Browsing by Author "Stavrou, Angelos"

Now showing 1 - 14 of 14
  • Thumbnail Image
    The application of DRAM PUF as a physical token
    Ayaluru Venkata Krishnan, Sruthi (Virginia Tech, 2024-05-31)
    The exploration of leveraging physical attributes of hardware for cryptographic purposes has become a topic of research. Among these avenues, the utilization of Physical Unclonable Functions (PUFs) is one feature that is widely studied. PUFs provide the ability to generate encryption keys for device authentication by exploiting inherent variations in physical structures. In this research work, the focus lies on probing the characteristics of a DRAM-based PUF structure on the Intel Galileo Platform to discern its degradation traits and assess its suitability as a cryptographic primitive. As the adoption of PUFs in diverse applications surges, it becomes imperative to scrutinize their susceptibility to various forms of side-channel attacks. The research work is divided into two parts. First, experimental investigations have been undertaken to ascertain the vulnerability of the DRAM PUF which is the magnetic fault injection to understand its resilience against such threats. Secondly, the analysis of PUF measurements has been conducted to elucidate its potential as a dependable source for physical cryptography, particularly in the context of the oblivious transfer protocol which is based on the fuzzy transfer protocol. The results contributes to a deeper understanding of its application as a physical token as well as the security implications associated with deploying PUFs in cryptographic applications and pave the way for the development of robust countermeasures to mitigate emerging risks.
  • Thumbnail Image
    Building trustworthy machine learning systems in adversarial environments
    Wang, Ning (Virginia Tech, 2023-05-26)
    Modern AI systems, particularly with the rise of big data and deep learning in the last decade, have greatly improved our daily life and at the same time created a long list of controversies. AI systems are often subject to malicious and stealthy subversion that jeopardizes their efficacy. Many of these issues stem from the data-driven nature of machine learning. While big data and deep models significantly boost the accuracy of machine learning models, they also create opportunities for adversaries to tamper with models or extract sensitive data. Malicious data providers can compromise machine learning systems by supplying false data and intermediate computation results. Even a well-trained model can be deceived to misbehave by an adversary who provides carefully designed inputs. Furthermore, curious parties can derive sensitive information of the training data by interacting with a machine-learning model. These adversarial scenarios, known as poisoning attack, adversarial example attack, and inference attack, have demonstrated that security, privacy, and robustness have become more important than ever for AI to gain wider adoption and societal trust. To address these problems, we proposed the following solutions: (1) FLARE, which detects and mitigates stealthy poisoning attacks by leveraging latent space representations; (2) MANDA, which detects adversarial examples by utilizing evaluations from diverse sources, i.e, model-based prediction and data-based evaluation; (3) FeCo which enhances the robustness of machine learning-based network intrusion detection systems by introducing a novel representation learning method; and (4) DP-FedMeta, which preserves data privacy and improves the privacy-accuracy trade-off in machine learning systems through a novel adaptive clipping mechanism.
  • Thumbnail Image
    Circuit Support for Practical and Performant Batteryless Systems
    Williams, Harrison Ridgway (Virginia Tech, 2024-06-03)
    Tiny, ultra-low-power embedded processors enable sophisticated computing deployments in a myriad of areas previously off limits to computing power, ranging from intelligent medical implants to massive scale 'smart dust'-type sensing deployments. While today's computing and sensing hardware is well-suited for these next generation deployments, the batteries powering them are not: the size and weight of today's mobile and Internet-of-Things devices are dominated by their batteries, which also limit systems' lifespans and potential for deployment in sensitive contexts. Academic efforts have demonstrated the feasibility of harvesting energy on-demand from the environment as a practical alternative to classical battery power, instead buffering harvested energy in a capacitor to power intermittent bursts of operation. Energy harvesting circuits are miniaturizable, inexpensive, and enable effectively indefinite operation when compared to batteries---but introduce new problems stemming from the lack of a reliable power source. Unfortunately, these problems have so far confined batteryless systems to small-scale research deployments. The central design challenge for effective batteryless operation is efficiently using scarce input power from the energy harvesting frontend. Despite advances in both harvester and processor efficiency, digital systems often consume orders of magnitude more power than can be