ACES students complete a variety of internships and research projects to fulfill their experiential learning requirement.

Many ACES students have internships throughout the year at companies like Northrop Grumman, AT&T, NSA, and Google. Their duties vary, from working as software engineers to working on cloud security.

Students conduct research to gain a better understanding of specific areas in cybersecurity, working closely with topics they can only briefly cover in class. Listed below are examples of student research and initiatives, including startups and education outreach:

Andrew Goffin, class of 2017, conducted research on circuit obfuscation, the practice of hiding certain parts of the circuit for certain privacy protection.

When hardware is designed, it is often patented to become intellectual property. People can use the intellectual property by reverse engineering the circuit or using unauthorized circuit copies, without the permission of the original creator.

To try and avoid intellectual property privacy, engineers can use circuit obfuscation to hide parts of the circuit or lock the functionality of a circuit behind a “password.”

Implementing security on a hardware level, rather than just through software, makes the security much more difficult to break. Someone can bypass software by something as simple as bypassing a firewall, but cracking hardware often requires special tools or hardware access.

Circuit obfuscation can protect circuits with keys, which locks the circuit to everyone without a key.  Engineers strategically place logic gates in the circuit to potentially change the system’s output. Using the correct key the logic gates do not affect a circuit’s operation. But, if the incorrect key is used, the logic gate will begin inverting values, changing 1s to 0s and vice versa.  Without the proper values, the circuit will not function correctly.

In the example above, the XOR gate acts as the "lock" of the circuit. If you input the incorrect value for the key, the XOR gate inverts the output of AND3, thus potentially changing the output of the circuit. In this case, a key value of '1' will cause the circuit to output an incorrect value, while a key value of '0' causes the right circuit to behave exactly like the left circuit.

Note that if both C and D are 1, the XOR gate becomes irrelevant in this example. This can be considered a security flaw in the design, and is why further research is being done on the topic.

To begin learning circuit obfuscation, Goffin said to begin learning digital logic design and some basic cryptography. It is important to understand the basic principles, as circuit obfuscation depends on digital design.

Grant Orndorff and Jeremy Krach, both class of 2017, helped research and develop covert computation, a method of secret communication. Orndorff and Krach worked with Dana Dachman-Soled, assistant professor in the Electrical and Computer Engineering Department, to apply the communication method, which uses encoded messages and hides them in images.

Using covert computation, only those participating in the communication can understand the messages. 

For example, two people can use covert computation to find out if one individual likes the other. If they both say yes, the program notifies them and they “live happily ever after,” Orndorff said. However, if one individual says no or does not reply, the other individual will find out nothing about the communication.

“No one will receive a ‘no’ or be aware of a lack of communication and no one’s feelings will get hurt,” Orndorff said.

As student research assistants, Krach and Orndorff created a covert computation program using an algorithm Dachman-Soled developed. By the end of their summer research commitment, they had developed a bare bones, but usable, program implementing covert computation.

The program research began during summer 2014 and is ongoing. 

The Maryland Cybersecurity Center (MC2) is an academic center on the University of Maryland campus that brings together faculty, researchers, and students working in the field of cybersecurity from several schools and departments across campus. MC2 offers educational outreach programs to address the issue of an insufficient and ill-prepared workforce to combat domestic and international cybersecurity threats, particularly in a field that is constantly evolving.

Every year, ACES students collaborate with MC2, taking on positions such as Camp Instructors, Resident Assistants, and Teaching Assistants. MC2's educational programs cater to pre-college students, undergraduates, and graduate students.

MC2 organizes Cybersecurity Awareness Workshops throughout the academic year for girls in grades 6-8, and hosts the following camps in the summer:

  • CyberSTEM Camp - a one-week commuter summer program for middle school (incoming 7th and 8th grade) girls.
  • Intermediate CyberSTEM Camp - a one-week commuter summer program for high school (incoming 9th and 10th grade) girls.
  • Cyber Defense Training Camp- an intermediate level 7 day residential summer program for high school men and women (rising juniors and seniors).

