Publications

1.

Fernando Brito, Yassine Mekdad, Monique Ross, Mark A. Finlayson, Selcuk Uluagac

Enhancing Cybersecurity Education with Artificial Intelligence Content Proceedings Article

In: Proceedings of the 56th ACM SIGCSE Technical Symposium on Computer Science Education (SIGCSE TS), 2025.

Abstract | Links | BibTeX | Tags: artificial intelligence, cybersecurity education, sentiment analysis

@inproceedings{brito2025enhancing,

title = {Enhancing Cybersecurity Education with Artificial Intelligence Content},

author = {Fernando Brito and Yassine Mekdad and Monique Ross and Mark A. Finlayson and Selcuk Uluagac},

url = {https://doi.org/10.1145/3641554.3701958},

doi = {10.1145/3641554.3701958},

year  = {2025},

date = {2025-02-28},

urldate = {2025-02-28},

booktitle = {Proceedings of the 56th ACM SIGCSE Technical Symposium on Computer Science Education (SIGCSE TS)},

series = {SIGCSE Technical Symposium (SIGCSE TS) 2025},

abstract = {Artificial Intelligence (AI) has become a fundamental tool for cybersecurity researchers and practitioners. It is frequently used to address major security problems such as supply chain attacks, ransomware threats, and social engineering. In this context, integrating AI into cybersecurity workflows requires incorporating AI-driven approaches into the educational training of the cybersecurity workforce. This paradigm shift in academic settings will introduce the necessary skills for cybersecurity professionals to operate modern AI-based systems. Yet, the current cybersecurity curriculum still suffers from the absence of AI resources, particularly the detailed understanding of the appropriate AI mechanisms. Such absence leaves skill gaps for future professionals and practitioners in the industry. To address this, we designed an academic lecture module on AI covering both theory and practice. Then, we taught the module across six cybersecurity courses in our institution. To assess the effectiveness of integrating AI materials into cybersecurity education, we collected data by presenting two surveys before and after the lecture (concluding 81 participants per survey). Specifically, we utilized widely accepted models for unbiased analysis of our data. Our experimental results show positive AI knowledge improvement by 30% of the participants, demonstrating the beneficial impact of the lecture. Then, we observed a high similarity score between the survey responses and the lecture content, reaching 84%. Moreover, our sentiment analysis results reflect positive feedback from the participants with a positive score of 0.50. Overall, our study serves as a reference for instructional designers for developing educational curricula aiming to integrate AI into cybersecurity education.},

keywords = {artificial intelligence, cybersecurity education, sentiment analysis},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

2.

C. Mazzocca, A. Acar, S. Uluagac, R. Montanari, P. Bellavista,, M. Conti

A survey on decentralized identifiers and verifiable credentials Journal Article

In: IEEE Communications Surveys & Tutorials, pp. 1-1, 2025, ISSN: 1553-877X.

Abstract | Links | BibTeX | Tags:

@article{mazzocca2024survey,

title = {A survey on decentralized identifiers and verifiable credentials},

author = {C. Mazzocca, A. Acar, S. Uluagac, R. Montanari, P. Bellavista, and M. Conti},

url = {https://ieeexplore.ieee.org/document/10891701},

doi = {10.1109/COMST.2025.3543197},

issn = {1553-877X},

year  = {2025},

date = {2025-02-18},

urldate = {2025-02-18},

journal = {IEEE Communications Surveys & Tutorials},

pages = {1-1},

abstract = {Digital identity has always been one of the keystones for implementing secure and trustworthy communications among parties. The ever-evolving digital landscape has undergone numerous technological transformations that have profoundly reshaped digital identity management, leading to a major shift from centralized to decentralized identity models. The latest stage of this evolution is represented by the emerging paradigm of Self-Sovereign Identity (SSI), which gives identity owners full control over their data. SSI leverages Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs), which have been recently standardized by theWorldWideWeb Consortium (W3C). These technologies have the potential to build more secure and decentralized digital identity systems, significantly strengthening communication security in scenarios involving many distributed participants. It is worth noting that use of DIDs and VCs is not limited to individuals but extends to a wide range of entities including cloud, edge, and Internet of Things (IoT) resources. However, due to their novelty, existing literature lacks a comprehensive survey on DIDs and VCs beyond the scope of SSI. This paper fills this gap by providing a comprehensive overview of DIDs and VCs from multiple perspectives. It identifies key security threats and mitigation strategies, analyzes available implementations to guide practitioners in making informed decisions, and reviews the adoption of these technologies across various application domains. Moreover, it also examines related regulations, projects, and consortiums emerging worldwide. Finally, it discusses the primary challenges hindering their real-world adoption and outlines future research directions.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

3.

Harun Oz, Ahmet Aris, Abbas Acar, Amin Kharraz, Selcuk Uluagac

System and Method for Real-Time Detection of Unrestricted File Upload Vulnerabilities in Node.js Applications Patent

US12197591B1, 2025.

Links | BibTeX | Tags:

4.

H. Oz, G. S. Tuncay, A. Aris, A. Acar, L. Babun,, S. Uluagac,

Ransomware over modern web browsers: A novel strain and a new defense mechanism Journal Article

In: ACM Transactions on Web, vol. 19, no. 6, pp. 1-28, 2025.

Abstract | Links | BibTeX | Tags: Web Security

@article{oz2025ransomware,

title = {Ransomware over modern web browsers: A novel strain and a new defense mechanism},

author = {H. Oz, G. S. Tuncay, A. Aris, A. Acar, L. Babun, and S. Uluagac,},

url = {https://dl.acm.org/doi/full/10.1145/3708514},

doi = {10.1145/3708514},

year  = {2025},

date = {2025-01-10},

urldate = {2025-01-10},

journal = {ACM Transactions on Web},

volume = {19},

number = {6},

pages = {1-28},

abstract = {Ransomware is an increasingly prevalent form of malware targeting end-users, governments, and businesses. As it has evolved, adversaries added new capabilities to their arsenal. We propose a next-generation browser-based ransomware, RøB, which performs its malicious actions via web technologies, File System Access API (FSA) and WebAssembly (Wasm). RøB uses this API through the victims’ browsers; hence, it does not require the victims to download and install malicious binaries. We performed extensive evaluations with three different OSs, 23 file formats, 29 distinct directories, five cloud providers, and four antivirus solutions. Our evaluations show that RøB can encrypt various types of files in the local and cloud-integrated directories, external storage devices, and network-shared folders of victims. Our experiments also reveal that popular cloud solutions, Box Individual and Apple iCloud can be severely affected by RøB. Moreover, we conducted tests with commercial antivirus software such as AVG, Avast, Kaspersky, and Malware Bytes that perform sensitive directory and suspicious behavior monitoring against ransomware. We verified that RøB can evade these antivirus software and encrypt victim files. Moreover, existing ransomware detection solutions in the literature also cannot be a remedy against RøB due to its distinct features. Therefore, in this paper, we also propose RøBguard, a new detection system for RøB-like attacks. RøBguard monitors the web applications that use the FSA API via function hooking and uses a machine learning classifier to detect RøB-like attacks. We implemented a proof of concept version ofRøBguard and our evaluation results show thatRøBguard can detectRøB-like browser-based ransomware attacks effectively. We also provide future research directions that should be addressed in this domain},

keywords = {Web Security},

pubstate = {published},

tppubtype = {article}

}

Close

5.

H. Oz, D. C. D’Elia, G. S. Tuncay, A. Acar, R. Lazzeretti,, S. Uluagac

With great power comes great responsibility: Security and privacy issues of modern browser application programming interfaces Journal Article

In: IEEE Security & Privacy, vol. 23, iss. 2, pp. 52-60, 2024.

Links | BibTeX | Tags:

6.

Andrade, Diana Pineda, Akkaya, Kemal, Perez-Pons, Alexander, Uluagac, Selcuk, Sahin, Abdulhadi

DDoS Attack Detection and Mitigation in 5G Networks using P4 and SDN Proceedings

2024 IEEE 49th Conference on Local Computer Networks (LCN), 2024, ISSN: 2831-7742.

Abstract | Links | BibTeX | Tags:

7.

H. Oz, G. S. Tuncay, A. Aris, A. Kharraz,, S. Uluagac

Beyond the upload button: A 10-year retrospective on security issues within file upload Journal Article

In: IEEE Communications Magazine, vol. 65, no. 2, pp. 104-110, 2024, ISSN: 0163-6804.

Abstract | Links | BibTeX | Tags: Web Security

8.

Yassine Mekdad, Abbas Acar, Ahmet Aris, Abdeslam El Fergougui, Mauro Conti, Riccardo Lazzeretti, Selcuk Uluagac

Exploring Jamming and Hijacking Attacks for Micro Aerial Drones Proceedings Article

In: Proceedings of the IEEE International Conference on Communications (ICC), 2024.

Abstract | Links | BibTeX | Tags: Crazyflie, hijacking attack, jamming attack, micro aerial drones, UAVs

9.

Harun Oz, Abbas Acar, Ahmet Aris, Güliz Seray Tuncay, Amin Kharraz, Selcuk Uluagac

(In)Security of File Uploads in Node.js Proceedings Article

In: Proceedings of the ACM on Web Conference, 2024.

