Khir Henderson, doctoral student at Morgan State University whose work focuses on designing and developing sustainable and scalable architectures to help protect some of the major security vulnerabilities in our nation’s critical infrastructures, was recently featured in the Fall 2021 edition of Diversity in Action.
Khir’s work on the SPLICE team includes investigating hardware and software implementations of hardware-based security used to establish the ‘root of trust’ in IoT devices or systems. He has also lead the development of an IoT device testbed, housed at the CAP Center at Morgan State University, that uses an automated network-security architecture following the Manufacturer Usage Description (MUD) IETF model. Khir has collaborated with researchers at Johns Hopkins University on developing a smart home scanning apparatus that encompasses discovery, fingerprinting, and profiling.
You can find Khir’s feature in the Fall 2021 edition of Diversity in Action here. To stay up-to-date with SPLICE happenings, consider following the SPLICE blog by scrolling to the bottom of this page and entering your email address.
To increase minority students’ participation, particularly African Americans in cyber fields, STEM engineering education requires a new approach to student learning. Students learn best when they are actively involved in the learning process. The concept of gamification is an emerging alternative approach that adds game elements to traditional instruction, engaging students in learning engineering concepts. In recent years, capture-the-flag competitions have emerged as a gamification approach to training and building students’ interest in cybersecurity.
During the spring 2019 academic term, a team of students from the Electrical and Computer Engineering department of Morgan State University participated in an embedded capture-the-flag (eCTF) competition organized by MITRE. The eCTF was also offered as a graduate course in the department. This graduate course included a cohort of minority students who had been exposed to fundamental concepts regarding secure embedded systems. We found that the eCTF allowed students to work in teams, develop critical thinking skills, address complex technical issues associated with real-world applications, and motivated continued learning and increased research productivity after the course ended. This paper aims to describe the design and implementation of the eCTF competition in the graduate course and summarize the successes and the barriers that impact the engagement of minority students in cybersecurity.
To read more, check out the full paper here. To see other SPLICE publications, check out our Zotero page here.
Michel A. Kornegay, Md Tanvir Arafin, and Kevin Kornegay. Engaging Underrepresented Students in Cybersecurity using Capture-the-Flag(CTF) Competitions (Experience). 2021 ASEE Virtual Annual Conference Content Access, Virtual Conference. July 2021. https://peer.asee.org/37048
Morgan State University has been recognized for proposing “innovative approaches to cybersecurity education and professional development that […] will support students [and] increase the vitality of cybersecurity preparedness for the nation.” This recognition includes $3.1 million in funding from the National Science Foundation (NSF) through the CyberCorps Scholarship program to provide full scholarships and stipends to students who agree to work in cybersecurity jobs for federal, state, local or tribal governments after graduation.
The CyberCorps Scholarship funding will be used to provide students with a unique educational program in secure embedded systems through the Secure Embedded Systems Scholarship (SES2). The program begins with recruitment, and continues with mentorship and financial support for students pursuing BS, MS, and Ph.D. degrees. SES2 supports students holistically, by leveraging peer and professional mentorship, experimental learning activities, and a comprehensive curriculum in embedded systems.
Congratulations to Morgan State University, the Cybersecurity Assurance and Policy (CAP) Center, and SPLICE PIs Kevin and Michel Kornegay, who will be leading this effort. To learn more, check out NSF’s previous announcement about the CyberCorps Scholarship program here, and the CAP Center at Morgan State’s announcement here.
Kevin Kornegay, SPLICE PI from Morgan State University, recently spoke with Tom Temin of the Federal News Network about the CAP Center‘s most recent collaboration with the NSA to ensure automobile cybersecurity. Kornegay describes that to find malicious code injected into the firmware of automobiles, he and his team first need to access the hardware and and then extract the firmware. They then use Ghidra to walk through the code and find malicious components. Kornegay and Temin go on to discuss the interplay between cybersecurity and industry motivations.
Kornegay and his team hope to provide cybersecurity best practices to industry through their governmental and nonprofit relationships. By working with the NSA, the CAP Center can provide technical solutions to the automotive industry to further protect car firmware and hardware. By working with Consumer Reports, the team’s findings can be made accessible to consumers who want safe and secure vehicles.
Check out Kevin Kornegay’s full interview with the Federal News Network here. To keep up to date with SPLICE news, subscribe to our blog at the bottom of this page.
