Category: Chen-CS

Research Excellence Fund Awards Announced

by Vice President for Research Office

The Vice President for Research Office announces the Fall 2020 REF awards. Thanks to the individual REF reviewers and the REF review panelists, as well as the deans and department chairs, for their time spent on this important internal research award process.

Research Seed Grants:

  • Sajjad Bigham, Mechanical Engineering-Engineering Mechanics
  • Bo Chen, Computer Science
  • Daniel Dowden, Civil and Environmental Engineering
  • Ana Dyreson, Mechanical Engineering-Engineering Mechanics
  • Hassan Masoud, Mechanical Engineering-Engineering Mechanics
  • Xinyu Ye, Civil and Environmental Engineering

Bo Chen’s Research on COVID-19 Prevention Method to be Published in IEEE IoT Magazine

A paper authored by Michigan Tech Assistant Professor Bo Chen, Computer Science, and Data Science master’s student Shashank Reddy Danda, has been accepted for publication in the IEEE Internet of Things Magazine special issue on Smart IoT Solutions for Combating COVID-19 Pandemic. The special issue will be published in September 2020.

The paper focuses on Chen’s research of COVID-19 prevention through the leveraging of computing technology. The project is currently supported by a Michigan Tech College of Computing seed grant, and external funding for further development is being pursued.

Chen is a member of the ICC’s Center for Cybersecurity.

Download a preprint of the paper here.

Abstract:
Recently, the impact of coronavirus has been witnessed by almost every country around the world. To mitigate spreading of coronavirus, a fundamental strategy would be reducing the chance of healthy people from being exposed to it. Having observed the fact that most viruses come from coughing/sneezing/runny nose of infected people, in this work we propose to detect such symptom events via mobile devices (e.g., smartphones, smart watches, and other IoT devices) possessed by most people in modern world and, to instantly broadcast locations where the symptoms have been observed to other people. This would be able to significantly reduce risk that healthy people get exposed to the viruses. The mobile devices today are usually equipped with various sensors including microphone, accelerometer, and GPS, as well as network connection (4G, LTE, Wi-Fi), which makes our proposal feasible. Further experimental evaluation shows that coronavirus-like symptoms (coughing/sneezing/runny nose) can be detected with an accuracy around 90%; in addition, the dry cough (more likely happening to COVID-19 patients) and wet cough can also be differentiated with a high accuracy.

Bo Chen is an assistant professor in the Department of Computer Science. His areas of expertise include mobile device security, cloud computing security, named data networking security, big data security, and blockchain.

Shashank Reddy Danda is an MS student in Data Science. He is currently working as a research assistant in MTU Security and Privacy (SnP) Lab under the supervision of Dr. Bo Chen.

IEEE Internet of Things Magazine (IEEE IoTM) is a publication of the IEEE Internet of Things Initiative, a Multi-Society Technical Group.

Yu Cai is PI of 2-year NSA GenCyber Project

Professor Yu Cai, Applied Computing, a member of the ICC’s Center for Cybersecurity, is the principal investigator on a two-year project that has received a $99,942 grant from the National Security Agency (GenCyber). The project is titled, “GenCyber Teacher Camp at Michigan Tech. ”

Lecturer Tim Van Wagner (AC) and Assistant Professor Bo Chen (CS, DataS) are Co-PIs. Cai will serve as the camp director, Tim Van Wagner as lead instructor.

This GenCyber project aims to host a week-long, residential summer camp for twenty K-12 STEM teachers in 2021 at Michigan Tech. Target educators are primarily from Michigan and surrounding states.

The objectives of the camp are to teach cybersecurity knowledge and safe online behavior, develop innovative teaching methods for delivering cybersecurity content, and provide professional development opportunities so participants will return to their home schools with contagious enthusiasm about teaching cybersecurity.

The GenCyber camp will be offered at no cost to camp participants. Room and board will be provided. Teacher participants will receive a stipend of $500 for attending and completing camp activities.

Read about the 2019 Michigan Tech GenCyber camps for teachers and students here.

More Achievements for MTU RedTeam

The MTU RedTeam ranked 13th out of 162 teams in a recent 24-hour Cybar OSINT Capture The Flag (CTF) cybersecurity competition. The team finished tied for 5th place, having completed all the challenges presented by the competition.

