<

Team for Research in
Ubiquitous Secure Technology

2010 TRUST Research Experiences for Undergraduates

PROGRAM OVERVIEW

The Team for Research in Ubiquitous Secure Technology sponsored 32 undergraduate students to participate in the summer 2010 TRUST REU program. Below are descriptions of the 2010 TRUST-REU research projects and links to each student's or team's research report and poster presentation.

RESEARCH PROJECTS


John Baluch
University of Akron

A Private Mode for Mobile Users
Privacy concerns about mobile devices has become an increasingly important issue ever since the mobile platform has become a source for political, economic and social expression. It is a surveillance technology through the use of phone calls, text messages, applications and web use. This paper introduces the differences between the content and context of telephony and the legislature that defines them for cellular devices. The social impacts of such surveillance are then discussed to show that users can be manipulated to a desired end, and how this impacts political behavior. Previous research shows that a Private Overlay can be used to give mobile users control over their personal information by using a Public Key Authority. It concludes with a new method for implementing a Private Overlay, without the previous hurdles.

Darrel Brower
Humboldt State University

Co-Emulation of Network Control Systems Using DETER
In order to experiment with attacking and defending network control systems, we need a topology and software to work with, where the software could be simulated or emulated. This article presents a comparison of a simulated network control system on a DETER topology to an emulated version of the same network control systems on DETER, and gives results from the use of both.

Christopher Castillo
Loyola Marymount University

Investigating Privacy Concerns
As technology advances, the way in which privacy is both protected and violated has changed with it. By analyzing empirical data--in our case, real world complaints about information privacy issues on the internet, we can seek to understand the public's current privacy concerns. The goal of this project was to create a command line executed tool written in python to query Yahoo! Answers to obtain relevant privacy complaint data for analysis using data visualization tools. From this research, we found that certain keywords were more efficient in collecting data, and that there are consistent relationships between individual terms and phrases in Answers data. Both of these results are essential in further refining not only the terms used to obtain data but also in producing a taxonomy of privacy terms.

Christine Chen
University of California, Berkeley

Evaluating the Impact of Packet Delay and Loss on a Network Control System in DETERlab
The objective of my project was to analyze how adding time delay and packet loss will alter the second order input signal after it has travelled from the digital controller across the wired control network system to the plant output. The study was conducted using the state-feedback UDP network control system that was created by using software implementation. The plant and controller programs were written with the use of socket programming in Java, and the programs were compiled and run by remote accessing into two nodes. The nodes were part of the network topologies that were created in experiments in the DETER Network Security Testbed at UC Berkeley. Using data that was collected from the experiments, the magnitude of the plant output was plotted over time, and the graph results that were obtained allowed for comparative analysis between the ideal plant output in an idealized network that had no added packet loss or time delay parameters with the plant output from an imperfect network that had additional network security vulnerabilities. The results from this paper contribute to data that is being collected in understanding how time delay and packet loss will affect a state-feedback signal of UDP packets that has gone through an internet communications network, and it reveals an efficient way for internet network security monitoring.
Sauvik Das
Georgia Institute of Technology

Detecting User Activities using the Accelerometer on Android Smartphones
The purpose of this study is to identify whether smartphones pose a security threat to the user. The accelerometer and other sensors within the device can be used without the users consent. Our intent in this is to show that the accelerometer can be used to obtain sensitive information about the user. Using the magnitude of the accelerometer data we found that we could identify general activities preformed by the user, and even have the phone learn new activities. Multiple approaches were implemented to attempt to find the best results. With individual calibration we obtained accuracy of 93%, which could be improved with future work.

Ricardo Estrada
California State University, Monterey Bay

Effect of DDOS attacks on simple plant-controller networks
In this paper, We are emulating routing and traffic associated with the Abilene network topology (known as Internet2) in order to determine the effects of an inside attack on critical infrastructure components. In our case, our critical infrastructure component is a plant/controller infrastructure. This architecture is simulated at a smaller scale and mimics the Abilene backbone without massive traffic actually being observed. The project was divided across several groups, each one responsible for one of the following: infrastructure development, software development and attack generation. The type of attack used for this experiment is in the form of a distributed denial of service (DDoS) attack. The goal is to exploring how a DDoS attack works and how its attack can cut the communication link between critical infrastructure components and their controllers. The principal result is to create a successful emulation of the Abilene topology along with its routing and traffic. Once this topology was in place, a DDoS attack was carried out in order to deny the service from plant to controller.

