Publications

MINIMAX GAME-THEORETIC APPROACH TO MULTISCALE H 1 OPTIMAL FILTERING

July 24, 2017

Hamza Anwar and Quanyan Zhu

Sensing in complex systems requires large-scale information exchange and on-the-go communications over heterogeneous networks and integrated processing platforms. Many networked cyber-physical systems exhibit hierarchical infrastructures of information flows, which naturally leads to a multi-level tree-like information structure in which each level corresponds to a particular scale of representation. This work focuses on the multiscale fusion of data collected at multiple levels of the system. We propose a multiscale state-space model to represent multi-resolution data over the hierarchical information system and formulate a multi-stage dynamic zero-sum game to design a multi-scale H robust filter.

A Dynamic Game Analysis and Design of Infrastructure Network Protection and Recovery

July 21, 2017

Juntao Chen, Corinne Touati, Quanyan Zhu

Infrastructure networks are vulnerable to both cyber and physical attacks. Building a secure and resilient networked system is essential for providing reliable and dependable services. To this end, we establish a two-player three-stage game framework to capture the dynamics in the infrastructure protection and recovery phases. Specifically, the goal of the infrastructure network designer is to keep the network connected before and after the attack, while the adversary aims to disconnect the network by compromising a set of links. With costs for creating and removing links, the two players aim to maximize their utilities while minimizing the costs.

Optimal Secure Multi-Layer IoT Network Design

July 21, 2017

Juntao Chen, Corinne Touati, Quanyan Zhu

With the remarkable growth of the Internet and communication technologies over the past few decades, Internet of Things (IoTs) is enabling the ubiquitous connectivity of heterogeneous physical devices with software, sensors, and actuators. IoT networks are naturally multi-layer with the cloud and cellular networks coexisting with the underlaid device-to-device (D2D) communications. The connectivity of IoTs plays an important role in information dissemination for mission-critical and civilian applications. However, IoT communication networks are vulnerable to cyber attacks including the denial-of-service (DoS) and jamming attacks, resulting in link removals in IoT network.

How Biometric Authentication Poses New Challenges to Our Security and Privacy

July 20, 2017

Nasir Memon

The use of biometric data—an individual’s measurable physical and behavioral characteristics—isn’t new. Government and law enforcement agencies have long used it. … Using biometric data to access our personal devices is increasing as a way to get around the limitations of the commonly used password-based mechanism: it’s easier, more convenient, and (theoretically) more secure. But biometric data can also be stolen and used in malicious ways.

Lock-in-Pop: Securing Privileged Operating System Kernels by Keeping on the Beaten Path

July 17, 2017

Yiwen Li, Brendan Dolan-Gavitt, Sam Weber, and Justin Cappos

Virtual machines (VMs) that try to isolate untrusted code are widely used in practice. However, it is often possible to trigger zero-day flaws in the host Operating System (OS) from inside of such virtualized systems. In this paper, we propose a new security metric showing strong correlation between “popular paths” and kernel vulnerabilities. We verify that the OS kernel paths accessed by popular applications in everyday use contain significantly fewer security bugs than less-used paths. We then demonstrate that this observation is useful in practice by building a prototype system which locks an application into using only popular OS kernel paths.

Smartwatches Locking Methods: A Comparative Study

July 14, 2017

Toan Nguyen and Nasir Memon

Smartwatches are rapidly emerging to be the next generation of personal devices from the smartphone era due to their novel form factor and broad applications. However, their emergence also poses new challenges to securing user information. An important challenge is preventing unauthorized access to private information stored on the watch, for which a locking method is typically used. Due to smartwatches’ limited display, the performance of locking methods offered on smartwatches may su er from the fat- finger problem and is currently unknown. In this paper, we present the first study to evaluate different locking methods for smartwatches.

