Air Force Institute of Technology
Educating the Future Technology Leaders of America
Cyber Research and
Graduate Fellowships
at the Center for
Cyberspace Research
Dr. Rusty Baldwin,
Research Director
2
Overview
• The Air Force Institute of Technology and the
Center for Cyberspace Research
• Current Research at the Center
• The CyberCorps® fellowship benefits
• How do I get one of these fellowships?
3
Air Force Institute of Technology
• AFIT is the Air Force’s graduate school of
engineering and management as well as its institution
for technical professional continuing education
• Located on Wright-Patterson AFB in Dayton, Ohio • Awards Master’s & PhD degrees in Cyber Operations,
Computer Science, Computer Engineering, Electrical
Engineering, Applied mathematics, and aeronautical engineering,
astronautical engineering, electro-optics, engineering physics, nuclear engineering, operations
research, …
4
Center for Cyberspace Research National Center of Excellence
• Designations
• Air Force Cyberspace Technical Center of
Excellence, June 2008
• NSA/DHS Research Center of Excellence
for the years 2009-2014
• NSA/DHS Center of Academic Excellence
in Information Assurance Education for the
years 2002-2013
• National Science Foundation designated
center years 2005-2013
• Producing graduates for AF who
understand cyber warfare and
operations
• Coursework and research in offensive,
defensive cyber operations
• Graduate education and research
• Bringing technical talent to AF
5
Center for Cyberspace Research
Partnerships
57 IAS
USSTRATCOM
315 NWS
TU
NPS
INL CCR,
AF CyTCoE PNNL
AFNIC
NSWC
AFRL/RW
AFOSR
Lincoln Labs
NSF
JIOWC
Sandia Labs AFRL/RD
USAFA
8 AF
AU
AFISR
CSAF
DISA/JTF-GNO
AFRL/RY
DHS
NSA
AFRL/RI
711 HPW
NASIC
DRB/BoA members
Additional partners
Developing partnerships
PCE Working Group
NRO
AFSPC
39 IOS
333 TRS
AFPC
229 IOS
AFRC
DC3
561 NOS
688 IOW 67 NWW 23 IOS 318 IOG
24 AF
AETC
SANS
USCG
DTI, Inc
HoneyNet
OSD
SAF/HAF
Mich Tech
NASA Glenn
6
Our Graduate Program
• Master of Science in Cyber Operations 24 month program (21 months school, 3 month internship)
Technically focused degree in: cyber ops (attack and defend), forensics, reversing, and sw protection Foundations: Network design and analysis, Advanced operating
systems, Cryptography, Code Protection
Offensive/defensive theory and techniques
- Secure Software Design
- Reversing Engineering
- Computer and Network Security and Exploitation
- Ethical Hacking
- Cyber Forensics
Thesis research
An extensive hands-on educational experience
• Also cyber-focused Comp Sci, Comp Eng, EE, and Math degrees!
9
CCR Cyber Research
• Research that has directly impact USAF/DoD
mission—classified/unclassified
• Offensive Cyber Operations
• Attack Attribution
• Insider Threat Mitigation
• Network Design and Analysis
• Cyber Forensics
• Anonymous Communications
• Cyber Defense & Exploitation
• Wireless Networks
• Intrusion Detection
• Software Protection & Anti-Tamper
• Electronic Warfare
• SCADA Systems Analysis
10
RESEARCH FOCUS:
Side Channel Analysis and Exploitation
Way Ahead
• Determine near-field limits for technique
• Minimize number of traces required
• Target devices of interest to DoD
Contact Information
• Researcher: Major Will Cobb
• Research Sponsor: Anti-Tamper Program Office
• Research Advisor: Dr. Rusty Baldwin • [email protected]; 937.255.6565 x 4445
Motivation
Unintentional emissions of electronic
devices are a rich source of
information – need to be able to both
exploit adversary’s systems and
defend our systems
Problem Addressed
Determine the limits of passive near-
field EM emissions ability to capture
critical data
Operational Impact
• Protection and/or exploitation of digital circuit
emissions. Numerous intelligence, military,
and law enforcement applications
Achievements
• Using EM emissions can extract crypto keys
from SW implementation of AES on PIC
processors
• Can distinguish between PIC processors
• Published Physical Layer Identification of
Embedded Devices Using RF-DNA
Fingerprinting MILCOM 2010
12
What’s a Side-Channel?
In reality, physical implementations
create unintended “information leaks” known as
Side Channels = Problem for Secure Devices
The direct path from input to output is the intended
or primary information channel.