Jennifer Felder
North Carolina State University

Investigating Privacy Concerns
As technology advances, the way in which privacy is both protected and violated has changed with it. By analyzing empirical data--in our case, real world complaints about information privacy issues on the internet, we can seek to understand the public's current privacy concerns. The goal of this project was to create a command line executed tool written in python to query Yahoo! Answers to obtain relevant privacy complaint data for analysis using data visualization tools. From this research, we found that certain keywords were more efficient in collecting data, and that there are consistent relationships between individual terms and phrases in Answers data. Both of these results are essential in further refining not only the terms used to obtain data but also in producing a taxonomy of privacy terms.
Dureeti Foge
College of St. Scholastica

A Formalization of HIPAA & HITECH ACT for a Medical Messaging System


Katherine Gabales
California State University, Chico

Simple-Topology Attacks via Cut-Link and Flooding Attacks
In an emulated environment, learning the basic interaction and strategies for attack and defense of control systems and detection systems are vital in building a stronger infrastructure for it can minimize the possible number of intrusions. Emulating routing and traffic on a large-scale network, in this case the Abilene Network Topology, will provide insights of possible effects caused by sample attacks placed within the system. DDOS attacks concerning cut-link attack and flooding attack were implemented to test the strength of the provided nodes, which are the plant and controller. The DETER research was divided into three phases to perform the following task: build infrastructure of the network, deploy the learning based DoS detection algorithm and test for attacks, and explore defenses that will allow for the learning system to be more resilient to attacks. The main purpose of the attacks is to record the amount of time when a plant/controller node stops connecting to other to which nodes it is connected.

German Gomez
Florida International University

Cookie Blocking and Privacy: First Parties Remain a Risk
HTTP cookies are small files that can make surfing the web faster and more convenient. They can allow sites to recognize returning users so that they can avoid repetitive log in procedures when they visit their favorite sites. Although these type of cookies can be beneficial, they can also be used by third parties to track users. When a user visits a domain and cookies are set on their machine directly from that site's server, these are called first-party cookies. When a third-party site sets cookies on this same domain, these are referred to as third-party cookies. Many of these third-party cookies are used to track user activity as they navigate within the domain and even when they leave to visit other domains. In the past few years, the five major shipping browsers have all implemented new privacy settings to help stop users from having their activities tracked.

In this paper, we describe our investigation of the effects of cookie blocking and privacy. We conducted two experiments to determine the effectiveness of cookie blocking in different browsers. Our first experiment was to collect raw statistics from all five major browsers while visiting all of Quantcast's top 100 sites. We wrote a code in Python that opened all 100 pages at once in each browser, and then counted the number of cookies that were set, prevalence of each cookie name and the number of unique domains that set cookies. We ran this experiment with third-party cookies blocked and unblocked to compare the difference in each browser. Our second approach was an analysis of traffic to get a closer look at the exchange of cookies between our machine and different web servers using 2 Wireshark. When we opened individual packets, we were able to locate the source IP addresses and domain names that the cookies originated from so we could tell who was setting cookies.



LaToya Green
University of Houston

Detecting User Activities using the Accelerometer on Android Smartphones
The purpose of this study is to identify whether smartphones pose a security threat to the user. The accelerometer and other sensors within the device can be used without the users consent. Our intent in this is to show that the accelerometer can be used to obtain sensitive information about the user. Using the magnitude of the accelerometer data we found that we could identify general activities preformed by the user, and even have the phone learn new activities. Multiple approaches were implemented to attempt to find the best results. With individual calibration we obtained accuracy of 93%, which could be improved with future work.

DaNae Grubbs
North Carolina Agricultural & Technical State University

The Potential for Democratizing Search Engines
The Internet is a global network that is home to mass amounts of information that is accessed daily. Search engines play a substantial role with this in regards to how the information is found. Search engines are also the quickest and most convenient way to find this information. Google, which is currently the number one search engine, ranks websites based on their relevancy and popularity using a mathbased algorithm called "PageRank." The Internet is extremely massive in regards to the amount of websites that exist. Therefore, not every website is able to appear in the forefront of search engine results, which presents a dilemma. The websites that are at the forefront of the search engine results remain there for this very reason, because they are most "popular." It's not necessarily fair to have websites ranked according to a math algorithm that does not directly include user input. Fortunately, there have been attempts to engineer a search engine that would be more democratic. The Wikia Search engine was implemented to aid this problem. The search engine was community based and enabled users to rate, add and delete the search engine results. However, the search engine was only functional for 16 months. In this study, an analysis of the Wikia Search engine was performed to understand its features and analyze why it failed. Upon analysis, there was an overwhelming consensus that most search engine users are not interested in participating in the Wikia Search engine project and are ultimately content with the Google search engine.

