Destination Area: Integrated Security (IS)

Permanent URI for this collection

IS focuses on advancing and assuring the security of our vital social, political, and financial networks while balancing the crucial needs and expectations of privacy and governmental oversight. This mission cuts across four other destination areas and strategic growth areas, intersecting at key points of national interest where Virginia Tech has demonstrated expertise and capability: Security for the Internet of Everything: The interconnection of the digital world, the physical world, and humans interacting with both worlds. Governance and Ethics for Security: Questions and concerns about the adoption, use, and audit of security and privacy practices as they affect citizens and their government, consumers and business, and humans and their environment. Analytics for National Security and Preparedness: Using the capabilities of big data to improve security, forecasting, awareness, and resilience in response to disasters and for national defense.

Browse

Recent Submissions

Now showing 1 - 20 of 119
  • Understanding the Challenges of Cryptography-Related Cybercrime and Its Investigation
    Choi, Sinyong; Parti, Katalin (Boston University, 2022-08-22)
    Cryptography has been applied to a range of modern technologies which criminals also exploit to gain criminal rewards while hiding their identity. Although understanding of cybercrime involving this technique is necessary in devising effective preventive measures, little has been done to examine this area. Therefore, this paper provides an overview of the two articles, featured in the special issue of the International Journal of Cybersecurity Intelligence and Cybercrime, that will enhance our understanding of cryptography-related crime, ranging from cryptocurrency and darknet market to password-cracking. The articles were presented by the winners of the student paper competition at the 2022 International White Hat Conference.
  • Adversarial Machine Learning for NextG Covert Communications Using Multiple Antennas
    Kim, Brian; Sagduyu, Yalin; Davaslioglu, Kemal; Erpek, Tugba; Ulukus, Sennur (MDPI, 2022-07-29)
    This paper studies the privacy of wireless communications from an eavesdropper that employs a deep learning (DL) classifier to detect transmissions of interest. There exists one transmitter that transmits to its receiver in the presence of an eavesdropper. In the meantime, a cooperative jammer (CJ) with multiple antennas transmits carefully crafted adversarial perturbations over the air to fool the eavesdropper into classifying the received superposition of signals as noise. While generating the adversarial perturbation at the CJ, multiple antennas are utilized to improve the attack performance in terms of fooling the eavesdropper. Two main points are considered while exploiting the multiple antennas at the adversary, namely the power allocation among antennas and the utilization of channel diversity. To limit the impact on the bit error rate (BER) at the receiver, the CJ puts an upper bound on the strength of the perturbation signal. Performance results show that this adversarial perturbation causes the eavesdropper to misclassify the received signals as noise with a high probability while increasing the BER at the legitimate receiver only slightly. Furthermore, the adversarial perturbation is shown to become more effective when multiple antennas are utilized.
  • Integrating Cybersecurity and Agricultural Innovation
    Drape, Tiffany A.; Thompson, Cris; Johnson, Kellie; Brown, Anne M.; Simpson, Joseph; Oakes, Joseph; Duncan, Sue; Westfall-Rudd, Donna M. (Virginia Tech, 2022-08-10)
    This 1-2 credit undergraduate course, as presented, is designed to provide an interdisciplinary, experiential-learning-based background and exposure to working on and completing a team project in cyberbiosecurity in agriculture and the life sciences. These modules and capstone are designed for students to learn about cyberbiosecurity and how their agriculture knowledge can provide employment opportunities related to cyberbiosecurity. This course will provide knowledge and training on cyberbiosecurity, issues with online data and security, how we might protect our biological data, and ethical implications of biological data sharing and ownership. The course will teach critical thinking and problem-solving in a team environment, professional presentations, and writing skills in the context of completing the capstone project.
