Ryley McGinnis

Cyber security engineering major competes at Deloitte CCI Cyber Camp

Anonymous — Tue, 05 Oct 2021 12:35:37 +0000

Cyber security engineering major competes at Deloitte CCI Cyber Camp Anonymous (not verified) Tue, 10/05/2021 - 08:35

Sophomore cyber security engineering major Samantha Barry takes every chance she can get to expand and hone her cyber security and computer science skills.

So when she heard about Deloitte’s partnership with the Commonwealth Cyber Initiative (CCI) for the Deloitte CCI Cyber Camp, she jumped at the chance to compete, and she won third place for her efforts.

The Cyber Camp spanned across three Saturdays in July and August. “I heard about it from Professor Peggy Brouse,” says Barry. “I figured it would be a good opportunity to learn about different fields in cyber security over the summer.”

Participants worked on 42 challenges that taught and tested skills in cyber analytics, network traffic analysis, reverse engineering, and cryptography. They also participated in resume workshops and mock interviews.

“The professional development workshops were very valuable and gave me a leg up before I start applying to internships,” says Barry.

Barry’s favorite part of the entire camp was the cryptography challenges. CCI set up the challenges in a capture-the-flag format, and for the cryptography ones, students had to decipher codes at different levels of difficulty.

Barry finds cryptography interesting because of its ability to help people. Ever since she found an interest in programming and cyber security, she’s always wanted to use her skills to work in criminal justice. “Working for the FBI is my dream job, one that I hope I can achieve after Mason,” she says.

The other challenges in networking and cyber analytics were more challenging to Barry since she hadn’t been exposed to them as much. But she credits the Cyber Camp for showing her different possibilities in cyber security.

Fellow participants were from schools across the Commonwealth of Virginia like Northern Virginia Community college, Old Dominion University, Virginia Commonwealth University, Virginia Tech, and more.

The first and second place winners were both seniors; Jason Jabbour from the University of Virginia received first place, and Christian Jackson from Old Dominion University won second place.

“It was an honor to place in the Cyber Camp. There were a lot of great competitors,” says Barry. She says she is also interested in possibly participating again in the Cyber Camp.

The Commonwealth Cyber Initiative works to establish Virginia as a global leader in autonomous systems, security, and data. George Mason University is the leader of the Northern Virginia Node of CCI.

Topics

Commonwealth Cyber Initiative (CCI)

Cybersecurity

Cybersecurity Awareness Month

Mason Competitive Cyber heads to national competition for the first time

Anonymous — Tue, 13 Apr 2021 16:41:37 +0000

Mason Competitive Cyber heads to national competition for the first time Anonymous (not verified) Tue, 04/13/2021 - 12:41

George Mason University’s competitive cyber club is headed to the National Collegiate Cyber Defense Competition (NCCDC) after beating out intense competition in a nationwide wildcard round.

Mason Competitive Cyber is a team of undergraduate students from different majors who spend their free time competing in various cyber competitions. Last year, the team won the CyberFusion State Cup, where they competed against all the universities in Virginia.

This year is the first time the team has advanced to the NCCDC since their first appearance in 2019. “There are two general kinds of competitions: jeopardy and attack-defense. MCC has traditionally excelled in the Jeopardy competitions.  CCDC is an Attack-Defense competition.  In 2019, MasonCC competed in the Mid-Atlantic CCDC for the very first time.  That year we did not make it out of the qualifier round,” says Caleb Yu, vice president for the club.

After their initial loss, some team members weren’t sure if this was the competition for them. But they came back in 2020 and placed higher in their region. The nine regions of the country take the first-place winner from the regional competitions, and this year the team won second place for their region.

“Since we won second, we qualified for a wildcard round.  We competed against the eight other second-place teams from the other regions.  Once again, only the first-place team advances to the national finals,” says Yu.

The MCC team pulled out the win, coming in first, with Stanford University’s team taking second. “Stanford got third place in the national competition last year.  When we noticed that they were also in the wildcard round, we knew that we'd have some fierce competition. It feels awesome to have advanced in place of a team that could have been seen as a heavy favorite,” he says.

The team will compete on April 23 through 25 against the top teams from across the country. “We are expecting some fierce competition from the other schools, but our confidence has never been higher,” says Yu.

Topics

Mason Competitive Cyber

Cybersecurity

Student news

student organizations

Cybersecurity engineering design team protects critical infrastructure

Anonymous — Mon, 05 Apr 2021 20:14:10 +0000

Cybersecurity engineering design team protects critical infrastructure Anonymous (not verified) Mon, 04/05/2021 - 16:14

Industrial control systems (ICS) manage our everyday water, electricity, and gas resources. The same interconnectedness and automation that makes these systems effective and efficient also increases their vulnerability to dangerous attacks that could leave cities and states without essential resources.

