Publications

1 4 5 6 7 8 10

Securing digital microfluidic biochips by randomizing checkpoints

November 17, 2016

Jack Tang, Ramesh Karri, Mohamed Ibrahim, and Krishnendu Chakrabarty

Much progress has been made in digital microfluidic biochips (DMFB), with a great body of literature addressing low-cost, high-performance, and reliable operation. Despite this progress, security of DMFBs has not been adequately addressed. We present an analysis of a DMFB system prone to malicious modification of routes and propose a DMFB defense based on spatio-temporal randomized checkpoints using CCD cameras.

You Can Yak but You Can’t Hide: Localizing Anonymous Social Network Users

November 16, 2016

Minhui Xue, Cameron Ballard, Kelvin Liu, Carson Nemelka, Yanqiu Wu, Keith Ross, and Haifeng Qian

The recent growth of anonymous social network services — such as 4chan, Whisper, and Yik Yak — has brought online anonymity into the spotlight. For these services to function properly, the integrity of user anonymity must be preserved. If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message.

What Is Cyber Collateral Damage? And Why Does It Matter?

November 15, 2016

Lawfare-CCS

Zachary K. Goldman and Sasha Romanosky

What happens when the consequences of a cyberattack are not physical? What happens when a digital missile destroys or corrupts data in a manner that is not intended by the person launching a lawful cyberattack? Current legal and policy frameworks for assessing collateral damage do not squarely address the matter (or at least they do not do so publicly)—and that needs to change.

You Can Yak but You Can’t Hide: Localizing Anonymous Social Network Users

November 14, 2016

Minhui Xue, Cameron Ballard, Kelvin Liu, Carson Nemelka,  Yanqiu Wu, Keith Ross, and Haifeng Qian

The recent growth of anonymous social network services – such as 4chan, Whisper, and Yik Yak – has brought online anonymity into the spotlight. For these services to function properly, the integrity of user anonymity must be preserved. If an attacker can determine the physical location from where an anonymous message was sent, then the attacker can potentially use side information (for example, knowledge of who lives at the location) to de-anonymize the sender of the message.

Security engineering of nanostructures and nanomaterials

November 10, 2016

Davood Shahrjerdi, B. Nasri, D. Armstrong, A. Alharbi, and Ramesh Karri

Proliferation of electronics and their increasing connectivity pose formidable challenges for information security. At the most fundamental level, nanostructures and nanomaterials offer an unprecedented opportunity to introduce new approaches to securing electronic devices. First, we discuss engineering nanomaterials, (e.g., carbon nanotubes (CNTs), graphene, and layered transition metal dichalcogenides (TMDs)) to make unclonable cryptographic primitives.

Security engineering of nanostructures and nanomaterials

November 7, 2016

Davood Shahrjerdi, Bayan Nasri, Darren Armstrong, Abduallah Alharbi, Ramesh Karri

Proliferation of electronics and their increasing connectivity pose formidable challenges for information security. At the most fundamental level, nanostructures and nanomaterials offer an unprecedented opportunity to introduce new approaches to securing electronic devices. First, we discuss engineering nanomaterials, (e.g., carbon nanotubes (CNTs), graphene, and layered transition metal dichalcogenides (TMDs)) to make unclonable cryptographic primitives.

CamoPerturb: secure IC camouflaging for minterm protection

November 7, 2016

Muhammad YasinBodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran

This paper presents CamoPerturb, a countermeasure to thwart the decamouflaging attack by integrating logic perturbation with IC camouflaging. CamoPerturb, contrary to all the existing camouflaging schemes, perturbs the functionality of the given design minimally, i.e., adds/removes one minterm, rather than camouflaging the design.

Decision and Game Theory for Security: 7th International Conference, GameSec 2016

November 4, 2016

Quanyan Zhu, Tansu Alpcan, Emmanouil Panaousis, Milind Tambe, and William Casey

This book constitutes the refereed proceedings of the 7th International Conference on Decision and Game Theory for Security, GameSec 2016, held in New York, NY, USA, in November 2016.