Students on the team were Trevor Hornsby (Software Engineering), Shane Hoppe (Computer Science), Matthew Chau (Cybersecurity), Steven Whitaker (Electrical Engineering), and Sankalp Shastry (Electrical Engineering).

Professor Yu Cai, Applied Computing, and Assistant Professor Bo Chen, Computer Science, are advisor and co-advisor of RedTeam, respectively. Both are members of the ICC’s Center for Cybersecurity.

RedTeam promotes a security-driven mindset among Michigan Tech students and provides a community and resource for those wishing to learn more about information security. The RedTeam competes in National Cyber League (NCL) competitions, a great way for students to gain competency in cybersecurity tools and boost their resumes.

RedTeam is on Slack at mturedteam.slack.com. Interested students can sign up with a Michigan Tech email. View past RedTeam presentations here.

This OSINT CTF is non-theoretical and contestants work in teams of up to four members to crowdsource the collection of OSINT to assist law enforcement in generating new leads on missing persons.

The contest runs as a Capture the Flag (CTF) format where contestants must collect various “flags” which equate to points. Since the each flag submitted is treated as potential “net new intelligence”, Trace Labs has a team of volunteers known as “Judges” who validate each submission and award points if the flag meets the category requirements. At the end of each CTF, the team with the most points on the scoreboard wins.

Bo Chen, Grad Students Present Posters at Security Symposium

College of Computing Assistant Professor Bo Chen, Computer Science, and his graduate students presented two posters at the 41st IEEE Symposium on Security and Privacy, which took place online May 18 to 21, 2020.

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

Chen leads the Security and Privacy (SnP) lab at Michigan Tech. He is a member of Michigan Tech’s Institute of Computing and Cybersystems (ICC) Center for Cybersecurity (CyberS).

Chen’s research focuses on applied cryptography and data security and he investigates novel techniques to protect sensitive data in mobile devices/flash storage media and cloud infrastructures. Chen is also interested in designing novel techniques to ensure security and privacy of big data.

Chen will serve as general chair for the First EAI International Conference on Applied Cryptography in Computer and Communications (AC3), which will be held in Xiamen, China, in May 2021.

Visit Bo Chen’s faculty webpage here.

Poster: A Secure Plausibly Deniable System for Mobile Devices against Multi-snapshot Adversaries
Authors: Bo Chen, Niusen Chen
Abstract: Mobile computing devices have been used broadly to store, manage and process critical data. To protect confidentiality of stored data, major mobile operating systems provide full disk encryption, which relies on traditional encryption and requires keeping the decryption keys secret. This however, may not be true as an active attacker may coerce victims for decryption keys. Plausibly deniable encryption (PDE) can defend against such a coercive attacker by disguising the secret keys with decoy keys. Leveraging concept of PDE, various PDE systems have been built for mobile devices. However, a practical PDE system is still missing which can be compatible with mainstream mobile devices and, meanwhile, remains secure when facing a strong multi- snapshot adversary. This work fills this gap by designing the first mobile PDE system against the multi-snapshot adversaries.

Poster: Incorporating Malware Detection into Flash Translation Layer
Authors: Wen Xie, Niusen Chen, Bo Chen
Abstract: OS-level malware may compromise OS and obtain root privilege. Detecting this type of strong malware is challeng- ing, since it can easily hide its intrusion behaviors or even subvert the malware detection software (or malware detector). Having observed that flash storage devices have been used broadly by computing devices today, we propose to move the malware detector to the flash translation layer (FTL), located inside a flash storage device. Due to physical isolation provided by the FTL, the OS-level malware can neither subvert our malware detector, nor hide its access behaviors from our malware detector.

The 41st IEEE Symposium on Security and Privacy was sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research. The Symposium was May 18-20, 2020, and the Security and Privacy Workshops were May 21, 2020.

Computing Awards COVID-19 Research Seed Grants

Michigan Tech College of Computing

The College of Computing is pleased to announce that it has awarded five faculty seed grants, which will provide immediate funding in support of research projects addressing critical needs during the current global pandemic.

Tim Havens, College of Computing associate dean for research, said that the faculty seed grants will enable progress in new research that has the potential to make an impact on the current research. Additional details will be shared soon.

Congratulations to the winning teams!

