Engineering Commons^™

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Cybersecurity Issues In The Context Of Cryptographic Shuffling Algorithms And Concept Drift: Challenges And Solutions, Hatim Alsuwat

Theses and Dissertations

In this dissertation, we investigate and address two kinds of data integrity threats. We first study the limitations of secure cryptographic shuffling algorithms regarding preservation of data dependencies. We then study the limitations of machine learning models regarding concept drift detection. We propose solutions to address these threats.

Shuffling Algorithms have been used to protect the confidentiality of sensitive data. However, these algorithms may not preserve data dependencies, such as functional de- pendencies and data-driven associations. We present two solutions for addressing these shortcomings: (1) Functional dependencies preserving shuffle, and (2) Data-driven asso- ciations preserving shuffle. For preserving functional dependencies, …

Guest Editorial Special Issue On Toward Securing Internet Of Connected Vehicles (Iov) From Virtual Vehicle Hijacking, Yue Cao, Houbing Song, Omprakash Kaiwartya, Sinem Coleri Ergen, Jaime Lloret, Naveed Ahmad

Houbing Song

Today’s vehicles are no longer stand-alone transportation means, due to the advancements on vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) communications enabled to access the Internet via recent technologies in mobile communications, including WiFi, Bluetooth, 4G, and even 5G networks. The Internet of vehicles was aimed toward sustainable developments in transportation by enhancing safety and efficiency. The sensor-enabled intelligent automation of vehicles’ mechanical operations enhances safety in on-road traveling, and cooperative traffic information sharing in vehicular networks improves traveling efficiency.

On The Potential, Feasibility, And Effectiveness Of Chat Bots In Public Health Research Going Forward, Stanley Mierzwa, Samir Souidi, Tammy Allen

Center for Cybersecurity

This paper will discuss whether bots, particularly chat bots, can be useful in public health research and health or pharmacy systems operations. Bots have been discussed for many years; particularly when coupled with artificial intelligence, they offer the opportunity of automating mundane or error-ridden processes and tasks by replacing human involvement. This paper will discuss areas where there are greater advances in the use of bots, as well as areas that may benefit from the use of bots, and will offer practical ways to get started with bot technology. Several popular bot applications and bot development tools along with practical …

Current Trends In Suas; Implications For U.S. Special Operations Forces., Philip Craiger, Diane M. Zorri Ph.D.

J. Philip Craiger, Ph.D.

Drones On The Rise: Societal Misperceptions Of Small Unmanned Aircraft Systems, Renee Keilman

The Journal of Purdue Undergraduate Research

Throughout the past decade, small unmanned aircraft systems (sUAS) have been on the rise in both the civilian and military sectors. It is forecasted that in the near future they will create thousands of jobs and billions in tax revenue due to their ability to execute difficult and hazardous tasks safely, efficiently, and cost-effectively. However, one current issue with the proliferation of the technology is a shortage of skilled employees due to a lack of education and common negative public misperceptions associated with them.

To investigate this, responses from a mixed-methods survey will be analyzed. Within the survey, questions such …

Guest Editorial Special Issue On Toward Securing Internet Of Connected Vehicles (Iov) From Virtual Vehicle Hijacking, Yue Cao, Houbing Song, Omprakash Kaiwartya, Sinem Coleri Ergen, Jaime Lloret, Naveed Ahmad

Publications

Today’s vehicles are no longer stand-alone transportation means, due to the advancements on vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) communications enabled to access the Internet via recent technologies in mobile communications, including WiFi, Bluetooth, 4G, and even 5G networks. The Internet of vehicles was aimed toward sustainable developments in transportation by enhancing safety and efficiency. The sensor-enabled intelligent automation of vehicles’ mechanical operations enhances safety in on-road traveling, and cooperative traffic information sharing in vehicular networks improves traveling efficiency.

System Of Systems (Sos) Architecture For Digital Manufacturing Cybersecurity, Lirim Ashiku, Cihan H. Dagli

Engineering Management and Systems Engineering Faculty Research & Creative Works

Technology advancements of real time connectivity and computing powers has evolved the way people manage activities triggering heavy reliance on smart devices. This has reshaped the ability to memorize crucial information, instead accumulate the information into devices allowing real-time fingertip access when needed. Inability to access such information when needed is routinely assumed with device malfunctioning bypassing the probability of compromise, but what if the information is now being accessed by adversaries depriving the data-owner access to crucial information? Cyber manufacturing systems are not immune from these issues. It is possible to approach this problem as generating SoS meta-architecture. In …

Cybersecurity Education In Utah High Schools: An Analysis And Strategy For Teacher Adoption, Cariana June Cornel

Theses and Dissertations

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In …

Process/Equipment Design Implications For Control System Cybersecurity, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this …

