Physical Sciences and Mathematics Commons^™

Quantifying And Enhancing The Security Of Federated Learning, Virat Vishnu Shejwalkar

Doctoral Dissertations

Federated learning is an emerging distributed learning paradigm that allows multiple users to collaboratively train a joint machine learning model without having to share their private data with any third party. Due to many of its attractive properties, federated learning has received significant attention from academia as well as industry and now powers major applications, e.g., Google's Gboard and Assistant, Apple's Siri, Owkin's health diagnostics, etc. However, federated learning is yet to see widespread adoption due to a number of challenges. One such challenge is its susceptibility to poisoning by malicious users who aim to manipulate the joint machine learning …

Persistent Stealthy Attacks And Their Detection In Large Distributed Cyber-Physical Systems, Simon Bech Thougaard

Doctoral Dissertations

"Cyber-Physical Systems (CPS) are increasingly targeted by attackers using a wide and evolving array of methods. When these systems are distributed, every node represents a potential vulnerability, and secure system design must take this into account. Distributed CPSs also have the potential to better detect and handle attacks, by leveraging redundancies of physical measurements between adjacent nodes. The main purpose of this research is to determine the conditions that render a distributed CPS more resistant to attacks, and the conditions that render it more vulnerable. The work is centered around two separate applications: The Smart Grid and Autonomous Drone Swarms. …

An Analysis Of Modern Password Manager Security And Usage On Desktop And Mobile Devices, Timothy Oesch

Doctoral Dissertations

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior.

I begin my analysis by conducting the first security evaluation of the …

Concentration Inequalities In The Wild: Case Studies In Blockchain & Reinforcement Learning, A. Pinar Ozisik

Doctoral Dissertations

Concentration inequalities (CIs) are a powerful tool that provide probability bounds on how a random variable deviates from its expectation. In this dissertation, first I describe a blockchain protocol that I have developed, called Graphene, which uses CIs to provide probabilistic guarantees on performance. Second, I analyze the extent to which CIs are robust when the assumptions they require are violated, using Reinforcement Learning (RL) as the domain. Graphene is a method for interactive set reconciliation among peers in blockchains and related distributed systems. Through the novel combination of a Bloom filter and an Invertible Bloom Lookup Table, Graphene uses …

Security Against Data Falsification Attacks In Smart City Applications, Venkata Praveen Kumar Madhavarapu

Doctoral Dissertations

Smart city applications like smart grid, smart transportation, healthcare deal with very important data collected from IoT devices. False reporting of data consumption from device failures or by organized adversaries may have drastic consequences on the quality of operations. To deal with this, we propose a coarse grained and a fine grained anomaly based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to detect different attacks. We also built a trust scoring metric to filter out the malicious devices. Another challenging problem is injection of …

Design And Implementation Of Path Finding And Verification In The Internet, Hao Cai

Doctoral Dissertations

In the Internet, network traffic between endpoints typically follows one path that is determined by the control plane. Endpoints have little control over the choice of which path their network traffic takes and little ability to verify if the traffic indeed follows a specific path. With the emergence of software-defined networking (SDN), more control over connections can be exercised, and thus the opportunity for novel solutions exists. However, there remain concerns about the attack surface exposed by fine-grained control, which may allow attackers to inject and redirect traffic. To address these opportunities and concerns, we consider two specific challenges: (1) …

Secure Blockchains For Cyber-Physical Systems, Matthew Edward Wagner

Doctoral Dissertations

“Blockchains are a data structure used to perform state agreement in a distributed system across an entire network. One unique trait of blockchains is the lack of a centralized trusted third-party to control the system. This prevents a corrupted trusted third party from being able to control the entire blockchain. All nodes can reach agreement in an untrusted network where nodes do not need to trust one another to believe the accuracy of the information stored. Two main issues occur when trying to apply this technology to other applications: verifiability and scalability. In previous blockchain architectures, there is no way …

Intrusion Detection System Of Industrial Control Networks Using Network Telemetry, Stanislav Ponomarev

Doctoral Dissertations

Industrial Control Systems (ICSs) are designed, implemented, and deployed in most major spheres of production, business, and entertainment. ICSs are commonly split into two subsystems - Programmable Logic Controllers (PLCs) and Supervisory Control And Data Acquisition (SCADA) systems - to achieve high safety, allow engineers to observe states of an ICS, and perform various configuration updates. Before wide adoption of the Internet, ICSs used "air-gap" security measures, where the ICS network was isolated from other networks, including the Internet, by a physical disconnect [1]. This level of security allowed ICS protocol designers to concentrate on the availability and safety of …