CERIAS Weekly Security Seminar - Purdue University

As more disciplines leverage computational and data-driven modeling, the security of campus cyberinfrastructure is becoming increasingly important in order to protect intellectual property and secure a competitive advantage for researchers. Funded by the NSF Cybersecurity Innovation for Cyberinfrastructure (CICI) program, the Purdue Live Security Analyzer (PULSAR) project aims to enhance the cybersecurity of Purdue's campus cyberinfrastructure by developing a cyber attack detection and response capability for the Purdue campus research network. Goals of the project include enabling domain scientists to conduct research with heightened security requirements, enhancing cybersecurity research by making large volumes of production network traffic data available to researchers, and supporting cybersecurity education by engaging undergraduate students in the deployment and operation of advanced cyberinfrastructure. The implementation of PULSAR was led by a team of Purdue undergraduate students alongside mentors from ITaP Security and Policy and Research Computing. Implementation details of the project will be discussed along with information regarding generation of anonymized network traffic datasets.

As more disciplines leverage computational and data-driven modeling, the security of campus cyberinfrastructure is becoming increasingly important in order to protect intellectual property and secure a competitive advantage for researchers. Funded by the NSF Cybersecurity Innovation for Cyberinfrastructure (CICI) program, the Purdue Live Security Analyzer (PULSAR) project aims to enhance the cybersecurity of Purdue’s campus cyberinfrastructure by developing a cyber attack detection and response capability for the Purdue campus research network. Goals of the project include enabling domain scientists to conduct research with heightened security requirements, enhancing cybersecurity research by making large volumes of production network traffic data available to researchers, and supporting cybersecurity education by engaging undergraduate students in the deployment and operation of advanced cyberinfrastructure. The implementation of PULSAR was led by a team of Purdue undergraduate students alongside mentors from ITaP Security and Policy and Research Computing. Implementation details of the project will be discussed along with information regarding generation of anonymized network traffic datasets.

Learn about common attacks against online accounts, ways to protect your accounts against malicious actors, and the next generation of Identity standards and application architecture. About the speaker: Rob Mundt, is an Enterprise Security Architect at Eli Lilly and Company focused on the identity domain. Rob has been at Lilly for 18 years with a majority of that time focused on information security. Rob graduated from Purdue University in 2001 with a degree in Computer Technology with a focus on Telecommunications and Networking. Rob is a proud father of two children, and avid golfer, and a die-hard Cubs fan.

Learn about common attacks against online accounts, ways to protect your accounts against malicious actors, and the next generation of Identity standards and application architecture.

Jim Routh, "The Rise of Unconventional Security Controls"

About the speaker: Jim Routh is the Chief Security Officer for CVS Health and leads the Global Security function focused on cyber security for CVS Health businesses and converged security for the Aetna business division. He is former CSO for Aetna and the former Chair of the H-ISAC Board. He serves as a member of the Advisory Board of the ClearSky Security Fund. He was formerly the Global Head of Application & Mobile Security for JP Morgan Chase. Prior to that he was the CISO for KPMG, DTCC and American Express. Jim is the winner of the 2017 Evanta Breakaway Leaders Award, 2016 Security Alliance Award for Innovation, 2016 ISE Luminary Leadership Award, the Northeast and the 2014 North American Information Security Executive of the Year for Healthcare, the 2009 BITS Leadership Award sponsored by the financial industry in collaboration with NIST and the Department of Treasury.

Recent reports on how side-channel attacks can be used to obtain secret information stored in Cache memories and how current processors that rely on speculative execution of code aids in these side-channel attacks have caught the attention of everyone. Names such as Spectre and Meltdown describe how a well-resourced attacker can discover secret information such as passwords and cyber keys. Since these attacks are applicable most to current processors, made by Intel, AMD and ARM; almost all computing devices (servers, desktops, laptops, cell phones) are vulnerable to such attaches. Several software and some hardware solutions have been suggested and deployed by major vendors; however, most solutions incur performance penalties. In this talk, I will provide an introduction to the architectural features that expose processors to side-channel attacks. I will present some available solutions as well some of our own ideas. I will briefly discuss other research on Cybersecurity at UNT About the speaker: Dr. Krishna Kavi is currently a Professor of Computer Science and Engineering at the University of North Texas and the Director of the NSF Industry/University Cooperative Research Center for Net-Centric and Cloud Software and Systems (NCSS I/UCRC). The center includes more than 20 industrial members and 4 academic institutions. During 2001-2009, he served as the Chair of CSE department at UNT. Prior to joining UNT, he held an Endowed Chair Professorship in Computer Engineering at the University of Alabama in Huntsville, and served on the faculty of the University Texas at Arlington. He was a NSF program manager between 1993-1995. He served on several editorial boards and program committees. He published nearly 200 technical papers, received more than $9M in extramural funding and graduated 15 PhDs and more than 40 MS students. He received his BS in Electrical from the Indian Institute of Science and PhD from Southern Methodist University.

