Center of Academic Excellence in Cyber Operations

Our mission is to promote a deeply technical, interdisciplinary higher education program that will produce an exceptional cadre of cybersecurity professionals with expertise in various disciplines of cyber operations related to specialized intelligence, military, and law enforcement, ultimately increasing the security of our nation.

Increasing reliance on and complexity of computing systems, particularly large-scale distributed systems and databases, and increasing sophistication of attacking entities have made it necessary to introduce, at all levels of system design, maintenance, and administration, personnel who are highly trained in cyber operations. As examples:

• a cyber-ops specialist working at the operational level is trained to identify procedural vulnerabilities and suggest changes to remove them,
• a cyber-ops specialist working at the system administration level is trained to detect intrusions and attacks and prevent or limit damage that they may incur
• a cyber-ops specialist working at the OS level is trained to analyze (reverse engineer) code to detect anomalies and malware and to develop strategies that prevent or limit damage due to such software
• a cyber-ops specialist working at the policy level is trained to analyze and assess cyber threats and opportunities to advance the national security interests of the United States.

The CAE-CO program complements existing Centers of Academic Excellence in Information Assurance Education (CAE-IAE) and Research (CAE-R) programs, providing a particular emphasis on technologies and techniques related to specialized cyber operations (e.g., collection, exploitation, and response), to enhance the national security posture of our Nation. These technologies and techniques are critical to intelligence, military and law enforcement organizations authorized to perform these specialized operations.

• Training that covers security and safety principles applicable to all operational and system levels and foundations to build specific secure systems
• Coursework that balances theory and practice and hands-on labs inspired by real-life scenarios such as attacks, defenses, mitigation and recovery aimed to draw students deeply into cyber operations
• Technical faculty with expertise, commitment and dedication to teach best practices in cyber and supervise coop experiences
• Cybersecurity policy and legal issues and information technology courses taught by experts in the field and integrated into our unique multi-discipline education

• Undergraduate Cybersecurity Certificate
• Graduate Certificate in Cyber Operations
• Bachelors of Science in Information Technology with Cybersecurity Track
• MS in Information Technology with Cybersecurity Track
• MS in Information Security in Partnership with Northrup Grumman Xetron
• MS in Computer Science or Computer Engineering with Cyber Track
• CSE PHD with Cyber Track

John Franco led a summer Research Experience for Teachers project entitled Secure Cyberspace. Team members included one middle school math/STEM teacher, one high school math teacher, a graduate student and a high school senior in addition to the faculty mentor and academic coordinator. The outcomes of this project were:

• The teachers learned much about systems that ensure confidentiality, authentication and message integrity
• The teachers put together two units and four activities to be used in their STEM classes this coming academic year.

A YouTube video outlining the results of the project can be viewed at https://m.youtube.com/watch?v=6fvDOI50E1Q

This project was supported by the National Science Foundation. The project will be extended next year, details to be determined.

As a result of this project about 60 middle school students will visit the University of Cincinnati in September to attend a talk and demonstration by Jason Armstrong, SEAL for Penn State University, on cryptography. Specifically, Jason will demonstrate the operation of an Engima machine that is on loan from the National Cryptologic Museum, describe crypto puzzles suitable for motivated middle school students, and introduce the codebreaker challenge. Some of the middle school students will actually encode messages on the Enigma machine while others decrypt the messages using a java applet that was developed during the RET project mentioned above.

Chengcheng Li completed the first summer camp of DITLE (Design-based IT Learning Experience) project which is funded by NSF ITEST program (#1433769).  Forty seven students from six local public high schools and pre-service teachers attended the 3-week camp learning essential IT skills. Cybersecurity was a major theme. Five out of the six student teams chose cybersecurity as their research projects during camp. They conducted research with the teachers and advisors. They presented their projects on the last day of the camp to the UC team and their parents. Survey data are under analysis and will be published later this year.

Chengcheng Li and Northern Kentucky University have planned a cybersecurity symposium. Li invited CS, PS, UCIT, and other cybersecurity related UC departments to the discussion. The format and the timeframe of this symposium are as yet undetermined.