supplied by harvesting circuits---forcing systems to operate in short bursts punctuated by power failure and a long recharge period. Today's batteryless systems pay a steep price to sustain operation across these common-case power losses: current platforms depend on high-performance non-volatile memory to quickly and efficiently checkpoint program state before power loss, limiting batteryless operation to a small selection of devices which integrate these novel memory technologies. Choosing exactly when to checkpoint to non-volatile memory represents a challenge in itself: the hardware required to detect impending power failure often represents a large proportion of the system's overall energy consumption, forcing designers to choose between the energy overhead of voltage monitoring or the runtime overhead of 'energy-oblivious' checkpointing models. Finally, the choice of buffer capacitor size has a large impact on overall energy efficiency---but the optimal choice depends on runtime energy dynamics which are difficult to predict at design time, leaving designers to make at best educated guesses about future environmental conditions. This work approaches energy harvesting system design from a circuits perspective, answering the following research questions towards practical and performant batteryless operation: 1. Can the emergent properties of today's low-power systems be used to enable efficient intermittent operation on new classes of devices? 2. What compromises can we make in voltage monitor design to minimize power consumption while maintaining just enough functionality for batteryless operation? 3. How can we buffer harvested energy in a way that maximizes energy efficiency despite unpredictable system-level power dynamics? This work answers the following questions by producing the following research artifacts: 1. The first non-volatile memory invariant system to enable intermittent operation on embedded devices lacking high-performance memory (Chapter 2). 2. The first voltage monitoring circuit designed for batteryless systems to enable energy-aware operation without sacrificing efficiency (Chapter 3). 3. The first highly efficient power-adaptive energy buffer to store harvested energy without compromising on efficiency or performance (Chapter 4).
  • Thumbnail Image
    Design of Secure Scalable Frameworks for Next Generation Cellular Networks
    Atalay, Tolga Omer (Virginia Tech, 2024-06-06)
    Leveraging Network Functions Virtualization (NFV), the Fifth Generation (5G) core, and Radio Access Network (RAN) functions are implemented as Virtual Network Functions (VNFs) on Commercial-off-the-Shelf (COTS) hardware. The use of virtualized micro-services to implement these 5G VNFs enables the flexible and scalable construction of end-to-end logically isolated network fragments denoted as network slices. The goal of this dissertation is to design more scalable, flexible, secure, and visible 5G networks. Thus, each chapter will present a design and evaluation that addresses one or more of these aspects. The first objective is to understand the limits of 5G core micro-service virtualization when using lightweight containers for constructing various network slicing models with different service guarantees. The initial deployment model consists of the OpenAirInterface (OAI) 5G core in a containerized setting to create a universally deployable testbed. Operational and computational stress tests are performed on individual 5G core VNFs where different network slicing models are created that are applicable to real-life scenarios. The analysis captures the increase in compute resource consumption of individual VNFs during various core network procedures. Furthermore, using different network slicing models, the progressive increase in resource consumption can be seen as the service guarantees of the slices become more demanding. The framework created using this testbed is the first to provide such analytics on lightweight virtualized 5G core VNFs with large-scale end-to-end connections. Moving into the cloud-native ecosystem, 5G core deployments will be orchestrated by middle-men Network-slice-as-a-Service (NSaaS) providers. These NSaaS providers will consume Infrastructure-as-a-service (IaaS) offerings and offer network slices to Mobile Virtual Network Operators (MVNOs). To investigate this future model, end-to-end emulated 5G deployments are conducted to offer insight into the cost implications surrounding such NSaaS offerings in the cloud. The deployment features real-life traffic patterns corresponding to practical use cases which are matched with specific network slicing models. These models are implemented in a 5G testbed to gather compute resource consumption metrics. The obtained data are used to formulate infrastructure procurement costs for popular cloud providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. The results show steady patterns in compute consumption across multiple use cases, which are used to make high-scale cost projections for public cloud deployments. In the end, the trade-off between cost and throughput is achieved by decentralizing the network slices and offloading the user plane. The next step is the demystification