Guy Hembroff (AC, HI): “Development of a Novel Hospital Use Resource Prediction Model to Improve Local Community Pandemic Disaster Planning”

Leo Ureel (CS) and Charles Wallace (CS): “Classroom Cyber-Physical Simulation of Disease Transmission”

Bo Chen (CS): “Mobile Devices Can Help Mitigate Spreading of Coronavirus”

Nathir Rawashdeh (AC, MERET): “A Tele-Operated Mobile Robot for Sterilizing Indoor Space Using UV Light” (A special thanks to Paul Williams, who’s generous gift to support AI and robotics research made this grant possible)

Weihua Zhou (AC, HI) and Jinshan Tang (AC, MERET): “KD4COVID19: An Open Research Platform Using Feature Engineering and Machine Learning for Knowledge Discovery and Risk Stratification of COVID-19″

Congratulations, RedTeam@MTU!

National Cyber League Logo

RedTeam@MTU, one of Michigan Tech’s National Cyber League (NCL) teams, placed 8th out of 689 teams in the recent NCL Fall 2019 cyber competition team game. The team consists of seven College of Computing undergraduate and graduate students: Alexander Larkin, John Claassen, Jack Bergman, Jon Preuth, Trevor Hornsby, Shane Hoppe, and Matthew Chau. In addition, two RedTeam@MTU team members ranked in the top 100 out of 4149 players in the individual game: John Claassen (67th) and Alex Larkin (70th).

“This is a breakthrough since first joining the NCL competition in Fall 2017,” said faculty coach Bo Chen, assistant professor of computer science. “Congratulations to the RedTeam and John Claasen and Alex Larkin!”

Three teams and 21 players from Michigan Tech were involved this season, most of them with the RedTeam@MTU, a student organization which exists to promote a security-driven mindset among the student population, and to provide a community and resource for those wishing to learn more about information security.  The RedTeam is co-advised by Bo Chen and Yu Cai, professor in the College of Computing.

Students from hundreds of U.S. universities participated during the Fall 2019 NCL season, which comprised a week-long Preseason placement game, followed by a weekend Individual Game, and culminating in a weekend Team Game. A total of 689 teams and 4149 players  participated.

In addition, Michigan Tech ranks 11th among the top 100 colleges and universities in the “Team” Cyber Power Rankings, 51st in the Individual Rank, and 23rd in the Participation Rank. The Cyber Power Rankings were created by Cyber Skyline in partnership with the National Cyber League (NCL). The rankings represent the ability of students from these schools to perform real-world cybersecurity tasks on the Cyber Skyline platform, such as identify hackers from forensic data, pentest and audit vulnerable websites, recover from ransomware attacks, and more. Schools are ranked based on their top team performance, their top student’s individual performance, and the aggregate individual performance of their students. View the full ranking list at https://cyberskyline.com/data/power-ranking/fall-2019-national.

Founded in 2011 to provide an ongoing virtual training ground for participants to develop, practice, and validate their cybersecurity skills, the NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants played the games simultaneously during all of the Fall season games.

The NCL challenges are based on the CompTIA Security+™ and EC-Council Certified Ethical Hacker (CEH)™ performance-based exam objectives and include the following content: Open Source Intelligence, Scanning, Enumeration and Exploitation, Password Cracking, Traffic Analysis, Log Analysis, Wireless Security, Cryptography, and Web Application Security. Players of all levels can participate in the NCL games. Through easy, medium and hard challenges, students have multiple opportunities to excel.

Learn more about the NCL at: https://www.nationalcyberleague.org/.

Cyber Skyline Logo

Cyber Skyline is an immersive cloud platform on which to practice, develop, and measure technical cybersecurity skills. It is built for Incident Response Handlers, Security & Network Engineers, SOC Analysts, Software Engineers, Pentesters, and more. Visit the Cyber Skyline website at: https://cyberskyline.com.

Bo Chen Weighs In on Identity Fraud in WalletHub Article

Bo Chen, Computer Science

Bo Chen (CS/CyberS) was featured in the article “2019’s States Most Vulnerable to Identity Theft & Fraud,” published October 16, 2019, in WalletHub.

Link to the article here:https://wallethub.com/edu/states-where-identity-theft-and-fraud-are-worst/17549/#expert=bo-chen

Based in Washington DC, WalletHub is the first-ever website to offer free credit scores and full credit reports that are updated on a daily basis. The company also hosts an artificially intelligent financial advisor that provides customized credit-improvement advice, personalized savings alerts, and 24/7 wallet surveillance, supplemented by reviews of financial products, professionals and companies.

