Science Daily notes a social networking paper that sounds interesting.

“A new approach to analyzing social networks, reported in the current issue of the International Journal of Services Sciences, could help homeland security find the covert connections between the people behind terrorist attacks. The approach involves revealing the nodes that act as hubs in a terrorist network and tracing back to individual planners and perpetrators.”

Yoshiharu Maeno, Yukio Ohsawa, Analyzing covert social network foundation behind terrorism disaster, nt. J. Services Sciences, 2009, 2, pp.125-141. (preprint).

Abstract: This paper addresses a method to analyse the covert social network foundation hidden behind the terrorism disaster. It is to solve a node discovery problem, which means to discover a node, which functions relevantly in a social network, but escaped from monitoring on the presence and mutual relationship of nodes. The method aims at integrating the expert investigator’s prior understanding, insight on the terrorists’ social network nature derived from the complex graph theory and computational data processing. The social network responsible for the 9/11 attack in 2001 is used to execute simulation experiment to evaluate the performance of the method.

This November will be the first time any end-to-end cryptographic system will be used in a binding governmental election.

UMBC Professor Alan Sherman and his students have been helping develop the Scantegrity open source election verification technology for optical scan voting systems. It uses privacy preserving confirmation numbers to allow each voter to verify her vote is counted and that all the votes were counted correctly.

The group has been working with Takoma Park MD to use this in a binding governmental election later this year. Alan recently wrote:

“On Saturday April 11, there will be a mock election in Takoma Park, MD, using the Scantegrity II high-integrity voting system being developed in part at the UMBC Cyber Defense Lab. Anyone is welcome to come and vote – polls will be open 10am-2pm in the Community Center at 7500 Maple Ave. This mock election is preparation for the Nov 2009 municipal election in Takoma Park which will also use Scantegrity – the first time any end-to-end cryptographic system will have been used in a binding governmental election.”

Here’s the text a short article on the election from the April 2009 Takoma Park newsletter.

This Arbor Day: Plant the Seeds for Election Verifiability

Election integrity is a major issue both nationally and internationally. During the City’s annual Arbor Day celebration, Takoma Park will try out what may be one solution. From 10 a.m. until 2 p.m. on April 11, City residents and their families and friends are invited to participate in a mock election administered by the City and its Board of Elections. The point of this mock election is to give voters an opportunity to test out and provide feedback to the City on the voting system it will use in the November 2009 municipal elections.

First among the many characteristics that set this system apart from those previously used by the City is that voters will be able to confirm that their ballots were counted.

As part of their ballot, voters will receive a confirmation code that they can write down, take home and check online to make sure their votes were counted. The confirmation number does not say how you voted and your vote remains private. What it does say, however, is that your vote is included in the final tally and that the machine read your vote correctly.

The system is paper-based and works like an optical scan voting system, making it easy to use. The only difference is that when you vote, instead of a completely black bubble, you will see the confirmation number appear as shown in the illustration above.

Writing down and checking the confirmation number is optional. So, this Arbor Day, while enjoying the festivities, drop by the Community Center Azalea Room to see how the system works. Try it out, ask questions, give feedback, and enjoy the refreshments!

To obtain more information on the Arbor Day Mock Election, visit the City’s website at www.takomaparkmd. gov. Questions may also be addressed to the City Clerk’s office at 301-891-7267 or Clerk@takomagov.org.

The Google has flipped out. Starting a few minutes ago when I try to click on any Google search result, I am shown the Google malware page. The one below was the result when I tried to click through to http://google.com/, the first result for searching for “google”. It is obviously an error in Google’s software and one that surely will be fixed shortly, if it has not been fixed already. Since Google is highly distributed, it’s possible that only some of their sites are in error.

Once you get the “Warning – visiting this web site may harm your computer!” page, the only way to continue on to the page is by manually selecting the text of the URL from the warning page and pasting it into your browser’s URL field.

Through experimentation, the problem exists for the deafult search service as well as image search but not for searchers over blogs, news, video, scholarly papers or shopping.

I suppose this could be the world’s safest CYA disclaimer, but if so they may as well add Do not taunt happy fun ball.

Update: This seems to have been fixed around 10:15am GMT-5.

Update 2: Here is Google’s post about the problem.

USA Today reports (Feds may mine blogs for terrorism clues) that the US Department of Homeland Security wants to use data-mining technology to search blogs and Internet message boards to find those used by terrorists to plan attacks.

“Blogging and message boards have played a substantial role in allowing communication among those who would do the United States harm,” DHS said in a recent notice.

