Students: Alexandre Khalfallah
Faculty Mentor: Ashutosh Dutta
Abstract: This project aims to create a high interaction honeypot using Docker that is tailored to the context and goals of a small communication company with less than 10 employees. The honeypot will include services such as Kerberos, OpenVPN, SSH server, web intranet server, SNORT server, and simulation of clients to monitor lateral movements and credential theft. The honeypot structure and attacker roadmap will be defined to simulate attacks, including entering the VPN, discovering the network, attacking the website, taking data from the website, attacking Kerberos, getting authentication, and taking data from the SSH server. This study aims to improve understanding of how attackers can compromise small businesses and provide insights into how to improve cybersecurity.
Students: Taylor Bradley
Faculty Mentor: Lanier Watkins
Research Advisor: Dr. Elie Alhajjar, RAND Corporation
Abstract: Today, many organizations’ cyber defense and resiliency strategies rely heavily on the use of Intrusion Detection Systems (IDS) for the identification of cyber attacks. However, one downside of these systems is their reliance on known attack signatures for proper training and detection. As cyber-attacks become more sophisticated, their behavior can be difficult for IDS to learn and predict, as malicious behavior is often multifaceted. This makes it difficult to create and train robust IDS, as these qualities often lead to both high false positive and low detection rates. The next generation of IDS have been established as autonomic cybersecurity systems, and in this paper, we focus on improving the detection capabilities of these systems by applying our Survival Analysis technique, which helps to identify features that may contribute to misclassifications. To demonstrate the utility of our work: (1) we implement an Autonomic Cybersecurity system using multiple micro-intrusion detectors that aggregate the results and decides if the system has experienced anomalous behavior or not, (2) apply our threat model, and (3) review detection capabilities before and after applying our technique. Our results show that our approach, Autonomic Cybersecurity enhanced with Survival Analysis (ACSeSA), makes slight improvements in the detection capabilities of decision tree classifiers and even greater improvements for other types of classifiers such as linear regression and support vector machines.
Students: Yao Xiao, Roy Kwok, Fujia Zhang
Faculty Mentor: Lanier Watkins
Research Assistant: Ziang Liang, MSSI Student
Abstract: As the market for Internet of Things (IoT) devices experiences exponential growth, an increasing number of interconnected devices are being integrated into daily life, offering unparalleled convenience and efficiency, particularly in healthcare-related industries. Nevertheless, the widespread adoption of IoT devices has unveiled novel security challenges that present substantial risks to users’ data privacy and even physical safety. In this paper, we commence by examining a selection of recent studies on this subject and assessing their relevance to the current market challenges. Subsequently, we delineate our experimental plan, including the target devices, tools employed, and methodology. This is followed by the execution of our experimentation on the devices and a comprehensive analysis of the results. We will elucidate and discuss the implications of any discovered vulnerabilities. In conclusion, we synthesize our findings and portray potential avenues for future research. Our objective is to cultivate a profound understanding of the present IoT security landscape, thereby contributing to the advancement of more secure and robust IoT devices and networks for the benefit of all end users.
Students: Jiazong Gong
Faculty Mentor: Matt Green
Research Advisor: Harry Eldridge, Ph.D. Student
Abstract: To enable rigorous self-custody for recurring payments, we present a practical implementation that leverages time-lock encryption where the payments details cannot be decrypted before specified time. We describe the construction of time-lock encryption and detail the efforts taken in the transition from traditional finance to decentralized finance, as well as the existing solutions for our task. In later sections, we explain our application by providing implementation details and identifying the issues in our implementation. Based on the analysis of existing approaches to recurring payments on blockchain, we demonstrate evaluation qualitatively among different solutions in terms of efficiency, security, trustlessness, flexibility and ease of use. We draw the conclusion that our approach is better considering that it does not require trust assumptions where the user needs to trust intermediaries by sending private key under custody or linking credit card to the service. In the end, we discuss the limitations in the work and propose potential avenues that can be explored in future work.
