Engineering Commons^™

Mitigating Safety Concerns And Profit/Production Losses For Chemical Process Control Systems Under Cyberattacks Via Design/Control Methods, Helen Durand, Matthew Wegener

Chemical Engineering and Materials Science Faculty Research Publications

One of the challenges for chemical processes today, from a safety and profit standpoint, is the potential that cyberattacks could be performed on components of process control systems. Safety issues could be catastrophic; however, because the nonlinear systems definition of a cyberattack has similarities to a nonlinear systems definition of faults, many processes have already been instrumented to handle various problematic input conditions. Also challenging is the question of how to design a system that is resilient to attacks attempting to impact the production volumes or profits of a company. In this work, we explore a process/equipment design framework for …

Cyber Risk Assessment And Scoring Model For Small Unmanned Aerial Vehicles, Dillon M. Pettit

Theses and Dissertations

The commercial-off-the-shelf small Unmanned Aerial Vehicle (UAV) market is expanding rapidly in response to interest from hobbyists, commercial businesses, and military operators. The core commercial mission set directly relates to many current military requirements and strategies, with a priority on short range, low cost, real time aerial imaging, and limited modular payloads. These small vehicles present small radar cross sections, low heat signatures, and carry a variety of sensors and payloads. As with many new technologies, security seems secondary to the goal of reaching the market as soon as innovation is viable. Research indicates a growth in exploits and vulnerabilities …

Interoperable Ads-B Confidentiality, Brandon C. Burfeind

Theses and Dissertations

The worldwide air traffic infrastructure is in the late stages of transition from legacy transponder systems to Automatic Dependent Surveillance - Broadcast (ADS-B) based systems. ADS-B relies on position information from GNSS and requires aircraft to transmit their identification, state, and position. ADS-B promises the availability of high-fidelity air traffic information; however, position and identification data are not secured via authentication or encryption. This lack of security for ADS-B allows non-participants to observe and collect data on both government and private flight activity. This is a proposal for a lightweight, interoperable ADS-B confidentiality protocol which uses existing format preserving encryption …

Topical Review Of Vulnerability Management For Local Hampton Roads Industry, Gregory W. Hubbard Jr., Matthew Eunice

OUR Journal: ODU Undergraduate Research Journal

The progress towards an interconnected digital world offers an exciting level of advancement for humanity. Unfortunately, this “online” connection is not safe from the threats and dangers typically associated with physical operations. With the foundation of Cyber Command of DoD cyberspace, the United States Government is taking a prominent stance in cyberspace operations. Like the federal government, both industries and individuals are not immune and are oftentimes unknowingly at risk to cyberattack. This report hopes to bring awareness to common vulnerabilities in multi-user networks by describing a historical background on cyber security as well as outlining current methods of vulnerability …

Technological Challenges And Innovations In Cybersecurity And Networking Technology Program, Syed R. Zaidi, Ajaz Sana, Aparicio Carranza

Publications and Research

This era is posing a unique challenge to the Cybersecurity and related Engineering Technology areas, stimulated by the multifaceted technological boom expressed in accelerated globalization, digital transformation, the cloud, mobile access apps, and the Internet of Things (IoT)—where more and more devices are connected to the Internet every day. As the use of new Internet-based technologies increase; so does the risk of theft and misuse of sensitive information. This demands the awareness of cyber-criminality and the need for cyber hygiene in corporations, small businesses, and the government. As the need for experienced cybersecurity specialists has skyrocketed in recent years and …

Cybersecurity Education Through Technological And Engineering Literacy Standards, Philip A. Reed, Steven A. Barbato

STEMPS Faculty Publications

No abstract provided.

Evaluating The Resiliency Of Industrial Internet Of Things Process Control Using Protocol Agnostic Attacks, Hector L. Roldan

Theses and Dissertations

Improving and defending our nation's critical infrastructure has been a challenge for quite some time. A malfunctioning or stoppage of any one of these systems could result in hazardous conditions on its supporting populace leading to widespread damage, injury, and even death. The protection of such systems has been mandated by the Office of the President of the United States of America in Presidential Policy Directive Order 21. Current research now focuses on securing and improving the management and efficiency of Industrial Control Systems (ICS). IIoT promises a solution in enhancement of efficiency in ICS. However, the presence of IIoT …

Cybersecurity Education In Utah High Schools: An Analysis And Strategy For Teacher Adoption, Cariana June Cornel

Theses and Dissertations

The IT Education Specialist for the USBE, Brandon Jacobson, stated:I feel there is a deficiency of and therefore a need to teach Cybersecurity.Cybersecurity is the “activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation” (NICE, 2018). Practicing cybersecurity can increase awareness of cybersecurity issues, such as theft of sensitive information. Current efforts, including but not limited to, cybersecurity camps, competitions, college courses, and conferences, have been created to better prepare cyber citizens nationwide for such cybersecurity occurrences. In …