If you’re in the market for a new car, you’ve probably noticed two things recently. The first being that almost all new cars today have electronic components for even the most basic of functionalities. The second being that because cars have these functionalities that require semiconductors (small chips “that manage functions like data storage, graphic rendering, and power consumption in electrical devices”), the recent semiconductor shortage is keeping many new cars on the lots.
If you end up buying that new car (or a relatively new, used car), you will be buying both a transportation and data collection system. “The data collected and recorded is quite broad and includes vehicle speed, passenger count, GPS routes, images from backup cameras, and [personally identifiable information] from connected cell phones. This information stays locally on the vehicle forever and in most cases is uploaded to the [original equipment manufacturer]. Those systems also control critical safety items like brakes. If left unprotected both privacy and lives could be at risk,” says Brian Knighton from the National Security Agency.
That’s where Morgan State comes in. Morgan State University Professor and SPLICE PI, Kevin Kornegay, and his team at the Cybersecurity Assurance and Policy (CAP) Center are working with the NSA’s reverse-engineering tool, Ghidra, to mitigate privacy, cybersecurity, malware, and geolocation vulnerabilities. Their work ensures that the electronic systems are supported and protected throughout the lifetime of the vehicle. Follow the links to learn more about the CAP Center and to read about their partnership with the NSA.
This past week, professors Kevin Kornegay and Michel Kornegay spoke with the CEO of Shift5, Josh Lospinoso, about Morgan State University’s unique approach to cultivating an environment of success in cybersecurity. Professors Kevin and Michel Kornegay are the Director and Associate Director, respectively, of Morgan State’s Cybersecurity Assurance and Policy (CAP) Center, which is home to the CREAM Lab (Center for Reverse Engineering and Assured Microelectronics of the School of Engineering).
First, it’s important to understand the necessity of cybersecurity research and implementation. New technologies with increasing capabilities enabled by wireless transmissions, data collection, and data processing, have allowed analog devices to be replaced with digital devices on the consumer level. And with consumers’ desire for new functionalities and features driving industry decisions, security protocols often fall to the wayside. But it’s all too common to hear of hacked toys, water systems being tampered with, and even our government being put at risk because of a lack of cybersecurity.
The CAP Center at Morgan State is unique in its methodology to ensure that students are adequately prepared for and provided with options in the cybersecurity realm — whether it be continuing in academia or transitioning into industry. And partnerships are part of this success. The industry partnerships that the Center has fostered have been essential to the development of the students in its programs. On the one hand, they provide industry mentorship, so that students can have hands-on experience outside of the lab. On the other hand, working with industry partners allows for a constant flow of information which keeps the research, education, and work of the program up-to-date with emerging cybersecurity threats and skills needed to stay ahead of the curve.
But the key to the program’s success? Professors Michel and Kevin Kornegay’s devotion to their students and the learning process. The importance of a “pipeline” can not be understated when it comes to encouraging students from underrepresented groups into cybersecurity. Michel has extended that pipeline to start even earlier, with a summer program specifically designed to get middle school girls in the Baltimore area interested in cybersecurity. Both Kevin and Michel speak about the hands-on experimental activities and active-learning experiences that students are immediately a part of when they enter into PhD programs in the lab. Kevin speaks about a new PhD program at Morgan State – Secure Embedded Systems – focusing on a wide variety of competencies necessary to tackle multifaceted cybersecurity issues. The unique program enables students to work with architectures, protocols, AI, and cryptography, spanning the processor, communication, and application aspects of cybersecurity. This program is so unique that it’s the only one in the state of Maryland.
As the Kornegays say in their conversation with Josh from Shift5, opportunity and preparation are both necessary for the success of their students. By working with industry partners who are on-board with their mission, the professors keep a finger on the pulse of emerging technologies, and are able to provide internship experiences and industry mentorship to their students. And the Kornegays work with their students to meet them where they’re at – recognizing that students come from a wide variety of backgrounds, so a one-size-fits all approach cannot work. And the results, seen by the achievements of their students, the growth of the CAP Center and CREAM lab, and increasing partnerships, prove the success of the Kornegays’ methods.
To hear more from their conversation, check out the video below. To get involved with supporting students in exploring cybersecurity, check out the Gen Cyber program. To learn more about the Kornegays’ work with SPLICE, check out the rest of this website.