4th Annual Symposium

National Institute of Standards and Technology, Information Technology Laboratory Biography

Ron Ross is a Fellow at the National Institute of Standards and Technology (NIST). His current areas of specialization include information security and risk management. Dr. Ross leads the Federal Information Security Management Act (FISMA) Implementation Project, which includes the development of security standards and guidelines for the federal government, contractors, and the United States critical information infrastructure. His recent publications include Federal Information Processing Standards (FIPS) Publication 199 (security categorization standard), FIPS Publication 200 (security requirements standard), NIST Special Publication (SP) 800-53 (security controls guideline), NIST SP 800-53A (security assessment guideline), NIST SP 800-37 (security authorization guideline), NIST SP 800-39 (risk management guideline), and NIST SP 800-30 (risk assessment guideline). Dr. Ross is the principal architect of the Risk Management Framework and multi-tiered approach that provides a disciplined and structured methodology for integrating the suite of FISMA standards and guidelines into a comprehensive enterprise- wide information security program. Dr. Ross also leads the Joint Task Force Transformation Initiative, a partnership with NIST, the Department of Defense, the Intelligence Community, the Office of the Director National Intelligence, and the Committee on National Security Systems to develop a unified information security framework for the federal government.

In addition to his responsibilities at NIST, Dr. Ross supports the U.S. State Department in the international outreach program for information security and critical infrastructure protection. Dr. Ross previously served as the Director of the National Information Assurance Partnership, a joint activity of NIST and the National Security Agency. A graduate of the United States Military Academy at West Point, Dr. Ross served in a variety of leadership and technical positions during his over twenty-year career in the United States Army. While assigned to the National Security Agency, he received the Scientific Achievement Award for his work on an inter-agency national security project and was awarded the Defense Superior Service Medal upon his departure from the agency. Dr. Ross is a three-time recipient of the Federal 100 award for his leadership and technical contributions to critical information security projects affecting the federal government and is a recipient of the Department of Commerce Gold and Silver Medal Awards. Dr. Ross has been inducted into the Information Systems Security Association (ISSA) Hall of Fame and given its highest honor of ISSA Distinguished Fellow. Dr. Ross has also received several private sector cyber security awards and recognition including the Vanguard Chairman’s Award, the Symantec Cyber 7 Award, InformationWeek’s Government CIO 50 Award, Best of GTRA Award, and the ISACA National Capital Area Conyers Award. During his military career, Dr. Ross served as a White House aide and as a senior technical advisor to the Department of the Army. Dr. Ross is a graduate of the Defense Systems Management College and holds Masters and Ph.D. degrees in Computer Science from the U.S. Naval Postgraduate School specializing in artificial intelligence and robotics.

Presentation Title: Rethinking Cybersecurity from the Inside Out: An Engineering and Life Cycle-Based Approach for Achieving Trustworthy Secure Systems

Abstract: NIST is developing critically important security guidance that addresses the engineering-driven actions necessary to develop more defensible and survivable systems—including the components that compose and the services that depend on those systems. It starts with and builds upon a set of well-established International Standards for systems and software engineering published by the International Organization for Standardization, the International Electrotechnical Commission, and the Institute of Electrical and Electronics Engineers and infuses systems security engineering techniques, methods, and practices into those systems engineering processes. The ultimate objective is to address security issues from a stakeholder requirements and protection needs perspective and to use established organizational processes to ensure that such requirements and needs are addressed at the correct stages throughout the life cycle of the system.

Increasing the trustworthiness of systems is a significant undertaking that requires a substantial investment in the architectural design and development of our applications, systems, components, and networks—and a fundamental cultural change to the current “business as usual” approach. Introducing a disciplined, structured, and standards-based set of systems security engineering processes can provide an important starting point and forcing function to initiate needed change. The ultimate objective is to obtain more trustworthy systems that are fully capable of supporting critical missions and business operations with a level of assurance that is consistent with the risk tolerance of the organization.