A Compact Implementation of Salsa20 and Its Power Analysis Vulnerabilities

November 1, 2016

Bodhisatwa Mazumdar, Sk. Subidh Ali, and Ozgur Sinanoglu

In this article, the authors present a compact implementation of the Salsa20 stream cipher that is targeted towards lightweight cryptographic devices such as radio-frequency identification (RFID) tags.

A Dual Perturbation Approach for Differential Private ADMM-Based Distributed Empirical Risk Minimization

October 28, 2016

Tao Zhang and Quanyan Zhu

In this paper, the authors develop a privacy-preserving method to a class of regularized empirical risk minimization (ERM) machine learning problems.

Can flexible, domain specific programmable logic prevent IP theft?

October 27, 2016

Xiaotong Cui, Kaijie Wu, Siddharth Garg and Ramesh Karri

Fab-less design houses are outsourcing fabrication to third-party foundries to reduce costs. However, this has security consequences including intellectual property (IP) theft and piracy. Obfuscation techniques have been proposed to increase resistance to reverse engineering, IP recovery, IP theft and piracy.

A Comparative Security Analysis of Current and Emerging Technologies

October 27, 2016

Chandra K.H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali, and Ozgur Sinanoglu

In this article, the authors offer a security analysis of nanoelectromechanical systems (NEMS) and carbon nanotube (CNT). They highlight the key technology-specific features of these post-CMOS technologies that can inform the design of secure systems.

Power-side-channel analysis of carbon nanotube FET based design

October 24, 2016

Chandra K. H. Suresh, Bodhisatwa Mazumdar, Sk Subidh Ali and Ozgur Sinanoglu

Continuous scaling of CMOS technology beyond sub-nanometer region has aggravated short-channel effects, resulting in increased leakage current and high power densities. Furthermore, elevated leakage current and power density render CMOS based security-critical applications vulnerable to power-side-channel attacks. Carbon Nanotubes (CNT) is a promising alternative to CMOS technology.

Detecting malicious logins in enterprise networks using visualization

October 22, 2016

Hossein Siadati, Bahador Saket, Nasir Memon

The authors present APT-Hunter, a visualization tool that helps security analysts to explore login data for discovering patterns and detecting malicious logins

System, method and computer-accessible medium for security-centric electronic system design

October 20, 2016

Jeyavijayan Rajendran, Ramesh Karri, and Ozgur Sinanoglu

An exemplary system, method and computer-accessible medium can be provided which can include, for example, generating a super control dataflow graph(s) (CDFG) by applying a plurality of electronic system level ESL design constraints associated with an integrated circuit, determining an upper bound(s) number and a lower bound(s) number based on a number of CDFGs in the super CDFG(s)—with each number being one metric of a capability of the integrated circuit to resist reverse engineering attack—, and inserting a component(s) into a register transfer level netlist to effectuate a modification of the upper bound(s) and the lower bound(s).

GADAPT: A Sequential Game-Theoretic Framework for Designing Defense-in-Depth Strategies Against Advanced Persistent Threats

October 5, 2016

Stefan Rass and Quanyan Zhu

We present a dynamic game framework to model and design defense strategies for advanced persistent threats (APTs). The model is based on a sequence of nested finite two-person zero-sum games, in which the APT is modeled as the attempt to get through multiple protective shells of a system towards conquering the target located in the center of the infrastructure.

Optimal Contract Design Under Asymmetric Information for Cloud-Enabled Internet of Controlled Things

October 5, 2016

Juntao Chen and Quanyan Zhu

The development of advanced wireless communication technologies and smart embedded control devices makes everything connected, leading to an emerging paradigm of the Internet of Controlled Things (IoCT). IoCT consists of two layers of systems: cyber layer and physical layer. This work aims to establish a holistic framework that integrates the cyber-physical layers of the IoCT through the lens of contract theory.

Attack-Aware Cyber Insurance of Interdependent Computer Networks

October 3, 2016

Rui Zhang, Quanyan Zhu

The authors provide an integrative view of the cyber insurance through a bi-level game-theoretic model.