  • CyberBioSecurity through Leadership-as-Practice Development
    Kaufman, Eric K.; Adeoye, Samson; Batarseh, Feras; Brown, Anne M.; Drape, Tiffany A.; Duncan, Susan; Rutherford, Tracy; Strawn, Laura K.; Xia, Kang (2022-03-28)
    CyberBioSecurity is an emerging field at the interface of life sciences and digital worlds (Murch, 2018). The solution to the global cyberbiosecurity challenge is not merely technical; society needs cyberbiosecurity professionals who engage in leadership with a boundary-crossing approach that involves collective effort. Such an approach emerges from leadership-as-practice development (LaPD), characterized by its efforts to “change patterns and thinking that could transform a culture of mediocrity to one of excellence and resilience'' (Raelin, 2020, p. 2). While LaPD has been used in some professional learning contexts and it aligns with some signature pedagogies of the professions, the opportunity remains for embedding LaPD in graduate education to meet the needs of emerging fields. The objective of this proposed project is to catalyze transformative cyberbiosecurity graduate education in a way that increases cognitive integrative capability among cyberbiosecurity scientists and professionals. As noted by Pratch (2014), “leaders who possess integrative capacity are better able to assess problems and find workable solutions than those who do not” (p. 1). In this project, we intend to embedding LaPD in online graduate and train-the-trainer modules, testing various pedagogies associated with boundary-crossing graduate education. The approach will include use of collaborative leadership learning groups (CLLGs), which are “anchored in practice, bringing together learners who can identify and work together on the challenges they face collectively” (Denyer & Turnbull James, 2016, p. 269). Our specific research questions include: What signature pedagogies best support the emerging discipline of CyberBioSecurity education? To what extent do collaborative leadership learning groups (CLLGs) increase students’ cognitive integrative capability?
  • Going beyond deterrence: A middle-range theory of motives and controls for insider computer abuse
    Burns, A. J.; Roberts, Tom L.; Posey, Clay; Lowry, Paul Benjamin; Fuller, Bryan (Institute for Operations Research and Management Sciences, 2022-04)
    Despite widespread agreement among practitioners and academicians that organizational insiders are a significant threat to organizational information systems security, insider computer abuse (ICA)—unauthorized and deliberate misuse of organizational information resources by organizational insiders—remains a serious issue. Recent studies have shown that most employees are willing to share confidential or regulated information under certain circumstances and nearly a third to half of major security breaches are tied to insiders. These trends indicate that organizational security efforts, which generally focus on deterrence and sanctions, have yet to effectively address ICA. Therefore, leading security researchers and practitioners have called for a more nuanced understanding of insiders in respect to deterrence efforts. We answer these calls by proposing a middle-range theory of ICA that focuses on understanding the inherent tensions between insider motivations and organizational controls. Our careful review distinguishes two categories of personal motives for ICA: (1) instrumental (i.e., financial benefits) (2) and expressive (i.e., psychological contract violations) motives. Our novel theory of ICA also includes the influence of two classes of controls for ICA: (1) intrinsic (i.e., self-control) and (2) extrinsic (i.e., organizational deterrence) controls. We developed and empirically examined a research model based on our middle-range theory that explains a substantial portion of the variance in ICA (R2 = 0.462). Specifically, our results indicate that both instrumental and expressive motives were positively related to ICA. Moreover, intrinsic self-control exerted significant direct and moderating influences in our research model, whereas extrinsic organizational deterrence failed to exhibit a direct effect on ICA and significantly moderated instrumental motives’ relationship with ICA only. Not only do our results show that self-control exerted a stronger effect on the model than deterrence did (f2self-control = 0.195; f2org.det. = 0.048) but they also help us identify the limits of deterrence in ICA research.
  • Measurement of Local Differential Privacy Techniques for IoT-based Streaming Data
    Afrose, Sharmin; Yao, Danfeng (Daphne); Kotevska, Olivera (IEEE, 2021-01-01)
    Various Internet of Things (IoT) devices generate complex, dynamically changed, and infinite data streams. Adversaries can cause harm if they can access the user's sensitive raw streaming data. For this reason, protecting the privacy of the data streams is crucial. In this paper, we explore local differential privacy techniques for streaming data. We compare the techniques and report the advantages and limitations. We also present the effect on component (e.g., smoother, perturber) variations of distribution-based local differential privacy. We find that combining distribution-based noise during perturbation provides more flexibility to the interested entity.
