Computer Engineering Commons^™

Longitudinal Attacks Against Iterative Data Collection With Local Differential Privacy, Mehmet Emre Gürsoy

Turkish Journal of Electrical Engineering and Computer Sciences

Local differential privacy (LDP) has recently emerged as an accepted standard for privacy-preserving collection of users’ data from smartphones and IoT devices. In many practical scenarios, users’ data needs to be collected repeatedly across multiple iterations. In such cases, although each collection satisfies LDP individually by itself, a longitudinal collection of multiple responses from the same user degrades that user’s privacy. To demonstrate this claim, in this paper, we propose longitudinal attacks against iterative data collection with LDP. We formulate a general Bayesian adversary model, and then individually show the application of this adversary model on six popular LDP protocols: …

Sel4 On Risc-V - Developing High Assurance Platforms With Modular Open-Source Architectures, Michael A. Doran Jr

Masters Theses

Virtualization is now becoming an industry standard for modern embedded systems. Modern embedded systems can now support multiple applications on a single hardware platform while meeting power and cost requirements. Virtualization on an embedded system is achieved through the design of the hardware-software interface. Instruction set architecture, ISA, defines the hardware-software interface for an embedded system. At the hardware level the ISA, provides extensions to support virtualization.

In addition to an ISA that supports hypervisor extensions it is equally important to provide a hypervisor completely capable of exploiting the benefits of virtualization for securing modern embedded systems. Currently there does …

Perspectives On Design Considerations Inspired By Security And Quantum Technology In Cyberphysical Systems For Process Engineering, Helen Durand, Jihan Abou Halloun, Kip Nieman, Keshav Kasturi Rangan

Chemical Engineering and Materials Science Faculty Research Publications

Advances in computer science have been a driving force for change in process systems engineering for decades. Faster computers, expanded computing resources, simulation software, and improved optimization algorithms have all changed chemical engineers’ abilities to predict, control, and optimize process systems. Two newer areas relevant to computer science that are impacting process systems engineering are cybersecurity and quantum computing. This work reviews some of our group’s recent work in control-theoretic approaches to control system cybersecurity and touches upon the use of quantum computers, with perspectives on the relationships between process design and control when cybersecurity and quantum technologies are of …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Anonymization & Generation Of Network Packet Datasets Using Deep Learning, Spencer K. Vecile

Electronic Thesis and Dissertation Repository

Corporate networks are constantly bombarded by malicious actors trying to gain access. The current state of the art in protecting networks is deep learning-based intrusion detection systems (IDS). However, for an IDS to be effective it needs to be trained on a good dataset. The best datasets for training an IDS are real data captured from large corporate networks. Unfortunately, companies cannot release their network data due to privacy concerns creating a lack of public cybersecurity data. In this thesis I take a novel approach to network dataset anonymization using character-level LSTM models to learn the characteristics of a dataset; …

A Novel Testbed For Evaluation Of Operational Technology Communications Protocols And Their On-Device Implementations, Matthew Boeding

Department of Electrical and Computer Engineering: Dissertations, Theses, and Student Research

Operational Technology (OT) and Infrastructure Technology (IT) systems are converging with the rapid addition of centralized remote management in OT systems. Previously air-gapped systems are now interconnected through the internet with application-specific protocols. This has led to systems that had limited access points being remotely accessible. In different OT sectors, legacy protocols previously transmitted over serial communication were updated to allow internet communication with legacy devices. New protocols such as IEC-61850 were also introduced for monitoring of different OT resources. The IEC-61850 standard’s Generic Object Oriented Substation Event (GOOSE) protocol outlines the representation and communication of a variety of different …

Quantum Computing And Resilient Design Perspectives For Cybersecurity Of Feedback Systems, Keshav Kasturi Rangan, Jihan Abou Halloun, Henrique Oyama, Samantha Cherney, Ilham Azali Assoumani, Nazir Jairazbhoy, Helen Durand, Simon Ka Ng

Chemical Engineering and Materials Science Faculty Research Publications

Cybersecurity of control systems is an important issue in next-generation manufac- turing that can impact both operational objectives (safety and performance) as well as process designs (via hazard analysis). Cyberattacks differ from faults in that they can be coordinated efforts to exploit system vulnerabilities to create otherwise unlikely hazard scenarios. Because coordination and targeted process manipulation can be characteristics of attacks, some of the tactics previously analyzed in our group from a control system cybersecurity perspective have incorporated randomness to attempt to thwart attacks. The underlying assumption for the generation of this randomness has been that it can be achieved …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

A Trusted Platform For Unmanned Aerial Vehicle-Based Bridge Inspection Management System, Hwapyeong Song

