Scholarly Works, Hume Center for National Security and Technology
Permanent URI for this collection
Browse
Browsing Scholarly Works, Hume Center for National Security and Technology by Title
Now showing 1 - 20 of 29
Results Per Page
Sort Options
- Analyzing the Russian Way of War: Evidence from the 2008 Conflict with GeorgiaBeehner, Lionel; Collins, Liam; Ferenzi, Steve; Person, Robert; Brantly, Aaron F. (Modern War Institute, 2018-03-20)In the dog days of August 2008, a column of Russian tanks and troops rolled across the Republic of Georgia’s northern border and into South Ossetia, sparking a war that was over almost before it began. The war, while not insignificant, lasted all of five days. The number of casualties did not exceed one thousand, the threshold most political scientists use to classify a war, although thousands of Georgians were displaced. By historical comparison, when Soviet tanks entered Hungary in 1956 and Afghanistan in 1979–89, the fatalities totaled 2,500 and roughly 14,000 respectively.1 The Russia-Georgia conflict was a limited war with limited objectives, yet it was arguably a watershed in the annals of modern war. It marked the first invasion by Russian ground forces into a sovereign nation since the Cold War. It also marked a breakthrough in the integration of cyberwarfare and other nonkinetic tools into a conventional strategy— what some observers in the West have termed “hybrid warfare.” Finally, and perhaps most importantly, it provided a stark preview of what was to come in Ukraine in 2014. Russian “peacekeepers,” including unmarked Russian special forces—or Spetsnaz—stationed in the region carried out an armed incursion. That is, Russia used separatist violence as a convenient pretext to launch a full-scale multidomain invasion to annex territory, a type of aggression that many analysts in the West thought was a relic of the twentieth century. The 2008 Russia-Georgia War highlights not a new form of conflict but rather the incorporation of a new dimension to that conflict: cyberspace. Where states once tried to control the radio waves, broadcast television channels, newspapers, or other forms of communications, they now add to these sources of information control cyberspace and its component aspects, websites, and social media.2 This allows Russia to influence audiences around the world. Propaganda, disinformation, and the manipulation of the informational aspects of both conflict and nonconflict settings has been a persistent attribute of state behavior.3 The new dimension added to the conduct of hostilities created by cyberspace is both a challenge to conventional hybrid information manipulation tactics and a benefit. Even though the tactical gains achieved through cyberspace in Georgia by Russian non-state actors had limited impact, the strategic and psychological effects were robust. The plausibly deniable nature of the cyber side of conflict should not be understated and adds a new dimension to hybrid warfare that once required state resources to accomplish. Now, managed through forums and social media, decentralized noncombatants can join the fight. Arguably, the inclusion of cyber means into a kinetic battle, not as a standalone effect but rather as a force multiplier, constitutes a logical progression to the natural evolution of conflict and demonstrates the value of information operations (IO) during conflict.
- Application of Cybernetics and Control Theory for a New Paradigm in CybersecurityAdams, Michael D.; Hitefield, Seth D.; Hoy, Bruce; Fowler, Michael C.; Clancy, Thomas Charles III (Virginia Tech, 2013-11-01)A significant limitation of current cyber security research and techniques is its reactive and applied nature. This leads to a continuous ‘cyber cycle’ of attackers scanning networks, developing exploits and attacking systems, with defenders detecting attacks, analyzing exploits and patching systems. This reactive nature leaves sensitive systems highly vulnerable to attack due to un-patched systems and undetected exploits. Some current research attempts to address this major limitation by introducing systems that implement moving target defense. However, these ideas are typically based on the intuition that a moving target defense will make it much harder for attackers to find and scan vulnerable systems, and not on theoretical mathematical foundations. The continuing lack of fundamental science and principles for developing more secure systems has drawn increased interest into establishing a ‘science of cyber security’. This paper introduces the concept of using cybernetics, an interdisciplinary approach of control theory, systems theory, information theory and game theory applied to regulatory systems, as a foundational approach for developing cyber security principles. It explores potential applications of cybernetics to cyber security from a defensive perspective, while suggesting the potential use for offensive applications. Additionally, this paper introduces the fundamental principles for building non-stationary systems, which is a more general solution than moving target defenses. Lastly, the paper discusses related works concerning the limitations of moving target defense and one implementation based on non-stationary principles.