Students: Xiao Hu, Chunzi Ye, Zishan Zhao
Faculty Mentor: Tim Leschke
Abstract: The widespread use of cell phones has given rise to a number of potent applications that, while greatly enhancing people’s lives, may also raise privacy and security concerns due to the collection of sensitive personal data. Investigators face additional forensic challenges due to the expanding market for applications and the fast evolving mobile operating system. In this context, we performed a thorough forensic examination of widely installed apps as well as frequently used built-in apps in the data sets of Android 11, which now holds the biggest market share, and iOS 14, which was released nearly simultaneously with Android 11. We carefully describe the pathways of critical data storage, the structure of the data collection, and the file types related to each application by horizontally comparing several programs on the same system. We further examine the data connected to each application and the type of information by vertically comparing the same application on different systems. Through our study, we are able to explain a rigorous and universal forensic method to investigators, showing them which file types are more likely to include important information and which files have less forensic value while also highlighting the relative significance of these applications. The precise data storage path, to help them with their forensics investigation. The narratives we give will be straightforward enough for common investigators without specialized forensic training to comprehend and be able to use these techniques and approaches to other datasets. As a reference for them when selecting an application, we can also identify potential privacy concerns for regular mobile phone users and compare the security performance of each application.
Students: Zhikai Li, Kai Xu
Faculty Mentor: Xiangyang Li
Abstract: Medical image segmentation is a critical task in the field of medical image analysis. It involves partitioning an image into distinct regions based on its features, which is crucial for accurate medical diagnosis, treatment planning, and disease monitoring. In recent years, medical image segmentation has emerged as one of the most significant application scenarios for machine learning, as the diagnostic results have a direct impact on doctors’ treatment strategies. However, medical segmentation models are highly susceptible to adversarial attacks, which can pose severe concerns since such attacks provoke incorrect pixel label predictions on medical images, potentially leading to misdiagnoses.
In this comprehensive study, we evaluated the robustness of five different medical segmentation models against targeted Iterative Fast Gradient Sign Method (I-FGSM) attacks. We analyzed the metric results of the Dice coefficient (DICE), which is a popular performance metric for image segmentation models. Our goal was to compare the resistance of these models to adversarial attacks, providing valuable insights for researchers and practitioners working on medical image segmentation.
Furthermore, we investigated various defense mechanisms to enhance the resilience of these models against adversarial attacks. Among the defense modules tested, we focused on the Non-local context encoder and a channel-wise feature attention mechanism known as the Attention Enhanced Non-Local Context Encoder (AE-NLCE) module. By integrating these defense modules into the segmentation models, we aimed to improve their performance and robustness against adversarial attacks, ultimately leading to more accurate and reliable medical diagnoses.
Students: Arpit Kubadia, Shriya Mehta
Faculty Mentor: Yinzhi Cao
Abstract: The rapidly evolving landscape of cybersecurity threats demands efficient and effective vulnerability scanning tools to protect digital infrastructures. Traditional open-source vulnerability scanning tools often require significant manual effort, multiple scans, and resource consumption. In response, we propose Gogeta, a modular and scalable vulnerability scanning framework designed to streamline the scanning process, minimize resource consumption, and maximize efficiency. Gogeta integrates multiple open-source tools into a single pipeline, automating multiple aspects of vulnerability identification and analysis. By leveraging a distributed architecture, Gogeta enables the use of multiple servers for large-scale scanning, reducing costs and improving scalability. The modular design allows for easy integration of new tools and customization, resulting in accurate and relevant results. Comparative analysis with existing tools revealed that Gogeta is significantly faster and more cost-effective. With Gogeta, researchers and organizations can achieve comprehensive vulnerability scanning while minimizing resource consumption and maximizing efficiency in a dynamic cybersecurity environment.
