March 23, 2017
Keliris, Anastasis and Maniatakos, Michail.
Cyberattacks are an emerging threat for Industrial Control Systems (ICS) that, given the tight coupling between the cyber and physical components, can have far-reaching implications. It is typical for contemporary ICS components to utilize Commercial-Off-The-Shelf (COTS) hardware and software, rendering them prone to vulnerabilities and exploitation techniques that afflict IT systems (Figure 1). In an effort to demonstrate the ICS cyber threat landscape, we discuss a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of ICS.
March 15, 2017
Jerry Backer, David Hely and Ramesh Karri
This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties.
Phishing for Phools in the Internet of Things: Modeling One-to-Many Deception using Poisson Signaling Games
March 15, 2017
Jeffrey Pawlick and Quanyan Zhu
Strategic interactions ranging from politics and pharmaceuticals to e-commerce and social networks support equilibria in which agents with private information manipulate others which are vulnerable to deception. Especially in cyberspace and the Internet of things, deception is difficult to detect and trust is complicated to establish. For this reason, effective policy-making, profitable entrepreneurship, and optimal technological design demand quantitative models of deception. In this paper, we use game theory to model specifically one-to-many deception.
March 6, 2017
Imen Triki, Quanyan Zhu, Rachid Elazouzi, Majed Haddad, Zhiheng Xu
In general, the quality of experience QoE is subjective and context-dependent, identifying and calculating the factors that affect QoE is a difficult task. Recently, a lot of effort has been devoted to estimating the users QoE in order to enhance video delivery. In the literature, most of the QoE-driven optimization schemes that realize trade-offs among different quality metrics have been addressed under the assumption of homogenous populations, nevertheless, people perceptions on a given video quality may not be the same, which makes the QoE optimization harder. This paper aims at taking a step further to address this limitation to meet all the users profiles. We propose a closed-loop control framework based on the users subjective feedbacks to learn the QoE function and enhance video qualities at the same time. Our simulation results show that our system converges to a steady state where the learned QoE-function noticeably enhances the users feedbacks.
March 6, 2017
Anastasis Keliris and Michail Maniatakos
March 6, 2017
Anastasis Keliris and Michail Maniatakos
Device fingerprinting can provide useful information for vulnerability assessment and penetration testing, and can also facilitate the reconnaissance phase of a malicious campaign. This information becomes critical when the target devices are deployed in industrial environments, given the potential impact of cyber-attacks on critical infrastructure devices. In this paper, we propose a method for fingerprinting industrial devices that utilize the Modbus protocol. Our technique is based on the observation that implementations of the Modbus protocol differ between vendors. Although the Modbus protocol specification defines a device identification mechanism, several vendors do not implement this mechanism or use different methods for identifying their devices. We utilize these implementation differences, in conjunction with the lack of authentication in the Modbus protocol, to fingerprint remote field devices. We evaluate our proposed methodology on Modbus-enabled devices that are directly connected to the internet and indexed by the Shodan search engine. Our analysis focuses on devices from four vendors used across different industry verticals. We have accurately identified make and model information for 308 devices, improving the fingerprinting capabilities of Shodan by 28%.
Secure and Reconfigurable Network Design for Critical Information Dissemination in the Internet of Battlefield Things (IoBT)
March 2, 2017
Muhammad Junaid Farooq and Quanyan Zhu
This work aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to study the communication of mission-critical data among different types of network devices and consequently design the network in a cost effective manner.
February 20, 2017
Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran
Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates.
February 20, 2017
Rui Zhang, Quanyan Zhu and Yezekael Hayel
Network security becomes more challenging than ever as today’s computer networks become increasingly complex. The deployment of defense mechanisms such as firewalls , intrusion detection systems , and moving target defenses can effectively reduce the success rate of cyber attacks but cannot guarantee perfect network security as attacks are becoming more stealthy and sophisticated . Network users can still be hacked, resulting in severe data breaches, disruption of services and financial losses. Cyber insurance provides users a valuable additional layer of protection to mitigate potential vulnerabilities to unknown threats, hacking, and human errors. An incentive compatible cyber insurance policy could help reduce the number of successful cyber attacks by incentivizing the adoption of preventative measures in return for more coverage and the implementation of best practices by basing premiums on an insured level of self-protection
February 19, 2017
Vladislav Taynitskiy, Elena Gubar, and Quanyan Zhu
Malware is a malicious software which aims to disrupt computer operations, gather sensitive information, and gain access to private computer systems. It can induce various sorts of damage, including economic costs, the leakage of private information, and instability of physical systems, etc. The distribution of antivirus patches in a network enables the control of the proliferation of malicious software and decreases possible losses. Multiple types of malware can coexist in a network. Hence it is important to protect a computer network from several heterogeneous malware, which can propagate in the network at the same time. In this study, we model the propagation of two types of malware using a modified two-virus epidemic model.
