Engineering Commons^™

Injecting Control Commands Through Sensory Channel: Attack And Defense, Farhad Rasapour

Boise State University Theses and Dissertations

Industrial Control System (ICS) is responsible for controlling and managing critical infrastructures like nuclear plants and power plants. ICS is equipped with various devices like communication media, Programmable Logic Controller (PLC), actuators, and sensors. Sensors are used to measure a physical phenomenon and send these measurements through the sensory channel to the control devices so they can make decisions on the movements of the actuators in the systems. While tampering with the sensor measurements has been the focus of many studies, there is some research that has concentrated on misusing a sensor and sensory channel as an axillary attack device …

Fingerprint Database Privacy Guard: An Open-Source System That Secures Fingerprints With Locality Sensitive Hashing Algorithms, Enrique Sanchez

Computer Science and Computer Engineering Undergraduate Honors Theses

Fingerprint identification is one of the most accurate sources of identification, yet it is not widely used in public facilities for security concerns. Moreover, the cost of fingerprint system is inaccessible for small-budget business because of their high cost. Therefore, this study created an open-source solution to secure fingerprint samples in the database while using low-cost hardware components. Locality Sensitive Hashing Algorithms such as ORB and Image hash were compared in this study as a potential alternative to SURF. To test the design, fifteen samples were collected and stored in a database without verifying the quality of the samples. Then, …

On-Chip Communication And Security In Fpgas, Shivukumar Basanagouda Patil

Masters Theses

Innovations in Field Programmable Gate Array (FPGA) manufacturing processes and architectural design have led to the development of extremely large FPGAs. There has also been a widespread adaptation of these large FPGAs in cloud infrastructures and data centers to accelerate search and machine learning applications. Two important topics related to FPGAs are addressed in this work: on-chip communication and security. On-chip communication is quickly becoming a bottleneck in to- day’s large multi-million gate FPGAs. Hard Networks-on-Chip (NoC), made of fixed silicon, have been shown to provide low power, high speed, flexible on-chip communication. An iterative algorithm for routing pre-scheduled time-division-multiplexed …

Forensic Analysis Of Immersive Virtual Reality Social Applications: A Primary Account, Ananya Yarramreddy, Peter Gromkowski, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Our work presents the primary account for exploring the forensics of immersive Virtual Reality (VR) systems and their social applications. The Social VR applications studied in this work include Bigscreen, Altspace VR, Rec Room and Facebook Spaces. We explored the two most widely adopted consumer VR systems: the HTC Vive and the Oculus Rift. Our tests examined the efficacy of reconstructing evidence from network traffic as well as the systems themselves. The results showed that a significant amount of forensically relevant data such as user names, user profile pictures, events, and system details may be recovered. We anticipate that this …

A Security Approach For The Example Sodium Fast Reactor, Christian X. Young, Robert S. Bean

The Summer Undergraduate Research Fellowship (SURF) Symposium

Increases in the spread of nuclear technology and the rise of non-state terrorism in the modern era has proved the need for effective security approaches to new nuclear facilities. Many documents about security approaches for nuclear plants are non-public material, however, making it difficult to teach others about the basics of security design. To alleviate this issue, we used available texts in the security realm to design a security approach for the Generation IV International Forum’s Example Sodium Fast Reactor. Our approach utilized infrared, microwave, fiber optic, and other advanced technologies to provide security for the special nuclear material present. …

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources (i.e., storage, …

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages. …

Tag Ownership Transfer In Radio Frequency Identification Systems: A Survey Of Existing Protocols And Open Challenges, Eyad Taqieddin, Hiba Al-Dahoud, Haifeng Niu, Jagannathan Sarangapani

Electrical and Computer Engineering Faculty Research & Creative Works

Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these …

Logging And Analysis Of Internet Of Things (Iot) Device Network Traffic And Power Consumption, Ryan Joseph Frawley

Master's Theses

An increasing number of devices, from coffee makers to electric kettles, are becoming connected to the Internet. These are all a part of the Internet of Things, or IoT. Each device generates unique network traffic and power consumption patterns. Until now, there has not been a comprehensive set of data that captures these traffic and power patterns. This thesis documents how we collected 10 to 15 weeks of network traffic and power consumption data from 15 different IoT devices and provides an analysis of a subset of 6 devices. Devices including an Amazon Echo Dot, Google Home Mini, and Google …

Security Analysis Of The Uconn Husky One Card, Trevor Phillips

Honors Scholar Theses

The “Husky One Card” is the name given to student IDs at the University of Connecticut. It can identify students, faculty, and staff in a variety of situations. The One Card is used for meal plans, Husky Bucks (an equivalent of money, but valid only in the Storrs area), residence hall/ university facility access, and student health services. The current Husky One Card consists of a picture identification on the front and a standard 1-dimensional barcode and 3-track magnetic strip on the back.

