Close Menu

ForenSecure: Cyber Forensics and Security Conference - a huge success!

More than 220 cyber security professionals participated in ForenSecure ’15: Cyber Forensics and Security Conference and Expo at Illinois Institute of Technology’s Rice Campus in Wheaton. In its 13th year, this industry-focused technical conference attracted representatives from Google, the Federal Bureau of Investigation (FBI), Exelon, Cisco, Verizon, Comcast, Allstate Insurance, Argonne National Laboratory, Booz Allen Hamilton, CDW, Chicago Public Schools, CNA Insurance, Fermilab, Ford Motor Company, Motorola Solutions, Navistar, U.S. Marines, and Alcatel-Lucent. Universities such as Boston University, University of Chicago, University of Illinois at Chicago, Loyola University, Lewis University, Northern Illinois University, Wheaton College, University of Wisconsin, University of Dubuque (Iowa) and several community colleges, and other organizations were also represented.

This multi-tracked conference included discussion and debate by local, regional, national, and international organizations and universities over cyber security, forensics, data/information governance, cyber crime, cyber security legislation and legal issues, ethical hacking, eDiscovery, cloud forensics, steganography, policy and compliance, privacy, wireless security, cloud computing, credit card fraud, drones, identity theft, and more.

Keynote speaker, Lt. Col. William Hagestad, a global information security intelligence researcher at Red Dragon Rising, University of Minnesota, addressed the motivations of cyber-enabled nation states—including China, Iran and Russia—and the impact on our digital information world.

Additionally, Google Program Manager, Tresa Johnson-Agarwal (ITM ’06), presented a keynote on how Google goes above and beyond to be sure users’ information is safe and secure.

William Lidinsky, director, School of Applied Technology Computer Security and Forensics Laboratory; interim director, Center for Cyber Security and Forensics Education; and industry professor of Information Technology and Management headed up the conference with co-chairs, Ben Khodja (ITM ’12,  M.S. CYF ’15) and Yalinne Castelan Guzman (ITM, M.S. CYF ’16).

Several IIT faculty presented at conference sessions including Mohammad Shahidehpour, Bodine Chair professor of electrical and computer engineering; Henry Perritt Jr, professor of law; Ray Trygstad, director of information technology at IIT School of Applied Technology; and Adam Rouse, legal fellow for the Institute of Science, Law, and Technology at IIT Chicago-Kent College of Law; Bonnie Goins and William Slater III, adjunct industry professors of information technology and management;.

Student presentations from Lidinsky’s ITMS 448/548-Cyber Security Technologies, ITMS 539-Steganography, and ITMS 549-Cyber Security Technologies: Projects & Advanced Methods courses were featured both days. Presentations included various forms of steganography, how to defend Android apps, RADISH (Remotely-Accessible Dynamic Infrastructure for Students to Hack) developed at IIT, and more.

More information about ForenSecure: Cyber Forensics & Security Conference & Expo

More Information about Cyber Forensics and Securiey Lab at Illinois Institute of Technology School of Applied Technology

 Cyber Security and Forensics Conference

A sample of conference sessions:

Binary Battlefield: Nation State Motivations for Cyber Actions
William Hagestad, Global Information Security Intelligence Researcher
Red Dragon Rising, University of Minnesota

We all surf the headlines and read about the cyber misdeeds affecting the United States; however, during this session first-hand, front line experiences from around the globe were shared; including the motivations of cyber-enabled nation states including China, Iran, and Russia and the impact on a digital information world.

Lt. Col. Hagestad is an internationally-recognized and respected authority on the People’s Republic of China’s use of computer and information network systems as a weapon, and speaks internationally on the subject of China’s hegemony in the information age. He has three books, 21st Century Chinese Cyber Warfare; Operation Middle Kingdom: China’s Use of Computers and Networks as a Weapon System; and Chinese Information Warfare Doctrine Development 1994. Hagestad provides current cyber threat assessments to international defense, intelligence, and law enforcement entities, speaking both domestically and internationally on strategic information security threats. Hagestad has Bachelor of Arts in Mandarin Chinese, with minor emphasis in Classical Chinese and Modern Japanese from the University of Minnesota. He earned a Master of Science in Military Strategy from the U.S. Marine Corps Command & Staff College in 2002. He holds a Master of Science in Security Technologies from the College of Science & Engineering, and a Master of Science in Management of Technology from the Technological Leadership Institute, University of Minnesota.

