Research

Research Projects

College of Engineering & Computing

• Building a Private Bitcoin Payment Network using Off-Chain Links

  Drs. Kemal Akkaya and Selcuk Uluagac
  Email: kakkaya@fiu.edu, suluagac@fiu.edu
  Phone: 305-348-3017 

  While Bitcoin dominates the market for cryptocurrencies, its use in micropayments is still a challenge due to its long transaction validation times and fees. Recently, the concept of off-chain payments was introduced and led to a payment network called Lightning Network (LN). Off-chain links provide the ability to do transactions without writing to blockchain. However, LN's design still favors fees and is creating hub nodes that defeat the purpose of blockchain. In addition, it is still not reliable as not all the transactions are guaranteed to be transmitted to their destinations. If current vendors would like to use it, these problems might hinder its adoption. To address this issue, in this paper we advocate creating a private payment network among a given set of vendors that will serve their business needs, just like the idea of private blockchains.  The goal is to build a pure peer-to-peer topology that will eliminate the need for relays and increase the robustness of payments. Using off-chain links as edges and retailers as nodes, the problem is formulated as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we not only develop an optimization model but also propose a heuristic approach that utilizes shortest path algorithms in a dynamic way by changing the edge weights as payments are made.

   

• Vehicular Forensics via Permissioned Blockchain

  Drs. Kemal Akkaya and Selcuk Uluagac
  Email: kakkaya@fiu.edu, suluagac@fiu.edu
  Phone: 305-3483017 

  Today’s vehicles are becoming cyber-physical systems that not only communicate with other vehicles but also gather information from hundreds of sensors within them. These developments help create smart and connected self-driving vehicles that will introduce significant information to drivers, manufacturers, insurance companies and maintenance service providers for various applications. One such application that is becoming crucial with the introduction of self-driving cars is the forensic analysis of traffic accidents. The utilization of vehicle-related data can be instrumental in post-accident scenarios to discover the party at fault, particularly for self-driving vehicles. With the opportunity of being able to access various information in cars, in this project we propose a permissioned blockchain framework among the various elements involved to manage the collected vehicle-related data. Specifically, we will first integrate vehicular public key infrastructure (VPKI) to the proposed blockchain to provide membership establishment and privacy. Next, we will design a fragmented ledger that will store detailed data related to vehicles such as maintenance information/history, car diagnosis reports and so on. The proposed forensic framework enables trustless, traceable and privacy-aware post-accident analysis with minimal storage and processing overhead.

• Lightweight Symmetric Key Management for Low-Bandwidth Legacy Environments in Smart Grid

  Dr. Kemal Akkaya
  Email: kakkaya@fiu.edu
  Phone: 305-348-3017 
  Funding: DOE 

  As utility companies rightly request to build new systems on top of the legacy systems with limited investment, the research community needs to re-think the adaptation of the existing security approaches to such non-traditional legacy environments. This project aims to tackle symmetric key management in a severely constrained communication environment in the smart grid. Assuming a legacy radio communication infrastructure with bandwidths in the order of kilobits, the objective is not only to reduce the number of messages that need to be exchanged but also minimize the size of the packets that are transmitted. Specifically, we aim to bring Quick UDP Internet Connections (QUIC) protocol of Google in resource-constrained environments by eliminating the need for the PKI. For this purpose, we propose utilizing dynamic key generation techniques that applythe cryptographic hash function to a key multiple times so that this can be used for future re-keying without any need for signatures. In this way, we will be able to reduce the number of messages and their sizes significantly. In addition, the scheme lowers communication cost by relieving the signature requirement in QUIC. Finally, the scheme also addresses the reliability issues without a need to ACK messages or mechanisms such as the ones used in TCP. 

• Efficient Public-Key Management for Smart Meter Communications

  Dr. Kemal Akkaya
  Email: kakkaya@fiu.edu
  Phone: 305-348-3017 
  Funding: DOE 

  Secure smart meter communications rely on keys for encryption, decryption, authentication and so forth, but the management of keys is a challenge. This project addresses public key distribution in smart meter networks, and in particular, how to revoke breached and expired public keys. It aims to develop customized solutions for certificate revocation lists (CRLs) management that will secure the communications in Advanced Metering Infrastructure (AMI) with high efficiency. So far, we investigated bloom filters and distributed hash tables to replace the CRL with a more efficient approach. In this project, we propose a novel idea to further reduce the size of CRLs by exploiting cryptographic accumulators inspired byblockchain. The concept provides an efficient mechanism to check whether an element is a member of a specific set. Although cryptographic accumulators provide a very efficient membership test (i.e., whitelist), we need a scheme that provides a non-membership test (i.e., blacklist) to allow working with conventional CRLs where a certificate is deemed valid if it is not in the CRL. To enable an accumulator with non-membership proof capability, we construct an accumulator scheme that provides a non-membership witness for each value not on the list. In a nutshell, we propose condensing the entire CRL into a single accumulator value to avoid unmanageable CRL size for the smart meters.