Theses, Dissertations and Capstones

Bridge inspection has a pivotal role in assuring the safety of critical structures constituting society. However, high cost, worker safety, and low objectivity of quality are classic problems in traditional visual inspection. Recent trends in bridge inspection have led to a proliferation of research utilizing Unmanned Aerial Vehicles (UAVs). This thesis proposes a Trusted Platform for Bridge Inspection Management System (Trusted-BIMS) for safe and efficient bridge inspection by proving the UAV-based inspection process and improving the prototype of the previous study. Designed based on a Zero-Trust (ZT) strategy, Trusted-BIMS consist of (1) a database-driven web framework with security features for …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Cybert: Cybersecurity Claim Classification By Fine-Tuning The Bert Language Model, Kimia Ameri, Michael Hempel, Hamid Sharif, Juan Lopez Jr., Kalyan Perumalla

Department of Electrical and Computer Engineering: Faculty Publications

We introduce CyBERT, a cybersecurity feature claims classifier based on bidirectional encoder representations from transformers and a key component in our semi-automated cybersecurity vetting for industrial control systems (ICS). To train CyBERT, we created a corpus of labeled sequences from ICS device documentation collected across a wide range of vendors and devices. This corpus provides the foundation for fine-tuning BERT’s language model, including a prediction-guided relabeling process. We propose an approach to obtain optimal hyperparameters, including the learning rate, the number of dense layers, and their configuration, to increase the accuracy of our classifier. Fine-tuning all hyperparameters of the resulting …

Another Brick In The Wall: An Exploratory Analysis Of Digital Forensics Programs In The United States, Syria Mccullough, Stella Abudu, Ebere Onwubuariri, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present a comprehensive review of digital forensics programs offered by universities across the United States (U.S.). While numerous studies on digital forensics standards and curriculum exist, few, if any, have examined digital forensics courses offered across the nation. Since digital forensics courses vary from university to university, online course catalogs for academic institutions were evaluated to curate a dataset. Universities were selected based on online searches, similar to those that would be made by prospective students. Ninety-seven (n = 97) degree programs in the U.S. were evaluated. Overall, results showed that advanced technical courses are missing from curricula. We …

A Framework To Detect The Susceptibility Of Employees To Social Engineering Attacks, Hashim H. Alneami

Doctoral Dissertations and Master's Theses

Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable …

Digital Twin-Based Cooperative Control Techniques For Secure And Intelligent Operation Of Distributed Microgrids, Ahmed Aly Saad Ahmed

FIU Electronic Theses and Dissertations

Networked microgrids play a key role in constructing future active distribution networks for providing the power system with resiliency and reliability against catastrophic physical and cyber incidents. Motivated by the increasing penetration of renewable resources and energy storage systems in the distribution grids, utility companies are encouraged to unleash the capabilities of the distributed microgrid to work as virtual power plants that can support the power systems. The microgrids nature is transforming the grid and their control systems from centralized architecture into distributed architectures. The distributed networked microgrids introduced many benefits to the future smart grids, it created many challenges …

Blockchain-Based Architecture For Secured Cyberattack Signatures And Features Distribution, Oluwaseyi J. Ajayi

Dissertations and Theses

One effective way of detecting malicious traffic in computer networks is intrusion detection systems (IDS). Despite the increased accuracy of IDSs, distributed or coordinated attacks can still go undetected because of the single vantage point of the IDSs. Due to this reason, there is a need for attack characteristics' exchange among different IDS nodes. Another reason for IDS coordination is that a zero-day attack (an attack without a known signature) experienced in organizations located in different regions is not the same. Collaborative efforts of the participating IDS nodes can stop more attack threats if IDS nodes exchange these attack characteristics …

Energy Considerations In Blockchain-Enabled Applications, Cesar Enrique Castellon Escobar

UNF Graduate Theses and Dissertations

Blockchain-powered smart systems deployed in different industrial applications promise operational efficiencies and improved yields, while mitigating significant cybersecurity risks pertaining to the main application. Associated tradeoffs between availability and security arise at implementation, however, triggered by the additional resources (e.g., memory, computation) required by each blockchain-enabled host. This thesis applies an energy-reducing algorithmic engineering technique for Merkle Tree root and Proof of Work calculations, two principal elements of blockchain computations, as a means to preserve the promised security benefits but with less compromise to system availability. Using pyRAPL, a python library to measure computational energy, we experiment with both the …

Zero-Bias Deep Learning For Accurate Identification Of Internet Of Things (Iot) Devices, Yongxin Liu, Houbing Song, Thomas Yang, Jian Wang, Jianqiang Li, Shuteng Niu, Zhong Ming

Publications

The Internet of Things (IoT) provides applications and services that would otherwise not be possible. However, the open nature of IoT makes it vulnerable to cybersecurity threats. Especially, identity spoofing attacks, where an adversary passively listens to the existing radio communications and then mimic the identity of legitimate devices to conduct malicious activities. Existing solutions employ cryptographic signatures to verify the trustworthiness of received information. In prevalent IoT, secret keys for cryptography can potentially be disclosed and disable the verification mechanism. Noncryptographic device verification is needed to ensure trustworthy IoT. In this article, we propose an enhanced deep learning framework …