Bo Chen Receives $250K NSF Award for Mobile PDE Systems Research

Bo Chen, CS

Bo Chen, assistant professor of computer science and member of the Institute of Computing and Cybersystems Center for  Cybersecurity, is the principal investigator on a project that has received a $249,918 research and development grant from the National Science Foundation. The project is entitled, “SaTC: CORE: Small: Collaborative: Hardware-Assisted Plausibly Deniable System for Mobile Devices.” This is a potential three-year project.

Abstract: Mobile computing devices typically use encryption to protect sensitive information. However, traditional encryption systems used in mobile devices cannot defend against an active attacker who can force the mobile device owner to disclose the key used for decrypting the sensitive information. This is particularly of concern to dissident users who are targets of nation states. An example of this would be a human rights worker collecting evidence of untoward activities in a region of oppression or conflict and storing the same in an encrypted form on the mobile device, and then being coerced to disclose the decryption key by an official. Plausibly Deniable Encryption (PDE) has been proposed to defend against such adversaries who can coerce users into revealing the encrypted sensitive content. However, existing techniques suffer from several problems when used in flash-memory-based mobile devices, such as weak deniability because of the way read/write/erase operations are handled at the operating systems level and at the flash translation layer, various types of side channel attacks, and computation and power limitations of mobile devices. This project investigates a unique opportunity to develop an efficient (low-overhead) and effective (high-deniability) hardware-assisted PDE scheme on mainstream mobile devices that is robust against a multi snapshot adversary. The project includes significant curriculum development activities and outreach activities to K-12 students.

This project fundamentally advances the mobile PDE systems by leveraging existing hardware features such as flash translation layer (FTL) firmware and TrustZone to achieve a high deniability with a low overhead. Specifically, this project develops a PDE system with capabilities to: 1) defend against snapshot attacks using raw flash memory on mobile devices; and 2) eliminate side-channel attacks that compromise deniability; 3) be scalable to deploy on mainstream mobile devices; and 4) efficiently provide usable functions like fast mode switching. This project also develops novel teaching material on PDE and cybersecurity for K-12 students and the Regional Cybersecurity Education Collaboration (RCEC), a new educational partnership on cybersecurity in Michigan.

Publications related to this research:

[DSN ’18] Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’18), June 2018 (Acceptance rate: 28%)
[Cybersecurity ’18] Qionglu Zhang, Shijie Jia, Bing Chang, Bo Chen. Ensuring Data Confidentiality via Plausibly Deniable Encryption and Secure Deletion – A Survey. Cybersecurity (2018) 1: 1.
[ComSec ’18 ] Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, and Zhan Wang. User-Friendly Deniable Storage for Mobile Devices. Elsevier Computers & Security, vol. 72, pp. 163-174, January 2018
[CCS ’17] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer. 2017 ACM Conference on Computer and Communications Security (CCS ’17), Dallas, Texas, USA, Oct 30 – Nov 3, 2017 (Acceptance rate: 18%)
[ACSAC ’15] Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. MobiPluto: File System Friendly Deniable Storage for Mobile Devices. 2015 Annual Computer Security Applications Conference (ACSAC ’15), Los Angeles, California, USA, December 2015 (Acceptance rate: 24.4%)
[ISC ’14] Xingjie Yu, Bo Chen, Zhan Wang, Bing Chang, Wen Tao Zhu, and Jiwu Jing. MobiHydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices. The 17th Information Security Conference (ISC ’14), Hong Kong, China, Oct. 2014

Link to more information about this project: https://snp.cs.mtu.edu/research/index.html#pde

Bo Chen is PI of $200K NSF Research and Development Grant

Bo Chen (CS/CyberS) is Principal Investigator on a project that has received a $199,975 research and development grant from the National Science Foundation. The project is titled “EAGER: Enabling Secure Data Recovery for Mobile Devices Against Malicious Attacks.” This is a potential two-year project.

Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly used “off-device” backup mechanism, however, suffers from a fundamental limitation that, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users.

A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.

Link to an Unscripted article about related research at  https://www.mtu.edu/unscripted/stories/2018/march/how-to-speed-up-bare-metal-malware-analysis-and-better-protect-mobile-devices.html.