Abstract | Links | BibTeX | Tags: Web Security

@inproceedings{Oz:2024,

title = {(In)Security of File Uploads in Node.js},

author = {Harun Oz and Abbas Acar and Ahmet Aris and Güliz Seray Tuncay and Amin Kharraz and Selcuk Uluagac},

url = {https://doi.org/10.1145/3589334.3645342

https://research.google/pubs/insecurity-of-file-uploads-in-nodejs/},

year  = {2024},

date = {2024-05-13},

urldate = {2024-05-13},

booktitle = {Proceedings of the ACM on Web Conference},

series = {WWW '24},

abstract = {File upload is a critical feature incorporated by a myriad of web applications in an effort to enable users to share and manage their files conveniently. It has been used in many useful services such as file-sharing and social media. While file upload is an essential component of web applications, the lack of rigorous checks on the file name, type, and content of the uploaded files can result in security issues, often referred to as Unrestricted File Upload (UFU). In this study, we analyze the (in)security of popular file upload libraries and real-world applications in the Node.js ecosystem. To automate our analysis, we propose and implement NodeSEC- a tool designed to analyze file upload insecurities in Node.js applications and libraries. NodeSEC generates unique payloads and thoroughly evaluates the application's file upload security against 13 distinct UFU-type attacks. Utilizing NodeSEC, we analyze the most popular file upload libraries and real-world applications in the Node.js ecosystem. Our analysis results reveal that some real-world web applications are vulnerable to UFU attacks and disclose serious security bugs in file upload libraries. As of this writing, we received 19 CVEs and two US-CERT cases for the security issues that we reported. Our findings provide strong evidence that dynamic features of Node.js applications introduce security shortcomings and that web developers should be cautious when implementing file upload features in their applications. Finally, combining our responsible disclosure experience and root cause analysis, we identified the main causes of significant security weaknesses in file uploads in Node.js.},

keywords = {Web Security},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

10.

Yassine Mekdad, Faraz Naseem, Ahmet Aris, Harun Oz, Abbas Acar, Leonardo Babun, Selcuk Uluagac, Güliz Seray Tuncay, Nasir Ghani

On the robustness of image-based malware detection against adversarial attacks Book Chapter

In: Springer Network Security Empowered by Artificial Intelligence, 2024.

Abstract | Links | BibTeX | Tags: adversarial attacks, convolutional neural network, FGSM, image-based malware detection, MalConv, robustness

@inbook{mekdad2024robustness,

title = {On the robustness of image-based malware detection against adversarial attacks},

author = {Yassine Mekdad and Faraz Naseem and Ahmet Aris and Harun Oz and Abbas Acar and Leonardo Babun and Selcuk Uluagac and Güliz Seray Tuncay and Nasir Ghani},

url = {https://doi.org/10.1007/978-3-031-53510-9_13},

doi = {10.1007/978-3-031-53510-9_13},

year  = {2024},

date = {2024-02-24},

urldate = {2024-02-24},

booktitle = {Springer Network Security Empowered by Artificial Intelligence},

journal = {Springer Advances in Information Security},

series = {Advances in Information Security},

abstract = {Machine and deep learning models are now one of the most valuable tools in the arsenal of computer security practitioners. Their success has been demonstrated in various network-security-oriented applications such as intrusion detection, cyber threat intelligence, vulnerability discovery, and malware detection. Nevertheless, recent research studies have shown that crafted adversarial samples can be used to evade malware detection models. Even though several defense mechanisms such as adversarial training have been proposed in the malware detection domain to address this issue, they unfortunately suffer from model poisoning and low detection accuracy. In this chapter, we assess the robustness of an image-based malware classifier against four different adversarial attacks: (a) random and benign brute-force byte append attacks for black-box settings and (b) random and benign Fast Gradient Sign Method (FGSM) attacks for white-box settings. To this end, we implement a Convolutional Neural Network (CNN) to classify the image representations of Windows Portable Executable (PE) malware with a detection accuracy of 95.05 %. Then, we evaluate its robustness alongside MalConv, a state-of-the-art malware classifier, by applying a set of functionality-preserving adversarial attacks. Our experimental results demonstrate that the image-based classifier exhibits a lower evasion rate of 5 % compared to MalConv’s 44–54 % in black-box settings; however, in white-box settings, both models fail against random byte and benign byte FGSM attacks, with an evasion rate exceeding 46 %.},

keywords = {adversarial attacks, convolutional neural network, FGSM, image-based malware detection, MalConv, robustness},

pubstate = {published},

tppubtype = {inbook}

}

Close

11.

Derin Cayir, Abbas Acar, Ricardo Lazzeretti, Marco Angelini, Mauro Conti, Selcuk Uluagac

Augmenting Security and Privacy in the Virtual Realm: An Analysis of Extended Reality Devices Journal Article

In: IEEE Security & Privacy Magazine, 2024.

Abstract | Links | BibTeX | Tags: AR/VR/XR Security/Privacy

12.

Ehsan Nowroozi, Yassine Mekdad, Mauro Conti, Simone Milani, Selcuk Uluagac

Real or Virtual: A Video Conferencing Background Manipulation-Detection System Journal Article

In: Springer Multimedia Tools and Applications Journal, 2024.

Abstract | Links | BibTeX | Tags: Network Security, Web Security

@article{EhsanRealOrVirtual,

title = {Real or Virtual: A Video Conferencing Background Manipulation-Detection System},

author = {Ehsan Nowroozi and Yassine Mekdad and Mauro Conti and Simone Milani and Selcuk Uluagac},

url = {https://link.springer.com/article/10.1007/s11042-024-20251-6},

year  = {2024},

date = {2024-01-05},

urldate = {2024-01-05},

booktitle = {Multimedia Tools and Applications},

journal = {Springer Multimedia Tools and Applications Journal},

abstract = {Recently, the popularity and wide use of the last-generation video conferencing technologies created an exponential growth in its market size. Such technology allows participants in different geographic regions to have a virtual face-to-face meeting. Additionally, it enables users to employ a virtual background to conceal their own environment due to privacy concerns or to reduce distractions, particularly in professional settings. Nevertheless, in scenarios where the users should not hide their actual locations, they may mislead other participants by claiming their virtual background as a real one. Therefore, it is crucial to develop tools and strategies to detect the authenticity of the considered virtual background. In this paper, we present a detection strategy to distinguish between real and virtual video conferencing user backgrounds. We demonstrate that our detector is robust against two attack scenarios. The first scenario considers the case where the detector is unaware about the attacks and inn the second scenario, we make the detector aware of the adversarial attacks, which we refer to Adversarial Multimedia Forensics (i.e, the forensically-edited frames are included in the training set). Given the lack of publicly available dataset of virtual and real backgrounds for video conferencing, we created our own dataset and made them publicly available [1]. Then, we demonstrate the robustness of our detector against different adversarial attacks that the adversary considers. Ultimately, our detector's performance is significant against the CRSPAM1372 [2] features, and post-processing operations such as geometric transformations with different quality.},

keywords = {Network Security, Web Security},

pubstate = {published},

tppubtype = {article}

}

Close

13.

Abbas Acar, Güliz Seray Tuncay, Esteban Luques, Harun Oz, Ahmet Aris, Selcuk Uluagac

50 Shades of Support: A Device-Centric Analysis of Android Security Updates Conference

In the Proceedings of the 31st Network and Distributed System Security Symposium (NDSS), 2024.

Abstract | Links | BibTeX | Tags: Android Security, Mobile Security

@conference{acar2024fifty,

title = {50 Shades of Support: A Device-Centric Analysis of Android Security Updates},

author = {Abbas Acar and Güliz Seray Tuncay and Esteban Luques and Harun Oz and Ahmet Aris and Selcuk Uluagac},

url = {https://research.google/pubs/50-shades-of-support-a-device-centric-analysis-of-android-security-updates/},

year  = {2024},

date = {2024-01-01},

urldate = {2024-01-01},

booktitle = {In the Proceedings of the 31st Network and Distributed System Security Symposium (NDSS)},

abstract = {Android is by far the most popular OS with over three billion active mobile devices. As in any software, uncovering vulnerabilities on Android devices and applying timely patches are both critical. Android Open Source Project (AOSP) has initiated efforts to improve the traceability of security updates through Security Patch Levels (SPLs) assigned to devices. While this initiative provided better traceability for the vulnerabilities, it has not entirely resolved the issues related to the timeliness and availability of security updates for end users. Recent studies on Android security updates have focused on the issue of delay during the security update roll-out, largely attributing this to factors related to fragmentation. However, these studies fail to capture the entire Android ecosystem as they primarily examine flagship devices or do not paint a comprehensive picture of the Android devices’ lifecycle due to the datasets spanning over a short timeframe. To address this gap in the literature, we utilize a device-centric approach to analyze the security update behavior of Android devices. Our approach aims to understand the security update distribution behavior of OEMs (e.g., Samsung) by using a representative set of devices from each OEM and characterize the complete lifecycle of an average Android device. We obtained 367K official security update records from public sources, span- ning from 2014 to 2023. Our dataset contains 599 unique devices from four major OEMs that are used in 97 countries and are associated with 109 carriers. We identify significant differences in the roll-out of security updates across different OEMs, device models/types, and geographical regions across the world. Our findings show that the reasons for the delay in the roll-out of security updates are not limited to fragmentation but also involve OEM-specific factors. Our analysis also uncovers certain key issues that can be readily addressed as well as exemplary practices that can be immediately adopted by OEMs in practice.},

keywords = {Android Security, Mobile Security },

pubstate = {published},

tppubtype = {conference}

}

Close

Android is by far the most popular OS with over three billion active mobile devices. As in any software, uncovering vulnerabilities on Android devices and applying timely patches are both critical. Android Open Source Project (AOSP) has initiated efforts to improve the traceability of security updates through Security Patch Levels (SPLs) assigned to devices. While this initiative provided better traceability for the vulnerabilities, it has not entirely resolved the issues related to the timeliness and availability of security updates for end users. Recent studies on Android security updates have focused on the issue of delay during the security update roll-out, largely attributing this to factors related to fragmentation. However, these studies fail to capture the entire Android ecosystem as they primarily examine flagship devices or do not paint a comprehensive picture of the Android devices’ lifecycle due to the datasets spanning over a short timeframe. To address this gap in the literature, we utilize a device-centric approach to analyze the security update behavior of Android devices. Our approach aims to understand the security update distribution behavior of OEMs (e.g., Samsung) by using a representative set of devices from each OEM and characterize the complete lifecycle of an average Android device. We obtained 367K official security update records from public sources, span- ning from 2014 to 2023. Our dataset contains 599 unique devices from four major OEMs that are used in 97 countries and are associated with 109 carriers. We identify significant differences in the roll-out of security updates across different OEMs, device models/types, and geographical regions across the world. Our findings show that the reasons for the delay in the roll-out of security updates are not limited to fragmentation but also involve OEM-specific factors. Our analysis also uncovers certain key issues that can be readily addressed as well as exemplary practices that can be immediately adopted by OEMs in practice.

