Engineering Commons^™

Entropy Aided Rf-Dna Fingerprint Learning From Gabor-Based Images, Mohamed Alfatih Taha

Masters Theses and Doctoral Dissertations

The number of devices connected to the internet have been increasing and shape Internet of Things (IoT). The security of IoT is an issue due to the use of weak or no encryption. Specific Emitter Identification (SEI) was introduced to overcome this issue by introduce RF-DNA fingerprinting exploring the PHY layer features. Recently, The SEI performance improved by the usage of the signal’s Time Frequency (TF) representation and accelerated using the Deep learning (DL) Convolutional Neural Network (CNN). While the classification accuracy has been improved from using raw signals learning the amount of data generated is large and computationally expensive. …

Artificial Intelligence-Enabled Exploratory Cyber-Physical Safety Analyzer Framework For Civilian Urban Air Mobility, Md. Shirajum Munir, Sumit Howlader Dipro, Kamrul Hasan, Tariqul Islam, Sachin Shetty

VMASC Publications

Urban air mobility (UAM) has become a potential candidate for civilization for serving smart citizens, such as through delivery, surveillance, and air taxis. However, safety concerns have grown since commercial UAM uses a publicly available communication infrastructure that enhances the risk of jamming and spoofing attacks to steal or crash crafts in UAM. To protect commercial UAM from cyberattacks and theft, this work proposes an artificial intelligence (AI)-enabled exploratory cyber-physical safety analyzer framework. The proposed framework devises supervised learning-based AI schemes such as decision tree, random forests, logistic regression, K-nearest neighbors (KNN), and long short-term memory (LSTM) for predicting and …

An Optimized And Scalable Blockchain-Based Distributed Learning Platform For Consumer Iot, Zhaocheng Wang, Xueying Liu, Xinming Shao, Abdullah Alghamdi, Md. Shirajum Munir, Sujit Biswas

School of Cybersecurity Faculty Publications

Consumer Internet of Things (CIoT) manufacturers seek customer feedback to enhance their products and services, creating a smart ecosystem, like a smart home. Due to security and privacy concerns, blockchain-based federated learning (BCFL) ecosystems can let CIoT manufacturers update their machine learning (ML) models using end-user data. Federated learning (FL) uses privacy-preserving ML techniques to forecast customers' needs and consumption habits, and blockchain replaces the centralized aggregator to safeguard the ecosystem. However, blockchain technology (BCT) struggles with scalability and quick ledger expansion. In BCFL, local model generation and secure aggregation are other issues. This research introduces a novel architecture, emphasizing …

Learnings From A National Cyberattack Digital Disaster During The Sars-Cov-2 Pandemic In A Pediatric Emergency Medicine Department, Fiona Leonard, Hugh O'Reilly, Carol Blackburn, Laura Melody, Dani Hall, Eleanor Ryan, Kate Bruton, Pamela Doyle, Bridget Conway, Michael Barrett

Articles

Objective: The primary objective was to analyze the impact of the national cyberattack in May 2021 on patient flow and data quality in the Paediatric Emergency Department (ED), amid the SARS-CoV-2 (COVID-19) pandemic. Methods: A single site retrospective time series analysis was conducted of three 6-week periods: before, during, and after the cyberattack outage. Initial emergent workflows are described. Analysis includes diagnoses, demographic context, key performance indicators, and the gradual return of information technology capability on ED performance. Data quality was compared using 10 data quality dimensions. Results: Patient visits totaled 13 390. During the system outage, patient experience times …

A Survey Of Using Machine Learning In Iot Security And The Challenges Faced By Researchers, Khawlah M. Harahsheh, Chung-Hao Chen

Electrical & Computer Engineering Faculty Publications

The Internet of Things (IoT) has become more popular in the last 15 years as it has significantly improved and gained control in multiple fields. We are nowadays surrounded by billions of IoT devices that directly integrate with our lives, some of them are at the center of our homes, and others control sensitive data such as military fields, healthcare, and datacenters, among others. This popularity makes factories and companies compete to produce and develop many types of those devices without caring about how secure they are. On the other hand, IoT is considered a good insecure environment for cyber …

Analyzing Microarchitectural Residue In Various Privilege Strata To Identify Computing Tasks, Tor J. Langehaug