of 5G traffic patterns using the Over-the-Air (OTA) testbed. An open-source OTA testbed is constructed leveraging advanced features of 5G radio access and core networks developed by OAI. The achievable Quality of Service (QoS) is evaluated to provide visibility into the compute consumption of individual components. Additionally, a method is presented to utilize WiFi devices for experimenting with 5G QoS. Resource consumption analytics are collected from the 5G user plane in correlation to raw traffic patterns. The results show that the open-source 5G testbed can sustain sub-20ms latency with up to 80Mbps throughput over a 25m range using COTS devices. Device connection remains stable while supporting different use cases such as AR/VR, online gaming, video streaming, and Voice-over IP (VoIP). It illustrates how these popular use cases affect CPU utilization in the user plane. This provides insight into the capabilities of existing 5G solutions by demystifying the resource needs of specific use cases. Moving into public cloud-based deployments, creates a growing demand for general-purpose compute resources as 5G deployments continue to expand. Given their existing infrastructures, cloud providers such as AWS are attractive platforms to address this need. Therefore, it is crucial to understand the control and user plane QoS implications associated with deploying the 5G core on top of AWS. To this end, a 5G testbed is constructed using open-source components spanning multiple global locations within the AWS infrastructure. Using different core deployment strategies by shuffling VNFs into AWS edge zones, an operational breakdown of the latency overhead is conducted for 5G procedures. The results show that moving specific VNFs into edge regions reduces the latency overhead for key 5G operations. Multiple user plane connections are instantiated between availability zones and edge regions with different traffic loads. As more data sessions are instantiated, it is observed that the deterioration of connection quality varies depending on traffic load. Ultimately, the findings provide new insights for MVNOs to determine favorable placements of their 5G core entities in the cloud. The transition into cloud-native deployments has encouraged the development of supportive platforms for 5G. One such framework is the OpenRAN initiative, led by the O-RAN Alliance. The OpenRAN initiative promotes an open Radio Access Network (RAN) and offers operators fine-grained control over the radio stack. To that end, O-RAN introduces new components to the 5G ecosystem, such as the near real-time RAN Intelligent Controller (near-RT RIC) and the accompanying Extensible Applications (xApps). The introduction of these entities expands the 5G threat surface. Furthermore, with the movement from proprietary hardware to virtual environments enabled by NFV, attack vectors that exploit the existing NFV attack surface pose additional threats. To deal with these threats, the textbf{xApp repository function (XRF)} framework is constructed for scalable authentication, authorization, and discovery of xApps. In order to harden the XRF microservices, deployments are isolated using Intel Software Guard Extensions (SGX). The XRF modules are individually benchmarked to compare how different microservices behave in terms of computational overhead when deployed in virtual and hardware-based isolation sandboxes. The evaluation shows that the XRF framework scales efficiently in a multi-threaded Kubernetes environment. Isolation of the XRF microservices introduces different amounts of processing overhead depending on the sandboxing strategy. A security analysis is conducted to show how the XRF framework addresses chosen key issues from the O-RAN and 5G standardization efforts. In the final chapter of the dissertation, the focus shifts towards the development and evaluation of 5G-STREAM, a service mesh tailored for rapid, efficient, and authorized microservices in cloud-based 5G core networks. 5G-STREAM addresses critical scalability and efficiency challenges in the 5G core control plane by optimizing traffic and reducing signaling congestion across distributed cloud environments. The framework enhances Virtual Network Function (VNF) service chains' topology awareness, enabling dynamic configuration of communication pathways which significantly reduces discovery and authorization signaling overhead. A prototype of 5G-STREAM was developed and tested, showing a reduction of up to 2× in inter-VNF latency per HTTP transaction in the core network service chains, particularly benefiting larger service chains with extensive messaging. Additionally, 5G-STREAM's deployment strategies for VNF placement are explored to further optimize performance and cost efficiency in cloud-based infrastructures, ultimately providing a scalable solution that can adapt to increasing network demands while maintaining robust service levels. This innovative approach signifies a pivotal advancement in managing 5G core networks, paving the way for more dynamic, efficient, and cost-effective cellular network infrastructures. Overall, this dissertation is devoted to designing, building, and evaluating scalable and secure 5G deployments.
