Engineering Commons^™

Applications Of Blockchain In Business Processes: A Comprehensive Review, Wattana Viriyasitavat, Li Xu, Dusit Niyato, Zhuming Bi, Danupol Hoonsopon

Information Technology & Decision Sciences Faculty Publications

Blockchain (BC), as an emerging technology, is revolutionizing Business Process Management (BPM) in multiple ways. The main adoption is to serve as a trusted infrastructure to guarantee the trust of collaborations among multiple partners in trustless environments. Especially, BC enables trust of information by using Distributed Ledger Technology (DLT). With the power of smart contracts, BC enforces the obligations of counterparties that transact in a business process (BP) by programming the contracts as transactions. This paper aims to study the state-of-the-art of BC technologies by (1) exploring its applications in BPM with the focus on how BC provides the trust …

Control Implemented On Quantum Computers: Effects Of Noise, Nondeterminism, And Entanglement, Kip Nieman, Keshav Kasturi Rangan, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Quantum computing has advanced in recent years to the point that there are now some quantum computers and quantum simulators available to the public for use. In addition, quantum computing is beginning to receive attention within the process systems engineering community for directions such as machine learning and optimization. A logical next step for its evaluation within process systems engineering is for control, specifically for computing control actions to be applied to process systems. In this work, we provide some initial studies regarding the implementation of control on quantum computers, including the implementation of a single-input/single-output proportional control law on …

Actuator Cyberattack Handling Using Lyapunov-Based Economic Model Predictive Control, Keshav Kasturi Rangan, Henrique Oyama, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity has gained increasing interest as a consequence of the potential impacts of cyberattacks on profits and safety. While attacks can affect various components of a plant, prior work from our group has focused on the impact of cyberattacks on control components such as process sensors and actuators and the development of detection strategies for cybersecurity derived from control theory. In this work, we provide greater focus on actuator attacks; specifically, we extend a detection and control strategy previously applied for sensor attacks and based on an optimization-based control technique called Lyapunov-based economic model predictive control (LEMPC) to detect attacks …

Test Methods For Image-Based Information In Next-Generation Manufacturing, Henrique Oyama, Dominic Messina, Renee O'Neill, Samantha Cherney, Minhazur Rahman, Keshav Kasturi Rangan, Govanni Gjonaj, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Typical control designs in the process systems engineering literature have assumed that the primary sensing methodologies are traditional instruments such as thermocouples. Dig- italization is changing the landscape for manufacturing, and data-based sensing modalities (e.g., image-based sensing) are becoming of greater interest for plant control. These considerations require novel test/evaluation solutions. For example, process systems engineering researchers may wish to test image-based sensors in simulation. In this work, we provide preliminary thoughts on how image-based technologies might be evaluated via simulation for process systems.

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Challenges And Opportunities For Next-Generation Manufacturing In Space, Kip Nieman, A. F. Leonard, Katie Tyrell, Dominic Messina, Rebecca Lopez, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

With commercial space travel now a reality, the idea that people might spend time on other planets in the future seems to have greater potential. To make this possible, however, there needs to be flexible means for manufacturing in space to enable tooling or resources to be created when needed to handle unexpected situations. Next-generation manufacturing paradigms offer significant potential for the kind of flexibility that might be needed; however, they can result in increases in computation time compared to traditional control methods that could make many of the computing resources already available on earth attractive for use. Furthermore, resilience …

On-Line Process Physics Tests Via Lyapunov-Based Economic Model Predictive Control And Simulation-Based Testing Of Image-Based Process Control, Henrique Oyama, A. F. Leonard, Minhazur Rahman, Govanni Gjonaj, Michael Williamson, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Next-generation manufacturing involves increasing use of automation and data to enhance process efficiency. An important question for the chemical process industries, as new process systems (e.g., intensified processes) and new data modalities (e.g., images) are integrated with traditional plant automation concepts, will be how to best evaluate alternative strategies for data-driven modeling and synthesizing process data. Two methods which could be used to aid in this are those which aid in testing data-based techniques on-line, and those which enable various data-based techniques to be assessed in simulation. In this work, we discuss two techniques in this domain which can be …

