Hume Center for National Security and Technology

Permanent URI for this community

https://hdl.handle.net/10919/111405

Browse

Browsing Hume Center for National Security and Technology by Title

Now showing 1 - 20 of 31
  • Thumbnail Image
    10th Annual Hume Center & IC CAE Colloquium
    (Virginia Tech, 2023-04-12)
    The 10th annual Hume Center colloquium, sponsored through our Intelligence Community Center for Academic Excellence (IC CAE) grant, will be full of exciting student and faculty presentations related to ongoing research and experiential learning programs from across multiple departments and colleges at Virginia Tech. The theme of this year's colloquium will be "Critical and Emerging Technologies", and will showcase our students' continued endeavors to become the next generation of national security leaders.
  • Thumbnail Image
    2019 SAIC National Security Education Program Colloquium
    (Virginia Tech. Hume Center., 2019-04-16)
    The annual National Security Education Program Colloquium is the highlight of our educational programs. It allows students from across the university to interact with leaders from the intelligence and national security community and includes a student research poster session, panels featuring government and industry speakers, networking sessions, and a keynote address. The theme for 2019 is The Weaponization of Information and Artificial Intelligence.
  • Thumbnail Image
    Analyzing the Russian Way of War: Evidence from the 2008 Conflict with Georgia
    Beehner, Lionel; Collins, Liam; Ferenzi, Steve; Person, Robert; Brantly, Aaron F. (Modern War Institute, 2018-03-20)
    In the dog days of August 2008, a column of Russian tanks and troops rolled across the Republic of Georgia’s northern border and into South Ossetia, sparking a war that was over almost before it began. The war, while not insignificant, lasted all of five days. The number of casualties did not exceed one thousand, the threshold most political scientists use to classify a war, although thousands of Georgians were displaced. By historical comparison, when Soviet tanks entered Hungary in 1956 and Afghanistan in 1979–89, the fatalities totaled 2,500 and roughly 14,000 respectively.1 The Russia-Georgia conflict was a limited war with limited objectives, yet it was arguably a watershed in the annals of modern war. It marked the first invasion by Russian ground forces into a sovereign nation since the Cold War. It also marked a breakthrough in the integration of cyberwarfare and other nonkinetic tools into a conventional strategy— what some observers in the West have termed “hybrid warfare.” Finally, and perhaps most importantly, it provided a stark preview of what was to come in Ukraine in 2014. Russian “peacekeepers,” including unmarked Russian special forces—or Spetsnaz—stationed in the region carried out an armed incursion. That is, Russia used separatist violence as a convenient pretext to launch a full-scale multidomain invasion to annex territory, a type of aggression that many analysts in the West thought was a relic of the twentieth century. The 2008 Russia-Georgia War highlights not a new form of conflict but rather the incorporation of a new dimension to that conflict: cyberspace. Where states once tried to control the radio waves, broadcast television channels, newspapers, or other forms of communications, they now add to these sources of information control cyberspace and its component aspects, websites, and social media.2 This allows Russia to influence audiences around the world. Propaganda, disinformation, and the manipulation of the informational aspects of both conflict and nonconflict settings has been a persistent attribute of state behavior.3 The new dimension added to the conduct of hostilities created by cyberspace is both a challenge to conventional hybrid information manipulation tactics and a benefit. Even though the tactical gains achieved through cyberspace in Georgia by Russian non-state actors had limited impact, the strategic and psychological effects were robust. The plausibly deniable nature of the cyber side of conflict should not be understated and adds a new dimension to hybrid warfare that once required state resources to accomplish. Now, managed through forums and social media, decentralized noncombatants can join the fight. Arguably, the inclusion of cyber means into a kinetic battle, not as a standalone effect but rather as a force multiplier, constitutes a logical progression to the natural evolution of conflict and demonstrates the value of information operations (IO) during conflict.
  • Thumbnail Image
    Application of Cybernetics and Control Theory for a New Paradigm in Cybersecurity
    Adams, Michael D.; Hitefield, Seth D.; Hoy, Bruce; Fowler, Michael C.; Clancy, Thomas Charles III (Virginia Tech, 2013-11-01)
    A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous ‘cyber cycle’ of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a ‘science of cyber security’. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.
