Institute of Computing and Cybersystems (ICC) Blog

Category: Chen-CS

Bo Chen, Grad Students Present Posters at Security Symposium

Published
By

College of Computing Assistant Professor Bo Chen, Computer Science, and his graduate students presented two posters at the 41st IEEE Symposium on Security and Privacy, which took place online May 18 to 21, 2020.

Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for presenting developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field.

Chen leads the Security and Privacy (SnP) lab at Michigan Tech. He is a member of Michigan Tech’s Institute of Computing and Cybersystems (ICC) Center for Cybersecurity (CyberS).

Chen’s research focuses on applied cryptography and data security and he investigates novel techniques to protect sensitive data in mobile devices/flash storage media and cloud infrastructures. Chen is also interested in designing novel techniques to ensure security and privacy of big data.

Chen will serve as general chair for the First EAI International Conference on Applied Cryptography in Computer and Communications (AC3), which will be held in Xiamen, China, in May 2021.

Visit Bo Chen’s faculty webpage here.

Poster: A Secure Plausibly Deniable System for Mobile Devices against Multi-snapshot Adversaries
Authors: Bo Chen, Niusen Chen
Abstract: Mobile computing devices have been used broadly to store, manage and process critical data. To protect confidentiality of stored data, major mobile operating systems provide full disk encryption, which relies on traditional encryption and requires keeping the decryption keys secret. This however, may not be true as an active attacker may coerce victims for decryption keys. Plausibly deniable encryption (PDE) can defend against such a coercive attacker by disguising the secret keys with decoy keys. Leveraging concept of PDE, various PDE systems have been built for mobile devices. However, a practical PDE system is still missing which can be compatible with mainstream mobile devices and, meanwhile, remains secure when facing a strong multi- snapshot adversary. This work fills this gap by designing the first mobile PDE system against the multi-snapshot adversaries.

Poster: Incorporating Malware Detection into Flash Translation Layer
Authors: Wen Xie, Niusen Chen, Bo Chen
Abstract: OS-level malware may compromise OS and obtain root privilege. Detecting this type of strong malware is challeng- ing, since it can easily hide its intrusion behaviors or even subvert the malware detection software (or malware detector). Having observed that flash storage devices have been used broadly by computing devices today, we propose to move the malware detector to the flash translation layer (FTL), located inside a flash storage device. Due to physical isolation provided by the FTL, the OS-level malware can neither subvert our malware detector, nor hide its access behaviors from our malware detector.

The 41st IEEE Symposium on Security and Privacy was sponsored by the IEEE Computer Society Technical Committee on Security and Privacy in cooperation with the International Association for Cryptologic Research. The Symposium was May 18-20, 2020, and the Security and Privacy Workshops were May 21, 2020.

Continue Reading →

Computing Awards COVID-19 Research Seed Grants

Published
By
Michigan Tech College of Computing

The College of Computing is pleased to announce that it has awarded five faculty seed grants, which will provide immediate funding in support of research projects addressing critical needs during the current global pandemic.

Tim Havens, College of Computing associate dean for research, said that the faculty seed grants will enable progress in new research that has the potential to make an impact on the current research. Additional details will be shared soon.

Congratulations to the winning teams!

Guy Hembroff (AC, HI): “Development of a Novel Hospital Use Resource Prediction Model to Improve Local Community Pandemic Disaster Planning”

Leo Ureel (CS) and Charles Wallace (CS): “Classroom Cyber-Physical Simulation of Disease Transmission”

Bo Chen (CS): “Mobile Devices Can Help Mitigate Spreading of Coronavirus”

Nathir Rawashdeh (AC, MERET): “A Tele-Operated Mobile Robot for Sterilizing Indoor Space Using UV Light” (A special thanks to Paul Williams, who’s generous gift to support AI and robotics research made this grant possible)

Weihua Zhou (AC, HI) and Jinshan Tang (AC, MERET): “KD4COVID19: An Open Research Platform Using Feature Engineering and Machine Learning for Knowledge Discovery and Risk Stratification of COVID-19″

Weihua Zhou

Nathir Rawashdeh

Leo Ureel

Charles Wallace

Bo Chen

Continue Reading →

Congratulations, RedTeam@MTU!

