2023
Bautista, Oscar G; Manshaei, Mohammad Hossein; Hernandez, Richard; Akkaya, Kemal; Homsi, Soamar; Uluagac, Selcuk
MPC-ABC: Blockchain-Based Network Communication for Efficiently Secure Multiparty Computation Journal Article
In: Journal of Network and Systems Management, vol. 31, iss. 4, no. 4, pp. 1–32, 2023.
Abstract | Links | BibTeX | Tags: Web Security
@article{nokey,
title = {MPC-ABC: Blockchain-Based Network Communication for Efficiently Secure Multiparty Computation},
author = {Oscar G Bautista and Mohammad Hossein Manshaei and Richard Hernandez and Kemal Akkaya and Soamar Homsi and Selcuk Uluagac},
url = {https://link.springer.com/article/10.1007/s10922-023-09739-y},
year = {2023},
date = {2023-01-01},
journal = {Journal of Network and Systems Management},
volume = {31},
number = {4},
issue = {4},
pages = {1–32},
publisher = {Springer US},
school = {Florida International University},
abstract = {Secure Multiparty Computation (MPC) offers privacy-preserving computation that could be critical in many health and finance applications. Specifically, two or more parties jointly compute a function on private inputs by following a protocol executed in rounds. The MPC network typically consists of direct peer-to-peer (P2P) connections among parties. However, this significantly increases the computation time as parties need to wait for messages from each other, thus making network communication a bottleneck. Most recent works tried to address the communication efficiency by focusing on optimizing the MPC protocol rather than the underlying network topologies and protocols. In this paper, we propose the MPC over Algorand Blockchain (MPC-ABC) protocol that packs messages into Algorand transactions and utilizes its fast gossip protocol to transmit them efficiently among MPC parties. Our approach, therefore},
keywords = {Web Security},
pubstate = {published},
tppubtype = {article}
}
Secure Multiparty Computation (MPC) offers privacy-preserving computation that could be critical in many health and finance applications. Specifically, two or more parties jointly compute a function on private inputs by following a protocol executed in rounds. The MPC network typically consists of direct peer-to-peer (P2P) connections among parties. However, this significantly increases the computation time as parties need to wait for messages from each other, thus making network communication a bottleneck. Most recent works tried to address the communication efficiency by focusing on optimizing the MPC protocol rather than the underlying network topologies and protocols. In this paper, we propose the MPC over Algorand Blockchain (MPC-ABC) protocol that packs messages into Algorand transactions and utilizes its fast gossip protocol to transmit them efficiently among MPC parties. Our approach, therefore
Haque, Nur Imtiazul; Ngouen, Maurice; Rahman, Mohammad Ashiqur; Uluagac, Selcuk; Njilla, Laurent
SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems Journal Article
In: arXiv preprint arXiv:2305.09669, 2023.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems},
author = {Nur Imtiazul Haque and Maurice Ngouen and Mohammad Ashiqur Rahman and Selcuk Uluagac and Laurent Njilla},
url = {https://arxiv.org/abs/2305.09669},
year = {2023},
date = {2023-01-01},
journal = {arXiv preprint arXiv:2305.09669},
school = {Florida International University},
abstract = {Modern smart home control systems utilize real-time occupancy and activity monitoring to ensure control efficiency, occupants' comfort, and optimal energy consumption. Moreover, adopting machine learning-based anomaly detection models (ADMs) enhances security and reliability. However, sufficient system knowledge allows adversaries/attackers to alter sensor measurements through stealthy false data injection (FDI) attacks. Although ADMs limit attack scopes, the availability of information like occupants' location, conducted activities, and alteration capability of smart appliances increase the attack surface. Therefore, performing an attack space analysis of modern home control systems is crucial to design robust defense solutions. However, state-of-the-art analyzers do not consider contemporary control and defense solutions and generate trivial attack vectors. To address this, we propose a control and defense-aware novel attack analysis framework for a modern smart home control system, efficiently extracting ADM rules. We verify and validate our framework using a state-of-the-art dataset and a prototype testbed.},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Modern smart home control systems utilize real-time occupancy and activity monitoring to ensure control efficiency, occupants' comfort, and optimal energy consumption. Moreover, adopting machine learning-based anomaly detection models (ADMs) enhances security and reliability. However, sufficient system knowledge allows adversaries/attackers to alter sensor measurements through stealthy false data injection (FDI) attacks. Although ADMs limit attack scopes, the availability of information like occupants' location, conducted activities, and alteration capability of smart appliances increase the attack surface. Therefore, performing an attack space analysis of modern home control systems is crucial to design robust defense solutions. However, state-of-the-art analyzers do not consider contemporary control and defense solutions and generate trivial attack vectors. To address this, we propose a control and defense-aware novel attack analysis framework for a modern smart home control system, efficiently extracting ADM rules. We verify and validate our framework using a state-of-the-art dataset and a prototype testbed.
Haque, Nur Imtiazul; Ngouen, Maurice; Rahman, Mohammad Ashiqur; Uluagac, Selcuk; Njilla, Laurent
SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems Journal Article
In: arXiv e-prints, pp. arXiv: 2305.09669, 2023.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems},
author = {Nur Imtiazul Haque and Maurice Ngouen and Mohammad Ashiqur Rahman and Selcuk Uluagac and Laurent Njilla},
url = {https://ui.adsabs.harvard.edu/abs/2023arXiv230509669I/abstract},
year = {2023},
date = {2023-01-01},
journal = {arXiv e-prints},
pages = {arXiv: 2305.09669},
school = {Florida International University},
abstract = {Modern smart home control systems utilize real-time occupancy and activity monitoring to ensure control efficiency, occupants' comfort, and optimal energy consumption. Moreover, adopting machine learning-based anomaly detection models (ADMs) enhances security and reliability. However, sufficient system knowledge allows adversaries/attackers to alter sensor measurements through stealthy false data injection (FDI) attacks. Although ADMs limit attack scopes, the availability of information like occupants' location, conducted activities, and alteration capability of smart appliances increase the attack surface. Therefore, performing an attack space analysis of modern home control systems is crucial to design robust defense solutions. However, state-of-the-art analyzers do not consider contemporary control and defense solutions and generate trivial attack vectors. To address this, we propose a control and defense},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Modern smart home control systems utilize real-time occupancy and activity monitoring to ensure control efficiency, occupants' comfort, and optimal energy consumption. Moreover, adopting machine learning-based anomaly detection models (ADMs) enhances security and reliability. However, sufficient system knowledge allows adversaries/attackers to alter sensor measurements through stealthy false data injection (FDI) attacks. Although ADMs limit attack scopes, the availability of information like occupants' location, conducted activities, and alteration capability of smart appliances increase the attack surface. Therefore, performing an attack space analysis of modern home control systems is crucial to design robust defense solutions. However, state-of-the-art analyzers do not consider contemporary control and defense solutions and generate trivial attack vectors. To address this, we propose a control and defense
Tekin, Nazli; Acar, Abbas; Aris, Ahmet; Uluagac, A Selcuk; Gungor, Vehbi Cagri
Energy consumption of on-device machine learning models for IoT intrusion detection Journal Article
In: Internet of Things, vol. 21, pp. 100670, 2023.
Abstract | Links | BibTeX | Tags: Drones
@article{nokey,
title = {Energy consumption of on-device machine learning models for IoT intrusion detection},
author = {Nazli Tekin and Abbas Acar and Ahmet Aris and A Selcuk Uluagac and Vehbi Cagri Gungor},
url = {https://www.sciencedirect.com/science/article/pii/S2542660522001512},
year = {2023},
date = {2023-01-01},
journal = {Internet of Things},
volume = {21},
pages = {100670},
publisher = {Elsevier},
school = {Florida International University},
abstract = {Recently, Smart Home Systems (SHSs) have gained enormous popularity with the rapid development of the Internet of Things (IoT) technologies. Besides offering many tangible benefits, SHSs are vulnerable to attacks that lead to security and privacy concerns for SHS users. Machine learning (ML)-based Intrusion Detection Systems (IDS) are proposed to address such concerns. Conventionally, ML models are trained and tested on computationally powerful platforms such as cloud services. Nevertheless, the data shared with the cloud is vulnerable to privacy attacks and causes latency, which decreases the performance of real-time applications like intrusion detection systems. Therefore, on-device ML models, in which the user data is kept locally, have emerged as promising solutions to ensure the security and privacy of the data for real-time applications. However, performing ML tasks requires high energy},
keywords = {Drones},
pubstate = {published},
tppubtype = {article}
}
Recently, Smart Home Systems (SHSs) have gained enormous popularity with the rapid development of the Internet of Things (IoT) technologies. Besides offering many tangible benefits, SHSs are vulnerable to attacks that lead to security and privacy concerns for SHS users. Machine learning (ML)-based Intrusion Detection Systems (IDS) are proposed to address such concerns. Conventionally, ML models are trained and tested on computationally powerful platforms such as cloud services. Nevertheless, the data shared with the cloud is vulnerable to privacy attacks and causes latency, which decreases the performance of real-time applications like intrusion detection systems. Therefore, on-device ML models, in which the user data is kept locally, have emerged as promising solutions to ensure the security and privacy of the data for real-time applications. However, performing ML tasks requires high energy
Mekdad, Yassine; Aris, Ahmet; Babun, Leonardo; Fergougui, Abdeslam El; Conti, Mauro; Lazzeretti, Riccardo; Uluagac, A Selcuk
A survey on security and privacy issues of UAVs Journal Article
In: Computer Networks, vol. 224, pp. 109626, 2023.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {A survey on security and privacy issues of UAVs},
author = {Yassine Mekdad and Ahmet Aris and Leonardo Babun and Abdeslam El Fergougui and Mauro Conti and Riccardo Lazzeretti and A Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S1389128623000713},
year = {2023},
date = {2023-01-01},
journal = {Computer Networks},
volume = {224},
pages = {109626},
publisher = {Elsevier},
school = {Florida International University},
abstract = {In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this technology in civilian applications such as hostage rescue and parcel delivery will integrate smart cities in the future. Nowadays, the affordability of commercial drones expands their usage on a large scale. However, the development of drone technology is associated with vulnerabilities and threats due to the lack of efficient security implementations. Moreover, the complexity of UAVs in software and hardware triggers potential security and privacy issues. Thus, posing significant challenges for the industry, academia, and governments.In this paper, we extensively survey the security and privacy issues of UAVs by providing a systematic classification at four levels: Hardware-level, Software-level, Communication-level, and},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this technology in civilian applications such as hostage rescue and parcel delivery will integrate smart cities in the future. Nowadays, the affordability of commercial drones expands their usage on a large scale. However, the development of drone technology is associated with vulnerabilities and threats due to the lack of efficient security implementations. Moreover, the complexity of UAVs in software and hardware triggers potential security and privacy issues. Thus, posing significant challenges for the industry, academia, and governments.In this paper, we extensively survey the security and privacy issues of UAVs by providing a systematic classification at four levels: Hardware-level, Software-level, Communication-level, and
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication Buses Journal Article
In: Digital Threats: Research and Practice, vol. 4, iss. 1, no. 1, pp. 1–26, 2023.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication Buses},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3555721},
year = {2023},
date = {2023-01-01},
journal = {Digital Threats: Research and Practice},
volume = {4},
number = {1},
issue = {1},
pages = {1–26},
publisher = {ACM},
school = {Florida International University},
abstract = {Enterprise Internet of Things (E-IoT) systems allow users to control audio, video, scheduled events, lightning fixtures, door access, and relays in complex smart installations. These systems are widely used in government or smart private offices, smart buildings/homes, conference rooms, schools, hotels, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems and components has not been researched in the literature. To address this research gap, we focus on E-IoT communication buses, one of the core components used to connect E-IoT devices, and introduce LightningStrike attacks that demonstrate several weaknesses with E-IoT proprietary communication protocols used in E-IoT communication buses. Specifically, we show that popular E-IoT proprietary communication protocols are susceptible to Denial-of-Service (DoS), eavesdropping, impersonation, and},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
Enterprise Internet of Things (E-IoT) systems allow users to control audio, video, scheduled events, lightning fixtures, door access, and relays in complex smart installations. These systems are widely used in government or smart private offices, smart buildings/homes, conference rooms, schools, hotels, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems and components has not been researched in the literature. To address this research gap, we focus on E-IoT communication buses, one of the core components used to connect E-IoT devices, and introduce LightningStrike attacks that demonstrate several weaknesses with E-IoT proprietary communication protocols used in E-IoT communication buses. Specifically, we show that popular E-IoT proprietary communication protocols are susceptible to Denial-of-Service (DoS), eavesdropping, impersonation, and
2022
Franco, Javier; Aris, Ahmet; Babun, Leonardo; Uluagac, A Selcuk
S-Pot: A Smart Honeypot Framework with Dynamic Rule Configuration for SDN Proceedings Article
In: pp. 2818–2824, IEEE, 2022.