- Attacks and Defenses for Single-Stage Residue Number System PRNGsVennos, Amy; George, Kiernan; Michaels, Alan J. (MDPI, 2021-06-25)This paper explores the security of a single-stage residue number system (RNS) pseudorandom number generator (PRNG), which has previously been shown to provide extremely high-quality outputs when evaluated through available RNG statistical test suites or in using Shannon and single-stage Kolmogorov entropy metrics. In contrast, rather than blindly performing statistical analyses on the outputs of the single-stage RNS PRNG, this paper provides both white box and black box analyses that facilitate reverse engineering of the underlying RNS number generation algorithm to obtain the residues, or equivalently key, of the RNS algorithm. We develop and demonstrate a conditional entropy analysis that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters (but not the key) in problems where the multiplicative RNS characteristic is too large to obtain a priori state transitions. We then discuss multiple defenses and perturbations for the RNS system that fool the original attack algorithm, including deliberate noise injection and code hopping. We present a modification to the algorithm that accounts for deliberate noise, but rapidly increases the search space and complexity. Lastly, we discuss memory requirements and time required for the attacker and defender to maintain these defenses.
- A Coupled OpenFOAM-WRF Study on Atmosphere-Wake-Ocean InteractionGilbert, John; Pitt, Jonathan (MDPI, 2020-12-30)This work aims to better understand how small scale disturbances that are generated at the air-sea interface propagate into the surrounding atmosphere under realistic environmental conditions. To that end, a one-way coupled atmosphere-ocean model is presented, in which predictions of sea surface currents and sea surface temperatures from a microscale ocean model are used as constant boundary conditions in a larger atmospheric model. The coupled model consists of an ocean component implemented while using the open source CFD software OpenFOAM, an atmospheric component solved using the Weather Research and Forecast (WRF) model, and a Python-based utility foamToWRF, which is responsible for mapping field data between the ocean and atmospheric domains. The results are presented for two demonstration cases, which indicate that the proposed coupled model is able to capture the propagation of small scale sea surface disturbances in the atmosphere, although a more thorough study is required in order to properly validate the model.
- Cyberbiosecurity: A New Perspective on Protecting US Food and Agricultural SystemDuncan, Susan E.; Reinhard, Robert; Williams, Robert C.; Ramsey, A. Ford; Thomason, Wade E.; Lee, Kiho; Dudek, Nancy; Mostaghimi, Saied; Colbert, Edward; Murch, Randall Steven (Frontiers, 2019-03-29)Our national data and infrastructure security issues affecting the "bioeconomy" are evolving rapidly. Simultaneously, the conversation about cyber security of the U.S. food and agricultural system (cyber biosecurity) is incomplete and disjointed. The food and agricultural production sectors influence over 20% of the nation's economy ($ 6.7T) and 15% of U.S. employment (43.3M jobs). The food and agricultural sectors are immensely diverse and they require advanced technologies and efficiencies that rely on computer technologies, big data, cloud-based data storage, and internet accessibility. There is a critical need to safeguard the cyber biosecurity of our bio economy, but currently protections are minimal and do not broadly exist across the food and agricultural system. Using the food safetymanagement Hazard Analysis Critical Control Point systemconcept as an introductory point of reference, we identify important features in broad food and agricultural production and food systems: dairy, food animals, row crops, fruits and vegetables, and environmental resources (water). This analysis explores the relevant concepts of cyber biosecurity from food production to the end product user (such as the consumer) and considers the integration of diverse transportation, supplier, and retailer networks. We describe common challenges and unique barriers across these systems and recommend solutions to advance the role of cyber biosecurity in the food and agricultural sectors.
- Cyberphysical Security Through Resiliency: A Systems-Centric ApproachFleming, Cody H.; Elks, Carl R.; Bakirtzis, Georgios; Adams, Stephen C.; Carter, Bryan; Beling, Peter A.; Horowitz, Barry M. (2021-06)Cyberphysical systems require resiliency techniques for defense, and multicriteria resiliency problems need an approach that evaluates systems for current threats and potential design solutions. A systems-oriented view of cyberphysical security, termed Mission Aware, is proposed based on a holistic understanding of mission goals, system dynamics, and risk.
