Student Projects Completed in 2015-2016

Spring 2016 Student Projects

  • Students:Mason Hemmel, Harsh Chaturvedi

    Faculty Mentor: Avi Rubin

    Abstract: With the ubiquity of cloud computing has come intense study into the security issues particular to the paradigm. As it is trivial for an attacker to position himself on the same machine as a target, covert channels have arisen as one of these issues. In this paper, we demonstrate a new method to create a covert channel between two co-located virtual machines controlled by an attacker. We also present a study of the accuracy of the channel at varying speeds of operation along with suggestions for further work in the area.

  • Students: Lakshmi Narasimhan Srinivasan, Navaneeth Krishnan Subramania, Prashanth Kannan

    Faculty Mentor: Lanier Watkins

    For this project, we investigated the working of the DJI Phantom 3 Standard Drone and the Parrot Bebop Drone, and uncovered vulnerabilities which can be exploited to cause severe disruption in flight, DoS of video transmission from the drone to the mobile device or in the worst case- complete breakdown of the drone. During the course of investigation, we uncovered the following for the DJI Phantom 3 Standard Drone:

    1) The root password of the FTP server running on the drone which could enable the attacker to cause permanent damage to the communication system of the drone

    2) Unprotected FTP access to the media files stored in SD card on the drone

    3) Unprotected firmware update mechanism

    4) Vulnerability to DoS attack done via ping flood

    We also uncovered upon analysis of the Parrot Bebop Drone:

    1) Vulnerability to DoS attack on an unprotected open port 54321

    Using a vulnerability for the Parrot Bebop Drone that a team from Johns Hopkins University had previously uncovered, we have also written an Android based application called ‘Drone Dropper’, which will automate the attack on the Parrot Bebop Drop, enabling a third party to take down the drone remotely by using the application. This document will contain the code and working of the Drone Dropper.

    Finally, we will present conclusions for our discoveries and indicate areas of further study in this context.

  • Student:Sean Beck

    Faculty Mentor: Lanier Watkins

    Abstract: Hackers employ many tools in their nefarious practices. Hash crackers, Metasploit, or SQL injection are just some of these tools. An often-overlooked tool is DNS. Hackers will use DNS packets to exfiltrate data from targets or to communicate with their implants. They also use malicious domain names to harden communications for their malware or to capitalize on typographical errors. Detecting this malicious usage of DNS involves maintaining a white list or other basic detection techniques. Machine learning is the new frontier in all aspects of Computer Science. It is especially useful for detection techniques in the realm of security. In this paper, we explore the application of Semi-Supervised machine learning to the detection of malicious uses of DNS. Using multiple algorithms, we prove that machine learning is an effective technique for detecting new and continuing threats presented through the use of DNS.

Fall 2015 Student Projects

  • Student: Deepak Agrawal

    Faculty Mentor: Watkins

    Abstract: This project attempts to apply detection techniques to a wireless timing based covert channel based on CPU speed modulation. The detection techniques also apply to the wireless timing based covert channels based on artificial sleep method created. The detection channels focus particularly on TCP and UDP protocols. Properties such as interarrival times for different packet counts are utilized for the detection.

  • Student: Linfeng Zhou

    Faculty Mentor: Jain

    Abstract: Time-Lock Puzzles are a mechanism for sending messages “to the future”. A sender can quickly generate a puzzle with a solution s such that remains hidden until a moderately large amount of time t has elapsed. The solution s should be hidden from any adversary that runs in time significantly less than t, including resourceful parallel adversaries with polynomially many processors.

  • Student: Yiyuan Hu

    Faculty Mentor: Li

    External Advisor: Xenia Mountrouidou (Wofford College)

    Abstract: In this project we focus on collaborative covert storage channel (CSC) detection and mitigation approaches and their implementation. We employ SDN that offers holistic information about traffic flows and a separation of data and control planes, to improve both efficiency and accuracy of detecting and mitigating CSCs. First, we develop a mechanism that consists of monitors and correlators, which can be dynamically coordinated to detect and mitigate covert channel threats. Second, we study techniques that make CSCs stealthier, and potential countermeasures to such more sophisticated covert communication. We study the capability of SDN for CSC analysis on a realistic test bed, GENI (Global Environment for Network Innovations).

  • Students: Chih-Chao Chang, Peizhao Li, Weihong Lou

    Faculty Mentor: Leschke

    Abstract: Distributed denial-of-service attack affects cyber-security severely. Many business website and nonprofit service such as GitHub all suffer from this notorious attack. In this paper we propose the development of new and original data visualization techniques to support the analysis of data in support of problem in DDoS attack. We conduct a review of the information security and data visualization research literature. In addition, we identify a test data set and develop a software tool that provides an original data visualization technique that addresses the existing non perfect visualization problem. In the end, we validated original data visualization technique with a user study.

  • Students: Aljawharah Alzahrani, Anubha Nagawat, Zhao Zhao

    Faculty Mentor: Rubin

    External Advisors: Qinqing (Christine) and Zhang (JHUAPL)

    Abstract: Our research began with doing a literature survey of the security standards in different medical devices. Then we tried to find security vulnerabilities in a specific medical device called Alaris Drug Infusion Pump. What we have discovered is that this high security of Alaris pumps was credited not only to technical implementation of the hardware and software; but to a huge extent that credit goes to the business policies followed by Alaris.

