1 4 5 6 7 8 12

Demystifying advanced persistent threats for industrial control systems.

March 23, 2017

Keliris, Anastasis and Maniatakos, Michail.

Cyberattacks are an emerging threat for Industrial Control Systems (ICS) that, given the tight coupling between the cyber and physical components, can have far-reaching implications. It is typical for contemporary ICS components to utilize Commercial-Off-The-Shelf (COTS) hardware and software, rendering them prone to vulnerabilities and exploitation techniques that afflict IT systems (Figure 1). In an effort to demonstrate the ICS cyber threat landscape, we discuss a comprehensive methodology for designing an Advanced Persistent Threat (APT), which is a stealthy and continuous type of cyberattack with a high level of sophistication suitable for the complex environment of ICS.

Learning from Experience: A Dynamic Closed-Loop QoE Optimization for Video Adaptation and Delivery

March 16, 2017

Imen Triki, Quanyan Zhu, Rachid Elazouzi, Majed Haddad, and Zhiheng Xu

In general, the quality of experience QoE is subjective and context-dependent, identifying and calculating the factors that affect QoE is a difficult task. Recently, a lot of effort has been devoted to estimating the users QoE in order to enhance video delivery. In the literature, most of the QoE-driven optimization schemes that realize trade-offs among different quality metrics have been addressed under the assumption of homogenous populations, nevertheless, people perceptions on a given video quality may not be the same, which makes the QoE optimization harder. This paper aims at taking a step further to address this limitation to meet all the users profiles.

Secure and Flexible Trace-Based Debugging of Systems-on-Chip

March 15, 2017

Jerry Backer, David Hely and Ramesh Karri

This work tackles the conflict between enforcing security of a system-on-chip (SoC) and providing observability during trace-based debugging. On one hand, security objectives require that assets remain confidential at different stages of the SoC life cycle. On the other hand, the trace-based debug infrastructure exposes values of internal signals that can leak the assets to untrusted third parties.


Phishing for Phools in the Internet of Things: Modeling One-to-Many Deception using Poisson Signaling Games

March 15, 2017

Jeffrey Pawlick and Quanyan Zhu

Strategic interactions ranging from politics and pharmaceuticals to e-commerce and social networks support equilibria in which agents with private information manipulate others which are vulnerable to deception. Especially in cyberspace and the Internet of things, deception is difficult to detect and trust is complicated to establish. For this reason, effective policy-making, profitable entrepreneurship, and optimal technological design demand quantitative models of deception. In this paper, we use game theory to model specifically one-to-many deception.

Remote field device fingerprinting using device-specific modbus information

March 6, 2017

Anastasis Keliris and Michail Maniatakos

Device fingerprinting can provide useful information for vulnerability assessment and penetration testing, and can also facilitate the reconnaissance phase of a malicious campaign. This information becomes critical when the target devices are deployed in industrial environments, given the potential impact of cyber-attacks on critical infrastructure devices. In this paper, we propose a method for fingerprinting industrial devices that utilize the Modbus protocol. Our technique is based on the observation that implementations of the Modbus protocol differ between vendors.

Secure and Reconfigurable Network Design for Critical Information Dissemination in the Internet of Battlefield Things (IoBT)

March 2, 2017

Muhammad Junaid Farooq and Quanyan Zhu

This work aims to build the theoretical foundations of designing secure and reconfigurable IoBT networks. Leveraging the theories of stochastic geometry and mathematical epidemiology, we develop an integrated framework to study the communication of mission-critical data among different types of network devices and consequently design the network in a cost effective manner.

Security analysis of Anti-SAT

February 20, 2017

Muhammad Yasin, Bodhisatwa Mazumdar, Ozgur Sinanoglu, and Jeyavijayan Rajendran

Logic encryption protects integrated circuits (ICs) against intellectual property (IP) piracy and overbuilding attacks by encrypting the IC with a key. A Boolean satisfiability (SAT) based attack breaks all existing logic encryption technique within few hours. Recently, a defense mechanism known as Anti-SAT was presented that protects against SAT attack, by rendering the SAT-attack effort exponential in terms of the number of key gates.

A Bi-Level Game Approach to Attack-Aware Cyber Insurance of Computer Networks

February 20, 2017

Rui Zhang, Quanyan Zhu and Yezekael Hayel

Network security becomes more challenging than ever as today’s computer networks become increasingly complex. The deployment of defense mechanisms such as firewalls , intrusion detection systems , and moving target defenses can effectively reduce the success rate of cyber attacks but cannot guarantee perfect network security as attacks are becoming more stealthy and sophisticated . Network users can still be hacked, resulting in severe data breaches, disruption of services and financial losses. Cyber insurance provides users a valuable additional layer of protection to mitigate potential vulnerabilities to unknown threats, hacking, and human errors.

Optimal Security Policy for Protection Against Heterogeneous Malware

February 19, 2017

Vladislav Taynitskiy, Elena Gubar, and Quanyan Zhu

Malware is a malicious software which aims to disrupt computer operations, gather sensitive information, and gain access to private computer systems. It can induce various sorts of damage, including economic costs, the leakage of private information, and instability of physical systems, etc. The distribution of antivirus patches in a network enables the control of the proliferation of malicious software and decreases possible losses. Multiple types of malware can coexist in a network. Hence it is important to protect a computer network from several heterogeneous malware, which can propagate in the network at the same time.

