Students: Henghui Li, Zhiyuan Li
Faculty Mentor: Lei Ding
Abstract: Nowadays, with the prevalence of big data, the number of logs generated by the system continues to increase, traditional ways of reading or viewing are no longer suitable. To deal with such large-scale log data, ELK stack is an excellent choice for Network data monitoring and log analytics. Considering this, we choose ELK stack as the key point to implement a system which is able to perform different network attack detection. In our capstone project, we first reviewed the literature and existed solution related to this field. Based on this, we set goals for the systems we are going to design and choose Blueliv Data Set, Malware Domain Lists and Spamhaus Spam Database as the data set. Then we give out the design of our system, which is able to handle a ton of log files. To explore how ELK Stack can be utilized on the real-life production environment, we set the Filebeat Nginx Module for log management. And with the logs collected, we focus on the detection for following fields: malicious and botnet IPs visiting, crimeserver IPs Visiting, DNS blocklist IPs visiting, DDOS attack. At last, we use Kibana to visualize and analyze the results.
Students: Benjamin Brostoff, Natalie Larsen
Faculty Mentor: Avi Rubin
Abstract: Internet of Things (IoT) devices continue to expand in scope and capability while security lags behind. One type of IoT device that has increased in popularity is a smart speaker that can allow users to control other smart devices or access their personal information with just their voice. Smart speakers, like the Google Home, are prime targets for attack because of their connections to multiple devices and personal information as well as their ability to take an unlimited number of commands from any voice. The Google Home and Android phones implement a speaker verification system, called Voice Match, to allow personalized voice access to secure functions. Our research shows that Voice Match has multiple vulnerabilities that put it at high risk of an easy brute force attack. This paper explores the nature of those vulnerabilities and gives recommendations for potential remediation.
Students: Shane Sartalamacchia, Richard Bradt, Karan Dhareshwar
Faculty Mentor: Lanier Watkins
Abstract:
As technology advances, pushing past current limitations to reach new heights, the Internet of Things (IoT) field continues to grow exponentially. In a quest to make technology better for people and provide even greater convenience, these IoT devices are being built to operate more autonomously. However, operating autonomously brings greater scrutiny of the device’s security due to the reduced interaction of a human with the device. The device must be secure in order to safely operate autonomously to achieve its tasks.
In this project, we explore the potential vulnerabilities of the autonomous functionality in several IoT devices. We investigate the attacks against the device’s sensors and logic used to process the sensor data. We conducted several tests to investigate how secure these devices are while operating autonomously.
Throughout our research, we discovered that the DJI Spark has a vulnerability against infrared light. When subjected to infrared light over a brief time, this device stops functioning autonomously in its Active Track mode. However, the same infrared light did not affect the DJI Phantom 4. We theorize that this vulnerability is due to the corruption of the autonomous logic within the Spark caused by an accumulation of software errors from its infrared and optical sensors.
Students: Avijit Kumar, Jibraan Singh Chahal, Ujjawal Sharma
Faculty Mentor: Xiangyang Li
Abstract: With Information security being one of the most important agenda on most of the companies’ planning, Security Operations Center (SOC) is instrumental to understanding, detection, identification and response of all cyber attacks. However, one problem for an 1SOC to be offered as a common service is its expense. Often even large firms can barely afford an SOC and building an in-house SOC requires a lot of capital. For small companies, it likely is something which comes at the end of the list while preparing a budget for information security. Though, its importance is equal for both kinds of companies. For this project, we aimed to create an SOC using several open source tools to build an easily deployable SOC model with negligible capital. Such an SOC will cater to the need of education, research and small to medium scale industries. Nowadays, data is interlinked with all sizes of industry and SOC as a service should be a necessity rather than a luxury. Our prototype tries to create an SOC with the basic functionality of integrating various open source tool which has the capability of capturing data, identifying intrusions, critical failures caught in logs, identifying viruses and visualizing the network topology. Our prototype is able to show all the basic requirements of an SOC in action such as network topology visualization, data accumulation, logging, network intrusion and malicious system activity alerts with basic responses against them. As in any project, there are different aspects that can be improved. In our prototype future work can be done on the inclusion of IoT devices and a sophisticated correlation for the alerts.