Close

14.

Nazli Tekin, Ahmet Aris, Abbas Acar, Selcuk Uluagac, Vehbi Cagri Gungor

A review of on-device machine learning for IoT: An energy perspective Journal Article

In: Elsevier Ad Hoc Networks Journal, 2024.

Abstract | Links | BibTeX | Tags: IoT Security

@article{TEKIN2024103348,

title = {A review of on-device machine learning for IoT: An energy perspective},

author = {Nazli Tekin and Ahmet Aris and Abbas Acar and Selcuk Uluagac and Vehbi Cagri Gungor},

url = {https://www.sciencedirect.com/science/article/pii/S1570870523002688},

year  = {2024},

date = {2024-01-01},

urldate = {2024-01-01},

journal = { Elsevier Ad Hoc Networks Journal},

abstract = {Recently, there has been a substantial interest in on-device Machine Learning (ML) models to provide intelligence for the Internet of Things (IoT) applications such as image classification, human activity recognition, and anomaly detection. Traditionally, ML models are deployed in the cloud or centralized servers to take advantage of their abundant computational resources. However, sharing data with the cloud and third parties degrades privacy and may cause propagation delay in the network due to a large amount of transmitted data impacting the performance of real-time applications. To this end, deploying ML models on-device (i.e., on IoT devices), in which data does not need to be transmitted, becomes imperative. However, deploying and running ML models on already resource-constrained IoT devices is challenging and requires intense energy consumption. Numerous works have been proposed in the literature to address this issue. Although there are considerable works that discuss energy-aware ML approaches for on-device implementation, there remains a gap in the literature on a comprehensive review of this subject. In this paper, we provide a review of existing studies focusing on-device ML models for IoT applications in terms of energy consumption. One of the key contributions of this study is to introduce a taxonomy to define approaches for employing energy-aware on-device ML models on IoT devices in the literature. Based on our review in this paper, our key findings are provided and the open issues that can be investigated further by other researchers are discussed. We believe that this study will be a reference for practitioners and researchers who want to employ energy-aware on-device ML models for IoT applications.},

keywords = {IoT Security},

pubstate = {published},

tppubtype = {article}

}

Close

15.

Tayebeh Rajabi, Alvi Ataur Khalil, Mohammad Hossein Manshaei, Mohammad Ashiqur Rahman, Mohammad Dakhilalian, Maurice Ngouen, Murtuza Jadliwala, A. Selcuk Uluagac

Feasibility Analysis for Sybil Attacks in Shard-Based Permissionless Blockchains Journal Article

In: ACM Distributed Ledger Technologies: Research and Practice Journal, 2023.

Abstract | Links | BibTeX | Tags: Blockchain Security, Network Security, Smart Home Security

@article{Tayabeh2023,

title = {Feasibility Analysis for Sybil Attacks in Shard-Based Permissionless Blockchains},

author = {Tayebeh Rajabi and Alvi Ataur Khalil and Mohammad Hossein Manshaei and Mohammad Ashiqur Rahman and Mohammad Dakhilalian and Maurice Ngouen and Murtuza Jadliwala and A. Selcuk Uluagac},

url = {https://doi.org/10.1145/3618302},

doi = {10.1145/3618302},

year  = {2023},

date = {2023-12-01},

urldate = {2023-12-01},

journal = {ACM Distributed Ledger Technologies: Research and Practice Journal},

publisher = {Association for Computing Machinery},

address = {New York, NY, USA},

abstract = {Committee-based permissionless blockchain approaches overcome single leader consensus protocols’ scalability issues by partitioning the outstanding transaction set into shards and selecting multiple committees to process these transactions in parallel. However, by design, shard-based blockchain solutions are vulnerable to Sybil attacks. An adversary with enough computational/hash power can easily manipulate the consensus protocol by generating multiple valid node identifiers/IDs (i.e., multiple Sybil committee members).Despite the straightforward nature of these attacks, they have not been systematically investigated. This article fills this research gap by analyzing Sybil attacks in shard-based consensus of proof-of-work blockchain systems. Specifically, we provide a detailed analysis for Elastico, one of the prominent shard-based blockchain models. We show that the proof-of-work technique used for ID generation in the initial phase of such protocols is vulnerable to Sybil attacks when an adversary (could be a group of colluding nodes) possesses enough hash power. We analytically derive conditions for two different Sybil attacks and perform numerical simulations to validate our theoretical results under various parameters. Further, we utilize the BlockSim simulator to validate our mathematical computation, and results confirm the correctness of the analysis.},

keywords = {Blockchain Security, Network Security, Smart Home Security},

pubstate = {published},

tppubtype = {article}

}

Close

16.

Ngouen, Maurice, Rahman, Mohammad Ashiqur, Prabakar, Nagarajan, Uluagac, Selcuk, Njilla, Laurent

Q-SECURE: A Quantum Resistant Security for Resource Constrained IoT Device Encryption Conference

2023 10th International Conference on Internet of Things: Systems, Management and Security (IOTSMS), IEEE, 2023, ISSN: 2832-3033.

Abstract | Links | BibTeX | Tags:

17.

E. Nowroozi, M. Mohammadi, P. Golmohammadi, Y. Mekdad, M. Conti,, S. Uluagac

Resisting deep learning models against adversarial attack transferability via feature randomization Journal Article

In: IEEE Transactions on Services Computing, vol. 17, pp. 18-29, 2023, ISSN: 1939-1374.

Links | BibTeX | Tags:

18.

Aldin Vehabovic, Hadi Zanddizari, Nasir Ghani, G. Javidi, A. Selcuk Uluagac, M. Rahouti, E. Bou-Harb, M. Safaei Pour

Ransomware Detection Using Federated Learning with Imbalanced Datasets Proceedings Article

In: Proceedings of the 2023 IEEE 20th International Conference on Smart Communities: Improving Quality of Life using AI, Robotics and IoT (HONET), 2023.

Links | BibTeX | Tags:

19.

D. Cayir, A. Acar, R. Lazzeretti, M. Angelini, M. Conti,, S. Uluagac

Augmenting security and privacy in the virtual realm: An analysis of extended reality devices Best Paper Bachelor Thesis

2023, ISSN: 1540-7993.

Links | BibTeX | Tags:

20.

Harun Oz, Ahmet Aris, Abbas Acar, Güliz Seray Tuncay, Leonardo Babun, Selcuk Uluagac

RøB: Ransomware over Modern Web Browsers Conference

In the Proceedings of the 32nd USENIX Security Symposium, 2023.

Abstract | Links | BibTeX | Tags: Malware, Ransomware, Web Security

@conference{OZRans2023,

title = {RøB: Ransomware over Modern Web Browsers},

author = {Harun Oz and Ahmet Aris and Abbas Acar and Güliz Seray Tuncay and Leonardo Babun and Selcuk Uluagac},

url = {https://www.usenix.org/conference/usenixsecurity23/presentation/oz

https://www.youtube.com/watch?v=MUVNz6p3_jk

https://research.google/pubs/r%C3%B8b-ransomware-over-modern-web-browsers/},

year  = {2023},

date = {2023-08-01},

urldate = {2023-08-01},

booktitle = {In the Proceedings of the 32nd USENIX Security Symposium},

abstract = {File System Access (FSA) API enables web applications to interact with files on the users' local devices. Even though it can be used to develop rich web applications, it greatly extends the attack surface, which can be abused by adversaries to cause significant harm. In this paper, for the first time in the literature, we extensively study this new attack vector that can be used to develop a powerful new ransomware strain over a browser. Using the FSA API and WebAssembly technology, we demonstrate this novel browser-based ransomware called RøB as a malicious web application that encrypts the user's files from the browser. We use RøB to perform impact analysis with different OSs, local directories, and antivirus solutions as well as to develop mitigation techniques against it. Our evaluations show that RøB can encrypt the victim's local files including cloud-integrated directories, external storage devices, and network-shared folders regardless of the access limitations imposed by the API. Moreover, we evaluate and show how the existing defense solutions fall short against RøB in terms of their feasibility. We propose three potential defense solutions to mitigate this new attack vector. These solutions operate at different levels (i.e., browser-level, file-system-level, and user-level) and are orthogonal to each other. Our work strives to raise awareness of the dangers of RøB-like browser-based ransomware strains and shows that the emerging API documentation (i.e., the popular FSA) can be equivocal in terms of reflecting the extent of the threat.},

keywords = {Malware, Ransomware, Web Security},

pubstate = {published},

tppubtype = {conference}

}

Close

21.

Oscar G. Bautista, Mohammad Hossein Manshaei, Richard Hernandez, Kemal Akkaya, Soamar Homsi, Selcuk Uluagac

MPC-ABC: Blockchain-Based Network Communication for Efficiently Secure Multiparty Computation Journal Article

In: Springer Journal of Network and Systems Management Journal, 2023.

Abstract | Links | BibTeX | Tags: Secure Multipart Computation

22.

N. Haque, M. Ngouen, M. Rahman, S. Uluagac, L. Njilla

SHATTER: Control and Defense-Aware Attack Analytics for Activity-Driven Smart Home Systems Conference

In the Proceedings of the 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2023.

