CSUCI Master of Computer Science students were successful in submitting two papers to KES 2020, the 24rd International Conference on Knowledge-Based and Intelligent Information & Engineering Systems, which this year is taking place in Verona, Italy, in September 2020. However, due to the COVID pandemic, the conference will be held virtually. The papers are the following:
Malware Persistence Mechanisms, co-authored by Zane Gittins and Michael Soltys. Zane Gittins is a masters student in Computer Science at CSUCI, and this paper is the result of his masters thesis. Zane Gittins has worked as a Cybersecurity experts at HAAS, and currently is working at Meissner Filtration. (This paper will be presented in the General Track session G3b: Cybersecurity.)
Voyager: Tracking with a Click, co-authored by Samuel Decanio, Kimo Hildreth and Michael Soltys. Sam Decanio is a masters student in Computer Science at CSUCI, and this paper is the result of his masters thesis and a fruitful collaboration between Computer Science at CI and the SoCal High Technology Task Force. Sam Decanio is currently working at the Navy. (This paper will be presented in the General Track session G3b: Cybersecurity.)
CI Computer Science students were successful in submitting three papers to KES 2019, the 23rd International Conference on Knowledge-Based and Intelligent Information & Engineering Systems, which this year is taking place in Budapest, Hungary, in September 2019. The papers are the following:
Approximating consistency in pairwise comparisons, co-authored by Chris Kuske, Konrad Kułakowski and Michael Soltys. Chris Kuske was a masters student in Computer Science at CI, and this paper is the result of his masters thesis [pdf], which was co-supervised by Prof. Konrad Kułakowski (AGH), who at the time was a Kościuszko Scholar in Computer Science at CI. Chris Kuske is a Software Lead at Teledyne Controls where he develops avionics software for commercial aircrafts. (This paper will be presented in the Invited Session IS18: Decision modeling with and without pairwise comparisons.)
SEAKER: A mobile digital forensics triage device, co-authored by Eric Gentry and Michael Soltys. Eric Gentry was a masters student in Computer Science at CI, and currently working at GBL Systems, and lecturing for Computer Science at CI. This paper is the result of a collaboration between Computer Science at CI and the SoCal High Technology Task Force. For more details on this collaboration please see here. (This paper will be presented in the Invited Session IS13: Cybercrime Investigation and Digital Forensics.)
Deploying Health Campaign Strategies to Defend Against Social Engineering Threats, co-authored by Noelle Abe and Michael Soltys. Noelle Abe is a senior student at CI, who just graduated this May with a degree in Computer Science. Noelle Abe was both a President’s Scholar at CI, and the vice-president of the Computer Science Girls Club. This paper was initiated by Noelle as part of her research as an exchange student in the UK in 2017. (This paper will be presented in the Invited Sessions IS24: Knowledge-based Learning and Education Support System: Design and Function.)
In the summer 2017, while I was teaching COMP 524 (Cybersecurity) at California State University Channel Islands, the students were introduced to a project based on an R&D from the SoCal High Technology Task Force (HTTF). The requirements and specifications asked for a device that could automate the search through vast amounts of data contained in portable devices (such as hard disks and thumb-drives), looking for pre-established patterns in file-names.
We have also published the research resulting from the SEAKER project:
As the masters thesis of Eric Gentry, April 2019 [pdf]
In the proceedings of the 2019 Future of Information and Communication Conference (FICC) [doi]
To appear in the proceedings of the 2019 23rd International Conference on Knowledge-Based and Intelligent Information & Engineering Systems (KES), track: Cybercrime Investigation and Digital Forensics
In September of 2018, a group of CI students, working on their senior capstone project under my supervision, started to build a machine capable of massive parallel computing. We christened the machine “The Beast.” We undertook to build the machine following the specification of the So Cal High Technology Task Force (HTTF) digital forensics lab in Ventura County.
The Beast was built with five EVGA GeForce GTX 1080Ti, capable of massive computational parallelism, a MSI Z370-A-Pro motherboard, a i5-8400 CPU, as well as a Hydra II 8 GPU 6U Server Mining Rig Case, and power supplied capable of maintaining four big fans; cooling The Beast was an important part of the project.
