Spring 2021 CS Cyber Security Reading Group
Members: Yashwanth Bandala, Yu Cai, Bo Chen (co-advisor), Niusen Chen, Shashank Reddy Danda, Siva Krishna Kakula, Vishnu Kamaraju, Alex Larkin, Justin Martin, Jean Mayo (co-advisor), Joe Muhle, Jagi Rinchin, Sai Venkateswaran, Sankalp Shastry, Shuo Sun, Deepthi Tankasala, Yuchen Wang, Wen Xie, Xiaoyong Yuan
Time: 2:00 – 3:00pm Friday, February 5, 2021
Presenter: Niusen Chen
Title: MobiWear: A Plausibly Deniable Encryption System for Wearable Mobile Devices
Abstract: Mobile computing devices are widely used in our daily life. With their increased use, a large amount of sensitive data is collected, stored, and managed in the mobile devices. To protect sensitive data, encryption is often used but, traditional encryption is vulnerable to coercive attacks in which the device owner is coerced by the adversary to disclose the decryption key. To defend against the coercive attacks, Plausibly Deniable Encryption (PDE) has been designed which can allow the victim user to deny existence of hidden sensitive data. The PDE systems have been explored broadly for smartphones. However, the PDE systems which are suitable for wearable mobile devices are still missing in the literature. In this work, we design MobiWear, the first PDE system specifically for wearable mobile devices. To accommodate the hardware nature of wearable devices, MobiWear uses image steganography to achieve PDE, which suits the resource-limited wearable devices. In addition, to facilitate input of keys for PDE, MobiWear relies on various sensors equipped with the wearable devices, rather than requiring users to enter them via a keyboard or a touchscreen. Our security analysis as well as experimental evaluation using a real-world prototype (ported to an LG G smartwatch) show that MobiWear can ensure deniability with a small computational overhead.
Time: 2:00 – 3:00pm Friday, February 19, 2021
Presenter: Sai Venkateswaran
Title: Improving security of Web-based Application Using ModSecurity and Reverse Proxy in Web Application Firewall
Abstract: Organizations and Individuals use web application to exchange any information. So, there are chances for increase in attacks on web applications where the attackers try to exploit the vulnerabilities. This paper focuses on how the organization can protect their information transfer using Web Application Firewall (WAF) by filtering packets, logging the packet transfer and block any malicious HTTP request. Also, it demonstrates WAF on a web-based application using ModSecurity and Reverse Proxy method. Finally, the paper demonstrates how few vulnerabilities like SQL injection, cross-site scripting can be stopped using ModSecurity and Reverse Proxy method.
Time: 2:00 – 3:00pm Friday, March 5, 2021
Presenter: Vishnu Kamaraju
Title: Buffer Overflow Exploit and Defensive Techniques
Abstract: In this talk, we will discuss buffer overflow and what causes it, how memory stack functions, and CPU registers. We will discuss what EIP is and how it handles the flow of programs in memory, and how overwriting it will lead to opportunities for exploiting computer buffer. Then, we will walk through a practical example using the service SyncBreeze and also talk about mitigation techniques.
Time: 2:00 – 3:00pm Friday, March 19, 2021
Presenter: Sankalp Shastry
Title: My experience as an External Pentester
Abstract: This presentation covers my experience while interning for a cybersecurity firm. The presentation covers some basic information about pentesting followed by the process of pentesting over the online as well as the offline domain. The final segment covers documentation and reporting. This presentation is focused on sharing my experience as a pentester and the different tools and processes that I had to follow while performing the penetration test.
Time: 2:00 – 3:00pm Friday, April 2, 2021
Presenter: Deepthi Tankasala
Title: Bitcoin: A Peer-to-Peer Electronic Cash System
Abstract: A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution. Digital signatures provide part of the solution, but the main benefits are lost if a trusted third party is still required to prevent double-spending. The paper proposes a solution to the double-spending problem using a peer-to-peer network. The network timestamps transactions by hashing them into an ongoing chain of hash-based proof-of-work, forming a record that cannot be changed without redoing the proof-of-work. The longest chain not only serves as proof of the sequence of events witnessed, but proof that it came from the largest pool of CPU power. As long as a majority of CPU power is controlled by nodes that are not cooperating to attack the network, they'll generate the longest chain and outpace attackers. The network itself requires minimal structure. Messages are broadcast on a best effort basis, and nodes can leave and rejoin the network at will, accepting the longest proof-of-work chain as proof of what happened while they were gone.
Time: 2:00 – 3:00pm Friday, April 16, 2021
Presenter: Wen Xie
Title and abstract to be added.