Presented by Adam Sheffield

Associate Director

Mission
Position Florida as a national leader in cybersecurity and its related
workforce through community engagement, education and
innovative, interdisciplinary research, and community outreach

Create thousands of high-paying jobs in the state's cybersecurity

industry.

Serve as a facilitator for cybersecurity education.

Enhance Florida's cybersecurity workforce, including reintegrating
military veterans by utilizing their specialized skills and training.

Act as a cybersecurity clearinghouse for statewide business and

higher education communities to help mitigate cybersecurity
threats, and optimizing investment to eliminate unnecessary
duplication.

Attract new financial, healthcare, transportation, utility and

defense companies to Florida.

Education
Research
Outreach

New Skills for a New Fight

Launched in January
2016

Fast-track cybersecurity
training/certification
program for veterans

Funded through grant

from Chase

Summer Programs
Cybersecurity programs
for high school students
and teachers

Pre-College
GenCyber

Research
Seed Grant Program

$500,000 awarded annually

to SUS institutions

Eight SUS universities participating in

2016

Collaboration between two or more

SUS institutions

Findings presented at annual

research symposium

Outreach
In 2015:

600+ attended
annual cybersecurity
conference

Dozens of speaking
engagements across
Florida

Media interviews
Gen. Keith B. Alexander, former NSA Director, during 2015 keynote address

Save the Date!

Cybersecurity: Its not just about

Technology
Sriram Chellappan
Dept. of Computer Science and Engineering
University of South Florida
sriramc@usf.edu
http://www.cse.usf.edu/~shri/

MacDill AFB
July 13, 2016

Recent Trends (1)

Source: 2015 IBM Cyber Security Intelligent Index

10

Recent Trends (2)

Source: https://www.netswitch.net/clueless-in-cyber-security-land/
11

Recent Trends (3)

Source: http://www.businessinsider.com/iot-cyber-security-hacking-problemsinternet-of-things-2016-3
12

The Definition of Security in Cyber Space

Security Definition?
State of well being of a system under intentional malicious
activities
Rests on many properties like
Confidentiality protect information from eavesdropping
Integrity ensure correctness of information
Availability ensure services/ information are available
Anonymity (or Privacy) hide identities
Authentication ensure only authorized parties can act
Non Repudiation hold actors accountable

13

Security Threats and Attacks

A threat is a potential violation of security.

Flaws in design, implementation, and operation.

An attack is any action that violates security.

Active adversary.

A threat is typically a precursor to an attack

It is as important to identify threats/ attacks as it is to

defend

14

Security Policy and Mechanism

Policy: a statement of what is, and is not allowed.

Mechanism: a procedure, tool, or method of enforcing a

policy.

Security mechanisms implement functions that help

prevent, detect, and respond to recovery from security
attacks.

Security functions are typically made available to users

as a set of security services through APIs or integrated
interfaces.

Cryptography underlies many cyber security

mechanisms.
15

Eavesdropping - Message Interception

(Attack on Confidentiality)

Unauthorized access to information

Packet sniffers and wiretappers
Illicit copying of files and programs

Eavesdropper
16

Techniques to Enforce Confidentiality

Symmetric keys two parties share the same secret

key

What are the challenges

How to secure transmit the symmetric keys
Key revocation after a certain point in time
Protect the key from being lost

Latest technique to solve this problem

Asymmetric keys

17

Integrity Attack - Tampering With Messages

Stop the flow of the message

Delay and optionally corrupt the message

Release the message again

R

Perpetrator
18

Techniques to Enforce Integrity

Message Authentication Codes

Accomplished using hash functions
Message (M) is sent, along with a digest

Hash(M) a complex mathematical operation

Hash is computed and verified upon receipt of

the message

19

Authenticity Attack - Fabrication

Unauthorized assumption of others identity

Generate and distribute services/ objects under

this identity

Masquerader: from S
20

Techniques to Enforce Authentication

Access control mechanisms

Standard Techniques are passwords

Easy to be captured by adversary
Easy to be guessed by adversary

Evolving techniques
One time password generator
Biometrics

21

Attack on Availability

Destroy hardware (cutting fiber) or software

Destroy packets in transit

Blatant denial of service (DoS):

Crashing the server
Overwhelm the server (use up its resource)
Jam wireless signals
22

Techniques to Enforce Availability

Almost always employ redundancy of

resources

23

Thoughts for Future- Recent Trends

Information Security

Network Security

Attacks and Defenses

24

Information Security

Protecting messages in digital medium is vital

Two broad techniques are there - Steganography and Cryptography

Steganography Hide the existence of the message itself only someone

trained even knows the message exists

Digital watermarking is an active area today audio, video, images, text and
more

25

Recent Trends What to know

Cryptography hide the meaning of the message

Advanced Encryption Standard (AES)

Triple Data Encryption Standard (DES)

They rely on Substitution and Permutation

26

Public-Key Cryptography

Public-key/two-key/asymmetric cryptography involves

the use of two keys:
a public-key, which
may be known by anybody, and
Questions
can be used to encrypt messages
&
a private-key, known only to the recipient, used to
Feedback
decrypt messages

Is asymmetric because
The two keys are different, but they are related
mathematically

27

Encryption

Questions
&
Feedback

28

In Practice

Asymmetric key Crypto is very energy

consuming due to complex mathematics

Questions
& to share a Symmetric Key,
So, it is used one-time
which is used for
encryption.
Feedback

Keys are refreshed periodically

Is the foundation for many encryption protocols

used today
29

Integrity via Hash Functions

hash function H

message

. .
r

Questions
&
Feedback

bit strings of any length

.
.

y
y

message
digest

n-bit bit strings

H is a lossy compression function

Collisions: h(p)=h(q) will happen for some inputs p, q
Result of hashing should look random

Cryptographic hash function needs a two properties

collision resistance and pre-image resistance
30

Availability of Services

DDoS attacks are a major Internet problem

Questions
&
Feedback

31

Availability of Services

Router support can help Traceback

Questions
&
Feedback

32

Authentication

Passwords
One-time Password Generators already
Questions
practical
&
Bio-metrics
Feedback
Socio-metrics

33

Privacy

Questions
&
Feedback

34

Impact of Attacks

Economic impacts
Questions
Societal impacts
&
Feedback
Military impacts

All attacks can be related and are dangerous!

35

Some trade-offs w.r.t. security

Availability vs. Privacy

Confidentiality vs. Power
Questions
management
&
Privacy vs. Latency
AuthenticityFeedback
vs. Privacy

36

Operational Issues

Cost-Benefit Analysis
Risk Analysis
Laws and Customs
Questions

&
Human
Issues
Feedback

Organizational Problems
People Problems

37

Acknowledgments

National Science Foundation CAREER, SaTC, REU and CRI programs

Army Research Office

Questions
National Security Agency &
Feedback
Dept. of Education

University of South Florida and University of Missouri System

38

Questions
&
Feedback

Thank you

39