Abstract | Links | BibTeX | Tags: Cryptojacking, Smart Home Security

23.

Javier Franco, Abbas Acar, Ahmet Aris, A. Selcuk Uluagac

Forensic Analysis of Cryptojacking in Host-Based Docker Containers Using Honeypots Proceedings Article

In: Proceedings of the 2023 IEEE International Conference on Communications (ICC), 2023.

Links | BibTeX | Tags:

24.

Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, A. Selcuk Uluagac

LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication Buses Journal Article

In: ACM Digital Threats: Research and Practice Journal, 2023.

Abstract | Links | BibTeX | Tags: Enterprise Security, IoT Security

@article{PucheIoT,

title = {LGuard: Securing Enterprise-IoT Systems against Serial-Based Attacks via Proprietary Communication Buses},

author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and A. Selcuk Uluagac},

url = {https://doi.org/10.1145/3555721},

year  = {2023},

date = {2023-03-01},

urldate = {2023-03-01},

journal = {ACM Digital Threats: Research and Practice Journal},

publisher = {Association for Computing Machinery},

address = {New York, NY, USA},

abstract = {Enterprise Internet of Things (E-IoT) systems allow users to control audio, video, scheduled events, lightning fixtures, door access, and relays in complex smart installations. These systems are widely used in government or smart private offices, smart buildings/homes, conference rooms, schools, hotels, and similar professional settings. However, even with their widespread use, the security of many E-IoT systems and components has not been researched in the literature. To address this research gap, we focus on E-IoT communication buses, one of the core components used to connect E-IoT devices, and introduce LightningStrike attacks that demonstrate several weaknesses with E-IoT proprietary communication protocols used in E-IoT communication buses. Specifically, we show that popular E-IoT proprietary communication protocols are susceptible to Denial-of-Service (DoS), eavesdropping, impersonation, and replay attacks. As such threats cannot be mitigated through traditional defense mechanisms due to the limitations posed by E-IoT, we propose LGuard, a defense system to protect E-IoT systems against the attacks over communication buses. LGuard uses closed-circuit television footage and computer vision techniques to detect replay attacks. For impersonation and DoS attacks, LGuard utilizes traffic analysis. Finally, LGuard obfuscates the E-IoT traffic via inserting redundant traffic to the bus against eavesdropping attacks. We evaluated the performance of LGuard in a realistic E-IoT deployment, and our detailed evaluations show that LGuard achieves an overall accuracy and precision of 99% in detecting DoS, impersonation, and replay attacks while effectively increasing the difficulty of extracting valuable information for eavesdroppers. In addition, LGuard does not incur any operational overhead or modification to the existing E-IoT system.},

keywords = {Enterprise Security, IoT Security},

pubstate = {published},

tppubtype = {article}

}

Close

25.

Ehsan Nowroozi, Mohammadreza Mohammadi, Pargol Golmohammadi, Yassine Mekdad, Mauro Conti, A. Selcuk Uluagac

Resisting Deep Learning Models Against Adversarial Attack Transferability Via Feature Randomization Journal Article

In: IEEE Transactions on Services Computing Journal, 2023.

Abstract | Links | BibTeX | Tags: Adverserial Machine Learning, Machine Learning Security

@article{Ehsan2023ML,

title = {Resisting Deep Learning Models Against Adversarial Attack Transferability Via Feature Randomization},

author = {Ehsan Nowroozi and Mohammadreza Mohammadi and Pargol Golmohammadi and Yassine Mekdad and Mauro Conti and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=10315205},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {IEEE Transactions on Services Computing Journal},

abstract = {In the past decades, the rise of artificial intelligence has given us the capabilities to solve the most challenging problems in our day-to-day lives, such as cancer prediction and autonomous navigation. However, these applications might not be reliable if not secured against adversarial attacks. In addition, recent works demonstrated that some adversarial examples are transferable across different models. Therefore, it is crucial to avoid such transferability via robust models that resist adversarial manipulations. In this paper, we propose a feature randomization-based approach that resists eight adversarial attacks targeting deep learning models in the testing phase. Our novel approach consists of changing the training strategy in the target network classifier and selecting random feature samples. We consider the attacker with a Limited-Knowledge and Semi-Knowledge conditions to undertake the most prevalent types of adversarial attacks. We evaluate the robustness of our approach using the well-known UNSW-NB15 datasets that include realistic and synthetic attacks. Afterward, we demonstrate that our strategy outperforms the existing state-of-the-art approach, such as the Most Powerful Attack, which consists of fine-tuning the network model against specific adversarial attacks. Further, we demonstrate the practicality of our approach using the VIPPrint dataset through a comprehensive set of experiments. Finally, our experimental results show that our methodology can secure the target network and resists adversarial attack transferability by over 60%.},

keywords = {Adverserial Machine Learning, Machine Learning Security},

pubstate = {published},

tppubtype = {article}

}

Close

26.

Yassine Mekdad, Ahmet Aris, Leonardo Babun, Abdeslam El Fergougui, Mauro Conti, Riccardo Lazzeretti, A. Selcuk Uluagac

A survey on security and privacy issues of UAVs Journal Article

In: Elsevier Computer Networks Journal, 2023.

Abstract | Links | BibTeX | Tags: UAV Security

@article{MekdadUAV2023,

title = {A survey on security and privacy issues of UAVs},

author = {Yassine Mekdad and Ahmet Aris and Leonardo Babun and Abdeslam El Fergougui and Mauro Conti and Riccardo Lazzeretti and A. Selcuk Uluagac},

url = {https://www.sciencedirect.com/science/article/pii/S1389128623000713},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {Elsevier Computer Networks Journal},

abstract = {In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this technology in civilian applications such as hostage rescue and parcel delivery will integrate smart cities in the future. Nowadays, the affordability of commercial drones expands their usage on a large scale. However, the development of drone technology is associated with vulnerabilities and threats due to the lack of efficient security implementations. Moreover, the complexity of UAVs in software and hardware triggers potential security and privacy issues. Thus, posing significant challenges for the industry, academia, and governments.



In this paper, we extensively survey the security and privacy issues of UAVs by providing a systematic classification at four levels: Hardware-level, Software-level, Communication-level, and Sensor-level. In particular, for each level, we thoroughly investigate (1) common vulnerabilities affecting UAVs for potential attacks from malicious actors, (2) existing threats that are jeopardizing the civilian application of UAVs, (3) active and passive attacks performed by the adversaries to compromise the security and privacy of UAVs, (4) possible countermeasures and mitigation techniques to protect UAVs from such malicious activities. In addition, we summarize the takeaways that highlight lessons learned about UAVs’ security and privacy issues. Finally, we conclude our survey by presenting the critical pitfalls and suggesting promising future research directions for security and privacy of UAVs.},

keywords = {UAV Security},

pubstate = {published},

tppubtype = {article}

}

Close

27.

Yassine Mekdad, Ahmet Arış, Abbas Acar, Mauro Conti, Riccardo Lazzeretti, Abdeslam El Fergougui, Selcuk Uluagac

A comprehensive security and performance assessment of UAV authentication schemes Journal Article

In: Wiley Security and Privacy Journal, 2023.

Abstract | Links | BibTeX | Tags: Authentication

@article{mekdadCompAUV2022,

title = {A comprehensive security and performance assessment of UAV authentication schemes},

author = {Yassine Mekdad and Ahmet Arış and Abbas Acar and Mauro Conti and Riccardo Lazzeretti and Abdeslam El Fergougui and Selcuk Uluagac},

url = {https://onlinelibrary.wiley.com/doi/abs/10.1002/spy2.338},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {Wiley Security and Privacy Journal},

abstract = {In the past few years, unmanned aerial vehicles (UAVs) have significantly gained attention and popularity from industry, government, and academia. With their rapid development and deployment into the civilian airspace, UAVs play an important role in different applications, including goods delivery, search-and-rescue, and traffic monitoring. Therefore, providing secure communication through authentication models for UAVs is necessary for a successful and reliable flight mission. To satisfy such requirements, numerous authentication mechanisms have been proposed in the literature. However, the literature lacks a comprehensive study evaluating the security and performance of these solutions. In this article, we analyze the security and performance of 27 recent UAV authentication works by considering ten different key metrics. First, in the performance analysis, we show that the majority of UAV authentication schemes are lightweight in their communication cost. However, the storage overhead or the energy consumption is not reported by many authentication studies. Then, we reveal in the security analysis the widely employed formal models (i.e., abstract description of an authentication protocol through a mathematical model), while most of the studies lack coverage of many attacks that can target UAV systems. Afterwards, we highlight the challenges that need to be addressed in order to design and implement secure and reliable UAV authentication schemes. Finally, we summarize the lessons learned on the authentication strategies for UAVs to motivate promising direction for further research.},

keywords = {Authentication},

pubstate = {published},

tppubtype = {article}

}

Close

28.

Nazli Tekin, Abbas Acar, Ahmet Aris, A. Selcuk Uluagac, Vehbi Cagri Gungor

Energy consumption of on-device machine learning models for IoT intrusion detection Journal Article

In: Elsevier Internet of Things Journal, 2023.

