Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Air Force Institute of Technology

Theses/Dissertations

Articles 1 - 30 of 166

Full-Text Articles in Physical Sciences and Mathematics

Air Force Digital Badges, Jacob Chan Mar 2023

Air Force Digital Badges, Jacob Chan

Theses and Dissertations

The Air Force talent management and force development systems are antiquated. Airmen records are often stored on different Air Force information systems. Existing records sometimes lack granularity and context to recognize Airmen skills. Digital badges are a newer technology utilized by academia and industry to recognize member skills. However, military badging research is sparse and existing studies do not provide sufficient evidence on the value of digital badging to the Air Force. The studies: (1) lack background research on badging; (2) do not provide quantitative data on the effects of badging; and (3) issued badges through commercial entities which may …

Go to article

Intel Total Memory Encryption: Functional Verification And Performance Analysis, Tallas Tian Sheng Goo Mar 2023

Intel Total Memory Encryption: Functional Verification And Performance Analysis, Tallas Tian Sheng Goo

Theses and Dissertations

While more attention is generally focused on software security, computer hardware security remains an important effort. Should an attacker gain direct physical access, computers with little to no hardware security can quickly be compromised via a manner of methods. One such attacker method is to steal information directly from the active memory of a locked, powered-on computer. To counter this attack, a hardware security method was developed called memory encryption. Memory encryption, as the name suggests, protects against adversary methods like cold boot attacks by encrypting all of memory. This research evaluates the efficacy and performance specifically of Intel TME. …

Go to article

Characterizing Location-Based Electromagnetic Leakage Of Computing Devices Using Convolutional Neural Networks To Increase The Effectiveness Of Side-Channel Analysis Attacks, Ian C. Heffron Mar 2023

Characterizing Location-Based Electromagnetic Leakage Of Computing Devices Using Convolutional Neural Networks To Increase The Effectiveness Of Side-Channel Analysis Attacks, Ian C. Heffron

Theses and Dissertations

SCA attacks aim to recover some sort of secret information, often in the form of a cipher key, from a target device. Some of these attacks focus on either power-based leakage, or EM-based leakage. Neural networks have recently gained in popularity as tools in SCA attacks. Near-field EM probes with high-spatial resolution enable attackers to isolate physical locations above a processor. This enables attackers to exploit the spatial dependencies of algorithms running on said processor. These spatial dependencies result in different physical locations above a chip emanating different signal strengths. The strengths of different locations can be mapped using the …

Go to article

Dds-Cerberus: Improving Security In Dds Middleware Using Kerberos Tickets, Andrew T. Park Mar 2022

Dds-Cerberus: Improving Security In Dds Middleware Using Kerberos Tickets, Andrew T. Park

Theses and Dissertations

The military deploys many IoT in battlefield operations to provide information on terrain and enemy combatants. It also deploys automated robots or UAVs where securing and trusting collected data is essential. Choosing the middleware that handles this message transfer is crucial for real-time operations. Networks with multiple entities, including IoT devices, UAVs, and small computers, require robust middleware facilitating message sending in real-time. Ideally, the middleware would provide QoS to handle lost packets and retransmissions in lossy environments, especially between low-power machines. DDS is a middleware that implements real-time and QoS capabilities by sending messages, not based on endpoints but …

Go to article

Malware Detection Using Electromagnetic Side-Channel Analysis, Matthew A. Bergstedt Mar 2022

Malware Detection Using Electromagnetic Side-Channel Analysis, Matthew A. Bergstedt

Theses and Dissertations

Many physical systems control or monitor important applications without the capacity to monitor for malware using on-device resources. Thus, it becomes valuable to explore malware detection methods for these systems utilizing external or off-device resources. This research investigates the viability of employing EM SCA to determine whether a performed operation is normal or malicious. A Raspberry Pi 3 was set up as a simulated motor controller with code paths for a normal or malicious operation. While the normal path only calculated the motor speed before updating the motor, the malicious path added a line of code to modify the calculated …

Go to article

Evaluating Secure Enclave Firmware Development For Contemporary Risc-V Workstations, Samuel D. Chadwick Mar 2022

Evaluating Secure Enclave Firmware Development For Contemporary Risc-V Workstations, Samuel D. Chadwick

Theses and Dissertations

The emergence of the open-source RISC-V ISA empowers developers and engineers, device manufactures, industry leaders, nation-states, adversaries and allies alike with the unique opportunity to re-evaluate existing Trusted Computing paradigms. Emerging open-source security mechanisms facilitate the proliferation of Confidential Computing principles. These technology standards aim to provide secure enclave computing as a fundamental computing attribute, inherent within the RISC-V ISA specification. Security enforcement within these enclaves are handled by performing computation in memory-isolated, hardware-based, software-defined TEEs. This research evaluates the firmware development procedures required to implement Keystone Enclave on new unsupported hardware. Expressly, this effort extends Keystone SM firmware components …