  • Policing the Dark Web: Legal Challenges in the 2015 Playpen Case
    Chertoff, Michael; Jardine, Eric (2021-11-11)
    The dark web allows for anonymous browsing and publishing of content and is inherently cross-border by design. Law enforcement’s best tool to police anonymous dark web sites is a suite of technologies known as “network investigative techniques” (NITs), which essentially hack The Onion Router (Tor) hidden services (i.e., darknet sites) to deanonymize users. Using Operation Pacifier, the Federal Bureau of Investigation’s (FBI’s) 2015 investigation of the Playpen child abuse content darknet site, as a case study, this paper explores the implications of the use of NITs and both the Fourth and Sixth Amendments. We find that initial conflicts between the rules governing search and seizure and the search of machines using the dark web have been reconciled with changes to law and evolving legal precedent. The issues surrounding the due process remain more open.
  • Battling the bear: Ukraine's approach to national cyber and information security
    Brantly, Aaron F. (Routledge, 2022-01)
    Ukraine has faced substantial challenges across multiple fronts in its successful 2014 Revolution of Dignity. Among the greatest challenges Ukraine has faced is the establishment of a national cybersecurity infrastructure capable of withstanding cyberattacks and information operations against military and civilian infrastructures. Ukraine’s experience is counterintuitive to the constant refrain in cyberspace regarding asymmetric advantage. Ukraine has struggled with the help of European and NATO allies to forge multiple organizational structures capable of facilitating national information and cyber defense. This work offers detailed analysis on the construction of national information resilience and cyber capabilities by a medium-sized state under duress and coercion from an adversary state by leveraging interviews with and documents from Ukrainian ministers, general staffs, security service personnel, soldiers, journalists, civilians, and academics conducted over two years. The result is analysis that informs the underlying notions about small to medium state defenses in relation to well-resourced adversaries.
  • The Internet of Things, Fog and Cloud continuum: Integration and challenges
    Bittencourt, Luiz; Immich, Roger; Sakellariou, Rizos; Fonseca, Nelson; Madeira, Edmundo; Curado, Marilia; Villas, Leandro; DaSilva, Luiz A.; Lee, Craig; Rana, Omer (Elsevier, 2018-10-01)
    The Internet of Things needs for computing power and storage are expected to remain on the rise in the next decade. Consequently, the amount of data generated by devices at the edge of the network will also grow. While cloud computing has been an established and effective way of acquiring computation and storage as a service to many applications, it may not be suitable to handle the myriad of data from IoT devices and fulfill largely heterogeneous application requirements. Fog computing has been developed to lie between IoT and the cloud, providing a hierarchy of computing power that can collect, aggregate, and process data from/to IoT devices. Combining fog and cloud may reduce data transfers and communication bottlenecks to the cloud and also contribute to reduced latencies, as fog computing resources exist closer to the edge. This paper examines this IoT-Fog-Cloud ecosystem and provides a literature review from different facets of it: how it can be organized, how management is being addressed, and how applications can benefit from it. Lastly, we present challenging issues yet to be addressed in IoT-Fog-Cloud infrastructures.