• SDN and NFV-Based Moving Target Defense for Distributed Denial of Service Attacks

  Dr. Kemal Akkaya
  Email: kakkaya@fiu.edu
  Phone: 305-348-3017 

  One of the recent paradigms to provide security is based on the idea of dynamic networks, which is referred to as moving target defense (MTD). MTD aims to provide agility and/or adaptivity to current networks in order to make it harder for the attackers to launch attacks. Since dynamicity and centralized management is utmost important in applying MTD and forensics, the emerging software-defined networking (SDN) and network function virtualization (NFV) can be an excellent technology that can be integrated with MTD and forensics systems for efficient and cost-effective operations. SDN is a key in terms of imposing network-wide policies, upgrades and state changes. This project aims to investigate the potential of SDN and NFV in addressing cybersecurity and resilience for the existing enterprise networks and provide a cost-benefit analysis for all the stakeholders involved in such research and development. In particular, DDoS attacks that aim to congest permanent links are considered. New MTD approaches subordinated with SDN will dynamically change the routes by using the generated fake virtual routes and direct traffic to internal analyzers. In addition to assessing the overhead of network state changes, we also proposed a signaling game-theoretic model for defender-attacker interaction.

• Mitigating Attacks towards Networked Cyber-Physical Systems

  Dr. Kemal Akkaya
  Email: kakkaya@fiu.edu
  Phone: 305-348-3017 
  Funding: NSF 

  Developing security mechanisms for networked cyber-physical systems (NCPS) significantly differs from traditional networked systems due to the interdependence between cyber and physical subsystems (with attacks originating from either subsystem), possible cooperation between attackers or defenders and the presence of human decision makers in the loop. The main goal of this research is to develop the necessary science and engineering tools for designing NCPS security solutions that are applicable to a broad range of application domains. In particular, we experiment with traditional DDoS attacks that would result in delaying and packet losses on a two-party NCPS and analyze the behavior on the stability of the control systems. We offer solutions based on game theory.

• Drone ITS: Drone-Aided Platform for Enabling Next Generation Secure and Intelligent Transport Systems

  Drs. Kemal Akkaya and Selcuk Uluagac
  Email: kakkaya@fiu.edu, suluagac@fiu.edu
  Phone: 305-348-3017 
  Funding: QNRP 

  The goal of this project is to utilize Unmanned Air Vehicles (UAVs) or drones to not only enforce the traffic rules and support the traffic police on the ground but also provide the road users with efficient information on traffic (also referred to as intelligent traffic management). ITS UAVs will be enabled by a Dedicated Short Range Communication (DSRC) interface, for Vehicle to Vehicle (V2) and Vehicle to Infrastructure (V2X) communications. In this project, we first lay out the architectural foundations for communication requirements of UAVs by comparing the performance of LTE and mesh solutions in terms of delay and packet delivery ratio. We then looked into connectivity maintenance by introducing a form of minimum connected dominating set (MCDS) problem and how to maintain this MCDS set to keep the network connectivity all the time. Finally, we will also consider security and privacy issues. For security, the main challenge is to enable authentication of the users that will control or communicate with the UAVs. For this, we propose using an existing OAuth 2.0 framework. This will be implemented in the devices. We will then consider the privacy of the users when UAVs record video for ITS purposes. To this end, we are considering using FHE for the encryption of video so that it will stay and processed as encrypted in the servers. However, video data is huge and FHE already comes with heavy overhead, so we are exploring the extraction of the background of the videos and only focusing on objects in the video to be transmitted. 

   

• Analysis and Parsing of Unstructured Cyber-Security Incident Data

  Dr. Mark A. Finlayson
  Email: markaf@fiu.edu
  Phone: 305-348-7988 
  Funding: National Science Foundation CyberCorps Program 

  The latest threat intelligence platforms use structured protocols to share and analyze cyber-security data. However, most of this data is reported to the platform in the form of unstructured text such as social media posts, emails, and news articles, which then require manual conversion to structured form. In order to bridge the gap between unstructured and structured data, we propose to implement a natural-language-processing-(NLP)-based information extraction (IE) system that takes texts within the cyber-security domain and parses them into structured format. Our approach targets the VERIS format and makes use of the VERIS Community Database as a source of unstructured texts—primarily consisting of news articles–and their structured counterparts (VERIS reports). We propose first to use a supervised machine learning (ML) classifier to discriminate between cyber-related and non-cyber-related texts, and then to use ML classifiers decide which VERIS parameters are relevant in a given text. Then, we propose to use NLP and IE techniques to extract tuples of grammatically co-dependent words. Finally, these tuples will be passed to a domain- and field-specific IE components to fill in different fields of an output VERIS report. 