  • Thumbnail Image
    Attacks and Defenses for Single-Stage Residue Number System PRNGs
    Vennos, Amy; George, Kiernan; Michaels, Alan J. (MDPI, 2021-06-25)
    This paper explores the security of a single-stage residue number system (RNS) pseudorandom number generator (PRNG), which has previously been shown to provide extremely high-quality outputs when evaluated through available RNG statistical test suites or in using Shannon and single-stage Kolmogorov entropy metrics. In contrast, rather than blindly performing statistical analyses on the outputs of the single-stage RNS PRNG, this paper provides both white box and black box analyses that facilitate reverse engineering of the underlying RNS number generation algorithm to obtain the residues, or equivalently key, of the RNS algorithm. We develop and demonstrate a conditional entropy analysis that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters (but not the key) in problems where the multiplicative RNS characteristic is too large to obtain a priori state transitions. We then discuss multiple defenses and perturbations for the RNS system that fool the original attack algorithm, including deliberate noise injection and code hopping. We present a modification to the algorithm that accounts for deliberate noise, but rapidly increases the search space and complexity. Lastly, we discuss memory requirements and time required for the attacker and defender to maintain these defenses.
  • Thumbnail Image
    A Coupled OpenFOAM-WRF Study on Atmosphere-Wake-Ocean Interaction
    Gilbert, John; Pitt, Jonathan (MDPI, 2020-12-30)
    This work aims to better understand how small scale disturbances that are generated at the air-sea interface propagate into the surrounding atmosphere under realistic environmental conditions. To that end, a one-way coupled atmosphere-ocean model is presented, in which predictions of sea surface currents and sea surface temperatures from a microscale ocean model are used as constant boundary conditions in a larger atmospheric model. The coupled model consists of an ocean component implemented while using the open source CFD software OpenFOAM, an atmospheric component solved using the Weather Research and Forecast (WRF) model, and a Python-based utility foamToWRF, which is responsible for mapping field data between the ocean and atmospheric domains. The results are presented for two demonstration cases, which indicate that the proposed coupled model is able to capture the propagation of small scale sea surface disturbances in the atmosphere, although a more thorough study is required in order to properly validate the model.
  • Thumbnail Image
    Cyberbiosecurity: A New Perspective on Protecting US Food and Agricultural System
    Duncan, Susan E.; Reinhard, Robert; Williams, Robert C.; Ramsey, A. Ford; Thomason, Wade E.; Lee, Kiho; Dudek, Nancy; Mostaghimi, Saied; Colbert, Edward; Murch, Randall Steven (Frontiers, 2019-03-29)
    Our national data and infrastructure security issues affecting the "bioeconomy" are evolving rapidly. Simultaneously, the conversation about cyber security of the U.S. food and agricultural system (cyber biosecurity) is incomplete and disjointed. The food and agricultural production sectors influence over 20% of the nation's economy ($ 6.7T) and 15% of U.S. employment (43.3M jobs). The food and agricultural sectors are immensely diverse and they require advanced technologies and efficiencies that rely on computer technologies, big data, cloud-based data storage, and internet accessibility. There is a critical need to safeguard the cyber biosecurity of our bio economy, but currently protections are minimal and do not broadly exist across the food and agricultural system. Using the food safetymanagement Hazard Analysis Critical Control Point systemconcept as an introductory point of reference, we identify important features in broad food and agricultural production and food systems: dairy, food animals, row crops, fruits and vegetables, and environmental resources (water). This analysis explores the relevant concepts of cyber biosecurity from food production to the end product user (such as the consumer) and considers the integration of diverse transportation, supplier, and retailer networks. We describe common challenges and unique barriers across these systems and recommend solutions to advance the role of cyber biosecurity in the food and agricultural sectors.
  • Thumbnail Image
    Cyberphysical Security Through Resiliency: A Systems-Centric Approach
    Fleming, Cody H.; Elks, Carl R.; Bakirtzis, Georgios; Adams, Stephen C.; Carter, Bryan; Beling, Peter A.; Horowitz, Barry M. (2021-06)
    Cyberphysical systems require resiliency techniques for defense, and multicriteria resiliency problems need an approach that evaluates systems for current threats and potential design solutions. A systems-oriented view of cyberphysical security, termed Mission Aware, is proposed based on a holistic understanding of mission goals, system dynamics, and risk.
