk will offer insight on the cybersecurity challenges being addressed by projects led by the speaker since he began working at the National Cybersecurity Center of Excellence in 2016. The talk will touch upon the establishment of collaborative team made up of industry, academic, and government members for each project, and discuss how each project leverages a cybersecurity standard or best practice in the functional reference designs built for each project. Throughout each phase of each project, we seek to collaborate, share (document in NIST Special Publication 1800 series practice guides), and advocate for the adoption of our work. This talk will offer some insight into the evolving series of NIST Special Publications known as practice guides (or 1800 series documents) and how these publications connect with the foundational NIST Special Publications in the 800series that are often used to set Federal government standards in computer security, information security, and cybersecurity while often being voluntarily adopted as guidance and standards by industry. This talk aims to leave enough time to address questions and explore whether the audience has new challenges that should become an NCCoE project in the future. At some point during the lecture, the following terms or phrases will be used: cybersecurity framework (functions, categories, subcategories), privacy framework, risk management framework, security and privacy controls, mitigating cybersecurity and privacy risk. About the speaker: Bill Newhouse is a cybersecurity Engineer at the National Cybersecurity Center of Excellence (NCCoE) in the Applied Cybersecurity Division in the Information Technology Laboratory at the National Institute of Standards and Technology(NIST). His work pushes for the adoption of functional cybersecurity reference designs built from commercially available technologies in the NCCoE lab. These projects rely on establishing communities of interest with members from industry,academia, and government to gain insight and passion about the areas of cybersecurity risk that need to be addressed and result in publications known as practice guides. Mr. Newhouse has completed practices guides focused on the hospitality, retail, and Federal sectors. In October 2020, he began a cybersecurity collaboration with the U.S.Department of Energy to research and develop cybersecurity risk management tools for the storage, transportation, and handling of energy resources within the ports of our maritime transportation system. His responsibilities also include identifying ways to include financial services sector use case scenarios in NCCoE projects/practice guides.Mr. Newhouse held the position of deputy director for NIST's National Initiative for Cybersecurity Education (NICE) where he promoted the use of the NICE Framework in education, training, and workforce development activities that grow the number of people who are prepared to mitigate cybersecurity risk. Mr. Newhouse began his Federal career over 35 years ago at NSA as a cooperative education student. During his 23 years at NSA, his work shifted from telecommunication systems to information assurance. His final five years at NSA were spent in the Office of the Secretary of Defense initially with the Assistant Secretary of Defense for Research and Engineering and then with the Office of the Chief Information Officer for Identity and Information Assurance focused on cybersecurity R&D oversight and technology discovery. For over a decade, he represented OSD and then NIST at Federal cybersecurity focused R&D working groups and contributed to three different Federal cybersecurity R&D Strategic Plans.Mr. Newhouse received a Bachelor of Science in Electrical Engineering from the Georgia Institute of Technology and a Master of Science in the Field of Telecommunications Engineering from the George Washington University.

What kind of projects does one get to lead at an applied cybersecurity center within the National Institute of Standards and Technology (NIST)? This talk will offer insight on the cybersecurity challenges being addressed by projects led by the speaker since he began working at the National Cybersecurity Center of Excellence in 2016. The talk will touch upon the establishment of collaborative team made up of industry, academic, and government members for each project, and discuss how each project leverages a cybersecurity standard or best practice in the functional reference designs built for each project. Throughout each phase of each project, we seek to collaborate, share (document in NIST Special Publication 1800 series practice guides), and advocate for the adoption of our work. This talk will offer some insight into the evolving series of NIST Special Publications known as practice guides (or 1800 series documents) and how these publications connect with the foundational NIST Special Publications in the 800series that are often used to set Federal government standards in computer security, information security, and cybersecurity while often being voluntarily adopted as guidance and standards by industry. This talk aims to leave enough time to address questions and explore whether the audience has new challenges that should become an NCCoE project in the future. At some point during the lecture, the following terms or phrases will be used: cybersecurity framework (functions, categories, subcategories), privacy framework, risk management framework, security and privacy controls, mitigating cybersecurity and privacy risk.