air force institute of technology - cedarville...

Air Force Institute of Technology

Educating the Future Technology Leaders of America

Cyber Research and

Graduate Fellowships

at the Center for

Cyberspace Research

Dr. Rusty Baldwin,

Research Director

2

Overview

• The Air Force Institute of Technology and the

Center for Cyberspace Research

• Current Research at the Center

• The CyberCorps® fellowship benefits

• How do I get one of these fellowships?

3


• AFIT is the Air Force’s graduate school of

engineering and management as well as its institution

for technical professional continuing education

• Located on Wright-Patterson AFB in Dayton, Ohio • Awards Master’s & PhD degrees in Cyber Operations,

Computer Science, Computer Engineering, Electrical

Engineering, Applied mathematics, and aeronautical engineering,

astronautical engineering, electro-optics, engineering physics, nuclear engineering, operations

research, …

4

Center for Cyberspace Research National Center of Excellence

• Designations

• Air Force Cyberspace Technical Center of

Excellence, June 2008

• NSA/DHS Research Center of Excellence

for the years 2009-2014

• NSA/DHS Center of Academic Excellence

in Information Assurance Education for the

years 2002-2013

• National Science Foundation designated

center years 2005-2013

• Producing graduates for AF who

understand cyber warfare and

operations

• Coursework and research in offensive,

defensive cyber operations

• Graduate education and research

• Bringing technical talent to AF

5


Partnerships

57 IAS

USSTRATCOM

315 NWS

TU

NPS

INL CCR,

AF CyTCoE PNNL

AFNIC

NSWC

AFRL/RW

AFOSR

Lincoln Labs

NSF

JIOWC

Sandia Labs AFRL/RD

USAFA

8 AF

AU

AFISR

CSAF

DISA/JTF-GNO

AFRL/RY

DHS

NSA

AFRL/RI

711 HPW

NASIC

DRB/BoA members

Additional partners

Developing partnerships

PCE Working Group

NRO

AFSPC

39 IOS

333 TRS

AFPC

229 IOS

AFRC

DC3

561 NOS

688 IOW 67 NWW 23 IOS 318 IOG

24 AF

AETC

SANS

USCG

DTI, Inc

HoneyNet

OSD

SAF/HAF

Mich Tech

NASA Glenn

6

Our Graduate Program

• Master of Science in Cyber Operations 24 month program (21 months school, 3 month internship)

Technically focused degree in: cyber ops (attack and defend), forensics, reversing, and sw protection Foundations: Network design and analysis, Advanced operating

systems, Cryptography, Code Protection

Offensive/defensive theory and techniques

- Secure Software Design

- Reversing Engineering

- Computer and Network Security and Exploitation

- Ethical Hacking

- Cyber Forensics

Thesis research

An extensive hands-on educational experience

• Also cyber-focused Comp Sci, Comp Eng, EE, and Math degrees!

8


Research Topics

9

CCR Cyber Research

• Research that has directly impact USAF/DoD

mission—classified/unclassified

• Offensive Cyber Operations

• Attack Attribution

• Insider Threat Mitigation

• Network Design and Analysis

• Cyber Forensics

• Anonymous Communications

• Cyber Defense & Exploitation

• Wireless Networks

• Intrusion Detection

• Software Protection & Anti-Tamper

• Electronic Warfare

• SCADA Systems Analysis

10

RESEARCH FOCUS:

Side Channel Analysis and Exploitation

Way Ahead

• Determine near-field limits for technique

• Minimize number of traces required

• Target devices of interest to DoD

Contact Information

• Researcher: Major Will Cobb

• Research Sponsor: Anti-Tamper Program Office

• Research Advisor: Dr. Rusty Baldwin • [email protected]; 937.255.6565 x 4445

Motivation

Unintentional emissions of electronic

devices are a rich source of

information – need to be able to both

exploit adversary’s systems and

defend our systems

Problem Addressed

Determine the limits of passive near-

field EM emissions ability to capture

critical data

Operational Impact

• Protection and/or exploitation of digital circuit

emissions. Numerous intelligence, military,

and law enforcement applications

Achievements

• Using EM emissions can extract crypto keys

from SW implementation of AES on PIC

processors

• Can distinguish between PIC processors

• Published Physical Layer Identification of

Embedded Devices Using RF-DNA

Fingerprinting MILCOM 2010

mailto:[email protected]

11

Side Channel Analysis

UNCLASSIFIED Breaking Crypto the “Easy” Way!

12

What’s a Side-Channel?

In reality, physical implementations

create unintended “information leaks” known as

Side Channels = Problem for Secure Devices

The direct path from input to output is the intended

or primary information channel.