Jacob Hadden
Texas A&M University, Corpus Christi

Exploit Vulnerabilities of LAMP Based Web Applications in DETERlab
The DETER testbed is a secure infrastructure that is used to test cyber-security in a realistic environment. This paper presents three experiments involving web application vulnerabilities tested on DETERlab nodes. These three vulnerabilities are: SQL Injection, Command Injection, and File Inclusion.

Howells Ihekweme
University of Maryland, College Park

Detection and Isolation of Anomalies for DETER Emulation of Abilene
The use of Internet has become the way of living for man today. However, with the use of internet requires safety and privacy. This is the reason why TRUST is pushing and working towards the quest of safety, privacy and cyber security of people using the internet for their day to day living. In this paper, the primary research goal is to study the interaction and strategies for attack and defense of control systems and (learning) detection systems in the emulated environment provided by the DETER Lab 2 cluster. This paper will be able explain for the reader to understand how to construct an emulation of a real Internet backbone and the control system behavior communicating over the Internet Abilene Network Topology built in DETER testbed using SEER. DETER is a testbed used to conduct, run, and test experiments that sometimes involve malicious codes. DETER's SEER is the Security Experimentation EnviRonment which has set of tools and agents for helping an experiment setup, script and performs experiments such as Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) in the DETER testbed environment. Moreover, SEER includes agents for traffic generation, attack generation, traffic collection and analysis. In this paper, there will be an algorithm script that detects and differentiates anomalies on the external and internal nodes. The network that is made will be used to emulate backbone network traffic and implement attacks throughout the rest of this project.
Daniel Jiang
Purdue University

Social Flows: Mining Social Topologies From Email for Online Data Sharing


Jennifer Li
Louisiana State University

Mining Trends From Network Traffic Data for Security Systems
In this project, we study the traffic behavior of a real Internet backbone, Abilene. Abilene is a complex communication network used by many universities and corporate institutions for educational and research purposes. Due to the heavy traffic flow of large networks such as Abilene, an attack could cause much destruction, and therefore, security is of utmost concern. A crucial fundamental step to strengthening network security is to obtain, analyze, and understand the behavior of normal network traffic. To do this, data was collected on the number of packets exchanged on Abilene over an extended period of time. We used this data to map out the underlying trend of traffic flow and found that daily traffic flows within each week exhibit very similar underlying trends. This is an important result because it allowed us to simulate the traffic flows using realistic functions based on these consistent trends. In future studies, the results of this work can be used in simulated attack experiments, which will ultimately allow further exploration of defense tactics to make these systems more resilient to threats

Kyle Marlin
Youngstown State University

DDoS Attacks on Plant/Controller Networks
The use of Internet has become the way of living for man today. However, with the use of internet requires safety and privacy. This is the reason why TRUST is pushing and working towards the quest of safety, privacy and cyber security of people using the internet for their day to day living. In this paper, the primary research goal is to study the interaction and strategies for attack and defense of control systems and (learning) detection systems in the emulated environment provided by the DETER Lab 2 cluster. This paper will be able explain for the reader to understand how to construct an emulation of a real Internet backbone and the control system behavior communicating over the Internet Abilene Network Topology built in DETER testbed using SEER. DETER is a testbed used to conduct, run, and test experiments that sometimes involve malicious codes. DETER's SEER is the Security Experimentation EnviRonment which has set of tools and agents for helping an experiment setup, script and performs experiments such as Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) in the DETER testbed environment. Moreover, SEER includes agents for traffic generation, attack generation, traffic collection and analysis. In this paper, there will be an algorithm script that detects and differentiates anomalies on the external and internal nodes. The network that is made will be used to emulate backbone network traffic and implement attacks throughout the rest of this project.

Radames Marrero
University of Puerto Rico, Mayaguez

Demand Response Systems: Neighborhood Aggregator Design
The principal goal of this project is to develop a theoretical software design about how a Neighborhood Aggregator would capture the data from the AMI, process that data, and send the data to its utility.
John Mela
Youngstown State University

Emulation of Abilene Network using DETER
Security of networked computing systems has become increasingly paramount. The daily function of society hinges on the safe and reliable operation of these infrastructures. The detection of attack traffic on network infrastructures necessitates experimentation on accurately modeled emulations. In this research, a model of the Abilene topology was created using the DETERlab testbed. Network traffic flows were emulated on top of this model. The specification of Abilene's traffic flows could be used to represent the network's background traffic in scale. As this model more closely imitates Abilene both in structure and behavior, a door to extensive experimentation is opened.
Michael Murphy
Franklin W. Olin College of Engineering

Detecting User Activities using the Accelerometer on Android Smartphones
The purpose of this study is to identify whether smartphones pose a security threat to the user. The accelerometer and other sensors within the device can be used without the users consent. Our intent in this is to show that the accelerometer can be used to obtain sensitive information about the user. Using the magnitude of the accelerometer data we found that we could identify general activities preformed by the user, and even have the phone learn new activities. Multiple approaches were implemented to attempt to find the best results. With individual calibration we obtained accuracy of 93%, which could be improved with future work.