Timing Info
EM Radiation
Power Consumption
13
AES-128
Round 2 Round 3 Round 4 Round 5
Round 6 Round 7 Round 8 Round 9 Round 10
Round 1
Security Through Computational Complexity
PLAINTEXT
CIPHERTEXT
* Key schedule algorithm is not shown
14
Known Values
plaintext = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R00_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R01_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R01_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXda6cb0ae
R02_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R02_k_sch = XXXXXXXXXXXXXXXXXXXXXXXX38d3bf0f
R03_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R03_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXe1c84037
R04_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R04_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXeea7b960
R05_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R05_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R06_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R06_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R07_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R07_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R08_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R08_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R09_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R09_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R10_start = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
R10_k_sch = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ciphertext = XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Suppose through Side
Channel Analysis we can
determine the last 4 bytes
of 4 round keys
Is this enough to determine
the key?
For example:
16
RESEARCH FOCUS:
Attacking Infrastructure Control Systems
Future Research
• Refine and test methodology
• Improve modeling for cyber operations
• Develop detailed sector knowledge
Contact Information
• Researcher: Major David W. Olander
• Research Sponsor: 315th Network Warfare Sqdn
• Research Advisor: Dr. Richard A. Raines • [email protected]; 937.255.6565 x 4278
Motivation
Cyber attacks on critical
infrastructure and national
cyber assets have become
a domain of war
Problem Addressed
Determine if current planning
processes are suitable for
cyberspace operations
Operational Impact
• Provides foundational base for incorporating
cyberspace operations into traditional
deliberate planning and execution process
Plan
Prepare Execute
Assess
Achievements
• Developed detailed process for cyber attack
• Complements existing military planning and
execution processes
• Brought together ideas from 10
national, DoD, and AF SME
organizations
• Assimilated input into concise
and tailorable framework for
cyberspace warfare
17
RESEARCH FOCUS: Security for Smartphones
Researcher
Jonathan D. Stueckle
Research Sponsor
NSA/CSS
Research Advisor
Dr. Rusty Baldwin, [email protected]
937.255.6565 x 4445
Motivation
•The mobile android platform is an increasingly
popular platform
•All Android platforms incorporate the Android
Protection System (APS), a hardware-
implemented application security mechanism
Operational Impact
Provide a means for USAF and
other DoD organizations to
utilize smartphone capabilities
while restricting the content
allowed on mobile networks,
blocking all malicious content
without adding performance
overhead to the system
Achievements
• APS blocks 100% of unapproved content
while allowing 100% of approved content.
•Performance overhead for APS varies
from 100.5% to 112.5% with respect to
the default Android application installation
process
Problem Addressed
Smartphones have many beneficial capabilities,
although malicious content must be blocked for
security reasons
18
RESEARCH FOCUS:
Covert Botnet Command and Control
Future Research
• Incorporate more realist network traffic scenarios
• Increase types and options for bots and malware
• Experiment with full range of bot-detector apps
Contact Information
• Researcher: Brad D. Sevy
• Research Sponsor: AFRL/RIGA
• Research Advisor: Lt. Col. J. Todd McDonald • [email protected]; 937.255.6565 x 4639
Motivation
Next generation cyber
defensive systems need to
incorporate stealth and
resilience against adversarial
analysis
Operational Impact
• Techniques provide basis for future
operationally-oriented tactics and procedures
designed to lower operational profile of cyber
defensive sensors and platforms
Achievements
• Created virtual environment for launching bot-
net attacks against hosts instrumented with
cutting edge bot-detection software
• Demonstrated three
successful techniques
for hiding C2 traffic
that evaded
leading
bot-detectors
Problem Addressed
Determine if we can introduce stealthy techniques
to C2 initialization of cyber defensive platforms by
casting discovery as a botnet-detection problem
19
Motivation • Commercial Communication Devices
• Inexpensive, Readily Available, Easily Adapted
• Supporting Military & Terrorist Activities
Problem Addressed • Enhanced RF Intelligence (RFINT) Capability
• Exploit RF `Distinct Native Attributes’ (RF-DNA)
• Radar-Like Specific Emitter Identification (SEI)
• Device Type, Manu, Model #, Serial #
RESEARCH FOCUS:
Radio Frequency Fingerprinting
Achievements
• 3G 802.11a WiFI & GSM Cell Phone
• 4G OFDM-802.16e WiMAX
• 80% to 90% Manu & Serial # ID
• Simple MDA-ML Classifier
• 2010 Presentations:
• Int’l Conf on Net Sys Security
• Global Communications Conf
Operational Impact
• RF-DNA `Human-Like’ Discrimination
• Enhanced Situational Assessment/Awareness
• ID, Locate & Track Hostile Emitters
• Small UAV RECON
• Wide-Body RFINT
• Information Assurance
• Anti-Spoofing / Cloning
Future Research • Additional / Emerging 4G Signals
• Cognitive / Software Defined Radio (CR/SDR)
• Increase Classification Engine `Power’
Contact Information
• Researcher: McKay D. Williams, MSEE
• Research Sponsor: AFRL/RY, WPAFB
• Research Advisor: Dr. Michael A. Temple, PhD
[email protected] 937.255.3636 x 4279
Cisco Netgear Linksys
RF
DN
A M
ark
ers
RF
- D
NA
MA
RK
ER
S
Device 1 Device 2 Device 3
20
CyberCorps® Fellowship Benefits
• Fellowships available this year!