Students: Hong Ma, Mengqi Qin, Bowen Shi
Faculty Mentor: Seth Nielson
Abstract: In cryptography, side-channel attacks analyze the physical implementation of electronic devices and systems that are relatively simple and inexpensive to execute like power consumption, timing, and temperature.
In this paper, we focused on using a timing attack to try to reveal some information behind messages signed by Hardware Security Module (HSM). We’ve done much literature review about this topic and found that the timing difference was mostly related to the different hamming weight of plaintexts and the approaches to deeply analyze it are mostly used based on this situation. But we got a quite different data pattern. After we analyzed the data, we found that the hamming weight didn’t affect the timing quite much. We controlled variables and determined that the timing difference may be only related to some inside factors of keys. There may have some functional relationships between key and timing difference. We then built many models using machine learning methods, we used classification and regression and many machine learning algorithms including the neural network to analyze the models. We also found that there is some relationship with the key and the running time, but need more data and deeper neutral network to build a stronger model.
Students: Sagar Wani, Chankaya Gaur
Faculty Mentor: Lanier Watkins, Mika Ayeson
Abstract: Cyber Threat Emulation involves operators using real techniques from different
APTs and emulating them in an environment. It is typically used for training and assessment purposes. Defenders train against threat emulators to improve their defensive incident and response actions. The purpose of this capstone project is to develop a model that will be used to take known APT tactics, techniques and procedures and use them in CTE training environments.
Student: Harsimar Bagga
Faculty Mentor: Lanier Watkins
Abstract: When the first drones were made, they were not designed with security in mind. This trait has passed down to the current market of drones as well. The number of Drones in America are increasing day by day. According to FAA, there will be more than 7 million drones flying over America by 2020. But there has not been much research related to the security of these drones, especially when it comes to Autonomous drones. Autonomous drones are drones which are capable of different autonomous functions like self-take-off and landing, collision detection, following a subject and advanced functions like computer vision, machine learning and artificial intelligence. It has become imperative to test these drones for any security vulnerabilities that they might have since they are now being used for various purposes including military uses. Drones today can collect private data like videos and images as well as metadata about that data which can also reveal the location of the data. If the data from the drones are leaked, it can lead to serious security and privacy breaches.
It is important to test these drones in a safe environment and then fix any vulnerabilities that they might have so that there is no privacy breach from these autonomous drones. The objective of this project is to do a complete multi-vendor security assessment of drones which are capable of autonomous flights.
Student: Erwen Shan, Miao Zhang, Lingyun Zhao
Faculty Mentor: Matt Green
Abstract: Machine learning (ML) has grown rapidly in modern society in the past few years. Many data holders try to apply ML to their own datasets. Due to the complexity of ML frameworks, some data holders choose to expose their data to ML service providers for better efficiency. This brings the main problem that we have in this paper—the security of the data used in ML algorithms cannot be guaranteed when the data holders choose to expose the data to ML service providers. As far as we are concerned, it is realistically possible to solve this problem by using the Intel Software Guard Extension(SGX) due to the security feature of Intel SGX.
In this paper, we design, implement and evaluate a system for privacy- preserving machine learning on Intel SGX. In this system, we apply a public ML model, which can be checked by the ML service users so the public ML model can be considered trusted. The ML model is located in the Intel SGX enclave and the Intel SGX enclave is located in a cloud provider platform. During the computation process, we also outsource some computation to a faster untrusted processor, which is also located in the cloud provider platform, for better efficiency. In this paper, we also propose and evaluate the use of Gaussian Variant of Freivalds’ Algorithm (GVFA) in the secure delegation of layer operators.
The system we realized can be adopted in practical cloud services to achieve confidentiality, integrity and availability in Machine Learning as a Service (MLaaS).