Abstract | Links | BibTeX | Tags: IoT Security, Machine Learning Security

@article{TekinEnergyConsumption,

title = {Energy consumption of on-device machine learning models for IoT intrusion detection},

author = {Nazli Tekin and Abbas Acar and Ahmet Aris and A. Selcuk Uluagac and Vehbi Cagri Gungor},

url = {https://www.sciencedirect.com/science/article/pii/S2542660522001512},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {Elsevier Internet of Things Journal},

abstract = {Recently, Smart Home Systems (SHSs) have gained enormous popularity with the rapid

development of the Internet of Things (IoT) technologies. Besides offering many tangible

benefits, SHSs are vulnerable to attacks that lead to security and privacy concerns for SHS

users. Machine learning (ML)-based Intrusion Detection Systems (IDS) are proposed to address

such concerns. Conventionally, ML models are trained and tested on computationally powerful

platforms such as cloud services. Nevertheless, the data shared with the cloud is vulnerable to

privacy attacks and causes latency, which decreases the performance of real-time applications

like intrusion detection systems. Therefore, on-device ML models, in which the user data is kept

locally, have emerged as promising solutions to ensure the security and privacy of the data for

real-time applications. However, performing ML tasks requires high energy consumption. To

the best of our knowledge, no study has been conducted to analyze the energy consumption

of ML-based IDS. Therefore, in this paper, we perform a comparative analysis of on-device

ML algorithms in terms of energy consumption for IoT intrusion detection applications. For

a thorough analysis, we study the training and inference phases separately. For training, we

compare the cloud computing-based ML, edge computing-based ML, and IoT device-based ML

approaches. For the inference, we evaluate the TinyML approach to run the ML algorithms on

tiny IoT devices such as Micro Controller Units (MCUs). Comparative performance evaluations

show that deploying the Decision Tree (DT) algorithm on-device gives better results in terms

of training time, inference time, and power consumption.},

keywords = {IoT Security, Machine Learning Security},

pubstate = {published},

tppubtype = {article}

}

Close

29.

Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, Selcuk Uluagac

Ivycide: Smart Intrusion Detection System Against E-IoT Driver Threats Journal Article

In: IEEE Internet of Things Journal, 2023.

Abstract | Links | BibTeX | Tags: Enterprise Security, IoT Security

@article{LuisiVYCIDE,

title = {Ivycide: Smart Intrusion Detection System Against E-IoT Driver Threats},

author = {Luis Puche Rondon and Leonardo Babun and Ahmet Aris and Kemal Akkaya and Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/document/9849838},

year  = {2023},

date = {2023-01-01},

urldate = {2023-01-01},

journal = {IEEE Internet of Things Journal},

abstract = {The rise of Internet of Things (IoT) devices has led to the proliferation of smart environments worldwide. Although commodity IoT devices are employed by ordinary end users, complex environments, such as smart buildings, government, or private offices, or conference rooms require customized and highly reliable IoT solutions. Enterprise IoT (E-IoT) connect such environments to the Internet and are professionally managed solutions usually offered by dedicated vendors As E-IoT systems require specialized training, closed-source software, and proprietary equipment to deploy. In effect, E-IoT systems present an unprecedented, under-researched, and unexplored threat vector for an attacker. In this work, we focus on E-IoT drivers, software modules used to integrate devices into E-IoT systems, as an attack mechanism. We first present PoisonIvy, a series of generalized proof-of-concept attacks used to demonstrate that an attacker can use a malicious driver to perform denial-of-service attacks, gain remote control, and abuse E-IoT system resources. To defend against E-IoT driver-based threats, we introduce Ivycide, a novel intrusion detection system used to detect unexpected E-IoT network traffic from an E-IoT system. Ivycide operates as a passive monitoring system within an E-IoT system using machine learning and signature-based classification to detect Poisonivy attacks. We evaluated the performance of Ivycide in a realistic E-IoT deployment. Our detailed evaluation results show that Ivycide achieves an average accuracy of 97% in classifying the type of Poisonivy attack and operates without modifications or operational overhead to the existing E-IoT systems.},

keywords = {Enterprise Security, IoT Security},

pubstate = {published},

tppubtype = {article}

}

Close

30.

Javier R Franco, Ahmet Aris, Leonardo Babun, Selcuk Uluagac

S-Pot: A Smart Honeypot Framework with Dynamic Rule Configuration for SDN Conference

In the Proceedings of the 37th IEEE Global Communications Conference (GLOBECOM), Rio de Janeiro, Brazil, 2022.

Abstract | Links | BibTeX | Tags: Honeypot/Honeynet, SDN Security

31.

Harun Oz, Ahmet Aris, Albert Levi, A. Selcuk Uluagac

A Survey on Ransomware: Evolution, Taxonomy, and Defense Solutions Journal Article

In: ACM Computing Surveys (CSUR), 2022.

Abstract | Links | BibTeX | Tags: Malware, Ransomware

32.

Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Hidayet Aksu, Patrick McDaniel, Engin Kirda, A. Selcuk Uluagac

Who’s Controlling My Device? Multi-User Multi-Device-Aware Access Control System for Shared Smart Home Environment Journal Article

In: ACM Transactions on Internet of Things Journal, 2022.

Abstract | Links | BibTeX | Tags: Adverserial Machine Learning, Malware

33.

Ahmet Aris, Luis Puche Rondon, D. Ortiz, Monique Ross, Mark A. Finlayson, A. Selcuk Uluagac

Integrating Artificial Intelligence into Cybersecurity Curriculum: New Perspectives Proceedings Article

In: Proceedings of the 2022 ASEE Annual Conference & Exposition, 2022.

Links | BibTeX | Tags:

34.

Leonardo Babun, Amit Kumar Sikder, Abbas Acar, A. Selcuk Uluagac

The Truth Shall Set Thee Free: Enabling Practical Forensic Capabilities in Smart Environments Conference

In the Proceedings of the 30th Network and Distributed System Security Symposium (NDSS), 2022.

Abstract | Links | BibTeX | Tags: Forensics, IoT Security

@conference{babun2022truth,

title = {The Truth Shall Set Thee Free: Enabling Practical Forensic Capabilities in Smart Environments},

author = {Leonardo Babun and Amit Kumar Sikder and Abbas Acar and A. Selcuk Uluagac},

url = {https://www.ndss-symposium.org/wp-content/uploads/2022-133-paper.pdf},

year  = {2022},

date = {2022-04-01},

urldate = {2022-04-01},

booktitle = {In the Proceedings of the 30th Network and Distributed System Security Symposium (NDSS)},

abstract = {In smart environments such as smart homes and offices, the interaction between devices, users, and apps generate abundant data. Such data contain valuable forensic information about events and activities occurring in the smart environment. Nonetheless, current smart platforms do not provide any digital forensic capability to identify, trace, store, and analyze the data produced in these environments. To fill this gap, in this paper, we introduce VERITAS, a novel and practical digital forensic capability for the smart environment. VERITAS has two main components: Collector and Analyzer. The Collector implements mechanisms to automatically collect forensically-relevant data from the smart environment. Then, in the event of a forensic investigation, the Analyzer uses a First Order Markov Chain model to extract valuable and usable forensic information from the collected data. VERITAS then uses the forensic information to infer activities and behaviors from users, devices, and apps that violate the security policies defined for the environment. We implemented and tested VERITAS in a realistic smart office environment with 22 smart devices and sensors that generated 84209 forensically-valuable incidents. The evaluation shows that VERITAS achieves over 95 percent of accuracy in inferring different anomalous activities and forensic behaviors within the smart environment. Finally, VERITAS is extremely lightweight, yielding no overhead on the devices and minimal overhead in the backend resources (ie, the cloud servers).},

keywords = {Forensics, IoT Security},

pubstate = {published},

tppubtype = {conference}

}

Close

35.

Harun Oz, Faraz Naseem, Ahmet Aris, Abbas Acar, Guliz Seray Tuncay, A Selcuk Uluagac

Feasibility of Malware Visualization Techniques against Adversarial Machine Learning Attacks Demo/Posters

2022.

BibTeX | Tags: Adverserial Machine Learning, Malware

36.

Ege Tekiner, Abbas Acar, Arif Selcuk Uluagac

A Lightweight IoT Cryptojacking Detection Mechanism in Heterogeneous Smart Home Networks Conference

In the Proceedings of the 30th Network and Distributed System Security Symposium (NDSS), 2022.

Links | BibTeX | Tags:

37.

Akm Iqtidar Newaz, Ahmet Aris, Amit Kumar Sikder, A Selcuk Uluagac

Systematic Threat Analysis of Modern Unified Healthcare Communication Systems Conference

In the Proceedings of the 37th IEEE Global Communications Conference (GLOBECOM), 2022.

Abstract | Links | BibTeX | Tags: Healthcare Security, Network Security

38.

Maryna Veksler, David Langus Rodríguez, Ahmet Aris, Kemal Akkaya, A. Selcuk Uluagac

LoFin: LoRa-based UAV Fingerprinting Framework Conference

In the Proceedings of the 41st IEEE Military Communications Conference (MILCOM) , 2022.

Abstract | Links | BibTeX | Tags: Fingerprinting, Network Security, UAV Security

39.

Shrenik Bhansali, Ahmet Aris, Abbas Acar, Harun Oz, Selcuk Uluagac

A First Look at Code Obfuscation for WebAssembly Conference

In the Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec) , 2022.

Abstract | Links | BibTeX | Tags: Malware, WebAssembly

40.

Alvi Ataur Khalil, Javier Franco, Imtiaz Parvez, Selcuk Uluagac, Hossain Shahriar, Mohammad Ashiqur Rahman

A Literature Review on Blockchain-enabled Security and Operation of Cyber-Physical Systems Conference

In the Proceedings of 46th Annual Computers, Software and Applications Conference (COMPSAC), 2022.

Abstract | Links | BibTeX | Tags: Blockchain Security, CPS Security

41.

Amit Kumar Sikder, Hidayet Aksu, A Selcuk Uluagac

System and Method for Secure and Resilient Industrial Control Systems Patent

2022.

Abstract | Links | BibTeX | Tags: IoT Security

42.

Michael Thompson, Suat Mercan, Mumin Cebe, Kemal Akkaya, Arif Selcuk Uluagac

Cost-efficient IoT Forensics Framework with Blockchain Patent

2021.

Abstract | Links | BibTeX | Tags: Forensics, IoT Security

43.

Kyle Denney, Enes Erdin, Leonardo Babun, A Selcuk Uluagac, Kemal Akkaya

Systems and methods for inhibiting threats to a computing environment Patent

2021.

