UMBC ITE 325b and online; Lunch provided!
The United States is a major consumer, contributor, and target in cyberspace. This talk will describe cyber threats, roles and responsibilities, technology, and policy considerations for achieving American self-defense in cyber. We will discuss options for defending against cyberattack, achieving deterrence, and the interplay between offense and defense. We will consider various perspectives from computer science and engineering, political science, and economics.
Dr. Josiah Dykstra is a senior researcher at RTX BBN Technologies. He solves ambitious problems by blending high-end security research with a real-world attacker mentality to fortify the code powering the world's most critical organizations and devices.
Dr. Dykstra previously worked for 19 years at the National Security Agency (NSA) where he advised leadership and employees on technical matters for integrated cybersecurity operations and provided technical direction on projects and programs that enabled high impact operational effects. He held a variety of technical and leadership positions including as a senior researcher within NSA's Research Directorate studying computer network operations. His work has also included penetration testing, digital forensics, and malware analysis.
Dykstra is a Lifetime and Distinguished Member of ACM. He attended the 2nd Heidelberg Laureate Forum as a Young Researcher in 2014, which motivated his commitment to ACM. He is passionate about developing and empowering the next generation of interdisciplinary computing professionals, particularly in cybersecurity. Dykstra remains an active collaborator with academic, industry, and government researchers around the country. He has received numerous noteworthy awards, including the Presidential Early Career Award for Scientists and Engineers (PECASE). He is one of eight people in the CyberCorps Scholarship for Service (SFS) Hall of Fame.
Josiah received a B.S. in computer science and B.A. in music from Hope College (Holland, MI), M.S in information assurance from Iowa State University, and Ph.D. in computer science from the University of Maryland, Baltimore County. His doctoral research explored new technical and legal mechanisms to support digital forensics for cloud computing environments. Dr. Dykstra is a Fellow of the American Academy of Forensic Sciences (AAFS), member of the American Association for the Advancement of Science (AAAS), and member of the Human Factors and Ergonomics Society (HFES).
Dr. Dykstra is the author of the book Essential Cybersecurity Science (2016), a guide for practitioners and discusses key considerations for conducting scientific experiments in cybersecurity, including domain-specific insights including digital forensics and malware analysis. He is also co-author of the book Cybersecurity Myths and Misconceptions (2023). An experienced presenter and lecturer, he has spoken at major security events including Black Hat USA and RSA Conference.
The UMBC Cyber Defense Lab presents
Alan T. Sherman, Enis Golszewski, and Jeremy J. Romanik Romano
UMBC CSEE Department
Joint work with Edward Zieglar, Jonathan D. Fuchs, and William E. Byrd
12:00 noon–1pm Friday, December 12, 2025 via WebEx
We analyze security aspects of the SecureDNA system regarding its system design, engineering, and implementation. This system enables DNA synthesizers to screen order requests against a database of hazards. By applying novel cryptography involving distributed oblivious pseudorandom functions, the system aims to keep order requests and the database of hazards secret. Discerning the detailed operation of the system in part from source code (Version 1.0.8), our analysis examines key management, certificate infrastructure, authentication, and rate-limiting mechanisms. We also perform the first formal-methods analysis of the mutual authentication, basic request, and exemption-handling protocols.
Without breaking the cryptography, our main finding is that SecureDNA's custom mutual authentication protocol SCEP achieves only one-way authentication: the hazards database and keyservers never learn with whom they communicate. This structural weakness violates the principle of defense in depth and enables an adversary to circumvent rate limits that protect the secrecy of the hazards database, if the synthesizer connects with a malicious or corrupted keyserver or hashed database. We point out an additional structural weakness that also violates the principle of defense in depth: inadequate cryptographic bindings prevent the system from detecting if responses, within a TLS channel, from the hazards database were modified. Consequently, if a synthesizer were to reconnect with the database over the same TLS session, an adversary could replay and swap responses from the database without breaking TLS. Although the SecureDNA implementation does not allow such reconnections, it would be stronger security engineering to avoid the underlying structural weakness. We identify these vulnerabilities and suggest and verify mitigations, including adding strong bindings. Software Version 1.1.0 fixes SCEP with our proposed SCEP+ protocol.
Our work illustrates that a secure system needs more than sound mathematical cryptography; it also requires formal specifications, sound key management, proper binding of protocol message components, and careful attention to engineering and implementation details.
Dr. Alan T. Sherman is a professor of computer science at UMBC in the CSEE Department, associate director of UMBC's Cybersecurity Institute, and director of the Cyber Defense Lab. His main research interest is high-integrity voting systems. He has carried out research in election systems, protocol analysis, algorithm design, cryptanalysis, theoretical foundations for cryptography, applications of cryptography, cloud forensics, and cybersecurity education. Dr. Sherman is also a private consultant performing security analyses and serving as an expert witness. Sherman earned the PhD degree in computer science at MIT in 1987, studying under Ronald L. Rivest. His research accomplishments include contributions to the Scantegrity and VoteXX election systems and development and validation of the Cybersecurity Concept Inventory (CCI) and Cybersecurity Curriculum Assessment (CCA). This work has been presented at USENIX Security 2010 and E-VOTE-ID 2025, and won best research paper at SIGSCE 2023. Sherman received approximately $15 million in funding from NSF, NSA, and IBM.
Dr. Enis Golaszewski is a teaching assistant professor of computer science at UMBC in the CSEE Department. He holds weekly workshops in formal-methods analyses of cryptographic protocols using the Cryptographic Protocol Shapes Analyzer (CPSA). His current research projects include analysis of the Coalition for Content Provenance and Authenticity (C2PA) protocol. Golaszewski earned the PhD under Sherman. His dissertation includes the design and development of a tool---ProtoBindGuard---that automatically binds protocol messages to context to prevent protocol-interaction attacks. Golaszewski is a former SFS scholar at UMBC. https://www.csee.umbc.edu/enis-golaszewski/
Jeremy J. Romanik Romano is an MS student in computer science at UMBC. His research interests include cybersecurity, software security, and protocol analysis. His involvement in this project began through being a student in Sherman's INSuRE and cryptology research courses. Romano is a member of the UMBC Protocol Analysis Lab and system administration and cybersecurity clubs on campus.
Support for this event was provided in part by NSF under grants DGE-1753681 and 2438185. ]]>