Message-Locked Searchable Encryption: A New Versatile Tool For Secure Cloud Storage, Xueqiao Liu, Guomin Yang, Willy Susilo, Joseph Tonien, Rongmao Chen, Xixiang Lv

Research Collection School Of Computing and Information Systems

Message-Locked Encryption (MLE) is a useful tool to enable deduplication over encrypted data in cloud storage. It can significantly improve the cloud service quality by eliminating redundancy to save storage resources, and hence user cost, and also providing defense against different types of attacks, such as duplicate faking attack and brute-force attack. A typical MLE scheme only focuses on deduplication. On the other hand, supporting search operations on stored content is another essential requirement for cloud storage. In this article, we present a message-locked searchable encryption (MLSE) scheme in a dual-server setting, which achieves simultaneously the desirable features of supporting …

Benchmarking Library Recognition In Tweets, Ting Zhang, Divya Prabha Chandrasekaran, Ferdian Thung, David Lo

Research Collection School Of Computing and Information Systems

Software developers often use social media (such as Twitter) to shareprogramming knowledge such as new tools, sample code snippets,and tips on programming. One of the topics they talk about is thesoftware library. The tweets may contain useful information abouta library. A good understanding of this information, e.g., on thedeveloper’s views regarding a library can be beneficial to weigh thepros and cons of using the library as well as the general sentimentstowards the library. However, it is not trivial to recognize whethera word actually refers to a library or other meanings. For example,a tweet mentioning the word “pandas" may refer to …

Performance Improvements In Inner Product Encryption, Serena Riback

Honors Scholar Theses

Consider a database that contains thousands of entries of the iris biometric. Each entry identifies an individual, so it is especially important that it remains secure. However, searching for entries among an encrypted database proves to be a security problem - how should one search encrypted data without leaking any information to a potential attacker? The proximity searchable encryption scheme, as discussed in the work by Cachet et al., uses the notions of inner product encryption developed by Kim et al.. In this paper, we will focus on the efficiency of these schemes. Specifically, how the symmetry of the bilinear …

Lyapunov-Based Economic Model Predictive Control For Detecting And Handling Actuator And Simultaneous Sensor/Actuator Cyberattacks On Process Control Systems, Henrique Oyama, Dominic Messina, Keshav Kasturi Rangan, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

The controllers for a cyber-physical system may be impacted by sensor measurement cyberattacks, actuator signal cyberattacks, or both types of attacks. Prior work in our group has developed a theory for handling cyberattacks on process sensors. However, sensor and actuator cyberattacks have a different character from one another. Specifically, sensor measurement attacks prevent proper inputs from being applied to the process by manipulating the measurements that the controller receives, so that the control law plays a role in the impact of a given sensor measurement cyberattack on a process. In contrast, actuator signal attacks prevent proper inputs from being applied …

Verifiable Searchable Encryption Framework Against Insider Keyword-Guessing Attack In Cloud Storage, Yinbin Miao, Robert H. Deng, Kim-Kwang Raymond Choo, Ximeng Liu, Hongwei Li

Research Collection School Of Computing and Information Systems

Searchable encryption (SE) allows cloud tenants to retrieve encrypted data while preserving data confidentiality securely. Many SE solutions have been designed to improve efficiency and security, but most of them are still susceptible to insider Keyword-Guessing Attacks (KGA), which implies that the internal attackers can guess the candidate keywords successfully in an off-line manner. Also in existing SE solutions, a semi-honest-but-curious cloud server may deliver incorrect search results by performing only a fraction of retrieval operations honestly (e.g., to save storage space). To address these two challenging issues, we first construct the basic Verifiable SE Framework (VSEF), which can withstand …

Technical Analysis Of Thanos Ransomware, Ikuromor Ogiriki, Christopher Beck, Vahid Heydari