 

Google: Privacy and Security 101
Tresa Johnson-Agarwal (ITM ’06), Program Manager
Google

This keynote session addressed how Google goes above and beyond to make sure user information is safe and secure and how users’ data is treated responsibly and how the user is really in control of the information shared with Google.

Johnson-Agarwal works as a Program Manager at Google in the Search team, the land where, we are told, all stories began. An alumna of IIT’s Information Technology Management program, she had the honor of assisting Professor Lidinsky during her graduate studies.

 

Cyber Forensics Trends
John Pascoe, Operations Manager/Quality Manager
Chicago Regional Computer Forensics Laboratory
Federal Bureau of Investigation (FBI)

This year, the number of cyber crimes reported is estimated to exceed 350,000 with a loss of over $1 billion, and Chicago’s Regional Computer Forensics Laboratory (RCFL) is seeing its share of this uptick. Trends in the nature and frequency of cyber crime seen by the RCFL were discussed.

 

Smart Grid Cyber Security
Mohammad Shahidehpour, Bodine Chair Professor and Director
Robert W. Galvin Center for Electricity Innovation                                      
Illinois Institute of Technology

Smart grid is an integration of electric power delivery systems with communication networks and information technology that can enhance the economics, security, reliability, and resilience of a large-scale electricity infrastructure. The customer’s security and privacy play a significant role in this hierarchy. In his presentation, Shahidehpour provided state-of-the-art approaches and novel technologies for enhancing the smart grid cyber security, as well as covered fundamental aspects of smart grid and present applications pertaining to the IIT microgrid. The ongoing research and innovation based funded smart grid projects in Robert W. Galvin Center for Electricity Innovation at IIT (including the smart home, smart street light, and Virgin Island nanogrid projects) were highlighted.

Dr. Mohammad Shahidehpour is the Bodine Chair Professor in the Electrical and Computer Engineering Department and Director of Robert W. Galvin Center for Electricity Innovation at Illinois Institute of Technology (www.iitmicrogrid.net). He has worked with industry for the last 35 years on electric power system optimization and control issues with specific interests in the modeling of energy infrastructures, microgrids and energy hubs, and large-scale sustainable energy applications. He also has been awarded over $60 million federal research grants on electricity grid modernization issues.

He received his doctoral degree in electrical engineering from the University of Missouri in 1983. He is also the 2009 recipient of an honorary doctorate from the Polytechnic University of Bucharest. He is a Research Professor at King Abdulaziz University, North China Electric Power University, and the Sharif University of Technology. Dr. Shahidehpour was a member of the United Nations Commission on Microgrids.

 

Solid-State Drives (SSDs): Recoverability and Forensic Challenges
Chris Bross, Chief Technology Officer
DriveSavers Data Recovery, Inc.

Solid-State Drives (SSDs) don’t need to be a “game changer” for forensic experts. Understanding how SSDs function should allow experts to overcome scientific opinion testimony challenges pursuant to the standards set by Frye (used by many state courts) and Daubert (federal and some state courts). The objective of this presentation was to provide insight into SSD operation providing greater certainty that evidence has been properly and completely gathered.

At the most basic level, lawyers/prosecutors need to understand that forensic experts are presenting testimony about the Logical Block Addressing (LBA) structure of the SSD, not the physical structure. Since the operating systems and forensic tools are also treating the SSD as a traditional hard drive, the results should be accurate even if hash values may change when the process is repeated.

Chris Bross is Chief Technology Officer at DriveSavers Data Recovery, Inc., the worldwide leader in secure data recovery. Since joining DriveSavers in 1995, Bross has engineered his way around physical trauma, mechanical damage, and encryption issues to recover data on all types of failed storage devices. Today he manages the Research and Development team for solid state devices and emerging storage technologies and guides the development of new tools and technology designed to overcome unique challenges and recover critical data.