Students: Dylan Richmond, Matthew Shonman, Jingcheng Yang
Faculty Mentor: Xiangyang Li, Seth Nielson
Abstract: We present an empirical study that tests the usability of configuring the TLS cryptographic protocol on an Apache web server. We also examine the effectiveness of the website www.cryptodoneright.org, which offers information on cryptography concepts, at reducing users’ difficulties with this task. Ultimately, 3 of our 15 participants successfully completed the task. Our results suggest that the TLS deployment process is challenging, particularly for individuals with limited or no experience maintaining web servers. Although our results are statistically inconclusive, we describe several TLS usability challenges as well as participants’ interactions with CryptoDoneRight, while recommending directions for future research efforts on these topics.
Students: Mingqing Kang, Yingzhe Zhang, Nan Ding
Faculty Mentor: Yinzhi Cao
Abstract: Currently, major browser vendors are striving to provide better privacy protection strategies. Fingerprinting is one of the challenges in privacy protection. Many researchers have found that when different computers (different GPUs) are rendering the same graphic, the drawing path of pixels may be different, which means that different GPUs calculate different data. These differences can distinguish between different GPUs as well as PCs by creating a finger- print that threats privacy. Previous studies have found that there are two reasons for the difference in calculation results between different GPUs. First, the difference in floating point calculation accuracy inside the GPU. Second, the design and implement acceleration algorithms by the GPU vendors for their device, which will also result in different calculation results.
In this paper, we propose a fingerprinting protection method, which let CPU take float calculation tasks over traditional GPU. After exploring various conversion path combined with current research fruits on Github, we successfully proved that the results of matrix calculation maintain consistency on distinct hardware, hence erasing personal identifies.
Students: Peiyu Wang, Zheming Li, Chenfeng Nie
Faculty Mentor: Avi Rubin
Abstract: Internet of Things (IoT) devices security testing is a relatively new area in the security industry. The process of IoT security testing can be improved by having better tools. This Capstone project is divided into two parts: IoT security testing framework and Wireless Data Collection Harness & Kit(WDCHK). We believe that an IoT testing VM and IoT testing framework can benefit IoT security research. In this article, we will explain the design and implementation of the IoT security testing framework. The pre-installed tools in IoT testing VM focus on OWASP TOP-10 IoT Vulnerabilities. We will explain each vulnerability in detail and discuss what kind of tool should be used for testing. WiFi is one of the widest used wireless communication protocol for IoT devices. WDCHK as a wireless fingerprinting framework, its functionality includes traffic capture, traffic analysis, and device location mapping. In this paper, we will discuss our research on 802.11 Wireless frames, Python library for packet analysis, WiFi traffic decryption and formula to calculate physical distance base on signal strength. We perform functionality tests on both IoT security testing framework and WDCHK; the result will be discussed in this paper.
Students: Salman Salman, Saikiran Yamajala, Shruti Paul
Faculty Mentor: Lanier Watkins, Zachary Birnbaum
Abstract: SCADA (supervisory control and data acquisition) is a computer system that is used in critical infrastructure across the United States. They are well embedded into industries including telecommunications, gas, manufacturing, and oil refinery. Due to the critical nature of SCADA systems, they are high profile subjects for cyber-attacks particularly now that these systems become increasingly online. Almost all of the automation of processes happens with the use of programmable logic controllers. These PLCs are simple circuit boards that operate on an input/output basis. One of the issues with the programmable logic controllers is that they are not set up in a non-persistent manner, so there needs to be a resilient, non-persistent way to store current and past system states that are used to manipulate the PLCs interaction with sensors inside a virtualized environment. By achieving this, the virtualized PLCs can be restored immediately if there is a cyber attack and the greater operation will not be affected. Our team was able to configure and set up a simulated PLC network consisting of multiple clients and one server where the clients represent the PLCs and server represents the main Master. We simulated an attack on one of the PLCs that knocked it offline and another PLC was able to restore it with the prior’s state with no loss in state. We prove that our model works as a practical framework for simulating and testing virtualized PLC environments.