Students: Alexander Osborne
Faculty Mentor: Yinzhi Cao
Abstract: This project explores the implementation of the ODGen tool, which constructs an Object Dependence Graph while parsing Javascript code to aid in detecting vulnerabilities. In this approach, we seek to build upon ODGen by analyzing the graph created. Further, we seek to incorporate a machine learning model into the tool’s detection process. The aim of this project is to increase the accuracy and generalizability of the tool. The model is trained ODGen output data. We explored a variety of parameters and circumstances in an attempt to find the strongest predictors. The models were evaluated on unseen test data that was reserved from the ODGen output data they were trained on. The results indicate that the neural network model is not capable of generating good predictions of the “tainted” attribute. The findings do not indicate that machine learning is not capable of supplementing ODGen, and we discuss some potential alternative approaches.
Students: Yang Xiao, Jue Wang, Yuxuan Zhao
Faculty Mentor: Abhishek Jain
Abstract: Secure multi-party computation is proposed to solve the problem of collaborative computing between a group of distrustful participants under the premise of protecting private information without a trusted third party. The multi-party computation (MPC) approach requires all participants to commit for the entire duration of the agreement. As more and more people know MPC, they would like to use this protocol to solve some complex functions which will cost several hours or days. This will also make all participants spend lots of time working on it. The dynamic participation model for MPC can solve such situations, where parties can go offline or rejoin the computation as needed. In this work, we focus on analyzing the theory of fluid MPC, where parties can join and leave the computation dynamically. The minimum number of rounds that each party participates in is called fluidity, but at the same time, the number of rounds used to calculate must be the number of communication rounds online. We suggest two methods that fit in fluid MPC framework:
Students: Shun Yang, Tianze Ran, Ziang Liang
Faculty Mentor: Avi Rubin
Research Advisor: Dr. Michael Rushanan (Harbor Labs)
Abstract: With the continuous development of third-party sales platforms, more and more medical products have begun to be sold on these platforms. On the one hand, this does provide convenience for some groups of people who need medical devices, but it also provides an opportunity for malicious attackers or cybersecurity researchers to take advantage of it. Subsequently, the medical devices provided by Medical Device Manufacturers could be exposed to non-clinical or non-medical contexts. Therefore, the hospital or clinics may take risks to employ those devices. Under this circumstance, the goal for solving such a problem is to first assess the public exposure to those devices on the third market, and second, to implement the vulnerabilities lookup through the existing vulnerability database and reduce such risks accordingly. The whole process starts with setting up a web crawler to list a specific medical device that is available on a third-party marketplace. Moreover, the National Vulnerability Database (NVD) then has been applied to search for current vulnerabilities associated with that specific medical device given by the manufacturer. Ultimately, the Software Bill of Materials (SBOM) file could be generated after the NVD lookup procedure finds the corresponding Common Platform Enumeration (CPE), and the components of the Dependency Track will be created after importing the SBOM file. Consequently, the total amounts of such available medical devices would be reported and all known vulnerabilities corresponding to this type of device with different versions or similar parts would be illustrated as a risk profile on the Dependency Track webpage. The users could also acquire detailed vulnerability information based on an output file.
Students: Anshul Singhal, Liyin Li, Pratik Kayastha
Faculty Mentor: Matt Green
Abstract: Most existing authentication processes are third-party oriented. Maintaining duplicate information in a centralized manner is asserted to be a necessity. In this project, J-Card+, an identity management wallet application, proves that verifying access rights requires neither data replication nor arbitration authority. Constructing upon a novel identity access control protocol proposed by Iden3, it shows that authentication can be self-sufficient between a prover and a verifier. It preserves better privacy such that identity information is individually maintained, minimally distributed, and confidentially verified using zero-knowledge proofs. Serving as a building block of J-Card+, Wallet SDK and Issuer SDK are also built and delivered. To examine J-Card+’s security and scalability, the tactics of threat modeling and performance testing are applied. Supported by the findings of J-Card+ work, we argue that security need not be paid with the price of privacy. The proposing Iden3-based identity management solution is a prospective and rigorous alternative for third-party driven authentication systems.