A cybersecurity engineering senior design team is testing a scaled-down ICS system provided by Dragos, Inc. to help the company shore up its cybersecurity infrastructure.

Seniors Marissa Costa, Natalie Sebastian, Kyle Simmons, Andrew Smith, Santiago Taboada Patino, and Zaine Wilson are working together to address the problem “Our whole job is to poke around and complete a security assessment on the ICS that Dragos, Inc. provided. We are attacking it and pinpointing vulnerabilities that need to be addressed,” says Patino.

The team is penetration testing numerous components of the system Dragos, Inc. provided them to use. Penetration testing simulates a cyber-attack and pinpoints vulnerabilities. “The penetration testing we are doing is the best way possible to gain an understanding of how a cyber-attack could be carried out. Pen testing is like rating a bridge for how much weight it can support versus actually building a test bridge and driving progressively heavier trucks over it until it collapses,” says Wilson.

Ensuring ICS security like the one the students are working on safeguards our world’s critical infrastructure. Power plants, water distributors, and gas companies all use ICS to protect the delivery of their customers’ essential resources. “Power, water, gas—they all start at one point and end at another, typically people’s homes or businesses. ICS provides the security to safeguard those processes, and without security measures, entire power plants could be shut down by malicious cyber attackers,” says Simmons.

Dragos, Inc. delivered the system to the Fairfax Campus last fall. The team is spending their senior year penetration testing and using the vulnerabilities they find to create detection rules that can be included in future updates. Working with their faculty advisor, Assistant Professor Thomas G. Winston, and a subject matter expert from Dragos, Inc. makes the process as efficient as possible.

The Department of Cyber Security Engineering forges partnerships with companies like Dragos, Inc. to provide real-world projects for students. But this project has a specific impact that made the team excited to start. “Industrial control systems have cyber-physical effects. People can understand it easier as opposed to more obscure cyber-attacks. In this case, a system could be breached, and lives could be lost,” says Wilson.

Attacks like these have occurred across the globe and even close to home. Costa points to a recent attack in the United States that illustrated the vulnerabilities in the system. In February, a cyber attacker hacked a water treatment plant in Florida and remotely adjusted sodium hydroxide levels to more than 100 times the normal level, news outlets reported. Luckily, the system operator noticed the intrusion and immediately reduced the level back, but left unchanged, the water would have been toxic.

Dangerous attacks like those in Florida are why the team’s work is valuable to society.

The team jumped on the chance to work on this project because of its importance. They are excited they are contributing to protecting everyday life. “Industrial control systems like this one involve real people in their homes, people in a community who can be harmed by attacks on these systems," says Costa.

Topics

cyber infrastructure

Cybersecurity

cybersecurity bachelor's program

Senior Capstone Project

Senior Design Project

Researchers receive over $1.5 million from DARPA to optimize security and energy tradeoff

Anonymous — Tue, 02 Feb 2021 17:47:20 +0000

Researchers receive over $1.5 million from DARPA to optimize security and energy tradeoff Anonymous (not verified) Tue, 02/02/2021 - 12:47

Topics

Cyber Security Research

Cybersecurity

Department of Electrical and Computer Engineering

In This Story

Brian Mark

Khaled Khasawneh

Kai Zeng

Sai Manoj Pudukotai Dinakarrao

Sai Manoj Pudukotai Dinakarrao, Kai Zeng, Khaled Khasawneh, and Brian Mark are collaborating with researchers at Virginia Tech to optimize the safety and energy-efficient tradeoff.

The capabilities and reach of 5G are expanding, but with new capabilities come new security challenges. Four Mason Engineering researchers received a $1.6 million grant from DARPA to tackle one of the many security issues that 5G poses as part of a larger DARPA initiative called Open, Programmable, Secure 5G (OPS-5G).

The grant, entitled EPIC SWaPD: Energy Preserving Internet of Things (IoT) Cryptography for Small Weight and Power Devices, aims to optimize the security and energy efficiency tradeoff by creating a low-energy security architecture for various types of IoT devices.

“In a network, there are many different devices of different sizes and capabilities. Many of these devices don’t have much computing power or battery life, and a common cybersecurity attack on these devices is to drain their battery life,” says Brian Mark, co-principal investigator on the grant.

Mark, Khaled Khasawneh, Kai Zeng, and Sai Manoj Pudukotai Dinakarrao in the Department of Electrical and Computer Engineering are collaborating with the company Kryptowire and Assistant Professor Matthew Hicks from Virginia Tech for the project.