Timing Info

EM Radiation

Power Consumption

13

AES-128

Round 2 Round 3 Round 4 Round 5

Round 6 Round 7 Round 8 Round 9 Round 10

Round 1

Security Through Computational Complexity

PLAINTEXT

CIPHERTEXT

* Key schedule algorithm is not shown

14

Known Values

plaintext = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

R00_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

R01_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

R01_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXda6cb0ae


R02_k_sch = XXXXXXXXXXXXXXXXXXXXXXXX38d3bf0f


R03_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXe1c84037


R04_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXeea7b960













ciphertext = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Suppose through Side

Channel Analysis we can

determine the last 4 bytes

of 4 round keys

Is this enough to determine

the key?

For example:

15

Key Schedule Solver Demo

16

RESEARCH FOCUS:

Attacking Infrastructure Control Systems

Future Research

• Refine and test methodology

• Improve modeling for cyber operations

• Develop detailed sector knowledge

Contact Information

• Researcher: Major David W. Olander

• Research Sponsor: 315th Network Warfare Sqdn

• Research Advisor: Dr. Richard A. Raines • [email protected]; 937.255.6565 x 4278

Motivation

Cyber attacks on critical

infrastructure and national

cyber assets have become

a domain of war

Problem Addressed

Determine if current planning

processes are suitable for

cyberspace operations

Operational Impact

• Provides foundational base for incorporating

cyberspace operations into traditional

deliberate planning and execution process

Plan

Prepare Execute

Assess

Achievements

• Developed detailed process for cyber attack

• Complements existing military planning and

execution processes

• Brought together ideas from 10

national, DoD, and AF SME

organizations

• Assimilated input into concise

and tailorable framework for

cyberspace warfare


17

RESEARCH FOCUS: Security for Smartphones

Researcher

Jonathan D. Stueckle

Research Sponsor

NSA/CSS

Research Advisor

Dr. Rusty Baldwin, [email protected]

937.255.6565 x 4445

Motivation

•The mobile android platform is an increasingly

popular platform

•All Android platforms incorporate the Android

Protection System (APS), a hardware-

implemented application security mechanism

Operational Impact

Provide a means for USAF and

other DoD organizations to

utilize smartphone capabilities

while restricting the content

allowed on mobile networks,

blocking all malicious content

without adding performance

overhead to the system

Achievements

• APS blocks 100% of unapproved content

while allowing 100% of approved content.

•Performance overhead for APS varies

from 100.5% to 112.5% with respect to

the default Android application installation

process

Problem Addressed

Smartphones have many beneficial capabilities,

although malicious content must be blocked for

security reasons


18

RESEARCH FOCUS:

Covert Botnet Command and Control

Future Research

• Incorporate more realist network traffic scenarios

• Increase types and options for bots and malware

• Experiment with full range of bot-detector apps

Contact Information

• Researcher: Brad D. Sevy

• Research Sponsor: AFRL/RIGA

• Research Advisor: Lt. Col. J. Todd McDonald • [email protected]; 937.255.6565 x 4639

Motivation

Next generation cyber

defensive systems need to

incorporate stealth and

resilience against adversarial

analysis

Operational Impact

• Techniques provide basis for future

operationally-oriented tactics and procedures

designed to lower operational profile of cyber

defensive sensors and platforms

Achievements

• Created virtual environment for launching bot-

net attacks against hosts instrumented with

cutting edge bot-detection software

• Demonstrated three

successful techniques

for hiding C2 traffic

that evaded

leading

bot-detectors

Problem Addressed

Determine if we can introduce stealthy techniques

to C2 initialization of cyber defensive platforms by

casting discovery as a botnet-detection problem


19

Motivation • Commercial Communication Devices

• Inexpensive, Readily Available, Easily Adapted

• Supporting Military & Terrorist Activities

Problem Addressed • Enhanced RF Intelligence (RFINT) Capability

• Exploit RF `Distinct Native Attributes’ (RF-DNA)

• Radar-Like Specific Emitter Identification (SEI)

• Device Type, Manu, Model #, Serial #

RESEARCH FOCUS:

Radio Frequency Fingerprinting

Achievements

• 3G 802.11a WiFI & GSM Cell Phone

• 4G OFDM-802.16e WiMAX

• 80% to 90% Manu & Serial # ID

• Simple MDA-ML Classifier

• 2010 Presentations:

• Int’l Conf on Net Sys Security

• Global Communications Conf

Operational Impact

• RF-DNA `Human-Like’ Discrimination

• Enhanced Situational Assessment/Awareness

• ID, Locate & Track Hostile Emitters

• Small UAV RECON

• Wide-Body RFINT

• Information Assurance

• Anti-Spoofing / Cloning

Future Research • Additional / Emerging 4G Signals

• Cognitive / Software Defined Radio (CR/SDR)

• Increase Classification Engine `Power’

Contact Information

• Researcher: McKay D. Williams, MSEE

• Research Sponsor: AFRL/RY, WPAFB

• Research Advisor: Dr. Michael A. Temple, PhD

[email protected] 937.255.3636 x 4279

Cisco Netgear Linksys

RF

DN

A M

ark

ers

RF

- D

NA

MA

RK

ER

S

Device 1 Device 2 Device 3


20

CyberCorps® Fellowship Benefits

• Fellowships available this year!