• Quantifying Information Leakage in Searchable Encryption

  Dr. Geoffrey Smith and Alexandra Boldyreva (Georgia Tech) 
  Email: smithg@cis.fiu.edu
  Phone: 305-348-6037 
  Funding: NSF EAGER 

  Cloud storage is currently experiencing explosive growth, as more and more businesses and organizations store large amounts of data on cloud servers. Encrypting such data provides security against untrusted servers or malicious intrusions, but standard encryption has the drawback of compromising functionality and efficiency—it is so strong that its ciphertexts are not searchable. For this reason, searchable encryption (SE) has become an important research area, aimed at providing weaker forms of encryption that balance security, efficiency, and functionality goals. SE schemes have already been deployed in practical systems like CryptDB, and there is strong demand for more such solutions. But it has proven very difficult to understand the security implications of using SE. Indeed, several high-profile attacks have been published, calling into question whether such systems can in fact be used safely. This project aims to bring clarity to the current rather messy situation by analyzing the amount of leakage of sensitive information that can occur under various SE schemes, thereby offering guidance to both cryptographers and practitioners about when and how such schemes can be used safely. 

  The approach is interdisciplinary, coupling the provable security analysis of cryptographic schemes with quantitative information flow (QIF) theory, building on the expertise of the researchers in their respective areas. A technical challenge is that the adversaries considered in provable security are computationally bounded, while those considered in QIF are information theoretic. But the security of an SE scheme is often formulated as computational indistinguishability from an “ideal object” which can be modeled as an information-theoretic channel, and whose leakage can then be analyzed using QIF techniques. In particular, notions of channel capacity allow worst-case bounds on information leakage to be established, and the refinement partial order enables it to be shown that one SE scheme never leaks more than another, regardless of the adversary’s prior knowledge or goals. Such analyses will be done on a number of important SE schemes, including deterministic encryption and order-preserving encryption. The goal is to establish new cryptographic foundations and metrics for measuring and comparing the security of different searchable encryption schemes and their usage. 

• The Science of Quantitative Information Flow

  Dr. Geoffrey Smith (with co-authors Mário Alvim, Kostas Chatzikokolakis, Annabelle McIver, Carroll Morgan, and Catuscia Palamidessi) 
  Email: smithg@cis.fiu.edu
  Phone: 305-348-6037 

  https://www.springer.com/us/book/9783319961293 

  Computer systems that process sensitive information should of course preserve that information's confidentiality. But our current cyber-infrastructure is clearly failing to achieve this goal: reports of massive-scale information disclosures are distressingly frequent. While such disclosures indeed have many causes, a fundamental challenge is that functional and practical requirements frequently conflict with the goal of preserving confidentiality, making perfect security unattainable. In an election, publishing tallies of votes in different precincts (aimed at ensuring the integrity of the election) conflicts with the goal of ballot confidentiality. And the need for efficient implementations of cryptography may result in side channels, where the time taken by a cryptographic operation leaks information about the secret key. This book, forthcoming from Springer, addresses this challenge by developing a comprehensive mathematical theory that explains precisely what information flow is, and how it can be assessed quantitatively—bringing precise meaning to the intuition that certain information leaks are small enough to be tolerated—and how systems can be constructed that achieve rigorous quantitative information-flow guarantees in those terms. 

• Semantics-Aware Real-Time Privacy Analysis of IoT Apps: IoTWatch

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  In the Internet of Things (IoT), users trust apps to control smart devices. These apps have access, process and send sensitive information to external parties to support the app's functionality. However, users are oblivious to the type of information IoT apps use and who can have access to this information. Existing solutions do not offer any privacy analysis that informs the users about how IoT apps use sensitive information or the privacy risks associated with these activities. To overcome these limitations, in this project, we introduce IoTWatch, a novel user-centric framework that performs analysis of IoT data flows to uncover privacy risks from apps in real time. Utilizing Natural Language Processing (NLP)-based techniques and contexts of the flows, IoTWatch fully analyzes apps and makes the users fully aware of the apps' activities. IoTWatch can be used on off-the-shelf IoT devices and apps in the market to analyze the apps and identify their privacy risks. IoTWatch is freely available to the community at https://iotwatch.appspot.com. 