Abstract | Links | BibTeX | Tags: IoT Security

44.

Abbas Acar, Shoukat Ali, Koray Karabina, Cengiz Kaygusuz, Hidayet Aksu, Kemal Akkaya, Selcuk Uluagac

A Lightweight Privacy-Aware Continuous Authentication Protocol-PACA Journal Article

In: ACM Transactions on Privacy and Security (TOPS) Journal, 2021.

Abstract | Links | BibTeX | Tags: Authentication, Privacy Preserving

45.

Adrien Cosson, Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Patrick McDaniel, A. Selcuk Uluagac

Sentinel: A Robust Intrusion Detection System for IoT Networks Using Kernel-Level System Information Proceedings Article

In: Proceedings of the 2021 International Conference on Internet-of-Things Design and Implementation (IoTDI), 2021.

Abstract | Links | BibTeX | Tags:

46.

Luis C Puche Rondon, Leonardo Babun, Kemal Akkaya, A Selcuk Uluagac

Systems and methods for monitoring activity in an HDMI network Patent

2021.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

47.

Akm Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, A Selcuk Uluagac

A survey on security and privacy issues in modern healthcare systems: Attacks and defenses Journal Article

In: ACM Transactions on Computing for Healthcare Journal, 2021.

Abstract | BibTeX | Tags: Healthcare Security

48.

Leonardo Babun, Kyle Denney, Z Berkay Celik, Patrick McDaniel, A Selcuk Uluagac

A survey on IoT platforms: Communication, security, and privacy perspectives Journal Article

In: Computer Networks Journal, 2021.

Abstract | BibTeX | Tags: IoT Security

49.

Javier Franco, Ahmet Aris, Berk Canberk, A Selcuk Uluagac

A survey of honeypots and honeynets for internet of things, industrial internet of things, and cyber-physical systems Journal Article

In: IEEE Communications Surveys & Tutorials, 2021.

Abstract | BibTeX | Tags: CPS Security, IoT Security

50.

Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, A Selcuk Uluagac

LightningStrike: (in) secure practices of E-IoT systems in the wild Conference

In the Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2021.

Abstract | BibTeX | Tags: IoT Security, Smart Home Security

51.

Enes Erdin, Mumin Cebe, Kemal Akkaya, Eyuphan Bulut, Selcuk Uluagac

A scalable private Bitcoin payment channel network with privacy guarantees Journal Article

In: Journal of Network and Computer Applications, 2021.

Abstract | BibTeX | Tags: Blockchain Security

52.

Amit Kumar Sikder, Giuseppe Petracca, Hidayet Aksu, Trent Jaeger, A Selcuk Uluagac

A survey on sensor-based threats and attacks to smart devices and applications Journal Article

In: IEEE Communications Surveys & Tutorials, 2021.

Abstract | BibTeX | Tags: Smart Home Security

53.

Nur Imtiazul Haque, Mohammad Ashiqur Rahman, Md Hasan Shahriar, Alvi Ataur Khalil, Selcuk Uluagac

A novel framework for threat analysis of machine learning-based smart healthcare systems Journal Article

In: arXiv, 2021.

Abstract | Links | BibTeX | Tags: Healthcare Security

54.

Amit Kumar Sikder, Leonardo Babun, A Selcuk Uluagac

Aegis+ a context-aware platform-independent security framework for smart home systems Journal Article

In: Digital Threats: Research and Practice Journal, 2021.

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security

55.

Ege Tekiner, Abbas Acar, A. Selcuk Uluagac, Engin Kirda, Ali Aydin Selcuk

SoK: Cryptojacking Malware Proceedings Article

In: 2021 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 120-139, 2021.

Links | BibTeX | Tags:

56.

Ahmet Kurt, Enes Erdin, Kemal Akkaya, Selcuk Uluagac, Mumin Cebe

D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network Journal Article

In: IEEE Transactions on Dependable and Secure Computing Journal, 2021.

Abstract | Links | BibTeX | Tags: Blockchain Security, Network Security

57.

Luis Puche, Ahmet Aris, Leonardo Babun, Kemal Akkaya, A. Selcuk Uluagac

Survey on Enterprise Internet-of-Things Systems (E-IoT): A Security Perspective Journal Article

In: Elsevier Ad Hoc Networks Journal, 2021.

Abstract | Links | BibTeX | Tags: Enterprise Security, IoT Security

58.

Ege Tekiner, Abbas Acar, A Selcuk Uluagac, Engin Kirda, Ali Aydin Selcuk

In-Browser Cryptomining for Good: An Untold Story Conference

In the Proceedings of the IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS), 2021.

Abstract | Links | BibTeX | Tags: Cryptojacking, Malware

@conference{untoldStory,

title = {In-Browser Cryptomining for Good: An Untold Story},

author = {Ege Tekiner and Abbas Acar and A Selcuk Uluagac and Engin Kirda and Ali Aydin Selcuk},

url = {https://ieeexplore.ieee.org/abstract/document/9566204/},

year  = {2021},

date = {2021-01-01},

urldate = {2021-01-01},

booktitle = {In the Proceedings of the IEEE International Conference on Decentralized Applications and Infrastructures (DAPPS)},

abstract = {In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our analysis in this paper shows that in practice, regardless of their being legitimate or not, all in-browser mining scripts are treated the same as malicious cryptomining samples (aka cryptojacking) and blacklisted by browser extensions or antivirus programs. Indeed, there is a need for a better understanding of the in-browser cryptomining ecosystem. Hence, in this paper, we present an in-depth empirical analysis of in-browser cryptomining processes, focusing on the samples explicitly asking for user consent, which we call permissioned cryptomining. To the best of our knowledge, this is the first study focusing on the permissioned cryptomining samples. For this, we created a dataset of 6269 unique web sites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. We believe that (1) this paper is the first attempt showing that permissioned in-browser cryptomining could be a legitimate and viable monetization tool if implemented responsibly and without interrupting the user, and (2) this paper will catalyze the widespread adoption of legitimate crvptominina with user consent and awareness.},

keywords = {Cryptojacking, Malware},

pubstate = {published},

tppubtype = {conference}

}

Close

In-browser cryptomining uses the computational power of a website's visitors to mine cryptocurrency, i.e., to create new coins. With the rise of ready-to-use mining scripts distributed by service providers (e.g., Coinhive), it has become trivial to turn a website into a cryptominer by copying and pasting the mining script. Both legitimate webpage owners who want to raise an extra revenue under users' explicit consent and malicious actors who wish to exploit the computational power of the users' computers without their consent have started to utilize this emerging paradigm of cryptocurrency operations. In-browser cryptomining, though mostly abused by malicious actors in practice, is indeed a promising funding model that can be utilized by website owners, publishers, or non-profit organizations for legitimate business purposes, such as to collect revenue or donations for humanitarian projects, inter alia. However, our analysis in this paper shows that in practice, regardless of their being legitimate or not, all in-browser mining scripts are treated the same as malicious cryptomining samples (aka cryptojacking) and blacklisted by browser extensions or antivirus programs. Indeed, there is a need for a better understanding of the in-browser cryptomining ecosystem. Hence, in this paper, we present an in-depth empirical analysis of in-browser cryptomining processes, focusing on the samples explicitly asking for user consent, which we call permissioned cryptomining. To the best of our knowledge, this is the first study focusing on the permissioned cryptomining samples. For this, we created a dataset of 6269 unique web sites containing cryptomining scripts in their source codes to characterize the in-browser cryptomining ecosystem by differentiating permissioned and permissionless cryptomining samples. We believe that (1) this paper is the first attempt showing that permissioned in-browser cryptomining could be a legitimate and viable monetization tool if implemented responsibly and without interrupting the user, and (2) this paper will catalyze the widespread adoption of legitimate crvptominina with user consent and awareness.

Close

59.

Ahmet Arış, Faraz Naseem, Leonardo Babun, Ege Tekiner, Selcuk Uluagac

MINOS: A Lightweight Real-Time Cryptojacking Detection System Conference

In the Processings of 28th the Network and Distributed System Security Symposium (NDSS), 2021.

Abstract | Links | BibTeX | Tags: Cryptojacking, Machine Learning Security, Malware

@conference{FarazMinos,

title = {MINOS: A Lightweight Real-Time Cryptojacking Detection System},

author = {Ahmet Arış and Faraz Naseem and Leonardo Babun and Ege Tekiner and Selcuk Uluagac},

url = {https://www.researchgate.net/profile/Ahmet-Aris/publication/349109071_MINOS_A_Lightweight_Real-Time_Cryptojacking_Detection_System/links/61488e123c6cb310697fba33/MINOS-A-Lightweight-Real-Time-Cryptojacking-Detection-System.pdf},

year  = {2021},

date = {2021-01-01},

urldate = {2021-01-01},

booktitle = {In the Processings of 28th the Network and Distributed System Security Symposium (NDSS)},

abstract = {Emerging WebAssembly (Wasm)-based cryptojacking malware covertly uses the computational resources of users without their consent or knowledge. Indeed, most victims of this malware are unaware of such unauthorized use of their computing power due to techniques employed by cryptojacking malware authors such as CPU throttling and obfuscation. A number of dynamic analysis-based detection mechanisms exist that aim to circumvent such techniques. However, since these mechanisms use dynamic features, the collection of such features, as well as the actual detection of the malware, require that the cryptojacking malware run for a certain amount of time, effectively mining for that period, and therefore causing significant overhead. To solve these limitations, in this paper, we propose MINOS, a novel, extremely lightweight cryptojacking detection system that uses deep learning techniques to accurately detect the presence of unwarranted Wasm-based mining activity in real-time. MINOS uses an image-based classification technique to distinguish between benign webpages and those using Wasm to implement unauthorized mining. Specifically, the classifier implements a convolutional neural network (CNN) model trained with a comprehensive dataset of current malicious and benign Wasm binaries. MINOS achieves exceptional accuracy with a low TNR and FPR. Moreover, our extensive performance analysis of MINOS shows that the proposed detection technique can detect mining activity instantaneously from the most current in-the-wild cryptojacking malware with an accuracy of 98.97 percent, in an average of 25.9 milliseconds while using a},

keywords = {Cryptojacking, Machine Learning Security, Malware},

pubstate = {published},

tppubtype = {conference}

}

Close

60.