Theses and Dissertations

Modern multi-tasking computer systems run numerous applications simultaneously. These applications must share hardware resources including the Central Processing Unit (CPU) and memory while maximizing each application’s performance. Tasks executing in this shared environment leave residue which should not reveal information. This dissertation applies machine learning and statistical analysis to evaluate task residue as footprints which can be correlated to identify tasks. The concept of privilege strata, drawn from an analogy with physical geology, organizes the investigation into the User, Operating System, and Hardware privilege strata. In the User Stratum, an adversary perspective is taken to build an interrogator program that …

Healthcare Information Security Maturity Model Grande Ronde Hospital, Pallavi Agrawal, Riad Alharithi, Karthik Manjunath, Kamal Thapa, Eric Ingersoll, Sujitha Rajagopal

Engineering and Technology Management Student Projects

Technology offers significant advantages in improving the delivery of healthcare to patients. The technology creates electronic data associated with each patient. The data journey starts from the collection point, through the data warehouses that store the data, the application that processes the data, and the medium that transfers the data throughout the patient's life. Data collection starts with patients filling out web forms on a provider's website. This information is stored for the Healthcare organization in remote servers managed by developers and is shared with healthcare specialists, hospitals, labs, pharmacists, insurance providers, and billing software among many other healthcare workers. …

Precursors Of Email Response To Cybersecurity Scenarios: Factor Exploration And Scale Development, Miguel A. Toro-Jarrin, Pilar Pazos-Lago, Miguel Padilla

Engineering Management & Systems Engineering Faculty Publications

In the last decade, information security research has further expanded to include human factors as key elements of the organization's cybersecurity infrastructure. Numerous factors from several theories have been explored to explain and predict the multitude of information security-related behaviors in organizations. Lately, there has been a call for the study of specific cybersecurity behaviors in contextualized scenarios that reflect specific and realistic situations of a potential cyber-attack. This paper focuses on precursors of email response in situations that can be the origin of cybersecurity incidents in organizations (i.e., phishing attacks, ransomware, etc.). This study explores participants' intentions to follow …

Reference-Free Differential Histogram-Correlative Detection Of Steganography: Performance Analysis, Natiq M. Abdali, Zahir M. Hussain

Research outputs 2022 to 2026

Recent research has demonstrated the effectiveness of utilizing neural networks for detect tampering in images. However, because accessing a database is complex, which is needed in the classification process to detect tampering, reference-free steganalysis attracted attention. In recent work, an approach for least significant bit (LSB) steganalysis has been presented based on analyzing the derivatives of the histogram correlation. In this paper, we further examine this strategy for other steganographic methods. Detecting image tampering in the spatial domain, such as image steganography. It is found that the above approach could be applied successfully to other kinds of steganography with different …

Matters Of Biocybersecurity With Consideration To Propaganda Outlets And Biological Agents, Xavier-Lewis Palmer, Ernestine Powell, Lucas Potter, Thaddeus Eze (Ed.), Lee Speakman (Ed.), Cyril Onwubiko (Ed.)

Electrical & Computer Engineering Faculty Publications

The modern era holds vast modalities in human data utilization. Within Biocybersecurity (BCS), categories of biological information, especially medical information transmitted online, can be viewed as pathways to destabilize organizations. Therefore, analysis of how the public, along with medical providers, process such data, and the methods by which false information, particularly propaganda, can be used to upset the flow of verified information to populations of medical professionals, is important for maintenance of public health. Herein, we discuss some interplay of BCS within the scope of propaganda and considerations for navigating the field.

Titan: Uncovering The Paradigm Shift In Security Vulnerability At Near-Threshold Computing, Prabal Basu, Pramesh Pandey, Aatreyi Bal, Chidhambaranathan Rajamanikkam, Koushik Chakraborty, Sanghamitra Roy

Electrical and Computer Engineering Faculty Publications

In this paper, we investigate the emerging security threats at Near-Threshold Computing (NTC) that are poised to jeopardize the trustworthy operation of future low-power electronic devices. A substantial research effort over the last decade has bolstered energy efficient operation in low-power computing. However, innovation in low-power security has received only marginal attention, thwarting a ubiquitous adoption of critical Internet of Things applications, such as wearable gadgets. Using a cross-layer methodology, we demonstrate that the timing fault vulnerability of a circuit rapidly increases as the operating conditions of the transistor devices shift from super-threshold to near-threshold values. Exploiting this vulnerability, we …