• A Digital Forensics Framework for Smart Devices and Applications: IoTDots

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  IoT devices and sensors are utilized in a cooperative manner to enable the concept of a smart environment. These smart settings generate abundant data as a result of the interactions between devices and daily user activities. Such data contains valuable forensic information about events and actions occurring inside the smart environment. Nonetheless, current smart app programming platforms do not provide any digital forensics capability to identify, trace, store, and analyze the data produced in these settings. To overcome this limitation, in this project, we design and introduce IoTDots, a novel digital forensic framework for a smart environment such as smart homes and smart offices. In the event of a forensic investigation, IoTDots applies data processing and machine learning techniques to extract valuable and usable forensic information from the IoT devices' and users' activities. IoTDots is a very promising technology achieving more than 99 percent of accuracy in detecting user activities and more than 96 percent accuracy on detecting the forensic behaviors. IoTDots also yields very minimal overhead to off-the-shelf smart devices and apps. IoTDots is freely available to the community at https://name-modifier.appspot.com.  

• HealthGuard: A Machine Learning-Based Security Framework for Healthcare Systems

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  Healthcare domain is increasingly facing cybersecurity challenges and threats due to numerous security flaws and the lack of proper security measures for medical devices. Balancing security, privacy, safety and utility is a necessity where medical devices have made it possible to automatically manage and treat a number of health conditions. For instance, today, with the help of implantable medical devices and wearables, Smart Healthcare System (SHS) can continuously monitor different vital signs of a patient and automatically detect and prevent critical medical conditions. However, attackers can exploit the SHS in numerous ways: they can impede normal function of the SHS, inject false data to change vital signs and tamper a medical device to change the outcome of a medical emergency. In this project, we propose HealthGuard, a novel machine learning-based security framework to detect malicious activities in a SHS.  Observing the vital signs of different connected devices, HealthGuard is a very effective security framework for SHS with an accuracy of 91 percent and yields minimal overhead. 

• A Context-Aware Security Framework for Smart Home Systems

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). Today, a myriad of SHSs devices and applications are widely available to users and have already started to re-define our modern lives. Smart home users utilize the apps to control and automate such devices. Users can develop their own apps or easily download and install them from vendor-specific app markets. App-based SHSs offer many tangible benefits to our lives, but also unfold diverse security risks. Several attacks have already been reported for SHSs. However, current security solutions consider smart home devices and apps individually to detect malicious actions rather than the context of the SHSs as a whole. The current mechanisms cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these issues, in this project, we introduce a novel context-aware security framework to detect malicious behavior in a SHSs. Our evaluation for the efficacy and performance of the proposed framework in multiple smart home settings (i.e., single bedroom, double bedroom, duplex) with users performing day-to-day activities and real SHS device shows that our framework can detect malicious behavior in SHSs with high accuracy (more than 95 percent) and secure the smart home environment regardless of the smart home layout, device configuration, installed apps and enforced user policies. Finally, the framework can detect different malicious behavior and threats in SHSs with minimum overhead.

• USB-Watch: A Generalized Hardware-Assisted Insider Threat Detection Framework

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  The USB protocol is among the most widely adopted protocols today thanks to its plug-and-play capabilities and the vast number of devices which support the protocol. However, this same adoptability leaves unwitting computing devices prone to attacks. Malicious USB devices can disguise themselves as benign devices (e.g., keyboard, mouse, etc.) to insert malicious commands on end devices. These malicious USB devices can mimic an actual device or a human typing pattern and appear as a real device to the operating system. Typically, advanced software-based detection schemes are used to identify the malicious nature of such devices. However, a powerful adversary (e.g., as rootkits or advanced persistent threats) can still subvert those software-based detection schemes. To address these concerns, in this project, we introduce a novel hardware-assisted, dynamic USB-threat detection framework called USB-Watch utilizing a machine learning-based classifier. With real malicious USB devices (i.e.,  Rubber-Ducky) mimicking as a keyboard, USB-Watch provides a lightweight, OS-independent framework which effectively distinguishes differences between normal and malicious USB behaviors with a ROC curve of 0.89. To the best of our knowledge, this is the first hardware-based detection mechanism to dynamically detect threats coming from USB devices. 

