Computer Engineering Commons^™

Role Of Artificial Intelligence In The Internet Of Things (Iot) Cybersecurity, Murat Kuzlu, Corinne Fair, Ozgur Guler

Engineering Technology Faculty Publications

In recent years, the use of the Internet of Things (IoT) has increased exponentially, and cybersecurity concerns have increased along with it. On the cutting edge of cybersecurity is Artificial Intelligence (AI), which is used for the development of complex algorithms to protect networks and systems, including IoT systems. However, cyber-attackers have figured out how to exploit AI and have even begun to use adversarial AI in order to carry out cybersecurity attacks. This review paper compiles information from several other surveys and research papers regarding IoT, AI, and attacks with and against AI and explores the relationship between these …

Zooming Into The Pandemic! A Forensic Analysis Of The Zoom Application, Andrew Mahr, Meghan Cichon, Sophia Mateo, Cinthya Grajeda, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The global pandemic of COVID-19 has turned the spotlight on video conferencing applications like never before. In this critical time, applications such as Zoom have experienced a surge in its user base jump over the 300 million daily mark (ZoomBlog, 2020). The increase in use has led malicious actors to exploit the application, and in many cases perform Zoom Bombings. Therefore forensically examining Zoom is inevitable. Our work details the primary disk, network, and memory forensic analysis of the Zoom video conferencing application. Results demonstrate it is possible to find users' critical information in plain text and/or encrypted/encoded, such …

Simulation For Cybersecurity: State Of The Art And Future Directions, Hamdi Kavak, Jose J. Padilla, Daniele Vernon-Bido, Saikou Y. Diallo, Ross Gore, Sachin Shetty

VMASC Publications

In this article, we provide an introduction to simulation for cybersecurity and focus on three themes: (1) an overview of the cybersecurity domain; (2) a summary of notable simulation research efforts for cybersecurity; and (3) a proposed way forward on how simulations could broaden cybersecurity efforts. The overview of cybersecurity provides readers with a foundational perspective of cybersecurity in the light of targets, threats, and preventive measures. The simulation research section details the current role that simulation plays in cybersecurity, which mainly falls on representative environment building; test, evaluate, and explore; training and exercises; risk analysis and assessment; and humans …

A Monte-Carlo Analysis Of Monetary Impact Of Mega Data Breaches, Mustafa Canan, Omer Ilker Poyraz, Anthony Akil

Engineering Management & Systems Engineering Faculty Publications

The monetary impact of mega data breaches has been a significant concern for enterprises. The study of data breach risk assessment is a necessity for organizations to have effective cybersecurity risk management. Due to the lack of available data, it is not easy to obtain a comprehensive understanding of the interactions among factors that affect the cost of mega data breaches. The Monte Carlo analysis results were used to explicate the interactions among independent variables and emerging patterns in the variation of the total data breach cost. The findings of this study are as follows: The total data breach cost …

Covid-19 And Biocybersecurity's Increasing Role On Defending Forward, Xavier Palmer, Lucas N. Potter, Saltuk Karahan

Electrical & Computer Engineering Faculty Publications

The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation …

Hidden Markov Model And Cyber Deception For The Prevention Of Adversarial Lateral Movement, Md Ali Reza Al Amin, Sachin Shetty, Laurent Njilla, Deepak K. Tosh, Charles Kamhoua

Computational Modeling & Simulation Engineering Faculty Publications

Advanced persistent threats (APTs) have emerged as multi-stage attacks that have targeted nation-states and their associated entities, including private and corporate sectors. Cyber deception has emerged as a defense approach to secure our cyber infrastructure from APTs. Practical deployment of cyber deception relies on defenders' ability to place decoy nodes along the APT path optimally. This paper presents a cyber deception approach focused on predicting the most likely sequence of attack paths and deploying decoy nodes along the predicted path. Our proposed approach combines reactive (graph analysis) and proactive (cyber deception technology) defense to thwart the adversaries' lateral movement. The …

Multi-User Verifiable Searchable Symmetric Encryption For Cloud Storage, Xueqiao Liu, Guomin Yang, Guomin Yang

Research Collection School Of Computing and Information Systems

In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional …

Memory Foreshadow: Memory Forensics Of Hardware Cryptocurrency Wallets – A Tool And Visualization Framework, Tyler Thomas, Mathew Piscitelli, Ilya Shavrov, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