Recent reports on how side-channel attacks can be used to obtain secret information stored in Cache memories and how current processors that rely on speculative execution of code aids in these side-channel attacks have caught the attention of everyone. Names such as Spectre and Meltdown describe how a well-resourced attacker can discover secret information such as passwords and cyber keys. Since these attacks are applicable most to current processors, made by Intel, AMD and ARM; almost all computing devices (servers, desktops, laptops, cell phones) are vulnerable to such attaches. Several software and some hardware solutions have been suggested and deployed by major vendors; however, most solutions incur performance penalties. In this talk, I will provide an introduction to the architectural features that expose processors to side-channel attacks. I will present some available solutions as well some of our own ideas. I will briefly discuss other research on Cybersecurity at UNT

Within recent years, secure comparison protocols have been proposed using binary decomposition and properties of algebraic fields. These protocols have become increasingly efficient, but their performance has seemingly reached a plateau. We propose a new approach to this problem that transforms the comparison function into comparing specialized summations and takes advantage of dynamically switching domains of secret shares and asymmetric computations for intermediate calculations among the participating parties. As a consequence, according to our analysis, communication and computation costs have been brought to a very low and efficient level. Particularly, the communication costs have been considerably reduced both in order as well as the dominating term's order of magnitude. In addition, we propose a secure protocol under the malicious setting which maintains our transformation and is more efficient than the existing work for common domain sizes. About the speaker: Dr. Wei Jiang is an associate professor in the Department of Electrical Engineering and Computer Science of the University of Missouri-Columbia. He received the Bachelor's degrees in both Computer Science and Mathematics from the University of Iowa in 2002. He received the Ph.D. degree from Purdue University in 2008. His research interests mainly include secure multiparty computation and privacy-preserving data analytics. His work has been funded by the National Science Foundation, the Office of Naval Research, the National Security Agency, Google, and the University of Missouri Research Board.

Within recent years, secure comparison protocols have been proposed using binary decomposition and properties of algebraic fields. These protocols have become increasingly efficient, but their performance has seemingly reached a plateau. We propose a new approach to this problem that transforms the comparison function into comparing specialized summations and takes advantage of dynamically switching domains of secret shares and asymmetric computations for intermediate calculations among the participating parties. As a consequence, according to our analysis, communication and computation costs have been brought to a very low and efficient level. Particularly, the communication costs have been considerably reduced both in order as well as the dominating term’s order of magnitude. In addition, we propose a secure protocol under the malicious setting which maintains our transformation and is more efficient than the existing work for common domain sizes.

In this talk the concept of Cyber Physical Human Systems security in the context of aviation systems will be introduced. The talk will also coverthe proposed security framework involving the detecting and responding to the attacks. In addition, the talk will describe the results of vulnerability assessment experiments from Aviations Cyber-Physical Systems pespective and the simulation experiments conducted for several attacks in the context of Internet of Things (IoT). About the speaker: Dr. Sathish A.P. Kumar is currently an Assistant Professor in the Department of Computing Sciences at the Coastal Carolina University, Conway, South Carolina, USA. He earned his PhD degree in Computer Science and Engineering from the University of Louisville, Kentucky, USA in 2007. His current research and teaching interests are in cybersecurity, machine learning, big data analytics and distributed systems. He has published more than 40 technical papers in journals and conference proceedings.

In this talk the concept of Cyber Physical Human Systems security in the context of aviation systems will be introduced. The talk will also cover the proposed security framework involving the detecting and responding to the attacks. In addition, the talk will describe the results of vulnerability assessment experiments from Aviations Cyber-Physical Systems pespective and the simulation experiments conducted for several attacks in the context of Internet of Things (IoT).