Immersive Virtual Reality Attacks And The Human Joystick, Peter Casey, Ibrahim Baggili, Ananya Yarramreddy

Electrical & Computer Engineering and Computer Science Faculty Publications

This is one of the first accounts for the security analysis of consumer immersive Virtual Reality (VR) systems. This work breaks new ground, coins new terms, and constructs proof of concept implementations of attacks related to immersive VR. Our work used the two most widely adopted immersive VR systems, the HTC Vive, and the Oculus Rift. More specifically, we were able to create attacks that can potentially disorient users, turn their Head Mounted Display (HMD) camera on without their knowledge, overlay images in their field of vision, and modify VR environmental factors that force them into hitting physical objects and …

Cybersecurity Planning For Artificial Intelligent Systems In Space, Gary Langford, Lucas Beaulieu, Jeffery Carpenter, Ian Watkins, Brock Marsh, Teah Heidorn, Chris Chase

Engineering and Technology Management Faculty Publications and Presentations

CubeSats continue to proliferate and are an excellent low-cost method of remote sensing. A key piece of intelligent systems is sensory input, data storage, and data communications. With the continued miniaturization of technology, CubeSats will increase their sensory inputs with future miniaturization and enhance their robustness for autonomous operations if data and communications are secure. These futures inspire an intelligent system solution to on-orbit communications. This paper explores a dual-microprocessor approach to improve hardware cybersecurity of intelligent systems, with a view toward intensional intelligence as a means of adjudicating access to sensitive data onboard the CubeSat. With enhanced cybersecurity, Artificial …

Labeled-Image Captcha: Concept Of A Secured And Universally Useful Captcha, Mokter Hossain, Ken Nguyen, Muhammad Asadur Rahman

International Journal of Business and Technology

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used online security tool that ensures that a computer program is not posing as a human user. While smart programs with advanced image processing capability have already cracked picture based captcha systems there is a need for making the test harder. This paper presents a design prototype of a simplified type of labeled-image captcha where a picture of a common animal or household item is marked with a number of different labels and the users will be asked to provide the correct label for specific …

Fifa: Exploring A Focally Induced Fault Attack Strategy In Near-Threshold Computing, Prabal Basu, Chidhambaranathan Rajamanikkam, Aatreyi Bal, Pramesh Pandey, Trevor Carter, Koushik Chakraborty, Sanghamitra Roy

Electrical and Computer Engineering Faculty Publications

In this letter, we explore the emerging security threats of near-threshold computing (NTC). Researchers have shown that the delay sensitivity of a circuit to supply voltage variation tremendously increases, as the circuit's operating conditions shift from traditional super-threshold values to NTC values. As a result, NTC systems become extremely vulnerable to timing fault attacks, jeopardizing trustworthy computing. Inspired by the operation of a polymorphic virus, we propose a novel threat model for NTC, referred to as a focally induced fault attack (FIFA). FIFA employs a machine learning framework to ascertain the circuit vulnerabilities and generates targeted software modules to cause …

Anex: Automated Network Exploitation Through Penetration Testing, Eric Francis Dazet

Master's Theses

Cyber attacks are a growing concern in our modern world, making security evaluation a critical venture. Penetration testing, the process of attempting to compromise a computer network with controlled tests, is a proven method of evaluating a system's security measures. However, penetration tests, and preventive security analysis in general, require considerable investments in money, time, and labor, which can cause them to be overlooked. Alternatively, automated penetration testing programs are used to conduct a security evaluation with less user effort, lower cost, and in a shorter period of time than manual penetration tests. The trade-off is that automated penetration testing …

Dynamic Network Security Control Using Software Defined Networking, Michael C. Todd

Theses and Dissertations

This thesis develops and implements a process to rapidly respond to host level security events using a host agent, Software Defined Networking and OpenFlow updates, role based flow classes, and Advanced Messaging Queuing Protocol to automatically update configuration of switching devices and block malicious traffic. Results show flow table updates are made for all tested levels in less than 5.27 milliseconds and event completion time increased with treatment level as expected. As the number of events increases from 1,000 to 50,000, the design scales logarithmically caused mainly by message delivery time. Event processing throughput is limited primarily by the message …

