Category: CyberS

Bo Chen Weighs In on Identity Fraud in WalletHub Article

Bo Chen, Computer Science

Bo Chen (CS/CyberS) was featured in the article “2019’s States Most Vulnerable to Identity Theft & Fraud,” published October 16, 2019, in WalletHub.

Link to the article here:https://wallethub.com/edu/states-where-identity-theft-and-fraud-are-worst/17549/#expert=bo-chen

Based in Washington DC, WalletHub is the first-ever website to offer free credit scores and full credit reports that are updated on a daily basis. The company also hosts an artificially intelligent financial advisor that provides customized credit-improvement advice, personalized savings alerts, and 24/7 wallet surveillance, supplemented by reviews of financial products, professionals and companies.

Bo Chen Receives $250K NSF Award for Mobile PDE Systems Research

Bo Chen, CS

Bo Chen, assistant professor of computer science and member of the Institute of Computing and Cybersystems Center for  Cybersecurity, is the principal investigator on a project that has received a $249,918 research and development grant from the National Science Foundation. The project is entitled, “SaTC: CORE: Small: Collaborative: Hardware-Assisted Plausibly Deniable System for Mobile Devices.” This is a potential three-year project.

Abstract: Mobile computing devices typically use encryption to protect sensitive information. However, traditional encryption systems used in mobile devices cannot defend against an active attacker who can force the mobile device owner to disclose the key used for decrypting the sensitive information. This is particularly of concern to dissident users who are targets of nation states. An example of this would be a human rights worker collecting evidence of untoward activities in a region of oppression or conflict and storing the same in an encrypted form on the mobile device, and then being coerced to disclose the decryption key by an official. Plausibly Deniable Encryption (PDE) has been proposed to defend against such adversaries who can coerce users into revealing the encrypted sensitive content. However, existing techniques suffer from several problems when used in flash-memory-based mobile devices, such as weak deniability because of the way read/write/erase operations are handled at the operating systems level and at the flash translation layer, various types of side channel attacks, and computation and power limitations of mobile devices. This project investigates a unique opportunity to develop an efficient (low-overhead) and effective (high-deniability) hardware-assisted PDE scheme on mainstream mobile devices that is robust against a multi snapshot adversary. The project includes significant curriculum development activities and outreach activities to K-12 students.

This project fundamentally advances the mobile PDE systems by leveraging existing hardware features such as flash translation layer (FTL) firmware and TrustZone to achieve a high deniability with a low overhead. Specifically, this project develops a PDE system with capabilities to: 1) defend against snapshot attacks using raw flash memory on mobile devices; and 2) eliminate side-channel attacks that compromise deniability; 3) be scalable to deploy on mainstream mobile devices; and 4) efficiently provide usable functions like fast mode switching. This project also develops novel teaching material on PDE and cybersecurity for K-12 students and the Regional Cybersecurity Education Collaboration (RCEC), a new educational partnership on cybersecurity in Michigan.

Publications related to this research:

[DSN ’18] Bing Chang, Fengwei Zhang, Bo Chen, Yingjiu Li, Wen Tao Zhu, Yangguang Tian, Zhan Wang, and Albert Ching. MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. The 48th IEEE/IFIP International Conference on Dependable Systems and Networks (DSN ’18), June 2018 (Acceptance rate: 28%)
[Cybersecurity ’18] Qionglu Zhang, Shijie Jia, Bing Chang, Bo Chen. Ensuring Data Confidentiality via Plausibly Deniable Encryption and Secure Deletion – A Survey. Cybersecurity (2018) 1: 1.
[ComSec ’18 ] Bing Chang, Yao Cheng, Bo Chen, Fengwei Zhang, Wen Tao Zhu, Yingjiu Li, and Zhan Wang. User-Friendly Deniable Storage for Mobile Devices. Elsevier Computers & Security, vol. 72, pp. 163-174, January 2018
[CCS ’17] Shijie Jia, Luning Xia, Bo Chen, and Peng Liu. DEFTL: Implementing Plausibly Deniable Encryption in Flash Translation Layer. 2017 ACM Conference on Computer and Communications Security (CCS ’17), Dallas, Texas, USA, Oct 30 – Nov 3, 2017 (Acceptance rate: 18%)
[ACSAC ’15] Bing Chang, Zhan Wang, Bo Chen, and Fengwei Zhang. MobiPluto: File System Friendly Deniable Storage for Mobile Devices. 2015 Annual Computer Security Applications Conference (ACSAC ’15), Los Angeles, California, USA, December 2015 (Acceptance rate: 24.4%)
[ISC ’14] Xingjie Yu, Bo Chen, Zhan Wang, Bing Chang, Wen Tao Zhu, and Jiwu Jing. MobiHydra: Pragmatic and Multi-Level Plausibly Deniable Encryption Storage for Mobile Devices. The 17th Information Security Conference (ISC ’14), Hong Kong, China, Oct. 2014

