Research Experience for Undergraduates 2018
- NSF Summer Research Experience for Undergraduates in Trustable Embedded Systems Security Research
- Departments of Electrical and Computer Engineering and Computer Science and Engineering
The 2018 REU class included the following students:
Ryan Estes, Pacific University Implementing Efficient Fuzzy Search on Encrypted Data
Cryptographically protecting databases is more challenging than just encrypting data. For effective encryption schemes, it means overhauling the mechanics that make typical databases efficient at searching for data. Lots of work has been done to build encrypted databases from the ground up. Methods for searching over encrypted databases using exact keywords have been implemented in the open source library Clusion. We have added fuzzy search to the methods present in Clusion. That is, the ability to search using words ?close? to exact keywords by an arbitrary definition of ?close?. In this paper, we first describe why it is important to encrypt databases and provide efficient fuzzy search. We then discuss how to implement efficient fuzzy search over encrypted data as described in an existing study and why it is important to do it this way for security and efficiency. We discuss various methods for constructing a closeness graph intended for use with fuzzy search and the effectiveness of them. Finally, we present timing results by running queries using our implementation of fuzzy search.
Stacia Fry, Western Oregon University Network Reachability Assessment Under Security Attack with ARC
Network configuration is a complex and arduous process that is prone to errors and bugs. Re-configuring networks during a security attack where a node fails takes time and may affect the services of the network. Analyzing and verifying network configurations is as equally complex as the design and there are many different analytical tools available to verify a network?s availability and security. Many errors in network design only manifest during failure and cause to destructive effects. Correctly verifying network configurations is an important area of research as network misconfigurations, errors, or failures may lead to downtime in services and cost companies time and money to fix. ARC is a fast network control plane analysis tool that generates abstract representations of network configurations through digraphs in order to test for invariants under arbitrary failures. We have altered ARC in a way to provide new analysis tools for network operators. The motivation behind these alterations is to provide operators a means to simulate router failure or security attack scenarios with ARCs invariant testing and network visualization. We focus our tests on link reachability analysis with router failure.
Allison Gagliano, Eastern State Connecticut University Restricted Two-State Semiquantum Key Distribution
This paper will present a semiquantum key distribution protocol which restricts the quantum party to the use of only two states in which to prepare qubits and two states in which to measure qubits. We will attempt to prove the unconditional security of the proposed protocol. This restriction of resources will demonstrate the potential bounds of semiquantum key distribution. We hope to find that the proposed protocol is equally as or more noise tolerant than previous protocols.
Md Tanvirul Islam, University of Connecticut Implementing Short-Range Wireless Standard IEEE 802.15.4 Using Custom GNURadio Blocks
Software frameworks are used to program the hardware peripherals of a software defined radio system. GNURadio is one of the most popular software frameworks used for software defined radio platforms. It provides a vast built-in library of signal-processing blocks, along with the ability to create custom signal processing blocks to achieve application-specific goals for a radio system. The signal processing blocks in GNURadio are written in C++, and are then packaged for UI using Python. Simplified Wrapper and Interface Generator (SWIG) is used to make the C++ functions accessible to Python. Custom written blocks can be added to the existing GNURadio library from a Linux environment. In this project, we have explored the ability to create customized blocks in GNURadio, and used the Zigbee IEEE 802.15.4 implementation from the open-source WIME project to send messages between two computers. IEEE 802.15.4 is a widely used standard for low data-rate wireless personal area networks (WPAN). This standard defines the physical layer and media access control (MAC) layer of the Open Systems Interconnection (OSI) network model. We used Wireshark to monitor the packet data transmissions. The successful completion of this project allowed us to understand how protocols and customized systems can be implemented in GNURadio with the help of customized written signal processing blocks. It laid the foundation for future works on implementing different network stack and topologies, and working on finding potential security issues on the software defined radio system to make it a robust wireless communication platform.
Eric Keefe, Willamette University and Nathan Pavlovsky, University of South Carolina ECG Authentication With Binary Classifiers for Mobile Devices
The electrocardiogram (ECG) has been used for biometric authentication. Recently, there has been a push to implement ECG authentication algorithms for wearable devices such as smart watches. Any such algorithm running on mobile devices must be accurate, be able to authenticate a user quickly, to function well over an extended period of time after initial configuration, and to be robust in the face of users having different states of anxiety and performing different types of physical activity. Several algorithms have been proposed in the past, including K-Nearest Neighbors Classifiers, Generative Model Classifiers, Support Vector Machine Classifiers, and Match Score Classifiers, but they have not been proven to meet all of the goals necessary for widespread adoption. Therefore, we propose the usage of a multi-classifier algorithm using a binary neural network, random forest, and a decision tree classifiers as a better solution to ECG authentication. In this paper, we will discuss this new approach to verify a user?s identity and will relay our results.
Alexandria Lin, University of Georgia Implementing a Tolerant Algebraic Side-Channel Attack on KeeLoq Using Constraint Programming
KeeLoq is a proprietary block cipher that uses a non-linear feedback shift register (NLFSR) for encryption and decryption. It is used in numerous passive entry and remote keyless entry systems, such as car keys, garage doors, and smart cards. KeeLoq?s ubiquity in secure consumer electronics has led to analysis and exploitations of the cipher in various cybersecurity research, which have successfully proven the cipher?s insecurity in practical implementations. However, these attacks result in inferior solving times and are prone to wide margins of error in recovering the key bits. This paper investigates a Tolerant Algebraic Side-Channel Analysis (TASCA) attack on KeeLoq using Constraint Programming (CP) based on an approach formulated by a recent study of Liu and Cruz for attacking the Advanced Encryption Standard (AES) cipher, that introduces a potential contender against known methodologies. This paper also justifies the use of a C++ implementation for the solver, modeling KeeLoq, and discusses expectations that a CP approach will be significantly faster and more efficient in recovering the cryptographic key than previously researched techniques, in both computational speed and memory usage, and supports CP as a strong, emerging technology with powerful applications in cryptography and related fields.
Elizabeth Muirhead, Smith College Extending the Functionality of the VoTeR Audit Stations to Perform Transitive Audits
To check the validity of an election outcome, the state of Connecticut performs audits. An audit examines some portion of the ballots to determine if the apparent election result is correct or if the state needs to perform a full recount. At the University of Connecticut in the Center for Voting Technology Research (VoTeR), auditors perform audits by scanning and reinterpreting every ballot from randomly selected voting precincts to produce cast voting records (CVRs). Auditors are then responsible for performing a second audit on those results called a transitive audit. A transitive audit is a type of risk-limiting audit, and it can catch more malicious threats to election security. Risk-limiting is based on the notion that you cannot know the true election outcome without a recount, but you can minimize the chance of an undetected false result. The following paper describes an application that helps auditors interpret and browse the results from the original audit and perform the transitive audit. By implementing an independent piece of software into the audit process, we add another layer of protection and safety to our elections.
Mariem Ouni University of Connecticut Reusable Authentication from Iris
Iris authentication is one form of biometric authentication. Different readings of the same biometric have noise, which makes it extremely unlikely that two different readings the same. One of the previous works stored the biometric on the device and used an algorithm to correct the noise or error between repeated readings. In this work, we will create a cryptographic function of the iris data when we enroll the iris. Instead of storing the value, we derive a random cryptographic key which is encrypted with parts of the iris data. We do this process multiple times with the same key and different parts of the iris. To authenticate the user, we try to decrypt each of these encryptions to get back the generated key. This construction is implemented in C. The system is fast on desktop platforms. We are implementing performance optimizations for usability on mobile platforms.