  • Thumbnail Image
    Designing Security Defenses for Cyber-Physical Systems
    Foruhandeh, Mahsa (Virginia Tech, 2022-05-04)
    Legacy cyber-physical systems (CPSs) were designed without considering cybersecurity as a primary design tenet especially when considering their evolving operating environment. There are many examples of legacy systems including automotive control, navigation, transportation, and industrial control systems (ICSs), to name a few. To make matters worse, the cost of designing and deploying defenses in existing legacy infrastructure can be overwhelming as millions or even billions of legacy CPS systems are already in use. This economic angle, prevents the use of defenses that are not backward compatible. Moreover, any protection has to operate efficiently in resource constraint environments that are dynamic nature. Hence, the existing approaches that require ex- pensive additional hardware, propose a new protocol from scratch, or rely on complex numerical operations such as strong cryptographic solutions, are less likely to be deployed in practice. In this dissertation, we explore a variety of lightweight solutions for securing different existing CPSs without requiring any modifications to the original system design at hardware or protocol level. In particular, we use fingerprinting, crowdsourcing and deterministic models as alternative backwards- compatible defenses for securing vehicles, global positioning system (GPS) receivers, and a class of ICSs called supervisory control and data acquisition (SCADA) systems, respectively. We use fingerprinting to address the deficiencies in automobile cyber-security from the angle of controller area network (CAN) security. CAN protocol is the de-facto bus standard commonly used in the automotive industry for connecting electronic control units (ECUs) within a vehicle. The broadcast nature of this protocol, along with the lack of authentication or integrity guarantees, create a foothold for adversaries to perform arbitrary data injection or modification and impersonation attacks on the ECUs. We propose SIMPLE, a single-frame based physical layer identification for intrusion detection and prevention on such networks. Physical layer identification or fingerprinting is a method that takes advantage of the manufacturing inconsistencies in the hardware components that generate the analog signal for the CPS of our interest. It translates the manifestation of these inconsistencies, which appear in the analog signals, into unique features called fingerprints which can be used later on for authentication purposes. Our solution is resilient to ambient temperature, supply voltage value variations, or aging. Next, we use fingerprinting and crowdsourcing at two separate protection approaches leveraging two different perspectives for securing GPS receivers against spoofing attacks. GPS, is the most predominant non-authenticated navigation system. The security issues inherent into civilian GPS are exacerbated by the fact that its design and implementation are public knowledge. To address this problem, first we introduce Spotr, a GPS spoofing detection via device fingerprinting, that is able to determine the authenticity of signals based on their physical-layer similarity to the signals that are known to have originated from GPS satellites. More specifically, we are able to detect spoofing activities and track genuine signals over different times and locations and propagation effects related to environmental conditions. In a different approach at a higher level, we put forth Crowdsourcing GPS, a total solution for GPS spoofing detection, recovery and attacker localization. Crowdsourcing is a method where multiple entities share their observations of the environment and get together as a whole to make a more accurate or reliable decision on the status of the system. Crowdsourcing has the advantage of deployment with the less complexity and distributed cost, however its functionality is dependent on the adoption rate by the users. Here, we have two methods for implementing Crowdsourcing GPS. In the first method, the users in the crowd are aware of their approximate distance from other users using Bluetooth. They cross validate this approximate distance with the GPS-derived distance and in case of any discrepancy they report ongoing spoofing activities. This method is a strong candidate when the users in the crowd have a sparse distribution. It is also very effective when tackling multiple coordinated adversaries. For method II, we exploit the angular dispersion of the users with respect to the direction that the adversarial signal is being transmitted from. As a result, the users that are not facing the attacker will be safe. The reason for this is that human body mostly comprises of water and absorbs the weak adversarial GPS signal. The safe users will help the spoofed users find out that there is an ongoing attack and recover from it. Additionally, the angular information is used for localizing the adversary. This method is slightly more complex, and shows the best performance in dense areas. It is also designed based on the assumption that the spoofing attack is only terrestrial. Finally, we propose a tandem IDS to secure SCADA systems. SCADA systems play a critical role in most safety-critical infrastructures of ICSs. The evolution of communications technology has rendered modern SCADA systems and their connecting actuators and sensors vulnerable to malicious attacks on both physical and application layers. The conventional IDS that are built for securing SCADA systems are focused on a single layer of the system. With the tandem IDS we break this habit and propose a strong multi-layer solution which is able to expose a wide range of attack. To be more specific, the tandem IDS comprises of two parts, a traditional network IDS and a shadow replica. We design the shadow replica as a deterministic IDS. It performs a workflow analysis and makes sure the logical flow of the events in the SCADA controller and its connected devices maintain their expected states. Any deviation would be a malicious activity or a reliability issue. To model the application level events, we leverage finite state machines (FSMs) to compute the anticipated states of all of the devices. This is feasible because in many of the existing ICSs the flow of traffic and the resulting states and actions in the connected devices have a deterministic nature. Consequently, it leads to a reliable and free of uncertainty solution. Aside from detecting traditional network attacks, our approach bypasses the attacker in case it succeeds in taking over the devices and also maintains continuous service if the SCADA controller gets compromised.