  • Designing a Block Cipher in Galois Extension Fields for IoT Security
    George, Kiernan; Michaels, Alan J. (MDPI, 2021-11-05)
    This paper focuses on a block cipher adaptation of the Galois Extension Fields (GEF) combination technique for PRNGs and targets application in the Internet of Things (IoT) space, an area where the combination technique was concluded as a quality stream cipher. Electronic Codebook (ECB) and Cipher Feedback (CFB) variations of the cryptographic algorithm are discussed. Both modes offer computationally efficient, scalable cryptographic algorithms for use over a simple combination technique like XOR. The cryptographic algorithm relies on the use of quality PRNGs, but adds an additional layer of security while preserving maximal entropy and near-uniform distributions. The use of matrices with entries drawn from a Galois field extends this technique to block size chunks of plaintext, increasing diffusion, while only requiring linear operations that are quick to perform. The process of calculating the inverse differs only in using the modular inverse of the determinant, but this can be expedited by a look-up table. We validate this GEF block cipher with the NIST test suite. Additional statistical tests indicate the condensed plaintext results in a near-uniform distributed ciphertext across the entire field. The block cipher implemented on an MSP430 offers a faster, more power-efficient alternative to the Advanced Encryption Standard (AES) system. This cryptosystem is a secure, scalable option for IoT devices that must be mindful of time and power consumption.
  • Assessing the Role of Cyberbiosecurity in Agriculture: A Case Study
    Drape, Tiffany A.; Magerkorth, Noah; Sen, Anuradha; Simpson, Joseph; Seibel, Megan M.; Murch, Randall Steven; Duncan, Susan E. (Frontiers, 2021-08-19)
    Agriculture has adopted the use of smart technology to help meet growing food demands. This increased automation and associated connectivity increases the risk of farms being targeted by cyber-attacks. Increasing frequency of cybersecurity breaches in many industries illustrates the need for securing our food supply chain. The uniqueness of biological data, the complexity of integration across the food and agricultural system, and the importance of this system to the U.S. bioeconomy and public welfare suggests an urgency as well as unique challenges that are not common across all industries. To identify and address the gaps in awareness and knowledge as well as encourage collaborations, Virginia Tech hosted a virtual workshop consisting of professionals from agriculture, cybersecurity, government, and academia. During the workshop, thought leaders and influencers discussed 1) common food and agricultural system challenges, scenarios, outcomes and risks to various sectors of the system; 2) cyberbiosecurity strategies for the system, gaps in workforce and training, and research and policy needs. The meeting sessions were transcribed and analyzed using qualitative methodology. The most common themes that emerged were challenges, solutions, viewpoints, common vocabulary. From the results of the analysis, it is evident that none of the participating groups had available cybersecurity training and resources. Participants were uncertain about future pathways for training, implementation, and outreach related to cyberbiosecurity. Recommendations include creating training and education, continued interdisciplinary collaboration, and recruiting government involvement to speed up better security practices related to cyberbiosecurity.
  • Cyberphysical Security Through Resiliency: A Systems-Centric Approach
    Fleming, Cody H.; Elks, Carl R.; Bakirtzis, Georgios; Adams, Stephen C.; Carter, Bryan; Beling, Peter A.; Horowitz, Barry M. (2021-06)
    Cyberphysical systems require resiliency techniques for defense, and multicriteria resiliency problems need an approach that evaluates systems for current threats and potential design solutions. A systems-oriented view of cyberphysical security, termed Mission Aware, is proposed based on a holistic understanding of mission goals, system dynamics, and risk.
  • Attacks and Defenses for Single-Stage Residue Number System PRNGs
    Vennos, Amy; George, Kiernan; Michaels, Alan J. (MDPI, 2021-06-25)
    This paper explores the security of a single-stage residue number system (RNS) pseudorandom number generator (PRNG), which has previously been shown to provide extremely high-quality outputs when evaluated through available RNG statistical test suites or in using Shannon and single-stage Kolmogorov entropy metrics. In contrast, rather than blindly performing statistical analyses on the outputs of the single-stage RNS PRNG, this paper provides both white box and black box analyses that facilitate reverse engineering of the underlying RNS number generation algorithm to obtain the residues, or equivalently key, of the RNS algorithm. We develop and demonstrate a conditional entropy analysis that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters (but not the key) in problems where the multiplicative RNS characteristic is too large to obtain a priori state transitions. We then discuss multiple defenses and perturbations for the RNS system that fool the original attack algorithm, including deliberate noise injection and code hopping. We present a modification to the algorithm that accounts for deliberate noise, but rapidly increases the search space and complexity. Lastly, we discuss memory requirements and time required for the attacker and defender to maintain these defenses.