Published
By

National Cyber League Logo

RedTeam@MTU, one of Michigan Tech’s National Cyber League (NCL) teams, placed 8th out of 689 teams in the recent NCL Fall 2019 cyber competition team game. The team consists of seven College of Computing undergraduate and graduate students: Alexander Larkin, John Claassen, Jack Bergman, Jon Preuth, Trevor Hornsby, Shane Hoppe, and Matthew Chau. In addition, two RedTeam@MTU team members ranked in the top 100 out of 4149 players in the individual game: John Claassen (67th) and Alex Larkin (70th).

“This is a breakthrough since first joining the NCL competition in Fall 2017,” said faculty coach Bo Chen, assistant professor of computer science. “Congratulations to the RedTeam and John Claasen and Alex Larkin!”

Three teams and 21 players from Michigan Tech were involved this season, most of them with the RedTeam@MTU, a student organization which exists to promote a security-driven mindset among the student population, and to provide a community and resource for those wishing to learn more about information security.  The RedTeam is co-advised by Bo Chen and Yu Cai, professor in the College of Computing.

Students from hundreds of U.S. universities participated during the Fall 2019 NCL season, which comprised a week-long Preseason placement game, followed by a weekend Individual Game, and culminating in a weekend Team Game. A total of 689 teams and 4149 players  participated.

In addition, Michigan Tech ranks 11th among the top 100 colleges and universities in the “Team” Cyber Power Rankings, 51st in the Individual Rank, and 23rd in the Participation Rank. The Cyber Power Rankings were created by Cyber Skyline in partnership with the National Cyber League (NCL). The rankings represent the ability of students from these schools to perform real-world cybersecurity tasks on the Cyber Skyline platform, such as identify hackers from forensic data, pentest and audit vulnerable websites, recover from ransomware attacks, and more. Schools are ranked based on their top team performance, their top student’s individual performance, and the aggregate individual performance of their students. View the full ranking list at https://cyberskyline.com/data/power-ranking/fall-2019-national.

Founded in 2011 to provide an ongoing virtual training ground for participants to develop, practice, and validate their cybersecurity skills, the NCL is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants played the games simultaneously during all of the Fall season games.

The NCL challenges are based on the CompTIA Security+™ and EC-Council Certified Ethical Hacker (CEH)™ performance-based exam objectives and include the following content: Open Source Intelligence, Scanning, Enumeration and Exploitation, Password Cracking, Traffic Analysis, Log Analysis, Wireless Security, Cryptography, and Web Application Security. Players of all levels can participate in the NCL games. Through easy, medium and hard challenges, students have multiple opportunities to excel.

Learn more about the NCL at: https://www.nationalcyberleague.org/.

Cyber Skyline Logo

Cyber Skyline is an immersive cloud platform on which to practice, develop, and measure technical cybersecurity skills. It is built for Incident Response Handlers, Security & Network Engineers, SOC Analysts, Software Engineers, Pentesters, and more. Visit the Cyber Skyline website at: https://cyberskyline.com.

Continue Reading →

Bo Chen Weighs In on Identity Fraud in WalletHub Article

Published
By

Bo Chen, Computer Science

Bo Chen (CS/CyberS) was featured in the article “2019’s States Most Vulnerable to Identity Theft & Fraud,” published October 16, 2019, in WalletHub.

Link to the article here:https://wallethub.com/edu/states-where-identity-theft-and-fraud-are-worst/17549/#expert=bo-chen

Based in Washington DC, WalletHub is the first-ever website to offer free credit scores and full credit reports that are updated on a daily basis. The company also hosts an artificially intelligent financial advisor that provides customized credit-improvement advice, personalized savings alerts, and 24/7 wallet surveillance, supplemented by reviews of financial products, professionals and companies.

Continue Reading →

Bo Chen Receives $250K NSF Award for Mobile PDE Systems Research

Published
By

Bo Chen, CS

Bo Chen, assistant professor of computer science and member of the Institute of Computing and Cybersystems Center for  Cybersecurity, is the principal investigator on a project that has received a $249,918 research and development grant from the National Science Foundation. The project is entitled, “SaTC: CORE: Small: Collaborative: Hardware-Assisted Plausibly Deniable System for Mobile Devices.” This is a potential three-year project.