  • Students: Mike Hooper, Yifan Tian, Bin Cao, Runxuan Zhou

    Faculty Mentor: Watkins

    External Advisor: Charlie Leeper (JHUAPL)

    Abstract: In this project we demonstrate that the standard ARDiscovery Connection process and the Wi-Fi access point used in the Parrot Bebop Drone are exploitable such that the drone’s ability to fly can be disrupted mid-flight by a remote attacker. We believe these vulnerabilities are systemic in Wi-Fi-based Parrot AR.Drones (Version 2.0). We observed the normal operation (i.e., ARDiscovery Connection process over Wi-Fi) of the Parrot Bebop Drone to be: (1) broadcasting its service set identifier (SSID), (2) allowing any Wi-Fi enabled device to connect to it, (3) accepting a specifically formatted JSON record on port 44444, and (4) only allowing one primary mobile device to communicate on port 54321 using the FreeFlight mobile device application. Then we used a fuzzing technique to discover that the Parrot Bebop Drone is vulnerable to denial of service (DoS) and buffer-overflow attacks during its ARDiscovery Connection process. The exploitation of these vulnerabilities could result in catastrophic and immediate failure of the drone’s rotors. Also, we discovered that the Parrot Bebop Drone is vulnerable to an ARP Cache Poisoning attack at any time during its operation, which essentially can disconnect the primary mobile device user and in most cases causes the drone to land or return home.

  • Student:Wlajimir Alexis

    Faculty Mentor: Watkins

    Abstract: In this research, we present a behavior-based authentication system for drivers. We extract data from the vehicle’s OBD port and from a mobile device’s accelerometer to fingerprint driver profiles to authenticate into the vehicle. More specifically we use the wavelet transform to pre-process accelerometer and On Board Diagnostics II (OBDII) port data to develop individual driver fingerprints and we use machine learning algorithms to discern between driver fingerprints. Unlike current methods for vehicle authentication (i.e. smartcards, smart key fobs, etc.), this method continuously verifies the drivers profile. Behavioral authentication adds a layer of security to current methods of which can easily be shared, stolen, or spoofed. Our method is statically impossible to spoof while the driver is in operation of the vehicle. The results are favorable yielding a driver identification rate of 76.67% to 100% across a diverse set of experiment scenarios.

  • Students: Apoorva Patankar,  Bing Han, Madhupreetha Chandrasekaran

    Faculty Mentor: Watkins

    Abstract: This project focuses on the study of three malwares, namely, Pitou, Torec and NGE Mobi. To perform this study, copies of the malware were obtained using sites such as where we used the hashes of the files to verify its integrity. Followed by the collection of malware samples, static analysis (analysis of the code), dynamic analysis (study of network connections, processes, files and registry modifications) and online sandbox analysis was performed. The results of these analyses were recorded and documented. This report is a detailed documentation of how we performed the analysis and the results that were obtained.

  • Students: Forest Mead and Jeffrey Zielinski

    Faculty Mentor: Watkins

    Abstract: A network covert channel is an established method of concealing information in another medium for the purposes of covert communication. As the use of mobile devices has become pervasive, it is of interest to explore the possibility of covert communication between such devices. In this project we sought to prove the efficacy of timing based network covert channels on mobile platforms. To do this we created an Android application with the capability to communicate with other instances of the application over local networks, the internet, and mobile networks via a timing based network covert channel. We describe the internal workings of both the channel and the application. We then use this application as the basis of experimentation to show the accuracy, speed, and overall effectiveness of the channel. This work shows that timing based network covert channels on mobile platforms are an effective means of phone-to-phone communication.

  • Students: Nikunj Malik, Jayanarayan  Mittur Chandramouli , Prahlad Suresh

    Faculty Mentor: Watkins

    Abstract: In this paper, we present a method to verify the type of mobile device through an examination of its network behavior. We believe that some mobile devices (i.e. iOS) down throttle the network response of some network traffic (i.e. ICMP) to conserve battery power, and consequently has an effect on the network behavior of the devices and how they respond to certain events. As a proof-of-concept, ICMP request packets are employed to observe delay events at multiple networking layers. We demonstrate that this method can be used as an alternative to using MAC addresses, or other historical analysis methods to remotely verify mobile device type (i.e. Android, iOS, and Windows Phone).

  • Students: Jeffrey Chan, Lionel D’Souza, Pavan Tej Chekuri

    Faculty Mentor: Watkins

    External Advisor: Joseph Carrigan

    Abstract: Botnets such as Zeus have been always out there, and with the rise of new malwares, we tackle on one of the other variations of Zeus, KINS (Kasper Internet Non-Security). Instead of just analyzing the malware and its usage, we approach our capstone project in capturing real world command and control servers out there, and see how they communicate with us. Though we are acting as bait, we are understanding how real attackers out there interact with systems in which we can control. Not only are we trying to understand how KINS works, but we are understanding how the manipulation of the malware affects the interaction between the infected computer to real world command and control servers.

JHU Information Security Institute