Most sophisticated cyber attack follow the well-known cyber kill chain. The first step of the cyber kill chain is the reconnaissance phase where attacker probe the network in search of weakness, misconfiguration, vulnerabilities, and identify potential targets before the actual attack start. To this end, the attacker need to collect important information about the characteristics of each devices (i.e., hardware, operating system, applications), the network topology, the different subnet, firewall rules, access control, privilege, the communication protocol at each layer, and the machine learning algorithm on each IoBT devices. The attacker reconnaissance can be summarized by an attack graph in which the node represent vulnerable IoBT devices and the edge show their associated vulnerabilities. This work investigates cyber deception as a complex game in which each player has three concurrent and interdependent objectives. Each players imperfectly monitor (partial observation) other players' action to find out each player's identity, strategies, payoff, available information, capability, and to continuously predict their intent. Each player strategically select to which players to hide particular information (e.g., camouflage). Each player judiciously manipulate other players' perception (e.g., decoy) based on his observed action, estimated capability, and predicted intent. This work examines from the defender's perspective several deception game on an attack graph. The defender goal is to stop the attacker early in the cyber kill chain and prevents the subsequent more dangerous phases. About the speaker: Charles A. Kamhoua is a researcher at the Network Security Branch of the U.S. Army Research Laboratory (ARL) in Adelphi, MD, where he is responsible for conducting and directing basic research in the area of game theory applied to cyber security. Prior to joining the Army Research Laboratory, he was a researcher at the U.S. Air Force Research Laboratory (AFRL), Rome, New York for 6 years and an educator in different academic institutions for more than 10 years. He has held visiting research positions at the University of Oxford and Harvard University. He has co-authored more than 150 peer-reviewed journal and conference papers. He is a co-inventor of 2 patents and 5 patent applications. He has been at the forefront of several new technologies, co-editing three books at Wiley-IEEE Press entitled "Assured Cloud Computing", "Blockchain for Distributed System Security" and "Modeling and Design of Secure Internet of Things", forthcoming. He has presented over 50 invited keynote and distinguished speeches and has co-organized over 10 conferences and workshops. He has mentored more than 60 young scholars, including students, postdocs, and Summer Faculty Fellow. He has been recognized for his scholarship and leadership with numerous prestigious awards, including the 2019 Federal 100-FCW annual awards for individuals that have had an exceptional impact on federal IT, the 2018 ARL Achievement Award for leadership and outstanding contribution to the ARL Cyber Camo (cyber deception) project, the 2018 Fulbright Senior Specialist Fellowship, the 2017 AFRL Information Directorate Basic Research Award "For Outstanding Achievements in Basic Research," the 2017 Fred I. Diamond Award for the best paper published at AFRL's Information Directorate, 40 Air Force Notable Achievement Awards, the 2016 FIU Charles E. Perry Young Alumni Visionary Award, the 2015 Black Engineer of the Year Award (BEYA), the 2015 NSBE Golden Torch Award—Pioneer of the Year, and selection to the 2015 Heidelberg Laureate Forum, to name a few. He has been congratulated by the White House, the US Congress and the Pentagon for those achievements. He received a B.S. in electronics from the University of Douala (ENSET), Cameroon, in 1999, an M.S. in Telecommunication and Networking from Florida International University (FIU) in 2008, and a Ph.D. in Electrical Engineering from FIU in 2011. He is currently an advisor for the National Research Council postdoc program, a member of the FIU alumni association and ACM, and a senior member of IEEE.

Most sophisticated cyber attack follow the well-known cyber kill chain. The first step of the cyber kill chain is the reconnaissance phase where attacker probe the network in search of weakness, misconfiguration, vulnerabilities, and identify potential targets before the actual attack start. To this end, the attacker need to collect important information about the characteristics of each devices (i.e., hardware, operating system, applications), the network topology, the different subnet, firewall rules, access control, privilege, the communication protocol at each layer, and the machine learning algorithm on each IoBT devices. The attacker reconnaissance can be summarized by an attack graph in which the node represent vulnerable IoBT devices and the edge show their associated vulnerabilities. This work investigates cyber deception as a complex game in which each player has three concurrent and interdependent objectives. Each players imperfectly monitor (partial observation) other players’ action to find out each player’s identity, strategies, payoff, available information, capability, and to continuously predict their intent. Each player strategically select to which players to hide particular information (e.g., camouflage). Each player judiciously manipulate other players’ perception (e.g., decoy) based on his observed action, estimated capability, and predicted intent. This work examines from the defender’s perspective several deception game on an attack graph. The defender goal is to stop the attacker early in the cyber kill chain and prevents the subsequent more dangerous phases.

Nowadays more and more data are gathered for detecting andpreventing cyber attacks. Unique to the cyber securityapplications, learning models face active adversaries that try todeceive learning models and avoid being detected. Hence futuredatasets and the training data no longer follow the samedistribution. The existence of such adversarial samplesmotivates the development of robust and resilient adversariallearning techniques. Game theory offers a suitable framework tomodel the conflict between adversaries and defender. We develop agame theoretic framework to model the sequential actions of theadversaries and the defender, allowing players to maximize theirown utilities. For supervised learning tasks, our adversarialsupport vector machine has a conservative decision boundary,whereas our robust deep neural network plays a random strategyinspired by the mixed equilibrium strategy. One the other hand,in real practice, labeling the data instances often requirescostly and time-consuming human expertise and becomes asignificant bottleneck. We develop a novel grid based adversarialclustering algorithm, to understand adversaries' behavior from alarge number of unlabeled instances. Our adversarial clusteringalgorithm is able to identify the normal regions inside mixedclusters, and to draw defensive walls around the center of the normalobjects utilizing game theoretic ideas. Our algorithm alsoidentifies sub-clusters of adversarial samples and the overlapping areaswithin mixed clusters, and identify outliers which may bepotential anomalies.