- Decoupling RNN Training and Testing Observation Intervals for Spectrum Sensing ApplicationsMoore, Megan O.; Buehrer, R. Michael; Headley, William Chris (MDPI, 2022-06-22)Recurrent neural networks have been shown to outperform other architectures when processing temporally correlated data, such as from wireless communication signals. However, compared to other architectures, such as convolutional neural networks, recurrent neural networks can suffer from drastically longer training and evaluation times due to their inherent sample-by-sample data processing, while traditional usage of both of these architectures assumes a fixed observation interval during both training and testing, the sample-by-sample processing capabilities of recurrent neural networks opens the door for alternative approaches. Rather than assuming that the testing and observation intervals are equivalent, the observation intervals can be “decoupled” or set independently. This can potentially reduce training times and will allow for trained networks to be adapted to different applications without retraining. This work illustrates the benefits and considerations needed when “decoupling” these observation intervals for spectrum sensing applications, using modulation classification as the example use case. The sample-by-sample processing of RNNs also allows for the relaxation of the typical requirement of a fixed time duration of the signals of interest. Allowing for variable observation intervals is important in real-time applications like cognitive radio where decisions need to be made as quickly and accurately as possible as well as in applications like electronic warfare in which the sequence length of the signal of interest may be unknown. This work examines a real-time post-processing method called “just enough” decision making that allows for variable observation intervals. In particular, this work shows that, intuitively, this method can be leveraged to process less data (i.e., shorter observation intervals) for simpler inputs (less complicated signal types or channel conditions). Less intuitively, this works shows that the “decoupling” is dependent on appropriate training to avoid bias and ensure generalization.
- Designing a Block Cipher in Galois Extension Fields for IoT SecurityGeorge, Kiernan; Michaels, Alan J. (MDPI, 2021-11-05)This paper focuses on a block cipher adaptation of the Galois Extension Fields (GEF) combination technique for PRNGs and targets application in the Internet of Things (IoT) space, an area where the combination technique was concluded as a quality stream cipher. Electronic Codebook (ECB) and Cipher Feedback (CFB) variations of the cryptographic algorithm are discussed. Both modes offer computationally efficient, scalable cryptographic algorithms for use over a simple combination technique like XOR. The cryptographic algorithm relies on the use of quality PRNGs, but adds an additional layer of security while preserving maximal entropy and near-uniform distributions. The use of matrices with entries drawn from a Galois field extends this technique to block size chunks of plaintext, increasing diffusion, while only requiring linear operations that are quick to perform. The process of calculating the inverse differs only in using the modular inverse of the determinant, but this can be expedited by a look-up table. We validate this GEF block cipher with the NIST test suite. Additional statistical tests indicate the condensed plaintext results in a near-uniform distributed ciphertext across the entire field. The block cipher implemented on an MSP430 offers a faster, more power-efficient alternative to the Advanced Encryption Standard (AES) system. This cryptosystem is a secure, scalable option for IoT devices that must be mindful of time and power consumption.
- Development and Analysis of a Spiral Theory-based Cybersecurity CurriculumBack, Godmar V.; Basu, Debarati; Naciri, William; Lohani, Vinod K.; Plassmann, Paul E.; Barnette, Dwight; Ribbens, Calvin J.; Gantt, Kira; McPherson, David (2017-01-09)Enhance cybersecurity learning experiences of students at Virginia Tech’s large engineering program
- Distributed Storage Systems with Secure and Exact Repair - New ResultsTandon, Ravi; Amuru, SaiDhiraj; Clancy, Thomas Charles III; Buehrer, R. Michael (IEEE, 2014-02)Distributed storage systems (DSS) in the presence of a passive eavesdropper are considered in this paper. A typical DSS is characterized by 3 parameters (n, k, d) where, a file is stored in a distributed manner across n nodes such that it can be recovered entirely from any k out of n nodes. Whenever a node fails, d ∈ [k, n) nodes participate in the repair process. In this paper, we study the exact repair capabilities of a DSS, where a failed node is replaced with its exact replica. Securing this DSS from a passive eavesdropper capable of wiretapping the repair process of any l < k nodes, is the main focus of this paper. Specifically, we characterize the optimal secure storagevs- exact-repair-bandwidth tradeoff region for the (4, 2, 3) DSS when l = 1 and the (n, n − 1, n − 1) DSS when l = n − 2.
- Enabling Artificial Intelligence Adoption through AssuranceFreeman, Laura J.; Rahman, Abdul; Batarseh, Feras A. (MDPI, 2021-08-25)The wide scale adoption of Artificial Intelligence (AI) will require that AI engineers and developers can provide assurances to the user base that an algorithm will perform as intended and without failure. Assurance is the safety valve for reliable, dependable, explainable, and fair intelligent systems. AI assurance provides the necessary tools to enable AI adoption into applications, software, hardware, and complex systems. AI assurance involves quantifying capabilities and associating risks across deployments including: data quality to include inherent biases, algorithm performance, statistical errors, and algorithm trustworthiness and security. Data, algorithmic, and context/domain-specific factors may change over time and impact the ability of AI systems in delivering accurate outcomes. In this paper, we discuss the importance and different angles of AI assurance, and present a general framework that addresses its challenges.