  • Thumbnail Image
    Dial "N" for NXDomain: The Scale, Origin, and Security Implications of DNS Queries to Non-Existent Domains
    Liu, Guannan; Jin, Lin; Hao, Shuai; Zhang, Yubao; Liu, Daiping; Stavrou, Angelos; Wang, Haining (ACM, 2023-10-24)
    Non-Existent Domain (NXDomain) is one type of the Domain Name System (DNS) error responses, indicating that the queried domain name does not exist and cannot be resolved. Unfortunately, little research has focused on understanding why and how NXDomain responses are generated, utilized, and exploited. In this paper, we conduct the first comprehensive and systematic study on NXDomain by investigating its scale, origin, and security implications. Utilizing a large-scale passive DNS database, we identify 146,363,745,785 NXDomains queried by DNS users between 2014 and 2022. Within these 146 billion NXDomains, 91 million of them hold historic WHOIS records, of which 5.3 million are identified as malicious domains including about 2.4 million blocklisted domains, 2.8 million DGA (Domain Generation Algorithms) based domains, and 90 thousand squatting domains targeting popular domains. To gain more insights into the usage patterns and security risks of NXDomains, we register 19 carefully selected NXDomains in the DNS database, each of which received more than ten thousand DNS queries per month. We then deploy a honeypot for our registered domains and collect 5,925,311 incoming queries for 6 months, from which we discover that 5,186,858 and 505,238 queries are generated from automated processes and web crawlers, respectively. Finally, we perform extensive traffic analysis on our collected data and reveal that NXDomains can be misused for various purposes, including botnet takeover, malicious file injection, and residue trust exploitation.
  • Thumbnail Image
    Enabling rApp in 5G O-RAN: An Spectral Optimization (SO)rApp Use Case
    Mallu, Jaswanth Sai Reddy (Virginia Tech, 2024-06-12)
    This thesis comprehensively examines the rApp lifecycle within the O-RAN Alliance (O- RAN) Non-Real Time RIC (Non-RT RIC) framework, serving as a practical guide for exper- imental research and development. The focus is on the entire lifecycle of rApp development, from designing and onboarding to deployment and execution, using a spectral efficiency op- timization use case to illustrate the process. The study develops and integrates a Spectrum Optimization (SO)rApp employing Reinforcement Learning (RL) techniques, specifically a Deep Q-Network (DQN) model, within the O-RAN architecture. The research highlights how the SOrApp dynamically allocates spectrum resources to enhance network performance under varying demand conditions. Utilizing the Network Simulator (NS)-3 5G-LENA simulator, the thesis replicates diverse service demand scenarios to evaluate the rApp's effectiveness in optimizing spectral efficiency. The findings demonstrate that integrating Artificial Intelligence (AI)-driven rApps within the O-RAN framework significantly improves spectral efficiency and overall network performance, providing valuable insights and methodologies for future research and practical implementations in 5G networking.
  • Thumbnail Image
    Fault Injection Attacks on RSA and CSIDH
    Chiu, TingHung (Virginia Tech, 2024-05-16)
    Fault injection attacks are a powerful technique that intentionally induces faults during computations to leak secret information. This thesis studies the fault injection attack techniques. The thesis first categorizes various fault attack methods by fault model and fault analysis and gives examples of the various fault attacks on symmetric key cryptosystems and public key cryptosystems. The thesis then demonstrates fault injection attacks on RSA-CRT and constant time CSIDH. The fault attack consists of two main components: fault modeling, which examines methods for injecting faults in a target device, and fault analysis, which analyzes the resulting faulty outputs to deduce secrets in each cryptosystem. The thesis aims to provide a comprehensive survey on fault attack research, directions for further study on securing real-world cryptosystems against fault injection attacks, testing fault injection attacks with RSA-CRT, and demonstrate and evaluate fault injection attacks on constant time CSIDH.