Professor of Electrical and Computer Engineering, Graduate Program Director of Information and Data Engineering (IDE) and Networked Information Systems (NIS), Stevens Institute of Technology, Hoboken, NJ

Dr. Yingying (Jennifer) Chen is a Professor in the Department of Electrical and Computer Engineering at Stevens Institute of Technology. Her research interests include cyber security and privacy, Internet of Things, smart healthcare and mobile computing and sensing. She has published over 100 journals and referred conference papers in these areas. She received her Ph.D. degree in Computer Science from Rutgers University. Prior to joining Stevens, she was with Alcatel-Lucent at Murray Hill, New Jersy. She is the recipient of the NSF CAREER Award and Google Faculty Research Award. She also received NJ Inventors Hall of Fame Innovator Award. She is the recipient of the Best Paper Awards from ACM AsiaCCCS 2016, IEEE CNS 2014 and ACM MobiCom 2011. She also received the IEEE Outstanding Contribution Award from IEEE New Jersey Coast Section each year 2005 – 2009. Her research has been reported in numerous media outlets including MIT Technology Review, Fox News Channel, Wall Street Journal, and National Public Radio. She serves on the editorial boards of IEEE Transactions on Mobile Computing (IEEE TMC), IEEE Transactions on Wireless Communications (IEEE TWireless), and IEEE Network Magazine.

Presentation Title: Friend or Foe? Your Wearable Devices Reveal Your Personal PIN

Abstract: The proliferation of wearable devices, e.g., smartwatches and activity trackers, with embedded sensors has already shown its great potential on monitoring and inferring human daily activities. Our work reveals a serious security breach of wearable devices in the context of divulging secret information (i.e., key entries) while people accessing key-based security systems. Existing methods of obtaining such secret information relies on installations of dedicated hardware (e.g., video camera or fake keypad), or training with labeled data from body sensors, which restrict use cases in practical adversary scenarios. In this work, we show that a wearable device can be exploited to discriminate mm-level distances and directions of the user’s fine-grained hand movements, which enable attackers to reproduce the trajectories of the user’s hand and further to recover the secret key entries. In particular, our system confirms the possibility of using embedded sensors in wearable devices, i.e., accelerometers, gyroscopes, and magnetometers, to derive the moving distance of the user’s hand between consecutive key entries regardless of the pose of the hand. Our Backward PIN-Sequence Inference algorithm exploits the inherent physical constraints between key entries to infer the complete user key entry sequence. Extensive experiments are conducted with over 5000 key entry traces collected from 20 participants for key-based security systems (i.e. ATM keypads and regular keyboards) through testing on different kinds of wearables. Results demonstrate that such a technique can achieve 80% accuracy with only one try and more than 90% accuracy with three tries, which to our knowledge, is the first technique that reveals personal PINs leveraging wearable devices without the need for labeled training data and contextual information.

Director, Office of Homeland Security

Prior to joining OHSP, Chris Rodriguez served for more than a decade in the Central Intelligence Agency (CIA), where he held a variety of analytical and management positions. Following the terrorist attacks of 11 September 2001, Chris joined the CIA, where he quickly rose to become a senior analyst in its Counterterrorism Center. In this position, he monitored terrorist groups in the Middle East and South Asia, closely collaborating with U.S. Intelligence Community partners at the federal, state, and local levels to identify and counter persistent threats to the United States and its allies. In addition, Chris oversaw an analytic unit that handled global economic and energy security, as well as related counterintelligence and cyber threats.

Chris in 2011 to 2012 served as a policy advisor on Governor Christie’s staff, overseeing OHSP, the Department of Law and Public Safety, the Department of Military and Veterans’ Affairs, and the Department of Transportation.

Chris has been recognized with several awards from CIA and the Director of National Intelligence for his leadership and professional achievements, both in the U.S. and abroad. He served in Iraq in 2006 and 2007 and has traveled to over two dozen countries. Born and raised in Morris County, Chris holds a Bachelor of Arts degree from Williams College in Williamstown, Massachusetts and a Master’s degree and Ph.D. in Political Science from the University of Notre Dame in South Bend, Indiana. He is married with two children.