Students: Shuai Wang, Ziyao Kang
Faculty Mentor: Tim Leschke
The Internet of Things (IoT) are flooding the market and peoples daily life. Millions of machines such as vehicles, watches, vacuum cleaner and smoke detectors are being connected to the Internet. These IoT devices are continuously increasing, which, on one hand, makes humans life more convenient, but on the other hand, brings anxious about IoT security and privacy. The development of microelectronic techniques and embedded system also provides much broader development space of IoT devices. Facing with increasingly intelligent machines, investigators and law enforcement should raise concerns. This paper formalizes the comprehensive techniques for extracting specific forensic information from a common household IoT device, robot vacuum cleaner. The robot vacuum cleaner could play different roles in a crime. Thus, we describe the potential forensic information that can be collected from it. And then, we discuss how to analysis those information to help investigator reconstruct the certain criminal scene. Finally, we are aimed to use this paper to inspirit the investigators wits. The traditional thinking mode of household electronic device.
Students: Kandarp Khandwala and Siddharth Syal
Faculty Mentor: Matt Green
Abstract: The publicly available mechanisms for data deletion do not provide a “proof” of actual data deletion. They turn the data deletion system into a black box – the user has to trust the outcome but cannot easily verify it. With this project, we are proposing a cryptographic solution to this problem by sealing the data in an encrypted manner while storing the associated keys in a Trusted Platform Module (TPM) or a Trusted Execution Environment (TEE) such as Intel SGX. Only an authorized user can then request deletion of this sealed data using a secure channel. All operations taking place are also publicly available for verification using a third party escrow by the way of remote attestation or secure logging. Overall, this allows the data deletion process to become more transparent and verifiable. We also present a proof-of-concept implementation of our solution to demonstrate practical feasibility of the solution.
Students: Steven Cheng, Venkata Aditya Bollapragada, Antara Sargam
Faculty Mentor: Seth Nielson
Abstract: Ransomware is a specialized form of malware that encrypts a systems files and renders them inaccessible unless the victim pays a ransom, normally a couple hundred USD in Bitcoin. Ransomware has caused serious damage over the recent years, infecting thousands of critical systems, such as hospital computers and public transportation systems [1] [2].
Backups can serve as an effective solution to ransomware, however, a victim won’t be able to recover any recent files or changes that were made after the backup point. For large systems, creating backups is also a non- trivial use of space and bandwidth. The primary purpose of this paper serves as an introduction to the validity of using RAM Journaling to extract any asymmetric or symmetric keys. With this method, we aim to allow a victim the ability to fully decrypt every file without having to pay a ransom and without having to incur a large processing cost.
Students: Dewank Pant, Manan Wason, Varun Gurnaney
Faculty Mentor: Matt Green
Abstract: Information security is the most essential aspect of resources and systems on the internet these days. For both critical and non critical resources we need authentication systems in place which are able to provide information to the intended users and protect it against intruders.
An authentication system generally relies on password based mechanism for logging in a unique user and then provides them with the desired information. In certain cases other forms of layered authentication mechanism are also used to enforce secure authentication.
In this project we had an aim to develop a Multi Factor Authentication system which relies on both hardware, software and network based contexts from a user’s registered devices in order to generate a confidence score based on the confidence engine.
User’s confidence score is generated in the background thus making it less interfering for the user experience. We try to minimize the interruptions a user faces while logging in via 2FA, and other Multi Factors Authentication systems.