The students who participated in the project were, in alphabetical order, Noelle Abe, Benjamin Alcazar, Matthew Atcheson, Joshua Buckley, Joshua Carter, John Miller, Scott Slocum, Ryan Torres and Devon Trammell (the team leader). On May 2nd, after working on the project during both terms of 2018/19, and having overcome many technical difficulties, the team presented The Beast at the Computer Science Advisory Board Meeting and the Computer Science Capstone Showcase; following these presentation, The Beast was handed over to the SoCal HTTF digital forensics lab. As you can see from the first picture above, The Beast has settled in its new home, a cooling room at the HTTF lab.
My student Geetanjali (Geet) Agarwal defended her masters thesis titled Aneka – Wavelet Image Hashing Algorithm, see announcement, where the contribution is a framework of hashing algorithms for image recognition. This important work is done in collaboration with the SoCal High Technology Task Force (HTTF). Geet deployed the AWS to accomplish her results, including EC2 instances and MySQL databases used to run experiments on thousands of images. Geet’s thesis will be available after the final draft is ready.
Voyager is a software that implements what is called an invisible bit (aka, a tracking bit), that can be used to track certain activities. Voyager deploys the AWS network infrastructure, and its Data Base, the Relational Database Service (RDS). Voyager has been implemented at CI by a group of Computer Science students, as a Research & Development project for the HTTF. From AWS website:
Amazon Relational Database Service (Amazon RDS) makes it easy to set up, operate, and scale a relational database in the cloud. It provides cost-efficient and resizable capacity while automating time-consuming administration tasks such as hardware provisioning, database setup, patching and backups. It frees you to focus on your applications so you can give them the fast performance, high availability, security and compatibility they need.
For this project, we are also using the following tools: EC2, S3 and Route 53.
Anyone working in the field of Digital Forensics is aware that a substantial portion of time is dedicated to reverse engineering passwords. That is, in most cases a digital forensics investigator receives a password-protected handheld device, or a laptop with an encrypted hard disk, or a Microsoft Word document which has been password protected.
It is then the task of the investigator to try to retrieve the evidence, and that in turns requires reverse engineering the password; in some cases this can be achieved by recovering the hash of the password, which is stored somewhere (the locations are often known) on the device’s memory.
In order to obtain the password from the hash, we have to run a brute-force search algorithm that guesses passwords (the guesses can be more or less educated, depending on what is known about the case). Sometimes we get lucky. There are two programs that are used extensively for this purpose: John the Ripper and hashcat.
As we have been studying methods for recovering passwords from hashes, we have been using AWS EC2 instances in order to run experiments and help HTTF with their efforts. Together with senior capstone students as well as graduate students in Cybersecurity, we have been creating a set of guidelines and best practices to help in the recovery of passwords from hashes. AWS EC2 instances are ideal as they can be crafted to the needs and resources of a particular case. For example we are currently running a t2.2xlarge instance on a case where we have to recover the password of a Microsoft Word document; we have also used a p2.16xlarge with GPU-based parallel compute capabilities, but it costs $14/hour of usage, and so we deploy it in a very surgical manner.
On the evening of April 20, 2018 Assemblymember Jacqui Irwin and CSU Channel Islands president Erica D. Beck co-hosted a Cybersecurity event in Sierra Hall, promoting regional industry partnerships. At this event we had the opportunity to showcase our work – three masters students and one senior student presented research under my supervision:
Zane Gittins spoke about his network penetration testing at HAAS: this work started as a Hank Lacayo Internship at HAAS in the fall of 2017, but since then Zane has been hired by HAAS to continue his work.
Eric Gentry spoke about the SEAKER project, a digital forensic tool that was developed with and for the High Technology Task Force (HTTF) at the Ventura forensic lab. We presented this tool at an event on August 7, 2017.
Geetanjali Agarwal spoke about the Image Recognition project, also inspired by the work done at the HTTF at the Ventura lab, where we aim to identify images from partially recovered files and compare them to a bank of images using the difference hash technique.
