Physical Sciences and Mathematics Commons^™

An Analysis Of Significant Cyber Incidents And The Impact On The Past, Present, And Future, Seth E. Smith

Cybersecurity Undergraduate Research Showcase

This report discusses data collected on significant cybersecurity incidents from the early 2000s to present. The first part of the report addresses previously discussed information, data, and literature (e.g. case studies), pertinent to cybersecurity incidents. The findings from this study are framed by scholarly sources and information from the Federal Bureau of Investigation, a number of notable universities, and literature online, of which all support information discussed within this report. The second part of the report discusses data compiled upon analyzing significant cyber incidents and events from the Center for Strategic and International Affairs (CSIS). Finally, the last portion of …

Analytical Approach To Biometric Security And How It Affects Privacy, Torré A. Williams

Cybersecurity Undergraduate Research Showcase

In this time where the world is using technology every day, there is going to be a need for some type of security to take place to protect its citizens from unwanted harm or danger. The use of any authentication methods is becoming very essential for a lot of companies and even for your own personal belongings. The use of biometric technology has offered companies the chance to upgrade their security system. This has also provided easier ways that people authenticate themselves as who they say they are. Due to their growth of usage, there is a privacy and security …

Developing An International Framework For Addressing Non-State Actors In Cyberspace, Joanna C. Di Scipio

Cybersecurity Undergraduate Research Showcase

On May 7, 2021, Colonial Pipeline shut down its operations following a ransomware attack by the criminal group DarkSide (Bordoff, 2021). It took five days to resume normal operations, but this short period led to panic buying, rising prices, and significant gas shortages. The attack underscores an emerging threat in the landscape of cybersecurity: critical infrastructure attacks carried out by non-state actors.

Internet Of Things: Cybersecurity In Small Businesses, Zobair Wali

Cybersecurity Undergraduate Research Showcase

Small businesses are the most vital part of a nation’s economy. In today’s world, as we are moving towards digitizing almost everything around us, cybersecurity is essential and vital for our digitalized world to function. Small businesses are no exception. All businesses collect, use, and store information. They store employees’ information, tax information, customers’ information, business transaction information, and all other operational information that is needed for a business to function. Without an appropriate cybersecurity program, these businesses are vulnerable and can be easily impacted by cyber incidents and malicious attacks. Businesses are putting resources to protect their systems against …

Gdpr, Pipl & Lgpd: Privacy Regulations & Policies Across The Globe, Raymond H. Geistel

Cybersecurity Undergraduate Research Showcase

Several privacy laws around the world are adopting similar regulations to the GPDR; this has effects on privacy policies of companies providing services in across multiple countries & continents. While these regulations share many attributes, their differing requirements can make things difficult for companies regarding said policies. Automation could be a potential solution to both analyze and compare regulations from different nations & international organizations, analyze and monitor privacy policy adherence to said regulations.

How Secure Are Android And Apple’S Operating Systems And Based Applications Against Cyber Attacks And Cyber Crime, Marlowe Cosby Jr.

Cybersecurity Undergraduate Research Showcase

Smartphone has become an important part of our everyday life. Android and apple are the two most used operating system (OS) for smart phones. We usually store important information in our smart phone, e.g.: credit card, bank account, driving ID, SSN. As a result, Android and Apple operating systems and applications have both been subject to a wide number of vulnerabilities and attacks. This directly effects many people being that they are the global leaders of users within their platforms reaching billions of people daily. It is important that smartphones receive better defense and security. In this paper, we aim …

Self-Supervised Perceptual Ad-Blocker, Killian Robinson

Cybersecurity Undergraduate Research Showcase

This project proposes a new self-supervised ad-blocker to minimize the amount of human effort required to effectively combat pushed advertisements. Current ad-blocker models are expensive to develop and not always effective in identifying advertisements. We investigated the possibility of solving these problems with the introduction of a deep learning, self-supervised ad-blocker model. More specifically, the proposed ad-blocker will be trained in a self-supervised fashion to tackle the issue of lacking labelled training data. The proposed solution was prototyped using Pytorch and achieved a detection accuracy of 81% on a diverse selection of popular websites.

Protection Of Patient Privacy On Mobile Device Machine Learning, Matthew Nguyen

Cybersecurity Undergraduate Research Showcase

An existing StudentLife Study mobile dataset was evaluated and organized to be applied to different machine learning methods. Different variables like user activity, exercise, sleep, study space, social, and stress levels are optimized to train a model that could predict user stress level. The different machine learning methods would test if both patient data privacy and training efficiency can be ensured.