Internal Cybersecurity News: Stay informed about our latest initiatives, updates, and best practices in cybersecurity. By accessing our internal news, students will gain deeper insights into our processes and how we safeguard our digital environment. This resource is designed to help students understand the practical applications of cybersecurity within our organization.

External Cybersecurity News: Keep up-to-date with the ever-evolving world of cybersecurity beyond our organization. Explore state-of-the-art solutions, emerging threats, and new techniques that are shaping the industry. This external news feed will help students broaden their knowledge and stay ahead in the field.

Cyber investments are shifting towards Altamira and we are positioned to deploy advanced detection and analytic capabilities to address cyber incidents in near real time. The need to not only address but to “bake-in” cyber solutions into all facets of information technology is a necessity Altamira embraces. The advent of community-wide clouds will only become reality when trust in data and trust in data security reach a tipping point resulting in broad-based adoption of these next generation capabilities.

Altamira is at the heart of this challenge performing ground-breaking R&D and providing mission critical services to aid our country’s cyber defense, to include:

• Support to information operations
• Large-scale streaming analytics
• Atomic-level security
• Advanced penetration testing

Future cyber vision: A community cloud that provides end-to-end security factoring in biometrics, context awareness, trusted concepts and atomic-level policy decisions

Students of the Department of Electrical Engineering and Computer Science (EECS) are on a mission to bring new energy and focus to the UC Association for Computing Machinery (ACM) student chapter. ACM is one of the oldest and largest scientific and educational computing societies. As a national organization, ACM sponsors many computing events, such as the International Collegiate Programming Competition, and has sponsored other events like the famous chess match between Garry Kasparov and the IBM supercomputer "Deep Blue". ACM is organized into over 170 local chapters, 35 special interest groups, and over 500 collegiate chapters.

As a welcoming organization for all computing and technology majors, the chapter strives to bring quality events related to computing to the University and College.  The ACM chapter also serves to provide assistance in any way possible to student members. The organization has held several events, such as a Linux Installfest and the ICPC, Innov8 UC, and are planning more.

Each event and activity is unique in its own way and showcases the mission. For more information: http://www.ceas3.uc.edu/acm/about.

The University of Cincinnati is currently partnering with the World Bank's Procurement Office and Integrity Vice Presidency (INT) to fight corruption, collusion, and fraud. In pursuing its mission to promote development and reduce poverty, the World Bank Group strives to ensure that Banks funds are used for their intended purpose.  The Bank Group has charged INT with the responsibility for investigating fraud and corruption in Bank Group-supported operations or activities.  The Bank Group has also charged INT with the responsibility for investigating allegations of potential misconduct against Bank Group staff.  INT assists in preventative efforts to protect Bank Group funds as well as those funds entrusted to the Bank Group from misuse and to deter fraud and corruption in Bank Group-supported operations or activities.

The Trustworthy Data Engineering Laboratory (TRUST Lab) at the University of Cincinnati is helping to fight corruption, collusion, and fraud by researching and developing new algorithms, methods, and tools to identify and disambiguate large data stores, derive insight through the use of machine learning and data science from these stores, and provide expert systems to aid human investigators in the fight against cybercrime in international procurement.

CHEST is funded by a combination of National Science Foundation grants and Industry Partner memberships. CHEST coordinates university-based research with Industry Partner needs to advance knowledge of security, assurance, and trust for electronic hardware and embedded systems. Industry Partners support cyber security and supply chain trust through paid memberships in the CHEST Industry–University Cooperative Research Center (IUCRC). 

Project members: Nan Niu and Wentao Wang

Abstract:

Web applications empower people's ability to acquire information and connect with other. Meanwhile, they also attract the attentions from malicious attackers, affecting the confidentiality, integrity, or availability of critical information. Although security testing has been applied to unit and integration levels, improved approaches are needed for system-level security testing. This project is aimed at leveraging the infrastructure of ORC@UC to create a practical solution for developers and testers to perform system-level security testing of web applications. The main research objectives are to best configure the nodes of ORC@UC to maximize testing efficiency and to develop an innovative way to define sandbox-based resource constraints to quickly discover software vulnerabilities. The project outcomes include new use cases of using OCR@UC for software organizations developing and deploying web applications, as well as practical learning modules for software engineering courses at UC.