  • Optimize the Communication Cost of 5G Internet of Vehicles through Coherent Beamforming Technology
    Wu, Lan; Xu, Juan; Shi, Lei; Shi, Yi; Zhou, Wenwen (Hindawi, 2021-05-17)
    Edge computing, which sinks a large number of complex calculations into edge servers, can effectively meet the requirement of low latency and bandwidth efficiency and can be conducive to the development of the Internet of Vehicles (IoV). However, a large number of edge servers mean a big cost, especially for the 5G scenario in IoV, because of the small coverage of 5G base stations. Fortunately, coherent beamforming (CB) technology enables fast and long-distance transmission, which gives us a possibility to reduce the number of 5G base stations without losing the whole network performance. In this paper, we try to adopt the CB technology on the IoV 5G scenario. We suppose we can arrange roadside nodes for helping transferring tasks of vehicles to the base station based on the CB technology. We first give the mathematical model and prove that it is a NP-hard model that cannot be solved directly. Therefore, we design a heuristic algorithm for an Iterative Coherent Beamforming Node Design (ICBND) algorithm to obtain the approximate optimal solution. Simulation results show that this algorithm can greatly reduce the cost of communication network infrastructure.
  • Risk and uncertainty can be analyzed in cyberspace
    Brantly, Aaron F. (Oxford University Press, 2021-02-23)
    Perceptions of risk and uncertainty are pervasive in all international interactions. How states perceive risk and uncertainty and how they respond to these conditions impacts their policies and diplomatic behaviors. Despite a robust literature encompassing of risk and uncertainty within conventional state to state interactions including conflict, state interactions in cyberspace have received less attention. How states perceive and interpret risk and uncertainty in cyberspace varies widely by state. Very often, these perceptions are mutually incompatible and lead to a sub-optimal status quo that fosters increased risk and uncertainty. While the prospects of uncontrolled escalation or worries about a “Cyber Pearl Harbor” might be hyperbole, the reality remains that for decision-makers within states assessing the conditions of and the actions undertaken in cyberspace at present foster instability and encourages risk-seeking behaviors. This work analyzes the formulation of state perceptions of risk and uncertainty and seeks to establish a heuristic within which risk and uncertainty can be analyzed.
  • Improving vulnerability remediation through better exploit prediction
    Jacobs, Jay; Romanosky, Sasha; Adjerid, Idris; Baker, Wade (2020-09-14)
    Despite significant innovations in IT security products and research over the past 20 years, the information security field is still immature and struggling. Practitioners lack the ability to properly assess cyber risk, and decision-makers continue to be paralyzed by vulnerability scanners that overload their staff with mountains of scan results. In order to cope, firms prioritize vulnerability remediation using crude heuristics and limited data, though they are still too often breached by known vulnerabilities for which patches have existed for months or years. And so, the key challenge firms face is trying to identify a remediation strategy that best balances two competing forces. On one hand, it could attempt to patch all vulnerabilities on its network. While this would provide the greatest 'coverage' of vulnerabilities patched, it would inefficiently consume resources by fixing low-risk vulnerabilities. On the other hand, patching a few high-risk vulnerabilities would be highly 'efficient', but may leave the firm exposed to many other high-risk vulnerabilities. Using a large collection of multiple datasets together with machine learning techniques, we construct a series of vulnerability remediation strategies and compare how each perform in regard to trading off coverage and efficiency. We expand and improve upon the small body of literature that uses predictions of 'published exploits', by instead using 'exploits in the wild' as our outcome variable. We implement the machine learning models by classifying vulnerabilities according to high- and low-risk, where we consider high-risk vulnerabilities to be those that have been exploited in actual firm networks.