Faculty Scholarship for the College of Science & Mathematics

Ransomware is a developing menace that encrypts users’ files and holds the decryption key hostage until the victim pays a ransom. This particular class of malware has been in charge of extortion hundreds of millions of dollars every year. Adding to the problem, generating new variations is cheap. Therefore, new malware can detect antivirus and intrusion detection systems and evade them or manifest in ways to make themselves undetectable. We must first understand the characteristics and behavior of various varieties of ransomware to create and construct effective security mechanisms to combat them. This research presents a novel dynamic and behavioral …

Efficient Certificateless Multi-Copy Integrity Auditing Scheme Supporting Data Dynamics, Lei Zhou, Anmin Fu, Guomin Yang, Huaqun Wang, Yuqing Zhang

Research Collection School Of Computing and Information Systems

To improve data availability and durability, cloud users would like to store multiple copies of their original files at servers. The multi-copy auditing technique is proposed to provide users with the assurance that multiple copies are actually stored in the cloud. However, most multi-replica solutions rely on Public Key Infrastructure (PKI), which entails massive overhead of certificate computation and management. In this article, we propose an efficient multi-copy dynamic integrity auditing scheme by employing certificateless signatures (named MDSS), which gets rid of expensive certificate management overhead and avoids the key escrow problem in identity-based signatures. Specifically, we improve the classic …

Analyzing Offline Social Engagements: An Empirical Study Of Meetup Events Related To Software Development, Abhishek Sharma, Gede Artha Azriadi Prana, Anamika Sawhney, Nachiappan Nagappan, David Lo

Research Collection School Of Computing and Information Systems

Software developers use a variety of social mediachannels and tools in order to keep themselves up to date,collaborate with other developers, and find projects to contributeto. Meetup is one of such social media used by softwaredevelopers to organize community gatherings. We in this work,investigate the dynamics of Meetup groups and events relatedto software development. Our work is different from previouswork as we focus on the actual event and group data that wascollected using Meetup API.In this work, we performed an empirical study of eventsand groups present on Meetup which are related to softwaredevelopment. First, we identified 6,327 Meetup groups related …

Sok: Analysis Of Software Supply Chain Security By Establishing Secure Design Properties, Chinenye Okafor, Taylor R. Schorlemmer, Santiao Torres-Arias, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered …

Exploiting Input Sanitization For Regex Denial Of Service, Efe Barlas, Xin Du, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Web services use server-side input sanitization to guard against harmful input. Some web services publish their sanitization logic to make their client interface more usable, e.g., allowing clients to debug invalid requests locally. However, this usability practice poses a security risk. Specifically, services may share the regexes they use to sanitize input strings — and regex-based denial of service (ReDoS) is an emerging threat. Although prominent service outages caused by ReDoS have spurred interest in this topic, we know little about the degree to which live web services are vulnerable to ReDoS.

In this paper, we conduct the first black-box …

Discrepancies Among Pre-Trained Deep Neural Networks: A New Threat To Model Zoo Reliability, Diego Montes, Pongpatapee Peerapatanapokin, Jeff Schultz, Chengjun Guo, Wenxin Jiang, James C. Davis

Department of Electrical and Computer Engineering Faculty Publications

Training deep neural networks (DNNs) takes significant time and resources. A practice for expedited deployment is to use pre-trained deep neural networks (PTNNs), often from model zoos.collections of PTNNs; yet, the reliability of model zoos remains unexamined. In the absence of an industry standard for the implementation and performance of PTNNs, engineers cannot confidently incorporate them into production systems. As a first step, discovering potential discrepancies between PTNNs across model zoos would reveal a threat to model zoo reliability. Prior works indicated existing variances in deep learning systems in terms of accuracy. However, broader measures of reliability for PTNNs from …

Precursors Of Email Response To Cybersecurity Scenarios: Factor Exploration And Scale Development, Miguel A. Toro-Jarrin, Pilar Pazos-Lago, Miguel Padilla