Members: Boyang Wang, Gowtham Atluri

Abstract:

Individuals and companies leverage public data services to save local storage and computation overhead. However, due to the presence of hackers, internal attacks and software errors, devastating data breaches keep happening on public servers. Leveraging traditional encryption can protect data privacy for users but disable the capability of performing machine learning algorithms on private data. In this project, we propose a secure and efficient learning scheme over users’ sensitive data. Particularly, by leveraging Ohio Cyber Range@UC, we plan to develop a lightweight scheme, where a public (or an untrusted) server can securely learn and classify sensitive data utilizing k-nearest-neighbor method without accessing users’ data in plaintext. We integrate privacy enhancing technologies, space

• M. Guo, P. Bhattacharya, Mechanism Design in Data Replica Placement Problem in Strategic Settings, Journal of Privacy and Security (Accepted for publication). (Publisher: Taylor and Francis).
• P. Bhattacharya, L. Yang, M. Guo, M. Yang, Learning Mobile Security with Labware, IEEE Security & Privacy, vol. 12, no. 1, pp. 69-72 (2014). (Publisher: IEEE Computer Society).
• P. Meharia, D.P. Agrawal, The Human Key: Identification and Authentication in Wearable Devices using Gait, Special Issue on Secured Communication in Wireless and Wired Networks for the Journal of Information Privacy and Security (JIPS), 2015.
• D.P. Agrawal, Introduction to Special Issue on Secured Communication in Wireless and Wired Networks, Journal of Information Privacy and Security (JIPS), 2015.
• S. Vaidyanathan, S. Chakraborty, D.P. Agrawal, Efficient reorganization of a multi-hop wireless body area network, AshEse Journal of Engineering, vol. 1, no. 2, pp. 008-015, June 2015.
  Dharma P Agrawal, Secured Communication and Authentication in Wireless Sensor Networks, invited paper, International Journal of Sensors, Wireless Communications and Control, Bentham Science, 2015, vol. 5, no. 1, pp. 1-10.
• I. Mashal, O. Alsaryrah, T.-Y. Chung, C.-Z. Yang, W.-H. Kuo, and D. P. Agrawal, Choices for Interaction with Things on Internet and Underlying Issues, Ad Hoc Networks Journal, 6 January 2015.
• A. Prakash, D. P. Agrawal, Y. Chen, Network Coding combined with Onion Routing for Anonymous and Secure Communication in a Wireless Mesh Network, International Journal of Computer Networks & Communications (IJCNC), vol. 6, no. 6, Nov. 2014, pp. 1-14.
• N. Weragama, J. H. Jun‎, J. Mitro, D. P. Agrawal, Modeling and Performance of a Mesh Network with Dynamically Appearing and Disappearing Femtocells as Additional Internet Gateways, IEEE Transactions on Parallel and Distributed Systems, Vol. 25, no. 5, May 2014, pp. 1278 - 1288.
• J. H. Jun, W. Fu, and D. P. Agrawal, Impact of biased random walk on the average delay of opportunistic single copy delivery in Manhattan area, Ad Hoc & Sensor Wireless Networks, Ad Hoc and Sensor Wireless Networks, 2014, vol. 20, no. 3/4, pp. 1–28.
• N. Niu, X. Jin, Z. Niu, J.-R. C. Cheng, L. Li, M.Y. Kataev, A Clustering-Based Approach to Enriching Code Foraging Environment, IEEE Transactions on Cybernetics, Volume:PP, Issue 99, 2015.
• T. Bhowmik, N. Niu, W. Wang, J.-R. C. Cheng, L. Li, X. Cao, Optimal Group Size for Software Change Tasks: A Social Information Foraging Perspective, IEEE Transactions on Cybernetics, Volume PP, Issue 99, 2015.
  Y. Li, R. Dai, J. Zhang, Morphing communications of Cyber-Physical Systems towards moving-target defense, IEEE International Conference on Communications, pp. 592-598, 2014.