New Me: Understanding Expert and Non-Expert Perceptions and Usage of the Tor Anonymity Network

July 14, 2017

Kevin Gallagher, Sameer Patil, Nasir Memon

Proper use of an anonymity system requires adequate understanding of how it functions. Yet, there is surprisingly little research that looks into user understanding and usage of anonymity software. Improper use stemming from a lack of sufficient knowledge of the system has the potential to lead to deanonymization, which may hold severe personal consequences for the user. We report on the understanding and the use of the Tor anonymity system. Via semistructured interviews with 17 individuals (6 experts and 11 non-experts) we found that experts and non-experts view, understand, and use Tor in notably different ways.

Mercury: Bandwidth-Effective Prevention of Rollback Attacks Against Community Repositories

July 14, 2017

Trishank Karthik Kuppusamy, Vladimir Diaz and Justin Cappos


A popular community repository such as Docker Hub, PyPI, or RubyGems distributes tens of thousands of software projects to millions of users. The large number of projects and users make these repositories attractive targets for exploitation. After a repository compromise, a malicious party can launch a number of attacks on unsuspecting users, including rollback attacks that revert projects to obsolete and vulnerable versions. Unfortunately, due to the rapid rate at which packages are updated, existing techniques that protect against rollback attacks would cause each user to download 2–3 times the size of an average package in metadata each month, making them impractical to deploy.

Optimal impulse control of bi-virus SIR epidemics with application to heterogeneous Internet of Things

July 13, 2017

Vladislav Taynitskiy, Elena Gubar and Quanyan Zhu

With the emerging Internet of Things (IoT) technologies, malware spreading over increasingly connected networks becomes a new security concern. To capture the heterogeneous nature of the IoT networks, we propose a continuous-time Susceptible-Infected-Recovered (SIR) epidemic model with two types of malware for heterogeneous populations over a large network of devices. The malware control mechanism is to patch an optimal fraction of the infected nodes at discrete points in time, which leads to an impulse controller. We use the Pontryagin’s minimum principle for impulsive systems to obtain an optimal structure of the controller and use numerical experiments to demonstrate the computation of the optimal control and the controlled dynamics.

Strategic Trust in Cloud-Enabled Cyber-Physical Systems with an Application to Glucose Control

July 11, 2017

Jeffrey Pawlick and Quanyan Zhu

Advances in computation, sensing, and networking have led to interest in the Internet of things (IoT) and cyberphysical systems (CPS). Developments concerning the IoT and CPS will improve critical infrastructure, vehicle networks, and personal health products. Unfortunately, these systems are vulnerable to attack. Advanced persistent threats (APTs) are a class of long-term attacks in which well-resourced adversaries infiltrate a network and use obfuscation to remain undetected. In a CPS under APTs, each device must decide whether to trust other components that may be compromised. In this paper, we propose a concept of trust (strategic trust) that uses game theory to capture the adversarial and strategic nature of CPS security.

How Biometric Authentication Poses New Challenges to Our Security and Privacy

July 11, 2017

Nasir Memon

Discusses the challenges that face biometric authentication in the areas of privacy and network security. The use of biometric data — an individual’s measurable physical and behavioral characteristics — isn’t new. Government and law enforcement agencies have long used it. The Federal Bureau of Investigation (FBI) has been building a biometric recognition database; the U.S. Department of Homeland Security is sharing its iris and facial recognition of foreigners with the FBI. But the use of biometric data by consumer goods manufacturers for authentication purposes has skyrocketed in recent years.

IllusionPIN: Shoulder-Surfing Resistant Authentication Using Hybrid Images

July 11, 2017

Athanasios Papadopoulos, Toan Nguyen, Emre Durmus and Nasir Memon.

We address the problem of shoulder-surfing attacks on authentication schemes by proposing IllusionPIN (IPIN), a PIN-based authentication method that operates on touchscreen devices. IPIN uses the technique of hybrid images to blend two keypads with different digit orderings in such a way, that the user who is close to the device is seeing one keypad to enter her PIN, while the attacker who is looking at the device from a bigger distance is seeing only the other keypad. The user’s keypad is shuffled in every authentication attempt since the attacker may memorize the spatial arrangement of the pressed digits.