I introduced the students making some remarks elaborating on president Beck’s statement about partnerships between CI and the Ventura industry. As a CI faculty, I find interdependence in the triad of Scholarship, Teaching and Industry relations. Many of our projects start by addressing a Research & Development need of the community, such as the SEAKER tool for HTTF. We use it to teach our students a hands-on approach to problem solving in Computer Science; we aim to produce quality work that advances knowledge and is publishable.
Scholarship, the first component of the triad, is really composed of three simultaneous activities: the research itself, which is laborious, time consuming, consisting of literature review and the cycle of hypothesis, testing and proving.
The funding component: labs, equipment, salaries, conferences, all these require funds, which can be secured through grants, philanthropic gifts or state support.
And finally dissemination, which is crucial as without it no one is aware of our work, and which takes place through publishing, conference presentations, blog writing, and events such as the one described in this blog. At CI we are lucky in that Advancement facilitates both fundraising and dissemination.
On August 7, 2017, the CI Computer Science students presented a prototype of a digital forensic tool, which we named SEAKER (Storage Evaluator and Knowledge Extraction Reader), as part of their Masters COMP 524 Cybersecurity course. This project was a collaboration between the Ventura County District Attorney (VCDA) Digital Forensics Lab and CI Computer Science, under the umbrella of the SoCal High Technology Task Force (HTTF).
The students presented a live demo with devices supplied by the Ventura County DA. The SEAKER prototype was able to compile search results in less than a minute depending on the size of the device. According to VCDA officials at the presentation this is a remarkable increase in efficiency and will be a useful tool in the field: while imaging of a hd can take up to 4 hours, SEAKER performs a triage search in minutes.
Digital Forensics (DF) deals with the recovery and investigation of clues from digital devices (computers, handhelds, iPads, routers, modems, DVRs, etc.). The goal of this effort is to support or refute a hypothesis in court. DF is a complex and technical field: it can be used to attribute evidence to specific suspects, confirm alibis or statements, determine intent, identify sources, or authenticate documents.
A DF investigation commonly consists of 3 stages: acquisition or imaging of exhibits, analysis and reporting. The SEAKER tool helps with the acquisition of data from digital devices in a way that prevents tampering.
The SEAKER project was a fantastic learning experience for our students, as its design and prototyping combined many different skills: The C programming language, BASH shell scripting, the Linux Operating Systems and command line, the Raspberry Pi hardware, Gliffy diagrams, Dropbox Paper (which we used as a Wiki); Slack collaborative discussion / brainstorming tool, the GitHub software repository which was used as a collaborative tool in the design of the software that animated the Raspberry Pi, WordPress blogging, AWS S3 which served as a repository of the final product, Grep (regular expressions and pattern matching), working with different file systems, and of course strict performance (speed, read only). All of this had to be combined by a group of 18 students, with different backgrounds and skill sets to produce something that could be used by DF examiners.
One of the CI pillars is Community Engagement and Service Learning. This approach identifies needs in the community, and builds a curriculum around research and development to address those needs. The SEAKER project is a great example of such a symbiotic relation between CI and the community. Also, it is an example of the strength of a pedagogical approach that combines both theory and practice. Without theory a field becomes a collection of ad hoc procedures. But without practice theory becomes an abstract exercise in intellectual virtuosity. We plan to build on the approach that combines the Service Learning and Theory & Practice paradigms as we go forward with our Computer Science program in Security Systems Engineering and our Masters level offering in Cybersecurity.
“Storage Evaluator And Knowledge Extraction Reader”
On Monday August 7, at 6pm, in DEL NORTE 1530, the COMP 524 (Cybersecurity) students will present their final project, a technical solution for the SoCal High Technology Task Force in Ventura. This project implements a digital forensic tool with strict performance requirements.
We used GitHub as the software repository, Dropbox Paper for the documentation Wiki, and AWS S3 for distribution of the production version of the software.
You are cordially invited to attend; the presentation will take about two hours, and there will be snacks (Short link to this post: https://wp.me/p7D4ee-FJ).