• Coleman Kane, Cyber Intelligence: Concrete Analysis in a Fluid World, at Bsides 2015, Cincinnati, Ohio, July 2015.
• Kristin Rozier, Systers Lunch keynote speaker, at the Grace Hopper Celebration of Women in Computing (GHC 2014), Phoenix, Arizona, October 10, 2014.
• John Franco and Vicki Baker, CISSE, Las Vegas, Nevada, June, 2015. Most significantly, participated in the NSF scholarship tutorial.
• Eric Rozier spoke at the Corporate Law Symposium: Corporate Compliance, March 13, 2015, on the subject of security of Big Data.
• Eric Rozier was invited speaker and panelist at the Third Biennial Meeting of the World Bank Group’s International Corruption Hunters Alliance, 2014. Talk title: Detecting Suspicious and Anomalous Activities in Award Patterns.
• Eric Rozier was keynote speaker at the International Foreign Bribery Taskforce Operational Meeting of May 20, 2015. The FBI was the host.
• Chengcheng Li attended the NICE (National Initiative For Cybersecurity Education) conference in Washington, D.C. This conference is primarily a professional networking event that discusses National Cybersecurity Workforce Framework and educational opportunities. It’s funded by NSF and NSA.
• Chengcheng Li attended a 3-day SEED (SEcurity EDucation) workshop in Syracuse, New York. This is an NSF funded workshop that develops and disseminates cybersecurity education materials.
• Chengcheng Li attended a 6-week Cybersecurity Summer Research Workshop in New York City. This is another NSF funded workshop that teams college faculty with NYU’s cybersecurity faculty, allowing college faculty to learn, observe, and participate in ongoing research projects. We created a team with NYU faculty and the US Secret Service, conducting email forensics. Three research papers may come out of this activity within the next 6 months. During the workshop, we also formed long-term collaboration teams to conduct research on cybersecurity education and writing NSF grant proposals.
• W. You, K. Qian, M.Guo, P.Bhattacharya. A hybrid approach for mobile security threat analysis, 8th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WISEC 2015): 28, New York City, June 2015.
• W. You, K. Qian, D. Lo P.Bhattacharya, Y. Qian. Web Service-enabled Spam Filtering with Naïve Bayes Classification, IEEE Big Data Service Conference, 2015. San Francisco.
• D. Lo, K. Qian, W. Chen, T. Rogers, P.Bhattacharya, J. Chern, A Hands-On Learning Labware Design of Defensive Programming on Mobile Application Development, IEEE Integrated STEM Education Conference, 2015, Princeton, NJ.
• H. Chun, Y. Elmehdwi, F. Li, P. Bhattacharya, J. Wei, Outsourceable two-party privacy-preserving biometric authentication, 9th acm symposium on information, computer and communication security (asiaccs), kyoto, japan, june 2014, pp. 401-412.
• M. Guo, P. Bhattacharya, C.T.D. Lo, X. He, Enhancing the Information Assurance and Security (IAS) in CS Education with Mobile-device based Hands-on Labs, 19th Annual SIGCSE Conference on Innovation and Technology in Computer Science Education, p. 343 June 2014, Uppsala, Sweden.
• M. Guo, P. Bhattacharya, C.T.D. Lo, X. He, Problem Solving Hands-on Labware for Teaching Big Data Cybersecurity Analysis, World Congress on Engineering and Computer Science (WCECS'14), San Francisco, October 2014, vol. 1, pp. 344-348.
• M. Guo, P. Bhattacharya, Diverse virtual replicas for improving intrusion tolerance in the cloud, 9TH Cyber and Information Security Research Conference, Oak Ridge, TN, pp. 41-44, April 2014.
• P. Meharia, D. P. Agrawal, The Able Amble: Gait Recognition using Gaussian Mixture Model for Biometric Applications, International Workshop on Future Information Security, Privacy and Forensics for Complex Systems (FISP-2015), in conjunction with 12th ACM International Conference on Computing Frontiers (CF-2015), Ischia, Italy, May 18-21, 2015.
• A. Mishra and D. P. Agrawal, Continuous Health Condition Monitoring by 24x7 Sensing and Transmission of Physiological data over 5-G Cellular Channels, Invited Paper, International Conference on Computing, Networking and Communications, (ICNC 2015) Anaheim, California, USA, Feb. 16-19, 2015, pp. 584-590.
• A. G. Krishnamurthy, J. Jun, D. P. Agrawal, Temperature gradient search for temperature-aware routing in Bio-medical Sensor networks, 9th International Conference on Body Area Networks, September 29–October 1, 2014, London, Great Britain.
• M. Stockman, R. Heile, A. Ren, An Open-Source Honeynet System to Study System Banner Message Effects on Hackers, ACM/SIGITE Research in IT Conference ‘15 Proceedings and the ACM Digital Library, 2015.
• M. Stockman, Insider Hacking: Applying Situational Crime Prevention to a New White-Collar Crime, ACM/SIGITE Research in IT Conference ‘14 Proceedings and the ACM Digital Library, 2014.