Abstract | Links | BibTeX | Tags: Internet of Things
@inproceedings{nokey,
title = {S-Pot: A Smart Honeypot Framework with Dynamic Rule Configuration for SDN},
author = {Javier Franco and Ahmet Aris and Leonardo Babun and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/10000682/},
year = {2022},
date = {2022-01-01},
pages = {2818–2824},
publisher = {IEEE},
school = {Florida International University},
abstract = {Enterprise networks are becoming increasingly heterogeneous where enterprise devices and IoT devices coexist, requiring tools for effective management and security. Software Defined Networking (SDN) has emerged in response to such needs of modern networks. SDN lacks adequate security features and Intrusion Detection and Protection Systems (IDPS) have been used to protect SDN from attacks. However, they have limited knowledge of zero day attacks. Machine Learning (ML) has become a valuable tool against these limitations and improve (SDN) network security. However, the solutions that solely rely on ML can struggle to discriminate benign traffic from malicious, and suffer from false negatives. To solve these problems and improve security of SDN-based enterprise networks, we propose S-Pot, an open-source smart honeypot framework. S-Pot uses enterprise and IoT honeypots to attract attackers},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {inproceedings}
}
Enterprise networks are becoming increasingly heterogeneous where enterprise devices and IoT devices coexist, requiring tools for effective management and security. Software Defined Networking (SDN) has emerged in response to such needs of modern networks. SDN lacks adequate security features and Intrusion Detection and Protection Systems (IDPS) have been used to protect SDN from attacks. However, they have limited knowledge of zero day attacks. Machine Learning (ML) has become a valuable tool against these limitations and improve (SDN) network security. However, the solutions that solely rely on ML can struggle to discriminate benign traffic from malicious, and suffer from false negatives. To solve these problems and improve security of SDN-based enterprise networks, we propose S-Pot, an open-source smart honeypot framework. S-Pot uses enterprise and IoT honeypots to attract attackers
Newaz, Akm Iqtidar; Aris, Ahmet; Sikder, Amit Kumar; Uluagac, A Selcuk
Systematic Threat Analysis of Modern Unified Healthcare Communication Systems Proceedings Article
In: pp. 1404–1410, IEEE, 2022.
Abstract | Links | BibTeX | Tags: Miscellaneous
@inproceedings{nokey,
title = {Systematic Threat Analysis of Modern Unified Healthcare Communication Systems},
author = {Akm Iqtidar Newaz and Ahmet Aris and Amit Kumar Sikder and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/10001605/},
year = {2022},
date = {2022-01-01},
pages = {1404–1410},
publisher = {IEEE},
school = {Florida International University},
abstract = {Recently, smart medical devices have become preva-lent in remote monitoring of patients and the delivery of medication. The ongoing Covid-19 pandemic situation has boosted the upward trend of the popularity of smart medical devices in the healthcare system. Simultaneously, different device manufacturers and technologies compete for a share in a smart medical device's market, which forces the integration of diverse smart medical de-vices into a common healthcare ecosystem. Hence, modern unified healthcare communication systems (UHCSs) combine ISO/IEEE 11073 and Health Level Seven (HL7) communication standards to support smart medical devices' interoperability and their communication with healthcare providers. Despite their advantages in supporting various smart medical devices and communication technologies, these standards do not provide any security and suffer from vulnerabilities},
keywords = {Miscellaneous},
pubstate = {published},
tppubtype = {inproceedings}
}
Recently, smart medical devices have become preva-lent in remote monitoring of patients and the delivery of medication. The ongoing Covid-19 pandemic situation has boosted the upward trend of the popularity of smart medical devices in the healthcare system. Simultaneously, different device manufacturers and technologies compete for a share in a smart medical device's market, which forces the integration of diverse smart medical de-vices into a common healthcare ecosystem. Hence, modern unified healthcare communication systems (UHCSs) combine ISO/IEEE 11073 and Health Level Seven (HL7) communication standards to support smart medical devices' interoperability and their communication with healthcare providers. Despite their advantages in supporting various smart medical devices and communication technologies, these standards do not provide any security and suffer from vulnerabilities
Veksler, Maryna; Rodríguez, David Langus; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
LoFin: LoRa-based UAV Fingerprinting Framework Proceedings Article
In: pp. 980–985, IEEE, 2022.
Abstract | Links | BibTeX | Tags: Drones
@inproceedings{nokey,
title = {LoFin: LoRa-based UAV Fingerprinting Framework},
author = {Maryna Veksler and David Langus Rodríguez and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/10017584/},
year = {2022},
date = {2022-01-01},
pages = {980–985},
publisher = {IEEE},
school = {Florida International University},
abstract = {The emerging proliferation of unmanned aerial vehicles (UAV) combined with their autonomous capabilities established the solid incorporation of UAVs for military applications. However, seamless deployment of drones into the adversarial environment and on the battlefield requires a robust and secure network stack, protected from adversarial intrusion. As LoRa became a low-cost solution for the long-distance control channel, it solved the challenge of long-range connectivity and prolonged lifespan present in UAV applications. However, the existing implementations lack protection mechanisms against unauthorized access. In this paper, we present LoFin, the first fingerprinting framework used to identify telemetry transceivers that communicate over the LoRa channel. LoFin exploits information leaked due to the differences in hardware structure, which results in processing time variations. Passively collecting},
keywords = {Drones},
pubstate = {published},
tppubtype = {inproceedings}
}
The emerging proliferation of unmanned aerial vehicles (UAV) combined with their autonomous capabilities established the solid incorporation of UAVs for military applications. However, seamless deployment of drones into the adversarial environment and on the battlefield requires a robust and secure network stack, protected from adversarial intrusion. As LoRa became a low-cost solution for the long-distance control channel, it solved the challenge of long-range connectivity and prolonged lifespan present in UAV applications. However, the existing implementations lack protection mechanisms against unauthorized access. In this paper, we present LoFin, the first fingerprinting framework used to identify telemetry transceivers that communicate over the LoRa channel. LoFin exploits information leaked due to the differences in hardware structure, which results in processing time variations. Passively collecting
Nowroozi, Ehsan; Mohammadi, Mohammadreza; Golmohammadi, Pargol; Mekdad, Yassine; Conti, Mauro; Uluagac, Selcuk
Resisting deep learning models against adversarial attack transferability via feature randomization Journal Article
In: arXiv preprint arXiv:2209.04930, 2022.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {Resisting deep learning models against adversarial attack transferability via feature randomization},
author = {Ehsan Nowroozi and Mohammadreza Mohammadi and Pargol Golmohammadi and Yassine Mekdad and Mauro Conti and Selcuk Uluagac},
url = {https://arxiv.org/abs/2209.04930},
year = {2022},
date = {2022-01-01},
journal = {arXiv preprint arXiv:2209.04930},
school = {Florida International University},
abstract = {In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60 percent.},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60 percent.
Oz, Harun; Aris, Ahmet; Levi, Albert; Uluagac, A Selcuk
A survey on ransomware: Evolution, taxonomy, and defense solutions Journal Article
In: vol. 54, iss. 11s, no. 11s, pp. 1–37, 2022.
Abstract | Links | BibTeX | Tags: Malware
@article{nokey,
title = {A survey on ransomware: Evolution, taxonomy, and defense solutions},
author = {Harun Oz and Ahmet Aris and Albert Levi and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3514229},
year = {2022},
date = {2022-01-01},
volume = {54},
number = {11s},
issue = {11s},
pages = {1–37},
publisher = {ACM},
school = {Florida International University},
abstract = {In recent years, ransomware has been one of the most notorious malware targeting end-users, governments, and business organizations. It has become a very profitable business for cybercriminals with revenues of millions of dollars, and a very serious threat to organizations with financial losses of billions of dollars. Numerous studies were proposed to address the ransomware threat, including surveys that cover certain aspects of ransomware research. However, no study exists in the literature that gives the complete picture on ransomware and ransomware defense research with respect to the diversity of targeted platforms. Since ransomware is already prevalent in PCs/workstations/desktops/laptops, and is becoming more prevalent in mobile devices, and has already hit IoT/CPS recently, and will likely grow further in the IoT/CPS domain very soon, understanding ransomware and analyzing defense mechanisms},
keywords = {Malware},
pubstate = {published},
tppubtype = {article}
}
In recent years, ransomware has been one of the most notorious malware targeting end-users, governments, and business organizations. It has become a very profitable business for cybercriminals with revenues of millions of dollars, and a very serious threat to organizations with financial losses of billions of dollars. Numerous studies were proposed to address the ransomware threat, including surveys that cover certain aspects of ransomware research. However, no study exists in the literature that gives the complete picture on ransomware and ransomware defense research with respect to the diversity of targeted platforms. Since ransomware is already prevalent in PCs/workstations/desktops/laptops, and is becoming more prevalent in mobile devices, and has already hit IoT/CPS recently, and will likely grow further in the IoT/CPS domain very soon, understanding ransomware and analyzing defense mechanisms
Sikder, Amit Kumar; Babun, Leonardo; Celik, Z Berkay; Aksu, Hidayet; McDaniel, Patrick; Kirda, Engin; Uluagac, A Selcuk
Who’s controlling my device? Multi-user multi-device-aware access control system for shared smart home environment Journal Article
In: ACM Transactions on Internet of Things, vol. 3, iss. 4, no. 4, pp. 1–39, 2022.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {Who’s controlling my device? Multi-user multi-device-aware access control system for shared smart home environment},
author = {Amit Kumar Sikder and Leonardo Babun and Z Berkay Celik and Hidayet Aksu and Patrick McDaniel and Engin Kirda and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3543513},
year = {2022},
date = {2022-01-01},
journal = {ACM Transactions on Internet of Things},
volume = {3},
number = {4},
issue = {4},
pages = {1–39},
publisher = {ACM},
school = {Florida International University},
abstract = {Multiple users have access to multiple devices in a smart home system typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique, trusted user that controls access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically-changing demands on multiple devices that cannot be handled by traditional access control techniques. Moreover, smart devices from different platforms/vendors can share the same home environment, making existing access control obsolete for smart home systems. To address these challenges, in this paper, we introduce Kratos+, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Multiple users have access to multiple devices in a smart home system typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique, trusted user that controls access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically-changing demands on multiple devices that cannot be handled by traditional access control techniques. Moreover, smart devices from different platforms/vendors can share the same home environment, making existing access control obsolete for smart home systems. To address these challenges, in this paper, we introduce Kratos+, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
IVYCIDE: Smart Intrusion Detection System against E-IoT Driver Threats Proceedings Article
In: IEEE, 2022.
Abstract | Links | BibTeX | Tags: Internet of Things
@inproceedings{nokey,
title = {IVYCIDE: Smart Intrusion Detection System against E-IoT Driver Threats},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9849838/},
year = {2022},
date = {2022-01-01},
journal = {IEEE Internet of Things Journal},
publisher = {IEEE},
school = {Florida International University},
abstract = {The rise of Internet of Things (IoT) devices has led to the proliferation of smart environments worldwide. Although commodity IoT devices are employed by ordinary end users, complex environments, such as smart buildings, government, or private offices, or conference rooms require customized and highly reliable IoT solutions. Enterprise IoT (E-IoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors As E-IoT systems require specialized training, closed-source software, and proprietary equipment to deploy. In effect, E-IoT systems present an unprecedented, under-researched, and unexplored threat vector for an attacker. In this work, we focus on E-IoT drivers, software modules used to integrate devices into E-IoT systems, as an attack mechanism. We first present PoisonIvy, a series of generalized proof-of-concept attacks used to demonstrate},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {inproceedings}
}
The rise of Internet of Things (IoT) devices has led to the proliferation of smart environments worldwide. Although commodity IoT devices are employed by ordinary end users, complex environments, such as smart buildings, government, or private offices, or conference rooms require customized and highly reliable IoT solutions. Enterprise IoT (E-IoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors As E-IoT systems require specialized training, closed-source software, and proprietary equipment to deploy. In effect, E-IoT systems present an unprecedented, under-researched, and unexplored threat vector for an attacker. In this work, we focus on E-IoT drivers, software modules used to integrate devices into E-IoT systems, as an attack mechanism. We first present PoisonIvy, a series of generalized proof-of-concept attacks used to demonstrate
Khalil, Alvi Ataur; Franco, Javier; Parvez, Imtiaz; Uluagac, Selcuk; Shahriar, Hossain; Rahman, Mohammad Ashiqur
A literature review on blockchain-enabled security and operation of cyber-physical systems Proceedings Article
In: pp. 1774–1779, IEEE, 2022.