Proactive Defense Against Physical Denial of Service Attacks using Poisson Signaling Games

July 10, 2017

Jeffrey Pawlick and Quanyan Zhu

While the Internet of things (IoT) promises to improve areas such as energy efficiency, health care, and transportation, it is highly vulnerable to cyberattacks. In particular, distributed denial-of-service (DDoS) attacks overload the bandwidth of a server. But many IoT devices form part of cyber-physical systems (CPS). Therefore, they can be used to launch “physical” denial-of-service attacks (PDoS) in which IoT devices overflow the “physical bandwidth” of a CPS. In this paper, we quantify the population-based risk to a group of IoT devices targeted by malware for a PDoS attack.

A Factored MDP Approach to Optimal Mechanism Design for Resilient Large-Scale Interdependent Critical Infrastructures

July 5, 2017

Linan Huang, Juntao Chen and Quanyan Zhu


Enhancing the security and resilience of interdependent infrastructures is crucial. In this paper, we establish a theoretical framework based on Markov decision processes(MDPs) to design optimal resiliency mechanisms for interdependent infrastructures. We use MDPs to capture the dynamics of the failure of constituent components of an infrastructure and their cyber-physical dependencies. Factored MDPs and ap- proximate linear programming are adopted for an exponentially growing dimension of both state and action spaces. Under our approximation scheme, the optimally distributed policy is equivalent to the centralized one.

Efficient Detection for Malicious and Random Errors in Additive Encrypted Computation

July 3, 2017

Nektarios Georgios Tsoutsos and Michail Maniatakos


Although data confidentiality is the primary security objective in additive encrypted computation applications, such as the aggregation of encrypted votes in electronic elections, ensuring the trustworthiness of data is equally important. And yet, integrity protections are generally orthogonal to additive homomorphic encryption, which enables efficient encrypted computation, due to the inherent malleability of homomorphic ciphertexts. Since additive homomorphic schemes are founded on modular arithmetic, our framework extends residue numbering to support fast modular reductions and homomorphic syndromes for detecting random errors inside homomorphic ALUs and data memories.

Cyber– Physical Systems Security and Privacy

June 30, 2017

Guest Editors: Michail Maniatakos, Ramesh Karri and Alvaro A. Cardenas

During the past decade, several catch-phrases have been used to emphasize the increasing importance of cyber–physical systems (CPS) in our everyday life: Internet-of-Things, Internet-of-Everything, Smart-Cities, Smart-X, Intelligent-X, etc. All such systems, in their core, consist of networked computing (cyber) devices continuously interacting with the physical world. From fitness trackers and smart thermostats, to traffic light control and smart-grid devices, CPS have increased efficiency, enabled interesting applications and introduced major technological advancements. At the same time, due to their criticality, CPS have become a lucrative target for malicious actors.

SafetyNets: Verifiable Execution of Deep Neural Networks on an Untrusted Cloud

June 30, 2017

Zahra Ghodsi, Tianyu Gu and Siddharth Garg

Inference using deep neural networks is often outsourced to the cloud since it is a computationally demanding task. However, this raises a fundamental issue of trust. How can a client be sure that the cloud has performed inference correctly? A lazy cloud provider might use a simpler but less accurate model to reduce its own computational load, or worse, maliciously modify the inference results sent to the client. We propose SafetyNets, a framework that enables an untrusted server (the cloud) to provide a client with a short mathematical proof of the correctness of inference tasks that they perform on behalf of the client.

Throughput maximization of large-scale secondary networks over licensed and unlicensed spectra

June 29, 2017

Manjesh K. Hanawal, Yezekael Hayel and Quanyan Zhu.

Throughput of a mobile ad hoc network (MANET) operating on an unlicensed spectrum can increase if nodes can also transmit on a (shared) licensed spectrum. However, the transmissions on the licensed spectrum has to be limited to avoid degradation of quality of service (QoS) to primary users (PUs). We address the problem of how the nodes of a MANET or secondary users (SUs) should spread their transmissions on both licensed and unlicensed spectra to maximize network throughput, and characterize ‘throughput gain’ achieved in such spectrum sharing systems. We show that the gain can be significant and is increasing in the density of the SUs.