• NSF Award Number: 1241651, Collaborative Project: Capacity Building in Mobile Security Through Curriculum and Faculty Development, Li Yang, University of Tennessee Chattanooga (PI), Prabir Bhattacharya, University of Cincinnati (Co-PI), program officer: R. Corby Hovis, 2012-2015, renewable with new proposal.
• NSF Award Number: 1244697, Collaborative Research: Real World Relevant Security Labware for Mobile Threat Analysis and Protection Experience, Prabir Bhattacharya, University of Cincinnati (PI), John Franco, University of Cincinnati (Co-PI), Yi Pan, Georgia State University (Co-PI), Southern Kai Qian, Polytechnic State University (Co-PI), program officer: Valerie Barr, 2013-2016, renewable with new proposal.
• NASA Aeronautics Research Institute (NARI), Efficient Reconfigurable Cockpit Design and Fleet Operations using Software Intensive, Networked and Wireless Enabled Architecture (ECON), Eric Rozier (Co-I), 2015-2016. Work will develop secure and trustworthy methods for communication in wireless and cloud enabled cockpit systems during aircraft operation.
• World Bank, Development of an Entity Resolution Methodology for the World Bank Group, Eric Rozier, University of Cincinnati (PI), 2015-2016. Work will help fight corruption in large-scale multi-national procurement by identifying patterns that are predictive of collusion, corruption, and fraud.
• NSA Laboratory for Telecommunication Science, Early Response to Attack Vectors Using Low Confidence Indicators, with Coleman Kane, submitted.
• NSF Award Number: 1404766, Challenge-Based Learning and Engineering Design Process: Enhanced Research Experiences for Middle and High School In-Service Teachers, Project 6: Secure Cyberspace, 2015-2016.
• Faculty Development Funds, Interdisciplinary Cybersecurity Program of Applied Learning and Research, Richard Harknett (Principal) with Mark Stockman, Joe Nedelec and John Franco.
• Ohio Board of Regents Equipment Grant for IT Workforce Development, Chengcheng Li. The grant was completed this summer. Most of the funding was used to set up remote cybersecurity labs and purchasing security software.
• NSF Award Number: 1440420, SI2-SSE: Scalable Big Data Clustering by Random Projection Hashing, Phillip Wilsey, University of Cincinnati (PI), 2014-2017. Random Projection Hashing is combined with Locality Sensitive Hashing to implement an algorithm that performs clustering across a distributed data set without exchanging protected data between the distributed data sets in a map-reduce framework.

The UC ROTC program is working with US Cyber Command to educate the next generation of warriors. 

https://uc.edu/armyrotc/opportunities/branches/cyber.html

USCYBERCOM plans, coordinates, integrates, synchronizes, and conducts activities to: direct the operations and defense of specified Department of Defense information networks and; prepare to, and when directed, conduct full-spectrum military cyberspace operations in order to enable actions in all domains, ensure US/Allied freedom of action in cyberspace and deny the same to our adversaries.