Students: Saksham Sharma
Faculty Mentor: Matt Green
Research Advisor: Gabrielle Beck, Ph.D. Student
Abstract: Locks have fascinated hackers of all time. In this research project we analyze the smart locks that use mobile applications to operate the door lock. We concentrated our research on android applications and identified a set of 8 applications that include August Wi-Fi Smart Lock, Google Nest with Yale Lock, Switchbot, Lockly Pro, Eufy,Utec, Bosma, RemoteLock. We mainly focused our efforts to find cryptographic misuses in the android application through source code analysis. In some applications we found the use of old TLS version and the use of old cryptographic primitives. We were also able to dynamically analyze applications using genymotion as an emulator and bypassing SSL-Pinning using tools like Frida. We also tested the applications based on OWASP top 10 mobile issues.
Students: Punit Shah
Faculty Mentor: Tim Leschke
Abstract: With thousands of phone models available on the market and each one reacting to forensic tools and techniques differently, understanding what works for a particular model and extracting data from it for forensic analysis becomes a staggering task for law enforcement and forensic investigators. This project aims to help in that regard by creating a guide of what things worked on a Motorola One 5G Ace smartphone, what didn’t, and what obstacles investigators might face when trying to use these tools and techniques on this model.
Students: Rue Reddy
Faculty Mentor: Tim Leschke
Abstract: This research project attempts to perform forensic acquisition and examination on an Android device and document the forensically-sound artifacts collected – to address the escalating challenges that burden the Android OS forensics domain. The NIST Mobile Forensics Guidelines are applied to extract artifacts from a curated collection of applications (WhatsApp, Telegram, Signal, TikTok, Hinge, Tor Browser, Google Chrome, and Google Drive) installed on a rooted Motorola G Power running Android 11. In addition, a variety of open-source (ADB, Online NANDroid Backup, SQLite DB Browser) and commercial (Oxygen Forensics, MOBILedit Forensics, and Magnet ACQUIRE) software is employed to determine the most efficient investigation software and methodology. The data and insights from the experiments help build a better understanding of the current mobile application forensics scene, offer ways to overcome challenges faced during the investigation, and recognize implications of the forensic artifacts collected on preservation of user privacy.
Students: Cam Lischke
Faculty Mentor: Tom McGuire
Abstract: Traditional DNS queries are unencrypted. New options including DNS-over-TLS and DNS-over-HTTPS are gaining steam in the security community. This paper provides a guide to implement such encrypted-DNS capabilities in an enterprise environment, something left undone by the current literature. Next, this paper also investigates the true privacy provided by encrypted-DNS, suggesting their privacy measures are not as effective as supporters claim. A feed-forward neural network was trained to classify domain name resolution queries at near perfection when analyzing unpadded DNS-over-TLS. Though padding packets to a constant length does improve privacy greatly when classifying many target domains, binary classifiers still resulted in an alarming success rate. Additionally, the author performs standard timing analyses to show the potential to correlate encrypted-DNS queries to its corresponding web connections with accuracy as high as 83 percent. The threats proven in this paper from an eavesdropping attacker can cause catastrophic damage to the privacy of a client, even while using encrypted-DNS.