  • The potential harms of the Tor anonymity network cluster disproportionately in free countries
    Jardine, Eric; Lindner, Andrew M.; Owenson, Gareth (National Academy of Sciences, 2020-11-30)
    The Tor anonymity network allows users to protect their privacy and circumvent censorship restrictions but also shields those distributing child abuse content, selling or buying illicit drugs, or sharing malware online. Using data collected from Tor entry nodes, we provide an estimation of the proportion of Tor network users that likely employ the network in putatively good or bad ways. Overall, on an average country/day, ∼6.7% of Tor network users connect to Onion/Hidden Services that are disproportionately used for illicit purposes. We also show that the likely balance of beneficial and malicious use of Tor is unevenly spread globally and systematically varies based upon a country’s political conditions. In particular, using Freedom House’s coding and terminological classifications, the proportion of often illicit Onion/Hidden Services use is more prevalent (∼7.8%) in “free” countries than in either “partially free” (∼6.7%) or “not free” regimes (∼4.8%).
  • On market concentration and cybersecurity risk
    Geer, Dan; Jardine, Eric; Leverett, Eireann (Taylor & Francis, 2020-02-24)
    Market concentration affects each component of the cybersecurity risk equation (i.e. threat, vulnerability and impact). As the Internet ecosystem becomes more concentrated across a number of vectors from users and incoming links to economic market share, the locus of cyber risk moves towards these major hubs and the volume of systemic cyber risk increases. Mitigating cyber risk requires better measurement, diversity of systems, software and firms, attention to market concentration in cyber insurance pricing, and the deliberate choice to avoid ubiquitous interconnection in critical systems.
  • Further Analysis of PRNG-Based Key Derivation Functions
    McGinthy, Jason M.; Michaels, Alan J. (IEEE, 2019)
    The Internet of Things (IoT) is growing at a rapid pace. With everyday applications and services becoming wirelessly networked, security still is a major concern. Many of these sensors and devices have limitations, such as low power consumption, reduced memory storage, and reduced fixed point processing capabilities. Therefore, it is imperative that high-performance security primitives are used to maximize the lifetime of these devices while minimally impacting memory storage and timing requirements. Previous work presented a residue number system (RNS)-based pseudorandom number generator (PRNG)-based key derivation function (KDF) (PKDF) that showed good initial energy-efficient performance for the IoT devices. This paper provides additional analysis on the PRNG-based security and draws a comparison to a current industry-standard KDF. Subsequently, embedded software implementations were performed on an MSP430 and MSP432 and compared with the transport layer security (TLS) 1.3 hash-based message authentication code (HMAC) key derivation function (HKDF); these results demonstrate substantial computational savings for the PKDF approach, while both pass the NIST randomness quality tests. Finally, hardware translation for the PKDF is evaluated through the Mathworks' HDL Coder toolchain and mapping for throughput and die area approximation on an Intel (R) Arria 10 FPGA.
  • On Data Center Demand Response: A Cloud Federation Approach
    Moghaddam, Monireh Mohebbi; Manshaei, Mohammad Hossein; Saad, Walid; Goudarzi, Maziar (IEEE, 2019)
    The significantly high energy consumption of data centers constitutes a major load on the smart power grid. Data center demand response is a promising solution to incentivize the cloud providers to adapt their consumption to the power grid conditions. These policies not only mitigate the operational stability issues of the smart grid but also potentially decrease the electricity bills of cloud providers. Cloud providers can improve their contribution and reduce their energy cost by collaboratively managing their workload. Through cooperation in the form of cloud federations, providers can spatially migrate their workload to better utilize the benefits provided by demand response schemes over multiple locations. To this end, this work considers an interaction system between the independent cloud providers and the corresponding smart grid utilities in the context of a demand response program. Leveraging the cooperative game theory, this paper presents a federation formation among the cloud providers in the presence of a location-dependent demand response program. A distributed algorithm that is coupled with an optimal workload allocation problem is applied. The effect of the federation's formation on the clouds' profits and on the smart grid performance is analyzed through simulation. Simulation results show that cooperation increases the clouds' profits as well as the smart grid performance compared to the noncooperative case.