Abstract: Mobile computing devices typically use encryption to protect sensitive information. However, traditional encryption systems used in mobile devices cannot defend against an active attacker who can force the mobile device owner to disclose the key used for decrypting the sensitive information. This is particularly of concern to dissident users who are targets of nation states. An example of this would be a human rights worker collecting evidence of untoward activities in a region of oppression or conflict and storing the same in an encrypted form on the mobile device, and then being coerced to disclose the decryption key by an official. Plausibly Deniable Encryption (PDE) has been proposed to defend against such adversaries who can coerce users into revealing the encrypted sensitive content. However, existing techniques suffer from several problems when used in flash-memory-based mobile devices, such as weak deniability because of the way read/write/erase operations are handled at the operating systems level and at the flash translation layer, various types of side channel attacks, and computation and power limitations of mobile devices. This project investigates a unique opportunity to develop an efficient (low-overhead) and effective (high-deniability) hardware-assisted PDE scheme on mainstream mobile devices that is robust against a multi snapshot adversary. The project includes significant curriculum development activities and outreach activities to K-12 students.

This project fundamentally advances the mobile PDE systems by leveraging existing hardware features such as flash translation layer (FTL) firmware and TrustZone to achieve a high deniability with a low overhead. Specifically, this project develops a PDE system with capabilities to: 1) defend against snapshot attacks using raw flash memory on mobile devices; and 2) eliminate side-channel attacks that compromise deniability; 3) be scalable to deploy on mainstream mobile devices; and 4) efficiently provide usable functions like fast mode switching. This project also develops novel teaching material on PDE and cybersecurity for K-12 students and the Regional Cybersecurity Education Collaboration (RCEC), a new educational partnership on cybersecurity in Michigan.

Publications related to this research:

[DSN ’18] Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’18), June 2018 (Acceptance rate: 28%)
[Cybersecurity ’18] Qionglu Zhang, Shijie Jia, Bing Chang, Bo Chen. Ensuring Data Confidentiality via Plausibly Deniable Encryption and Secure Deletion – A Survey. Cybersecurity (2018) 1: 1.
[ComSec ’18 ] Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, and Zhan Wang. User-Friendly Deniable Storage for Mobile Devices. Elsevier Computers & Security, vol. 72, pp. 163-174, January 2018
[CCS ’17] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer. 2017 ACM Conference on Computer and Communications Security (CCS ’17), Dallas, Texas, USA, Oct 30 – Nov 3, 2017 (Acceptance rate: 18%)
[ACSAC ’15] Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. MobiPluto: File System Friendly Deniable Storage for Mobile Devices. 2015 Annual Computer Security Applications Conference (ACSAC ’15), Los Angeles, California, USA, December 2015 (Acceptance rate: 24.4%)
[ISC ’14] Xingjie Yu, Bo Chen, Zhan Wang, Bing Chang, Wen Tao Zhu, and Jiwu Jing. MobiHydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices. The 17th Information Security Conference (ISC ’14), Hong Kong, China, Oct. 2014

Link to more information about this project: https://snp.cs.mtu.edu/research/index.html#pde

Continue Reading →

Bo Chen is PI of $200K NSF Research and Development Grant

Published
By

Bo Chen (CS/CyberS) is Principal Investigator on a project that has received a $199,975 research and development grant from the National Science Foundation. The project is titled “EAGER: Enabling Secure Data Recovery for Mobile Devices Against Malicious Attacks.” This is a potential two-year project.

Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly used “off-device” backup mechanism, however, suffers from a fundamental limitation that, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users.

A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.

Link to an Unscripted article about related research at  https://www.mtu.edu/unscripted/stories/2018/march/how-to-speed-up-bare-metal-malware-analysis-and-better-protect-mobile-devices.html.

Continue Reading →

ICC Members Receive Achievement Awards at Annual Banquet

Published
By

Soner Onder, Bo Chen, Kevin TrewarthaAt the annual awards banquet of the Michigan Tech Institute of Computing and Cybersysytems (ICC), on Friday, April 12, three ICC members received the ICC Achievement Award in recognition of their exceptional contributions to research and learning in the fields of computing.

Soner Önder, director of the ICC Center for Scalable Architectures and Systems and professor of computer science, was recognized for his research in next-generation architectures. Önder is principal investigator of three National Science Foundation (NSF) grants, and he has three NSF grant proposals under review.

“Soner is one of our very top researchers in terms of research expenditures and new awards,” said Tim Havens, ICC director and the William and Gloria Jackson Associate Professor of Computer Systems. “He is also active in developing and implementing the ICC vision and activities.”