  • Thumbnail Image
    Improving Security of Edge Devices by Offloading Computations to Remote, Trusted Execution Environments
    Bilbao Munoz, Carlos (Virginia Tech, 2022-01-11)
    In this thesis we aim to push forward the state-of-the-art security on instruction set architecture (ISA) heterogeneous systems by adopting an edge-computing approach. As the embedded devices market grows, such systems remain affected by a wide range of attacks and are particularly vulnerable to techniques that render the operating system or hypervisor untrusted. The usage of Trusted Execution Environments (TEEs) can help mitigate such threat model(s) immensely, but embedded devices rarely count with the hardware support required. To address this situation and enhance security on embedded devices, we present the RemoteTrust framework, which allows modest devices to offload secure computations on a remote server with hardware-level TEEs. To ease portability, we develop the framework on top of the open-source hardware-agnostic Open Enclave SDK. We evaluate the framework from a security and performance perspectives on a realistic infrastructure. In terms of security, we provide a list of CVEs that could potentially be mitigated by RemoteTrust, and we prevent the Heartbleed attack on a vulnerable server. From a performance perspective, we port C/C++ benchmarks of SPEC CPU 2017, two overhead microbenchmarks and five open-source applications, demonstrating small communication overhead (averaging less than 1 second per 100 remote single-parameter enclave calls).
  • Thumbnail Image
    Investigating Security Threats of Resource Mismanagement in Networked Systems
    Liu, Guannan (Virginia Tech, 2023-08-10)
    The complexity of networked systems has been continuously growing, and the abundance of online resources has presented practical management challenges. Specifically, system administrators are required to carefully configure their online systems to minimize security vulnerabilities of resource management, including resource creation, maintenance, and disposal. However, numerous networked systems have been exploited or compromised by adversaries, due to misconfiguration and mismanagement of human errors. In this dissertation, we explore different network systems to identify security vulnerabilities that adversaries could exploit for malicious purposes. First, we investigate the identity-account inconsistency threat, a new SSO vulnerability that can cause the compromise of online accounts. We demonstrate that this inconsistency in SSO authentication allows adversaries controlling a reused email address to take over online accounts without using any credentials. To substantiate our findings, we conduct a measurement study on the account management policies of various cloud email providers, highlighting the feasibility of acquiring previously used email accounts. To gain insight into email reuse in the wild, we examine commonly employed naming conventions that contribute to a significant number of potential email address collisions. To mitigate the identity-account inconsistency threat, we propose a range of useful practices for end-users, service providers, and identity providers. Secondly, we present a comprehensive study on the vulnerability of container registries to typosquatting attacks. In typosquatting attacks, adversaries intentionally upload malicious container images with identifiers similar to those of benign images, leading users to inadvertently download and execute malicious images. Our study demonstrates that typosquatting attacks can pose a significant security threat across public and private container registries, as well as across multiple platforms. To mitigate the typosquatting attacks in container registries, we propose CRYSTAL, a lightweight extension to the existing Docker command-line interface. Thirdly, we present an in-depth study on hardware resource management in cloud gaming services. Our research uncovers that adversaries can intentionally inject malicious programs or URLs into these services using game mods. To demonstrate the severity of these vulnerabilities, we conduct four proof-of-concept attacks on cloud gaming services, including crypto-mining, machine-learning model training, Command and Control, and censorship circumvention. In response to these threats, we propose several countermeasures that cloud gaming services can implement to safeguard their valuable assets from malicious exploitation. These countermeasures aim to enhance the security of cloud gaming services and mitigate the security risks associated with hardware mismanagement. Last but not least, we present a comprehensive and systematic study on NXDomain, examining its scale, origin, and security implications. By leveraging a large-scale passive DNS database, we analyze a vast dataset spanning from 2014 to 2022, identifying an astonishing 146 trillion NXDomains queried by DNS users. To gain further insights into the usage patterns and security risks associated with NXDomains, we carefully select and register 19 NXDomains in the DNS database. To analyze the behavior and sources of these queries, we deploy a honeypot for our registered domains and collect 5,925,311 queries over a period of six months. Furthermore, we conduct extensive traffic analysis on the collected data, uncovering various malicious uses of NXDomains, including botnet takeovers, malicious file injections, and exploitation of residual trust.