The Proceedings Of 14th Australian Digital Forensics Conference, 5-6 December 2016, Edith Cowan University, Perth, Australia, Craig Valli

Australian Digital Forensics Conference

Conference Foreword

This is the fifth year that the Australian Digital Forensics Conference has been held under the banner of the Security Research Institute, which is in part due to the success of the security conference program at ECU. As with previous years, the conference continues to see a quality papers with a number from local and international authors. 11 papers were submitted and following a double blind peer review process, 8 were accepted for final presentation and publication. Conferences such as these are simply not possible without willing volunteers who follow through with the commitment they have initially made, …

Labeled-Image Captcha: Concept Of A Secured And Universally Useful Captcha, Mokter Hossain, Ken Nguyen, Muhammad Asadur Rahman

UBT International Conference

Captcha (Completely Automated Public Turing test to tell Computers and Humans Apart) is a widely used online security tool that ensures that a computer program is not posing as a human user. While smart programs with advanced image processing capability have already cracked picture based captcha systems there is a need for making the test harder. This paper presents a design prototype of a simplified type of labeled-image captcha where a picture of a common animal or household item is marked with a number of different labels and the users will be asked to provide the correct label for specific …

Real-Time Detection System For Suspicious Urls, Krishna Prasad Chouty, Anup Chandra Thogiti, Kranthi Sudha Vudatha

All Capstone Projects

Twitter is prone to malicious tweets containing URLs for spam, phishing, and malware distribution. Conventional Twitter spam detection schemes utilize account features such as the ratio of tweets containing URLs and the account creation date, or relation features in the Twitter graph. These detection schemes are ineffective against feature fabrications or consume much time and resources. Conventional suspicious URL detection schemes utilize several features including lexical features of URLs, URL redirection, HTML content, and dynamic behavior. However, evading techniques such as time-based evasion and crawler evasion exist. In this paper, we propose WARNINGBIRD, a suspicious Real-Time URL detection system for …

Micro-Policies: Formally Verified, Tag-Based Security Monitors, Arthur Azevedo De Amorim, Maxime Denes, Nick Giannarakis, Cătălin Hriţcu, Benjamin C. Pierce, Antal Spector-Zabusky, Andrew Tolmach

Computer Science Faculty Publications and Presentations

Recent advances in hardware design have demonstrated mechanisms allowing a wide range of low-level security policies (or micro-policies) to be expressed using rules on metadata tags. We propose a methodology for defining and reasoning about such tag-based reference monitors in terms of a high-level “symbolic machine,” and we use this methodology to define and formally verify micro-policies for dynamic sealing, compartmentalization, control-flow integrity, and memory safety; in addition, we show how to use the tagging mechanism to protect its own integrity. For each micro-policy, we prove by refinement that the symbolic machine instantiated with the policy’s rules embodies a high-level …

Teaching Cybersecurity Using The Cloud, Khaled Salah, Mohammad Hammoud, Sherali Zeadally

Information Science Faculty Publications

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our …

High Speed Clock Glitching, Santosh Desiraju

ETD Archive

In recent times, hardware security has drawn a lot of interest in the research community. With physical proximity to the target devices, various fault injection hardware attack methods have been proposed and tested to alter their functionality and trigger behavior not intended by the design. There are various types of faults that can be injected depending on the parameters being used and the level at which the device is tampered with. The literature describes various fault models to inject faults in clock of the target but there are no publications on overclocking circuits for fault injection. The proposed method bridges …

Quantification Of Information Flow In Cyber Physical Systems, Li Feng

Doctoral Dissertations

"In Cyber Physical Systems (CPSs), traditional security mechanisms such as cryptography and access control are not enough to ensure the security of the system since complex interactions between the cyber portion and physical portion happen frequently. In particular, the physical infrastructure is inherently observable; aggregated physical observations can lead to unintended cyber information leakage. Information flow analysis, which aims to control the way information flows among different entities, is better suited for CPSs than the access control security mechanism. However, quantifying information leakage in CPSs can be challenging due to the flow of implicit information between the cyber portion, the …

