Archive for the ‘Uncategorized’ Category

Scantegrity election verification system

Saturday, November 1st, 2008

Scantegrity has a new web site for the international research and open-source software project that includes contributors from the UMBC, George Washington University, the University of Ottawa, the University of Waterloo, and MIT. The UMBC lead for the project is Alan Sherman. The project has developed Scantegrity II an election verification technology for optical scan voting systems. It uses privacy preserving confirmation numbers to allow each voter to verify her vote is counted. The confirmation numbers also allow anyone to verify that all the votes were counted correctly. Election officials can use Scantegrity as a standalone system or as an add-on to provide a low-footprint audit companion solution for any current optical scan voting system. All extra functionality is optional for voters, staying out of the way of what voters need to do—vote. A trial run of Scantegrity II is planned next week for a municipal election in Takoma Park MD.

NRC raises issued with datamining for counterterrorism

Tuesday, October 7th, 2008

The National Research Council released a report on the effectiveness of collecting and mining personal data, such as such as phone, medical, and travel records or Web sites visited, as a tool for combating terrorism. The report, titled Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment, was produced by a multi-year study was carried out at the request of DHS and NSF.

The NRC’s press release on the study notes that routine datamining can help in “expanding and speeding traditional investigative work”, it questions the effectiveness of automated datamining and behavioral surveillance.

“Far more problematic are automated data-mining techniques that search databases for unusual patterns of activity not already known to be associated with terrorists, the report says. Although these methods have been useful in the private sector for spotting consumer fraud, they are less helpful for counterterrorism precisely because so little is known about what patterns indicate terrorist activity; as a result, they are likely to generate huge numbers of false leads. Such techniques might, however, have some value as secondary components of a counterterrorism system to assist human analysts. Actions such as arrest, search, or denial of rights should never be taken solely on the basis of an automated data-mining result, the report adds.
    The committee also examined behavioral surveillance techniques, which try to identify terrorists by observing behavior or measuring physiological states. There is no scientific consensus on whether these techniques are ready for use at all in counterterrorism, the report says; at most they should be used for preliminary screening, to identify those who merit follow-up investigation. Further, they have enormous potential for privacy violations because they will inevitably force targeted individuals to explain and justify their mental and emotional states.”

The report suggested criteria and questions addressing both the technical effectiveness as well as impact on privacy to help policymakers assess data-based counterterrorism programs. It also calls for oversight and both technical and policy safeguards to protect privacy and prevent “mission creep”. Declan McCullagh has a good summary of the key recommendations.

The 352 page report can be downloaded from the National Accademies Press site for $37.00.

Secure Knowledge Management Workshop, Dallas, 3-4 Nov 2008

Sunday, October 5th, 2008

The Third Secure Knowledge Management Workshop will be held next month in Richardson TX on 3-4 November 2008. The workshop was organized by several AISL researchers, including Bhavani Thuraisingham as general chair and Murat Kantarcioglu as program chair.

The program features two keynote talks, one by Dr. Nabil Adam, a DHS Science and Technology Fellow and Professor at Rutgers University, and another by Tom Hill, the Director of EDS Fellows and Distinguished Engineering Programs for EDS, an HP company. Fifteen submitted papers will be presented in a single track. The papers cover a diverse set of topics topics underlying the management of secure knowledge resources, including the economics of secure KM, architectures for secure KM, to private KM. There will also be a panel on Issues Facing Women Cybersecurity Researchers, with renowned experts in the field. The workshop is partially supported by the National Science Foundation and the University of Texas at Dallas.

Chris Clifton gives keynote at ACM workshop on AI and security

Sunday, September 28th, 2008

AISL researcher Chris Clifton of Purdue University will give a keynote talk at the The First ACM Workshop on AISec. This workshop is focused on bringing the AI and security research communities together to explore how AI tools and techniques can be applied to problems in information security.

Chris’ talk is titled Opportunities for Private and Secure Machine Learning and has the following abstract.

While the interplay of Artificial Intelligence and Security covers a wide variety of topics, the 2008 AISec program largely focuses on use of artificial intelligence techniques to aid with traditional security concerns: intrusion detection, security policy management, malware detection, etc. This talk will address the flip side of the issue: Using machine learning on sensitive data.