 

Law Enforcement Override of Unmanned Autonomous Logistics Vehicles (Pulling over a Robotruck)
Ray Trygstad, Associate Chair and Industry Professor of Information Technology and Management
Illinois Institute of Technology

Current developments and technology prognosticators tell us in the near future , trucks on our highways and byways will be unmanned, operating autonomously from origin to destination. There will still remain a need for law enforcement officers to be able to make stops of these vehicles, both for enforcement and public safety purposes. This session examined the technical, standardization, and policy hurdles to be overcome to make this possible, with a particular focus on necessary protocols to ensure ironclad security to prevent exploitation of this capability by hacker hijackers.

As an Industry Professor of Information Technology and Management at Illinois Institute of Technology (IIT), Ray Trygstad teaches disaster recovery & business continuity, cybersecurity management, open source operating systems, multimedia, and legal and ethical issues in information technology. As Associate Chair of IIT's Department of Information Technology & Management (ITM), he wrote the curricula currently in use for both the Bachelor and Master’s Degree programs, including the Master of Cyber Forensics and Security degree. His experience as a college professor, as well as over four years as a Navy Flight Instructor, has made him an expert in curriculum development. He is also the Director of Undergraduate Advising for the ITM degree program. Active in university affairs, he is a member of the IIT Undergraduate Studies Committee and the IIT HLC Accreditation Committee. Professor Trygstad is also the Director of Information Technology for the IIT School of Applied Technology, where he is responsible for technology planning, cyber security, and computer system management and administration for the school. As Manager for Client Services for Computing and Network Services at IIT, he wrote most of the computing policies still in effect for the university. He has taught Naval Science, Computer Science, Business, and Public Administration at IIT, and has also guest lectured at the University of Chicago. He is on the Advisory Boards for the Computer Information Systems and Computer Internetworking Technology programs at College of DuPage, Glen Ellyn, Illinois, and Professor Trygstad was designated a Computer Systems Management Subspecialist by the U. S. Navy, where he served as an Information Systems Manager, Security Manager, and Information Systems Security Officer when he was not flying helicopters. In this capacity he did his first information systems security audit in 1988, and successfully shepherded one of the largest aviation training units in the U.S. Navy through the Federal Certification and Accreditation process in that same year. As a Safety Officer in two Naval aviation squadrons, he honed his understanding of Risk Management.

 

Next Generation Cyber & Physical Security Capability
F. Edward “Ed” Goetz, Vice President – Chief Security Officer
Exelon Corporation
 
Thomas A. Clewett (MAE ’88), VP & Chief Technology Officer
Exelon Corporation

In this session, the gentlemen from Exelon Corporation discussed their new strategy of merging cyber security and physical security into one group. Discussion topics included: network monitoring, incident response, cyber response, vulnerability management, security architecture, SCADA systems, and an intelligence group that monitors cyber and physical security in real-time.

Goetz joined Exelon (Constellation Energy) in August 2009 and has responsibility for cyber and physical security across the enterprise. In this capacity, he was a contributing author to the 2011 National Infrastructure Advisory Council (NIAC) Study on Resilience. Prior to joining Exelon, he was the Chief Operating Officer of i2S, Inc., a professional services company whose clients included various agencies within the U.S. Intelligence Community from 2007 – 2009. After two years, he guided i2S through a successful M&A process, culminating in its sale. During his 20-plus-year tenure as an FBI Special Agent, Goetz was detailed to the Central Intelligence Agency’s (CIA) Counterterrorism Center, where among other counterterrorism operations he led the CIA team in the response to the August 7, 1998, bombing of the U.S. Embassy in Nairobi, Kenya. He was chief of the FBI’s Legal Attaché Office in Germany from 2000-2005 and was instrumental in the 9/11 investigation of the Al-Qaeda terrorist cells in Germany. He also established and headed the FBI’s Baghdad Office in 2005. Upon returning to the United States, he was put in charge of the FBI Baltimore Office’s Counterterrorism, Counterintelligence and Cyber Programs. Before retiring, he was the Acting Section Chief of the Office of International Operations, FBI Headquarters, where he had responsibility for all FBI overseas offices.