Abstract | Links | BibTeX | Tags: Malware
@inproceedings{nokey,
title = {A literature review on blockchain-enabled security and operation of cyber-physical systems},
author = {Alvi Ataur Khalil and Javier Franco and Imtiaz Parvez and Selcuk Uluagac and Hossain Shahriar and Mohammad Ashiqur Rahman},
url = {https://ieeexplore.ieee.org/abstract/document/9842711/},
year = {2022},
date = {2022-01-01},
pages = {1774–1779},
publisher = {IEEE},
school = {Florida International University},
abstract = {Blockchain has become a key technology in a plethora of application domains owing to its decentralized public nature. The cyber-physical systems (CPS) is one of the prominent application domains that leverage blockchain for myriad oper-ations, where the Internet of Things (IoT) is utilized for data collection. Although some of the CPS problems can be solved by simply adopting blockchain for its secure and distributed nature, others require complex considerations for overcoming blockchain-imposed limitations while maintaining the core aspect of CPS. Even though a number of studies focus on either the utilization of block chains for different CPS applications or the blockchain-enabled security of CPS, there is no comprehensive survey including both perspectives together. To fill this gap, we present a comprehensive overview of contemporary advancement in using blockchain for enhancing different CPS},
keywords = {Malware},
pubstate = {published},
tppubtype = {inproceedings}
}
Blockchain has become a key technology in a plethora of application domains owing to its decentralized public nature. The cyber-physical systems (CPS) is one of the prominent application domains that leverage blockchain for myriad oper-ations, where the Internet of Things (IoT) is utilized for data collection. Although some of the CPS problems can be solved by simply adopting blockchain for its secure and distributed nature, others require complex considerations for overcoming blockchain-imposed limitations while maintaining the core aspect of CPS. Even though a number of studies focus on either the utilization of block chains for different CPS applications or the blockchain-enabled security of CPS, there is no comprehensive survey including both perspectives together. To fill this gap, we present a comprehensive overview of contemporary advancement in using blockchain for enhancing different CPS
Sikder, Amit Kumar; Aksu, Hidayet; Uluagac, A Selcuk
Context-aware security framework for a smart environment Patent
2022.
Abstract | Links | BibTeX | Tags: Drones
@patent{nokey,
title = {Context-aware security framework for a smart environment},
author = {Amit Kumar Sikder and Hidayet Aksu and A Selcuk Uluagac},
url = {https://patents.google.com/patent/US20220182400A1/en},
year = {2022},
date = {2022-01-01},
school = {Florida International University},
abstract = {Context-aware security frameworks to detect malicious behavior in a smart environment (eg, a home, office, or other building) are provided. The framework can address the emerging threats to smart environments by observing the changing patterns of the conditions (eg, active/inactive) of smart entities (eg, sensors and other devices) of the smart environment for different user activities, and building a contextual model to detect malicious activities in the smart environment.},
keywords = {Drones},
pubstate = {published},
tppubtype = {patent}
}
Context-aware security frameworks to detect malicious behavior in a smart environment (eg, a home, office, or other building) are provided. The framework can address the emerging threats to smart environments by observing the changing patterns of the conditions (eg, active/inactive) of smart entities (eg, sensors and other devices) of the smart environment for different user activities, and building a contextual model to detect malicious activities in the smart environment.
Bhansali, Shrenik; Aris, Ahmet; Acar, Abbas; Oz, Harun; Uluagac, A Selcuk
A first look at code obfuscation for webassembly Journal Article
In: pp. 140–145, 2022.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {A first look at code obfuscation for webassembly},
author = {Shrenik Bhansali and Ahmet Aris and Abbas Acar and Harun Oz and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3507657.3528560},
year = {2022},
date = {2022-01-01},
pages = {140–145},
school = {Florida International University},
abstract = {WebAssembly (Wasm) has seen a lot of attention lately as it spreads through the mobile computing domain and becomes the new standard for performance-oriented web development. It has diversified its uses far beyond just web applications by acting as an execution environment for mobile agents, containers for IoT devices, and enabling new serverless approaches for edge computing. Within the numerous uses of Wasm, not all of them are benign. With the rise of Wasm-based cryptojacking malware, analyzing Wasm applications has been a hot topic in the literature, resulting in numerous Wasm-based cryptojacking detection systems. Many of these methods rely on static analysis, which traditionally can be circumvented through obfuscation. However, the feasibility of the obfuscation techniques for Wasm programs has never been investigated thoroughly. In this paper, we address this gap and perform the first},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
WebAssembly (Wasm) has seen a lot of attention lately as it spreads through the mobile computing domain and becomes the new standard for performance-oriented web development. It has diversified its uses far beyond just web applications by acting as an execution environment for mobile agents, containers for IoT devices, and enabling new serverless approaches for edge computing. Within the numerous uses of Wasm, not all of them are benign. With the rise of Wasm-based cryptojacking malware, analyzing Wasm applications has been a hot topic in the literature, resulting in numerous Wasm-based cryptojacking detection systems. Many of these methods rely on static analysis, which traditionally can be circumvented through obfuscation. However, the feasibility of the obfuscation techniques for Wasm programs has never been investigated thoroughly. In this paper, we address this gap and perform the first
Nowroozi, Ehsan; Mekdad, Yassine; Conti, Mauro; Milani, Simone; Uluagac, Selcuk; Yanikoglu, Berrin
Real or Virtual: A Video Conferencing Background Manipulation-Detection System Journal Article
In: arXiv preprint arXiv:2204.11853, 2022.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {Real or Virtual: A Video Conferencing Background Manipulation-Detection System},
author = {Ehsan Nowroozi and Yassine Mekdad and Mauro Conti and Simone Milani and Selcuk Uluagac and Berrin Yanikoglu},
url = {https://arxiv.org/abs/2204.11853},
year = {2022},
date = {2022-01-01},
journal = {arXiv preprint arXiv:2204.11853},
school = {Florida International University},
abstract = {Recently, the popularity and wide use of the last-generation video conferencing technologies created an exponential growth in its market size. Such technology allows participants in different geographic regions to have a virtual face-to-face meeting. Additionally, it enables users to employ a virtual background to conceal their own environment due to privacy concerns or to reduce distractions, particularly in professional settings. Nevertheless, in scenarios where the users should not hide their actual locations, they may mislead other participants by claiming their virtual background as a real one. Therefore, it is crucial to develop tools and strategies to detect the authenticity of the considered virtual background. In this paper, we present a detection strategy to distinguish between real and virtual video conferencing user backgrounds. We demonstrate that our detector is robust against two attack scenarios. The first scenario considers the case where the detector is unaware about the attacks and inn the second scenario, we make the detector aware of the adversarial attacks, which we refer to Adversarial Multimedia Forensics (i.e, the forensically-edited frames are included in the training set). Given the lack of publicly available dataset of virtual and real backgrounds for video conferencing, we created our own dataset and made them publicly available [1]. Then, we demonstrate the robustness of our detector against different adversarial attacks that the adversary considers. Ultimately, our detector's performance is significant against the CRSPAM1372 [2] features, and post-processing operations such as geometric transformations with different quality},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Recently, the popularity and wide use of the last-generation video conferencing technologies created an exponential growth in its market size. Such technology allows participants in different geographic regions to have a virtual face-to-face meeting. Additionally, it enables users to employ a virtual background to conceal their own environment due to privacy concerns or to reduce distractions, particularly in professional settings. Nevertheless, in scenarios where the users should not hide their actual locations, they may mislead other participants by claiming their virtual background as a real one. Therefore, it is crucial to develop tools and strategies to detect the authenticity of the considered virtual background. In this paper, we present a detection strategy to distinguish between real and virtual video conferencing user backgrounds. We demonstrate that our detector is robust against two attack scenarios. The first scenario considers the case where the detector is unaware about the attacks and inn the second scenario, we make the detector aware of the adversarial attacks, which we refer to Adversarial Multimedia Forensics (i.e, the forensically-edited frames are included in the training set). Given the lack of publicly available dataset of virtual and real backgrounds for video conferencing, we created our own dataset and made them publicly available [1]. Then, we demonstrate the robustness of our detector against different adversarial attacks that the adversary considers. Ultimately, our detector's performance is significant against the CRSPAM1372 [2] features, and post-processing operations such as geometric transformations with different quality
Tekiner, Ege; Acar, Abbas; Uluagac, A Selcuk
A lightweight IoT cryptojacking detection mechanism in heterogeneous smart home networks Journal Article
In: Proc. of the ISOC Network and Distributed System Security Symposium (NDSS), 2022.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {A lightweight IoT cryptojacking detection mechanism in heterogeneous smart home networks},
author = {Ege Tekiner and Abbas Acar and A Selcuk Uluagac},
url = {https://www.ndss-symposium.org/wp-content/uploads/2022-208-paper.pdf},
year = {2022},
date = {2022-01-01},
journal = {Proc. of the ISOC Network and Distributed System Security Symposium (NDSS)},
school = {Florida International University},
abstract = {Recently, cryptojacking malware has become an easy way of reaching and profiting from a large number of victims. Prior works studied the cryptojacking detection systems focusing on both in-browser and host-based cryptojacking malware. However, none of these earlier works investigated different attack configurations and network settings in this context. For example, an attacker with an aggressive profit strategy may increase computational resources to the maximum utilization to benefit more in a short time, while a stealthy attacker may want to stay undetected longer time on the victims device. The accuracy of the detection mechanism may differ for an aggressive and stealthy attacker. Not only profit strategies, but also the cryptojacking malware type, the victims device as well as various network settings where the network is fully or partially compromised may play a key role in the performance evaluation of the detection mechanisms. In addition, smart home networks with multiple IoT devices are easily exploited by the attackers, and they are equipped to mine cryptocurrency on behalf of the attacker. However, no prior works investigated the impact of cryptojacking malware on IoT devices and compromised smart home networks. In this paper, we first propose an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features, which can detect both in-browser and host-based cryptojacking. Then, we focus on the cryptojacking implementation problem on new device categories (eg, IoT) and designed several novel experiment scenarios to assess our detection mechanism to cover the current attack surface of the},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Recently, cryptojacking malware has become an easy way of reaching and profiting from a large number of victims. Prior works studied the cryptojacking detection systems focusing on both in-browser and host-based cryptojacking malware. However, none of these earlier works investigated different attack configurations and network settings in this context. For example, an attacker with an aggressive profit strategy may increase computational resources to the maximum utilization to benefit more in a short time, while a stealthy attacker may want to stay undetected longer time on the victims device. The accuracy of the detection mechanism may differ for an aggressive and stealthy attacker. Not only profit strategies, but also the cryptojacking malware type, the victims device as well as various network settings where the network is fully or partially compromised may play a key role in the performance evaluation of the detection mechanisms. In addition, smart home networks with multiple IoT devices are easily exploited by the attackers, and they are equipped to mine cryptocurrency on behalf of the attacker. However, no prior works investigated the impact of cryptojacking malware on IoT devices and compromised smart home networks. In this paper, we first propose an accurate and efficient IoT cryptojacking detection mechanism based on network traffic features, which can detect both in-browser and host-based cryptojacking. Then, we focus on the cryptojacking implementation problem on new device categories (eg, IoT) and designed several novel experiment scenarios to assess our detection mechanism to cover the current attack surface of the
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
Survey on enterprise Internet-of-Things systems (E-IoT): A security perspective Journal Article
In: Ad Hoc Networks, vol. 125, pp. 102728, 2022.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {Survey on enterprise Internet-of-Things systems (E-IoT): A security perspective},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S1570870521002171},
year = {2022},
date = {2022-01-01},
journal = {Ad Hoc Networks},
volume = {125},
pages = {102728},
publisher = {Elsevier},
school = {Florida International University},
abstract = {As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these plug-and-play systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
As technology becomes more widely available, millions of users worldwide have installed some form of smart device in their homes or workplaces. These devices are often off-the-shelf commodity systems, such as Google Home or Samsung SmartThings, that are installed by end-users looking to automate a small deployment. In contrast to these plug-and-play systems, purpose-built Enterprise Internet-of-Things (E-IoT) systems such as Crestron, Control4, RTI, Savant offer a smart solution for more sophisticated applications (e.g., complete lighting control, A/V management, security). In contrast to commodity systems, E-IoT systems are usually closed source, costly, require certified installers, and are overall more robust for their use cases. Due to this, E-IoT systems are often found in expensive smart homes, government and academic conference rooms, yachts, and smart private offices. However, while there has
Babun, Leonardo; Sikder, Amit Kumar; Acar, Abbas; Uluagac, A Selcuk
The truth shall set thee free: Enabling practical forensic capabilities in smart environments Journal Article
In: Proceedings of the 29th Network and Distributed System Security (NDSS) Symposium, 2022.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {The truth shall set thee free: Enabling practical forensic capabilities in smart environments},
author = {Leonardo Babun and Amit Kumar Sikder and Abbas Acar and A Selcuk Uluagac},
url = {https://www.ndss-symposium.org/wp-content/uploads/2022-133-paper.pdf},
year = {2022},
date = {2022-01-01},
journal = {Proceedings of the 29th Network and Distributed System Security (NDSS) Symposium},
school = {Florida International University},
abstract = {In smart environments such as smart homes and offices, the interaction between devices, users, and apps generate abundant data. Such data contain valuable forensic information about events and activities occurring in the smart environment. Nonetheless, current smart platforms do not provide any digital forensic capability to identify, trace, store, and analyze the data produced in these environments. To fill this gap, in this paper, we introduce VERITAS, a novel and practical digital forensic capability for the smart environment. VERITAS has two main components: Collector and Analyzer. The Collector implements mechanisms to automatically collect forensically-relevant data from the smart environment. Then, in the event of a forensic investigation, the Analyzer uses a First Order Markov Chain model to extract valuable and usable forensic information from the collected data. VERITAS then uses the forensic information to infer activities and behaviors from users, devices, and apps that violate the security policies defined for the environment. We implemented and tested VERITAS in a realistic smart office environment with 22 smart devices and sensors that generated 84209 forensically-valuable incidents. The evaluation shows that VERITAS achieves over 95 percent of accuracy in inferring different anomalous activities and forensic behaviors within the smart environment. Finally, VERITAS is extremely lightweight, yielding no overhead on the devices and minimal overhead in the backend resources (ie, the cloud servers).},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
In smart environments such as smart homes and offices, the interaction between devices, users, and apps generate abundant data. Such data contain valuable forensic information about events and activities occurring in the smart environment. Nonetheless, current smart platforms do not provide any digital forensic capability to identify, trace, store, and analyze the data produced in these environments. To fill this gap, in this paper, we introduce VERITAS, a novel and practical digital forensic capability for the smart environment. VERITAS has two main components: Collector and Analyzer. The Collector implements mechanisms to automatically collect forensically-relevant data from the smart environment. Then, in the event of a forensic investigation, the Analyzer uses a First Order Markov Chain model to extract valuable and usable forensic information from the collected data. VERITAS then uses the forensic information to infer activities and behaviors from users, devices, and apps that violate the security policies defined for the environment. We implemented and tested VERITAS in a realistic smart office environment with 22 smart devices and sensors that generated 84209 forensically-valuable incidents. The evaluation shows that VERITAS achieves over 95 percent of accuracy in inferring different anomalous activities and forensic behaviors within the smart environment. Finally, VERITAS is extremely lightweight, yielding no overhead on the devices and minimal overhead in the backend resources (ie, the cloud servers).