• Privacy-Aware Wearable-Assisted Continuous Authentication Framework

  Drs. Selcuk Uluagac and Kemal Akkaya
  Email: suluagac@fiu.edu, kakkaya@fiu.edu
  Phone: 305-348-3710 

  The login process for a mobile or desktop device does not guarantee that the person using it is necessarily the intended user. If one is logged in for a long period of time, the user's identity should be periodically re-verified throughout the session without impacting their experience, something that is not easily achievable with existing login and authentication systems. Hence, continuous authentication, which re-verifies the user without interrupting their browsing session, is essential. However, authentication in such settings is highly intrusive and may expose users' sensitive information to third parties. To address these concerns, this project develops a novel privacy-aware wearable-assisted continuous authentication (WACA) framework. User-specific data is acquired through built-in sensors on a wearable device. The user data goes through privacy-preserving operations throughout the authentication process. This login procedure can be applied to a wide variety of existing enterprise authentication systems such as university campuses, corporate Information Technology divisions and government agencies. Continuous authentication and digital privacy are timely and relevant topics in today's internet-centric always-connected society. 

• Assessing and Measuring the Privacy Leakage from Smart Home Devices

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  A myriad of IoT devices such as bulbs, switches and speakers in a smart home environment allows users to easily control the physical world around them and facilitate their living styles through the sensors already embedded in these devices. Sensor data contains a lot of sensitive information about the user and devices. However, an attacker inside or near a smart home environment can potentially exploit the innate wireless medium used by these devices to exfiltrate sensitive information from the encrypted payload (i.e., sensor data) about the users and their activities, invading user privacy. With this in mind, in this project, we investigate the privacy leakage from a smart environment. We show how it is trivial to detect and identify particular types of IoT devices, their actions, states and ongoing user activities by only observing passively the traffic from smart home devices and sensors even when the traffic is encrypted. We evaluate the impact of the leakage with real measurements from an extensive set of popular off-the-shelf smart home IoT devices and sensors utilizing a set of diverse network protocols like Wi-Fi, ZigBee and BLE. Our results show that an adversary passively sniffing the traffic can achieve very high accuracy (above 90 percent) in identifying the state and actions of targeted smart home devices and their users. To protect against this privacy leakage, we also propose a countermeasure based on generating spoofed traffic to hide the real activities of the devices. We also demonstrate that the provided solution delivers better protection than existing solutions.

• Securing Sensory Side-Channels in CPS and IoT Devices and Applications

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  Sensors (e.g., light, gyroscope, accelerometer) and sensing enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any app can get access to other sensors by just accessing the generic sensor API. In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users’ sensitive information, transfer malware or record or steal sensitive information from other nearby devices. In this project, we investigate the sensory side-channel (e.g., acoustic, seismic, light, temperature) threats to CPS and IoT devices and applications and evaluate the feasibility and practicality of the attacks on real CPS and IoT equipment. The result is novel sensory side-channel-aware security tools and techniques for the CPS and IoT devices and applications. Specifically, we (1) analyze the physical characteristics of the sensory CPS/IoT side-channels to understand how the physical world impacts the cyber world of CPS and IoT devices; (2) investigate the information leakage through the sensory side-channels on the CPS and IoT devices; (3) develop a novel IDS particularly designed to be aware of the sensory CPS and IoT side-channels. 

• An IoT Fingerprinting Framework Using Inherent Device Characteristics

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  The number of Internet of Things (IoT) devices will be thirty billion by 2020. Nonetheless, the increasing number of interconnected IoT devices poses more threats to the security of the devices, applications and privacy of information. Indeed, recent figures reveal that about 70 percent of total IoT devices use unencrypted network services, 90 percent of devices collect sensitive personal credentials and 60 percent of the devices have security vulnerabilities on the user interface. As IoT devices are mostly resource-limited devices, existing security techniques may not be feasible to implement fully on such limited devices. In this work, we work on building a framework to fingerprint IoT devices to identify their device types as a complementary security measure to be used in device authentication, access control or forensic analysis. Specifically, we build a device identification framework which incorporates Machine Learning (ML) techniques with IoT packet captures. Our design combines a passive non-intrusive feature selection technique targeting different IoT protocol captures with a novel ML classifier selection algorithm. Our framework aims to enable a technology that can be used as a complementary security mechanism and a forensics tool.

• Identifying Counterfeit and Compromised Smart Grid Devices

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710 

  The use of compromised smart grid devices throughout the smart grid communication infrastructure poses several security challenges. Consequences of propagating fake data or stealing sensitive smart grid state information via compromised devices are costly. Hence, early detection of compromised smart grid devices is critical for protecting the smart grid's components and data. To address these concerns, in this project, we introduce a novel system level approach to identify compromised smart grid devices. Specifically, our approach is a configurable framework that combines system and function call tracing techniques and statistical analysis to detect compromised smart grid devices based on their behavioral characteristics. To measure the efficacy of our framework, we work with a realistic testbed that includes both resource-limited and resource-rich compromised devices and analyze various different compromised devices in our testbed. The devices communicate via an open source version of the IEC61850 protocol suite (i.e., libiec61850).