Clewett started his career at Andersen Consulting (now Accenture) in 1989 as an IT consultant in the firm’s consumer products division. At Andersen, he helped clients implement large scale IT systems, reengineer their business processes, and outsource non-core IT functions. In 1997, he joined Unicom (now Exelon) as IT Director Customer Information Systems, and was promoted to IT Vice President in 2003 responsible for IT Enterprise Solutions and subsequently for ComEd IT Solutions. In 2011, Clewett was selected to lead the IT integration for Exelon’s merger with Constellation Energy, and after the completion of the merger, was promoted to Exelon Chief Technology Officer responsible for driving technology strategy, enterprise solutions and infrastructure. In addition to his responsibilities at Exelon, he serves on the board of Urban Gateways, a non-profit organization focused on ensuring urban youth have access to high quality arts education.
Tom holds a Bachelor of Science in Mechanical Engineering from the Illinois Institute of Technology (MAE ’88). He is a member of both Tau Beta Pi and Pi Tau Sigma Engineering Honor Societies.

 

You Don’t Know What You Don’t Know: Technology, Surveillance, and Rights
Gregory W. O’Reilly, Chief, Second Municipal Division
Cook County Public Defender’s Office

Digital communications, social media, “datafication,” and mathematical and digital analytical tools have outraced political and legal institutions to define the actual privacy citizens enjoy not only in repressive regimes, but also in liberal democracies. Few citizens know this; many in governments, businesses, the technology sector, and even some in the pro-democracy realm view this as an unalloyed good. Given the pace of this development, and the incentives for its further growth, it is now especially important to search out what we do not know about these issues and the consequences; to imagine not merely likely results, but those considered unlikely, but which might include enormous downside risk; and to acknowledge we cannot know or predict aspects of this transformation. Recognition of this should prompt even the most avid supporters of unregulated technological change to consider the importance constitutional rights as a constraint against adverse consequences we know or can imagine, but even more so for those we cannot.

O’Reilly formerly served as Chief of the Forensic Science Division; leading the creation of the Division, the nation’s first, where his duties included litigation, training and supervision of attorneys in forensic science cases.

He is currently Chief, Second Municipal Division, in Skokie, Ill. covering the north-side of Chicago, and northern suburbs. An adjunct lecturer at the University of Illinois, Chicago, he has published numerous articles in law reviews and professional journals. He litigated a case profiled on Dateline NBC, which resulted in the exoneration of a man serving a one-hundred-year sentence as a serial rapist, exposed forensic misconduct, and led to a multi-million dollar settlement for the client, and investigations and exonerations of numerous similar cases. He managed a team of attorneys and directed office response to the Illinois Sexually Violent Persons Act, and successfully challenged appointment of Cook County’s Public Defender to Sexually Violent Predator cases in Illinois Supreme Court. He has served in the felony trial, misdemeanor, and appellate divisions.

He has worked on legislation with the General Assembly and had leading roles in drafting and lobbying for a reform of the Public Defender Act (1991); the post trial DNA statute – second in the nation (1997); the preservation of evidence statute – first in the nation (1999); and the DNA database search statute – first in the nation (2003). He has a B.A., J.D., and an M.A. in Political Science from Loyola University, Chicago. O’Reilly was appointed as member of the Illinois Laboratory Advisory Board, the Illinois Task Force on Professional Practice in the Criminal Justice System, and the Illinois Senate Minority Leader’s Task Force on Reforming the Death Penalty. Awards include the Special Community Justice Award, Illinois Academy of Criminology; the Citizens Alert, Reverend Willie Baker Award for Exceptional Contributions Towards Community Justice; and he was the recipient of the Illinois Public Defender Association’s Award.