Cybersecurity Maturity Model Certification (Cmmc) Compliance For Dod Contractors, Sierra Burnett

Cybersecurity Undergraduate Research Showcase

The DoD is currently taking a supply-chain risk management strategy to foster cybersecurity. This unique strategy is often referred to as CMMC which stands for “Cybersecurity Maturity Model Certification”. The approach requires that all the 300,000 DoD contractors acquire third-party authentication that may attain the requirements for the CMMC maturity level suitable to the work they desire to do for the DoD. CMMC typically examines the organization's capability to safeguard Federal Contract Information as well as CUI. It integrates various cybersecurity standards already in place and plots the best practices alongside processes to five maturity levels that range from the …

Emotional Analysis Of Learning Cybersecurity With Games Using Iot, Maria Valero, Md Jobair Hossain, Shahriar Sobhan

KSU Proceedings on Cybersecurity Education, Research and Practice

The constant rise of cyber-attacks poses an increasing demand for more qualified people with cybersecurity knowledge. Games have emerged as a well-fitted technology to engage users in learning processes. In this paper, we analyze the emotional parameters of people while learning cybersecurity through computer games. The data are gathered using a non-invasive Brain-Computer Interface (BCI) to study the signals directly from the users’ brains. We analyze six performance metrics (engagement, focus, excitement, stress, relaxation, and interest) of 12 users while playing computer games to measure the effectiveness of the games to attract the attention of the participants. Results show participants …

Resilience Vs. Prevention. Which Is The Better Cybersecurity Practice?, Frank Katz

KSU Proceedings on Cybersecurity Education, Research and Practice

Students in multiple cohorts of our 3000 level Fundamentals of Information Systems Security course were given a discussion question where they had to either agree or disagree with the premise that given all the constant threats to our systems, we should dedicate more of our efforts to quickly repairing the damage of an attack rather than dedicate more of our time and energies to preventing such attacks. They were required to give their reasoning and provide sources to back up their analysis of his comment.

This paper will describe and explain the concept of cyber resiliency. It will then evaluate …

Warshipping: Hacking The Mailroom, Jackson Szwast, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

Everyone knows what package shipping is, but not everyone knows what warshipping is. Corporate mailrooms are rarely considered as part of the cybersecurity attack surface of most organizations, but they offer physical access to millions of uninspected packages daily. UPS shipped 5.5 billion items last year, with their daily average being 21.9 million items and operating through 1,800 locations in 2020. FedEx shipped 6.5 million packages daily and operates 2,150 locations. The United States Postal Service delivered 143 billion pieces of mail in 2019. Increasingly the world’s consumers are relying on e-commerce, and during the recent COVID-19 pandemic, package deliveries …

Towards Assessing Password Workarounds And Perceived Risk To Data Breaches For Organizational Cybersecurity Risk Management Taxonomy, Michael J. Rooney, Yair Levy, Wei Li, Ajoy Kumar

KSU Proceedings on Cybersecurity Education, Research and Practice

Cybersecurity involves a broad range of techniques, including cyber-physical, managerial, and technical, while authentication provides a layer of protection for Information Systems (IS) against data breaches. The recent COVID-19 pandemic brought a tsunami of data breach incidents worldwide. Authentication serves as a mechanism for IS against unauthorized access utilizing various defense techniques, with the most popular and frequently used technique being passwords. However, the dramatic increase of user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure high level of IS security; this leaves the end-users holding a critical role in protecting their …

Analyzing Robotics Software Vulnerabilities, Hossain Shahriar, Md Jobair Hossain Faruk, Shahriar Sobhan, Mohammad Nazim

KSU Proceedings on Cybersecurity Education, Research and Practice

Robots are widely used in our day-to-day life in various domains. For example, eldercare robots, such as CareO-Bots [1]are used to perform household tasks and provide mobility assistance [2]. Amazon uses manufacturing robots to accomplish manufacturing labor activities, such as welding and assembling equipment [2]. According to the International Data Corporation, spending on robotics is expected to reach USD 241.4 billion by the end of 2023 [4].

However, malicious users can exploit security vulnerabilities in hardware and software components of robotics systems to conduct security attacks and cause malfunction, i.e., deviate robots from their expected behaviors. Security attacks on robots …

A Taxonomy Of Cyberattacks Against Critical Infrastructure, Miloslava Plachkinova, Ace Vo

KSU Proceedings on Cybersecurity Education, Research and Practice

The current study proposes a taxonomy to organize existing knowledge on cybercrimes against critical infrastructure such as power plants, water treatment facilities, dams, and nuclear facilities. Routine Activity Theory is used to inform a three-dimensional taxonomy with the following dimensions: hacker motivation (likely offender), cyber, physical, and cyber-physical components of any cyber-physical system (suitable target), and security (capable guardian). The focus of the study is to develop and evaluate the classification tool using Design Science Research (DSR) methodology. Publicly available data was used to evaluate the utility and usability of the proposed artifact by exploring three possible scenarios – Stuxnet, …

Effects Of Cloud Computing In The Workforce, Kevin Rossi Acosta

Cybersecurity Undergraduate Research Showcase

In recent years, the incorporation of cloud computing and cloud services has increased in many different types of organizations and companies. This paper will focus on the philosophical, economical, and political factors that cloud computing and cloud services have in the workforce and different organizations. Based on various scholarly articles and resources it was observed that organizations used cloud computing and cloud services to increase their overall productivity as well as decrease the overall cost of their operations, as well as the different policies that were created by lawmakers to control the realm of cloud computing. The results of this …