2021
Kurt, Ahmet; Erdin, Enes; Akkaya, Kemal; Uluagac, A Selcuk; Cebe, Mumin
D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network Journal Article
In: arXiv preprint arXiv:2112.07623, 2021.
Abstract | Links | BibTeX | Tags: Malware
@article{nokey,
title = {D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network},
author = {Ahmet Kurt and Enes Erdin and Kemal Akkaya and A Selcuk Uluagac and Mumin Cebe},
url = {https://arxiv.org/abs/2112.07623},
year = {2021},
date = {2021-01-01},
journal = {arXiv preprint arXiv:2112.07623},
school = {Florida International University},
abstract = {While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further relay those commands to the bots in their mini-botnets to launch any type of attacks to victim machines. We further improve on this design by introducing D-LNBot; a distributed version of LNBot that generates its C&C servers by infecting users on the Internet and forms the C&C connections by opening channels to the existing nodes on LN. In contrary to the LNBot, the whole botnet formation phase is distributed and the botmaster is never involved in the process. By utilizing Bitcoin's Testnet and the new message attachment feature of LN, we show that D-LNBot can be run for free and commands are propagated faster to all the C&C servers compared to LNBot. We presented proof-of-concept implementations for both LNBot and D-LNBot},
keywords = {Malware},
pubstate = {published},
tppubtype = {article}
}
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further relay those commands to the bots in their mini-botnets to launch any type of attacks to victim machines. We further improve on this design by introducing D-LNBot; a distributed version of LNBot that generates its C&C servers by infecting users on the Internet and forms the C&C connections by opening channels to the existing nodes on LN. In contrary to the LNBot, the whole botnet formation phase is distributed and the botmaster is never involved in the process. By utilizing Bitcoin's Testnet and the new message attachment feature of LN, we show that D-LNBot can be run for free and commands are propagated faster to all the C&C servers compared to LNBot. We presented proof-of-concept implementations for both LNBot and D-LNBot
Denney, Kyle; Erdin, Enes; Babun, Leonardo; Uluagac, A Selcuk; Akkaya, Kemal
Systems and methods for inhibiting threats to a computing environment Patent
2021.
Abstract | Links | BibTeX | Tags: Miscellaneous
@patent{nokey,
title = {Systems and methods for inhibiting threats to a computing environment},
author = {Kyle Denney and Enes Erdin and Leonardo Babun and A Selcuk Uluagac and Kemal Akkaya},
url = {https://patents.google.com/patent/US11132441B2/en},
year = {2021},
date = {2021-01-01},
school = {Florida International University},
abstract = {Novel hardware-based frameworks and methods for the detection and inhibition or prevention of insider threats utilizing machine learning methods and data collection done at the physical layer are provided. Analysis is done on unknown USB-powered devices, such as a keyboard or mouse, introduced to a computing environment and, through the utilization of machine learning, the behavior of the unknown device is determined before it can potentially cause harm to the computing environment.},
keywords = {Miscellaneous},
pubstate = {published},
tppubtype = {patent}
}
Novel hardware-based frameworks and methods for the detection and inhibition or prevention of insider threats utilizing machine learning methods and data collection done at the physical layer are provided. Analysis is done on unknown USB-powered devices, such as a keyboard or mouse, introduced to a computing environment and, through the utilization of machine learning, the behavior of the unknown device is determined before it can potentially cause harm to the computing environment.
Thompson, Michael; Mercan, Suat; Cebe, Mumin; Akkaya, Kemal; Uluagac, Arif Selcuk
Cost-efficient IOT forensics framework with blockchain Patent
2021.
Abstract | Links | BibTeX | Tags: Miscellaneous
@patent{nokey,
title = {Cost-efficient IOT forensics framework with blockchain},
author = {Michael Thompson and Suat Mercan and Mumin Cebe and Kemal Akkaya and Arif Selcuk Uluagac},
url = {https://patents.google.com/patent/US11128463B1/en},
year = {2021},
date = {2021-01-01},
school = {Florida International University},
abstract = {A cost-effective and reliable digital forensics framework is provided by exploiting multiple blockchain networks in two levels. The selected data collected from sensors on a boat is sent to a remote company database and calculated hash of the data is saved in two blockchain platforms in the first level. Hash of each block is retrieved and inserted onto a Merkle tree on a periodic basis to be stored on another blockchain in the second level which is used to detect any error in the first level blockchains. A secure platform is created with the combination of several blockchains.},
keywords = {Miscellaneous},
pubstate = {published},
tppubtype = {patent}
}
A cost-effective and reliable digital forensics framework is provided by exploiting multiple blockchain networks in two levels. The selected data collected from sensors on a boat is sent to a remote company database and calculated hash of the data is saved in two blockchain platforms in the first level. Hash of each block is retrieved and inserted onto a Merkle tree on a periodic basis to be stored on another blockchain in the second level which is used to detect any error in the first level blockchains. A secure platform is created with the combination of several blockchains.
Tekiner, Ege; Acar, Abbas; Uluagac, A Selcuk; Kirda, Engin; Selcuk, Ali Aydin
SoK: cryptojacking malware Proceedings Article
In: pp. 120–139, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Miscellaneous
@inproceedings{nokey,
title = {SoK: cryptojacking malware},
author = {Ege Tekiner and Abbas Acar and A Selcuk Uluagac and Engin Kirda and Ali Aydin Selcuk},
url = {https://ieeexplore.ieee.org/abstract/document/9581251/},
year = {2021},
date = {2021-01-01},
pages = {120–139},
publisher = {IEEE},
school = {Florida International University},
abstract = {Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting},
keywords = {Miscellaneous},
pubstate = {published},
tppubtype = {inproceedings}
}
Emerging blockchain and cryptocurrency-based technologies are redefining the way we conduct business in cyberspace. Today, a myriad of blockchain and cryp-tocurrency systems, applications, and technologies are widely available to companies, end-users, and even malicious actors who want to exploit the computational resources of regular users through cryptojacking malware. Especially with ready-to-use mining scripts easily provided by service providers (e.g., Coinhive) and untraceable cryptocurrencies (e.g., Monero), cryptojacking malware has become an indispensable tool for attackers. Indeed, the banking industry, major commercial websites, government and military servers (e.g., US Dept. of Defense), online video sharing platforms (e.g., Youtube), gaming platforms (e.g., Nintendo), critical infrastructure resources (e.g., routers), and even recently widely popular remote video conferencing/meeting
Acar, Abbas; Ali, Shoukat; Karabina, Koray; Kaygusuz, Cengiz; Aksu, Hidayet; Akkaya, Kemal; Uluagac, Selcuk
A lightweight privacy-aware continuous authentication protocol-paca Journal Article
In: ACM Transactions on Privacy and Security (TOPS), vol. 24, iss. 4, no. 4, pp. 1–28, 2021.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A lightweight privacy-aware continuous authentication protocol-paca},
author = {Abbas Acar and Shoukat Ali and Koray Karabina and Cengiz Kaygusuz and Hidayet Aksu and Kemal Akkaya and Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3464690},
year = {2021},
date = {2021-01-01},
journal = {ACM Transactions on Privacy and Security (TOPS)},
volume = {24},
number = {4},
issue = {4},
pages = {1–28},
publisher = {ACM},
school = {Florida International University},
abstract = {As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
As many vulnerabilities of one-time authentication systems have already been uncovered, there is a growing need and trend to adopt continuous authentication systems. Biometrics provides an excellent means for periodic verification of the authenticated users without breaking the continuity of a session. Nevertheless, as attacks to computing systems increase, biometric systems demand more user information in their operations, yielding privacy issues for users in biometric-based continuous authentication systems. However, the current state-of-the-art privacy technologies are not viable or costly for the continuous authentication systems, which require periodic real-time verification. In this article, we introduce a novel, lightweight, privacy-aware, and secure continuous authentication protocol called PACA. PACA is initiated through a password-based key exchange (PAKE) mechanism, and it continuously
Tekiner, Ege; Acar, Abbas; Uluagac, A Selcuk; Kirda, Engin; Selcuk, Ali Aydin
In-browser cryptomining for good: An untold story Proceedings Article
In: pp. 20–29, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Malware
@inproceedings{nokey,
title = {In-browser cryptomining for good: An untold story},
author = {Ege Tekiner and Abbas Acar and A Selcuk Uluagac and Engin Kirda and Ali Aydin Selcuk},
url = {https://ieeexplore.ieee.org/abstract/document/9566204/},
year = {2021},
date = {2021-01-01},
pages = {20–29},
publisher = {IEEE},
school = {Florida International University},
abstract = {In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our},
keywords = {Malware},
pubstate = {published},
tppubtype = {inproceedings}
}
In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our
Franco, Javier; Aris, Ahmet; Canberk, Berk; Uluagac, A Selcuk
A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems Proceedings Article
In: pp. 2351–2383, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Internet of Things
@inproceedings{nokey,
title = {A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems},
author = {Javier Franco and Ahmet Aris and Berk Canberk and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9520645/},
year = {2021},
date = {2021-01-01},
volume = {23},
number = {4},
issue = {4},
pages = {2351–2383},
publisher = {IEEE},
school = {Florida International University},
abstract = {The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems - IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {inproceedings}
}
The Internet of Things (IoT), the Industrial Internet of Things (IIoT), and Cyber-Physical Systems (CPS) have become essential for our daily lives in contexts such as our homes, buildings, cities, health, transportation, manufacturing, infrastructure, and agriculture. However, they have become popular targets of attacks, due to their inherent limitations which create vulnerabilities. Honeypots and honeynets can prove essential to understand and defend against attacks on IoT, IIoT, and CPS environments by attracting attackers and deceiving them into thinking that they have gained access to the real systems. Honeypots and honeynets can complement other security solutions (i.e., firewalls, Intrusion Detection Systems - IDS) to form a strong defense against malicious entities. This paper provides a comprehensive survey of the research that has been carried out on honeypots and honeynets for IoT, IIoT, and CPS. It
Newaz, Akm Iqtidar; Sikder, Amit Kumar; Rahman, Mohammad Ashiqur; Uluagac, A Selcuk
A survey on security and privacy issues in modern healthcare systems: Attacks and defenses Journal Article
In: ACM Transactions on Computing for Healthcare, vol. 2, iss. 3, no. 3, pp. 1–44, 2021.