We present Memory FORESHADOW: Memory FOREnSics of HArDware cryptOcurrency Wallets. To the best of our knowledge, this is the primary account of cryptocurrency hardware wallet client memory forensics. Our exploratory analysis revealed forensically relevant data in memory including transaction history, extended public keys, passphrases, and unique device identifiers. Data extracted with FORESHADOW can be used to associate a hardware wallet with a computer and allow an observer to deanonymize all past and future transactions due to hierarchical deterministic wallet address derivation. Additionally, our novel visualization framework enabled us to measure both the persistence and integrity of artifacts produced by the …

Exploring The Learning Efficacy Of Digital Forensics Concepts And Bagging & Tagging Of Digital Devices In Immersive Virtual Reality, Courtney Hassenfeldt, Jillian Jacques, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

This work presents the first account of evaluating learning inside a VR experience created to teach Digital Forensics (DF) concepts, and a hands-on laboratory exercise in Bagging & Tagging a crime scene with digital devices. First, we designed and developed an immersive VR experience which included a lecture and a lab. Next, we tested it with (n = 57) participants in a controlled experiment where they were randomly assigned to a VR group or a physical group. Both groups were subjected to the same lecture and lab, but one was in VR and the other was in the real world. …

Efficient Fine-Grained Data Sharing Mechanism For Electronic Medical Record Systems With Mobile Devices, Hui Ma, Rui Zhang, Guomin Yang, Zishuai Zong, Kai He, Yuting Xiao

Research Collection School Of Computing and Information Systems

Sharing digital medical records on public cloud storage via mobile devices facilitates patients (doctors) to get (offer) medical treatment of high quality and efficiency. However, challenges such as data privacy protection, flexible data sharing, efficient authority delegation, computation efficiency optimization, are remaining toward achieving practical fine-grained access control in the Electronic Medical Record (EMR) system. In this work, we propose an innovative access control model and a fine-grained data sharing mechanism for EMR, which simultaneously achieves the above-mentioned features and is suitable for resource-constrained mobile devices. In the model, complex computation is outsourced to public cloud servers, leaving almost no …

A Comprehensive Security Framework For Securing Sensors In Smart Devices And Applications, Amit Kumar Sikder

FIU Electronic Theses and Dissertations

This doctoral dissertation introduces novel security frameworks to detect sensor-based threats on smart devices and applications in smart settings such as smart home, smart office, etc. First, we present a formal taxonomy and in-depth impact analysis of existing sensor-based threats to smart devices and applications based on attack characteristics, targeted components, and capabilities. Then, we design a novel context-aware intrusion detection system, 6thSense, to detect sensor-based threats in standalone smart devices (e.g., smartphone, smart watch, etc.). 6thSense considers user activity-sensor co-dependence in standalone smart devices to learn the ongoing user activity contexts and builds a context-aware model to distinguish malicious …

Geopolitics And The Digital Domain: How Cyberspace Is Impacting International Security, Georgia Wood

Independent Study Project (ISP) Collection

The digital domain is the emerging environment for which the internet and data connectivity exists. This new domain is challenging the traditional place for geopolitics to exist, and creating new challenges to international relations. The use of cyberweapons through direct cyberattacks, such as the possibility of an attack on the U.S. power grid, or misinformation campaigns, such as the one launched by Russia against the 2016 U.S. Presidential election, can expand the international threat landscape. While these new threats increase, states are widely not prepared to address the new challenges in the digital domain. This paper will use three primary …

Attribute-Based Cloud Data Integrity Auditing For Secure Outsourced Storage, Yong Yu, Yannan Li, Bo Yang, Willy Susilo, Guomin Yang, Jian Bai

Research Collection School Of Computing and Information Systems

Outsourced storage such as cloud storage can significantly reduce the burden of data management of data owners. Despite of a long list of merits of cloud storage, it triggers many security risks at the same time. Data integrity, one of the most burning challenges in secure cloud storage, is a fundamental and pivotal element in outsourcing services. Outsourced data auditing protocols enable a verifier to efficiently check the integrity of the outsourced files without downloading the entire file from the cloud, which can dramatically reduce the communication overhead between the cloud server and the verifier. Existing protocols are mostly based …

Technological Challenges And Innovations In Cybersecurity And Networking Technology Program, Syed R. Zaidi, Ajaz Sana, Aparicio Carranza