• Development of a Hands-On Security Class for Internet of Things

  Drs. Selcuk Uluagac and Kemal Akkaya
  Email: suluagac@fiu.edu, kakkaya@fiu.edu
  Phone: 305-348-3710 

  Our daily lives include myriads of robustly networked intelligent IoT devices such as heads-up displays, bio-engineered systems, intelligent sensors and autonomous systems. Unfortunately, these devices are under the constant threat of an increasing number of cyberattacks. IoT applications connected to the internet from homes, schools, government agencies, nuclear stations and private companies face millions of hacking attempts daily. Given the increasingly critical nature of the cyberspace of these IoT devices, it is imperative that they are secured. This unfortunate situation necessitates the teaching and better educating of tomorrow’s cyber workforce in terms of security practices for the IoT realm. Unfortunately, such educational and training opportunities at the undergraduate level are very limited. Therefore, in this project, we develop a novel hands-on upper undergraduate level security class for IoT. The proposed class will include learning modules (LMs) with interactive labs and application examples specifically focusing on IoT security use cases.

• Development of a Blockchain Oriented Security Class

  Dr. Selcuk Uluagac
  Email: suluagac@fiu.edu 
  Phone: 305-348-3710  

  Blockchain technology provides a distributed database of digital transactions such that a transaction can be added to the chain only after it has been verified by the participants in the system. By construction, each transaction is valid, immutable and publicly verifiable. As a result, blockchain technology creates a decentralized trusted infrastructure on which several applications can be built, including peer-to-peer electronic cash systems and smart contracts. This breakthrough innovative approach has been rapidly adopted since 2008 with an increasing rate of popularity. Blockchain technology promises to be a fundamental technology in distributed systems and their security, including IoT, smart city and supply chain management. On the other hand, an in-depth understanding of this technology is rather limited in our society, and there is a need to increase educational opportunities at the college level. Therefore, in this project, the PIs develop a novel hands-on upper undergraduate level course on the blockchain technology. The proposed course will include learning modules (LMs) with hands-on programming component and with a focus on real-life applications.

• A Privacy-Preserving Multi-Factor Authentication System

  Drs. Selcuk Uluagac and Kemal Akkaya
  Email: suluagac@fiu.edu, kakkaya@fiu.edu
  Phone: 305-348-3710 

  Multi-factor authentication (MFA) is an approach to user validation that requires the presentation of two or more authentication factors (i.e., knowledge, possession, identity) to an authenticator. Traditionally, behavioral biometrics (e.g., keystroke dynamics) have been known to have the best usability because they do not require one to know or possess anything - they simply communicate, “how you type” to an authenticator. However, though highly usable, biometrics-based MFA approaches are highly invasive and expose users’ sensitive information to untrusted servers that can keep physically identifying elements of users, long after the user ends the relationship with the site. To address these concerns, in this project, we present a privacy-preserving MFA system for computer users, called PINTA. In PINTA, the first factor is a password while the second factor is a hybrid profile of user behavior. The hybrid profile is based on users’ integrated behavior, which includes both host-based characteristics and network flow-based features. Since the features include users’ sensitive information, it needs to be protected from untrusted parties. For this, we use fuzzy hashing and fully homomorphic encryption (FHE) to protect users’ sensitive profiles and handle the varying nature of the user profiles. We evaluate the performance of our proposed approach through experiments. Our results show that PINTA can successfully validate legitimate users while detecting impostors with minimal overhead.

   

• Security Analytics for State Estimation against Stealthy Attacks

  Dr. Mohammad Rahman
  Email: marahman@fiu.edu 
  Phone: 305-348-3724 

  As the smart grid is an integration of hybrid systems and cyber technology, it often exhibits highly complex configurations among the cyber-physical components. In critical infrastructures like smart grids, a security breach can cause devastating damages. Thus, there is a great need for formal security analytics to automatically verify smart grid security controls and proactively identify potential attacks and their defense mechanisms. This work has multiple objectives: (i) modeling the stealthy attacks on state estimation as a constraint satisfaction problem considering the attack attributes in general, while incorporating other sources of attacks, particularly topology poisoning attacks; (ii) developing systematic mechanism to find the impact of stealthy attacks on different power system security and utility processes, i.e., optimal power flow, automatic generation control, etc.; and (iii) synthesizing the countermeasures to defend the power system from stealthy attacks. 