  • Thumbnail Image
    Decoupling RNN Training and Testing Observation Intervals for Spectrum Sensing Applications
    Moore, Megan O.; Buehrer, R. Michael; Headley, William Chris (MDPI, 2022-06-22)
    Recurrent neural networks have been shown to outperform other architectures when processing temporally correlated data, such as from wireless communication signals. However, compared to other architectures, such as convolutional neural networks, recurrent neural networks can suffer from drastically longer training and evaluation times due to their inherent sample-by-sample data processing, while traditional usage of both of these architectures assumes a fixed observation interval during both training and testing, the sample-by-sample processing capabilities of recurrent neural networks opens the door for alternative approaches. Rather than assuming that the testing and observation intervals are equivalent, the observation intervals can be “decoupled” or set independently. This can potentially reduce training times and will allow for trained networks to be adapted to different applications without retraining. This work illustrates the benefits and considerations needed when “decoupling” these observation intervals for spectrum sensing applications, using modulation classification as the example use case. The sample-by-sample processing of RNNs also allows for the relaxation of the typical requirement of a fixed time duration of the signals of interest. Allowing for variable observation intervals is important in real-time applications like cognitive radio where decisions need to be made as quickly and accurately as possible as well as in applications like electronic warfare in which the sequence length of the signal of interest may be unknown. This work examines a real-time post-processing method called “just enough” decision making that allows for variable observation intervals. In particular, this work shows that, intuitively, this method can be leveraged to process less data (i.e., shorter observation intervals) for simpler inputs (less complicated signal types or channel conditions). Less intuitively, this works shows that the “decoupling” is dependent on appropriate training to avoid bias and ensure generalization.
  • Thumbnail Image
    Designing a Block Cipher in Galois Extension Fields for IoT Security
    George, Kiernan; Michaels, Alan J. (MDPI, 2021-11-05)
    This paper focuses on a block cipher adaptation of the Galois Extension Fields (GEF) combination technique for PRNGs and targets application in the Internet of Things (IoT) space, an area where the combination technique was concluded as a quality stream cipher. Electronic Codebook (ECB) and Cipher Feedback (CFB) variations of the cryptographic algorithm are discussed. Both modes offer computationally efficient, scalable cryptographic algorithms for use over a simple combination technique like XOR. The cryptographic algorithm relies on the use of quality PRNGs, but adds an additional layer of security while preserving maximal entropy and near-uniform distributions. The use of matrices with entries drawn from a Galois field extends this technique to block size chunks of plaintext, increasing diffusion, while only requiring linear operations that are quick to perform. The process of calculating the inverse differs only in using the modular inverse of the determinant, but this can be expedited by a look-up table. We validate this GEF block cipher with the NIST test suite. Additional statistical tests indicate the condensed plaintext results in a near-uniform distributed ciphertext across the entire field. The block cipher implemented on an MSP430 offers a faster, more power-efficient alternative to the Advanced Encryption Standard (AES) system. This cryptosystem is a secure, scalable option for IoT devices that must be mindful of time and power consumption.
  • Thumbnail Image
    Development and Analysis of a Spiral Theory-based Cybersecurity Curriculum
    Back, Godmar V.; Basu, Debarati; Naciri, William; Lohani, Vinod K.; Plassmann, Paul E.; Barnette, Dwight; Ribbens, Calvin J.; Gantt, Kira; McPherson, David (2017-01-09)
    Enhance cybersecurity learning experiences of students at Virginia Tech’s large engineering program
  • Thumbnail Image
    Distributed Storage Systems with Secure and Exact Repair - New Results
    Tandon, Ravi; Amuru, SaiDhiraj; Clancy, Thomas Charles III; Buehrer, R. Michael (IEEE, 2014-02)
    Distributed storage systems (DSS) in the presence of a passive eavesdropper are considered in this paper. A typical DSS is characterized by 3 parameters (n, k, d) where, a file is stored in a distributed manner across n nodes such that it can be recovered entirely from any k out of n nodes. Whenever a node fails, d ∈ [k, n) nodes participate in the repair process. In this paper, we study the exact repair capabilities of a DSS, where a failed node is replaced with its exact replica. Securing this DSS from a passive eavesdropper capable of wiretapping the repair process of any l < k nodes, is the main focus of this paper. Specifically, we characterize the optimal secure storagevs- exact-repair-bandwidth tradeoff region for the (4, 2, 3) DSS when l = 1 and the (n, n − 1, n − 1) DSS when l = n − 2.
