Vision Statement

GTISC Open House Demostrations

Manos Antonakakis
Manos Antonakakis received his diploma in 2004 from the University of the Aegean, Department of Information and Communication Systems Engineering. From November 2004 up to July 2006, he was working as a guest researcher at the National Institute of Standards and Technology, in the area of wireless ad hoc network security, at the Computer Security Division. Currently he is a PhD graduate student conducting research in MANET anomaly detection under Professor Wenke Lee's supervision.

Sensor Network Data Access Across Heterogeneous Networks
Low-cost wireless sensors capable of detecting, monitoring, and reporting physical properties are increasingly being used in industrial, military, and first responder applications. Secure and remote access to the data collected by these sensors can encourage distributed and collaborative efforts by academia, government, and industry alike, thus increasing the value of the data collected and lowering the cost of deploying sensor applications. Access to data collected in physically remote or hazardous areas requires network connectivity in locations where there likely is no networking infrastructure. Mobile ad hoc networks (MANETs) offer the promise of establishing and extending network connectivity in the absence of previously deployed networking infrastructure. Building heterogeneous networks of sensor, MANET, wireless, and wired networks provides new opportunities for access to and sharing of sensor data. In this project I provide implementation details of an open source based solution that combines ad hoc, sensor and cellular network (3G) communication in a single grid device

In the first part of this project I was able to combine a Gumstix board with several network devices such as the CF GPRS card and the CF 802.11b card. For part two of the project, the Gumstix board was combined with a sensor base station. The two boards were interconnected. The base station is responsible for collecting data from the sensor network. On the other hand, the Gumstix board is responsible for forwarding the collected data to the Internet using a cellular network (in our case the Cingular's network). A web server was created that holds all the collected data from the sensor and ad hoc network. This web server will be responsible of presenting the new sensor data from the sensor network. This is the first open source approach on how to deliver sensor data over heterogeneous networks.

Vijay Arvind Balasubramaniyan
Vijay A. Balasubramaniyan is a first year PhD student affiliated with the GTISC lab. He completed his undergraduate degree in Computer Science from India, after which he worked at Intel for a year and at Siemens for over two years before coming to pursue his PhD. His research interests include VoIP and network security and he has been working on VoIP related research both at Georgia Tech and as a summer intern for IBM Research labs, T. J. Watson.

A Lightweight Scheme for Securely and Reliably Locating SIP Users
One of the issues faced in VoIP is to locate communicating parties on the Internet in a secure and reliable manner. The security mechanisms included in RFC 3261 session initiation protocol (SIP) are either weak or expensive to deploy. In this demo, we show a light weight scheme that can protect the integrity of SIP contact addresses. The lightweight scheme is implemented on top of a standard linux soft phone, Kphone. End user public keys distributed in this scheme can also be used for end-to-end user authentication and media session key exchange.

Nick Feamster
Nick Feamster is an assistant professor in the College of Computing at Georgia Tech. He received his Ph.D. in Computer science from MIT in 2005, and his S.B. and M.Eng. degrees in Electrical Engineering and Computer Science from MIT in 2000 and 2001, respectively. His research focuses on many aspects of computer networking and networked systems, including the design, measurement, and analysis of network routing protocols, network security, anonymous communication systems, and adaptive streaming media protocols. His honors include award papers at the NSDI 2005 conference (fault detection in router configuration), Usenix Security 2002 (circumventing web censorship using Infranet), and Usenix Security 2001 (web cookie analysis).

In-Band Accountability for Network Path Performance
Users and operators must be able to quickly and accurately diagnose network faults. The majority of existing diagnosis tools are out-of-band in nature. Although reasonably effective, these techniques are not without their shortcomings: they introduce additional traffic into the network (often at a time when the network is ill-equipped to cope with it), routers often treat probe traffic differently than the data traffic that experiences a fault, and, because these probes are separate from the data stream itself, they may entirely fail to capture transient faults.

We propose a complementary approach: in-band network path diagnosis. In-band diagnosis relies on the data packets themselves to carry the information needed to diagnose network faults. There are many possible ways to implement in-band diagnosis, and we present one approach, Orchid. Orchid allows end hosts to accurately pinpoint common network fault scenarios (e.g., congestion-related packet drops and route changes) with minimal overhead and router support. Our analysis, implementation, and evaluation in realistic settings on the VINI testbed demonstrate that our design can address these challenges, and that in-band diagnosis can be both accurate in common
fault scenarios and feasible in practice.

William G.J. Halfond
GJ Halfond is a third year PhD candidate in the College of Computing. His work focuses on software engineering and security. In particular, he is interested in testing and analysis techniques to improve the security and quality of web applications.

Detection and Prevention of Web Application Attacks
Web applications face a growing array of sophisticated attacks. SQL Injection Attacks are one such type of attack that allow attackers to access and control the databases underlying web applications. In this demo, we explain the mechanics behind SQL Injection Attacks and look at two different mechanisms for detecting and preventing them. The first technique, AMNESIA, is based on using static analysis to model legal database queries and runtime analysis to check that all queries executed at runtime match the generated models. The second technique, WASP, is a new framework based on positive dynamic tainting and syntax aware evaluation that can be broadly applied against a range of web application attacks.

Chris Lee
Chris Lee is a last year, PhD student in the ECE department under Dr. John Copeland and Dr. Henry Owen. Chris' work has focused on bringing usable intel to network administrators via visualizations and reporting. Chris' thesis work addresses the building, detection, and mitigation of botnets.