 

“Unmanned Aircraft Systems” - Drones...Who Will Control Them?
Henry H. Perritt Jr., Professor of Law
IIT Chicago-Kent College of Law

The FAA’s notice of proposed rulemaking (NPRM), released on February 15, provides breathing space for a revolution in aviation. Both the regulation and the technology it addresses portend a new reality for a risk-based approach to enhancing aviation safety. The FAA likes to call drones “unmanned aircraft systems,” but almost everyone else calls them “drones.” According to the NPRM, microdrones (“small UAS” or “sUAS”) are unmanned aircraft that weigh less than 55 pounds. As the NPRM acknowledges, however, this is a wide weight range that encompasses vehicles with starkly different characteristics and capabilities. Of greatest immediate interest are vehicles at the smaller end of the range, ones such as the DJI Phantom and Inspire (a Phantom is what fell on the White House lawn), and 3Drobotics’ IRIS+. These are multicopters, aircraft with multiple rotors powered by electric motors. Their battery capacity allows them to fly for 15 to 45 minutes at a time, and the limited range of their wireless control systems typically keeps them within the line of sight of the DRone OPerator (“DROP”). They carry small cameras capable of taking high definition video and streaming it live back to the ground.


They will supplement electronic newsgathering helicopters, offer new tools for real estate marketing, make construction-site supervision more efficient, and facilitate inspection of crops, bridges, power lines, and pipelines. Innovators in these industries have been straining at the starting blocks, waiting for the FAA to give general approval for commercial use of microdrones. Many have jumped the gun. In the NPRM, the FAA wisely has taken a risk-based approach, and has molded its requirements around the realities of microdrone missions and the risks they pose. Recognizing the damage that detailed design specifications can do to technological innovation; it refrained from imposing airworthiness certification on microdrone vehicles. Recognizing the irrelevance of much of manned aircraft pilot training and its high cost, the agency sensibly developed a new knowledge test for DROPs, focused on what they actually need to know about Federal Aviation Rules, traffic separation, weather, and safe microdrone operation. Passing this test, and submitting to a TSA clearance, will entitle DROPs to a new “operator” certificate. DROPs must be retested every two years on their knowledge. The NPRM does an excellent and persuasive job of explaining FAA’s choices. An accompanying economic analysis by OMB shows that the cost benefit ratio implementing the proposed rule is quite favorable.

Henry H. Perritt, Jr., is a professor of law at IIT Chicago-Kent College of Law. He served as Chicago-Kent’s dean from 1997 to 2002 and was the Democratic candidate for the U.S. House of Representatives in the Tenth District of Illinois in 2002. Throughout his academic career, Perritt has made it possible for groups of law and engineering students to work together to build a rule of law, promote the free press, assist in economic development, and provide refugee aid through “Project Bosnia,” “Operation Kosovo,” and “Destination Democracy.”


Perritt is the author of more than 75 law review articles and 17 books on international relations and law, technology and law, employment law, and entertainment law, including Digital Communications Law, one of the leading treatises on Internet law; Employee Dismissal Law and Practice, one of the leading treatises on employment-at-will; and two books on Kosovo: Kosovo Liberation Army: The Inside Story of an Insurgency, published by the University of Illinois Press, and The Road to Independence for Kosovo: A Chronicle of the Ahtisaari Plan, published by Cambridge University Press.

 

Protect Your Organization: Conduct a Privacy Assessment and Prepare for a "Successful" Data Breach!
Bonnie Goins, Adjunct Industry Professor of Information Technology and Management
Illinois Institute of Technology

It’s all over the news—organizations’ and individuals’ private data exploited for profit or for the thrill...but no more! Discussion included the latest recommendations for conducting an in-depth privacy assessment for organizations so they can avoid becoming the next Anthem. Also covered was how to align security efforts with results to enhance protection of assets.

Bonnie A. Goins is an Adjunct Industry Professor of Information Technology Management at the Illinois Institute of Technology. She has over 20 years of experience in security management and assessment, risk management and assessment, business continuity/disaster recovery, incident response and security compliance with regulations and frameworks, such as ISO 27001/2, ISO 20001/2, ITIL, PCI, HIPAA, SOX, NERC, FISMA and others. Goins also currently serves as a senior security strategist for a Chicago-based public company and has been a trusted advisor/consultant to numerous Fortune 100 and 500 clients during her career in information security.