Engineering Management & Systems Engineering Faculty Publications

In the last decade, information security research has further expanded to include human factors as key elements of the organization's cybersecurity infrastructure. Numerous factors from several theories have been explored to explain and predict the multitude of information security-related behaviors in organizations. Lately, there has been a call for the study of specific cybersecurity behaviors in contextualized scenarios that reflect specific and realistic situations of a potential cyber-attack. This paper focuses on precursors of email response in situations that can be the origin of cybersecurity incidents in organizations (i.e., phishing attacks, ransomware, etc.). This study explores participants' intentions to follow …

The Effects Of Antecedents And Mediating Factors On Cybersecurity Protection Behavior, Ling Li, Li Xu, Wu He

Information Technology & Decision Sciences Faculty Publications

This paper identifies opportunities for potential theoretical and practical improvements in employees' awareness of cybersecurity and their motivational behavior to protect themselves and their organizations from cyberattacks using the protection motivation theory. In addition, it contributes to the literature by examining additional variables and mediators besides the core constructs of the Protection Motivation Model (PMT). This article uses empirical data and structural equation modeling to test the antecedents and mediators of employees' cybersecurity motivational behavior. The study offers theoretical and pragmatic guidance for cybersecurity programs. First, the model developed in this study can partially explain how people may change their …

Development Of Experiential Learning Experiences For K-12 Students Focusing On Smart Cities, Murat Kuzlu, Vukica Jovanovic, Nathan Puryear, Patrick J. Martin, Sherif Abdelwahed, Özgür Güler

Engineering Technology Faculty Publications

The main objective of this paper is to describe a project focused on the development of experiential learning experiences for undergraduate and graduate students focusing on smart cities. The future workforce needs students with various data analytics skills, service reliability, and sustainability. The team of researchers from Old Dominion University and Virginia Commonwealth University is developing a virtual smart city lab environment at both universities and collaborating on multiple research projects. The main purpose of this virtual labs is to provide a testbed that can be used for students who are interested in careers related to cyber-physical systems (CPS). These …

Bfv-Based Homomorphic Encryption For Privacy-Preserving Cnn Models, Febrianti Wibawa, Ferhat Ozgur Catak, Salih Sarp, Murat Kuzlu

Engineering Technology Faculty Publications

Medical data is frequently quite sensitive in terms of data privacy and security. Federated learning has been used to increase the privacy and security of medical data, which is a sort of machine learning technique. The training data is disseminated across numerous machines in federated learning, and the learning process is collaborative. There are numerous privacy attacks on deep learning (DL) models that attackers can use to obtain sensitive information. As a result, the DL model should be safeguarded from adversarial attacks, particularly in medical data applications. Homomorphic encryption-based model security from the adversarial collaborator is one of the answers …

Defensive Distillation-Based Adversarial Attack Mitigation Method For Channel Estimation Using Deep Learning Models In Next-Generation Wireless Networks, Ferhat Ozgur Catak, Murat Kuzlu, Evren Catak, Umit Cali, Ozgur Guler

Engineering Technology Faculty Publications

Future wireless networks (5G and beyond), also known as Next Generation or NextG, are the vision of forthcoming cellular systems, connecting billions of devices and people together. In the last decades, cellular networks have dramatically grown with advanced telecommunication technologies for high-speed data transmission, high cell capacity, and low latency. The main goal of those technologies is to support a wide range of new applications, such as virtual reality, metaverse, telehealth, online education, autonomous and flying vehicles, smart cities, smart grids, advanced manufacturing, and many more. The key motivation of NextG networks is to meet the high demand for those …

C2 Microservices Api: Ch4rl3sch4l3m4gn3, Thai H. Nguyễn

School of Computer Science & Engineering Undergraduate Publications

In the 21^st century, cyber-based attackers such as advance persistent threats are leveraging bots in the form of botnets to conduct a plethora of cyber-attacks. While there are several social engineering techniques used to get targets to unknowingly download these bots, it is the command-and-control techniques advance persistent threats use to control their bots that is of critical interest to the author. In this research paper, the author aims to develop a command-and-control microservice application programming interface infrastructure to facilitate botnet command-and-control attack simulations. To achieve this the author will develop a simple bot skeletal framework, utilize the latest …

