February 19, 2017
Vladislav Taynitskiy, Elena Gubar, and Quanyan Zhu
Malware is a malicious software which aims to disrupt computer operations, gather sensitive information, and gain access to private computer systems. It can induce various sorts of damage, including economic costs, the leakage of private information, and instability of physical systems, etc. The distribution of antivirus patches in a network enables the control of the proliferation of malicious software and decreases possible losses. Multiple types of malware can coexist in a network. Hence it is important to protect a computer network from several heterogeneous malware, which can propagate in the network at the same time. In this study, we model the propagation of two types of malware using a modified two-virus epidemic model.
February 15, 2017
Prakhar Pandey, Ryan Brunt, Damon McCoy
In this case study, we use the leaked database of a DDoS for hire service, vdos-s.com (VDOS), to investigate how users responded to disruptions in their payment options. Earlier this year VDOS was hacked and authorities were able to arrest the people running the site . Using their leaked database, we analyze user data from July 2014 through July 2016. During this time, interventions were launched by other researchers and law enforcement to disrupt access to PayPal, the primary method used to subscribe to these booter services. In response, many booters, including VDOS, scrapped regulated payment processors in favor of Bitcoin. We show that users who previously used regulated payments methods were unlikely to switch to Bitcoin. We also show that the disruptions to PayPal caused spikes in customer complaints. Our findings are limited to the VDOS users we analyzed so future work will need to be done to understand how users respond to payment disruptions.
February 13, 2017
Zachary K. Goldman poses questions for the Director of National Intelligence on information privacy, cybersecurity, and American businesses in The Hill.
Automotive Electrical/Electronic Architecture Security via Distributed In-Vehicle Traffic Monitoring
February 9, 2017
Peter Waszecki, Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Ramesh Karri, and Samarjit Chakraborty
Due to the growing interconnectedness and complexity of in-vehicle networks, in addition to safety, security is becoming an increasingly important topic in the automotive domain. In this paper we study techniques for detecting security infringements in automotive Electrical and Electronic (E/E) architectures. Towards this we propose in-vehicle network traffic monitoring to detect increased transmission rates of manipulated message streams.
February 1, 2017
Sai Teja Peddinti, Keith W. Ross, and Justin Cappos
We explore the feasibility of automatically finding accounts that publish sensitive content on Twitter. One natural approach to this problem is to first create a list of sensitive keywords, and then identify Twitter accounts that use these words in their tweets. But such an approach may overlook sensitive accounts that are not covered by the subjective choice of keywords. In this paper, we instead explore finding sensitive accounts by examining the percentage of anonymous and identifiable followers the accounts have. This approach is motivated by an earlier study showing that sensitive accounts typically have a large percentage of anonymous followers and a small percentage of identifiable followers.
February 1, 2017
Judith H. Germano
Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent harms and to prepare for and respond to incidents in a faster, better coordinated, less expensive and more effective manner.
January 26, 2017
Sk Subidh Ali- , Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri
Recent security analysis of digital micro-fluidic biochips (DMFBs) has revealed that the DMFB design flow is vulnerable to IP piracy, Trojan attacks, overproduction, and counterfeiting. An attacker can launch assay manipulation attacks against DMFBs that are used for clinical diagnostics in healthcare.
January 25, 2017
Ramesh Karri, Ozgur Sinanoglu and Jeyavijayan Rajendran
On one hand, traditionally, secure systems rely on hardware to store the keys for cryptographic protocols. Such an approach is becoming increasingly insecure, due to hardware-intrinsic vulnerabilities. A physical unclonable function (PUF) is a security primitive that exploits inherent hardware properties to generate keys on the fly, instead of storing them. On the other hand, the integrated circuit (IC) design flow is globalized due to increase in design, fabrication, testing, and verification costs.
January 19, 2017
Samet Taspinar, Manoranjan Mohanty, and Nasir Memon
Although PRNU (Photo Response Non-Uniformity)-based methods have been proposed to verify the source camera of a non-stabilized video, these methods may not be adequate for stabilized videos. The use of video stabilization has been increasing in recent years with the development of novel stabilization software and the availability of stabilization in smart-phone cameras. This paper presents a PRNU-based source camera attribution method for out-of-camera stabilized video (i.e., stabilization applied after the video is captured).