Process/Equipment Design Implications For Control System Cybersecurity, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

An emerging challenge for process safety is process control system cybersecurity. An attacker could gain control of the process actuators through the control system or communication policies within control loops and potentially drive the process state to unsafe conditions. Cybersecurity has traditionally been handled as an information technology (IT) problem in the process industries. In the literature for cybersecurity specifically of control systems, there has been work aimed at developing control designs that seek to fight cyberattacks by either giving the system appropriate response mechanisms once attacks are detected or seeking to make the attacks difficult to perform. In this …

Car Hacking: Accessing And Exploiting The Can Bus Protocol, Bryson R. Payne

Journal of Cybersecurity Education, Research and Practice

With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and one worth exploring both in the classroom and in the real world. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety, and the cybersecurity of these “data centers on wheels” is of greater concern than ever.

However, up to this point there has been a …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Unguided Cyber Education Techniques Of The Non-Expert, Seth A. Martin

Theses and Dissertations

The United States Air Force and Department of Defense continues to rely on its total workforce to provide the first layer of protection against cyber intrusion. Prior research has shown that the workforce is not adequately educated to perform this task. As a result, DoD cybersecurity strategy now includes attempting to improve education and training on cyber-related concepts and technical skills to all users of DoD networks. This paper describes an experiment designed to understand the broad methods that non-expert users may use to educate themselves on how to perform technical tasks. Preliminary results informed subsequent experiments that directly compared …

A Blockchain-Based Anomalous Detection System For Internet Of Things Devices, Joshua K. Mosby

Theses and Dissertations

Internet of Things devices are highly susceptible to attack, and owners often fail to realize they have been compromised. This thesis describes an anomalous-based intrusion detection system that operates directly on Internet of Things devices utilizing a custom-built Blockchain. In this approach, an agent on each node compares the node's behavior to that of its peers, generating an alert if they are behaving differently. An experiment is conducted to determine the effectiveness at detecting malware. Three different code samples simulating common malware are deployed against a testbed of 12 Raspberry Pi devices. Increasing numbers are infected until two-thirds of the …

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

J. Philip Craiger, Ph.D.

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

A Nonlinear Systems Framework For Cyberattack Prevention For Chemical Process Control Systems, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Recent cyberattacks against industrial control systems highlight the criticality of preventing future attacks from disrupting plants economically or, more critically, from impacting plant safety. This work develops a nonlinear systems framework for understanding cyberattack-resilience of process and control designs and indicates through an analysis of three control designs how control laws can be inspected for this property. A chemical process example illustrates that control approaches intended for cyberattack prevention which seem intuitive are not cyberattack-resilient unless they meet the requirements of a nonlinear systems description of this property.

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

National Training Aircraft Symposium (NTAS)

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

State Measurement Spoofing Prevention Through Model Predictive Control Design, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

Security of chemical process control systems against cyberattacks is critical due to the potential for injuries and loss of life when chemical process systems fail. A potential means by which process control systems may be attacked is through the manipulation of the measurements received by the controller. One approach for addressing this is to design controllers that make manipulating the measurements received by the controller in any meaningful fashion very difficult, making the controllers a less attractive target for a cyberattack of this type. In this work, we develop a model predictive control (MPC) implementation strategy that incorporates Lyapunov-based stability …

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring …

Low Latency Intrusion Detection In Smart Grids, Israel Zairi Akingeneye

Graduate Theses and Dissertations

The transformation of traditional power grids into smart grids has seen more new technologies such as communication networks and smart meters (sensors) being integrated into the physical infrastructure of the power grids. However, these technologies pose new vulnerabilities to the cybersecurity of power grids as malicious attacks can be launched by adversaries to attack the smart meters and modify the measurement data collected by these meters. If not timely detected and removed, these attacks may lead to inaccurate system state estimation, which is critical to the system operators for control decisions such as economic dispatch and other related functions.

This …

Dynamic Adversarial Mining - Effectively Applying Machine Learning In Adversarial Non-Stationary Environments., Tegjyot Singh Sethi

Electronic Theses and Dissertations

While understanding of machine learning and data mining is still in its budding stages, the engineering applications of the same has found immense acceptance and success. Cybersecurity applications such as intrusion detection systems, spam filtering, and CAPTCHA authentication, have all begun adopting machine learning as a viable technique to deal with large scale adversarial activity. However, the naive usage of machine learning in an adversarial setting is prone to reverse engineering and evasion attacks, as most of these techniques were designed primarily for a static setting. The security domain is a dynamic landscape, with an ongoing never ending arms race …