Project Dataface began as a joint research project for an ACES seminar between Christian Johnson and Jeremy Krach, both Class of 2017. The original project attempted to raise awareness about digital privacy, specifically identifying individuals through images on social media.

Johnson and Krach developed a tool to harvest profile pictures on Facebook from more than 20,000 University of Maryland students. Using the profile pictures database, they planned to create a Google Glass application to recognize anyone on campus. Once someone is recognized, the application would create a post on social media, such as a Tweet or a Facebook post. By having a stranger post directly to their profile noting their location, the application would generate some discomfort and hopefully encourage discussions on publicly available information.

Johnson and Krach explored different facial recognition algorithms, but found that all potential algorithms required more than seven images to reach at least a 90 percent likelihood of correctly finding a match and Facebook only provided one image per person for their database.

For their seminar project Johnson and Krach proposed that instead of using the Internet to collect images, they would collect images in real life and then search the Internet to find matches to identify individuals.

Krach later continued this research individually, using Google Glass to experiment with different picture collecting methods that would maximize battery life and minimize data loss.

Krach has found he can reliably collect more than 90 percent of the images taken by Glass and has maximized the battery life to more than 50 minutes.

The battery life of the Google Glass is tied to the hardware and is not affected by the software collecting images. As better hardware is developed, Krach’s process will scale to enable massive data collection schemes.

As he completes the backend, Krach wants to “democratize” surveillance and allow any person with a Google Glass to create a recognition or surveillance system, changing the discourse on public surveillance. Project Dataface began as a joint research project for an ACES seminar between Christian Johnson and Jeremy Krach, both Class of 2017. The original project attempted to raise awareness about digital privacy, specifically identifying individuals through images on social media.

Johnson and Krach developed a tool to harvest profile pictures on Facebook from more than 20,000 University of Maryland students. Using the profile pictures database, they planned to create a Google Glass application to recognize anyone on campus. Once someone is recognized, the application would create a post on social media, such as a Tweet or a Facebook post. By having a stranger post directly to their profile noting their location, the application would generate some discomfort and hopefully encourage discussions on publicly available information.

Johnson and Krach explored different facial recognition algorithms, but found that all potential algorithms required more than seven images to reach at least a 90 percent likelihood of correctly finding a match and Facebook only provided one image per person for their database.

For their seminar project Johnson and Krach proposed that instead of using the Internet to collect images, they would collect images in real life and then search the Internet to find matches to identify individuals.

Krach later continued this research individually, using Google Glass to experiment with different picture collecting methods that would maximize battery life and minimize data loss.

Krach has found he can reliably collect more than 90 percent of the images taken by Glass and has maximized the battery life to more than 50 minutes.

The battery life of the Google Glass is tied to the hardware and is not affected by the software collecting images. As better hardware is developed, Krach’s process will scale to enable massive data collection schemes.

As he completes the backend, Krach wants to “democratize” surveillance and allow any person with a Google Glass to create a recognition or surveillance system, changing the discourse on public surveillance. 

Project Delta is a non-profit social enterprise connecting the collegiate hacker community with Non-Governmental Organizations, NGOs, to deliver software solutions for emerging social issues.

Sean Bae and Colin King, both class of 2018, began Project Delta to work with NGOs to design clearly defined, technically viable problems the hacking community could address.

Bae and King began Project Delta after attending a social hackathon in late 2014, where they built a system to report hazardous factory working conditions to labor union leaders in Bangladesh. When the pair showed their demo to the Solidarity Center, the organization had no idea how to deploy the project they built or how to make it available to workers in need.

While at the hackathon, Bae and King realized that there was a large demand for technical work to assist NGOs. Fourteen NGOs submitted problem statements at the hackathon, but students only addressed three of them.

Hackers knew how to hack, NGOs knew what they needed, but there was a distinct disconnect between the two to produce a working product for social change.

Project Delta aims to carry hacking teams through the product development cycle and onto product deployment with interested NGOs. Project Delta hoped to facilitate the production of hacker inspired solutions for NGOs.

Eventually, Project Delta is working to develop a community of students who believe in the power of technology to empower individuals to achieve social change.


Top