Rafael Negron
University of Puerto Rico, Mayaguez

Investigating Privacy Concerns
As technology advances, the way in which privacy is both protected and violated has changed with it. By analyzing empirical data--in our case, real world complaints about information privacy issues on the internet, we can seek to understand the public's current privacy concerns. The goal of this project was to create a command line executed tool written in python to query Yahoo! Answers to obtain relevant privacy complaint data for analysis using data visualization tools. From this research, we found that certain keywords were more efficient in collecting data, and that there are consistent relationships between individual terms and phrases in Answers data. Both of these results are essential in further refining not only the terms used to obtain data but also in producing a taxonomy of privacy terms.

Jesus Noland
California State University, Fullerton

Consumer Knowledge of Disclosure Agreements
Convenience plays tricks on the mind of a consumer. When someone chooses a product in which to gain service from, too meet some means to an end that he/she cannot meet on a consistent and quality basis, they proceed to a marketplace. Let us understand what a marketplace is then. A marketplace is oddly enough a place where a market is held and in like turn, a market is where buyers come to sellers and acquire a product and/or service. The idea of paying someone else to perform a task that either you are not qualified to perform and/or do not have the time to address is a form of convenience. Within this transaction it always appears that something is sacrificed of the requester but that obviously is some form of payment. Beforehand people would barter which is a very old but stable form of establishing a foundational economy. Instead of using money to acquire a good or service, consumers were everyone as much as you could say sellers were everyone. Over our history the cycle is repeated again and again where some "genius" uses a form of money to change the economy. This changing of the basic bartering system brings forth this major idea, that information is your best asset.

Beatrice Perez
University of Puerto Rico, Mayaguez

Detecting User Activities using the Accelerometer on Android Smartphones
The purpose of this study is to identify whether smartphones pose a security threat to the user. The accelerometer and other sensors within the device can be used without the users consent. Our intent in this is to show that the accelerometer can be used to obtain sensitive information about the user. Using the magnitude of the accelerometer data we found that we could identify general activities preformed by the user, and even have the phone learn new activities. Multiple approaches were implemented to attempt to find the best results. With individual calibration we obtained accuracy of 93%, which could be improved with future work.

Efrain Plascencia
California State University, Long Beach

Network Traffic Monitoring on DETER
The use of Internet has become the way of living for man today. However, with the use of internet requires safety and privacy. This is the reason why TRUST is pushing and working towards the quest of safety, privacy and cyber security of people using the internet for their day to day living. In this paper, the primary research goal is to study the interaction and strategies for attack and defense of control systems and (learning) detection systems in the emulated environment provided by the DETER Lab 2 cluster. This paper will be able explain for the reader to understand how to construct an emulation of a real Internet backbone and the control system behavior communicating over the Internet Abilene Network Topology built in DETER testbed using SEER. DETER is a testbed used to conduct, run, and test experiments that sometimes involve malicious codes. DETER's SEER is the Security Experimentation EnviRonment which has set of tools and agents for helping an experiment setup, script and performs experiments such as Denial of Service attack (DoS) or Distributed Denial of Service attack (DDoS) in the DETER testbed environment. Moreover, SEER includes agents for traffic generation, attack generation, traffic collection and analysis. In this paper, there will be an algorithm script that detects and differentiates anomalies on the external and internal nodes. The network that is made will be used to emulate backbone network traffic and implement attacks throughout the rest of this project.

John Rivera
Youngstown State University

Networked Control System Emulation: Analysis of Controller Design
Control systems are an integral aspect of modern industrial architecture. These systems often regulate critical infrastructures, such as power plants, traffic control systems, security systems, flight control systems, and a wide range of other potentially mission critical systems. Using the DETER testbed, a networked control system (NCS) was emulated over the Abilene network topology. The behavior was simulated using an ordinary differential equation (ODE), and experiments were run to determine the influence of the control signal on plant stability. Results show that the aggressiveness of the control signal is paramount in determining the relative stability of the control system.