  • Thumbnail Image
    OPTILOD: Optimal Beacon Placement for High-Accuracy Indoor Localization of Drones
    Famili, Alireza; Stavrou, Angelos; Wang, Haining; Park, Jung-Min (Jerry) (MDPI, 2024-03-14)
    For many applications, drones are required to operate entirely or partially autonomously. In order to fly completely or partially on their own, drones need to access location services for navigation commands. While using the Global Positioning System (GPS) is an obvious choice, GPS is not always available, can be spoofed or jammed, and is highly error-prone for indoor and underground environments. The ranging method using beacons is one of the most popular methods for localization, especially for indoor environments. In general, the localization error in this class is due to two factors: the ranging error, and the error induced by the relative geometry between the beacons and the target object to be localized. This paper proposes OPTILOD (Optimal Beacon Placement for High-Accuracy Indoor Localization of Drones), an optimization algorithm for the optimal placement of beacons deployed in three-dimensional indoor environments. OPTILOD leverages advances in evolutionary algorithms to compute the minimum number of beacons and their optimal placement, thereby minimizing the localization error. These problems belong to the Mixed Integer Programming (MIP) class and are both considered NP-hard. Despite this, OPTILOD can provide multiple optimal beacon configurations that minimize the localization error and the number of deployed beacons concurrently and efficiently.
  • Thumbnail Image
    Precise Geolocation for Drones, Metaverse Users, and Beyond: Exploring Ranging Techniques Spanning 40 KHz to 400 GHz
    Famili, Alireza (Virginia Tech, 2024-01-09)
    This dissertation explores the realm of high-accuracy localization through the utilization of ranging-based techniques, encompassing a spectrum of signals ranging from low-frequency ultrasound acoustic signals to more intricate high-frequency signals like Wireless Fidelity (Wi-Fi) IEEE 802.11az, 5G New Radio (NR), and 6G. Moreover, another contribution is the conception of a novel timing mechanism and synchronization protocol grounded in tunable quantum photonic oscillators. In general, our primary focus is to facilitate precise indoor localization, where conventional GPS signals are notably absent. To showcase the significance of this innovation, we present two vital use cases at the forefront: drone localization and metaverse user positioning. In the context of indoor drone localization, the spectrum of applications ranges from recreational enthusiasts to critical missions requiring pinpoint accuracy. At the hobbyist level, drones can autonomously navigate intricate indoor courses, enriching the recreational experience. As a finer illustration of a hobbyist application, consider the case of ``follow me drones". These specialized drones are tailored for indoor photography and videography, demanding an exceptionally accurate autonomous flight capability. This precision is essential to ensure the drone can consistently track and capture its designated subject, even as it moves within the confined indoor environment. Moving on from hobby use cases, the technology extends its profound impact to more crucial scenarios, such as search and rescue operations within confined spaces. The ability of drones to localize with high precision enhances their autonomy, allowing them to maneuver seamlessly, even in environments where human intervention proves challenging. Furthermore, the technology holds the potential to revolutionize the metaverse. Within the metaverse, where augmented and virtual realities converge, the importance of high-accuracy localization is amplified. Immersive experiences like Augmented/Virtual/Mixed Reality (AR/VR/MR) gaming rely heavily on precise user positioning to create seamless interactions between digital and physical environments. In entertainment, this innovation sparks innovation in narrative design, enhancing user engagement by aligning virtual elements with real-world surroundings. Beyond entertainment, applications extend to areas like telemedicine, enabling remote medical procedures with virtual guidance that matches physical reality. In light of all these examples, the imperative for an advanced high-accuracy localization system has become increasingly pronounced. The core objective of this dissertation is to address this pressing need by engineering systems endowed with exceptional precision in localization. Among the array of potential techniques suitable for GPS-absent scenarios, we have elected to focus on ranging-based methods. Specifically, our methodologies are built upon the fundamental principles of time of arrival, time difference of arrival, and time of flight measurements. In essence, each of our devised systems harnesses the capabilities of beacons such as ultrasound acoustic sensors, 5G femtocells, or Wi-Fi access points, which function as the pivotal positioning nodes. Through the application of trilateration techniques, based on the calculated distances between these positioning nodes and the integrated sensors on the drone or metaverse user side, we facilitate robust three-dimensional localization. This strategic approach empowers us to realize our ambition of creating localization systems that not only compensate for the absence of GPS signals but also deliver unparalleled accuracy and reliability in complex and dynamic indoor environments. A significant challenge that we confronted during our research pertained to the disparity in z-axis localization performance compared to that of the x-y plane. This nuanced yet pivotal concern often remains overlooked in much of the prevailing state-of-the-art