Julian Sanchez notes on Ars Technica that the story is not new.

“The story is actually pegged to a Sources Sought Notice posted by the Department of Homeland Security back in October. Our colleagues at Wired reported on it at the time.”

Wenjia Li will present his dissertation proposal on ‘A Security Framework to Cope with Node Misbehaviors in Mobile Ad Hoc Networks’ which will be done under the supervision of Professor Anupam Joshi. The presentation will be at 4:00pm Tuesday, January 6, in ITE 325b. Here’s the abstract.

A Mobile Ad-hoc NETwork (MANET), as its name suggests, has no fixed infrastructure, and is generally composed of a dynamic set of cooperative peers, which are willing to share their wireless transmission power with other peers so that indirect communication can be possible between nodes that are not in the radio range of each other . The nature of MANETs, such as node mobility, unreliable transmission medium and restricted battery power, makes them extremely vulnerable to a variety of node misbehaviors. Wireless links, for instance, are generally prone to both passive eavesdropping and active intrusion. Another security concern in ad hoc networks is caused by the cooperative nature of the nodes. Attacks from external adversaries may disturb communications, but the external intruder generally cannot directly participate in the cooperative activities among the nodes, such as routing, because they do not possess the proper secure credentials, such as shared keys. However, compromised nodes, which are taken over by an adversary, are capable of presenting the proper secure credentials, and consequently can interfere with almost all of the network operations, such as route discovery, key management and distribution, and packet forwarding. Hence, it is essential to cope with node misbehaviors so as to secure mobile ad hoc networks.

In this dissertation, we address the question of how to ensure that a MANET will properly operate despite the presence of various node misbehaviors. We propose to build a framework that can cope with various node misbehaviors in a wise and adaptive manner. The main purpose of our proposed framework is to provide a platform so that the components that identify and respond to misbehaviors can better cooperate with each other and quickly adapt to the changes of network context. Therefore, policies are planned to be utilized in our framework in order to make those components correctly function in different network contexts. Besides the policy component, there are three other components, which fulfill the tasks of misbehavior detection, trust and reputation management, and route management, respectively. To validate and evaluate our proposed framework, we plan to implement our framework based on simulator.

In particular, the contributions of this dissertation are (i) Develop a framework to combine the functionalities of surveillance and detection of misbehavior, trust and reputation management, route management, and policy management so as to provide a high-level solution to cope with various misbehaviors in MANETs in an intelligent and adaptive manner (ii) Propose and implement a misbehavior detector based on the gossip-based outlier detection method, which relies on neither any pre-defined threshold nor any training data (iii) Take into account both first-hand information (direct observation) and second-hand information (indirect observation) during both misbehavior detection and trust management processes, in which first-hand information and second-hand information are merged by some intelligent methods (iv) Specify and enforce policies in the proposed framework, which makes the framework promptly adapt to the rapidly changing network context.

Just like Freddy Kreuger, botnets are hard to kill.

In a series of posts on his Security Fix blog, Brian Krebs provides a good explanation of how the Srizbi botnet was able to come back to life after being killed (we thought!) earlier this month.

“The botnet Srizbi was knocked offline Nov. 11 along with Web-hosting firm McColo, which Internet security experts say hosted machines that controlled the flow of 75 percent of the world’s spam. One security firm, FireEye, thought it had found a way to prevent the botnet from coming back online by registering domain names it thought Srizbi was likely to target. But when that approach became too costly for the firm, they had to abandon their efforts.”

In a example of good distributed programming design, the botnet had a backup plan if its control servers were taken down.

“The malware contained a mathematical algorithm that generates a random but unique Web site domain name that the bots would be instructed to check for new instructions and software updates from its authors. Shortly after McColo was taken offline, researchers at FireEye said they deciphered the instructions that told computers infected with Srizbi which domains to seek out. FireEye researchers thought this presented a unique opportunity: If they could figure out what those rescue domains would be going forward, anyone could register or otherwise set aside those domains to prevent the Srizbi authors from regaining control over their massive herd of infected machines.”

Unfortunately, FireEye did not have the resources to carry out its plan and was forced to abandon it, but not before seeking help from other companies and organizations with deeper pockets.

“A week ago, FireEye researcher Lanstein said they were looking for someone else to register the domain names that the Srizbi bots might try to contact to revive themselves. He said they approached other companies such as VeriSign Inc. and Microsoft Corp. After FireEye abandoned its efforts, some other members of the computer security community said they reached out for help from the United States Computer Emergency Readiness Team, or US-CERT, a partnership between the Department of Homeland Security and the private sector to combat cypersecurity threats.