Unmanned Aircraft Systems In The Cyber Domain, Randall K. Nichols, Hans C. Mumm, Wayne D. Lonstein, Julie J.C.H. Ryan, Candice Carter, John-Paul Hood

NPP eBooks

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; …

Mitigating Colluding Attacks In Online Social Networks And Crowdsourcing Platforms, Georges Arsene K. Kamhoua

FIU Electronic Theses and Dissertations

Online Social Networks (OSNs) have created new ways for people to communicate, and for companies to engage their customers -- with these new avenues for communication come new vulnerabilities that can be exploited by attackers. This dissertation aims to investigate two attack models: Identity Clone Attacks (ICA) and Reconnaissance Attacks (RA). During an ICA, attackers impersonate users in a network and attempt to infiltrate social circles and extract confidential information. In an RA, attackers gather information on a target's resources, employees, and relationships with other entities over public venues such as OSNs and company websites. This was made easier for …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Management And Security Of Multi-Cloud Applications, Lav Gupta

McKelvey School of Engineering Theses & Dissertations

Single cloud management platform technology has reached maturity and is quite successful in information technology applications. Enterprises and application service providers are increasingly adopting a multi-cloud strategy to reduce the risk of cloud service provider lock-in and cloud blackouts and, at the same time, get the benefits like competitive pricing, the flexibility of resource provisioning and better points of presence. Another class of applications that are getting cloud service providers increasingly interested in is the carriers' virtualized network services. However, virtualized carrier services require high levels of availability and performance and impose stringent requirements on cloud services. They necessitate the …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

A Framework For Cyber Vulnerability Assessments Of Infiniband Networks, Daryl W. Schmitt

Theses and Dissertations

InfiniBand is a popular Input/Output interconnect technology used in High Performance Computing clusters. It is employed in over a quarter of the world’s 500 fastest computer systems. Although it was created to provide extremely low network latency with a high Quality of Service, the cybersecurity aspects of InfiniBand have yet to be thoroughly investigated. The InfiniBand Architecture was designed as a data center technology, logically separated from the Internet, so defensive mechanisms such as packet encryption were not implemented. Cyber communities do not appear to have taken an interest in InfiniBand, but that is likely to change as attackers branch …

Project Insight: A Granular Approach To Enterprise Cybersecurity, Sunna Quazi, Adam Baca, Sam Darsche

SMU Data Science Review

In this paper, we disambiguate risky activity corporate users are propagating with their software in real time by creating an enterprise security visualization solution for system administrators. The current problem in this domain is the lag in cyber intelligence that inhibits preventative security measure execution. This is partially due to the overemphasis of network activity, which is a nonfinite dataset and is difficult to comprehensively ingest with analytics. We address these concerns by elaborating on the beta of a software called "Insight" created by Felix Security. The overall solution leverages endpoint data along with preexisting whitelist/blacklist designations to unambiguously communicate …

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

J. Philip Craiger, Ph.D.

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

Aviation Cybersecurity: An Overview, Gary C. Kessler, J. Philip Craiger

J. Philip Craiger, Ph.D.

Information security—aka cybersecurity—is the most rapidly growing threat to critical infrastructures, including the aviation industry. Due to the plethora of digital devices, ubiquity of the Internet and other networks, and the rapid growth in the adoption of technology, everyone is an information system security manager. Every professional in the aviation and aeronautics industry use computers, mobile devices, tablets, GPS devices, and/or other hardware on a daily basis, as well as go online for a variety of reasons.

Attacks on information have been ongoing since the inception of the industry a hundred years ago, in such forms as intellectual property theft …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

A Comprehensive Cybersecurity Defense Framework For Large Organizations, Willarvis Smith

CCE Theses and Dissertations

There is a growing need to understand and identify overarching organizational requirements for cybersecurity defense in large organizations. Applying proper cybersecurity defense will ensure that the right capabilities are fielded at the right locations to safeguard critical assets while minimizing duplication of effort and taking advantage of efficiencies. Exercising cybersecurity defense without an understanding of comprehensive foundational requirements instills an ad hoc and in many cases conservative approach to network security. Organizations must be synchronized across federal and civil agencies to achieve adequate cybersecurity defense. Understanding what constitutes comprehensive cybersecurity defense will ensure organizations are better protected and more efficient. …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …

Mro Cybersecurity Swot, Danita Baghdasarin

International Journal of Aviation, Aeronautics, and Aerospace

This article intended to identify gaps in the safety management system (SMS) framework when it comes to dealing with cyber risks and hazards in the maintenance, repair, and overhaul (MRO) industry. Cybersecurity is currently a concern of the aviation industry, but organizations in the MRO industry do not seem to be aware of any specific risks and hazards and therefore are not prepared to handle them. Concerns are largely around the increasing reach of aviation and the digital transformation of infrastructure, but the body of knowledge does not go into any greater detail. As a result, it is hard to …