Research Experience for Undergraduates 2015

NSF Summer Research Experience for Undergraduates in Trustable Embedded Systems Security Research
Departments of Electrical and Computer Engineering and Computer Science and Engineering

The 2015 REU class included the following students:

2015 Group

Carrick Bartle, California State University, Northridge

Convergent Encryption with Multi-Party Computation to Prevent Data Deduplication Side-Attacks

To prevent “confirmation of file” attacks in cloud storage, each user could encrypt their files with unique keys, but that would eliminate the possibility of performing data deduplication. Carrick looked at a compromise between the two goals of greater security and storage savings: convergent encryption within a peer-to-peer network. Shee developed a tool that uses multi-party computation to deterministically generate file keys, which prevents “confirmation of file” attacks from outside the group while still allowing data deduplication within the group. The tool also employs rate checking to prevent brute-forcing from users within the group, and because the key generation process is distributed, there is no single point of failure. Carrick also refined a software application from previous work to measure duplicate data rates among cloud storage users to ascertain whether there’s a higher rate of duplicate data within peer groups (i.e. friends and family) than across unconnected users. If there is, convergent encryption within peer groups will be a viable strategy in protecting against these side-attacks while still achieving a relatively high rate of data deduplication.

Michael Diamond, Pomona College

An In-Database Approach for Role-Based Access Control in Mobile Applications

A 2014 Connecticut law requires greater reporting and tracking of concussions for students, and in response, UConn researchers designed “Connecticut Concussion Tracker”, an Android application to aid in this reporting. In this paper, we present issues with the app’s login security. Michael researched the limitations and vulnerabilities of two-factor authentication, the current industrial security standard, as well as what methods currently exist to expand on and strengthen two-factor authentication. We also explored how some of these methods could be implemented in Android. Additionally, he worked on implementing what is called “role-based access control” (RBAC) into the app. Within a RBAC system, there are different types of users that need specific levels of access based on their role. For instance, in the particular case of the “Connecticut Concussion Tracker” app, it is easy to imagine that a school nurse would need higher levels of access to information contained within the app than a parent would need. With this problem in mind, Michael helped design and implement a framework for a RBAC system that could be used not only for the “Connecticut Concussion Tracker” but also for any other application that both requires role-based security and is linked to a database.

Nathan Dunn, University of Massachusetts, Amherst

Counterfeit Integrated Circuits: Defect Detection and Record-Keeping

The integrity of electronic components is becoming an increasing concern for businesses and governments as greater numbers of counterfeit integrated circuits infiltrate the global marketplace. To meet this increasing threat, tools are needed by researchers and businesses to both detect and track known counterfeit defects. Nathan worked on two methods to meet this objective. First, he introduced a web application that allows both researchers and businesses to share counterfeit defect images and data through an online database. Participants in this application may view previous examples of counterfeit defects across a variety of product types, as well as obtain statistics regarding the prevalence of known defects.Second, to assist in the automation of defect detection, Nathan developed an image processing method to identify scratches on the surfaces of recycled integrated circuits. By adapting previous work on damaged photo and film restoration, he utilized image frequency filtering and the Hough Transform to identify exterior damages. The proposed method found scratches on 4 of 4 sample defective sample, and avoided detecting scratches on a sample legitimate component. However, significant problems were encountered in detected scratches that were darker than the surrounding background.

Samuel Garfinkel, University of Connecticut
Edward Powell, Texas A&M Commerce

Electronic Poll Book Requirement Testing

Samuel and Edward investigated an Electronic Poll Book (EPB) in accordance with the State of Connecticut’s published requirements for such devices at the University of Connecticut Center for Voting Technology Research (VoTeR Center).

William Johnson, DePauw University

Embedded System Security johnson

As the number of connected devices in the Internet of Things (IoT) greatly expands, so too does the number of concerns regarding consumer safety and privacy. These devices are constantly connected to the Internet, presenting a prime target for malicious attackers. Yet these devices often lack modern security mechanisms. In this research, Will performed a penetration test on a target cable modem, which was running an embedded Linux OS. He explored a number of attack vectors in order to identify and exploit software, hardware, and networking vulnerabilities. The goal of this testing was not only to identify vulnerabilities, however, but also to identify possible countermeasures to mitigate these security threats. A number of these mitigations were specific to individual attack vectors, including removing debugging ports and unnecessary network daemons. Additionally, Will explored Linux Containers (LXC) in order to limit the scope of any successful security exploitations. He developed a memory utility to dynamically track the memory usage and file accesses of a process. With this utility it is possible to identify feasible limits on the resource usage of a process.