Publications and Research

This era is posing a unique challenge to the Cybersecurity and related Engineering Technology areas, stimulated by the multifaceted technological boom expressed in accelerated globalization, digital transformation, the cloud, mobile access apps, and the Internet of Things (IoT)—where more and more devices are connected to the Internet every day. As the use of new Internet-based technologies increase; so does the risk of theft and misuse of sensitive information. This demands the awareness of cyber-criminality and the need for cyber hygiene in corporations, small businesses, and the government. As the need for experienced cybersecurity specialists has skyrocketed in recent years and …

Founding The Domain Of Ai Forensics, Ibrahim Baggili, Vahid Behzadan

Electrical & Computer Engineering and Computer Science Faculty Publications

With the widespread integration of AI in everyday and critical technologies, it seems inevitable to witness increasing instances of failure in AI systems. In such cases, there arises a need for technical investigations that produce legally acceptable and scientifically indisputable findings and conclusions on the causes of such failures. Inspired by the domain of cyber forensics, this paper introduces the need for the establishment of AI Forensics as a new discipline under AI safety. Furthermore, we propose a taxonomy of the subfields under this discipline, and present a discussion on the foundational challenges that lay ahead of this new research …

Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.

This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the …

Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park

VMASC Publications

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …

Trajectory Privacy Preservation And Lightweight Blockchain Techniques For Mobility-Centric Iot, Abdur Bin Shahid

FIU Electronic Theses and Dissertations

Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity …

A Privacy Framework For Decentralized Applications Using Blockchains And Zero Knowledge Proofs, David Gabay

FIU Electronic Theses and Dissertations

With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage of EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided …

Work-In-Progress: Iot Device Signature Validation, Jeffrey Hemmes

Regis University Faculty Publications

Device fingerprinting is an area of security that has received renewed attention in recent years, with a number of classification methods proposed that rely on characteristics unique to a particular vendor or device type. Current works are limited to determining device type for purposes of access control and MAC address spoof prevention. This work synthesizes multiple sources of information to verify device capabilities in a device profile, which can be used in a number of applications not limited to authentication and authorization. The approach proposed in this paper relies on existing protocols and methods proposed in the literature, using a …

Privacidad Digital En Ecuador: El Papel De La Vigilancia, La Jurisprudencia Y Los Derechos Humanos, Giselle Valdez

Independent Study Project (ISP) Collection

Este documento es un estudio de caso sobre la privacidad digital en Ecuador, cómo se protege y cómo se debe mejorar las protecciones. Comienzo presentando la falta de privacidad de la persona en Ecuador, a través de la reciente violación de datos y las tecnologías de vigilancia en todo el país desde China. Luego, para analizar la jurisprudencia y la falta de protección de la privacidad en la ley, hago la transición a un análisis legal de la privacidad de datos en Ecuador a través de la Constitución de 2008. Cuando establezco que falta privacidad digital en Ecuador, demuestro una …

Map My Murder: A Digital Forensic Study Of Mobile Health And Fitness Applications, Courtney Hassenfeldt, Shabana Baig, Ibrahim Baggili, Xiaolu Zhang

Electrical & Computer Engineering and Computer Science Faculty Publications

The ongoing popularity of health and fitness applications catalyzes

the need for exploring forensic artifacts produced by them. Sensitive

Personal Identifiable Information (PII) is requested by the applications

during account creation. Augmenting that with ongoing

user activities, such as the user’s walking paths, could potentially

create exculpatory or inculpatory digital evidence. We conducted

extensive manual analysis and explored forensic artifacts produced

by (n = 13) popular Android mobile health and fitness applications.

We also developed and implemented a tool that aided in the timely

acquisition and identification of artifacts from the examined applications.

Additionally, our work explored the type of …

Iot Ignorance Is Digital Forensics Research Bliss: A Survey To Understand Iot Forensics Definitions, Challenges And Future Research Directions, Tina Wu, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Interactions with IoT devices generates vast amounts of personal data that can be used as a source of evidence in digital investigations. Currently, there are many challenges in IoT forensics such as the difficulty in acquiring and analysing IoT data/devices and the lack IoT forensic tools. Besides technical challenges, there are many concepts in IoT forensics that have yet to be explored such as definitions, experience and capability in the analysis of IoT data/devices and current/future challenges. A deeper understanding of these various concepts will help progress the field. To achieve this goal, we conducted a survey which received 70 …

