Work in Progress

From CFPWiki

Jump to: navigation, search

Work in Progress: Research on Cyber Security, Trustworthy Systems, and Privacy

The goal of this session is to explore the theoretical and applied research work related to cyber security, privacy, and trustworthy systems (Financial Infrastructures, Health Infrastructures, Physical Infrastructures). This session will include and discussions of actual system or product implementation, deployment, and lessons learned.

Speakers & Work in Progress

Samy will be presenting a novel approach for integrating between the wireless sensing technology and the vehicle technology to provide safer, reliable and comfortable road systems. As a result of this integration, we try to study the routing techniques, sensing techniques, power consumption, communications, security, information propagation and applications. His study aimed to determine the issues on the integrity, vulnerability, and security of communication between vehicles and infra-structure. It is designed to identify the possible types of attacks and threats on VANET Technology and its measures.

  • Bilal Fadlallah: Ph.D. Student, Electrical & Computer Engineering, University of Florida.

Creating a reliable and performant anonymity network has been the focus of many researchers as early as 1994. The concept of Onion Routing uses multi-layered encryption to hide the message's source and destination from third parties within the network. Random circuits using relays run by volunteers all over the world are generated at each communication attempt to avoid Network surveillance. In this talk, we give an overview of the concepts of Privacy, Security and Anonymity and introduce the different Onion Routing generations. The operation and performance of the Tor network are explained. Different approaches that address the Tor project's limitations and ways to improve its reliability and performance are discussed.

Supervisory Control and Data Acquisition (SCADA) systems monitor and control industrial plants as well as elements of critical infrastructure, like utilities and transportation systems. They often directly control safety-critical and business-critical functions, so they must be robust and highly reliable. However, they are increasingly becoming subject to computer security attacks from external networks and malicious insiders.

In our previous work we have created a SCADA testbed that allows studying the behavior of SCADA systems under security attack scenarios. This presentation will focus on recent technological developments on the testbed, including generators for customizing the network simulation from simulation integration models. In addition, it will demonstrate how the testbed can be used to study the effects of network attacks on SCADA systems and how novel resilient controller designs can be evaluated in the framework.

  • Diana Rojas: Ph.D. Student, Texas A&M University at Corpus Christi.

In this presentation I will talk about my current progress on integrating threat modeling when developing a software application following the Secure Tropos methodology. The Secure Tropos methodology is an agent-oriented software development methodology that integrates ³security extensions² into all development phases. Threat modeling is used to identify, document and mitigate security risks, therefore, applying threat modeling when defining the security extensions may lead to better modeling and increased level of security. After integrating threat modeling to this methodology, security attack scenarios will be applied to the models and a comparison will be made to determine how the security level of the system has been impacted. A security attack scenario describes an attack situation in a multiagent system. It identifies the agents, their secure capabilities, possible attackers and their goals. Security attack scenarios have been used to test different enhancements made to the Secure Tropos methodology and the Tropos methodology itself.

  • Samy Coll: Ph.D. Student, University of Geneva.

The results of my research on consumer surveillance, which focuses on the case of loyalty cards (also known as reward cards, club cards or consumer cards), show that there are at least three different perspectives of privacy: the perspective of privacy advocates, the perspective of consumers, and privacy as an everyday experience. As a consequence, situations that induce a feeling of invasion of privacy for people do not correspond to what is considered to be a potential invasion by data protection laws. How can we talk about a privacy which is supposed to be a countermeasure against surveillance if there is no consensus on its perception? As an attempt to answer this question, a conceptualization of privacy from a sociological and interactional perspective will be discussed. But there is no magic answer. As a conclusion, I will finally argue that privacy can also be seen as an ally of surveillance.

Yuri will be presenting a novel approach that draws upon the existing architecture and contractual relationships to secure BGP (the Border Gateway Protocol, the core routing protocol of the Internet) against prefix hijacking. The presentation will include a comparison between this novel approach and previously proposed techniques to secure BGP.

  • Sigurd Meldal: Chair, Computer Engineering Department, San Jose State University
  • Siu Kwan Lam: M.S. Student, San Jose State University

Attackers often use covert channels to hide their communications among compromised hosts. NUSHU, installed as a Linux kernel module, is a secret covert channel tool that inserts secret information in TCP Initial Sequence Numbers (ISNs). In this paper, we study how to detect packets transmitted in NUSHU covert channels. At first glance, NUSHU¹s DES encrypted covert ISNs blend in perfectly with the randomized normal ISNs generated by the system. If we look at the randomness of the normal and covert ISNs, they actually have different characteristics. In this study, the compression ratio produced by Lempel­Ziv­Markov chain Algorithm (LZMA) is used as an entropy measurement on each ISN window. Covert ISNs can be detected when any window has a compression ratio that falls outside of the normal range. A Python framework named ŒMooncake¹ is proposed to simplify packet capturing, injection and analysis. Using the Mooncake framework, the detection scheme is developed to detect NUSHU covert channel in a simulated environment. The scheme has less than 10% false negatives when more than 50% of the traffic consists of covert ISNs.

Session Chairs:

Dr. Sigurd Meldal and Dr. Kristen Gates (
Team for Research in Ubiquitous Secure Technology (TRUST), San Jose State University