Amanda Murphy, Canisius College

Implementing Adaptive Trust Negotiation on Mobile Devices

Mobile security is a serious issue with the rising prevalence of mobile devices in the workplace. These devices are being used to not only communicate but also to connect to systems with sensitive information. Currently we can identify whether an individual should have access to a system by associating this user with data that is exclusive to them. We can give individuals usernames and passwords which they must remember or even use biometric data like a fingerprint. Still both of these methods have serious limitations and one of the most serious is that they cannot grant a new individual access in time critical situations. For example, an emergency room doctor may have a new patient whose in critical condition. In order to get this patient’s records the doctor would need to access the servers of a different Hospital but the doctor is not authorized to see this information. This situations calls for a system that can not only identify individuals but also grant new individuals access. To do this Amanda designed a client side mobile app which works off the principles of adaptive trust negotiation. The app can communicate with servers in a secure fashion and allows users to send their credentials so that the server can decided whether or not to authorize the user. It also stores the user’s credentials and allows a user to decide which credentials should be sent for each situation.

Somtochukwu Okwuosah, University of Connecticut

Analysis of SRAM cells for True Random Number Generation

okwuosah A True Random Number Generator (TRNG) refers to circuitry that when given an input, gives anoutput possessing the highest entropy possible. The use of SRAM as a TRNG is as a result of the fact that some cells within the SRAM are biased to either 0 or 1. In the case of strongly biased cells, they tend to either 0 or 1 all the time. However, some cells are neutrally biased; meaning they have a 50 percent probability of being either 0 or 1. In order for the values of these cells to be considered truly random, they have to have no discernable pattern. Thus, the cells should have a 50-50% distribution under all conditions. Somtochukwu analyzed the property of these neutral cells to determine how effective they can be as true random numbers. He tested the SRAM cells in varying environmental conditions to find the most effective conditions in which to determine what cells are neutral. We also developed metrics that we were able to use to locate those neutral cells. The location of these neutral cells is important to know because SRAMs have large arrays of cells which make it crucial to narrow down the search for such cells. Without such knowledge, more time and resources are spent on just finding these cells and finding the best conditions to test their neutrality. All of the SRAM testing was performed on a Spartan 3 FPGA board. Results are still being analyzed but Somtochukwu’s research should be able to provide specific conditions at which the SRAM needs to be tested, as well as code that identifies the neutral cells thereby eliminating the need for a brute force approach to locating the desired cells.

Astha Patni, University of Connecticut

Securing Processors against Buffer Overflow Attacks patni

The low performance, limited security and high modification costs associated with bounds checking programs are well known. Softbound + Compiler Enforced Temporal Safety (CETS) is a compile-time program combination which enforces complete spatial and temporal safety of C/C++ code while minimizing these costs; a revolutionary advancement in the field. Yet it still adds a runtime overhead reaching magnitudes of up to 10 times that of the original program with an in-order processor, making it an infeasible security measure for real-world systems. Astha investigated prefetching as a viable method to reduce the overall runtime overhead of Softbound + CETS. Softbound + CETS metadata was distinguished within three types of SPEC 2006 benchmarks using an in-order processor and found strong streams of metadata use with varying spatial locality. A hardware-based stream prefetcher integrated into our simulation software was able to reduce completion times by an average of 2.46 times (in-order core) and 1.87 times the improvement (out-of-order core) than with baseline tests.
Paper was published in 2015 IEEE International Conference on Computer Design

Youyou Tian, Smith College
Jason Townsley, University of Arkansas

Evaluating the Functionality of Embedded User Interfaces in LayerCake

tonswley tian LayerCake is a modified version of Android that enables developers to securely embed user interfaces in Android applications. It was constructed by researchers at the University of Washington, who assert that LayerCake addresses the security concerns that come with embedding user interfaces while having minimal impact on overall system performance. Youyou and Jason tested the functionality of LayerCake by writing several applications that embed both custom and legacy applications. They also measured and compared the performance times of applications with embedded user interfaces with standard applications. In the process of testing LayerCake, they discovered an error that occurs when an embedded application attempts to attach a sub-window to itself, such as when a user opens a drop-down menu. As a result, LayerCakes ability to provide complete functionality for embedding is disrupted. Youyou and Jason also determined the causes of this error and explored possible solutions.