Research Experience for Undergraduates 2012

The 2012 REU class included the following students:

2017 Group

David Etim, North Carolina A&T State UniversityDavid Etim

Detecting Mobile Devices Used by Non-Primary Users

Throughout the summer of 2012, David conducted research on detecting when a non-primary user has stolen a mobile device. Mobile devices such as smart phones, laptops and tablets are in common use today and carry a massive amount of personal data. It’s important for this data to be protected to avoid any possible theft of mobile devices which can lead to identity theft, lost information, and other complications. If a theft was to happen, it may take hours before the owner notices the theft of their device. Therefore, the primary focus is to develop a system has been developed to detect and alert whether or not theft attacks have occurred. David implemented and evaluated algorithms as well as a detection scheme to determine an alarm rate based on a time interval and detection accuracy to locate possible abnormal patterns on a device.

Shelley Kandola, St. Lawrence UniversityShelley Kandola

Advanced Encryption Standard: Efficient Implementations of Cryptographic Algorithms

This project examined efficient implementations of the cryptographic algorithm AES on a VLIW DSP processor.Shelly implemented the AES in both C and assembly, using three methods that have different memory requirements and result in different performance. The fastest C implementation needs 224 cycles for encrypting a block while the hand optimized assembly code needs only 138 cycles. Although AES is still mathematically secure, it is vulnerable to side-channel attacks. After efficiently implementing AES, she looked at some masking techniques that make the implementation secure against differential power analysis attacks. Shelley developed a masking scheme that uses 16 input and output masks per round and refreshes the masks before the first and last rounds of the algorithm. The masking technique rendered the least efficient of the AES implementations approximately 5 times slower. However, the masked implementation is secure under against second order differential power analysis. Future work includes exploring better masking schemes and reducing the overhead.

Oliver Kubik, University of Maryland, Baltimore CountyOliver Kubik

Utilizing Cloud Computing for Processing Large Data Sets

Oliver’s study compared the access and download times when downloading files off of Amazon Simple Storage Service (S3) and Microsoft Azure Storage. This will be useful when large amount of data need to be pulled off of cloud storage within a limited amount of time. Testing determined that accessing files from Azure Storage was faster for large files (500 megabytes) and small files (4 kilobytes) when each was using a single connection. When using multiple connections, S3 performed faster. Future work could include running these same tests on RackSpace and the recently released Google Compute Machine.

Robert Kuykendall, University of Texas, San Antonio

Yaira Rivera, University of Puerto RicoRobert Kuykendall and Yaira Rivera

Trustable Medical Records

Implementing a mobile application secure enough to store personal medical information and properly enforce security policies is an important task. There is currently no good implementation of document level security for patient information, and there is no way to properly enforce HIPAA medical privacy law. To try to resolve this, Robert and Yaira created a granular, role-based access control model for XML schemas and applied this model to digital medical records. Using JAVA Eclipse IDE, the Android SDK, and JavaScript Object Notation (JSON), they adapted a mobile application called the Personal Health Assistant (PHA). This application interacts with Microsoft’s HealthVault through JSON API calls.They split the application into two separate implementations, and modified each with different objectives. One application is designed for the medical provider, and the other for the patient. In the future, both applications can be transitioned to use XML and Open mHealth standards.
Paper was published in 2014 Web Information Systems and Technologies

Jonathan Saddler, DePauw UniversityJonathan Saddler

Analysis of Data on AccuVote Optical Scan Tabulator Memory Cards

Jonathan’s research focused on the AccuVote OS (AV-OS) election tabulator. Specifically, he was interested in the measures of how audit trails are left for the interested auditor, and how the auditor may verify the results once the election process has ended. Sheets passed through the machine are untampered with as they leave the tabulator from the opposite side, leaving a paper audit trail. the term ”Voter-verified paper audit trail” is used to describe this. Previous research at the VOTER lab has uncovered that the AV-OS records data on a memory card, which can be further used as a digital audit trail for auditors. This data is stored on a removable memory card locked in the tabulator during elections. Using special software to record and view this data exactly as it is seen on, we wish to uncover the details about what this digital audit trail on the card provides, regarding where election information is stored and how the AVOS stores data to its election card and how we can verify that data matches what actually transpired during an election. The end result of our research, Jonathan wishes to accomplish, is a document describing the contents of the card in a way they can be interpreted easily by an interested auditor.

Victoria Tagarelli, Binghamton UniversityVictoria Tagarelli

Detection of Recycled FPGAs Using Ring Oscillators

Counterfeit parts have been on the rise since the beginning of the century and as counterfeiters become cleverer in ways to hide their fake components, new techniques must be developed to continue to detect and classify counterfeit parts. The majority of counterfeit components are ICs which have been used before and are now being recycled but sold as fresh ICs. Used ICs can be very harmful when used in critical applications because they may have a shorter life span on them than the owner is aware of, as well as, they may not be able to operate in the full range of absolutes expected. Programmable logic ICs are the fourth most counterfeited semiconductor of 2011; between their common applications, frequent use in defense systems and versatility, it is extremely necessary to develop a way of identifying these counterfeits. Victoria focused on Field- Programmable Gate Arrays (FPGAs) to develop a method for detecting counterfeit programmable logic ICs. Using the aging degradation of FPGAs to her advantage, Victoria has encoded ring oscillators along the Look Up Tables of the chip under test and tested the decrease in frequency accompanying a recycled chip. She took in factors such as placing of the inverters, placing of the ring oscillator all together and recovery time into account to create this method. The research has determined that under the stress aging, the frequency does decrease even after allowing a recovery time.

Spencer Timerman, St. Lawrence UniversitySpencer Timerman

Evaluating Memory Card Security Risks with the Accu-Vote Optical Scan Machine

Spencer’s project addressed the security issues with the Accu-Vote Optical Scan (AVOS) hardware and firmware in relation to the memory cards used to store the election data. Two types of cards were tested. The SRAM card, which rely on a battery to retain data are the current standard for the AVOS machine and elections within the state of Connecticut. The MRAM card uses a newer, nonvolatile form of memory.Spencer tested the durability of each of these types of cards by repeatedly reading and writing from specific but arbitrary memory addresses. The first test selected only one memory address for all of the read/writes, while the second and third tests selected multiple addresses with varying distances between them. Every card tested on a single memory location passed with over 30 billion read/writes, over 100 million read/writes per location with 16 memory locations, and over 25 million per location with 28 memory locations. The native memory card duplication function was investigated in an effort to determine if a memory card based attack on a system could be unknowingly or deliberately copied to a new card without detection. The duplicated cards filled with values to test bit-wise and byte-wise compression. A subsequent test attempted to copy two memory cards with malicious payloads on them that would take control from the AVOS machine’s running code[5]. Each card was copied completely with no obvious difference in the copying process (time, the number of times the card needed to be inserted, etc.), and the malicious payloads still functioned. Both versions of the memory card withstood the durability test and the new cards passed the further tests with multiple memory locations. The new MRAM cards do not require a battery to retain data and therefore are more stable. In addition, the card duplication was shown to be dangerous as it propagated malicious payloads.