Students: Weizhou Wang and Runjie Zhang
Faculty Mentor: Seth Nielson
Abstract: Malware is always one of the biggest threats in the cybersecurity. This paper is focusing on the research of defending next-generation malware on the Windows platform. First, we did research on the popular propagation techniques and evasive techniques implemented by the malware. Second, the defense mechanisms and techniques which can be implemented on the Windows platform have been illustrated in detail. Then based on the third party’s report and the report of the hands-on analyzed samples, the features of malware development trends have been summarized. By combining malware development trends to the real scenario, the blueprint of next-generation malware has been envisioned. The envisioned next-generation malware is mainly based on file less attack. In addition, the design of next-generation malware is similar to a large-scale software which is comprehensive and extendable. Finally, against the next-generation malware, the structure of the next-generation defense mechanism has been designed and envisioned, which is a “defend in depth” mechanism combining traditional defense methods with novel trend has been has been out-of-date, the smart household IoT devices could provide significant forensic interests to the investigators.
Students: Yiming Xie, Qiyang Gu, Binji Li
Faculty Mentor: Matt Green
Abstract: Nowadays with blockchain technology, Immutable and retrievable data storage could be realized in a decentralized system. These features have many uses in the industrial areas, but there still exists some problem like massive data redundancy and scaling problem. These problems make the traditional blockchain less efficient to store data. In order to store data in a more efficient and reliable way, we replaced the traditional blockchain with new DAG structure in the peer to peer network. We also replaced the power consuming mining proof-of-work scheme with a new proof-of-witness based on multi- signature technology. Besides, we get rid of the transaction of a traditional chain and turned the transaction into the witness of other blocks so that the data integration is protected by the hash pointers. In this way, the data storage will be more efficient, and the data integrity still gets guaranteed. Every node in the system has an equal functionality and they authenticate and back up each other. The system can handle more message in the same time period as a decentralized reliable data storage system. However, there still exists some problems in this design, the security and fairness analysis is conducted in the paper.
Students: Yonqiang Fan, Haiwen Sun
Faculty Mentor: Seth Nielson
Abstract: With 5G technology comes to light, the world had one more big step towards the era of Internet of Things(IoT). With more and more devices plugging in into the Internet, there also comes with a security risk for IoT devices. Currently, IoT devices are third party and easily to be broken into, since most of the IoT devices are very close to our daily life, the threats can come from anywhere. This brings the question to us: How do we cope with untrusted devices?
The current solution like Byzantine fault tolerance system has proven to be working so far, but maybe there is a better way than a âA˘ IJstep functionâA˘ I˙ which declare the devices would all be untrustworthy after a certain threshold.
Maybe there is a different approach, one that we can make use of as much information as possible, so even if an IoT device is compromised, we can still make use part of its data to improve the accuracy of the applications.
Students: Yue Yu, Sifan Li
Faculty Mentor: Lanier Watkins
Abstract: With the rapid development of Internet technology, mobile devices have become a necessary part of people’s work and life. With the great convenience it has brought us, more threats spring out. The malware is one of the major threats on mobile devices. According to the Internet Security Threat Report wrote by Symantec (Symantec, 2018), the number of mobile malware continues to increase. Compared with 2016, the increment of mobile malware is 54 percent in 2017. In this paper, our objective is to establish a mobile malware intrusion detection system based on deep learning models. Based on the previous research in similar regions, we used much more normal applications and malware to train the model to prove the feasibility and dependability of this network-based mobile malware detection.
Students: Yu-Tsern Jou, Ying Liu, Menghan Bai
Faculty Mentor: Seth Nielson
Abstract: In this project, we explored the possibility of doing timing cryptanalysis on an open source HSM. The targeted algorithm is the widely used RSA PKCS #1 v1.5 signing scheme, which was recently proved to be secure mathematically. By measuring the general timing characteristics of this HSM and analyzing limitations on existing timing attacks, we found that it is secure against all of the known timing attacks except the one created by Dhem et al. However, we did not succeed when performing such attack. To find out the reason for failure, we carefully analyze this attack and found that there is an erroneous assumption in it. By disproving this assumption with mathematical reasoning and experimental results, we conclude that timing side channels that leak sensitive information does not exist. To sum up, although we cannot prove it will remain secure against all future timing attacks, we still show convincing reasons why we believe its security to some degree. At least, existing timing attacks are all ineffective.