Anand Sonkar
Arizona State University

Investigating Privacy Concerns
As technology advances, the way in which privacy is both protected and violated has changed with it. By analyzing empirical data--in our case, real world complaints about information privacy issues on the internet, we can seek to understand the public's current privacy concerns. The goal of this project was to create a command line executed tool written in python to query Yahoo! Answers to obtain relevant privacy complaint data for analysis using data visualization tools. From this research, we found that certain keywords were more efficient in collecting data, and that there are consistent relationships between individual terms and phrases in Answers data. Both of these results are essential in further refining not only the terms used to obtain data but also in producing a taxonomy of privacy terms.
Richard Swensson
Loyola Marymount University

Improving Wireless Communications Via Hardware Design


Tiffany Tachibana
California State University, Monterey Bay

Understanding the Behavior of Internet Worm through PArallel Worm Simulator (PAWS)
Internet and the computer networks have become crucial to efficient operation of institutions and the society. But, this makes it possible for a lone hacker to significantly impact these institutions and society through worm attacks. Such worm attacks are becoming common news leading to a feeling of insecurity. The intention of this research is to study the worm's propagation behavior. These worm spread studies are adapted from the work of several computer security experts and researchers. Contained and isolated yet a realistic environment is required to study the propagation behavior of worms. DETER and PAWS are simulation tools used in this research experiment to study the Slammer worm's propagation.

Michael Walker
Youngstown State University

Standard Method of Evaluating Cryptographic Capabilities and Efficiency for Devices with the Android Platform
Mobile devices are becoming ubiquitous in society and people are starting to use their mobile devices for more than the device manufacturer could ever provide on their own. Telephony is now only a small portion of the features of mobile devices. This has led to the creation of installable Apps for mobile devices. The fastest growing mobile platform currently is Android, which supports users installing applications on their devices. This has made us interested in Android's built in security functionality. We wish to know what cryptographic capabilities are available with the built-in functionality of the Android platform and the efficiency of those algorithms in regards to time, so we work on forming a standard method of evaluation. We develop a testing application that allows us to determine the extent of available algorithms, and the efficiency in which they process. This initial project is meant as a starting point for future research by ourselves and others, providing some basic standardized tools and methods for measuring cryptographic efficiency on Android devices.

Jue Wang
Arizona State University

Modeling Plant Stability in a Networked Control System
Assurance of system stability is of paramount importance in every control system. Without the maintenance of stability, plants could easily break down and explode, resulting not only in wasted time and capital, but the potential endangerment of human lives as well. This research project focuses on modeling plant stability through the emulation of a control system and the simulation of control behavior. Preparations for the investigation involve the creation of Python-scripted software that establishes the client-server relationships, automates communication between them, as well as synchronizes the timing of task delegation. The behavior of the control system is modeled by an ordinary differential equation, where a spring constant A directly affects plant stability. After the construction of the network is complete, the software is deployed on a given isolated network and tested repeatedly for stability. Results show that stability is guaranteed when the model contains a value of A between 0 and 1 for a simple two-node network. In addition to this finding, trial runs of the software were also conducted on different topologies to show an inverse relationship between information latency and stability. This paper investigates the limiting values of constant A for plant stability under different network conditions.
Kina Winoto
University of California, Los Angeles

Location Privacy


Julian Yalaju
Syracuse University

Cookie Blocking and Privacy: First Parties Remain a Risk
HTTP cookies are small files that can make surfing the web faster and more convenient. They can allow sites to recognize returning users so that they can avoid repetitive log in procedures when they visit their favorite sites. Although these type of cookies can be beneficial, they can also be used by third parties to track users. When a user visits a domain and cookies are set on their machine directly from that site's server, these are called first-party cookies. When a third-party site sets cookies on this same domain, these are referred to as third-party cookies. Many of these third-party cookies are used to track user activity as they navigate within the domain and even when they leave to visit other domains. In the past few years, the five major shipping browsers have all implemented new privacy settings to help stop users from having their activities tracked.

In this paper, we describe our investigation of the effects of cookie blocking and privacy. We conducted two experiments to determine the effectiveness of cookie blocking in different browsers. Our first experiment was to collect raw statistics from all five major browsers while visiting all of Quantcast's top 100 sites. We wrote a code in Python that opened all 100 pages at once in each browser, and then counted the number of cookies that were set, prevalence of each cookie name and the number of unique domains that set cookies. We ran this experiment with third-party cookies blocked and unblocked to compare the difference in each browser. Our second approach was an analysis of traffic to get a closer look at the exchange of cookies between our machine and different web servers using 2 Wireshark. When we opened individual packets, we were able to locate the source IP addresses and domain names that the cookies originated from so we could tell who was setting cookies.