• What the fellowship includes:
• $26,200 per year!
• Full tuition!
• A computer!
• Books and course related supplies
• Travel money for professional conferences
• When you finish you’ll have:
• A Master’s degree in Cyber Operations, Computer Science,
Computer Engineering, Electrical Engineering, or
Mathematics from one of the best technical schools in the
nation!
• An important job where you can make a difference!
21
How do I get one of these
fellowships?
You must:
• Request an application at www.afit.edu/ccr
• Be a U.S. Citizen
• Be eligible for security clearance
• Have a bachelor’s degree or be near completion, with a strong background in computer science, computer engineering, math or related field (e.g., electrical engineering)
• Be proficient in programming and code development
• Attend school full time
• Have an undergraduate GPA 3.0 or above
• Have GRE scores of at least 148 quantitative, 153 verbal
• Work for Federal, State, or Local government for 2 years upon completion of program
22
Important Dates
• Request an application at www.afit.edu/ccr ASAP!
• Phase 1 Fellowship Application Deadline: 28 February 2014
• If all fellowships are not awarded in Phase 1, there will be a Phase 2
• Phase 2 Fellowship Application Deadline: 25 April 2014
23
Past Fellowship Recipients (1)
Name Undergraduate University Employer
Curt Barnard Rose-Hulman National Air and Space Intel Ctr
Adam Behring Central Florida State Naval Air Warfare Center
Dustin Berman Bowling Green State University National Security Agency
Bobby Brodbeck University of Dayton MITRE Corporation
Martin Crawford Ohio Dominican National Security Agency
Joseph Elbaum National American Veterans Administration
John Hagen Cedarville University National Security Agency
Eric Hanington Fran Univ of Stuebenville Internal Revenue Service
Andrew Hay University of Arizona National Security Agency
Jonathan Hersack LeTourneau University 688th Info Ops Wing
Mitchell Hirschfeld Capital University National Air and Space Intel Ctr
Kevin Huber Cedarville University National Air and Space Intel Ctr
William Kimball University of Dayton US Air Force
Daniel Koranek Cedarville University Air Force Research Laboratory
Eric Koziel Ohio Northern MIT Lincoln Labs
Michelle Krug Wright State University U.S. Army
24
Past Fellowship Recipients (2)
Name Undergraduate University Employer
Kevin Lustic Ohio University National Security Agency
Justin Myers Cedarville University Naval Criminal Investigative Serv
Mindy Schockling Capital University National Air and Space Intel Ctr
Eric Simonaire Cedarville University Illinois RR Retirement Board
Jacob Stange Mount St. Joseph National Air and Space Intel Ctr
William Stout Wright State University Sandia National Laboratory
Brennon Thomas Rensselaer Polytech Institute 315th Network Warfare Squadron
Lauren Wagoner Ohio State University National Security Agency
Joshua Ziegler University of Findlay PhD Student at AFIT
Matt Zimmerman Cedarville University Air Force Research Laboratory
25
Current Fellowship Recipients
Name Undergraduate University
Nathan Barker Wright State University
William Barto Wright State University
James Brendan Baum Trine University
Robert Cernera Stockton College
Patrick Copeland Wittenberg University
Melanie Cousins Capital University
Stephen Dunlap Cedarville University
Greg Dye Cedarville University
Deanna Fink Wittenberg University
Bradley Flamm Ohio State University
Anthony Grenga University of Mount Union
John Andrew Hearle Cedarville University
Aaron Hudson Alabama A&M
Adrienne Hudson Alabama A&M
Howard Poston University of Dayton
Karen Stebelton Wright State University
Andrew Sterling Cedarville University
Bradley Wright Ohio University
26
Contacting the Center for
Cyberspace Research
Facebook: http://www.facebook.com/CCRnews
Twitter: http://twitter.com/CCR_news/
Web: http://www.afit.edu/ccr/
• Dr. Harold Arata Director [email protected]
• Dr. Rusty Baldwin Research Director [email protected]
• Mr. Mike Hoelzel Program Coordinator
Ph: (937)255-3636 x4323 [email protected]