Despite numerous security protocols and best practices used today, breaches still (and will always) exist. This is due to the fact that security (in its general form) is an ongoing challenge where adversaries need to succeed once, but defenders (security architects, system admins, ...etc) have to be lucky all the time. With the rapid development of computer and connected systems which affect people’s lives, the security of such systems should not be overlooked. My research focuses on securing network communication to ensure that systems serve the public while truly maintaining their required security services such as authentication, authorization, confidentiality, and integrity while still being usable. I also work on enhancing and improving cybersecurity education through the development of interactive learning materials and hands-on activities/labs that are reasonable for the classroom environment.
Secure Health Information Exchange
The value of medical records is sustained compared to other documents. Cybercriminals sell partial medical information at a rate of $50 per record on the black market, compared to $1-$3 for a stolen social security number or credit card number. Electronic medical records get hacked while they are at rest. Currently, medical records are being exchanged between healthcare organizations using either fax or regular mail. What will happen when those medical records get exchanged electronically? How secure will such exchange be? What challenges are preventing Health Information Exchange? These are the questions we need to answer in order to develop a vendor-independent protocol to secure Health Information Exchange.
Understanding Security Risks When Exchanging Medical Records Using IHE
Contributors: Simranjit Bhatia
A Secure Health Information Exchange Protocol with Reduced Round Count
Contributors: Monique Mezher and Nathan Hellmuth
Analysis of Recent Research on Secure Health Information Exchange
Enhancing Cybersecurity Education
A major challenge facing academia in preparing students with useful and effective cybersecurity skills is the difficulty and complexity of offering meaningful and manageable hands-on exercises. For example, it can take a student or instructor 20 minutes to set up an environment such that the student can perform an exercise in a few minutes. This project focuses on developing reasonable exercises to be performed by learners such as understanding attacks on SSL/TLS, DNS, and SSH after becoming a Man-in-the-Middle.
Generating PDFs with SHA-1 Collisions [GitHub] [Paper] [US Cyber Range]
This exercise demonstrates how easy it is to generate two different PDFs which have the same SHA-1 checksum. It explains, on a high level, the shattered principle and provides a hands-on approach to generating SHA-1 collisions using a publicly available tool (https://github.com/nneonneo/sha1collider).
Contributors: Monique Mezher
SSL/TLS Session Hijacking
This exercise shows how SSLStrip can easily allow attackers to deceive casual untrained web users in order to obtain their login credentials. In this exercise, the attacker performs a man-in-the-middle attack to establish an insecure session with the victim and establish a legitimate connection with the server.
Contributors: Eleanor O’Neil
Intercepting Secure Communication using Rogue X.509 Certificates
This exercise demonstrates a vulnerability that some Certificate Authorities had in 2009 which allows attackers to impersonate CAs and intercept communication without the victim noticing any change in the secure URL they are visiting.
Contributors: Sumin Kim and Daniel Choi
Intranet DNS Spoofing
This exercise demonstrates how a DNS spoofing attack can redirect victims to malicious servers. In this exercise, the attacker spoofs DNS replies to the victim in order to redirect the browser to a malicious website.
Contributors: Cherise Holmes
SSH Session Hijacking
This exercise demonstrates how to hijack SSH sessions and obtain the victim's SSH credentials alongside a log of commands used by the victim after becoming a Man-in-the-Middle.
Contributors: Maggie Gates and Christopher Raley
Hacking WEP and WPA2 Access Points
This exercise allows students to ethically hack five WiFi access points which have different settings and configuration. Two access points are configured to run WEP (with a 64-bit key each) and don’t have any connected clients. Two access points are configured to run WEP (one with a 64-bit key and another with a 128-bit key) and have connected clients. One access point is configured to run WPA2 and the students are given a wordlist that they use to crack the password.
How to Build and Hack an Exploitable WiFi Environment [GitHub] [Workshop] [Innovation Publication]
This project provides educators and learners with detailed directions on (1) how to build an exploitable WiFi environment, (2) how Raspberry Pis can be used to act as the necessary clients for your access points, and (3) how to hack such access points.
Contributors: Michael Benos
In the early 2000s, parliamentary elections in Egypt (part of the democracy tools) had been facing serious challenges. Between 2006 and 2009, I conducted research on e-voting security for the Egyptian parliamentary elections, which involved studying the elections system, identifying key components to make a usable electronic voting scheme, and designed a protocol that allowed for voter privacy while remaining verifiable, and ensuring election integrity.
I’m interested in looking for solutions that are flexible enough to be used in any election setting such that it can provide voter privacy, election integrity, and public acceptance.
"There is very little offensive research in this field. There are only three groups who ever remotely hacked a car. Without offensive research, it is hard to tell what are the best defensive ideas or who are the best defensive practitioners because all the defense "works" since no one is trying to show it doesn't." - Charlie Miller
In this project, you will study car hacking techniques. You will set up an environment very similar to that in the automobile, including multiple electronic control units (ECUs) as well as sensors and actuators.
Securing IoT and SOHO devices
Many IoT and SOHO devices are designed with ease of connectivity in mind. In many cases, this has led to less secure devices connected to networks which could leak useful information to attackers. One example is the Ring WiFi Doorbell which was found to be connecting via plain HTTP to setup the password at first use. After being deauthenticated from the network, hackers were able to obtain all setup configuration which gave them access to the device later on. I am interested in exploring the possibility of having such devices establish secure connections from the moment they are attached to and connected to a network.
Red and Blue Teams Automation
With the continuous adoption of the Red and Blue teams in businesses and institutions, it has become increasingly important to automate most of what these teams do. Because human action in these scenarios is complex, automation is not easy. In this project, we look into building an environment where Red and Blue Team activities can be exercised and then studied such that they can be automated.