Director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC)

Mike Geraghty is the Director of the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), the State’s Information Sharing and Analysis Organization (ISAO). He was named to this position in July 2016.

Mr. Geraghty has lectured extensively throughout the world on the topic of cybersecurity, high tech investigations and computer forensics, providing technical and investigative assistance to law enforcement agencies both domestically and internationally, including the FBI, Secret Service, Department of Homeland Security, Naval Intelligence, New Scotland Yard, and the Royal Newfoundland Constabulary Service. He has provided expert testimony before congress and in federal, state, and international courts on computer crime investigations and forensics. Geraghty is also a past president of the Northeast Chapter of the High Technology Crimes Investigation Association and has held leadership roles in the National Strategic Policy Council on Cyber and Electronic Crime.

Mr. Geraghty earned his Bachelor’s Degree from Thomas Edison State College. He is married with three children and resides in Union County, NJ.

Presentation Title: New Jersey Cybersecurity and the Current Threat Landscape

Member of Technical Staff, Nokia Bell Labs

He received his Ph.D. in Computer Science from the University of Toronto in 2006. His research interests include key exchange, secure multiparty computation, foundations of cryptography and network security. His work is connected to the practice of cryptography. He has worked on private databases, securing channels in Smart Grid and WiMAX, biometric authentication, digital rights management, and a variety of other subjects.

Vladimir published his work in top cryptographic and security conferences and journals. He has served on program committees of several international cryptography conferences and supervised several summer interns at Bell Labs. He is an editor of the WiMAX “Server Certificate Profile” and “Device Certificate Profile” standards documents. Part of his work was supported by IARPA and Korea’s Gachon Energy Research Institute.

Presentation Title: Private DB Searches At Scale

Abstract: In this talk, I will present Blind Seer, the Columbia-Bell Labs project on scalable private database (DB) querying, work in part sponsored by Intelligence Advanced Research Project Activity (IARPA). Based on secure computation techniques, we built a provably secure DB Management System, implementing access control, data protection, and, importantly, hiding the SQL query from the server, all while supporting a rich query set. We meet strict performance requirements (10TB, 100M record DB, with a small factor performance penalty compared to an insecure DB).

I will present our approach, discuss its benefits and trade-offs, and highlight some issues that arose in our efforts to achieve both provable security and scale. I will report on experimental performance, as well discuss related and promising future work directions.

Associate Professor of Chemistry; Dean of School of Pharmacy, FDU

Dr. Michael J. Avaltroni is a 1999 graduate of Fairleigh Dickinson University, receiving a B.S. in Chemistry, Summa Cum Laude. He went on to complete a M.A. in Chemistry in 2001, and a Ph.D. in Chemistry in 2003, both from Princeton University. His area of research is on surface modification of Titanium materials to facilitate cell attachment, biomineralization, and interfacial adhesion. His research in this area has led to five publications and ten United States patents or patents pending. In addition, the technology he has created in this field of study has been licensed for the creation of of two biotechnology companies, Orthobond, Inc., Princeton NJ, and Aculon, Inc., San Diego, CA.

Dr. Avaltroni has also been active in several other projects sponsored by the University, including the Institute for the Enhancement of Teaching Science and Math (IETSM), which has been awarded several grants to fund the training and support of middle and high school teachers across the state. This program has, to date, reached out and built relationships with almost 100 teachers across the state who are using workshops, mentoring and partnership to educate and excite the young people of New Jersey in science and mathematics.

Following state approval for the School of Pharmacy at FDU, Dr. Avaltroni was named the Associate Dean of this program, spearheading an effort to create an innovative and exciting new program to train pharmacists for the challenges of the 21st century. After serving as Interim Dean since August 2012, Dr. Avaltroni was officially named Dean of the program in April 2013.