Abstract | Links | BibTeX | Tags: Smart Grid
@article{nokey,
title = {A survey on security and privacy issues in modern healthcare systems: Attacks and defenses},
author = {Akm Iqtidar Newaz and Amit Kumar Sikder and Mohammad Ashiqur Rahman and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3453176},
year = {2021},
date = {2021-01-01},
journal = {ACM Transactions on Computing for Healthcare},
volume = {2},
number = {3},
issue = {3},
pages = {1–44},
publisher = {ACM},
school = {Florida International University},
abstract = {Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security},
keywords = {Smart Grid},
pubstate = {published},
tppubtype = {article}
}
Recent advancements in computing systems and wireless communications have made healthcare systems more efficient than before. Modern healthcare devices can monitor and manage different health conditions of patients automatically without any manual intervention from medical professionals. Additionally, the use of implantable medical devices, body area networks, and Internet of Things technologies in healthcare systems improve the overall patient monitoring and treatment process. However, these systems are complex in software and hardware, and optimizing between security, privacy, and treatment is crucial for healthcare systems because any security or privacy violation can lead to severe effects on patients treatments and overall health conditions. Indeed, the healthcare domain is increasingly facing security challenges and threats due to numerous design flaws and the lack of proper security
Khalil, Alvi Ataur; Franco, Javier; Parvez, Imtiaz; Uluagac, Selcuk; Rahman, Mohammad Ashiqur
A Literature Review on Blockchain-enabled Security and Operation of Cyber-Physical Systems Journal Article
In: pp. arXiv: 2107.07916, 2021.
Abstract | Links | BibTeX | Tags: Malware
@article{nokey,
title = {A Literature Review on Blockchain-enabled Security and Operation of Cyber-Physical Systems},
author = {Alvi Ataur Khalil and Javier Franco and Imtiaz Parvez and Selcuk Uluagac and Mohammad Ashiqur Rahman},
url = {https://ui.adsabs.harvard.edu/abs/2021arXiv210707916A/abstract},
year = {2021},
date = {2021-01-01},
pages = {arXiv: 2107.07916},
school = {Florida International University},
abstract = {Blockchain has become a key technology in a plethora of application domains owing to its decentralized public nature. The cyber-physical systems (CPS) is one of the prominent application domains that leverage blockchain for myriad operations, where the Internet of Things (IoT) is utilized for data collection. Although some of the CPS problems can be solved by simply adopting blockchain for its secure and distributed nature, others require complex considerations for overcoming blockchain-imposed limitations while maintaining the core aspect of CPS. Even though a number of studies focus on either the utilization of blockchains for different CPS applications or the blockchain-enabled security of CPS, there is no comprehensive survey including both perspectives together. To fill this gap, we present a comprehensive overview of contemporary advancement in using blockchain for enhancing different CPS},
keywords = {Malware},
pubstate = {published},
tppubtype = {article}
}
Blockchain has become a key technology in a plethora of application domains owing to its decentralized public nature. The cyber-physical systems (CPS) is one of the prominent application domains that leverage blockchain for myriad operations, where the Internet of Things (IoT) is utilized for data collection. Although some of the CPS problems can be solved by simply adopting blockchain for its secure and distributed nature, others require complex considerations for overcoming blockchain-imposed limitations while maintaining the core aspect of CPS. Even though a number of studies focus on either the utilization of blockchains for different CPS applications or the blockchain-enabled security of CPS, there is no comprehensive survey including both perspectives together. To fill this gap, we present a comprehensive overview of contemporary advancement in using blockchain for enhancing different CPS
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
LightningStrike: (in) secure practices of E-IoT systems in the wild Journal Article
In: pp. 106–116, 2021.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {LightningStrike: (in) secure practices of E-IoT systems in the wild},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3448300.3467830},
year = {2021},
date = {2021-01-01},
pages = {106–116},
school = {Florida International University},
abstract = {The widespread adoption of specialty smart ecosystems has changed the everyday lives of users. As a part of smart ecosystems, Enterprise Internet of Things (E-IoT) allows users to integrate and control more complex installations in comparison to off-the-shelf IoT systems. With E-IoT, users have a complete control of audio, video, scheduled events, lightning fixtures, shades, door access, and relays via available user interfaces. As such, these systems see widespread use in government or smart private offices, schools, smart buildings, professional conference rooms, hotels, smart homes, yachts, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems has not been researched in the literature. Further, many E-IoT systems utilize proprietary communication protocols that rely mostly on security through obscurity, which has perhaps led many users to mistakenly},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
The widespread adoption of specialty smart ecosystems has changed the everyday lives of users. As a part of smart ecosystems, Enterprise Internet of Things (E-IoT) allows users to integrate and control more complex installations in comparison to off-the-shelf IoT systems. With E-IoT, users have a complete control of audio, video, scheduled events, lightning fixtures, shades, door access, and relays via available user interfaces. As such, these systems see widespread use in government or smart private offices, schools, smart buildings, professional conference rooms, hotels, smart homes, yachts, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems has not been researched in the literature. Further, many E-IoT systems utilize proprietary communication protocols that rely mostly on security through obscurity, which has perhaps led many users to mistakenly
Babun, Leonardo; Denney, Kyle; Celik, Z Berkay; McDaniel, Patrick; Uluagac, A Selcuk
A survey on IoT platforms: Communication, security, and privacy perspectives Journal Article
In: Computer Networks, vol. 192, pp. 108040, 2021.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A survey on IoT platforms: Communication, security, and privacy perspectives},
author = {Leonardo Babun and Kyle Denney and Z Berkay Celik and Patrick McDaniel and A Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S1389128621001444},
year = {2021},
date = {2021-01-01},
journal = {Computer Networks},
volume = {192},
pages = {108040},
publisher = {Elsevier},
school = {Florida International University},
abstract = {The Internet of Things (IoT) redefines the way how commodity and industrial tasks are performed every day. The integration of sensors, lightweight computation, and the proliferation of different wireless technologies on IoT platforms enable human beings to easily interact with their surrounding physical world thoroughly. With the recent rise of IoT, several different IoT platforms have been introduced for researchers and developers to ease the management and control of various IoT devices. In general, the IoT platforms act as a bridge between core IoT functionalities and users by providing APIs. Due to their wide variety of applications, IoT platforms are mostly unique in their architectures and designs. Thus, IoT administrators, developers, and researchers (i.e.,IoT users) are challenged with substantial configuration differences in the proper configuration, implementation, and protection of the IoT solutions. In this},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
The Internet of Things (IoT) redefines the way how commodity and industrial tasks are performed every day. The integration of sensors, lightweight computation, and the proliferation of different wireless technologies on IoT platforms enable human beings to easily interact with their surrounding physical world thoroughly. With the recent rise of IoT, several different IoT platforms have been introduced for researchers and developers to ease the management and control of various IoT devices. In general, the IoT platforms act as a bridge between core IoT functionalities and users by providing APIs. Due to their wide variety of applications, IoT platforms are mostly unique in their architectures and designs. Thus, IoT administrators, developers, and researchers (i.e.,IoT users) are challenged with substantial configuration differences in the proper configuration, implementation, and protection of the IoT solutions. In this
Cosson, Adrien; Sikder, Amit Kumar; Babun, Leonardo; Celik, Z Berkay; McDaniel, Patrick; Uluagac, A Selcuk
Sentinel: A robust intrusion detection system for IoT networks using kernel-level system information Journal Article
In: pp. 53–66, 2021.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {Sentinel: A robust intrusion detection system for IoT networks using kernel-level system information},
author = {Adrien Cosson and Amit Kumar Sikder and Leonardo Babun and Z Berkay Celik and Patrick McDaniel and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3450268.3453533},
year = {2021},
date = {2021-01-01},
pages = {53–66},
school = {Florida International University},
abstract = {The concept of Internet of Things (IoT) has changed the way we live by integrating commodity devices with cyberspace to automate our everyday tasks. Nowadays, IoT devices in the home environment are becoming ubiquitous with seamless connectivity and diverse application domains. Modern IoT devices have adopted a many-to-many connectivity model to enhance user experience and device functionalities compared to early IoT devices with standalone device setup and limited functionalities. However, the continuous connection between devices and cyberspace has introduced new cyber attacks targeting IoT devices and networks. Due to the resource-constrained nature of IoT devices as well as the opacity of the IoT framework, traditional intrusion detection systems cannot be applied here. In this paper, we introduce Sentinel, a novel intrusion detection system that uses kernel-level information to detect},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
The concept of Internet of Things (IoT) has changed the way we live by integrating commodity devices with cyberspace to automate our everyday tasks. Nowadays, IoT devices in the home environment are becoming ubiquitous with seamless connectivity and diverse application domains. Modern IoT devices have adopted a many-to-many connectivity model to enhance user experience and device functionalities compared to early IoT devices with standalone device setup and limited functionalities. However, the continuous connection between devices and cyberspace has introduced new cyber attacks targeting IoT devices and networks. Due to the resource-constrained nature of IoT devices as well as the opacity of the IoT framework, traditional intrusion detection systems cannot be applied here. In this paper, we introduce Sentinel, a novel intrusion detection system that uses kernel-level information to detect
Erdin, Enes; Cebe, Mumin; Akkaya, Kemal; Bulut, Eyuphan; Uluagac, Selcuk
A scalable private Bitcoin payment channel network with privacy guarantees Journal Article
In: Journal of Network and Computer Applications, vol. 180, pp. 103021, 2021.