 

Security and the IoT Digital Growth Drivers
Antonio Hylton
Verizon

Tonnetta Oubari, Manager, Product Development & New Business Innovation IoT / Smart Cities
Verizon

As a talented resource in business, technology, and the Internet of Things (IoT), Tonnetta Oubari brings over 10 years of knowledge in emerging technologies, business development, and strategic planning as an accomplished Business Strategy Consultant and Smart Cities Thought Leader. She’s worked with Fortune 100 multinational organizations as a trusted advisor and Executive Consultant both inside and outside of the United States. She provides experience in providing global C-level holistic enterprise strategy and with products that drive value and innovation to help organizations achieve the agility they need to compete.

In her previous role with the Tribune Company; a national media organization with headquarters in the Midwest; she provided executive advisory that included next generation digital real time enterprise (RTE) intelligent builds, virtualizations, and optimizations to cloud based delivery models. She comes with a strong background in Fortune 500 C-suite presentations, digital business model generation, research in the Internet of Things (IoT), Machine to Machine (M2M), and embedded systems architecture for Connected Cities and actionable insight through data analytics. Oubari aided Verizon in the development of its first Management Consultant practice. Oubari founded and is also co-Chair of the Enterprise Architecture Community of Practice. Her strong communication capabilities include global facilitation’s, and executive white board sessions. She has Spanish language skills with extensive experience in collaborative global multi-cultural engagements.

Oubari has delivered multi-national advisory strategies of current state architecture models; matured business silo environments to standardized, centralized, modular agile, and cloud models. Leveraging enterprise architecture methodologies; FEA, TOGAF 9, DoDAF, and Zachman in addition to ITIL based service design and delivery operations. Her engagements have included Shared services, governance, regulatory compliance measures, M&A strategy, and holistic transformation roadmap development strategies through blended Architecture Development Methodology (ADM) process leveraging proven global standards/frameworks.
She is a contributing member of The Association of Strategic Alliance Executives, and is a member of the Green Grid for Efficient IT, TM Forum, Cloud Security Alliance, PMI, The Association of Enterprise Architects, Data Science Central, the Smart City Council, the ACM-W (ACM committee on Women in Computing), and a member of the select Executive’s Club of Chicago. She holds a Masters certificate in Data Networks and Telecommunications. She recently published academic research on the comparative quantitative analysis of Enterprise Architecture Frameworks and EA methodologies. Oubari was also a major contributor to the 2014 Verizon Thought Leadership white paper on Big Data strategies for success.

Telework: Risks, Challenges, Perils, and Successes

William Slater and Melanie Thompson
Illinois Institute of Technology

Telework has been growing in popularity during the past 20 years. In 2010, the Federal Telework Act was signed into law providing 10s of thousands of Federal workers the option to perform much of their work from home. However, telework is often misunderstood, and has its own unique risks, challenges, and perils. In fact, if a manager is not properly planning how and when his or her staff will perform telework, that in itself can provide a formidable barrier to success. This presentation will provide a good look at what teleworking is and how to deal with the risks, challenges, and perils of telework. It will also provide proven tips to make you and your organization a successful organization where telework is part of the culture, and an acceptable, productive way of working.

Mr. Slater is a Senior IT Project Manager, Program Manager, senior IT consultant, and author who lives in Chicago and works in the Chicago area. He has worked in Information Technology since 1977, and his cybersecurity experience has spanned more than 30 years.
Specialties Include: Cloud Computing, IT Security, Information Security, Cybersecurity, Disaster Recovery, Business Continuity, Crisis Management, Business Resiliency, Business Analysis, System Analysis, IT Infrastructure Management, Technical Architecture, Data Center Operations, Data Center Development, Cyberforensics, Cyberwarfare, Social Engineering, Risk Management, Incident Management, Problem Management, IT Change Management, Application System Development, Database Administration, Data Architecture, Technical Service Development, Service Management and Service Transition, Technical Leadership, and Technical Training.