Kevin Trewartha, a member of the ICC’s Center for Human-Centered Computing, was recognized for his interdisciplinary and collaborative research at the intersection of technology and human motor movement. Trewartha is an assistant professor with a dual appointment in the departments of Cognitive and Learning Sciences and Kinesiology and Integrative Physiology.

“Kevin encompasses the best of the ICC vision,” said Beth Veinott, director of the ICC Center for Human-Centered Computing and associate professor of cognitive and learning sciences.

Trewartha is co-principal investigator, with ICC member Shane Mueller, of a new, three-year, interdisciplinary and collaborative project funded by the National Institutes of Health. For this research, Trewartha and Mueller are working with UP Health Systems Portage and five graduate and three undergraduate students to investigate how technology supports earlier diagnosis of the neurodegenerative diseases.

Bo Chen, a member of the ICC’s Center for Cyber-Physical Systems and assistant professor of computer science, was recognized for his teaching and research in cybersecurity of mobile devices.

Chen is the co-PI of two external grants on cybersecurity from the National Science Administration, and he has submitted numerous cybersecurity proposals to NSF, NSA, Microsoft, and Google.

“Dr. Bo Chen has demonstrated achievements and contributions to the mission of the ICC since coming to Michigan Tech as a tenure-track CS faculty in fall ’17,” said ICC members Guy Hembroff and Yu Cai in their nomination, adding that during that short time, “Dr. Chen has published one book, five journal papers, and 10 conference papers, and in 2017 he was awarded a Distinguished Paper Award from the prestigious cybersecurity venue, the Annual Computer Security Application Conference (ACSAC ’17).”

Chen is the faculty coach for the MTU NCL (National Cyber League) cyber competition team, and during the fall 2018 regular season under Chen’s leadership, a Michigan Tech CS undergraduate student placed 36th out of 3,350 players in NCL cyber competition. Dr. Chen was also recently recognized for receiving an exceptional “average of seven dimensions” student evaluation score for his teaching, among additional accolades.

The ICC, founded in 2015, promotes collaborative, cross-disciplinary research and learning experiences in the areas of cyber-physical systems, cybersecurity, data sciences, human-centered computing, and scalable architectures and systems. It provides faculty and students the opportunity to work across organizational boundaries to create an environment that mirrors contemporary technological innovation.

Five research centers comprise the ICC. The ICC’s 50 members, who represent 15 academic units at Michigan Tech, are collaborating to conduct impactful research, make valuable contributions in the field of computing, and solve problems of critical national importance.

Visit the ICC website at icc.mtu.edu. Contact the ICC at icc-contact@mtu.edu or 906-487-2518.

Continue Reading →

Computer Science Workshop Held April 5-7

Published
By

Explore CSR GroupMichigan Tech hosted the workshop “Exploring Computer Science Research” last Friday – Sunday (April 5-7). The workshop was one of 15 Google has sponsored in the U.S. and was organized by four CS Faculty: Leo Ureel, Linda Ott, Jean Mayo and Laura Brown; Jean Mayo and Laura Brown are members of the ICC. The workshop was for women and underrepresented groups to explore research and graduate school opportunities in computer science.

There were 26 attendees from six universities and colleges across Michigan and Wisconsin. Over the course of the weekend each student participated in a research experience, investigating a research question with a faculty mentor. Topics included:

Machine Vision – Robert Pastel, ICC Center for Human-Centered Computing

Data Science in Energy Systems – Laura Brown, ICC Center for Data Sciences

Cybersecurity and Privacy in Storage Systems – Bo Chen, ICC Center for Cybersecurity

Agent-based Simulations in Education – Leo Ureel

Human Computer Interactions: Natural Language Processing for Assistive Technologies – Keith Vertanen, ICC Center for Human-Centered Computing

After learning about and working on their research topics, the students presented out to the group. In addition to their research experiences, attendees learned about different job opportunities after graduate school, heard how to apply to graduate schools and talked to current graduate students about the graduate school experience and their research.

Guest speakers included Niloofar Gheissari and Anja Gruenheid, two Google employees, Pushpalatha Murthy, Dean of the Graduate School and Robin Hunicke, our keynote speaker from the University of California Santa Cruz and Funomena.

Continue Reading →