Abstract | Links | BibTeX | Tags: Malware
@article{nokey,
title = {A scalable private Bitcoin payment channel network with privacy guarantees},
author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Eyuphan Bulut and Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S1084804521000485},
year = {2021},
date = {2021-01-01},
journal = {Journal of Network and Computer Applications},
volume = {180},
pages = {103021},
publisher = {Academic Press},
school = {Florida International University},
abstract = {While Bitcoin heavily dominates the cryptocurrency markets, its use in micropayments is still a challenge due to long transaction confirmation times and high fees. Recently, the concept of off-chain transactions is introduced that led to the idea of establishing a payment channel network called Lightning Network (LN), which utilizes multi-hop payments. Off-chain links provide the ability to make instant payments without a need to writing to Blockchain. However, LN's design still favors fees, and it is creating hub nodes or relays that defeat the purpose of Blockchain. In addition, it is still not reliable, as not all transactions are guaranteed to be delivered to their destinations. These issues hinder its wide adoption by retailers. To address this issue, in this paper, we argue that the retailers could create a private payment channel network among them to serve their business needs, just like the concept of private Blockchains},
keywords = {Malware},
pubstate = {published},
tppubtype = {article}
}
While Bitcoin heavily dominates the cryptocurrency markets, its use in micropayments is still a challenge due to long transaction confirmation times and high fees. Recently, the concept of off-chain transactions is introduced that led to the idea of establishing a payment channel network called Lightning Network (LN), which utilizes multi-hop payments. Off-chain links provide the ability to make instant payments without a need to writing to Blockchain. However, LN's design still favors fees, and it is creating hub nodes or relays that defeat the purpose of Blockchain. In addition, it is still not reliable, as not all transactions are guaranteed to be delivered to their destinations. These issues hinder its wide adoption by retailers. To address this issue, in this paper, we argue that the retailers could create a private payment channel network among them to serve their business needs, just like the concept of private Blockchains
Kurt, Ahmet; Saputro, Nico; Akkaya, Kemal; Uluagac, A Selcuk
Distributed connectivity maintenance in swarm of drones during post-disaster transportation applications Proceedings Article
In: pp. 6061–6073, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Wireless Networking
@inproceedings{nokey,
title = {Distributed connectivity maintenance in swarm of drones during post-disaster transportation applications},
author = {Ahmet Kurt and Nico Saputro and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9385994/},
year = {2021},
date = {2021-01-01},
journal = {IEEE Transactions on Intelligent Transportation Systems},
volume = {22},
number = {9},
issue = {9},
pages = {6061–6073},
publisher = {IEEE},
school = {Florida International University},
abstract = {Considering post-disaster scenarios for intelligent traffic management and damage assessment where communication infrastructure may not be available, we advocate a swarm-of-drones mesh communication architecture that can sustain in-network connectivity among drones. The connectivity sustenance requirement stems from the fact that drones may move to various locations in response to service requests but they still need to cooperate for data collection and transmissions. To address this need, we propose a fully distributed connectivity maintenance heuristic which enables the swarm to quickly adapt its formation in response to the service requests. To select the moving drone(s) that would bring minimal overhead in terms of time and moving distance, the connected dominating set (CDS) concept from graph theory is utilized. Specifically, a variation of CDS, namely E-CDS, is introduced to address the needs},
keywords = {Wireless Networking},
pubstate = {published},
tppubtype = {inproceedings}
}
Considering post-disaster scenarios for intelligent traffic management and damage assessment where communication infrastructure may not be available, we advocate a swarm-of-drones mesh communication architecture that can sustain in-network connectivity among drones. The connectivity sustenance requirement stems from the fact that drones may move to various locations in response to service requests but they still need to cooperate for data collection and transmissions. To address this need, we propose a fully distributed connectivity maintenance heuristic which enables the swarm to quickly adapt its formation in response to the service requests. To select the moving drone(s) that would bring minimal overhead in terms of time and moving distance, the connected dominating set (CDS) concept from graph theory is utilized. Specifically, a variation of CDS, namely E-CDS, is introduced to address the needs
Sikder, Amit Kumar; Petracca, Giuseppe; Aksu, Hidayet; Jaeger, Trent; Uluagac, A Selcuk
A survey on sensor-based threats and attacks to smart devices and applications Proceedings Article
In: pp. 1125–1159, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Education
@inproceedings{nokey,
title = {A survey on sensor-based threats and attacks to smart devices and applications},
author = {Amit Kumar Sikder and Giuseppe Petracca and Hidayet Aksu and Trent Jaeger and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9372295/},
year = {2021},
date = {2021-01-01},
volume = {23},
number = {2},
issue = {2},
pages = {1125–1159},
publisher = {IEEE},
school = {Florida International University},
abstract = {Modern electronic devices have become smart as well as omnipresent in our day-to-day lives. From small household devices to large industrial machines, smart devices have become very popular in every possible application domain. Smart devices in our homes, offices, buildings, and cities can connect with other devices as well as with the physical world around them. This increasing popularity has also placed smart devices as the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of smart devices. One interesting and noteworthy emerging threat vector is the attacks that abuse the use of sensors on smart devices. Smart devices are vulnerable to sensor-based threats and attacks due to the lack of proper security mechanisms available to control the use of sensors by installed apps. By exploiting the sensors (e.g},
keywords = {Education},
pubstate = {published},
tppubtype = {inproceedings}
}
Modern electronic devices have become smart as well as omnipresent in our day-to-day lives. From small household devices to large industrial machines, smart devices have become very popular in every possible application domain. Smart devices in our homes, offices, buildings, and cities can connect with other devices as well as with the physical world around them. This increasing popularity has also placed smart devices as the center of attention among attackers. Already, several types of malicious activities exist that attempt to compromise the security and privacy of smart devices. One interesting and noteworthy emerging threat vector is the attacks that abuse the use of sensors on smart devices. Smart devices are vulnerable to sensor-based threats and attacks due to the lack of proper security mechanisms available to control the use of sensors by installed apps. By exploiting the sensors (e.g
Haque, Nur Imtiazul; Rahman, Mohammad Ashiqur; Shahriar, Md Hasan; Khalil, Alvi Ataur; Uluagac, Selcuk
A novel framework for threat analysis of machine learning-based smart healthcare systems Journal Article
In: arXiv preprint arXiv:2103.03472, 2021.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {A novel framework for threat analysis of machine learning-based smart healthcare systems},
author = {Nur Imtiazul Haque and Mohammad Ashiqur Rahman and Md Hasan Shahriar and Alvi Ataur Khalil and Selcuk Uluagac},
url = {https://arxiv.org/abs/2103.03472},
year = {2021},
date = {2021-01-01},
journal = {arXiv preprint arXiv:2103.03472},
school = {Florida International University},
abstract = {Smart healthcare systems (SHSs) are providing fast and efficient disease treatment leveraging wireless body sensor networks (WBSNs) and implantable medical devices (IMDs)-based internet of medical things (IoMT). In addition, IoMT-based SHSs are enabling automated medication, allowing communication among myriad healthcare sensor devices. However, adversaries can launch various attacks on the communication network and the hardware/firmware to introduce false data or cause data unavailability to the automatic medication system endangering the patient's life. In this paper, we propose SHChecker, a novel threat analysis framework that integrates machine learning and formal analysis capabilities to identify potential attacks and corresponding effects on an IoMT-based SHS. Our framework can provide us with all potential attack vectors, each representing a set of sensor measurements to be altered, for an SHS given a specific set of attack attributes, allowing us to realize the system's resiliency, thus the insight to enhance the robustness of the model. We implement SHChecker on a synthetic and a real dataset, which affirms that our framework can reveal potential attack vectors in an IoMT system. This is a novel effort to formally analyze supervised and unsupervised machine learning models for black-box SHS threat analysis.},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Smart healthcare systems (SHSs) are providing fast and efficient disease treatment leveraging wireless body sensor networks (WBSNs) and implantable medical devices (IMDs)-based internet of medical things (IoMT). In addition, IoMT-based SHSs are enabling automated medication, allowing communication among myriad healthcare sensor devices. However, adversaries can launch various attacks on the communication network and the hardware/firmware to introduce false data or cause data unavailability to the automatic medication system endangering the patient's life. In this paper, we propose SHChecker, a novel threat analysis framework that integrates machine learning and formal analysis capabilities to identify potential attacks and corresponding effects on an IoMT-based SHS. Our framework can provide us with all potential attack vectors, each representing a set of sensor measurements to be altered, for an SHS given a specific set of attack attributes, allowing us to realize the system's resiliency, thus the insight to enhance the robustness of the model. We implement SHChecker on a synthetic and a real dataset, which affirms that our framework can reveal potential attack vectors in an IoMT system. This is a novel effort to formally analyze supervised and unsupervised machine learning models for black-box SHS threat analysis.
Haque, Nur Imtiazul; Rahman, Mohammad Ashiqur; Shahriar, Md Hasan; Khalil, Alvi Ataur; Uluagac, Selcuk
A Novel Framework for Threat Analysis of Machine Learning-based Smart Healthcare Systems Journal Article
In: arXiv e-prints, pp. arXiv: 2103.03472, 2021.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {A Novel Framework for Threat Analysis of Machine Learning-based Smart Healthcare Systems},
author = {Nur Imtiazul Haque and Mohammad Ashiqur Rahman and Md Hasan Shahriar and Alvi Ataur Khalil and Selcuk Uluagac},
url = {https://ui.adsabs.harvard.edu/abs/2021arXiv210303472I/abstract},
year = {2021},
date = {2021-01-01},
journal = {arXiv e-prints},
pages = {arXiv: 2103.03472},
school = {Florida International University},
abstract = {Smart healthcare systems (SHSs) are providing fast and efficient disease treatment leveraging wireless body sensor networks (WBSNs) and implantable medical devices (IMDs)-based internet of medical things (IoMT). In addition, IoMT-based SHSs are enabling automated medication, allowing communication among myriad healthcare sensor devices. However, adversaries can launch various attacks on the communication network and the hardware/firmware to introduce false data or cause data unavailability to the automatic medication system endangering the patient's life. In this paper, we propose SHChecker, a novel threat analysis framework that integrates machine learning and formal analysis capabilities to identify potential attacks and corresponding effects on an IoMT-based SHS. Our framework can provide us with all potential attack vectors, each representing a set of sensor measurements to be altered, for},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
Smart healthcare systems (SHSs) are providing fast and efficient disease treatment leveraging wireless body sensor networks (WBSNs) and implantable medical devices (IMDs)-based internet of medical things (IoMT). In addition, IoMT-based SHSs are enabling automated medication, allowing communication among myriad healthcare sensor devices. However, adversaries can launch various attacks on the communication network and the hardware/firmware to introduce false data or cause data unavailability to the automatic medication system endangering the patient's life. In this paper, we propose SHChecker, a novel threat analysis framework that integrates machine learning and formal analysis capabilities to identify potential attacks and corresponding effects on an IoMT-based SHS. Our framework can provide us with all potential attack vectors, each representing a set of sensor measurements to be altered, for
Rondon, Luis C Puche; Babun, Leonardo; Akkaya, Kemal; Uluagac, A Selcuk
Systems and methods for monitoring activity in an HDMI network Patent
2021.
Abstract | Links | BibTeX | Tags: Miscellaneous
@patent{nokey,
title = {Systems and methods for monitoring activity in an HDMI network},
author = {Luis C Puche Rondon and Leonardo Babun and Kemal Akkaya and A Selcuk Uluagac},
url = {https://patents.google.com/patent/US10929530B1/en},
year = {2021},
date = {2021-01-01},
school = {Florida International University},
abstract = {Systems and methods for monitoring activity within High Definition Multimedia Interface (HDMI) enabled consumer electronics control (CEC) devices and their networks and identifying unexpected and/or suspicious activity within the network are provided. CEC message packets and packet attribute analysis can be used to identify unexpected and/or suspicious CEC activity within two or more interconnected HDMI devices. Three fundamental steps can be used: a data collection step can capture CEC activity occurring within an HDMI distribution; a data processing step can correlate data into a packet analysis process to create a model later used for evaluation; and a decision process step can use the model created in the data processing step to determine if activity occurring within the HDMI distribution is expected or unexpected.},
keywords = {Miscellaneous},
pubstate = {published},
tppubtype = {patent}
}
Systems and methods for monitoring activity within High Definition Multimedia Interface (HDMI) enabled consumer electronics control (CEC) devices and their networks and identifying unexpected and/or suspicious activity within the network are provided. CEC message packets and packet attribute analysis can be used to identify unexpected and/or suspicious CEC activity within two or more interconnected HDMI devices. Three fundamental steps can be used: a data collection step can capture CEC activity occurring within an HDMI distribution; a data processing step can correlate data into a packet analysis process to create a model later used for evaluation; and a decision process step can use the model created in the data processing step to determine if activity occurring within the HDMI distribution is expected or unexpected.
Naseem, Faraz Naseem; Aris, Ahmet; Babun, Leonardo; Tekiner, Ege; Uluagac, A Selcuk
MINOS: A Lightweight Real-Time Cryptojacking Detection System. Journal Article
In: 2021.