• Proactive Resiliency Threat Detection and Mitigation for Dependable Internet of Things

  Dr. Mohammad Rahman
  Email: marahman@fiu.edu 
  Phone: 305-348-3724 

  Security is a major concern at the rapid emergence of IoT. The most common use of IoT devices is in controlling physical properties, which introduces many attack vectors that can invade the physical world and pose catastrophic consequences. Therefore, it is fundamentally important to ensure resilient operation of IoT by proactively identifying potential threats and designing cost-efficient mitigation plans. The aim of this proposal is to address this need by developing a formal resiliency analysis framework that provides potential threats with respect to cyberrattack and k-resiliency properties, adversary’s capabilities, and attack goals, considering smart home as the case. We will also develop a synthesis model for automatic design of countermeasures mitigating the identified within the deployment constraints

• Formal Frameworks for Automated Design of Resiliency Configurations for Cyber Networks

  Dr. Mohammad Rahman
  Email: marahman@fiu.edu 
  Phone: 305-348-3724 

  Enterprise networks deploy security devices to control access and limit potential threats. Due to the emergence of zero-day attacks, security device-based isolation measures like access denial, trusted communication, and payload inspection are often not adequate for the resilient execution of an organization’s mission. Diversity between two hosts in terms of operating systems and services running on these hosts is crucial for limiting the attack propagation. Since different software systems have different vulnerabilities, it is important to have the hosts diversified considering the isolation among the hosts as well as the mission requirements. Redundant security measures and service plans are important for the robustness of the system. There they should have recovery plans to revive attacked components such that the damage keeps low. In this work, we plan to develop formal frameworks for synthesizing network resiliency configurations in terms of isolation, diversity, redundancy, and recovery. 

• Cracking Down Online Deception Ecosystems

  Dr. Bogdan Carbunar
  Email: carbunar@gmail.com

  The popularity and impact of online services make them targets of public opinion skewing attacks, in which adversaries manipulate the image of businesses, mobile applications and products. Product developers often turn to crowdsourcing sites to hire an army of professional fraudsters to paint a fake flattering image for mediocre products or trick people into downloading malicious software. This project aims to disrupt fraudulent job markets, identify behavioral differences between fraudsters and honest users, and design fraud detection methods for popular crowdsourcing sites such as Yelp and Google Play. Detecting fraudulent information and malicious behavior serves to improve the quality of life of online service users, helps reduce the distribution and impact of malware and protects the credibility of online services. The project webpage is available at http://www.casprlab.com/socialfraud.html

• Sensorprint: Hardware-Enforced Information Authentication for Mobile Systems

  Dr. Bogdan Carbunar
  Email:carbunar@gmail.com

  Today's societies are intrinsically and inextricably fused through a vast set of technology-driven networks, mostly mobile-based. Individuals equipped with feature-rich mobile devices effectively become the real-time eyes of the rest of the world, providing invaluable insights into remote, hard to access sites and events. However, in critical socially charged settings, it is difficult to ascertain and assert an acceptable level of trust, especially as current technologies allow easy forging, manipulation and fabrication of data. The goal of this project is to design and build technology that will endow mobile data with increased authenticity and integrity assurances. Of primary importance is the data "liveness" assurance or proof that the data has been captured live on the actual mobile device, and has not been fabricated. This project identifies and exploits the insight that mobile data and the device sensor streams simultaneously captured, necessarily bear certain relations. This research plays a fundamental role in establishing the credibility of mobile and social media, acting as the required witness to the authenticity of reported data. Applications with important social impact include citizen journalism, smart city management and prototype verification. The project webpage is available at http://www.casprlab.com/liveness.html

• Preventing Occupancy Detection from Smart Meters

  Dr. Dong Chen
  Email:dochen@cs.fiu.edu
  Phone: (305) 348- 7983

  Utilities are rapidly deploying smart meters that measure electricity usage in real-time. Unfortunately, smart meters indirectly leak sensitive information about a home's occupancy, which is easy to detect because it highly correlates with simple statistical metrics, such as power's mean, variance and range. To prevent occupancy detection, we propose using the thermal energy storage of electric water heaters already present in many homes. In essence, our approach, which we call combined heat and privacy (CHPr), modulates a water heater's power usage to make it look like someone is always home. We design a CHPr-enabled water heater that regulates its energy usage to thwart a variety of occupancy detection attacks without violating its objective to provide hot water on demand and evaluate it in simulation using real data. Our results show that a standard 50-gal CHPr-enabled water heater prevents a wide range of state-of-the-art occupancy detection attacks.