January 14, 2017
Samah Mohamed Saeed, Sk Subidh Ali, and Ozgur Sinanoglu
The increasing design complexity of modern Integrated Chips (IC) has reflected into exacerbated challenges in manufacturing testing. In this respect, scan is the most widely used design for testability (DfT) technique that overcomes the manufacturing test challenges by enhancing the access and thus, testability. However, scan can also open a back door to an attacker when implemented in security critical chips.
January 6, 2017
Ryan J. Whelan, Timothy R. Leek, Joshua E. Hodosh, Patrick A. Hulin, and Brendan Dolan-Gavitt
Many problems brought on by faulty or malicious software code can be diagnosed through a reverse engineering technique known as dynamic analysis, in which analysts study software as it executes. Researchers at Lincoln Laboratory developed the Platform for Architecture-Neutral Dynamic Analysis to facilitate analyses that lead to profound insight into how software behaves.
December 19, 2016
Khaled Baqer, Danny Yuxing Huang, Damon McCoy, and Nicholas Weaver
In this paper, we present an empirical study of a recent spam campaign (a “stress test”) that resulted in a DoS attack on Bitcoin. The goal of our investigation being to understand the methods spammers used and impact on Bitcoin users.
December 15, 2016
Carol J. Fung and Quanyan Zhu
Computer systems evolve to be more complex and vulnerable. Cyber attacks have also grown to be more sophisticated and harder to detect. Intrusion detection is the process of monitoring and identifying unauthorized system access or manipulation. It becomes increasingly difficult for a single intrusion detection system (IDS) to detect all attacks due to limited knowledge about attacks. Collaboration among intrusion detection devices can be used to gain higher detection accuracy and cost efficiency as compared to its traditional single host-based counterpart.
December 2, 2016
Mid-November marked the end of the comment period for New York’s “first in nation” proposed cybersecurity legislation for financial institutions. As the hot topic of the day, many regulators and government officials have felt compelled to take a stand on cybersecurity. It seems counterintuitive to set out to protect constituents by inaction. But the wrong type of action, including through inflexible and far-reaching state required mandates, only adds to the growing clamor of distractions about how companies should best secure their systems.
December 1, 2016
Ozgur Sinanoglu and Ramesh Karri
There is a growing concern regarding the trustworthiness and reliability of the hardware underlying all information systems on which modern society is reliant. Trustworthy and reliable semiconductor supply chain, hardware components, and platforms are essential to all critical infrastructures including financial, healthcare, transportation, and energy.
November 24, 2016
Vinayaka Jyothi, Manasa Thoonoli, Richard Stern and Ramesh Karri
This paper proposes a novel methodology FPGA Trust Zone (FTZ) to incorporate security into the design cycle to detect and isolate anomalies such as Hardware Trojans in the FPGA fabric. Anomalies are identified using violation to spatial correlation of process variation in FPGA fabric.
November 24, 2016
Vinayaka Jyothi, Manasa Thoonoli, Richard Stern, and Ramesh Karri
This paper proposes a novel methodology FPGA Trust Zone (FTZ) to incorporate security into the design cycle to detect and isolate anomalies such as Hardware Trojans in the FPGA fabric. Anomalies are identified using violation to spatial correlation of process variation in FPGA fabric. Anomalies are isolated using Xilinx Isolation Design Flow (IDF) methodology. FTZ helps identify and partition the FPGA into areas that are devoid of anomalies and thus, assists to run designs securely and reliably even in an anomaly-infected FPGA. FTZ also assists IDF to select trustworthy areas for implementing isolated designs and trusted routes. We demonstrate the effectiveness of FTZ for AES and RC5 designs on Xilinx Virtex-7 and Atrix-7 FPGAs.
November 23, 2016
Kan Xiao, Domenic Forte, Yier Jin, Ramesh Karri, Swarup Bhunia, and Mark Mohammad Tehranipoor
Given the increasing complexity of modern electronics and the cost of fabrication, entities from around the globe have become more heavily involved in all phases of the electronics supply chain. In this environment, hardware Trojans (i.e., malicious modifications or inclusions made by untrusted third parties) pose major security concerns, especially for those integrated circuits (ICs) and systems used in critical applications and cyber infrastructure.