- Fallthrough Correlation Techniques for Arbitrary-Phase Spread Spectrum WaveformsFletcher, Michael; Michaels, Alan J.; Ridge, Devin (IEEE, 2019-09-11)The use of practically non-repeating spreading codes to generate sequence-based spread spectrum waveforms is a strong method to improve transmission security, by limiting an observer's opportunity to cross-correlate snapshots of the signal into a coherent gain. Such time-varying codes, particularly when used to define multi-bit resolution arbitrary-phase waveforms, present significant challenges to the intended receiver, who must synchronize acquisition processing to match the time-varying code each time it changes. This paper presents a series of options for optimizing the traditional brute-force matched-filter preamble correlator for burst-mode arbitrary-phase spread spectrum signals, achieving significant computational gains and flexibility, backed by measurable results from hardware prototypes built on an Intel Arria 10 Field Programmable Gate Array (FPGA). The most promising of which requires no embedded multipliers and reduces the total hardware logic by more than 76%. Extensions of the core fallthrough correlator techniques are considered to support low-power asynchronous reception, underlay-based physical layer rewall functions, and Receiver-Assigned Code Division Multiple Access (RA-CDMA) protocols in Internet of Things (IoT)-caliber devices.
- Framework for Evaluating the Severity of Cybervulnerability of a Traffic CabinetErnst, Joseph M.; Michaels, Alan J. (National Academy of Sciences, 2017)The increasing connectivity in transportation infrastructure is driving a need for additional security in transportation systems. For security decisions in a budget-constrained environment, the possible effect of a cyberattack must be numerically characterized. The size of an effect depends on the level of access and the vehicular demand on the intersections being controlled. This paper proposes a framework for better understanding of the levels of access and the effect that can be had in scenarios with varying demand. Simulations are performed on a simplistic corridor to provide numerical examples of the possible effects. The paper concludes that the possibility of some levels of cyberthreat may be acceptable in locations where traffic volumes would not be able to create an unmanageable queue. The more intimate levels of access can cause serious safety concerns by modifying the settings of the traffic controller in ways that encourage red-light running and accidents. The proposed framework can be used by transportation professionals and cybersecurity professionals to prioritize the actions to be taken to secure the infrastructure.
- Further Analysis of PRNG-Based Key Derivation FunctionsMcGinthy, Jason M.; Michaels, Alan J. (IEEE, 2019)The Internet of Things (IoT) is growing at a rapid pace. With everyday applications and services becoming wirelessly networked, security still is a major concern. Many of these sensors and devices have limitations, such as low power consumption, reduced memory storage, and reduced fixed point processing capabilities. Therefore, it is imperative that high-performance security primitives are used to maximize the lifetime of these devices while minimally impacting memory storage and timing requirements. Previous work presented a residue number system (RNS)-based pseudorandom number generator (PRNG)-based key derivation function (KDF) (PKDF) that showed good initial energy-efficient performance for the IoT devices. This paper provides additional analysis on the PRNG-based security and draws a comparison to a current industry-standard KDF. Subsequently, embedded software implementations were performed on an MSP430 and MSP432 and compared with the transport layer security (TLS) 1.3 hash-based message authentication code (HMAC) key derivation function (HKDF); these results demonstrate substantial computational savings for the PKDF approach, while both pass the NIST randomness quality tests. Finally, hardware translation for the PKDF is evaluated through the Mathworks' HDL Coder toolchain and mapping for throughput and die area approximation on an Intel (R) Arria 10 FPGA.
- Hidden vulnerability of US Atlantic coast to sea-level rise due to vertical land motionOhenhen, Leonard O.; Shirzaei, Manoochehr; Ojha, Chandrakanta; Kirwan, Matthew L. (Nature Research, 2023-04-11)The vulnerability of coastal environments to sea-level rise varies spatially, particularly due to local land subsidence. However, high-resolution observations and models of coastal subsidence are scarce, hindering an accurate vulnerability assessment. We use satellite data from 2007 to 2020 to create high-resolution map of subsidence rate at mm-level accuracy for different land covers along the ~3,500 km long US Atlantic coast. Here, we show that subsidence rate exceeding 3mm per year affects most coastal areas, including wetlands, forests, agricultural areas, and developed regions. Coastal marshes represent the dominant land cover type along the US Atlantic coast and are particularly vulnerable to subsidence. We estimate that 58 to 100% of coastal marshes are losing elevation relative to sea level and show that previous studies substantially underestimate marsh vulnerability by not fully accounting for subsidence.