File this one under opportunity, lost.

The ISI 2009 call for papers is out with deadlines of 20 January 2009 for papers and 20 February for tutorials or workshops proposals.

Intelligence and Security Informatics (ISI) has been established as an interdisciplinary subject that focuses on the development and use of advanced information technologies, including methodologies, models and algorithms, infrastructure, systems, and tools, for local, national/international, and global security related applications through an integrated technological, organizational, behavioral, and policy based approach.

This year’s conference will be held in Richardson, Texas (in the Dallas Area), 8-11 June 2009. The annual IEEE ISI series was started in 2003, and the first five meetings were held in Tucson (twice), Atlanta, San Diego, New Brunswick, respectively, in the United States. The sixth (2008) meeting was held in Taipei with significant international participation. Several regional ISI conferences/workshops have also been held in Pacific Asia and Europe in recent years. These ISI conferences and workshops have brought together academic researchers, law enforcement and intelligence experts, information technology consultants and practitioners to discuss research and practice related to various ISI topics. The themes of the 2009 IEEE ISI conference will cover context-aware data analysis, effective counterterrorism, and public education on cybercrime detection.

John Markoff has an article on botnets, A Robot Network Seeks to Enlist Your Computer, in today’s New York Times. It focuses on the efforts that Microsoft is taking to combat the botnet problem.

“In a windowless room on Microsoft’s campus here, T. J. Campana, a cybercrime investigator, connects an unprotected computer running an early version of Windows XP to the Internet. In about 30 seconds the computer is “owned.” An automated program lurking on the Internet has remotely taken over the PC and turned it into a “zombie.” That computer and other zombie machines are then assembled into systems called “botnets” — home and business PCs that are hooked together into a vast chain of cyber-robots that do the bidding of automated programs to send the majority of e-mail spam, to illegally seek financial information and to install malicious software on still more PCs.
…
“The mean time to infection is less than five minutes,” said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators.”

One item I found interesting is that some botnet programs have their own own ‘antivirus software’ to eliminate any competition and even use standard measures to keep their newly acquired machine safe.

“Mr. Campana said the Microsoft investigators were amazed recently to find a botnet that turned on the Microsoft Windows Update feature after taking over a computer, to defend its host from an invasion of competing infections.”

This Thursday (9am 10/23) UMBC Ph.D. student Jim Parker will defend his dissertation on Observation Techniques for Detecting Malicious Behavior in Ad-hoc Networks. Detecting malicious behaviour in MANETs is a tricky problem on which Jim has made considerable headway. Here’s his abstract.

A mobile ad-hoc network (MANET) is a collection of wireless, self-organizing nodes, each capable of routing network traffic and having the ability to be mobile. A MANET has no central authority nor fixed network infrastructure, and the dynamic nature and openness of MANETs lead to potential vulnerabilities. Since there is no guarantee of connection to the wired Internet, accepted security practices involving third party authentication servers becomes an unrealistic expectation. Even with authentication, there is the potential for abuse.

Our research has focused on being the “eyes and ears” for trust evaluation. We have developed an extensive simulation to investigate the viability of detecting malicious and faulty node behavior in MANETs. We first show detection capability at the network layer and introduce two techniques for reacting to malicious behavior. We then demonstrate detection using information from multiple layers of the OSI stack. Finally, we tie everything together by combining the detection techniques with a field communications scenario.

I’ve seen the following attributed to Woody Allen:

Question: what’s a three syllable word beginning with ‘P’ that means you think that everybody’s against you?
Answer: perceptive.

It’s fashionable in some circles to be paranoid about Google. If they ever do abandon their Don’t be evil informal motto then we are all in trouble. Search engines can gather a lot of information about a person’s interests. While Google is not the only search engine available, they have assembled quite an array of Web systems, including gmail, Google reader, Google groups, DoubleClick, Feedburner and many more. They would be in a good position to integrate a lot of information about a person’s behavior on the Web.

Enter Google Chrome.

If you own the browser, you can get the full range of a person’s Web activities. What worries some is that each Google Chrome installation contains a unique ID, which could be used to identify its user. The German company Abelssoft has released UnChrome as an application that effectively makes your copy of Google Chrome anonymous.

“Regarding to Google, “Google Chrome is a browser that combines a minimal design with sophisticated technology to make the web faster, safer, and easier”. Unfortunately, each Google Chrome installation contains a unique ID that allowing identifying its user. Google doesn’t make it an easy job to remove this ID.