Design Of Personnel Big Data Management System Based On Blockchain, Houbing Song, Jian Chen, Zhihan Lv

Publications

With the continuous development of information technology, enterprises, universities and governments are constantly stepping up the construction of electronic personnel information management system. The information of hundreds of thousands or even millions of people’s information are collected and stored into the system. So much information provides the cornerstone for the development of big data, if such data is tampered with or leaked, it will cause irreparable serious damage. However, in recent years, electronic archives have exposed a series of problems such as information leakage, information tampering, and information loss, which has made the reform of personnel information management more and …

Centralized And Distributed Detection Of Compromised Smart Grid Devices Using Machine Learning And Convolution Techniques, Cengiz Kaygusuz

FIU Electronic Theses and Dissertations

The smart grid concept has further transformed the traditional power grid into a massive cyber-physical system that depends on advanced two-way communication infrastructure. While the introduction of cyber components has improved the grid, it has also broadened the attack surface. In particular, the threat stemming from compromised devices pose a significant danger: An attacker can control the devices to change the behavior of the grid and can impact the measurements or damage the grid equipment. In this thesis, to detect such malicious smart grid devices, we propose a novel machine learning and convolution-based framework, named PowerWatch, that is able to …

Designated-Server Identity-Based Authenticated Encryption With Keyword Search For Encrypted Emails, Hongbo Li, Qiong Huang, Jian Shen, Guomin Yang, Willy Susilo

Research Collection School Of Computing and Information Systems

In encrypted email system, how to search over encrypted cloud emails without decryption is an important and practical problem. Public key encryption with keyword search (PEKS) is an efficient solution to it. However, PEKS suffers from the complex key management problem in the public key infrastructure. Its variant in the identity-based setting addresses the drawback, however, almost all the schemes does not resist against offline keyword guessing attacks (KGA) by inside adversaries. In this work we introduce the notion of designated-server identity-based authenticated encryption with keyword search (dIBAEKS), in which the email sender authenticates the message while encrypting so that …

On Efficiency Of Artifact Lookup Strategies In Digital Forensics, Lorenz Liebler, Patrick Schmitt, Harald Baier, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In recent years different strategies have been proposed to handle the problem of ever-growing digital forensic databases. One concept to deal with this data overload is data reduction, which essentially means to separate the wheat from the chaff, e.g., to filter in forensically relevant data. A prominent technique in the context of data reduction are hash-based solutions. Data reduction is achieved because hash values (of possibly large data input) are much smaller than the original input. Today's approaches of storing hash-based data fragments reach from large scale multithreaded databases to simple Bloom filter representations. One main focus was put on …

Immersive Virtual Reality Attacks And The Human Joystick, Peter Casey, Ibrahim Baggili, Ananya Yarramreddy

Electrical & Computer Engineering and Computer Science Faculty Publications

This is one of the first accounts for the security analysis of consumer immersive Virtual Reality (VR) systems. This work breaks new ground, coins new terms, and constructs proof of concept implementations of attacks related to immersive VR. Our work used the two most widely adopted immersive VR systems, the HTC Vive, and the Oculus Rift. More specifically, we were able to create attacks that can potentially disorient users, turn their Head Mounted Display (HMD) camera on without their knowledge, overlay images in their field of vision, and modify VR environmental factors that force them into hitting physical objects and …

Cloud Workload Allocation Approaches For Quality Of Service Guarantee And Cybersecurity Risk Management, Soamar Homsi

FIU Electronic Theses and Dissertations

It has become a dominant trend in industry to adopt cloud computing --thanks to its unique advantages in flexibility, scalability, elasticity and cost efficiency -- for providing online cloud services over the Internet using large-scale data centers. In the meantime, the relentless increase in demand for affordable and high-quality cloud-based services, for individuals and businesses, has led to tremendously high power consumption and operating expense and thus has posed pressing challenges on cloud service providers in finding efficient resource allocation policies.

Allowing several services or Virtual Machines (VMs) to commonly share the cloud's infrastructure enables cloud providers to optimize resource …

Frameup: An Incriminatory Attack On Storj: A Peer To Peer Blockchain Enabled Distributed Storage System, Xiaolu Zhang, Justin Grannis, Ibrahim Baggili, Nicole Lang Beebe

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent victim. Our work employs Storj as an example technology, due to its popularity and market size. Storj is a blockchain enabled system that allows people to rent out their hard drive space …