IIT Student Presentations
Illinois Institute of Technology
Information Technology and Management / Cyber Forensics and Security student presentations

Defending Your Android App
Anthony Ramirez and Felipe Sierra

In recent years, vulnerabilities within SSL, TLS, and IPsec, along with security breaches in major certificate authorities, have forced developers to search for new methods to secure communications between clients and servers. Many application developers have turned to certificate pinning. Certificate pinning helps deter attackers by authenticating the certificate, to ensure its validity at the initiation of a key exchange. Although certificate pinning does provide protection, it is vulnerable to some attacks. The research conducted focused on: (1) finding 10 apps from the Google Play Store that employ certificate pinning as a security measure for its communications; (2) studying the three different methods used for bypassing certificate pinning on Android Devices; and (3) testing the 10 apps with each tool to see if the students could bypass the certificate pinning. After determining the effectiveness of the three methods, the students decided to research and develop practices that would allow developers to harden their applications, with the objective to show these deterrents succeed at protecting against these attacks.

Detecting Network IOCs Using Splunk
Jiawei Chen and Chris Hein

The machine data generated by IT systems and technology infrastructures contains valuable information about business activity, machine behavior, security threats and more. The rapid growth of this data and its complexity makes it harder to analyze, which brings the need to find a solution for this issue. Splunk allows for the collection and indexing of machine-generated data from virtually any source in real time. The students’ project focused its goals on the automated analysis of security data from sources such as logs from a Squid web proxy log. The solution uses Splunk to collect and index data from Squid and send an alert if a user visits a malicious website listed on a watch list. The students provided a basic alert for analysts that will show the URL visited as well as the IP and hostname of the potentially infected host. The project attempts to use it to solve a security problem of not knowing if someone may have visited a malicious site until it is too late.

RTP Steganography
Jiawei Chen, Charles Clayton, and Philip Matuszak

This project attempted to test the detectability of the steganography tool, SteganRTP, when used in a network setting. Real-time Transport Protocol (RTP) is the network protocol most often used to deliver streaming media across a network, including voice over IP (VoIP) and video teleconferencing. Steganography within RTP over a network can be a viable security concern, as it is performed in real time, producing instant results. This can be a substantial difference from the hiding of data within images or sound files, most of which must be analyzed to retrieve the data after the files have been obtained by the intended receiver. Large amounts of data can be transmitted using RTP, with relatively little concern of residual evidence. There is currently no known tool to detect these covert transmissions in real time, and the students’ intent was to determine if the use of this tool, when used for network steganography, is detectable.

MP3 Steganography
Yalinne Castelan and Ben Khodja
 
Because of its ability to efficiently and intelligently compress digital audio information to a manageable size, MPEG-1, Layer 3 (MP3) has become one of the most widely known and used digital media encoding formats. What most users are unaware of, though, is that any MP3 file can be used as a carrier of steganographically hidden information. This could include a document, an image, a video, another audio file, a .zip archive, or any other type of digital information and it is hidden in such a way that makes it very difficult, if not impossible, for the average user to detect. Various tools are available which make it possible for users to hide information within different portions of an MP3 file either while the encoding process is taking place or after it has completed; however, few of them fully take advantage of the large amount of space contained within the audio information-containing portions of an MP3 file’s frames. This session discussed how some of the existing MP3 steganography tools work, and the students presented research that went into developing a post-encoding hiding method and tool which makes use of the audio information-containing portions of an MP3 file’s frames.

Wii would like to play (with your information)!
Ismail Hassan and Ana Orozco

In the new age of console gaming, players find themselves connecting more and more online to receive or access more game content. This has left their personal and financial information open to online theft and is now a major concern. Recent breaches against Microsoft and Sony game systems show that stealing this type of information can be very profitable. The Wii U is Nintendo’s entry to “High Definition gaming” in the console wars. It connects players to the Web to provide social and gaming content, which could also expose player information to breaches. Game modifications by players also open up a plethora of security vulnerabilities in systems which could be taken advantage of by malicious actors. By using different Wii exploits such as the HackMii exploit and other forensic tools, the students explored how plausible it would be to extract player information from the system’s memory or from the network. 