Students: Yilang Wan, Jianqiang Li, Jialin Xing
Faculty Mentor: Tom McGuire
Research Assistant: Yifan Wu, MSSI Student
Abstract: Nowadays, there are many kinds of consumer electronic devices on the market. A lot of them can be attached to our computers. When they do, device drivers’ code interacts directly with the kernel, giving them very high privileges in the operating system. This means that a part of the kernel code is written by third parties who may need more security awareness or technical capability to write secure driver code. Thus, there are many potential vulnerabilities in these driver codes and even one vulnerability can cause significant damage to the operating system because of the high privileges. Fuzzing is one of the most effective methods among various ways to find kernel vulnerabilities. Therefore, this paper presents the WDFuzzer, a fuzzing framework that focuses on finding vulnerabilities in Windows third-party drivers. In this paper, we first listed some device driver attack surfaces we found during our research. Then, we provide some background knowledge of the Windows driver model(WDM), Windows Driver Frameworks(WDF), Intel Virtualization Technology (Intel VT), and Intel Processor Trace to help readers better understand the paper. After that, we reviewed eight related works in great detail, such as Binary-only Scalable fuzzing Of Device drivers (BSOD), Syzkaller, and so on. Based on the related works, we present our design of the WDFuzzer and provide a detailed structure and execution flow demonstration including some of the technical details of our implementation. To prove the effectiveness and usability of the WDFuzzer, we conduct experiments on the HEVD driver and prove that the WDFuzzer framework can uncover bugs hidden in the driver code. At the end of this paper, we conclude with the bugs and vulnerabilities we found in the HEVD driver and some potential future improvements of the WDFuzzer framework.
Students: Yichao Xu, Ziyu Zhong
Faculty Mentors: Tony Dahbura, Krishan Sabnani
Abstract: Vehicle-to-everything (V2X) communication is an essential part of enhancing the safety of public transportation. It allows vehicles to communicate with each other and with infrastructures, such as traffic lights and road signs, in order to improve traffic flow and avoid accidents. This technology has the potential to save lives and make roads safer for everyone. Our work focuses on the security of the ITS-G5, which is the Euro standard for V2X communication. We discovered a vulnerability in the decentralized congestion control (DCC) mechanism, which enables us to interrupt all V2X communication with a DoS attack in a given range. To against this vulnerability, we proposed a heuristic congestion control algorithm that can mitigate the effects of the attack. We evaluated both the attack and defense on the Artery V2X simulator. In the simulator, our attack was able to cause a channel busy rate of around thirty percent, resulting in a packet loss rate of between forty and fifty percent in the two-vehicle scenario. Our protection mechanism was also effective in this scenario, reducing the packet loss rate to zero. Overall, our work highlights the importance of addressing potential vulnerabilities in V2X systems to ensure the safety of public transportation.
Students: Ruiyang Liu, Chongzhi Zhang, Tianyu Zhang
Faculty Mentor: Xiangyang Li
Abstract: Machine Learning models have long been widely used for security-related tasks like Intrusion Detection Systems (IDS), helping improve accuracy and identify the hidden pattern of threats, such as spam detection. However, these models have a born vulnerability in that they are easy to be tricked by adversarial attacks. The attacker could use a small but celebrated crafted perturbation on the sample and trap the Machine Learning model to acquire wrong predictions. In this project, we discovered the resistance qualification of the specific ML models to adversarial attacks and researched a quite new aspect, the Attack Entropy, which refers to the distribution of false predictions after the FGSM attack. We implemented three different Machine Learning models on the popular image classification datasets and subsequently perform adversarial attacks with the trained models. Specifically, we performed the FGSM adversarial attack on the CNN model, the modified Autoencoder model, as well as the optimized Transformer model in three different datasets, which are MNIST, EMNIST-Letter, and CIFAR10. Following that experiment outcome, we evaluated and analyzed the changes in accuracy and the attack entropy of different models under varying degrees of perturbation with several disparate datasets.
Students: Hao Chen, Ke Li, Yuanxin Sun
Faculty Mentor: Yinzhi Cao
Abstract: React is a popular open-source framework that is very useful for software developers to build the front-end of webpages. Prior works in Mining Node.js Vulnerabilities via Object Dependence Graph and Query has proposed a novel graph structure, called Object Dependence Graph (ODG), which is using abstract interpretation to represent JavaScript objects as nodes and their relationships with Abstract Syntax Tree (AST) as edges, then using the graph query to detect the vulnerabilities in Node.js.