Link to more information about this project: https://snp.cs.mtu.edu/research/index.html#pde

GenCyber Camp for Teachers Garners Local Media Coverage

Michigan Tech hosted two week-long GenCyber camps this summer. The first, held June 17–21, 2019, hosted 30 local middle/high school students. The second camp, August 12–16, 2019, hosted 21 local K-12 teachers. Camp participants gained cybersecurity knowledge, understood correct and safe online behavior, and explored ways to deliver cybersecurity content in K-12 curricula.

A story about the GenCyber teacher camp was reported on August 16, 2019, by TV6: “GenCyber cyber security training camp comes to Michigan Tech” and on August 13, 2019, by the Keweenaw Report: “Teachers Learn How To Include Cybersecurity In Their Lessons.”

Learn more about the camps on the Institute of Computing and Cybersystems blog: https://blogs.mtu.edu/icc/2019/06/04/inspiring-the-next-generation-of-cyber-stars-2/.

Hembroff Attends KEEN Workshop

Guy Hembroff, associate professor and director of the Medical Informatics graduate program (CC/CyberS), attended the three-day workshop, “Teaching With Impact – Innovating Curriculum With Entrepreneurial Mindset,” in Milwaukee, Wisc., this July.

The workshop, presented by KEEN, a network of engineering faculty working to instill within student engineers an entrepreneurial mindset, introduced faculty participants to the framework of entrepreneurially minded learning (EML), which is centered on curiosity, connections, and creating value.  Hembroff and other participants identified opportunities for EML integration into existing coursework, developed a personal approach to integrating EML within the course design process, and learned how to implement continual improvement of their own EML practice.

Visit https://engineeringunleashed.com for more information about KEEN.

Bo Chen is PI of $200K NSF Research and Development Grant

Bo Chen (CS/CyberS) is Principal Investigator on a project that has received a $199,975 research and development grant from the National Science Foundation. The project is titled “EAGER: Enabling Secure Data Recovery for Mobile Devices Against Malicious Attacks.” This is a potential two-year project.

Abstract: Mainstream mobile computing devices like smart phones and tablets currently rely on remote backups for data recovery upon failures. For example, an iPhone periodically stores a recent snapshot to iCloud, and can get restored if needed. Such a commonly used “off-device” backup mechanism, however, suffers from a fundamental limitation that, the backup in the remote server is not always synchronized with data stored in the local device. Therefore, when a mobile device suffers from a malware attack, it can only be restored to a historical state using the remote backup, rather than the exact state right before the attack occurs. Data are extremely valuable for both organizations and individuals, and thus after the malware attack, it is of paramount importance to restore the data to the exact point (i.e., the corruption point) right before they are corrupted. This, however, is a challenging problem. The project addresses this problem in mobile devices and its outcome could benefit billions of mobile users.

A primary goal of the project is to enable recovery of mobile devices to the corruption point after malware attacks. The malware being considered is the OS-level malware which can compromise the OS and obtain the OS-level privilege. To achieve this goal, the project combines both the traditional off-device data recovery and a novel in-device data recovery. Especially, the following research activities are undertaken: 1) Designing a novel malware detector which runs in flash translation layer (FTL), a firmware layer staying between OS and flash memory hardware. The FTL-based malware detector ensures that data being committed to the remote server will not be tampered with by the OS-level malware. 2) Developing a novel approach which ensures that the OS-level malware is not able to corrupt data changes (i.e., delta) which have not yet been committed to the remote server. This is achieved by hiding the delta in the flash memory using flash storage’s special hardware features, i.e., out-of-place update and strong physical isolation. 3) Developing a user-friendly approach which can allow users to conveniently and efficiently retrieve the delta hidden in the flash memory for data recovery after malware attacks.

Link to an Unscripted article about related research at  https://www.mtu.edu/unscripted/stories/2018/march/how-to-speed-up-bare-metal-malware-analysis-and-better-protect-mobile-devices.html.

Inspiring the Next Generation of Cyber Stars

Yu CaiGenCyber LogoBy Karen S. Johnson, ICC Communications Director

We live in a world where pretty much everything and everybody – individuals, companies, governments, critical infrastructure – are increasingly dependent on connected systems, networks and devices. And, as newspaper headlines reveal, those systems may be insecure and vulnerable to hackers.