An Empirical Study Of Thermal Attacks On Edge Platforms, Tyler Holmes

Symposium of Student Scholars

Cloud-edge systems are vulnerable to thermal attacks as the increased energy consumption may remain undetected, while occurring alongside normal, CPU-intensive applications. The purpose of our research is to study thermal effects on modern edge systems. We also analyze how performance is affected from the increased heat and identify preventative measures. We speculate that due to the technology being a recent innovation, research on cloud-edge devices and thermal attacks is scarce. Other research focuses on server systems rather than edge platforms. In our paper, we use a Raspberry Pi 4 and a CPU-intensive application to represent thermal attacks on cloud-edge systems. …

On The Vulnerability Of Openthread To Agile Denial Of Service Attacks, Casey Cronin, Sarah Diesburg Ph.D., Dheryta Jaisinghani Ph.D.

Summer Undergraduate Research Program (SURP) Symposium

The Internet of Things (IoT) includes physical devices such as sensors, connected home appliances, video monitoring systems, and smart classroom or smart warehouse applications. These devices can capture large amounts of data while using low amount of power to do it, as well as keep track of things going on around it and turn it into usable data for the user depending on what task it is performing.

IoT devices are not immune from security concerns, such as Denial of Service (DoS) attacks. These attacks are important to investigate because they can play a dangerous role in shutting down applications, …

Shor’S Algorithm: How Quantum Computing Affects Cybersecurity, Caroline Fedele, Asai Asaithambi

Showcase of Osprey Advancements in Research and Scholarship (SOARS)

Honorable Mention Winner

Almost all of today’s computer security relies on something known as the RSA cryptosystem. This system relies on a mathematical, specifically number theory, problem known as prime factorization, where a composite number is broken down into its two prime number factors. This in an ideal method for encryption because it is easy to multiply two numbers, encoding the data, but it much harder to determine which numbers were originally multiplied together, thus hard to decode the data. If this composite number is sufficiently large, there is no known algorithm for efficiently breaking it down – at least …

Encryption And Decryption With A Raspberry Pi Device, Taylor Powell

Undergraduate Research Symposium

The functioning of our modern digital world relies heavily on the security of modern encryption algorithms and their resistance to systematic attempts to access secure information. For the 2020 Department of Computer Science’s Raspberry Pi Programming Competition, I decided to explore encryption and decryption techniques available to any user with some programming knowledge and a desire to secure information from unwanted access.

I developed a program which allows a user to select between three types of encryption algorithms: a Caesar Cipher, a Vigenère Cipher, and a Stream Cipher. I also gave the user the option to further secure their encrypted …

Cybersecurity: Building A Better Defense With A Great Offense, David M. Cooke

Cybersecurity Undergraduate Research Showcase

The current industry standard for cybersecurity is risk mitigation, which is the identification, evaluation, and categorization of threats that are posed to an organization's network. The goal is to prevent attacks and if an organization is attacked popular standard is to react and remedy the attack. This form of cyber defense isn’t very reassuring to an organization and its users, once an attack is executed based on a study conducted by Booz Allen the average time an advanced persistent threat (APT) dwells on a victims’ network before it’s discovered is 200-250 days. That’s plenty of time for a malicious third …

Best Cybersecurity Practices For Companies, Post Van Buren, Mary Riley

Cybersecurity Undergraduate Research Showcase

Imagine this scenario: you are a small business owner, and you’ve just been informed of a network security breach. In your Zoom meeting with the IT Department, you learned the details: network activity logs revealed aberrant behavior after hours. Threat actors accessed systems containing sensitive information and downloaded copies of key files containing company trade secrets, market strategies, and customer data – all within a matter of minutes. Immediately, you review the consequences of the breach in your mind: reputational harm, monetary loss, and potential lawsuits. You ask the IT professional about the root cause of the breach. Was it …

Leverage Psychological Factors Associated With Lapses In Cybersecurity In Organizational Management, Chad Holm

Cybersecurity Undergraduate Research Showcase

With computers being a standard part of life now with the evolution of the internet, many aspects of our lives have changed, and new ways of thinking must come. One of the biggest challenges in most cyber security problems is not related to the software or the hardware; it is the people that are using the computers to access the data and communicate with others, where the hackers could simply find a weak entry point that naturally exists and a weak link caused by human hands. The human factor as an “insider threat” will affect unauthorized access, credentials stealing, and …

On The Usage And Vulnerabilities Of Api Systems, Conner D. Yu

Cybersecurity Undergraduate Research Showcase

To some, Application Programming Interface (API) is one of many buzzwords that seem to be blanketed in obscurity because not many people are overly familiar with this term. This obscurity is unfortunate, as APIs play a crucial role in today’s modern infrastructure by serving as one of the most fundamental communication methods for web services. Many businesses use APIs in some capacity, but one often overlooked aspect is cybersecurity. This aspect is most evident in the 2018 misuse case by Facebook, which led to the leakage of 50 million users’ records.1 During the 2018 Facebook data breach incident, threat actors …