A Probabilistic Perspective Of Human-Machine Interaction, Mustafa Canan, Mustafa Demir, Samuel Kovacic

Engineering Management & Systems Engineering Faculty Publications

Human-machine interaction (HMI) has become an essential part of the daily routine in organizations. Although the machines are designed with state-of-the-art Artificial Intelligence applications, they are limited in their ability to mimic human behavior. The human-human interaction occurs between two or more humans; when a machine replaces a human, the interaction dynamics are not the same. The results indicate that a machine that interacts with a human can increase the mental uncertainty that a human experiences. Developments in decision sciences indicate that using quantum probability theory (QPT) improves the understanding of human decision-making than merely using classical probability theory (CPT). …

A Channel State Information Based Virtual Mac Spoofing Detector, Peng Jiang, Hongyi Wu, Chunsheng Xin

Electrical & Computer Engineering Faculty Publications

Physical layer security has attracted lots of attention with the expansion of wireless devices to the edge networks in recent years. Due to limited authentication mechanisms, MAC spoofing attack, also known as the identity attack, threatens wireless systems. In this paper, we study a new type of MAC spoofing attack, the virtual MAC spoofing attack, in a tight environment with strong spatial similarities, which can create multiple counterfeits entities powered by the virtualization technologies to interrupt regular services. We develop a system to effectively detect such virtual MAC spoofing attacks via the deep learning method as a countermeasure. …

Detecting The Presence Of Electronic Devices In Smart Homes Using Harmonic Radar, Beatrice Perez, Gregory Mazzaro, Timothy J. Pierson, David Kotz

Dartmouth Scholarship

Data about users is collected constantly by phones, cameras, Internet websites, and others. The advent of so-called ‘Smart Things' now enable ever-more sensitive data to be collected inside that most private of spaces: the home. The first step in helping users regain control of their information (inside their home) is to alert them to the presence of potentially unwanted electronics. In this paper, we present a system that could help homeowners (or home dwellers) find electronic devices in their living space. Specifically, we demonstrate the use of harmonic radars (sometimes called nonlinear junction detectors), which have also been used in …

Deeppose: Detecting Gps Spoofing Attack Via Deep Recurrent Neural Network, Peng Jiang, Hongyi Wu, Chunsheng Xin

Electrical & Computer Engineering Faculty Publications

The Global Positioning System (GPS) has become a foundation for most location-based services and navigation systems, such as autonomous vehicles, drones, ships, and wearable devices. However, it is a challenge to verify if the reported geographic locations are valid due to various GPS spoofing tools. Pervasive tools, such as Fake GPS, Lockito, and software-defined radio, enable ordinary users to hijack and report fake GPS coordinates and cheat the monitoring server without being detected. Furthermore, it is also a challenge to get accurate sensor readings on mobile devices because of the high noise level introduced by commercial motion sensors. To this …

"Mystify": A Proactive Moving-Target Defense For A Resilient Sdn Controller In Software Defined Cps, Mohamed Azab, Mohamed Samir, Effat Samir

Electrical & Computer Engineering Faculty Publications

The recent devastating mission Cyber–Physical System (CPS) attacks, failures, and the desperate need to scale and to dynamically adapt to changes, revolutionized traditional CPS to what we name as Software Defined CPS (SD-CPS). SD-CPS embraces the concept of Software Defined (SD) everything where CPS infrastructure is more elastic, dynamically adaptable and online-programmable. However, in SD-CPS, the threat became more immanent, as the long-been physically-protected assets are now programmatically accessible to cyber attackers. In SD-CPSs, a network failure hinders the entire functionality of the system. In this paper, we present MystifY, a spatiotemporal runtime diversification for Moving-Target Defense (MTD) to secure …