The goal of this thesis is to investigate the feasibility of cloning Husky One Cards, the ease …

Securing Critical Infrastructure: A Ransomware Study, Blaine M. Jeffries

Theses and Dissertations

This thesis reviews traditional ransomware attack trends in order to present a taxonomy for ransomware targeting industrial control systems. After reviewing a critical infrastructure ransomware attack methodology, a corresponding response and recovery plan is described. The plan emphasizes security through redundancy, specifically the incorporation of standby programmable logic controllers. This thesis goes on to describe a set of experiments conducted to test the viability of defending against a specialized ransomware attack with a redundant controller network. Results support that specific redundancy schemes are effective in recovering from a successful attack. Further experimentation is conducted to test the feasibility of industrial …

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.

Comparing The Effectiveness Of Different Classification Techniques In Predicting Dns Tunnels, Patrick Walsh

Dissertations

DNS is one of the most widely used protocols on the internet and is used in the translation of domain names into IP address in order to correctly route messages between computers. It presents an attractive attack vector for criminals as the service is not as closely monitored by security experts as other protocols such as HTTP or FTP. Its use as a covert means of communication has increased with the availability of tools that allow for the creation of DNS tunnels using the protocol. One of the primary motivations for using DNS tunnels is the illegal extraction of information …

Securing Soft Ips Against Hardware Trojan Insertion, Thao Phuong Le

Graduate Theses and Dissertations

Due to the increasing complexity of hardware designs, third-party hardware Intellectual Property (IP) blocks are often incorporated in order to alleviate the burden on hardware designers. However, the prevalence use of third-party IPs has raised security concerns such as Trojans inserted by attackers. Hardware Trojans in these soft IPs are extremely difficult to detect through functional testing and no single detection methodology has been able to completely address this issue. Based on a Register-Transfer Level (RTL) and gate-level soft IP analysis method named Structural Checking, this dissertation presents a hardware Trojan detection methodology and tool by detailing the implementation of …

On The Security And Quality Of Wireless Communications In Outdoor Mobile Environment, Sharaf J. Malebary

Theses and Dissertations

The rapid advancement in wireless technology along with their low cost and ease of deployment have been attracting researchers academically and commercially. Researchers from private and public sectors are investing into enhancing the reliability, robustness, and security of radio frequency (RF) communications to accommodate the demand and enhance lifestyle. RF base communications -by nature- are slower and more exposed to attacks than a wired base (LAN). Deploying such networks in various cutting-edge mobile platforms (e.g. VANET, IoT, Autonomous robots) adds new challenges that impact the quality directly. Moreover, adopting such networks in public outdoor areas make them vulnerable to various …

Social Engineering Knowledge Measured As A Security Countermeasure, Christopher Artejus Sanders

Theses and Dissertations

Social Engineering has become a significant threat to the security of business, government, and academic institutions. As vulnerabilities to social engineering attacks increase, organizations must incorporate risk mitigation strategies to their portfolios of Information Systems Security Countermeasures (ISSC). The goal is to implement mitigation strategies that balance the cost of implementation, the privacy of employees, and the resulting expected costs of social engineering attacks. In this paper we develop an analytical model that calculates the total cost of protection, including the trade-off between the cost of implementing protection strategies and the resulting expected cost of social engineering attacks. We use …

Genetic Programming-Based Pseudorandom Number Generator For Wireless Identification And Sensing Platform, Cem Kösemen, Gökhan Dalkiliç, Ömer Aydin

Turkish Journal of Electrical Engineering and Computer Sciences

The need for security in lightweight devices such as radio frequency identification tags is increasing and a pseudorandom number generator (PRNG) constitutes an essential part of the authentication protocols that provide security. The main aim of this research is to produce a lightweight PRNG for cryptographic applications in wireless identification and sensing platform family devices, and other related lightweight devices. This PRNG is produced with genetic programming methods using entropy calculation as the fitness function, and it is tested with the NIST statistical test suite. Moreover, it satisfies the requirements of the EPCGen2 standards.

Uas Pilots Code – Annotated Version 1.0, Michael S. Baum, Kristine Kiernan, Ryan J. Wallace Ed.D., Donald W. Steinman

Publications

The UAS PILOTS CODE (UASPC) offers recommendations to advance flight safety, ground safety, airmanship, and professionalism.6 It presents a vision of excellence for UAS pilots and operators, and includes general guidance for all types of UAS. The UASPC offers broad guidance—a set of values—to help a pilot interpret and apply standards and regulations, and to confront real world challenges to avoid incidents and accidents. It is designed to help UAS pilots develop standard operating procedures (SOPs), effective risk management,7 safety management systems (SMS), and to encourage UAS pilots to consider themselves aviators and participants in the broader aviation community.

Data Privacy And System Security For Banking And Financial Services Industry Based On Cloud Computing Infrastructure, Abhishek Mahalle, Jianming Yong, Xiaohui Tao, Jun Shen

Faculty of Engineering and Information Sciences - Papers: Part B

No abstract provided.