Go to article

Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond Mar 2022

Securing Infiniband Networks With End-Point Encryption, Noah B. Diamond

Theses and Dissertations

The NVIDIA-Mellanox Bluefield-2 is a 100 Gbps high-performance network interface which offers hardware offload and acceleration features that can operate directly on network traffic without routine involvement from the ARM CPU. This allows the ARM multi-core CPU to orchestrate the hardware to perform operations on both Ethernet and RDMA traffic at high rates rather than processing all the traffic directly. A testbed called TNAP was created for performance testing and a MiTM verification process called MiTMVMP is used to ensure proper network configuration. The hardware accelerators of the Bluefield-2 support a throughput of nearly 86 Gbps when using IPsec to …

Go to article

Determining Physical Characteristics Through Information Leakage In 802.11ac Beamforming, Albert D. Taglieri Sep 2021

Determining Physical Characteristics Through Information Leakage In 802.11ac Beamforming, Albert D. Taglieri

Theses and Dissertations

The risk of information leakage in 802.11ac allows an eavesdropper to monitor wireless traffic and correlate physical locations between devices, as well as environment changes such as the motion of a person. Previous pattern-analysis mitigation methods, which used nonexistent devices to fool an eavesdropper, are not effective in an 802.11ac network, because devices on the network can be correlated to their physical location, which a nonexistent device does not have. Further, additional information about motion in the target environment can be observed and analyzed, providing a new potential for pattern analysis and sensing. 802.11ac makes it possible to plug in …

Go to article

Enterprise Resource Allocation For Intruder Detection And Interception, Adam B. Haywood Sep 2021

Enterprise Resource Allocation For Intruder Detection And Interception, Adam B. Haywood

Theses and Dissertations

This research considers the problem of an intruder attempting to traverse a defender's territory in which the defender locates and employs disparate sets of resources to lower the probability of a successful intrusion. The research is conducted in the form of three related research components. The first component examines the problem in which the defender subdivides their territory into spatial stages and knows the plan of intrusion. Alternative resource-probability modeling techniques as well as variable bounding techniques are examined to improve the convergence of global solvers for this nonlinear, nonconvex optimization problem. The second component studies a similar problem but …

Go to article

Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze Mar 2021

Infiniband Network Monitoring: Challenges And Possibilities, Kyle D. Hintze

Theses and Dissertations

Within the realm of High Performance Computing, the InfiniBand Architecture is among the leading interconnects used today. Capable of providing high bandwidth and low latency, InfiniBand is finding applications outside the High Performance Computing domain. One of these is critical infrastructure, encompassing almost all essential sectors as the work force becomes more connected. InfiniBand is not immune to security risks, as prior research has shown that common traffic analyzing tools cannot effectively monitor InfiniBand traffic transmitted between hosts, due to the kernel bypass nature of the IBA in conjunction with Remote Direct Memory Access operations. If Remote Direct Memory Access …

Go to article

Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn Mar 2021

Remote Monitoring Of Memory Data Structures For Malware Detection In A Talos Ii Architecture, Robert A. Willburn

Theses and Dissertations

New forms of malware, namely xC;leless malware and rootkits, pose a threat to traditional anti-malware. In particular, Rootkits have the capacity to obscure the present state of memory from the user space of a target machine. If thishappens, anti-malware running in the user space of an axB;ected machine cannot be trusted to operate properly. To combat this threat, this research proposes the remote monitoring of memory from a second, secure processor runningOpenBMC, serving as a baseboard management controller for a POWER9 processor, which is assumed vulnerable to exploitation. The baseboard management controller includes an application called pdbg, used for debugging …

Go to article

Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack Mar 2020

Developing A Serious Game To Explore Joint All Domain Command And Control, Nathaniel W. Flack

Theses and Dissertations

Changes in the geopolitical landscape and increasing technological complexity have prompted the U.S. Military to coin Multi-Domain Operations (MDO) and Joint All-Domain Command and Control as terms to describe an over-arching strategy that frames the complexity of warfare across both traditional and emerging warfighting domains. Teaching new and advanced concepts associated with these terms requires both innovation as well as distinct education and training tools in order to realize the cultural change advocated by senior military leaders. BSN, a Collectible Card Game, was developed to teach concepts integral to MDO and initiate discussion on military strategy.