literature, which predominantly emphasizes two-dimensional localization methodologies. Given the demanding context of our work, where drones and metaverse users navigate dynamically across all three dimensions, the imperative for three-dimensional localization became evident. To address this, we embarked on a comprehensive analysis, encompassing mathematical derivations of error bounds for our proposed localization systems. Our investigations unveiled that localization errors trace their origins to two distinct sources: errors induced by ranging-based factors and errors stemming from geometric considerations. The former category is chiefly influenced by factors encompassing the quality of measurement devices, channel quality in which the signal communication between the sensor on the user and the positioning nodes takes place, environmental noise, multipath interference, and more. In contrast, the latter category, involving geometry-induced errors, arises primarily from the spatial configuration of the positioning nodes relative to the user. Throughout our journey, we dedicated efforts to mitigate both sources of error, ensuring the robustness of our system against diverse error origins. Our approach entails a two-fold strategy for each proposed localization system. Firstly, we introduce innovative techniques such as Frequency-Hopping Spread Spectrum (FHSS) and Frequency-Hopping Code Division Multiple Access (FH-CDMA) and incorporate devices such as Reconfigurable Intelligent Surfaces (RIS) and photonic oscillators to fortify the system against errors stemming from ranging-related factors. Secondly, we devised novel evolutionary-based optimization algorithms, adept at addressing the complex NP-Hard challenge of optimal positioning node placement. This strategic placement mitigates the impact of geometry-induced errors on localization accuracy across the entire environmental space. By meticulously addressing both these sources of error, our localization systems stand as a testament to comprehensive robustness and accuracy. Our methodologies not only extend the frontiers of three-dimensional localization but also equip the systems to navigate the intricacies of indoor environments with precision and reliability, effectively fulfilling the evolving demands of drone navigation and metaverse user interaction.
  • Thumbnail Image
    RISCV Whisk: Unleashing the Power of Software Fuzzing on Hardware
    Singh, Nandita (Virginia Tech, 2023-06-30)
    In the hardware industry, the fabrication of a chip with hardware bugs represents a critical concern due to the permanent and irreversible nature of the process. The detection of bugs in intricate designs, such as those found in central processing units (CPUs), is a highly challenging and labor-intensive task, which leaves little margin for error. Modern CPU verification techniques often employ a blend of simulation, formal and emulation verification to guarantee the accuracy of the design. Although these methods are successful in identifying various types of design flaws, they still have some limitations. The biggest limitations is achieving comprehensive coverage of all conceivable scenarios and exceptional cases which may interrupt a core and put it in a halt state. We are presenting a design agnostic methodology involving a three-stage process for verification of a multi-core 32-bits RISC-V processor. This methodology leverages software fuzzing and utilizing state-of-the-art tools to analyze CPU's design after converting it into an equivalent software model. Our approach for hardware fuzzing incorporates the use of a sparse memory matrix as external memory to hold the inputs and state of the core, which are encountered during the fuzzing process. This approach has significantly increased the efficiency of our fuzzing process, enabling us to achieve a 609x improvement in the fuzzing rate compared to prevalent hardware fuzzing techniques. To further optimize our process, we precisely constrained the inputs of the fuzzer to provide only valid test scenarios, which eliminated the crash overhead of the fuzzer. By doing so, we have improved the accuracy of our testing results and reduced the time and resources required to analyze potential vulnerabilities. Our verification techniques are implemented using open-source tools, making our fast and cost-effective process accessible to a wide range of hardware engineers and security professionals. By leveraging the benefits of sparse memory and precise input constraints, our approach to hardware fuzzing offers a powerful and efficient tool for identifying potential hardware vulnerabilities and defects.
  • Thumbnail Image
    Securing Your Airspace: Detection of Drones Trespassing Protected Areas
    Famili, Alireza; Stavrou, Angelos; Wang, Haining; Park, Jung-Min (Jerry); Gerdes, Ryan (MDPI, 2024-03-22)
    Unmanned Aerial Vehicle (UAV) deployment has risen rapidly in recent years. They are now used in a wide range of applications, from critical safety-of-life scenarios like nuclear power plant surveillance to entertainment and hobby applications. While the popularity of drones has grown lately, the associated intentional and unintentional security threats require adequate consideration. Thus, there is an urgent need for real-time accurate detection and classification of drones. This article provides an overview of drone detection approaches, highlighting their benefits and limitations. We analyze detection techniques that employ radars, acoustic and optical sensors, and emitted radio frequency (RF) signals. We compare their performance, accuracy, and cost under different operating conditions. We conclude that multi-sensor detection systems offer more compelling results, but further research is required.