The UC Army ROTC “Bearcat Battalion” continues to work closely with U.S. Army Cyber Institute (ACI) located at the U.S. Military Academy (USMA; West Point, NY) to adopt and implement ACI’s Cyber Leader Development Program (CLDP) at UC and produce the type of leader needed for the U.S. Army’s newly instituted Cyber Branch. In addition to implementing a CLDP, UC Army ROTC is working closely with the College of Engineering, College of Education, Criminal Justice and Human Services, and Department of Political Science to emphasize specific scholarship opportunities for students pursuing cyber-related majors and minors across multiple disciplines; promote the creation of a cross-disciplinary cybersecurity major; and create a student cyber club group at UC – open to the entire student body, not just ROTC cadets – that includes not only computer science and information systems majors, but also include students pursuing education in the political science/international relations policy and administration majors and minors.

The larger intent of the cybersecurity major and the cyber club is to expose students pursuing traditional and non-traditional cyber-related majors and minors to areas affecting the cyber operations community that they would not normally be exposed based on the engineering or information systems/technologies majors. As part of a pilot program, one of UC Army ROTC top cadets completed an unpaid summer internship this past Summer (2015) with the Ohio Army National Guard (OHARNG) Cyber Protection Team (CPT). In addition to the experiences gained by the cadet, the program confirmed the viability and feasibility of future internships with both with the OHARNG CPT and the regional tri-state Cyber Defense Team between the Ohio, Indiana, and Michigan state national guard forces.

RevolutionUC is a student hackathon in which we invite students from across the midwest to partake in a weekend of code, community, and self-improvement. You don't have to attend the University of Cincinnati and you don't have to be a computer science major or engineering student. We're looking for people who share our passion to do awesome things with technology.

Projects are one of the key elements in any hackathon. At RevolutionUC, you have 36 hours to create something awesome from start to finish with your team. We’ve seen awesome mobile apps, web applications, and hardware hacks in the past and we’re excited to see what will be made this spring.

Learning is essential to a hackathon. Whether you’re a veteran hacker or a first-timer, we’re excited for you to learn something new! We’ll have exciting tech talks throughout the event and we encourage all our attendees to learn something new!
New to the hackathon scene? Awesome! We’re excited to have you. We’re more than willing to help you get you started with your first hack! With our team of mentors, assembled from our organizer team and software engineers from our sponsors, we’ll help get you started and get you past the bugs and bumps.

Hackathons are more than just a competition or showcase of technical skill. At RevolutionUC, we strive to create a welcoming community that acts as an outlet in which we can join our peers and share our passion for all the incredible things that can be done through programming. We’re excited to share this ethos with all of our attendees and come together to grow the hacker community here in Cincinnati.

The Department of Electrical Engineering and Computer Science, in association with the IEEE and ACM student chapters, annually co-host the Association for Computing Machinery (ACM) East Central, North American International Collegiate Programming Contest. Teams from Western Pennsylvania, Michigan, Ohio, Indiana, and Ontario, Canada compete for a chance to be one of few who advance to the World Finals.

UC is one of four sites who simultaneously hosting the contest. The other sites are Grand Valley State University, Michigan, the University of Windsor, Canada, and Youngstown State, Ohio. UC holds the record for consecutively co-hosting the event since 2000.

With three people to a team and nearly 120 teams, 360 students are in for a challenging day! The contest consists of a web of complex computer problems that teams must solve. The competition lasts five hours and participants must decipher eight intense problems. Question difficulty ranges from short to very time consuming, to keep the teams on their toes.

To aid in the problem-solving process, teams must first create and then use a computer program which accepts inputs for the problem, and outputs a value which corresponds to the correct answer. When a team believes they’ve solved a problem, the computer tends sends its program to the judges for examination. The judges respond by indicating either an error or success. In the case of an error, the judges say only what type of error it is, no specific details are given. It is up to the team to successfully “debug” the program.

UC will face off against teams from Carnegie Mellon, Purdue, Ohio State, Cedarville, Taylor, University of Dayton, Xavier, Butler, Miami, Denison, Ohio Wesleyan, Ohio Northern, Wittenberg, and Wright State.

Teams are ranked using a complex scoring system, ranking teams in terms of who has the most completed problems. Ties are broken by factoring in the time taken to achieve success and applying penalties for errant submissions. Of the 120 teams, only the two top ranked teams go to the world finals. In past years the winners have hailed from Toronto, Waterloo, and Carnegie Mellon.

See other faculty from the Department of Computer Science.