These small IoT devices could be as simple as a thermometer or humidity sensor that is part of a larger smart home system. “These sensors can be very tiny, and they have limited computation and communication capabilities. The first step for each of these types of sensors would be to bootstrap, or link, a secure connection to the network, which requires authentication without pre-shared secrets. This is where the vulnerabilities lie,” says Kai Zeng.

When sensors or other types of small IoT devices must automatically authenticate themselves, attackers have many paths of attack. They can drain the device's battery, rendering it useless, or steal sensitive information or data from the device. Because of the many pathways that attackers could use to harm these devices, the team is combining cryptography, network protocol design, and machine learning to assure the success and scalability of their efforts.

“Something really important for this effort is that the security architecture operates on the principles of zero trust and least privilege,” says Mark. “Zero trust means that when a device comes in and wants to join the network, the assumption is that there is no prior trust or information shared between the devices, while least privilege implies the minimum permissions are granted to the entity to perform its task. So, we needed to bootstrap the security association and grant an entity just enough authority to access the devices or data that it needs but no more than that.”

One way they are looking at securing the connection is through gait-inspired authentication, which leverages the kinetic energy generated by a human user. “Every device harvests energy in a different way, and we use the harvesting pattern for authentication of the device, which preserves energy and accomplishes a security task at the same time,” says Dinakarrao.

Another approach is to exploit the “always-on” sensors in some devices like smartphones. “We plan to employ always-on sensing to perform the exchange of device identification and cryptographic material,” says Khasawneh.

They are also using machine learning to ensure both authentication and authorization of different devices. “We not only have to authenticate the devices and entities that are allowed on a network, but we have to verify their different roles and privileges. I might be granted access to the information that tells me the temperature of a room, but perhaps I might not have the authorization to change the thermostat setting,” says Mark. “Using graph-based models, we can verify the trust relationships of different devices or entities and this process can be accelerated using machine learning techniques,” adds Dinakarrao.

Long-term, the team aspires for their security architecture to easily be applied to other devices. “When we talk about the energy and security tradeoff, we have to think about how we can do things in a smart way to conserve energy while enhancing security. But we also need to think about how to make our architecture scalable to larger, more geographically distributed networks. Right now, this work is with smaller devices, but the hope is that our overall security architecture can apply to a variety of devices with different capabilities,” says Mark.

Cyber Security Engineering alum leads students to cybersolutions

Martha Bushong — Mon, 04 Nov 2019 20:12:03 +0000

Cyber Security Engineering alum leads students to cybersolutions Martha Bushong Mon, 11/04/2019 - 15:12

We all work to protect our personal information, but with today’s technology, our medical devices, such as insulin pumps, are more vulnerable than ever to cyber-attacks.

Inova Health information security analyst Matthew Wilkes, BS Cyber Security Engineering ’18, is guiding two cybersecurity senior design teams to find solutions to these new problems while preparing them for careers in the field. “These projects were created to challenge engineering students,” says Wilkes.

The teams are looking at different devices. One is examining insulin pumps, which are wirelessly connected to our phones while the other is looking at an infusion pump, which can be wirelessly adjusted. This pump controls the delivery of fluids, such as nutrients and medications, into patients’ bodies.

Both teams are tasked with finding vulnerabilities in these devices, pinpointing ways that cyber-attackers get into their devices, and coming up with different solutions to protect or monitor cyber-attacks.

“One big flaw that we predict is that insulin pumps now connect with your cell phones and that can be extremely exploitive. These products are designed for functionality, not security,” says Evan Simon, a cyber security major and member of the insulin pump team. And the same holds true for the infusion pump team.

Wilkes was a part of the first class of cybersecurity graduates from Mason Engineering, and he says it has been a fulfilling experience working with undergraduates at his alma mater. “The students are extremely intelligent, very interactive, and have shown a desire to succeed in the cybersecurity field. They’ve asked intriguing questions and have shown a desire to prove themselves.”

Both teams pointed to Wilkes as a crucial guide to navigate their first real-world cybersecurity project.

“He tries to push us in the right direction, but he wants us to come up with our own solutions to the problem,” says David Nguyen, a member of the infusion pump team.

Since this is new territory in the field, Wilkes wants to challenge the students to find the best solution so that they are prepared for careers in cybersecurity. “I want to ensure they’re encouraged to be successful in both their project and beyond. I won’t make it easy for them because if it was easy every student could do it,” says Wilkes. “Any student who graduates from Mason with a degree in cyber security engineering has very high expectations.”

Next semester the students will be working on implementing their research, designing their solutions, and testing them, which will pose challenges for both teams, but Wilkes stresses the importance of being prepared for challenges.

“We’re only human so we will make mistakes, but how do you learn from those mistakes? Have a backup plan if something goes wrong,” says Wilkes.