Ege Tekiner, Abbas Acar, A. Selcuk Uluagac, Engin Kirda, Ali Aydin Selcuk

SoK: Cryptojacking Malware Conference

In the Processings of 6th IEEE European Symposium on Security and Privacy (EuroS&P), Virtual, 2021.

Abstract | Links | BibTeX | Tags: Blockchain Security, Cryptojacking, Malware

61.

Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

CPS Device-Class Identification via Behavioral Fingerprinting: From Theory to Practice Journal Article

In: IEEE Transactions on Information Forensics and Security (TIFS) Journal, 2021.

Abstract | Links | BibTeX | Tags: CPS Security

62.

Ahmet Kurt, Nico Saputro, Kemal Akkaya, A. Selcuk Uluagac

Distributed Connectivity Maintenance in Swarm of Drones During Post-Disaster Transportation Applications Journal Article

In: IEEE Transactions on Intelligent Transportation Systems Journal, 2021.

Abstract | Links | BibTeX | Tags: Network Security, UAV Security

63.

Mercan, Suat, Cain, Lisa, Akkaya, Kemal, Cebe, Mumin, Uluagac, Selcuk, Alonso, Miguel, Cobanoglu, Cihan

improving the service industry with hyper-connectivity: iot in hospitality Journal Article

In: International Journal of Contemporary Hospitality Management, vol. 33, no. 1, pp. 243-262, 2020, ISSN: 0959-6119.

Abstract | Links | BibTeX | Tags:

64.

Hidayet Aksu, A Selcuk Uluagac, Elizabeth S Bentley

Internet of things (IoT) identifying system and associated methods Patent

2020.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

65.

Kyle Denney, Enes Erdin, Leonardo Babun, Michael Vai, Selcuk Uluagac

USB-Watch: A Dynamic Hardware-Assisted USB Threat Detection Framework Conference

In the Proceedings of the Security and Privacy in Communication Networks, 2020.

Abstract | Links | BibTeX | Tags: Hardware Security

@conference{Denney2019USB-Watchb,

title = {USB-Watch: A Dynamic Hardware-Assisted USB Threat Detection Framework},

author = {Kyle Denney and Enes Erdin and Leonardo Babun and Michael Vai and Selcuk Uluagac},

url = {https://link.springer.com/chapter/10.1007/978-3-030-37228-6_7},

year  = {2020},

date = {2020-02-15},

urldate = {2020-02-15},

booktitle = {In the Proceedings of the Security and Privacy in Communication Networks},

abstract = {The USB protocol is among the most widely adopted protocols today thanks to its plug-and-play capabilities and the vast number of devices which support the protocol. However, this same adaptability leaves unwitting computing devices prone to attacks. Malicious USB devices can disguise themselves as benign devices (e.g., keyboard, mouse, etc.) to insert malicious commands on end devices. These malicious USB devices can mimic an actual device or a human typing pattern and appear as a real device to the operating system. Typically, advanced software-based detection schemes are used to identify the malicious nature of such devices. However, a powerful adversary (e.g., as rootkits or advanced persistent threats) can still subvert those software-based detection schemes. To address these concerns, in this work, we introduce a novel hardware-assisted, dynamic USB-threat detection framework called USB-Watch. Specifically, USB-Watch utilizes hardware placed between a USB device and the host machine to hook into the USB communication, collect USB data, and provides the capability to view unaltered USB protocol communications. This unfettered data is then fed into a machine learning-based classifier which dynamically determines the true nature of the USB device. Using real malicious USB devices (i.e., Rubber-Ducky) mimicking as a keyboard, we perform a thorough analysis of typing dynamic features (e.g., typing time differentials, key press durations, etc.) to effectively classify malicious USB devices from normal human typing behaviors. In this work, we show that USB-Watch provides a lightweight, OS-independent framework which effectively distinguishes differences between normal and malicious USB behaviors with a ROC curve of 0.89. To the best of our knowledge, this is the first hardware-based detection mechanism to dynamically detect threats coming from USB devices.},

howpublished = {In the proceedings of the Security and Privacy in Communication Networks (SecureComm)},

keywords = {Hardware Security},

pubstate = {published},

tppubtype = {conference}

}

Close

66.

Abbas Acar, Hossein Fereidooni, Tigist Abera, Amit Kumar Sikder, Markus Miettinen, Hidayet Aksu, Mauro Conti, Ahmad-Reza Sadeghi, Selcuk Uluagac

Peek-a-boo: I see your smart home activities, even encrypted! Conference

In the Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, 2020.

Abstract | BibTeX | Tags: IoT Security, Smart Home Security

67.

Amit Kumar Sikder, Leonardo Babun, Z Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, A Selcuk Uluagac

Kratos: Multi-user multi-device-aware access control system for the smart home Conference

In the Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2020.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

68.

Leonardo Babun, Hidayet Aksu, Lucas Ryan, Kemal Akkaya, Elizabeth S Bentley, A Selcuk Uluagac

Z-iot: Passive device-class fingerprinting of zigbee and z-wave iot devices Conference

In the proceedings of the IEEE International Conference on Communications (ICC) Conference, IEEE 2020.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

69.

Suat Mercan, Mumin Cebe, Ege Tekiner, Kemal Akkaya, Melissa Chang, Selcuk Uluagac

A cost-efficient iot forensics framework with blockchain Conference

In the Proceedings of the IEEE International Conference on Blockchain and Cryptocurrency (ICBC), IEEE 2020.

Abstract | Links | BibTeX | Tags: Blockchain Security

70.

AKM Iqtidar Newaz, Amit Kumar Sikder, Leonardo Babun, A Selcuk Uluagac

Heka: A novel intrusion detection system for attacks to personal medical devices Conference

In the proceedings of the IEEE Conference on Communications and Network Security (CNS), IEEE 2020.

Abstract | Links | BibTeX | Tags: Healthcare Security, IoT Security, Smart Home Security

71.

Abbas Acar, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya

A usable and robust continuous authentication framework using wearables Journal Article

In: IEEE Transactions on Mobile Computing Journal, 2020.

Abstract | BibTeX | Tags: Authentication, IoT Security, Smart Home Security

72.

Nico Saputro, Samet Tonyali, Abdullah Aydeger, Kemal Akkaya, Mohammad A Rahman, Selcuk Uluagac

A review of moving target defense mechanisms for internet of things applications Journal Article

In: Modeling and Design of Secure Internet of Things Journal, 2020.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

73.

Luis Puche Rondon, Leonardo Babun, Kemal Akkaya, A Selcuk Uluagac

HDMI-watch: Smart intrusion detection system against HDMI attacks Journal Article

In: IEEE Transactions on Network Science and Engineering Journal, 2020.

Abstract | BibTeX | Tags: CPS Security, IoT Security, Smart Home Security

74.

Enes Erdin, Mumin Cebe, Kemal Akkaya, Senay Solak, Eyuphan Bulut, Selcuk Uluagac

A Bitcoin payment network with reduced transaction fees and confirmation times Journal Article

In: Computer Networks Journal, 2020.

Abstract | BibTeX | Tags: Blockchain Security

75.

AKM Iqtidar Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman, A Selcuk Uluagac

Adversarial attacks to machine learning-based smart healthcare systems Conference

In the proceedings of the IEEE Global Communications Conference (GLOBECOM), IEEE 2020.

Abstract | Links | BibTeX | Tags: Adverserial Machine Learning, Smart Home Security

76.

Luis Puche Rondon, Leonardo Babun, Ahmet Aris, Kemal Akkaya, A Selcuk Uluagac

PoisonIvy: (In) secure Practices of Enterprise IoT Systems in Smart Buildings Conference

In the Proceedings of the 7th ACM International Conference on Systems for Energy-Efficient Buildings, Cities, and Transportation, 2020.

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security, Smart Home Security

77.

Kyle Denney, Leonardo Babun, A Selcuk Uluagac

USB-watch: A generalized hardware-assisted insider threat detection framework Journal Article

In: Journal of Hardware and Systems Security, 2020.

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security

78.

Oscar Bautista, Kemal Akkaya, A Selcuk Uluagac

Customized novel routing metrics for wireless mesh-based swarm-of-drones applications Journal Article

In: Internet of Things Journal, 2020.

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security

79.

Amit Kumar Sikder, Hidayet Aksu, A. Selcuk Uluagac

A Context-Aware Framework for Detecting Sensor-Based Threats on Smart Devices Journal Article

In: IEEE Transactions on Mobile Computing Journal, 2020.

Abstract | Links | BibTeX | Tags: IoT Security

@article{Sikder2019Context-Aware,

title = {A Context-Aware Framework for Detecting Sensor-Based Threats on Smart Devices},

author = {Amit Kumar Sikder and Hidayet Aksu and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/document/8613866},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

booktitle = {IEEE Transactions on Mobile Computing Journal

},

journal = {IEEE Transactions on Mobile Computing Journal},

abstract = {Sensors (e.g., light, gyroscope, and accelerometer) and sensing-enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor Application Programming Interface (API). In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users' sensitive information, transfer malware, or record or steal sensitive information from other nearby devices. In this paper, we propose 6thSense, a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behavior of sensors. 6thSense utilizes three different Machine Learning-based detection mechanisms (i.e., Markov Chain, Naive Bayes, and LMT). We implemented 6thSense on several sensor-rich Android-based smart devices (i.e., smart watch and smartphone) and collected data from typical daily activities of 100 real users. Furthermore, we evaluated the performance of 6thSense against three sensor-based threats: (1) a malicious App that can be triggered via a sensor, (2) a malicious App that can leak information via a sensor, and (3) a malicious App that can steal data using sensors. Our extensive evaluations show that the 6thSense framework is an effective and practical approach to defeat growing sensor-based threats with an accuracy above 96 percent without compromising the normal functionality of the device. Moreover, our framework reveals minimal overhead.},

keywords = {IoT Security},

pubstate = {published},

tppubtype = {article}

}

Close

80.