Undermining Cybercrime: A Case Study on User Response to Unregulated Payment Systems

February 15, 2017

Prakhar Pandey, Ryan Brunt, Damon McCoy

In this case study, we use the leaked database of a DDoS for hire service, (VDOS), to investigate how users responded to disruptions in their payment options. Earlier this year VDOS was hacked and authorities were able to arrest the people running the site [2]. Using their leaked database, we analyze user data from July 2014 through July 2016. During this time, interventions were launched by other researchers and law enforcement to disrupt access to PayPal, the primary method used to subscribe to these booter services. In response, many booters, including VDOS, scrapped regulated payment processors in favor of Bitcoin. We show that users who previously used regulated payments methods were unlikely to switch to Bitcoin.

Intelligence business: Trump must keep privacy protections for US firms

February 13, 2017


Zachary K. Goldman poses questions for the Director of National Intelligence on information privacy, cybersecurity, and American businesses in The Hill.

Automotive Electrical/Electronic Architecture Security via Distributed In-Vehicle Traffic Monitoring

February 9, 2017

Peter Waszecki, Philipp Mundhenk, Sebastian Steinhorst, Martin Lukasiewycz, Ramesh Karri, and Samarjit Chakraborty

Due to the growing interconnectedness and complexity of in-vehicle networks, in addition to safety, security is becoming an increasingly important topic in the automotive domain. In this paper we study techniques for detecting security infringements in automotive Electrical and Electronic (E/E) architectures. Towards this we propose in-vehicle network traffic monitoring to detect increased transmission rates of manipulated message streams.

Mining Anonymity: Identifying Sensitive Accounts on Twitter

February 1, 2017

Sai Teja Peddinti, Keith W. Ross, and Justin Cappos

We explore the feasibility of automatically finding accounts that publish sensitive content on Twitter. One natural approach to this problem is to first create a list of sensitive keywords, and then identify Twitter accounts that use these words in their tweets. But such an approach may overlook sensitive accounts that are not covered by the subjective choice of keywords. In this paper, we instead explore finding sensitive accounts by examining the percentage of anonymous and identifiable followers the accounts have. This approach is motivated by an earlier study showing that sensitive accounts typically have a large percentage of anonymous followers and a small percentage of identifiable followers.

Third-Party Cyber Risk & Corporate Responsibility

February 1, 2017

Judith H. Germano

Third parties are a significant source of cybersecurity vulnerabilities, yet there remains much work to be done in terms of how third-party risk is assessed and  controlled. This paper explains how properly understanding and addressing third-party cyber risk requires a proactive and comprehensive approach to enable parties on all sides to prevent harms and to prepare for and respond to incidents in a faster, better coordinated, less expensive and more effective manner.

Microfluidic encryption of on-chip biochemical assays

January 26, 2017

Sk Subidh Ali- , Mohamed Ibrahim, Ozgur Sinanoglu, Krishnendu Chakrabarty, and Ramesh Karri

Recent security analysis of digital micro-fluidic biochips (DMFBs) has revealed that the DMFB design flow is vulnerable to IP piracy, Trojan attacks, overproduction, and counterfeiting. An attacker can launch assay manipulation attacks against DMFBs that are used for clinical diagnostics in healthcare.

Physical Unclonable Functions and Intellectual Property Protection Techniques

January 25, 2017

Ramesh Karri, Ozgur Sinanoglu and Jeyavijayan Rajendran

On one hand, traditionally, secure systems rely on hardware to store the keys for cryptographic protocols. Such an approach is becoming increasingly insecure, due to hardware-intrinsic vulnerabilities. A physical unclonable function (PUF) is a security primitive that exploits inherent hardware properties to generate keys on the fly, instead of storing them. On the other hand, the integrated circuit (IC) design flow is globalized due to increase in design, fabrication, testing, and verification costs.

Source camera attribution using stabilized video

January 19, 2017

Samet Taspinar, Manoranjan Mohanty, and Nasir Memon

Although PRNU (Photo Response Non-Uniformity)-based methods have been proposed to verify the source camera of a non-stabilized video, these methods may not be adequate for stabilized videos. The use of video stabilization has been increasing in recent years with the development of novel stabilization software and the availability of stabilization in smart-phone cameras. This paper presents a PRNU-based source camera attribution method for out-of-camera stabilized video (i.e., stabilization applied after the video is captured).

Scan Design: Basics, Advancements, and Vulnerabilities

January 14, 2017

Samah Mohamed Saeed, Sk Subidh Ali, and Ozgur Sinanoglu

The increasing design complexity of modern Integrated Chips (IC) has reflected into exacerbated challenges in manufacturing testing. In this respect, scan is the most widely used design for testability (DfT) technique that overcomes the manufacturing test challenges by enhancing the access and thus, testability. However, scan can also open a back door to an attacker when implemented in security critical chips.