First Year Students' Experience In A Cyber World Course - An Evaluation, Frank Breitinger, Ryan Tully-Doyle, Kristen Przyborski, Lauren Beck, Ronald S. Harichandran

Electrical & Computer Engineering and Computer Science Faculty Publications

Although cybersecurity is a major present concern, it is not a required subject in University. In response, we developed Cyber World which introduces students to eight highly important cybersecurity topics (primarily taught by none cybersecurity experts). We embedded it into our critical thinking Common Course (core curriculum) which is a team-taught first-year experience required for all students. Cyber World was first taught in Fall 2018 to a cohort of over 150 students from various majors at the University of New Haven. This article presents the evaluation of our Fall taught course. In detail, we compare the performance of Cyber World …

Guest Editorial Special Issue On Toward Securing Internet Of Connected Vehicles (Iov) From Virtual Vehicle Hijacking, Yue Cao, Houbing Song, Omprakash Kaiwartya, Sinem Coleri Ergen, Jaime Lloret, Naveed Ahmad

Houbing Song

Today’s vehicles are no longer stand-alone transportation means, due to the advancements on vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) communications enabled to access the Internet via recent technologies in mobile communications, including WiFi, Bluetooth, 4G, and even 5G networks. The Internet of vehicles was aimed toward sustainable developments in transportation by enhancing safety and efficiency. The sensor-enabled intelligent automation of vehicles’ mechanical operations enhances safety in on-road traveling, and cooperative traffic information sharing in vehicular networks improves traveling efficiency.

Guest Editorial Special Issue On Toward Securing Internet Of Connected Vehicles (Iov) From Virtual Vehicle Hijacking, Yue Cao, Houbing Song, Omprakash Kaiwartya, Sinem Coleri Ergen, Jaime Lloret, Naveed Ahmad

Publications

Today’s vehicles are no longer stand-alone transportation means, due to the advancements on vehicle-tovehicle (V2V) and vehicle-to-infrastructure (V2I) communications enabled to access the Internet via recent technologies in mobile communications, including WiFi, Bluetooth, 4G, and even 5G networks. The Internet of vehicles was aimed toward sustainable developments in transportation by enhancing safety and efficiency. The sensor-enabled intelligent automation of vehicles’ mechanical operations enhances safety in on-road traveling, and cooperative traffic information sharing in vehicular networks improves traveling efficiency.

Hybrid Black-Box Solar Analytics And Their Privacy Implications, Dong Chen

Doctoral Dissertations

The aggregate solar capacity in the U.S. is rising rapidly due to continuing decreases in the cost of solar modules. For example, the installed cost per Watt (W) for residential photovoltaics (PVs) decreased by 6X from 2009 to 2018 (from $8/W to $1.2/W), resulting in the installed aggregate solar capacity increasing 128X from 2009 to 2018 (from 435 megawatts to 55.9 gigawatts). This increasing solar capacity is imposing operational challenges on utilities in balancing electricity's real-time supply and demand, as solar generation is more stochastic and less predictable than aggregate demand. To address this problem, both academia and utilities have …

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring …

Employing A User-Centered Design Process For Cybersecurity Awareness In The Power Grid, Jean C. Scholtz, Lyndsey Franklin, Aditya Ashok, Katya Leblanc, Christopher Bonebrake, Eric Andersen, Michael Cassiadoro

Journal of Human Performance in Extreme Environments

In this paper, we discuss the process we are using in the design and implementation of a tool to improve the situation awareness of cyberattacks in the power grid. We provide details of the steps we have taken to date and describe the steps that still need to be accomplished. The focus of this work is to provide situation awareness of the power grid to staff from different, non-overlapping roles in an electrical transmission organization in order to facilitate an understanding of a possible occurrence of a cyberattack. Our approach follows a user-centered design process and includes determining the types …

Cyber Espionage Or Cyber War?: International Law, Domestic Law, And Self-Protective Measures, Christopher S. Yoo

All Faculty Scholarship

Scholars have spent considerable effort determining how the law of war (particularly jus ad bellum and jus in bello) applies to cyber conflicts, epitomized by the Tallinn Manual on the International Law Applicable to Cyber Warfare. Many prominent cyber operations fall outside the law of war, including the surveillance programs that Edward Snowden has alleged were conducted by the National Security Agency, the distributed denial of service attacks launched against Estonia and Georgia in 2007 and 2008, the 2008 Stuxnet virus designed to hinder the Iranian nuclear program, and the unrestricted cyber warfare described in the 1999 book by …