• What the fellowship includes:

• $26,200 per year!

• Full tuition!

• A computer!

• Books and course related supplies

• Travel money for professional conferences

• When you finish you’ll have:

• A Master’s degree in Cyber Operations, Computer Science,

Computer Engineering, Electrical Engineering, or

Mathematics from one of the best technical schools in the

nation!

• An important job where you can make a difference!

21

How do I get one of these

fellowships?

You must:

• Request an application at www.afit.edu/ccr

• Be a U.S. Citizen

• Be eligible for security clearance

• Have a bachelor’s degree or be near completion, with a strong background in computer science, computer engineering, math or related field (e.g., electrical engineering)

• Be proficient in programming and code development

• Attend school full time

• Have an undergraduate GPA 3.0 or above

• Have GRE scores of at least 148 quantitative, 153 verbal

• Work for Federal, State, or Local government for 2 years upon completion of program

22

Important Dates

• Request an application at www.afit.edu/ccr ASAP!

• Phase 1 Fellowship Application Deadline: 28 February 2014

• If all fellowships are not awarded in Phase 1, there will be a Phase 2

• Phase 2 Fellowship Application Deadline: 25 April 2014

http://www.afit.edu/ccr

23

Past Fellowship Recipients (1)

Name Undergraduate University Employer

Curt Barnard Rose-Hulman National Air and Space Intel Ctr

Adam Behring Central Florida State Naval Air Warfare Center

Dustin Berman Bowling Green State University National Security Agency

Bobby Brodbeck University of Dayton MITRE Corporation

Martin Crawford Ohio Dominican National Security Agency

Joseph Elbaum National American Veterans Administration

John Hagen Cedarville University National Security Agency

Eric Hanington Fran Univ of Stuebenville Internal Revenue Service

Andrew Hay University of Arizona National Security Agency

Jonathan Hersack LeTourneau University 688th Info Ops Wing

Mitchell Hirschfeld Capital University National Air and Space Intel Ctr

Kevin Huber Cedarville University National Air and Space Intel Ctr

William Kimball University of Dayton US Air Force

Daniel Koranek Cedarville University Air Force Research Laboratory

Eric Koziel Ohio Northern MIT Lincoln Labs

Michelle Krug Wright State University U.S. Army

24

Past Fellowship Recipients (2)

Name Undergraduate University Employer

Kevin Lustic Ohio University National Security Agency

Justin Myers Cedarville University Naval Criminal Investigative Serv

Mindy Schockling Capital University National Air and Space Intel Ctr

Eric Simonaire Cedarville University Illinois RR Retirement Board

Jacob Stange Mount St. Joseph National Air and Space Intel Ctr

William Stout Wright State University Sandia National Laboratory

Brennon Thomas Rensselaer Polytech Institute 315th Network Warfare Squadron

Lauren Wagoner Ohio State University National Security Agency

Joshua Ziegler University of Findlay PhD Student at AFIT

Matt Zimmerman Cedarville University Air Force Research Laboratory

25

Current Fellowship Recipients

Name Undergraduate University

Nathan Barker Wright State University

William Barto Wright State University

James Brendan Baum Trine University

Robert Cernera Stockton College

Patrick Copeland Wittenberg University

Melanie Cousins Capital University

Stephen Dunlap Cedarville University

Greg Dye Cedarville University

Deanna Fink Wittenberg University

Bradley Flamm Ohio State University

Anthony Grenga University of Mount Union

John Andrew Hearle Cedarville University

Aaron Hudson Alabama A&M

Adrienne Hudson Alabama A&M

Howard Poston University of Dayton

Karen Stebelton Wright State University

Andrew Sterling Cedarville University

Bradley Wright Ohio University

26

Contacting the Center for

Cyberspace Research

Facebook: http://www.facebook.com/CCRnews

Twitter: http://twitter.com/CCR_news/

Web: http://www.afit.edu/ccr/

• Dr. Harold Arata Director [email protected]

• Dr. Rusty Baldwin Research Director [email protected]

• Mr. Mike Hoelzel Program Coordinator

Ph: (937)255-3636 x4323 [email protected]

27


air force institute of technology - cedarville...

Documents