UMBC Center for Information Security and Assurance

Research at CISA

Applied Cryptography

Verifiable Randomness

We are designing, implementing, and analyzing new algorithms for generating verifiably random bits. Applications of this work include Random-Sample Elections (see below), where verifiably random bits are needed for selecting random samples and election audits.

CISA members that work in this area include Alan T. Sherman and Christopher D. Nguyen.

Secure Voting

Random-Sample Elections

Random-Sample Elections work by randomly selecting voters and auditing tallies in a novel way. It allows anyone to verify online that neither the selection nor outcome can have been manipulated by anyone including governments. Voters are protected but are unable to sell votes. Voters may also be better motivated and informed since each vote carries more weight and each voter can meaningfully investigate and study the single issue that voter is asked to help decide.

CISA members that work on this project include Alan T. Sherman and Christopher D. Nguyen.


Scantegrity is a family of security enhancements for optical scan voting systems, providing such systems with end-to-end (E2E) verifiability of election results. Each version of the system uses privacy-preserving confirmation codes to allow a voter to prove to themselves that their ballot is included unmodified in the final tally. As the system relies on cryptographic techniques, the ability to validate an election outcome is both software independent as well as independent of faults in the physical chain-of-custody of the paper ballots. The system was developed by a team of researchers including cryptographers David Chaum and Ron Rivest.

Scantegrity II prints the confirmation codes in invisible ink to improve usability and dispute resolution. Two versions of the system are currently under research and development: Scantegrity III and Remotegrity. Scantegrity III further improves usability through the addition of a receipt printer. Remotegrity is an Internet version of the Scantegrity system.

CISA members that have worked on this project include Alan T. Sherman, Richard T. Carback III, Russell A. Fink, and John Conway.

This description is a reorganization of the information presented on the Scantegrity website.


Punchscan is the predecessor of Scantegrity system. It is the first vote capture system to offer fully end-to-end (E2E) verifiability of election results. Punchscan moves beyond ordinary paper audit trails offering a far more robust and available way for voters to become involved in the election oversight process. The system was invented by cryptographer David Chaum.

CISA members that worked on this project include Alan T. Sherman and Richard T. Carback III.

This description was taken from the Scantegrity website.

Communication Networks

Challenged Sensor Internetworks

We are exploring mechanisms to combine heterogeneous, wireless sensor networks into delay and disruption tolerant internetworks. Our work describes properties of these systems and provides algorithms for overlay path discovery, congestion modeling, and fragmentation. This work enables unique concepts such as the Solar System Internet.

CISA members that worked in this area include Edward J. Birrane.

Cloud Computing

Secure Cloud Computation

CISA members that worked in this area include F. John Krautheim.

Cloud Forensics

When investigating suspected crimes in and against Infrastructure-as-a-Service (IaaS) cloud computing environments, forensic examiners are poorly equipped to deal with the technological and legal challenges. Because data in the cloud are remote, distributed, and elastic, these challenges include understanding the cloud environment, acquiring and analyzing data remotely, and visualizing changes in virtualized data. Today digital forensics for cloud computing is challenging at best. This thesis identifies important issues in this new field and develops new practical forensic tools and techniques to facilitate forensics exams in cloud.

We are working to develop practical forensic tools and techniques to facilitate forensic examinations of the cloud. Forensics capabilities for cloud computing stands to impact cloud adoption on a global scale. Corporate decision makers, government policy makers, researchers, law enforcement and forensics examiners will be better able to evaluate the risks of cloud computing, to conduct forensic exams, and to guide future research and innovations as a result of this work.

For an example search warrant for IaaS cloud computing, see this page.

CISA members that work on this project include Josiah Dykstra and Alan T. Sherman.

Trusted Computing

Trusted Platform Modules

Trusted Platform Modules (TPMs) are secure cryptoprocessors that provide cryptographic primitives and services to otherwise insecure hardware. Services they provide include pseudo-random number generation, remote attestation (hashing), sealing (encryption), and binding (digital signatures). The hardware is tamper-resistant; it destroys its cryptographic keys if it detects tampering.

We have applied TPMs to provide integrity to the voting process by ensuring correctness of booted software. Scantegrity uses TPMs to increase assurance without being dependent on TPMs for security.

CISA members that worked in this area include Russell A. Fink and Richard T. Carback III.

Information Assurance Education

Cybersecurity Assessment Tools

To help universities better prepare the substantial number of cybersecurity professionals needed, we are creating infrastructure for a rigorous evidence-based improvement of cybersecurity education. For more information, visit our project website.


In interacting with any secure environment, the user is the weakest link in security. SecurityEmpire is a new interactive multiplayer computer game targeted towards high school students to teach Information Assurance (IA) concepts to users, without making assumptions regarding the user's prior security experience. The game challenges users to build green energy systems (e.g., solar, geothermal, wind), while engaging in sound IA practices and avoiding security missteps.

The project addresses two threats to cyber safety: users act without thinking about the consequences of their actions; and users lack awareness of basic IA concepts. This project contributes to the DHS cyber initiative "Stop. Think. Connect.".

In contrast with traditional teaching methods, educational games hold promise for greater student engagement and learning. Computer games offer a better chance than do board and card games to engage students who have access to computers because such students spend many more hours playing computer games and computer games can be copied and distributed more cheaply and efficiently.

The game will be fielded and tested in at Meade Senior High School (MHS) in Anne Arundel County as a stand-alone web game accessible via CISA servers. A second version is being developed as a Facebook application. Students will test the game, provide feedback, and suggest improvements for the game.

This work is jointly lead by Alan T. Sherman (CISA), Marc Olano (Game Development Track), and Linda Oliva (Dept. of Education) supported by the National Science Foundation (NSF).

CISA members that work on this project include Alan T. Sherman and Oliver Kubik.

Cyber Battle Lab

The Cyber Battle Lab is a joint venture with Capitol College. CISA serves as a member of the Advisory Board.

CISA members that work on this project include Alan T. Sherman.

Cyber Defense Exercises (CDX)

The CDX project is the predecessor to the Cyber Battle Lab.

Cyber defense exercises (CDXs) are hands-on information assurance exercises used in the UMBC computer science undergraduate and graduate curricula. Each exercise is organized in a flexible fashion to facilitate varied use for different courses, levels, and available time. During each exercise, students engage in structured activities using a virtual machine that is run in a lab or on a laptop from a mobile cart that can be rolled into any classroom. The virtual machines are configured to permit a student to make mistakes safely while acting as the system administrator, without adversely affecting any other users or systems.

CISA members that worked on these exercises include Richard T. Carback III.