The privacy-preserving data mining literature provides numerous solutions to machine learning on sensitive data, while protecting the data from disclosure. Unfortunately, privacy has yet to provide the economic incentives for commercial development of this technology.

This talk will survey this work (and open challenges) in light of problems that may have greater incentives for development: collaborative machine learning by parties that do not fully trust each other. Opportunities include job brokerage (assigning jobs in ways that most efficiently utilize resources of competing companies), supply chain optimization, inter-agency data sharing, etc. Techniques similar to those in privacy-preserving data mining can enable such applications without the degree of information disclosure and trust currently required, providing a business model for development of the technology (and as a by-product, reducing the number of trusted systems that need to be secured.)

Feel paranoid that Google Chrome is spying on you? Apply UnChrome!

Monday, September 15th, 2008

I’ve seen the following attributed to Woody Allen:

    Question: what’s a three syllable word beginning with ‘P’ that means you think that everybody’s against you?
    Answer: perceptive.

unchromeIt’s fashionable in some circles to be paranoid about Google. If they ever do abandon their Don’t be evil informal motto then we are all in trouble. Search engines can gather a lot of information about a person’s interests. While Google is not the only search engine available, they have assembled quite an array of Web systems, including gmail, Google reader, Google groups, DoubleClick, Feedburner and many more. They would be in a good position to integrate a lot of information about a person’s behavior on the Web.

Enter Google Chrome.

If you own the browser, you can get the full range of a person’s Web activities. What worries some is that each Google Chrome installation contains a unique ID, which could be used to identify its user. The German company Abelssoft has released UnChrome as an application that effectively makes your copy of Google Chrome anonymous.

“Regarding to Google, “Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier”. Unfortunately, each Google Chrome installation contains a unique ID that allowing identifying its user. Google doesn’t make it an easy job to remove this ID.

UnChrome helps you with this task. It replaces your unique ID with Null values so that your browser cannot be identified any longer. The functionality of Google Chrome is not influenced by this. You only need to apply UnChrome once.”

I think this is paranoia rather than being perceptive, but just because you’re paranoid doesn’t mean they aren’t out to get you.

A-Space: a social networking site for intelligence analysts

Sunday, September 7th, 2008

Sixteen US intelligence agencies are encourage their staff to use A-Space, a new social-networking site for analysts being developed by the US Government and slated for launch on 22 September.

A-Space is an effort sponsored by the Office of the Director of National Intelligence. The Defense Intelligence Agency is managing the project with serving as the prime contractor for development.

CNN has an article, CIA, FBI push ‘Facebook for spies’, with some of the details.

“It’s a place where not only spies can meet but share data they’ve never been able to share before,” Wertheimer said. “This is going to give them for the first time a chance to think out loud, think in public amongst their peers, under the protection of an A-Space umbrella.” Wertheimer demonstrated the program to CNN to show how analysts will use it to collaborate.

“One perfect example is if Osama bin Laden comes out with a new video. How is that video obtained? Where are the very sensitive secret sources we may have to put into a context that’s not apparent to the rest of the world?” Wertheimer asked. “In the past, whoever captured that video or captured information about the video kept it in-house. It’s highly classified, because it has so very short a shelf life. That information is considered critical to our understanding.”

Material on A-Space is, of course, highly classified and compartmentalized, so there will be stringent access control procedures. To further prevent information from being inappropriately accessed or used, A-Space will employ additional mechanisms, including monitoring for anomalous access patterns.

“We’re building [a] mechanism to alert that behavior. We call that, for lack of a better term, the MasterCard, where someone is using their credit card in a way they’ve never used it before, and it alerts so that maybe that credit card has been stolen,” Wertheimer said. “Same thing here. We’re going to actually do patterns on the way people use A-Space.”

Federal Computer week also has a recent article on A-Space, A-Space set to launch this month.

Scientific American special issue: will technology kill privacy?

Saturday, August 30th, 2008

Scientific American\'s special issue on The Future of Privacy, September 2008.The September 2008 Scientific American is a special issue on The Future of Privacy. The issue has a good range or articles that all look like they are well worth reading and touch on all of the theme in our new MURI project on assured information sharing.