Abstract | Links | BibTeX | Tags: Secure Computation
@article{nokey,
title = {MINOS: A Lightweight Real-Time Cryptojacking Detection System.},
author = {Faraz Naseem Naseem and Ahmet Aris and Leonardo Babun and Ege Tekiner and A Selcuk Uluagac},
url = {https://www.researchgate.net/profile/Ahmet-Aris/publication/349109071_MINOS_A_Lightweight_Real-Time_Cryptojacking_Detection_System/links/61488e123c6cb310697fba33/MINOS-A-Lightweight-Real-Time-Cryptojacking-Detection-System.pdf},
year = {2021},
date = {2021-01-01},
school = {Florida International University},
abstract = {Emerging WebAssembly (Wasm)-based cryptojacking malware covertly uses the computational resources of users without their consent or knowledge. Indeed, most victims of this malware are unaware of such unauthorized use of their computing power due to techniques employed by cryptojacking malware authors such as CPU throttling and obfuscation. A number of dynamic analysis-based detection mechanisms exist that aim to circumvent such techniques. However, since these mechanisms use dynamic features, the collection of such features, as well as the actual detection of the malware, require that the cryptojacking malware run for a certain amount of time, effectively mining for that period, and therefore causing significant overhead. To solve these limitations, in this paper, we propose MINOS, a novel, extremely lightweight cryptojacking detection system that uses deep learning techniques to accurately detect the presence of unwarranted Wasm-based mining activity in real-time. MINOS uses an image-based classification technique to distinguish between benign webpages and those using Wasm to implement unauthorized mining. Specifically, the classifier implements a convolutional neural network (CNN) model trained with a comprehensive dataset of current malicious and benign Wasm binaries. MINOS achieves exceptional accuracy with a low TNR and FPR. Moreover, our extensive performance analysis of MINOS shows that the proposed detection technique can detect mining activity instantaneously from the most current in-the-wild cryptojacking malware with an accuracy of 98.97 percent, in an average of 25.9 milliseconds while using a},
keywords = {Secure Computation},
pubstate = {published},
tppubtype = {article}
}
Emerging WebAssembly (Wasm)-based cryptojacking malware covertly uses the computational resources of users without their consent or knowledge. Indeed, most victims of this malware are unaware of such unauthorized use of their computing power due to techniques employed by cryptojacking malware authors such as CPU throttling and obfuscation. A number of dynamic analysis-based detection mechanisms exist that aim to circumvent such techniques. However, since these mechanisms use dynamic features, the collection of such features, as well as the actual detection of the malware, require that the cryptojacking malware run for a certain amount of time, effectively mining for that period, and therefore causing significant overhead. To solve these limitations, in this paper, we propose MINOS, a novel, extremely lightweight cryptojacking detection system that uses deep learning techniques to accurately detect the presence of unwarranted Wasm-based mining activity in real-time. MINOS uses an image-based classification technique to distinguish between benign webpages and those using Wasm to implement unauthorized mining. Specifically, the classifier implements a convolutional neural network (CNN) model trained with a comprehensive dataset of current malicious and benign Wasm binaries. MINOS achieves exceptional accuracy with a low TNR and FPR. Moreover, our extensive performance analysis of MINOS shows that the proposed detection technique can detect mining activity instantaneously from the most current in-the-wild cryptojacking malware with an accuracy of 98.97 percent, in an average of 25.9 milliseconds while using a
Sikder, Amit Kumar; Babun, Leonardo; Uluagac, A Selcuk
Aegis+ A Context-aware Platform-independent Security Framework for Smart Home Systems Journal Article
In: Digital Threats: Research and Practice, vol. 2, iss. 1, no. 1, pp. 1–33, 2021.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {Aegis+ A Context-aware Platform-independent Security Framework for Smart Home Systems},
author = {Amit Kumar Sikder and Leonardo Babun and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3428026},
year = {2021},
date = {2021-01-01},
journal = {Digital Threats: Research and Practice},
volume = {2},
number = {1},
issue = {1},
pages = {1–33},
publisher = {ACM},
school = {Florida International University},
abstract = {The introduction of modern Smart Home Systems (SHSs) is redefining the way we perform everyday activities. Today, myriad SHS applications and the devices they control are widely available to users. Specifically, users can easily download and install the apps from vendor-specific app markets, or develop their own, to effectively implement their SHS solutions. However, despite their benefits, app-based SHSs unfold diverse security risks. Several attacks have already been reported to SHSs and current security solutions only consider smart home devices and apps individually to detect malicious actions, rather than the context of the SHS as a whole. Thus, the current security solutions applied to SHSs cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these limitations, in this article, we introduce Aegis+, a novel context-aware platform-independent security framework},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
The introduction of modern Smart Home Systems (SHSs) is redefining the way we perform everyday activities. Today, myriad SHS applications and the devices they control are widely available to users. Specifically, users can easily download and install the apps from vendor-specific app markets, or develop their own, to effectively implement their SHS solutions. However, despite their benefits, app-based SHSs unfold diverse security risks. Several attacks have already been reported to SHSs and current security solutions only consider smart home devices and apps individually to detect malicious actions, rather than the context of the SHS as a whole. Thus, the current security solutions applied to SHSs cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these limitations, in this article, we introduce Aegis+, a novel context-aware platform-independent security framework
Babun, Leonardo; Aksu, Hidayet; Uluagac, A Selcuk
CPS device-class identification via behavioral fingerprinting: from theory to practice Proceedings Article
In: pp. 2413–2428, IEEE, 2021.
Abstract | Links | BibTeX | Tags: Web Security
@inproceedings{nokey,
title = {CPS device-class identification via behavioral fingerprinting: from theory to practice},
author = {Leonardo Babun and Hidayet Aksu and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9340269/},
year = {2021},
date = {2021-01-01},
journal = {IEEE Transactions on Information Forensics and Security},
volume = {16},
pages = {2413–2428},
publisher = {IEEE},
school = {Florida International University},
abstract = {Cyber-Physical Systems (CPS) utilize different devices to collect sensitive data, communicate with other systems, and monitor essential processes in critical infrastructure applications. However, in the ecosystem of CPS, unauthorized or spoofed devices may danger or compromise the performance and security of the critical infrastructure. The unauthorized and spoofed devices may include tampered pieces of software or hardware components that can negatively impact CPS operations or collect vital CPS metrics from the network. Such devices can be outsider or insider threats trying to impersonate other real CPS devices via spoofing their legitimate identifications to gain access to systems, steal information, or spread malware. Device fingerprinting techniques are promising approaches to identify unauthorized or illegitimate devices. However, current fingerprinting solutions are not suitable as they disrupt critical},
keywords = {Web Security},
pubstate = {published},
tppubtype = {inproceedings}
}
Cyber-Physical Systems (CPS) utilize different devices to collect sensitive data, communicate with other systems, and monitor essential processes in critical infrastructure applications. However, in the ecosystem of CPS, unauthorized or spoofed devices may danger or compromise the performance and security of the critical infrastructure. The unauthorized and spoofed devices may include tampered pieces of software or hardware components that can negatively impact CPS operations or collect vital CPS metrics from the network. Such devices can be outsider or insider threats trying to impersonate other real CPS devices via spoofing their legitimate identifications to gain access to systems, steal information, or spread malware. Device fingerprinting techniques are promising approaches to identify unauthorized or illegitimate devices. However, current fingerprinting solutions are not suitable as they disrupt critical
KAYGUSUZ, CENGIZ; AKSU, HIDAYET; AKKAYA, KEMAL; ULUAGAC, SELCUK
A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA Journal Article
In: 2021.
Abstract | Links | BibTeX | Tags: User Authentication
@article{nokey,
title = {A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA},
author = {CENGIZ KAYGUSUZ and HIDAYET AKSU and KEMAL AKKAYA and SELCUK ULUAGAC},
url = {https://csl.fiu.edu/wp-content/uploads/2023/05/abbas_paca.pdf},
year = {2021},
date = {2021-01-01},
school = {Florida International University},
abstract = {Efforts to improve the security of the authentication services have historically progressed from what-you-know (ie, passwords) to what-you-have (ie, tokens), then to what-you-are (ie, biometrics) as attacks have increased in sophistication and become widespread [80, 85]. While the deployment of biometric authentication systems increases the usability of the authentication systems, the plethora of cyber-attacks demands more user information from biometrics, which introduces additional security and privacy challenges in the authentication systems. In this landscape, another challenge is due to the nature of one-time authentication, which verifies users only at the initial login session regardless of being single-or multi-factor. This is a serious security risk as once the attacker bypasses the initial authentication, it will have a forever access or if the user leaves the system intentionally/unintentionally unlocked, anyone such as an insider or a strong outsider adversary [11], who has physical access to the system will have access to the system without the actual user notification. Therefore, the user should be continuously monitored and re-authenticated. In the literature, several solutions such as time-out or token (or even RFID) based solutions are proposed to address these issues in the authentication systems [55]. Indeed, biometric-based systems are considered to be ideal and usable for such cases as they cannot be easily misplaced unlike tokens, or forgotten unlike passwords, or easily forged by an imposter. The method of verifying and authorizing the user throughout the session is called continuous authentication. A motivational example for},
keywords = {User Authentication},
pubstate = {published},
tppubtype = {article}
}
Efforts to improve the security of the authentication services have historically progressed from what-you-know (ie, passwords) to what-you-have (ie, tokens), then to what-you-are (ie, biometrics) as attacks have increased in sophistication and become widespread [80, 85]. While the deployment of biometric authentication systems increases the usability of the authentication systems, the plethora of cyber-attacks demands more user information from biometrics, which introduces additional security and privacy challenges in the authentication systems. In this landscape, another challenge is due to the nature of one-time authentication, which verifies users only at the initial login session regardless of being single-or multi-factor. This is a serious security risk as once the attacker bypasses the initial authentication, it will have a forever access or if the user leaves the system intentionally/unintentionally unlocked, anyone such as an insider or a strong outsider adversary [11], who has physical access to the system will have access to the system without the actual user notification. Therefore, the user should be continuously monitored and re-authenticated. In the literature, several solutions such as time-out or token (or even RFID) based solutions are proposed to address these issues in the authentication systems [55]. Indeed, biometric-based systems are considered to be ideal and usable for such cases as they cannot be easily misplaced unlike tokens, or forgotten unlike passwords, or easily forged by an imposter. The method of verifying and authorizing the user throughout the session is called continuous authentication. A motivational example for
2020
Newaz, AKM Iqtidar; Haque, Nur Imtiazul; Sikder, Amit Kumar; Rahman, Mohammad Ashiqur; Uluagac, A Selcuk
Adversarial attacks to machine learning-based smart healthcare systems Proceedings Article
In: pp. 1–6, IEEE, 2020.
Abstract | Links | BibTeX | Tags: Network Security
@inproceedings{nokey,
title = {Adversarial attacks to machine learning-based smart healthcare systems},
author = {AKM Iqtidar Newaz and Nur Imtiazul Haque and Amit Kumar Sikder and Mohammad Ashiqur Rahman and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9322472/},
year = {2020},
date = {2020-01-01},
pages = {1–6},
publisher = {IEEE},
school = {Florida International University},
abstract = {The increasing availability of healthcare data requires accurate analysis of disease diagnosis, progression, and real-time monitoring to provide improved treatments to the patients. In this context, Machine Learning (ML) models are used to extract valuable features and insights from high-dimensional and heterogeneous healthcare data to detect different diseases and patient activities in a Smart Healthcare System (SHS). However, recent researches show that ML models used in different application domains are vulnerable to adversarial attacks. In this paper, we introduce a new type of adversarial attacks to exploit the ML classifiers used in a SHS. We consider an adversary who has partial knowledge of data distribution, SHS model, and ML algorithm to perform both targeted and untargeted attacks. Employing these adversarial capabilities, we manipulate medical device readings to alter patient status (disease},
keywords = {Network Security},
pubstate = {published},
tppubtype = {inproceedings}
}
The increasing availability of healthcare data requires accurate analysis of disease diagnosis, progression, and real-time monitoring to provide improved treatments to the patients. In this context, Machine Learning (ML) models are used to extract valuable features and insights from high-dimensional and heterogeneous healthcare data to detect different diseases and patient activities in a Smart Healthcare System (SHS). However, recent researches show that ML models used in different application domains are vulnerable to adversarial attacks. In this paper, we introduce a new type of adversarial attacks to exploit the ML classifiers used in a SHS. We consider an adversary who has partial knowledge of data distribution, SHS model, and ML algorithm to perform both targeted and untargeted attacks. Employing these adversarial capabilities, we manipulate medical device readings to alter patient status (disease
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
PoisonIvy: (In) secure Practices of Enterprise IoT Systems in Smart Buildings Journal Article
In: pp. 130–139, 2020.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {PoisonIvy: (In) secure Practices of Enterprise IoT Systems in Smart Buildings},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://dl.acm.org/doi/abs/10.1145/3408308.3427606},
year = {2020},
date = {2020-01-01},
pages = {130–139},
school = {Florida International University},
abstract = {The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, government, or private smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors (e.g., Control4, Crestron, Lutron, etc.). As EIoT systems require specialized training, software, and equipment to deploy, many of these systems are closed-source and proprietary in nature. This has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, government, or private smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors (e.g., Control4, Crestron, Lutron, etc.). As EIoT systems require specialized training, software, and equipment to deploy, many of these systems are closed-source and proprietary in nature. This has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat
Aksu, Hidayet; Uluagac, A Selcuk; Bentley, Elizabeth S
Internet of things (IoT) identifying system and associated methods Patent
2020.