UnChrome helps you with this task. It replaces your unique ID with Null values so that your browser cannot be identified any longer. The functionality of Google Chrome is not influenced by this. You only need to apply UnChrome once.”

I think this is paranoia rather than being perceptive, but just because you’re paranoid doesn’t mean they aren’t out to get you.

Sixteen US intelligence agencies are encourage their staff to use A-Space, a new social-networking site for analysts being developed by the US Government and slated for launch on 22 September.

A-Space is an effort sponsored by the Office of the Director of National Intelligence. The Defense Intelligence Agency is managing the project with serving as the prime contractor for development.

CNN has an article, CIA, FBI push ‘Facebook for spies’, with some of the details.

“It’s a place where not only spies can meet but share data they’ve never been able to share before,” Wertheimer said. “This is going to give them for the first time a chance to think out loud, think in public amongst their peers, under the protection of an A-Space umbrella.” Wertheimer demonstrated the program to CNN to show how analysts will use it to collaborate.

“One perfect example is if Osama bin Laden comes out with a new video. How is that video obtained? Where are the very sensitive secret sources we may have to put into a context that’s not apparent to the rest of the world?” Wertheimer asked. “In the past, whoever captured that video or captured information about the video kept it in-house. It’s highly classified, because it has so very short a shelf life. That information is considered critical to our understanding.”

Material on A-Space is, of course, highly classified and compartmentalized, so there will be stringent access control procedures. To further prevent information from being inappropriately accessed or used, A-Space will employ additional mechanisms, including monitoring for anomalous access patterns.

“We’re building [a] mechanism to alert that behavior. We call that, for lack of a better term, the MasterCard, where someone is using their credit card in a way they’ve never used it before, and it alerts so that maybe that credit card has been stolen,” Wertheimer said. “Same thing here. We’re going to actually do patterns on the way people use A-Space.”

Federal Computer week also has a recent article on A-Space, A-Space set to launch this month.

The September 2008 Scientific American is a special issue on The Future of Privacy. The issue has a good range or articles that all look like they are well worth reading and touch on all of the theme in our new MURI project on assured information sharing.

• Privacy in an Age of Terabytes and Terror. Peter Brown. Introduction to SciAm’s issue on Privacy. Our jittery state since 9/11, coupled with the Internet revolution, is shifting the boundaries between public interest and “the right to be let alone.”
• Data Fusion: The Ups and Downs of All-Encompassing Digital Profiles. Simson L. Garfinkel. Mashing everyone’s personal data, from credit card bills to cell phone logs, into one all-encompassing digital dossier is the stuff of an Orwellian nightmare. But it is not as easy as most people assume.
• Do Social Networks Bring the End of Privacy?. Daniel J. Solove. Young people share the most intimate details of personal life on social-networking Web sites, such as MySpace and Facebook, portending a realignment of the public and the private.
• How Loss of Privacy May Mean Loss of Security. Esther Dyson. Many issues posing as questions of privacy can turn out to be matters of security, health policy, insurance or self-presentation. It is useful to clarify those issues before focusing on privacy itself.
• Cryptography: How to Keep Your Secrets Safe. Anna Lysyanskaya. A versatile assortment of computational techniques can protect the privacy of your information and online activities to essentially any degree and nuance you desire.
• Internet Eavesdropping: A Brave New World of Wiretapping. Whitfield Diffie and Susan Landau. As telephone conversations have moved to the Internet, so have those who want to listen in. But the technology needed to do so would entail a dangerous expansion of the government’s surveillance powers.
• How RFID Tags Could Be Used to Track Unsuspecting People. Katherine Albrecht. A privacy activist argues that the devices pose new security risks to those who carry them, often unwittingly.
• Beyond Fingerprinting: Is Biometrics the Best Bet for Fighting Identity Theft?. Anil K. Jain and Sharath Pankanti. Security systems based on anatomical and behavioral characteristics may offer the best defense against identity theft.
• Digital Surveillance: Tools of the Spy Trade. Steven Ashley. Night-vision cameras, biometric sensors and other gadgets already give snoops access to private spaces. Coming soon: palm-size “bug-bots”.
• Tougher Laws Needed to Protect Your Genetic Privacy. Mark A. Rothstein. In spite of recent legislation, tougher laws are needed to prevent insurers and employers from discriminating on the basis of genetic tests.
• Industry Roundtable: Experts Discuss Improving Online Security. Experts from Sun, Adobe, Microsoft and MacAfee discuss how to protect against more numerous and sophisticated attacks by hackers; security professionals call for upgraded technology, along with more attention to human and legal factors.