  • Thumbnail Image
    Enabling Artificial Intelligence Adoption through Assurance
    Freeman, Laura J.; Rahman, Abdul; Batarseh, Feras A. (MDPI, 2021-08-25)
    The wide scale adoption of Artificial Intelligence (AI) will require that AI engineers and developers can provide assurances to the user base that an algorithm will perform as intended and without failure. Assurance is the safety valve for reliable, dependable, explainable, and fair intelligent systems. AI assurance provides the necessary tools to enable AI adoption into applications, software, hardware, and complex systems. AI assurance involves quantifying capabilities and associating risks across deployments including: data quality to include inherent biases, algorithm performance, statistical errors, and algorithm trustworthiness and security. Data, algorithmic, and context/domain-specific factors may change over time and impact the ability of AI systems in delivering accurate outcomes. In this paper, we discuss the importance and different angles of AI assurance, and present a general framework that addresses its challenges.
  • Thumbnail Image
    Fallthrough Correlation Techniques for Arbitrary-Phase Spread Spectrum Waveforms
    Fletcher, Michael; Michaels, Alan J.; Ridge, Devin (IEEE, 2019-09-11)
    The use of practically non-repeating spreading codes to generate sequence-based spread spectrum waveforms is a strong method to improve transmission security, by limiting an observer's opportunity to cross-correlate snapshots of the signal into a coherent gain. Such time-varying codes, particularly when used to define multi-bit resolution arbitrary-phase waveforms, present significant challenges to the intended receiver, who must synchronize acquisition processing to match the time-varying code each time it changes. This paper presents a series of options for optimizing the traditional brute-force matched-filter preamble correlator for burst-mode arbitrary-phase spread spectrum signals, achieving significant computational gains and flexibility, backed by measurable results from hardware prototypes built on an Intel Arria 10 Field Programmable Gate Array (FPGA). The most promising of which requires no embedded multipliers and reduces the total hardware logic by more than 76%. Extensions of the core fallthrough correlator techniques are considered to support low-power asynchronous reception, underlay-based physical layer rewall functions, and Receiver-Assigned Code Division Multiple Access (RA-CDMA) protocols in Internet of Things (IoT)-caliber devices.
  • Thumbnail Image
    Framework for Evaluating the Severity of Cybervulnerability of a Traffic Cabinet
    Ernst, Joseph M.; Michaels, Alan J. (National Academy of Sciences, 2017)
    The increasing connectivity in transportation infrastructure is driving a need for additional security in transportation systems. For security decisions in a budget-constrained environment, the possible effect of a cyberattack must be numerically characterized. The size of an effect depends on the level of access and the vehicular demand on the intersections being controlled. This paper proposes a framework for better understanding of the levels of access and the effect that can be had in scenarios with varying demand. Simulations are performed on a simplistic corridor to provide numerical examples of the possible effects. The paper concludes that the possibility of some levels of cyberthreat may be acceptable in locations where traffic volumes would not be able to create an unmanageable queue. The more intimate levels of access can cause serious safety concerns by modifying the settings of the traffic controller in ways that encourage red-light running and accidents. The proposed framework can be used by transportation professionals and cybersecurity professionals to prioritize the actions to be taken to secure the infrastructure.