Are Russian users particiating in cyberattacks on Georgia?

Wednesday, August 13th, 2008

Updated below.

In a post about the recent cyberattack of Georgian computers from Russian sites, the shadowserver site asks, “Is it possible the same thing that happened to Estonia is happening to Georgia? To put it quite simply, the answer is yes.” They offer the following as evidence.

“Lots of ICMP traffic and Russian hosts sounds a lot more like users firing off the ‘ping’ command and a lot less like some evil government controlled botnet. It did not take us long to find out what is going on. Much like in the attacks against Estonia, several Russian blogs, forums, and websites are spreading a Microsoft Windows batch script that is designed to attack Georgian websites. Basically people are taking matters into their own hands and asking others to join in by continually sending ICMP traffic via the ‘ping’ command to several Georgian websites, of which the vast majority are government.

The following text is a redacted version of the script being posted:

We have removed the actual commands and parameters of the script to avoid being a distribution point for it. However, you can see the raw list of targets that are being spread across the websites. This script has been posted on several websites and is even being hosted as “war.rar” which contains “war.bat” within it on one site. It would appear that these cyber attacks have certainly moved into the hands of the average computer using citizen.”

Their conclusion is that ordinary users are now participating in the continuing attacks on Georgian websites.

Update I (8/13): Ars Technica has a post, , that quotes experts who questions the idea that the Russian government was ever involved with the DDOS attacks.

“According to Gadi Evron, former Chief information security officer (CISO) for the Israeli government’s ISP, there’s compelling historical evidence to suggest that the Russian military is not involved. He confirms that Georgian websites are under botnet attack, and that yes, these attacks are affecting that country’s infrastructure, but then notes that every politically tense moment over the past ten years has been followed by a spate of online attacks. It was only after Estonia made its well-publicized (and ultimately inaccurate) accusations against Russia that such attacks began to be referred to as cyberwarfare instead of politically motivated hackers.”

Update II (8/14): A Google Blog Search query returns two results for the comment in the script posted by shadowserver. A search against Google’s main index turns up a few more that look like they are intended to share it with people who will use it. And, finally, a search over Google Groups returns no results. It looks like there are only about ten instances on open sites indexed by Google. I was not able to find anything using Technorati. it may be that there are online sites that Google is not indexing that are being used. If the script was widely distributed, it may have been done using mailing lists that are not indexed by google, either because they are marked as private or run by another company, like Yahoo.

Cyberwar between Russia and Georgia preceeded shooting

Tuesday, August 12th, 2008

In an article in Wednesday’s New York Times, Before the Gunfire, Cyberattacks, John Markoff describes how the Russia-Georgia conflict broke out on the Internet weeks before the troops engaged.

“Weeks before bombs started falling on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace. Jose Nazario of Arbor Networks in Lexington noticed a stream of data directed at Georgian government sites containing the message: “win+love+in+Rusia.”

Other Internet experts in the United States said the attacks against Georgia’s Internet infrastructure began as early as July 20, with coordinated barrages of millions of requests — known as distributed denial of service, or D.D.O.S., attacks — that overloaded and effectively shut down Georgian servers.

Researchers at Shadowserver, a volunteer group that tracks malicious network activity, reported that the Web site of the Georgian president, Mikheil Saakashvili, had been rendered inoperable for 24 hours by multiple D.D.O.S. attacks. They said the command and control server that directed the attack was based in the United States and had come online several weeks before it began the assault.

As it turns out, the July attack may have been a dress rehearsal for an all-out cyberwar once the shooting started between Georgia and Russia. According to Internet technical experts, it was the first time a known cyberattack had coincided with a shooting war.

But it will likely not be the last, said Bill Woodcock, the research director of the Packet Clearing House, a nonprofit organization that tracks Internet traffic. He said cyberattacks are so inexpensive and easy to mount, with few fingerprints, they will almost certainly remain a feature of modern warfare. “It costs about 4 cents per machine,” Mr. Woodcock said. “You could fund an entire cyberwarfare campaign for the cost of replacing a tank tread, so you would be foolish not to.”

There’s lots more of interest to read in the article.