Go to article

Honeyhive - A Network Intrusion Detection System Framework Utilizing Distributed Internet Of Things Honeypot Sensors, Zachary D. Madison Mar 2020

Honeyhive - A Network Intrusion Detection System Framework Utilizing Distributed Internet Of Things Honeypot Sensors, Zachary D. Madison

Theses and Dissertations

Exploding over the past decade, the number of Internet of Things (IoT) devices connected to the Internet jumped from 3.8 billion in 2015 to 17.8 billion in 2018. Because so many IoT devices remain upatched, unmonitored, and left on, they have become a tantalizing target for attackers to gain network access or add another device to their botnet. HoneyHive is a framework that uses distributed IoT honeypots as Network Intrusion Detection Systems (NIDS) sensors that beacon back to a centralized Command and Control (C2) server. The tests in this experiment involve four types of scans and four levels of active …

Go to article

Near Real-Time Zigbee Device Discrimination Using Cb-Dna Features, Yousuke Z. Matsui Mar 2020

Near Real-Time Zigbee Device Discrimination Using Cb-Dna Features, Yousuke Z. Matsui

Theses and Dissertations

Currently, Low-Rate Wireless Personal Area Networks (LR-WPAN) based on the Institute of Electrical and Electronics Engineers (IEEE) 802.15.4 standard are at risk due to open-source tools which allow bad actors to exploit unauthorized network access through various cyberattacks by falsifying bit-level credentials. This research investigates implementing a Radio Frequency (RF) air monitor to perform Near RealTime (NRT) discrimination of Zigbee devices using the IEEE 802.15.4 standard. The air monitor employed a Multiple Discriminant Analysis/Euclidean Distance classifier to discriminate Zigbee devices based upon Constellation-Based Distinct Native Attribute (CB-DNA) fingerprints. Through the use of CB-DNA fingerprints, Physical Layer (PHY) characteristics unique to …

Go to article

Interoperable Ads-B Confidentiality, Brandon C. Burfeind Mar 2020

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

Go to article

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit Mar 2020

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Go to article

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan Dec 2019

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Go to article

The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour Jun 2019

The Trust-Based Interactive Partially Observable Markov Decision Process, Richard S. Seymour

Theses and Dissertations

Cooperative agent and robot systems are designed so that each is working toward the same common good. The problem is that the software systems are extremely complex and can be subverted by an adversary to either break the system or potentially worse, create sneaky agents who are willing to cooperate when the stakes are low and take selfish, greedy actions when the rewards rise. This research focuses on the ability of a group of agents to reason about the trustworthiness of each other and make decisions about whether to cooperate. A trust-based interactive partially observable Markov decision process (TI-POMDP) is …

Go to article

Cyber-Attack Drone Payload Development And Geolocation Via Directional Antennae, Clint M. Bramlette Mar 2019

Cyber-Attack Drone Payload Development And Geolocation Via Directional Antennae, Clint M. Bramlette

Theses and Dissertations

The increasing capabilities of commercial drones have led to blossoming drone usage in private sector industries ranging from agriculture to mining to cinema. Commercial drones have made amazing improvements in flight time, flight distance, and payload weight. These same features also offer a unique and unprecedented commodity for wireless hackers -- the ability to gain ‘physical’ proximity to a target without personally having to be anywhere near it. This capability is called Remote Physical Proximity (RPP). By their nature, wireless devices are largely susceptible to sniffing and injection attacks, but only if the attacker can interact with the device via …

Go to article

Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano Mar 2019

Confidence Inference In Defensive Cyber Operator Decision Making, Graig S. Ganitano

Theses and Dissertations

Cyber defense analysts face the challenge of validating machine generated alerts regarding network-based security threats. Operations tempo and systematic manpower issues have increased the importance of these individual analyst decisions, since they typically are not reviewed or changed. Analysts may not always be confident in their decisions. If confidence can be accurately assessed, then analyst decisions made under low confidence can be independently reviewed and analysts can be offered decision assistance or additional training. This work investigates the utility of using neurophysiological and behavioral correlates of decision confidence to train machine learning models to infer confidence in analyst decisions. Electroencephalography …

Go to article

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby Mar 2019

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

Go to article

Evaluating Machine Learning Techniques For Smart Home Device Classification, Angelito E. Aragon Jr. Mar 2019

Evaluating Machine Learning Techniques For Smart Home Device Classification, Angelito E. Aragon Jr.

Theses and Dissertations

Smart devices in the Internet of Things (IoT) have transformed the management of personal and industrial spaces. Leveraging inexpensive computing, smart devices enable remote sensing and automated control over a diverse range of processes. Even as IoT devices provide numerous benefits, it is vital that their emerging security implications are studied. IoT device design typically focuses on cost efficiency and time to market, leading to limited built-in encryption, questionable supply chains, and poor data security. In a 2017 report, the United States Government Accountability Office recommended that the Department of Defense investigate the risks IoT devices pose to operations security, …

Go to article

Preserving Privacy In Automotive Tire Pressure Monitoring Systems, Kenneth L. Hacker Mar 2019

Preserving Privacy In Automotive Tire Pressure Monitoring Systems, Kenneth L. Hacker