Understanding The Methods Behind Cyber Terrorism, Maurice E. Dawson Jr., Marwan Omar, Jonathan Abramson

Maurice Dawson

Cyber security has become a matter of national, international, economic, and societal importance that affects multiple nations (Walker, 2012). Since the 1990s users have exploited vulnerabilities to gain access to networks for malicious purposes. In recent years the number of attacks on U.S. networks has continued to grow at an exponential rate. This includes malicious embedded code, exploitation of backdoors, and more. These attacks can be initiated from anywhere in the world from behind a computer with a masked Internet Protocol (IP) address. This type of warfare, cyber warfare, changes the landscape of war itself (Beidleman, 2009). This type of …

Avatar Captcha : Telling Computers And Humans Apart Via Face Classification And Mouse Dynamics., Darryl Felix D’Souza

Electronic Theses and Dissertations

Bots are malicious, automated computer programs that execute malicious scripts and predefined functions on an affected computer. They pose cybersecurity threats and are one of the most sophisticated and common types of cybercrime tools today. They spread viruses, generate spam, steal personal sensitive information, rig online polls and commit other types of online crime and fraud. They sneak into unprotected systems through the Internet by seeking vulnerable entry points. They access the system’s resources like a human user does. Now the question arises how do we counter this? How do we prevent bots and on the other hand allow human …

Advances In Sca And Rf-Dna Fingerprinting Through Enhanced Linear Regression Attacks And Application Of Random Forest Classifiers, Hiren J. Patel

Theses and Dissertations

Radio Frequency (RF) emissions from electronic devices expose security vulnerabilities that can be used by an attacker to extract otherwise unobtainable information. Two realms of study were investigated here, including the exploitation of 1) unintentional RF emissions in the field of Side Channel Analysis (SCA), and 2) intentional RF emissions from physical devices in the field of RF-Distinct Native Attribute (RF-DNA) fingerprinting. Statistical analysis on the linear model fit to measured SCA data in Linear Regression Attacks (LRA) improved performance, achieving 98% success rate for AES key-byte identification from unintentional emissions. However, the presence of non-Gaussian noise required the use …

Fort-Nocs: Mitigating The Threat Of A Compromised Noc, Dean Michael Ancajas, Koushik Chakraborty, Sanghamitra Roy

Electrical and Computer Engineering Faculty Publications

In this paper, we uncover a novel and imminent threat to an emerging computing paradigm: MPSoCs built with 3rd party IP NoCs. We demonstrate that a compromised NoC (C-NoC) can enable a range of security attacks with an accomplice software component. To counteract these threats, we propose Fort-NoCs, a series of techniques that work together to provide protection from a C-NoC in an MPSoC. Fort-NoCs's foolproof protection disables covert backdoor activation, and reduces the chance of a successful side-channel attack by "clouding" the information obtained by an attacker. Compared to recently proposed techniques, Fort-NoCs offers a substantially better protection with …

A Systematic Security Evaluation Of Android’S Multi-User Framework, Edward Paul Ratazzi, Yousra Aafer, Amit Ahlawat, Hao Hao, Yifei Wang, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Like many desktop operating systems in the 1990s, Android is now in the process of including support for multiuser scenarios. Because these scenarios introduce new threats to the system, we should have an understanding of how well the system design addresses them. Since the security implications of multi-user support are truly pervasive, we developed a systematic approach to studying the system and identifying problems. Unlike other approaches that focus on specific attacks or threat models, ours systematically identifies critical places where access controls are not present or do not properly identify the subject and object of a decision. Finding these …

Measuring Security: A Challenge For The Generation, Janusz Zalewski, Steven Drager, William Mckeever, Andrew J. Kornecki

Department of Electrical Engineering and Computer Science - Daytona Beach

This paper presents an approach to measuring computer security understood as a system property, in the category of similar properties, such as safety, reliability, dependability, resilience, etc. First, a historical discussion of measurements is presented, beginning with views of Hermann von Helmholtz in his 19th century work “Zählen und Messen”. Then, contemporary approaches related to the principles of measuring software properties are discussed, with emphasis on statistical, physical and software models. A distinction between metrics and measures is made to clarify the concepts. A brief overview of inadequacies of methods and techniques to evaluate computer security is presented, followed by …