“Nowadays, everybody is using computers, and more and more things are connected. That provides convenience, flexibility, a lot of great things, but it also opens the doors for hackers,” says Yu Cai, associate professor and program chair for the Computer Network and System Administration program at Michigan Technological University.

“The world has increasingly become a combination of the physical world and the cyber world,” Cai adds. “That’s why cybersecurity is important, because you want to protect yourself. As human beings, we evolved over thousands of years to take care of our security in the physical world. But in the cyber world, many don’t have a very good idea of how to protect themselves.”

Cai is principal investigator on two grant awards, each for about $85K, which are making possible two free, non-residential, week-long GenCyber summer camps on Michigan Tech’s campus. The first camp, for middle school and high school students, is the week of June 17. The second camp, for K-12 STEM teachers, is the week of August 12. Both camps and all learning materials are offered at no cost to camp participants. Each participant will receive a Raspberry Pi minicomputer. Breakfast and lunch are provided. For enrollment information, visit mtu.edu/gencyber.

Funded jointly by the National Security Agency (NSA) and the National Science Foundation (NSF), the goals of the nationwide GenCyber program are to increase interest in cybersecurity careers and diversity in the national cybersecurity workforce, help students understand correct and safe on-line behavior and how they can be good digital citizens, and improve teaching methods for delivery of cybersecurity content in K-12 curricula.

“This is part of our picture to make Michigan Tech a leader in cybersecurity research and education,” Cai says of this summer’s GenCyber camps. “We have other cybersecurity curriculum development grants that focus on college education, now we want to outreach to K through 12.”

In both camp sessions, participants will explore the world of cybersecurity through real-world case studies, hands-on learning activities and games, interactive lectures, career exploration, and field trips. Covered topics include safe online behavior, cyber ethics, fundamental computer and network knowledge, and cybersecurity career options and educational opportunities.

“We’ll also cover common vulnerabilities and weaknesses of computer systems, such as how hackers get into the systems, and how systems can be strengthened to defeat hackers against the hundreds of vulnerabilities,” Cai adds.

Tim Van Wagner, a lecturer at Michigan Tech and a co-PI on the grants, is the lead teacher for the camps. Cai and his other co-PIs—associate professor Guy Hembroff and assistant professor Bo Chen—will also present learning modules and assist with the camps.

K-12 pedagogical expertise in curriculum development was provided by Copper Country Intermediate School District (CCISD) staff members Emily Gochis, Director of the Region 16 MiSTEM Network, and Steve Kass, Educational Technologist.

“Steve and Emily provided a lot of input and suggestions regarding the camp curriculum and advised us in the best practices for teaching high school students,” Cai says, adding that they are also helping to promote the camps in local public schools.

Driving the curriculum are four principles: Learning by Storytelling, Learning by Doing, Learning by Gaming, and Learning by Teaching. Cai and his team will be assessing the effectiveness of these principles using several methods. The resulting research will be shared with the GenCyber program and the public.

The two grants are titled, “Innovative GenCyber Learning Experience for K-12 Teachers Through Storytelling + Teaching + Gaming + Doing” and “Innovative GenCyber Learning Experience for High School Students Through Storytelling + Teaching + Gaming + Doing.”

Yu Cai is PI on $82K NSA/NSF Grant

Yu CaiYu Cai (TTEC/ICC) is Principal Investigator on a project that has received a $82,416 Other Sponsored Activities Grant from the National Security Agency/National Science Foundation. The one-year project is titled, “Innovation GenCyber Learning Experience for High School Students Through Storytelling + Teaching + Gaming + Doing.” Bo Chen (SCS), Guy Hembroff (TTEC), and Tim Van Wagner (TTEC), are co-PIs.

Free Cybersecurity Summer Camps

GenCyber LogoMichigan Tech will offer two non-residential, week-long GenCyber camps this summer. The first camp is for local middle school and high school students (grades 7-12) and will be held the week of June 17. The second camp is for local K-12 STEM teachers and will be held the week of August 12.

Explore the world of cybersecurity with experts in the field through fun, real-world learning experiences. Camp activities include hands-on exercises, interactive lectures, games, career exploration, and campus tours.

All camp activities will be offered at no cost to camp participants. Visit mtu.edu/gencyber to learn more and register.

Funding of the camps is provided jointly by the National Security Agency (NSA) and the National Science Foundation (NSF).