Theses and Dissertations

The automotive industry is moving towards a more connected ecosystem, with connectivity achieved through multiple wireless systems. However, in the pursuit of these technological advances and to quickly satisfy requirements imposed on manufacturers, the security of these systems is often an afterthought. It has been shown that systems in a standard new automobile that one would not expect to be vulnerable can be exploited for a variety of harmful effects. This thesis considers a seemingly benign, but government mandated, safety feature of modern vehicles; the Tire Pressure Monitoring System (TPMS). Typical implementations have no security-oriented features, leaking data that can …

Go to article

Testing The Fault Tolerance Of A Wide Area Backup Protection System Using Spin, Kenneth James Mar 2019

Testing The Fault Tolerance Of A Wide Area Backup Protection System Using Spin, Kenneth James

Theses and Dissertations

Cyber-physical systems are increasingly prevalent in daily life. Smart grids in particular are becoming more interconnected and autonomously operated. Despite the advantages, new challenges arise in the form of defending these assets. Recent studies reveal that small-scale, coordinated cyber-attacks on only a few substations across the U.S. could result in cascading failures affecting the entire nation. In support of defending critical infrastructure, this thesis tests the fault tolerance of a backup protection system. Each transmission line in the system incorporates autonomous agents which monitor the status of the line and make decisions regarding the safety of the grid. Various malfunctions …

Go to article

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin Mar 2019

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

Go to article

Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway Mar 2019

Self Organized Multi Agent Swarms (Somas) For Network Security Control, Eric M. Holloway

Theses and Dissertations

Computer network security is a very serious concern in many commercial, industrial, and military environments. This paper proposes a new computer network security approach defined by self-organized agent swarms (SOMAS) which provides a novel computer network security management framework based upon desired overall system behaviors. The SOMAS structure evolves based upon the partially observable Markov decision process (POMDP) formal model and the more complex Interactive-POMDP and Decentralized-POMDP models, which are augmented with a new F(*-POMDP) model. Example swarm specific and network based behaviors are formalized and simulated. This paper illustrates through various statistical testing techniques, the significance of this proposed …

Go to article

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman Mar 2018

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman

Theses and Dissertations

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause …

Go to article

Passive Radiolocation Of Ieee 802.11 Emitters Using Directional Antennae, Bradford E. Law Mar 2018

Passive Radiolocation Of Ieee 802.11 Emitters Using Directional Antennae, Bradford E. Law

Theses and Dissertations

Low-cost commodity hardware and cheaper, more capable consumer-grade drones make the threat of home-made, inexpensive drone-mounted wireless attack platforms (DWAPs) greater than ever. Fences and physical security do little to impede a drone from approaching private, commercial, or government wireless access points (WAPs) and conducting wireless attacks. At the same time, unmanned aerial vehicles (UAVs) present a valuable tool for network defenders conducting site surveys and emulating threats. These platforms present near-term dangers and opportunities for corporations and governments. Despite the vast leaps in technology these capabilities represent, UAVs are noisy and consequently difficult to conceal as they approach a …

Go to article

Mitigating The Effects Of Cyber Attacks And Human Control In An Autonomous Intersection, Karl C. Bentjen Mar 2018

Mitigating The Effects Of Cyber Attacks And Human Control In An Autonomous Intersection, Karl C. Bentjen

Theses and Dissertations

Widespread use of fully autonomous vehicles is near. However, the desire for a human to maintain control, even if limited, of a vehicle will likely never fully subside. Protocols to safely and efficiently manage reservation-based intersections with a mixture of fully autonomous, semi-autonomous, and non-autonomous vehicles exist such as AIM, SemiAIM, and H-AIM. Missing from these protocols is persistent human control of semi-autonomous vehicles in approaching and navigating autonomous intersections without the use of traditional signals. This thesis offers a proof-of-concept of a reservation-based protocol with necessary extensions required for human control in semi-autonomous vehicles. Desired is a protocol that …

Go to article

Pattern-Of-Life Modeling Using Data Leakage In Smart Homes, Steven M. Beyer Mar 2018

Pattern-Of-Life Modeling Using Data Leakage In Smart Homes, Steven M. Beyer

Theses and Dissertations

This work investigates data leakage in smart homes by providing a Smart Home Automation Architecture (SHAA) and a device classifier and pattern-of-life analysis tool, CITIoT (Classify, Identify, and Track Internet of things). CITIoT was able to capture traffic from SHAA and classify 17 of 18 devices, identify 95% of the events that occurred, and track when users were home or away with near 100% accuracy. Additionally, a mitigation tool, MIoTL (Mitigation of IoT Leakage) is provided to defend against smart home data leakage. With mitigation, CITIoT was unable to identify motion and camera devices and was inundated with an average …

Go to article

Next Last