Abstract | Links | BibTeX | Tags: Internet of Things
@patent{nokey,
title = {Internet of things (IoT) identifying system and associated methods},
author = {Hidayet Aksu and A Selcuk Uluagac and Elizabeth S Bentley},
url = {https://patents.google.com/patent/US10826902B1/en},
year = {2020},
date = {2020-01-01},
school = {Florida International University},
abstract = {A wireless Internet-of-Things (IoT) device identification method and framework incorporates machine learning (ML) techniques with information from the protocol used (eg, Bluetooth, Bluetooth Low Energy/Bluetooth Smart, and others). A passive, non-intrusive feature selection technique targets IoT device captures with an ML classifier selection algorithm for the identification of IoT devices (ie, picking the best performing ML algorithm among multiple ML algorithms available). Using an input training label and training dataset (eg, training wireless IoT packets) associated with the IoT device, a classifier and a filter are selected. An inter-arrival-time (IAT) associated with the filtered training data set and a density distribution for the IAT are then calculated. After converting the density distribution to the training feature vector, a prediction model and the selected classifier are stored for subsequent application to testing},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {patent}
}
A wireless Internet-of-Things (IoT) device identification method and framework incorporates machine learning (ML) techniques with information from the protocol used (eg, Bluetooth, Bluetooth Low Energy/Bluetooth Smart, and others). A passive, non-intrusive feature selection technique targets IoT device captures with an ML classifier selection algorithm for the identification of IoT devices (ie, picking the best performing ML algorithm among multiple ML algorithms available). Using an input training label and training dataset (eg, training wireless IoT packets) associated with the IoT device, a classifier and a filter are selected. An inter-arrival-time (IAT) associated with the filtered training data set and a density distribution for the IAT are then calculated. After converting the density distribution to the training feature vector, a prediction model and the selected classifier are stored for subsequent application to testing
Rondon, Luis Puche; Babun, Leonardo; Aris, Ahmet; Akkaya, Kemal; Uluagac, A Selcuk
PoisonIvy:(In) secure Practices of Enterprise IoT Systems in Smart Buildings Journal Article
In: arXiv e-prints, pp. arXiv: 2010.05658, 2020.
Abstract | Links | BibTeX | Tags: Internet of Things
@article{nokey,
title = {PoisonIvy:(In) secure Practices of Enterprise IoT Systems in Smart Buildings},
author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ui.adsabs.harvard.edu/abs/2020arXiv201005658P/abstract},
year = {2020},
date = {2020-01-01},
journal = {arXiv e-prints},
pages = {arXiv: 2010.05658},
school = {Florida International University},
abstract = {The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors. As EIoT systems require specialized training, software, and equipment to deploy, this has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat vector for an attacker. In this work, we explore EIoT system vulnerabilities and insecure development practices. Specifically, focus on},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {article}
}
The rise of IoT devices has led to the proliferation of smart buildings, offices, and homes worldwide. Although commodity IoT devices are employed by ordinary end-users, complex environments such as smart buildings, smart offices, conference rooms, or hospitality require customized and highly reliable solutions. Those systems called Enterprise Internet of Things (EIoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors. As EIoT systems require specialized training, software, and equipment to deploy, this has led to very little research investigating the security of EIoT systems and their components. In effect, EIoT systems in smart settings such as smart buildings present an unprecedented and unexplored threat vector for an attacker. In this work, we explore EIoT system vulnerabilities and insecure development practices. Specifically, focus on
Newaz, AKM Iqtidar; Haque, Nur Imtiazul; Sikder, Amit Kumar; Rahman, Mohammad Ashiqur; Uluagac, A Selcuk
Adversarial attacks to machine learning-based smart healthcare systems Journal Article
In: arXiv e-prints, pp. arXiv: 2010.03671, 2020.
Abstract | Links | BibTeX | Tags: Network Security
@article{nokey,
title = {Adversarial attacks to machine learning-based smart healthcare systems},
author = {AKM Iqtidar Newaz and Nur Imtiazul Haque and Amit Kumar Sikder and Mohammad Ashiqur Rahman and A Selcuk Uluagac},
url = {https://ui.adsabs.harvard.edu/abs/2020arXiv201003671I/abstract},
year = {2020},
date = {2020-01-01},
journal = {arXiv e-prints},
pages = {arXiv: 2010.03671},
school = {Florida International University},
abstract = {The increasing availability of healthcare data requires accurate analysis of disease diagnosis, progression, and realtime monitoring to provide improved treatments to the patients. In this context, Machine Learning (ML) models are used to extract valuable features and insights from high-dimensional and heterogeneous healthcare data to detect different diseases and patient activities in a Smart Healthcare System (SHS). However, recent researches show that ML models used in different application domains are vulnerable to adversarial attacks. In this paper, we introduce a new type of adversarial attacks to exploit the ML classifiers used in a SHS. We consider an adversary who has partial knowledge of data distribution, SHS model, and ML algorithm to perform both targeted and untargeted attacks. Employing these adversarial capabilities, we manipulate medical device readings to alter patient status (disease},
keywords = {Network Security},
pubstate = {published},
tppubtype = {article}
}
The increasing availability of healthcare data requires accurate analysis of disease diagnosis, progression, and realtime monitoring to provide improved treatments to the patients. In this context, Machine Learning (ML) models are used to extract valuable features and insights from high-dimensional and heterogeneous healthcare data to detect different diseases and patient activities in a Smart Healthcare System (SHS). However, recent researches show that ML models used in different application domains are vulnerable to adversarial attacks. In this paper, we introduce a new type of adversarial attacks to exploit the ML classifiers used in a SHS. We consider an adversary who has partial knowledge of data distribution, SHS model, and ML algorithm to perform both targeted and untargeted attacks. Employing these adversarial capabilities, we manipulate medical device readings to alter patient status (disease
Bautista, Oscar; Akkaya, Kemal; Uluagac, A Selcuk
Customized novel routing metrics for wireless mesh-based swarm-of-drones applications Journal Article
In: Internet of Things, vol. 11, pp. 100265, 2020.
Abstract | Links | BibTeX | Tags: Drones
@article{nokey,
title = {Customized novel routing metrics for wireless mesh-based swarm-of-drones applications},
author = {Oscar Bautista and Kemal Akkaya and A Selcuk Uluagac},
url = {https://www.sciencedirect.com/science/article/pii/S2542660520300998},
year = {2020},
date = {2020-01-01},
journal = {Internet of Things},
volume = {11},
pages = {100265},
publisher = {Elsevier},
school = {Florida International University},
abstract = {With the proliferation of drones, there is an increasing interest on utilizing swarm-of-drones in numerous applications from surveillance to search and rescue. While a swarm-of-drones (a.k.a flying ad hoc networks (FANETs)) is essentially a special form of mobile ad-hoc networks (MANETs) which has been studied for many years, there are unique requirements of drone applications that necessitate re-visiting MANET protocols. These challenges stem from 3-D environments the drones are deployed in, and their specific way of mobility which adds to the wireless link management challenges among the drones. To tackle these challenges, in this paper, we propose adopting the current mesh standard, namely IEEE 802.11s, in its routing capabilities to provide improved performance. Specifically, we propose two new link quality routing metrics called SrFTime and CRP as an alternative to the IEEE 802.11s default Airtime},
keywords = {Drones},
pubstate = {published},
tppubtype = {article}
}
With the proliferation of drones, there is an increasing interest on utilizing swarm-of-drones in numerous applications from surveillance to search and rescue. While a swarm-of-drones (a.k.a flying ad hoc networks (FANETs)) is essentially a special form of mobile ad-hoc networks (MANETs) which has been studied for many years, there are unique requirements of drone applications that necessitate re-visiting MANET protocols. These challenges stem from 3-D environments the drones are deployed in, and their specific way of mobility which adds to the wireless link management challenges among the drones. To tackle these challenges, in this paper, we propose adopting the current mesh standard, namely IEEE 802.11s, in its routing capabilities to provide improved performance. Specifically, we propose two new link quality routing metrics called SrFTime and CRP as an alternative to the IEEE 802.11s default Airtime
Rondon, Luis Puche; Babun, Leonardo; Akkaya, Kemal; Uluagac, A Selcuk
HDMI-watch: Smart intrusion detection system against HDMI attacks Proceedings Article
In: pp. 2060–2072, IEEE, 2020.
Abstract | Links | BibTeX | Tags: Internet of Things
@inproceedings{nokey,
title = {HDMI-watch: Smart intrusion detection system against HDMI attacks},
author = {Luis Puche Rondon and Leonardo Babun and Kemal Akkaya and A Selcuk Uluagac},
url = {https://ieeexplore.ieee.org/abstract/document/9180069/},
year = {2020},
date = {2020-01-01},
journal = {IEEE Transactions on Network Science and Engineering},
volume = {8},
number = {3},
issue = {3},
pages = {2060–2072},
publisher = {IEEE},
school = {Florida International University},
abstract = {The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video connections between video-enabled devices. Today, nearly ten billion HDMI devices are used to distribute A/V signals in homes, offices, concert halls, and sporting events. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows HDMI devices to share an HDMI distribution to communicate and interact with each other. In this work, we identify security and privacy issues in HDMI networks by taping into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks. We study how current insecure CEC protocol practices and carelessly implemented HDMI distributions may grant an adversary a novel attack surface for HDMI devices, otherwise thought to be unreachable through traditional network means. We first},
keywords = {Internet of Things},
pubstate = {published},
tppubtype = {inproceedings}
}
The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video connections between video-enabled devices. Today, nearly ten billion HDMI devices are used to distribute A/V signals in homes, offices, concert halls, and sporting events. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows HDMI devices to share an HDMI distribution to communicate and interact with each other. In this work, we identify security and privacy issues in HDMI networks by taping into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks. We study how current insecure CEC protocol practices and carelessly implemented HDMI distributions may grant an adversary a novel attack surface for HDMI devices, otherwise thought to be unreachable through traditional network means. We first
Saputro, Nico; Tonyali, Samet; Aydeger, Abdullah; Akkaya, Kemal; Rahman, Mohammad A; Uluagac, Selcuk
A review of moving target defense mechanisms for internet of things applications Journal Article
In: pp. 563–614, 2020.
Abstract | Links | BibTeX | Tags: Malware
@article{nokey,
title = {A review of moving target defense mechanisms for internet of things applications},
author = {Nico Saputro and Samet Tonyali and Abdullah Aydeger and Kemal Akkaya and Mohammad A Rahman and Selcuk Uluagac},
url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/9781119593386.ch24},
year = {2020},
date = {2020-01-01},
pages = {563–614},
publisher = {John Wiley & Sons, Inc.},
school = {Florida International University},
abstract = {The chapter presents a review of proactive Moving Target Defense (MTD) paradigm and investigates the feasibility and potential of specific MTD approaches for the resourceconstrained Internet of Things (IoT) applications. The aim is not only to provide taxonomy of various MTD approaches but also to advocate MTD techniques in the dynamic network domain in conjunction with the emerging Software Defined Networking (SDN) for more effective proactive IoT defense. The Internet of Battlefield Things (IoBT) and Industrial IoT (IIoT), which subject to more attacks, are identified as two critical IoT domains that can reap from the SDNbased MTD approaches. Finally, the chapter also discusses potential future research challenges of the MTD approaches in the IoT domain.},
keywords = {Malware},
pubstate = {published},
tppubtype = {article}
}
The chapter presents a review of proactive Moving Target Defense (MTD) paradigm and investigates the feasibility and potential of specific MTD approaches for the resourceconstrained Internet of Things (IoT) applications. The aim is not only to provide taxonomy of various MTD approaches but also to advocate MTD techniques in the dynamic network domain in conjunction with the emerging Software Defined Networking (SDN) for more effective proactive IoT defense. The Internet of Battlefield Things (IoBT) and Industrial IoT (IIoT), which subject to more attacks, are identified as two critical IoT domains that can reap from the SDNbased MTD approaches. Finally, the chapter also discusses potential future research challenges of the MTD approaches in the IoT domain.