February 15, 2017
Prakhar Pandey, Ryan Brunt, Damon McCoy
In this case study, we use the leaked database of a DDoS for hire service, vdos-s.com (VDOS), to investigate how users responded to disruptions in their payment options. Earlier this year VDOS was hacked and authorities were able to arrest the people running the site . Using their leaked database, we analyze user data from July 2014 through July 2016. During this time, interventions were launched by other researchers and law enforcement to disrupt access to PayPal, the primary method used to subscribe to these booter services. In response, many booters, including VDOS, scrapped regulated payment processors in favor of Bitcoin. We show that users who previously used regulated payments methods were unlikely to switch to Bitcoin. We also show that the disruptions to PayPal caused spikes in customer complaints. Our findings are limited to the VDOS users we analyzed so future work will need to be done to understand how users respond to payment disruptions.
February 13, 2017
Zachary K. Goldman poses questions for the Director of National Intelligence on information privacy, cybersecurity, and American businesses in The Hill.
Automotive Electrical/Electronic Architecture Security via Distributed In-Vehicle Traffic Monitoring
February 9, 2017
Peter Waszecki, Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Ramesh Karri, and Samarjit Chakraborty
Due to the growing interconnectedness and complexity of in-vehicle networks, in addition to safety, security is becoming an increasingly important topic in the automotive domain. In this paper we study techniques for detecting security infringements in automotive Electrical and Electronic (E/E) architectures. Towards this we propose in-vehicle network traffic monitoring to detect increased transmission rates of manipulated message streams.
February 1, 2017
Sai Teja Peddinti, Keith W. Ross, and Justin Cappos
We explore the feasibility of automatically finding accounts that publish sensitive content on Twitter. One natural approach to this problem is to first create a list of sensitive keywords, and then identify Twitter accounts that use these words in their tweets. But such an approach may overlook sensitive accounts that are not covered by the subjective choice of keywords. In this paper, we instead explore finding sensitive accounts by examining the percentage of anonymous and identifiable followers the accounts have. This approach is motivated by an earlier study showing that sensitive accounts typically have a large percentage of anonymous followers and a small percentage of identifiable followers.
February 1, 2017
Judith H. Germano
Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent harms and to prepare for and respond to incidents in a faster, better coordinated, less expensive and more effective manner.
January 26, 2017
Sk Subidh Ali- , Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri
Recent security analysis of digital micro-fluidic biochips (DMFBs) has revealed that the DMFB design flow is vulnerable to IP piracy, Trojan attacks, overproduction, and counterfeiting. An attacker can launch assay manipulation attacks against DMFBs that are used for clinical diagnostics in healthcare.
January 25, 2017
Ramesh Karri, Ozgur Sinanoglu and Jeyavijayan Rajendran
On one hand, traditionally, secure systems rely on hardware to store the keys for cryptographic protocols. Such an approach is becoming increasingly insecure, due to hardware-intrinsic vulnerabilities. A physical unclonable function (PUF) is a security primitive that exploits inherent hardware properties to generate keys on the fly, instead of storing them. On the other hand, the integrated circuit (IC) design flow is globalized due to increase in design, fabrication, testing, and verification costs.
January 19, 2017
Samet Taspinar, Manoranjan Mohanty, and Nasir Memon
Although PRNU (Photo Response Non-Uniformity)-based methods have been proposed to verify the source camera of a non-stabilized video, these methods may not be adequate for stabilized videos. The use of video stabilization has been increasing in recent years with the development of novel stabilization software and the availability of stabilization in smart-phone cameras. This paper presents a PRNU-based source camera attribution method for out-of-camera stabilized video (i.e., stabilization applied after the video is captured).