- Intrusion Detection System for Applications using Linux ContainersAbed, Amr S.; Clancy, Thomas Charles III; Levy, David S. (Springer, 2015-12-09)Linux containers are gaining increasing traction in both individual and industrial use, and as these containers get integrated into mission-critical systems, real-time detection of malicious cyber attacks becomes a critical operational requirement. This paper introduces a real-time host-based intrusion detection system that can be used to passively detect malfeasance against applications within Linux containers running in a standalone or in a cloud multi-tenancy environment. The demonstrated intrusion detection system uses bags of system calls monitored from the host kernel for learning the behavior of an application running within a Linux container and determining anomalous container behavior. Performance of the approach using a database application was measured and results are discussed.
- Multi-Physics Modeling of Electrochemical DepositionKauffman, Justin; Gilbert, John; Paterson, Eric G. (MDPI, 2020-12-11)Electrochemical deposition (ECD) is a common method used in the field of microelectronics to grow metallic coatings on an electrode. The deposition process occurs in an electrolyte bath where dissolved ions of the depositing material are suspended in an acid while an electric current is applied to the electrodes. The proposed computational model uses the finite volume method and the finite area method to predict copper growth on the plating surface without the use of a level set method or deforming mesh because the amount of copper layer growth is not expected to impact the fluid motion. The finite area method enables the solver to track the growth of the copper layer and uses the current density as a forcing function for an electric potential field on the plating surface. The current density at the electrolyte-plating surface interface is converged within each PISO (Pressure Implicit with Splitting Operator) loop iteration and incorporates the variance of the electrical resistance that occurs via the growth of the copper layer. This paper demonstrates the application of the finite area method for an ECD problem and additionally incorporates coupling between fluid mechanics, ionic diffusion, and electrochemistry.
- A Multi-Tier Wireless Spectrum Sharing System Leveraging Secure Spectrum AuctionsAbdelhadi, Ahmed; Shajaiah, Haya; Clancy, Thomas Charles III (IEEE, 2015-10-08)Secure spectrum auctions can revolutionize the spectrum utilization of cellular networks and satisfy the ever increasing demand for resources. In this paper, a multi-tier dynamic spectrum sharing system is studied for efficient sharing of spectrum with commercial wireless system providers (WSPs), with an emphasis on federal spectrum sharing. The proposed spectrum sharing system optimizes usage of spectrum resources, manages intra-WSP and inter-WSP interference and provides essential level of security, privacy, and obfuscation to enable the most efficient and reliable usage of the shared spectrum. It features an intermediate spectrum auctioneer responsible for allocating resources to commercial WSPs by running secure spectrum auctions. The proposed secure spectrum auction, MTSSA, leverages Paillier cryptosystem to avoid possible fraud and bidrigging. Numerical simulations are provided to compare the performance of MTSSA, in the considered spectrum sharing system, with other spectrum auction mechanisms for realistic cellular systems.
- An ontological metamodel for cyber-physical system safety, security, and resilience coengineeringBakirtzis, Georgios; Sherburne, Tim; Adams, Stephen C.; Horowitz, Barry M.; Beling, Peter A.; Fleming, Cody H. (2021-06-01)Cyber-physical systems are complex systems that require the integration of diverse software, firmware, and hardware to be practical and useful. This increased complexity is impacting the management of models necessary for designing cyber-physical systems that are able to take into account a number of "-ilities", such that they are safe and secure and ultimately resilient to disruption of service. We propose an ontological metamodel for system design that augments an already existing industry metamodel to capture the relationships between various model elements (requirements, interfaces, physical, and functional) and safety, security, and resilient considerations. Employing this metamodel leads to more cohesive and structured modeling efforts with an overall increase in scalability, usability, and unification of already existing models. In turn, this leads to a mission-oriented perspective in designing security defenses and resilience mechanisms to combat undesirable behaviors. We illustrate this metamodel in an open-source GraphQL implementation, which can interface with a number of modeling languages. We support our proposed metamodel with a detailed demonstration using an oil and gas pipeline model.
- Physical layer orthogonal frequency-division multiplexing acquisition and timing synchronization securityLa Pan, Matthew J.; Clancy, Thomas Charles III; McGwier, Robert W. (Wiley, 2014-08-18)Orthogonal frequency-division multiplexing (OFDM) has become the manifest modulation choice for 4G standards. Timing acquisition and carrier frequency offset synchronization are prerequisite to OFDM demodulation and must be performed often. Most of the OFDM methods for synchronization were not designed with security in mind. In particular, we analyze the performance of a maximum likelihood synchronization estimator against highly correlated jamming attacks. We present a series of attacks against OFDM timing acquisition: preamble whitening, the false preamble attack, preamble warping, and preamble nulling.The performance of OFDM synchronization turns out to be very poor against these attacks, and a number of mitigation strategies and security improvements are discussed.