RIT cybersecurity research recognized at top computing conference in London

RIT researchers are heading to London in November to share four of their top cybersecurity research projects at an Association of Computing Machinery (ACM) conference. The RIT research varies from studying new machine-learning cyberattacks to an analysis of Security Operations Center issues.

Four RIT papers were accepted to the 26th ACM Conference on Computer and Communications Security (CCS), held Nov. 11-15 in London. The event is the flagship annual conference of the ACM’s Special Interest Group on Security, Audit and Control (SIGSAC).

The conference brings together information security researchers, practitioners, developers and users from all over the world to explore cutting-edge ideas and results. About 150 papers were accepted to the conference.

“Having four papers recognized is a record for RIT,” said Matthew Wright, professor and director of the Center for Cybersecurity at RIT, who will be attending the conference. “This is the ACM’s major conference in computer and network security and one of the top four such conferences in the field, so everything presented represents a significant contribution that leading researchers in the field deemed worth reading and hearing about.”

The four RIT research papers accepted include:

Matched and Mismatched SOCs: A Qualitative Study on Security Operations Center Issues, by Ziming Zhao, assistant professor of computing security at RIT, and other Arizona State University researchers.

The researchers studied the problems specific to the Security Operations Centers that manage incidents for companies and governments. The team conducted interviews with Security Operations Center analysts and managers in order to identify the technical and non-technical issues that they agree and disagree on.

The team believes its findings will encourage center professionals to develop a better understanding of each other. The study also proposed research opportunities to improve the efficiency and effectiveness of centers.

Proof Carrying Network Code, by Minseok Kwon, professor of computer science at RIT; Sahil Gupta, a computing and information sciences Ph.D. student; former RIT student Kyle Diller; and other Cornell University and University of Vermont researchers.

The team developed programming logics to specify and enforce security policies in federated network settings, focusing on authorization and network behavioral policies, including firewalls.

“We developed the Proof Carrying Network Code (PCNC) framework, that allows software defined network programming by multiple, possibly non-local administrative domains, in a secure manner,” said Kwon. “PCNC provides features for checking authorization of administrative domains for network programming and allows programs themselves to be verified with respect to behavioral policy specifications.”

Triplet Fingerprinting: More Practical and Portable Website Fingerprinting with N-shot Learning, by Payap Sirinam, a 2019 Ph.D. graduate of RIT’s computing and information sciences program and a current faculty member at the Navaminda Kasatriyadhiraj Royal Air Force Academy in Thailand; Nate Matthews, a computing and information sciences Ph.D. student; Mohammad Saidur Rahman, a computing and information sciences Ph.D. student; and Matthew Wright, professor and director of the Center for Cybersecurity housed in the Golisano College of Computing and Information Sciences.

Researchers explored how the Tor anonymity system is vulnerable to an attack called website fingerprinting, which requires huge amounts of data to be downloaded and regularly refreshed to attain high levels of accuracy.

With the research, authors demonstrated the effectiveness of a new attack using a machine-learning technique called “triplet-loss learning,” which enables an attacker to perform effective website fingerprinting attacks with much less data—as few as five website downloads for each site the attacker is interested in monitoring.

“Given that the attack could be conducted with minimal resources by someone sniffing the victim’s wireless internet connection, it highlights the need for designing effective defenses to help keep Tor users safe,” said Wright.

You Are Who You Appear to Be: A Longitudinal Study of Domain Impersonation in TLS Certificates, by Taejoong Chung, assistant professor of computer science at RIT, and other University of Maryland and Northeastern University researchers.

The study looks at the threat to end-to-end authentication, which allows users to know who they are communicating with online. The researchers identified a new classification of an impersonation attack that they call target embedding.

After conducting a user study, researchers found that target embedding is the most effective attack against browsers today. Their analysis looks at how target embedding impersonation has evolved, who is responsible for issuing impersonating certificates, who hosts the domains, where the economic choke-points are and discusses counter-measures against this growing threat.

To address the critical workforce needs in cybersecurity and help solve cybersecurity problems, RIT has announced the creation of a Global Cybersecurity Institute (GCI). The new three-story facility will allow RIT to address the global cybersecurity crisis by conducting groundbreaking research, education and professional training and development. Steve Hoover, the Katherine Johnson Executive Director, is running the GCI. It is expected to open in fall 2020 and will be the first facility of its kind in upstate New York.