Evalution of StegoHunt
Pragnya Manaswini, Osarumwense Francis Orumwense, and Aishwarya Thirumalai

This project was an evaluation of the detection rate and efficiency of StegoHunt, a steganalysis tool used in detecting the presence or occurrence of data hiding activities. The students hid covert files in carrier files of the following file types: docx, bmp, mp3, txt, wav and jpg, using two or more steganography tools. When completed, the carrier files were analyzed using StegoHunt in an effort to determine how many carrier files were detected.

Network Steganography
Marko Zivkovic

Network Steganography (NS) is another intelligent way to enable secret communication by making modifications of the Network Elements.
Contrary to native steganography, NS does not require the carrier file but rather network applicactions and protocols such as Voice over Internet Protocol (VoIP) and Real Time Protocol (RTP). By using these methods, steganalysis must be performed during the data transfer which makes it harder to detect and extract a secret message. The main focus of the presentation was to show the available methods as well as creation of meaningful categorization. In general, every NS method has bandwidth, stego-cost, detectability level and applicability in different network settings. The first method presented was called SkyDe which uses Skype to perform NS. When people converse over Skype, packets which contain the voice and the silence (breaks in talking) are exchanged. These silent packets are utilized to transfer stego-material. In addition to SkyDe, two methodsRSTEG and LACKuse retransmission and the intentional delay of the packets to transfer steganogram. This presentation also showed how the Google Suggest service may be exploited for steganography purposes. Using a "man-in-the-middle" scenario, the StegSuggest method exchanges the suggestions between users where added suggestions contain encoded stego-material. Through the various methods presented, it can be concluded that NS can be performed in many ways and be used for various malicious purposes.

RADISH: The Remotely-Accessible Dynamic Infrastructure for Students to Hack
Dawid Broda

In 2010 the initial implementation of RADISH was developed; named because of its original purpose of teaching students in a penetration testing class to realistically probe and hack computer systems without disrupting, raising alarms or otherwise compromising our university's computers and networks. Since that time, it has evolved to support eight different cyber security and forensics classes and numerous research projects in the School of Applied Technology at IIT.RADISH has evolved on several fronts. In addition to pen testing, RADISH now supports eight cyber security and forensics classes and related research projects. Students in these classes and research activities can safely "play" with viruses and other malware, use expensive cyber forensic software and do laboratory exercises, even from home. RADISH has also evolved in its implementation from pre-configured USB drives given to students to remotely-accessible complexes of computers, and now to fully-virtualized systems of remotely-accessible virtual computers that gives up to 100 students concurrent access to their own individual cyber environments of up to several hundred networked computers.

MP4 Video Steganography
Clint Bhola

This project seeks to describe how TrueCrypt, a popular tool for on the fly encryption of file systems, can also work from within container files such as those used by the MPEG-4 standard.  Through this method users can hide sensitive files inside encrypted hidden containers without raising suspicions about its hidden content. It will also attempt to analyze how these containers can be detected using steganography analysis of the container files.

AVI Video Steganography
Divine Puplampu 

This project examines the use of video steganography to hide other information in Avi carrier files.  The intended Avi carrier files are converted into .bmp frames using Matlab R2014a version 8.3.0.220 Code to performed file format conversions.  Steganography is the art that involves connecting secret data in an appropriate multimedia carrier, e.g., image, audio and video files.  The information to be hided is called the secret message (payload) and the medium in which the information is hided is called the cover document. The cover document containing hidden message is called stego-document. I am using Matlab code to break an avi video into frames, resize a bitmap picture or whatever information we wished to conceal to be the same size as the video frame. Then insert the resize object into any position number of the video frames depending on the total number of frames (1,2,3,4……). I will then recompile the altered and unaltered bitmap frames into one .avi video file using the same code the play it.  The end result is a .avi file that contains some discretely hidden message of the creator’s choosing.

See more student projects by Information Technology & Management Students

More information about ForenSecure: Cyber Forensics & Security Conference & Expo

More Information about Cyber Forensics and Security Lab at Illinois Institute of Technology School of Applied Technology