  • Thumbnail Image
    Further Analysis of PRNG-Based Key Derivation Functions
    McGinthy, Jason M.; Michaels, Alan J. (IEEE, 2019)
    The Internet of Things (IoT) is growing at a rapid pace. With everyday applications and services becoming wirelessly networked, security still is a major concern. Many of these sensors and devices have limitations, such as low power consumption, reduced memory storage, and reduced fixed point processing capabilities. Therefore, it is imperative that high-performance security primitives are used to maximize the lifetime of these devices while minimally impacting memory storage and timing requirements. Previous work presented a residue number system (RNS)-based pseudorandom number generator (PRNG)-based key derivation function (KDF) (PKDF) that showed good initial energy-efficient performance for the IoT devices. This paper provides additional analysis on the PRNG-based security and draws a comparison to a current industry-standard KDF. Subsequently, embedded software implementations were performed on an MSP430 and MSP432 and compared with the transport layer security (TLS) 1.3 hash-based message authentication code (HMAC) key derivation function (HKDF); these results demonstrate substantial computational savings for the PKDF approach, while both pass the NIST randomness quality tests. Finally, hardware translation for the PKDF is evaluated through the Mathworks' HDL Coder toolchain and mapping for throughput and die area approximation on an Intel (R) Arria 10 FPGA.
  • Thumbnail Image
    Hidden vulnerability of US Atlantic coast to sea-level rise due to vertical land motion
    Ohenhen, Leonard O.; Shirzaei, Manoochehr; Ojha, Chandrakanta; Kirwan, Matthew L. (Nature Research, 2023-04-11)
    The vulnerability of coastal environments to sea-level rise varies spatially, particularly due to local land subsidence. However, high-resolution observations and models of coastal subsidence are scarce, hindering an accurate vulnerability assessment. We use satellite data from 2007 to 2020 to create high-resolution map of subsidence rate at mm-level accuracy for different land covers along the ~3,500 km long US Atlantic coast. Here, we show that subsidence rate exceeding 3mm per year affects most coastal areas, including wetlands, forests, agricultural areas, and developed regions. Coastal marshes represent the dominant land cover type along the US Atlantic coast and are particularly vulnerable to subsidence. We estimate that 58 to 100% of coastal marshes are losing elevation relative to sea level and show that previous studies substantially underestimate marsh vulnerability by not fully accounting for subsidence.
  • Thumbnail Image
    Intrusion Detection System for Applications using Linux Containers
    Abed, Amr S.; Clancy, Thomas Charles III; Levy, David S. (Springer, 2015-12-09)
    Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.
  • Thumbnail Image
    Multi-Physics Modeling of Electrochemical Deposition
    Kauffman, Justin; Gilbert, John; Paterson, Eric G. (MDPI, 2020-12-11)
    Electrochemical deposition (ECD) is a common method used in the field of microelectronics to grow metallic coatings on an electrode. The deposition process occurs in an electrolyte bath where dissolved ions of the depositing material are suspended in an acid while an electric current is applied to the electrodes. The proposed computational model uses the finite volume method and the finite area method to predict copper growth on the plating surface without the use of a level set method or deforming mesh because the amount of copper layer growth is not expected to impact the fluid motion. The finite area method enables the solver to track the growth of the copper layer and uses the current density as a forcing function for an electric potential field on the plating surface. The current density at the electrolyte-plating surface interface is converged within each PISO (Pressure Implicit with Splitting Operator) loop iteration and incorporates the variance of the electrical resistance that occurs via the growth of the copper layer. This paper demonstrates the application of the finite area method for an ECD problem and additionally incorporates coupling between fluid mechanics, ionic diffusion, and electrochemistry.
  • Thumbnail Image
    A Multi-Tier Wireless Spectrum Sharing System Leveraging Secure Spectrum Auctions
    Abdelhadi, Ahmed; Shajaiah, Haya; Clancy, Thomas Charles III (IEEE, 2015-10-08)
    Secure spectrum auctions can revolutionize the spectrum utilization of cellular networks and satisfy the ever increasing demand for resources. In this paper, a multi-tier dynamic spectrum sharing system is studied for efficient sharing of spectrum with commercial wireless system providers (WSPs), with an emphasis on federal spectrum sharing. The proposed spectrum sharing system optimizes usage of spectrum resources, manages intra-WSP and inter-WSP interference and provides essential level of security, privacy, and obfuscation to enable the most efficient and reliable usage of the shared spectrum. It features an intermediate spectrum auctioneer responsible for allocating resources to commercial WSPs by running secure spectrum auctions. The proposed secure spectrum auction, MTSSA, leverages Paillier cryptosystem to avoid possible fraud and bidrigging. Numerical simulations are provided to compare the performance of MTSSA, in the considered spectrum sharing system, with other spectrum auction mechanisms for realistic cellular systems.