CERIAS Security Seminar PodcastAuthor: CERIAS <webmaster@cerias.purdue.edu>
25 Mar 2019

CERIAS Security Seminar Podcast

Download, listen or watch all podcasts

CERIAS Security Seminar series video podcasts.

  • Watch

    Charles Kamhoua, "Game theoretic modeling of cyber deception in the Internet of Battlefield Things"

    Most sophisticated cyber attack follow the well-known cyber kill chain. The first step of the cyber kill chain is the reconnaissance phase where attacker probe the network in search of weakness, misconfiguration, vulnerabilities, and identify potential targets before the actual attack start. To this end, the attacker need to collect important information about the characteristics of each devices (i.e., hardware, operating system, applications), the network topology, the different subnet, firewall rules, access control, privilege, the communication protocol at each layer, and the machine learning algorithm on each IoBT devices. The attacker reconnaissance can be summarized by an attack graph in which the node represent vulnerable IoBT devices and the edge show their associated vulnerabilities.
    This work investigates cyber deception as a complex game in which each player has three concurrent and interdependent objectives. Each players imperfectly monitor (partial observation) other players� action to find out each player�s identity, strategies, payoff, available information, capability, and to continuously predict their intent. Each player strategically select to which players to hide particular information (e.g., camouflage). Each player judiciously manipulate other players� perception (e.g., decoy) based on his observed action, estimated capability, and predicted intent. This work examines from the defender�s perspective several deception game on an attack graph. The defender goal is to stop the attacker early in the cyber kill chain and prevents the subsequent more dangerous phases.

  • Posted on 07 Mar 2019

  • Watch

    Bowei Xi, "A Game Theoretic Approach for Adversarial Machine Learning -- When Big Data Meets Cyber Security"

    Nowadays more and more data are gathered for detecting and
    preventing cyber attacks. Unique to the cyber security
    applications, learning models face active adversaries that try to
    deceive learning models and avoid being detected. Hence future
    datasets and the training data no longer follow the same
    distribution. The existence of such adversarial samples
    motivates the development of robust and resilient adversarial
    learning techniques. Game theory offers a suitable framework to
    model the conflict between adversaries and defender. We develop a
    game theoretic framework to model the sequential actions of the
    adversaries and the defender, allowing players to maximize their
    own utilities. For supervised learning tasks, our adversarial
    support vector machine has a conservative decision boundary,
    whereas our robust deep neural network plays a random strategy
    inspired by the mixed equilibrium strategy. One the other hand,
    in real practice, labeling the data instances often requires
    costly and time-consuming human expertise and becomes a
    significant bottleneck. We develop a novel grid based adversarial
    clustering algorithm, to understand adversaries' behavior from a
    large number of unlabeled instances. Our adversarial clustering
    algorithm is able to identify the normal regions inside mixed
    clusters, and to draw defensive walls around the center of the normal
    objects utilizing game theoretic ideas. Our algorithm also
    identifies sub-clusters of adversarial samples and the overlapping areas
    within mixed clusters, and identify outliers which may be

    potential anomalies.

  • Posted on 28 Feb 2019

  • Watch

    Meng Yu, "Protection against Compromised Operating Systems on ARM Cortex-A Architecture"

    ARM possessors are being widely used on mobile devices and smart IoT devices. Despite the best efforts, an operating system is too hard to be absolutely secured on both x86 and ARM platforms. We addresse the problem of executing an unmodified application in a compromised OS for ARM platforms. Existing protection mechanisms mainly focus on x86 platform, utilizing SGX of Intel Processors or a hypervisor which is running below an operating system. However, SGX is not available for ARM platform, and hypervisor is an overkill for embedded or IoT settings. We descript how to achieve the security goals on ARM Cortex-A processors using ARM specific designs. We also discuss the threats of side-channels and possible mitigations.

  • Posted on 21 Feb 2019

  • Watch

    David Ebert, "Trustable Information for Security Applications: Visual Analytics for Reliable, Effective Decision Making"

    Information, not just data, is key to today�s security challenges. To solve these security challenges requires not only advancing computer science and big data analytics but requires new analysis and decision-making environments that enable reliable, decisions from trustable, understandable information. These environments are successful when they effectively couple human decision making with advanced, guided analytics in human-computer collaborative discourse and decision making (HCCD). Our HCCD approach builds upon visual analytics, traceable information, and human-guided analytics and machine learning and focuses on empowering the decision maker through interactive visual analytic environments where non-digital human expertise and experience can be combined with state-of-the-art and transparent analytical techniques. When we combine this approach with real-world application-driven research, not only does the pace of scientific innovation accelerate, but impactful change occurs. I�ll describe how we have applied these techniques to homeland and community security, resiliency,public safety and disaster management.

  • Posted on 07 Feb 2019

  • Watch

    Sanjay Madria, "Secure Information Forwarding through Fragmentation in Delay- tolerant Networks"

    In application environments like international military coalitions or multi-party relief work in a disaster zone, passing secure messages using a Delay Tolerant Network (DTN) is challenging because the existing public-private key cryptographic approaches may not be always accessible across different groups due to the unavailability of Public Key Infrastructure (PKI). In addition, connectivity may be intermittent so finding reliable routes is also difficult. Thus, instead of sending a complete message in a single packet, fragmenting the message, and sending the fragments via multiple nodes can help achieve better security and reliability when multiple groups are involved. Therefore, encrypting messages before fragmentation and then sending both the data fragments and the key fragments (needed for decryption) provide much higher security. Keys are also fragmented as sending the key in a single packet can hamper security if it is forwarded to some corrupt nodes who may try to tamper or drop it. In this talk, I will discuss a scheme to provide improved security by generating multiple key-shares and data fragments, and disseminating them via some intermediate nodes. In this fragmentation process, we also create a few redundant blocks to guarantee higher data arrival rate at the destination when the message drop rate is high like in a DTN environment. The performance evaluation when compared to the closely related scheme like Multiparty Encryption shows the improvement on minimizing the number of compromised messages as well as reduced bandwidth consumption in the network.

  • Posted on 24 Jan 2019


Follow Playlisto