Teaching Hands-On Cyber Defense Labs To Middle School And High School Students: Our Experience From Gencyber Camps, Peng Jiang, Xin Tian, Chunsheng Xin, Wu He

Electrical & Computer Engineering Faculty Publications

With the high demand of the nation for next generation cybersecurity experts, it is important to design and provide hands-on labs for students at the K-12 level in order to increase their interest in cybersecurity and enhance their confidence in learning cybersecurity skills at the young age. This poster reports some preliminary analysis results from the 2016 GenCyber summer camp held at Old Dominion University (ODU), which is part of a nationwide grant program funded by the National Security Agency (NSA) and the National Science Foundation (NSF). This poster also demonstrates the design of three hands-on labs which have been …

Who's In And Who's Out?: What's Important In The Cyber World?, Tony M. Kelly

HON499 projects

The aim of this paper is to offer an introduction to the exploding field of cybersecurity by asking what are the most important concepts or topics that a new member of the field of cybersecurity should know. This paper explores this question from three perspectives: from the realm of business and how the cyber world is intertwined with modern commerce, including common weaknesses and recommendations, from the academic arena examining how cybersecurity is taught and how it should be taught in a classroom or laboratory environment, and lastly, from the author’s personal experience with the cyber world. Included information includes …

Aviation And Cybersecurity: Opportunities For Applied Research, Jon Haass, Radhakrishna Sampigethaya, Vincent Capezzuto

Publications

Aviation connects the global community and is moving more people and payloads faster than ever. The next decade will experience an increase in manned and unmanned aircraft and systems with new features and unprecedented applications. Cybertechnologies—including software, computer networks, and information technology—are critical and fundamental to these advances in meeting the needs of the aviation ecosystem of aircraft, pilots, personnel, passengers, stakeholders, and society. This article discusses current and evolving threats as well as opportunities for applied research to improve the global cybersecurity stance in the aviation and connected transportation industry of tomorrow.

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Improving Satellite Security Through Incremental Anomaly Detection On Large, Static Datasets, Connor Hamlet, Matthew Russell, Jeremy Straub, Scott Kerlin

Jeremy Straub

Anomaly detection is a widely used technique to detect system intrusions. Anomaly detection in Intrusion Detection and Prevent Systems (IDPS) works by establishing a baseline of normal behavior and classifying points that are at a farther distance away as outliers. The result is an “anomaly score”, or how much a point is an outlier. Recent work has been performed which has examined use of anomaly detection in data streams [1]. We propose a new incremental anomaly detection algorithm which is up to 57,000x faster than the non-incremental version while slightly sacrificing the accuracy of results. We conclude that our method …

Scada System Security: Accounting For Operator Error And Malicious Intent, Ryan Kilbride, Jeremy Straub, Eunjin Kim

Jeremy Straub

Supervisory control and data acquisition (SCADA) systems are becoming more and more com-monplace in many industries today. Industries are making better use of software and large scale control systems to run efficiently, without the need for large amounts of oversight. Security is a particularly large issue with such systems, however. A human must still be involved to ensure smooth operation in the event of catastrophic system error, or unusual circumstanc-es. Human involvement presents problems: operators could make mistakes, configure the system to operate sub-optimally or take malicious actions. This imple-mentation of SCADA security aims to combat these problems.

Teaching Cybersecurity Using The Cloud, Khaled Salah, Mohammad Hammoud, Sherali Zeadally

Information Science Faculty Publications

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our …

Framing The Question, "Who Governs The Internet?", Robert J. Domanski

Publications and Research

There remains a widespread perception among both the public and elements of academia that the Internet is “ungovernable”. However, this idea, as well as the notion that the Internet has become some type of cyber-libertarian utopia, is wholly inaccurate. Governments may certainly encounter tremendous difficulty in attempting to regulate the Internet, but numerous types of authority have nevertheless become pervasive. So who, then, governs the Internet? This book will contend that the Internet is, in fact, being governed, that it is being governed by specific and identifiable networks of policy actors, and that an argument can be made as to …

Aircraft Access To System-Wide Information Management Infrastructure, Mohammad Moallemi, Remzi Seker, Mohamed Mahmoud, Jayson Clifford, John Pesce, Carlos Castro, Massood Towhidnejad, Jonathan Standley, Robert Klein

Publications

Within the Federal Aviation Administration’s (FAA) NextGen project, System Wide Information Management (SWIM) program is the essential core in facilitating the collaborative access to the aviation information by various stakeholders. The Aircraft Access to SWIM (AAtS) initiative is an effort to connect the SWIM network to the aircraft to exchange the situational information between the aircraft and the National Airspace System (NAS). This paper summarizes the highlevel design and implementation of the AAtS infrastructure; namely the communication medium design, data management system, pilot peripheral, as well as the security of the data being exchanged and the performance of the entire …