• Weatherman: Exposing Weather-Based Privacy Threats in Big Energy Data

  Dr. Dong Chen
  Email:dochen@cs.fiu.edu
  Phone: (305) 348- 7983

  Smart energy meters record electricity consumption and generation at fine-grained intervals and are among the most widely deployed sensors in the world. Energy data embeds detailed information about a building’s energy-efficiency, as well as the behavior of its occupants, which academia and industry are actively working to extract. In many cases, either inadvertently or by design, these third-parties only have access to anonymous energy data without an associated location. We present Weatherman, which leverages a suite of analytics techniques to localize the source of anonymous energy data. Our key insight is that energy consumption data, as well as wind and solar generation data, largely correlates with weather, e.g., temperature, wind speed, and cloud cover and that every location on Earth has a distinct weather signature that uniquely identifies it. Weatherman represents a serious privacy threat, but also a potentially useful tool for researchers working with anonymous smart meter data. We evaluate Weatherman’s potential in both areas by localizing data from over one hundred smart meters using a weather database that includes data from over 35,000 locations.

• SunSpot: Exposing the Location of Anonymous Solar-Powered Homes

  Dr. Dong Chen
  Email:dochen@cs.fiu.edu
  Phone: (305) 348- 7983

  Homeowners are increasingly deploying grid-tied solar systems due to the rapid decline in solar module prices. The energy produced by these solar-powered homes is monitored by utilities and third parties using networked energy meters, which record and transmit energy data at fine-grained intervals. Such energy data is considered anonymous if it is not associated with identifying account information, e.g., a name and address. Thus, energy data from these “anonymous” homes are often not handled securely: it is routinely transmitted over the Internet in plaintext, stored unencrypted in the cloud, shared with third-party energy analytics companies, and even made publicly available over the Internet. Extensive prior work has shown that energy consumption data is vulnerable to multiple attacks, which analyze it to reveal a range of sensitive private information about occupant activities. However, these attacks are useless without knowledge of a home’s location. Our key insight is that solar energy data is not anonymous: since every location on Earth has a unique solar signature, it embeds detailed location information. To explore the severity and extent of this privacy threat, we design SunSpot to localize “anonymous” solar-powered homes using their solar energy data. We evaluate SunSpot on publicly available energy data from 14 homes with rooftop solar. We find that SunSpot can localize a solar-powered home to a small region of interest that is near the smallest possible area given the energy data resolution, e.g., within a ∼500m and ∼28km radius for per-second and per-minute resolution, respectively. SunSpot then identifies solar-powered homes within this region using crowd-sourced image processing of satellite data before applying additional filters to identify a specific home.

   

• Tri-Modular Human-on-the-Loop Framework for Intelligent Visualization of Smart Grid Cyber-Events

  Dr. Arif Sarwat
  Email: asarwat@fiu.edu
  Phone: (305) 348-4941
  Funding: DOE

  To minimize the effort required by human security operators in understanding and resolving attacks on the smart grid cyber-physical system, automated detection, prevention and mitigation tools have been integrated into the infrastructure. However, existing visualization frameworks at command and control centers present information from such tools in a non-intuitive, non-contextual format, reducing the situation awareness and timeliness of decisions. There is a need for frameworks that can contextualize the data in a human-understandable format before visualizing. To this end, the paper conducts a high-level review of existing literature and introduces a conceptual human-on-the-loop framework of three modules: data analyzer comprising Kafka, Apache Spark and R, classifier comprising a deep neural network and situation-aware decision-maker comprising a learning-based cognitive model. Preliminary proof of concept is shown for data analyzer by applying it to contextualize alerts from multiple photovoltaic systems in Florida.

  Brief description of the Center for Proactive ANalytics and Data-Oriented Research on Availability & Security (PANDORAS): A dedicated research lab equipped with multicore central and general-purpose graphical processing units integrated over a secure, isolated network. These processing units host a robust data flow pipeline that streamlines data points generated at different frequencies and volumes from multiple grid-edge assets into streams that undergo preliminary processing before being stored across a distributed cluster environment in JSON format. The data collected by the center includes, but is not limited to, generation of PV production meters, PV inverter settings, frequency disturbance recorder readings, feeder relay settings, 10 years’ worth of historical values and hourly forecasts of weather and cloud coverage local to the PV systems, and grid reliability cube. Additionally, PANDORAS also runs in parallel to and replicates 20 GW of peak power generation with 5 million utility customers served by 500 distribution substations. The center conducts processing at all levels- descriptive, diagnostic, predictive, prescriptive and cognitive to understand and offer actionable insights into different scenarios of the grid in near real-time. Such processing models will help the utilities with planning and decision-making at their command and control centers as well.