The Georgia Tech Honeynet Project
We are the fools that let our computers get compromised on purpose. We monitor the actions of hackers when they attack our box to learn their tools, tactics, and motivation. We have over 4 years, 50 GB (7.8 million flows), of data collected, waiting for researchers and pioneering people to analyze. Our main goal here at Georgia Tech is to build analysis and visualization tools. We are desperately looking for people with networking, hacking, programming (linux and web-based), statistics, and data analysis backgrounds.

Our demo goes through an example phpMyAdmin exploit using an analysis tool called FlowTag to show how we determined the exploit used, the tools used, and the final motive.

Travis Little
Travis Little is studying for a Masters degree in Human-Computer Interaction. His research in Usable Security has focused on helping home users keep their computers free of security vulnerabilities, and in leveraging implicit community data to combat Phishing. He has won funding for projects in both areas through the Georgia Tech "Tiger Team" student design competitions in usable security.

Project Title
Security flaws in standard applications are a huge and rising threat to the security of home computers. The total number of known vulnerabilities is projected to rise 30% this year alone. Unfortunately, most home users have no way to know which applications have vulnerabilities, or how to fix them. TALC detects vulnerable software on a user's computer, and uses an ambient display (tagging their desktop with graffiti) to notify them in a way that won't interrupt their work or play but will gently motivate them to patch their software.

Bryan D. Payne
Bryan D. Payne is a graduate student at Georgia Tech, working towards his PhD in Computer Science. His research interests include systems security, virtualization, and usable security. Prior to starting at GA Tech, Mr. Payne worked in the field of information security for the National Security Agency and BAE Systems Advanced Information Technologies.

A Virtual Monitoring Framework
When running multiple domains through the Xen hypervisor, the XenAccess library allows a privileged domain to view the runtime state of another domain using high level abstractions. This technique is known as virtual machine introspection. Our current software focuses on monitoring memory and disk, allowing host-based intrusion detection to operate in a protected environment. This demo will show how XenAccess operates using a few example applications and discuss the future research challenges in this space.

Takehiro Takahashi
Takehiro Takahashi is a graduate research student at GTISC. His research interests are Wireless, Mobile platform, and Voice-over-IP (VoIP) security. Takehiro started his academic career at Georgia Tech in 2001 as an undergraduate student, and worked on Wireless security problems with Dr. Wenke Lee. They successfully identified and addressed the inherent weakness in the encryption and authentication issues that existed in 802.11 networks through "tinyPEAP" and "WPA-Cracker" projects. Takehiro continues his research career at GTISC by studying the emerging threat of VoIP security.

VoIP Covert Channel
VoIP security in terms of storage covert channel is often overlooked and here has been a little research done in this area.

Here, we present a lowest significant bit (LSB) based covert channel to demonstrate that as much as 1000bps of information can be transferred over a live VoIP conversation.

Typical G.711 encoder based VoIP clients are trojan horsed and users may communicate in texts or transfer arbitrary files over the voice traffic.

Furthermore, a detection mechanism based on traffic analysis will be presented to detect possible covert channel attacks in a communication channel.

Georgia Tech's Capture the Flag Team in Top Five at the International Capture the Flag Cyber Security Exercise

Each December, the University of California Santa Barbara (UCSB) hosts the International Capture the Flag (also known as the iCTF), a global Internet hacking competition. Unlike other attack/defend contests, this competition comprises a global VPN infrastructure connecting 25 universities, on four continents. The goal of this competition is to bring diverse students together, test their Internet attack/defend skills, and build international camaraderie.

During this 9 hour tournament, a vulnerable server image is released and hosted at each competitor's site. This year's image, containing a number of vulnerable services, comprised a fictitious online banking system. The goal of each team was to protect their bank by hardening their services, and to increase their assets by hacking into other competitors banks and stealing money. Points were awarded for both fending off attacks as well for stealing cash.

Common applications and appliances used in this competition include, intrusion detection systems (IDS), intrusion prevention systems (IPS), firewalls, sniffers, scanners, as well as log analysis, static and dynamic code analysis of binaries and source code, log analysis, scripting, and common network administration.

Int80, Georgia Tech's iCTF team, is comprised of a talented group of graduate and undergraduate students from the College of Computing and the School Electrical and Computer Engineering. This year's success, rating in the top 5 worldwide, is the culminations of two months of testing and training. There were 25 teams participating in this event.

An interesting comment on one of the students in the Georgia Tech team: "Biggest robbery: int80 discovered a weakness in our architecture and was able to steal more than 1.3M dollars in a round."

The main students involved in coordinating the CTF team of 20 players were John Markott and Frank Rietta.

John T. Markott
John Markott, Team Captain for Georgia Tech's 2006 Capture the Flag Team, is a recent graduate of the M.S. Information Security program. Following graduation, John joined IBM Internet Security Systems as the Technical Product Manager for Server Protection and Virtualization.

Frank S. Rietta
Frank S. Rietta is a MS in Information Security student at the Georgia Institute of Technology, from where he previously earned a B.S in Computer Science, with a minor in International Affairs, in 2005. He ran an Atlanta-based web hosting business from 1999 until he sold it in 2005. He has taken several MBA courses from Georgia State University. He published "Application Layer Intrusion Detection for SQL Injection" at the ACM Southeastern Conference and "Business Intelligence for the Micro-ISV" at the Shareware Industry Conference in 2006.