Students: Xiecongyou Yang, Ziqi Ding, Meihan Lin
Faculty Mentor: Yinzhi Cao
Abstract: One of the most popular applications of blockchain, the smart contract, is sweeping the globe and is a key component of the blockchain ecosystem. The smart contract is the cornerstone of decentralized finance with a value in the billions of dollars. The blockchain-based credit system is destroyed as a result of regular smart contract security problems, which also cause enormous financial losses. Researchers worldwide pay close attention to the security and dependability of smart contracts as a result. In this article, we present a smart contract exploitation framework prototype. This Python-based framework is used to analyze smart contracts, launch exploits/Proof of Concepts, gather and classify exploits. The paper describes the software architecture, its goals, and main features and presents a concrete example of exploit testing, and development, etc.
Students: Shreyas Sriram, Sairam Kunapareddy, Yiyang Zhu
Faculty Mentor: Yinzhi Cao
Abstract: Humans are the weakest link and bad actors have constantly tried to exploit this to gain access to software systems. To this end, there have been attacks on organizations by spinning up websites that have similar names to that of the target organization. This is known as domain typosquatting, a kind of attack that is similar to look-alike businesses that eventually lead to lawsuits. Recently, these types of attacks have evolved to introduce a new kind of attack vector called package typosquatting. Broadly categorized under supply chain attacks, it is a type of software supply chain attack where the attacker uploads a package which has a similar name as an existing package on a public registry. In this way, some users may be confused and unintentionally download the malicious one instead of the legitimate one. In this research, we explore the methods to detect such attacks in the 3 most widely used package registries – NPM, PYPI and RubyGems. Our approach uses a combination of static and dynamic analysis of a package to judge whether it could be malicious or not. The tool was able to successfully flag recent typosquatting packages as malicious.
Students: Akshay Kaikottil, Sivam Negi, Ninad Shetty
Faculty Mentor: Yinzhi Cao
Abstract: Shopping bots may also be able to make purchases on behalf of users, either by directly interacting with online stores or by using a predefined set of rules to determine when and where to buy a particular product. These bots may be used for a variety of different purposes, including finding the lowest prices for products, tracking price changes over time, and identifying price trends. The aim of our research and this project is to provide insight into the various ways to differentiate bots from legitimate users and the techniques used by adversaries to bypass these methods. This will provide a deeper understanding of the functionality of captchas, residential proxies, data munging, private authorization tokens, and others. We will be using multiple different methodologies like CAPTCHA, Browser Fingerprinting, IP tracking, Honeypot, Response time taken, User Agent, and Private Access Tokens to create a rating model which can potentially be used to reliably predict if the visitor to the website is a human user or a malicious bot.
Students: Miao Zhang
Faculty Mentor: Yinzhi Cao
Abstract: Rendering is an important component of modern web browsers, which converts raw text data from the Internet to pixels displayed on the computer screen. Real-Time is a desirable feature in the development of web rendering which can render each image from the web content in less than 33ms. To achieve the goal of real-time rendering, modern browsers, operating systems, and graphics processing hardware have evolved to work together to form a large and sophisticated rendering pipeline. Unfortunately, the real-time rendering pipeline is a double-edged sword. On the one hand, it brings a smoother browsing experience for users, but on the other hand, it brings more dangerous security problems.
Render queue-based covert channel attacks are the focus of our study. Specifically, two malicious hackers at cross-origin sites can utilize a covert channel constructed based on rendering contention to transmit information illegally. Such an attack is highly threatening based on two facts:1.In modern real-time rendering pipelines(especially on consumer computers), multiple graphics rendering processes at the top inevitably compete for scarce hardware rendering resources(e.g.CPU, memory, GPU). 2. Covert channels are hidden under routine rendering tasks and are challenging to detect by intrusion detection mechanisms.