Ahmet Kurt, Enes Erdin, Mumin Cebe, Kemal Akkaya, A. Selcuk Uluagac

LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit Conference

In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS) 2020.

Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security

@conference{10.1007/978-3-030-59013-0_36,

title = {LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit},

author = {Ahmet Kurt and Enes Erdin and Mumin Cebe and Kemal Akkaya and A. Selcuk Uluagac},

editor = {Liqun Chen and Ninghui Li and Kaitai Liang and Steve Schneider},

url = {https://link.springer.com/chapter/10.1007/978-3-030-59013-0_36},

year  = {2020},

date = {2020-01-01},

urldate = {2020-01-01},

series = {In the Proceedings of the 25th European Symposium on Research in Computer Security (ESORICS)},

abstract = {While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.},

keywords = {Bitcoin, Blockchain Security},

pubstate = {published},

tppubtype = {conference}

}

Close

81.

Oscar G. Bautista, Nico Saputro, Kemal Akkaya, Selcuk Uluagac

A novel routing metric for IEEE 802.11s-based swarm-of-drones applications Conference

In the Proceedings of the 16th EAI International Conference on Mobile and Ubiquitous Systems, 2020.

Abstract | Links | BibTeX | Tags: Network Security, UAV Security

82.

Amit Kumar Sikder, Leonardo Babun, Z. Berkay Celik, Abbas Acar, Hidayet Aksu, Patrick McDaniel, Engin Kirda, A. Selcuk Uluagac

Kratos: multi-user multi-device-aware access control system for the smart home Proceedings Article

In: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, pp. 1–12, Association for Computing Machinery, Linz, Austria, 2020, ISBN: 9781450380065.

Abstract | Links | BibTeX | Tags: access control, Internet of Things, Smart Home Security

@inproceedings{10.1145/3395351.3399358,

title = {Kratos: multi-user multi-device-aware access control system for the smart home},

author = {Amit Kumar Sikder and Leonardo Babun and Z. Berkay Celik and Abbas Acar and Hidayet Aksu and Patrick McDaniel and Engin Kirda and A. Selcuk Uluagac},

url = {https://doi.org/10.1145/3395351.3399358},

doi = {10.1145/3395351.3399358},

isbn = {9781450380065},

year  = {2020},

date = {2020-01-01},

booktitle = {Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks},

pages = {1–12},

publisher = {Association for Computing Machinery},

address = {Linz, Austria},

series = {WiSec '20},

abstract = {In a smart home system, multiple users have access to multiple devices, typically through a dedicated app installed on a mobile device. Traditional access control mechanisms consider one unique trusted user that controls the access to the devices. However, multi-user multi-device smart home settings pose fundamentally different challenges to traditional single-user systems. For instance, in a multi-user environment, users have conflicting, complex, and dynamically changing demands on multiple devices, which cannot be handled by traditional access control techniques. To address these challenges, in this paper, we introduce Kratos, a novel multi-user and multi-device-aware access control mechanism that allows smart home users to flexibly specify their access control demands. Kratos has three main components: user interaction module, back-end server, and policy manager. Users can specify their desired access control settings using the interaction module which are translated into access control policies in the backend server. The policy manager analyzes these policies and initiates negotiation between users to resolve conflicting demands and generates final policies. We implemented Kratos and evaluated its performance on real smart home deployments featuring multi-user scenarios with a rich set of configurations (309 different policies including 213 demand conflicts and 24 restriction policies). These configurations included five different threats associated with access control mechanisms. Our extensive evaluations show that Kratos is very effective in resolving conflicting access control demands with minimal overhead, and robust against different attacks.},

keywords = {access control, Internet of Things, Smart Home Security},

pubstate = {published},

tppubtype = {inproceedings}

}

Close

83.

Amit Kumar Sikder, Hidayet Aksu, A Selcuk Uluagac

Context-aware intrusion detection method for smart devices with sensors Patent

2019, (US Patent 10,417,413).

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security

84.

Z Berkay Celik, Patrick McDaniel, Gang Tan, Leonardo Babun, A Selcuk Uluagac

Verifying internet of things safety and security in physical spaces Journal Article

In: IEEE Security & Privacy Journal, 2019.

Abstract | BibTeX | Tags: CPS Security, IoT Security

85.

Leonardo Babun, Hidayet Aksu, A Selcuk Uluagac

A system-level behavioral detection framework for compromised CPS devices: Smart-grid case Journal Article

In: ACM Transactions on Cyber-Physical Systems Journal, 2019.

Abstract | Links | BibTeX | Tags: CPS Security, IoT Security

86.

Z Berkay Celik, Abbas Acar, Hidayet Aksu, Ryan Sheatsley, Patrick McDaniel, A Selcuk Uluagac

Curie: Policy-based secure data exchange Conference

In the Proceedings of the 9th ACM Conference on Data and Application Security and Privacy (CODASPY), 2019.

Abstract | Links | BibTeX | Tags: Authentication, IoT Security

87.

Abbas Acar, Wenyi Liu, Raheem Beyah, Kemal Akkaya, Arif Selcuk Uluagac

A privacy-preserving multifactor authentication system Journal Article

In: Security and Privacy, 2019.

Abstract | BibTeX | Tags: Authentication, Privacy Preserving

88.

Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Selcuk Uluagac

SDN-enabled recovery for Smart Grid teleprotection applications in post-disaster scenarios Journal Article

In: Journal of Network and Computer Applications, 2019.

Abstract | BibTeX | Tags: SDN Security

89.

Kyle Denney, Enes Erdin, Leonardo Babun, A Selcuk Uluagac

Dynamically detecting usb attacks in hardware: Poster Demo/Posters

2019.

Abstract | BibTeX | Tags: IoT Security

90.

Faraz Naseem, Leonardo Babun, Cengiz Kaygusuz, S. J. Moquin, Chris Farnell, Alan Mantooth, A. Selcuk Uluagac

CSPoweR-Watch: A Cyber-Resilient Residential Power Management System Conference

In the proceedings of the International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2019.

Abstract | Links | BibTeX | Tags: CPS Security

@conference{Naseem2019CSPoweR,

title = {CSPoweR-Watch: A Cyber-Resilient Residential Power Management System},

author = {Faraz Naseem and Leonardo Babun and Cengiz Kaygusuz and S. J. Moquin and Chris Farnell and Alan Mantooth and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8875295/},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

publisher = {In the proceedings of the International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)},

abstract = {Modern Energy Management Systems (EMS) are becoming increasingly complex in order to address the urgent issue of global energy consumption. These systems retrieve vital information from various Internet-connected resources in a smart grid to function effectively. However, relying on such resources results in them being susceptible to cyber attacks. Malicious actors can exploit the interconnections between the resources to perform nefarious tasks such as modifying critical firmware, sending bogus sensor data, or stealing sensitive information. To address this issue, we propose a novel framework that integrates PowerWatch, a solution that detects compromised devices in the smart grid with Cyber-secure Power Router (CSPR), a smart energy management system. The goal is to ascertain whether or not such a device has operated maliciously. To achieve this, PowerWatch utilizes a machine learning model that analyzes information from system and library call lists extracted from CSPR in order to detect malicious activity in the EMS. To test the efficacy of our framework, a number of unique attack scenarios were performed on a realistic testbed that comprises functional versions of CSPR and PowerWatch to monitor the electrical environment for suspicious activity. Our performance evaluation investigates the effectiveness of this first-of-its-kind merger and provides insight into the feasibility of developing future cybersecure EMS. The results of our experimental procedures yielded 100% accuracy for each of the attack scenarios. Finally, our implementation demonstrates that the integration of PowerWatch and CSPR is effective and yields minimal overhead to the EMS.},

keywords = {CPS Security},

pubstate = {published},

tppubtype = {conference}

}

Close

91.

Amit Kumar Sikder, Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

Aegis: A Context-Aware Security Framework for Smart Home Systems Conference

In the Proceedings of the 35th Annual Computer Security Applications Conference (ACSA), 2019.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

@conference{Sikder2019Aegis,

title = {Aegis: A Context-Aware Security Framework for Smart Home Systems},

author = {Amit Kumar Sikder and Leonardo Babun and Hidayet Aksu and A. Selcuk Uluagac},

url = {https://doi.org/10.1145/3359789.3359840},

doi = {10.1145/3359789.3359840},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

publisher = {In the Proceedings of the 35th Annual Computer Security Applications Conference (ACSA)},

abstract = {Our everyday lives are expanding fast with the introduction of new Smart Home Systems (SHSs). Today, a myriad of SHS devices and applications are widely available to users and have already started to re-define our modern lives. Smart home users utilize the apps to control and automate such devices. Users can develop their own apps or easily download and install them from vendor-specific app markets. App-based SHSs offer many tangible benefits to our lives, but also unfold diverse security risks. Several attacks have already been reported for SHSs. However, current security solutions consider smart home devices and apps individually to detect malicious actions rather than the context of the SHS as a whole. The existing mechanisms cannot capture user activities and sensor-device-user interactions in a holistic fashion. To address these issues, in this paper, we introduce Aegis, a novel context-aware security framework to detect malicious behavior in a SHS. Specifically, Aegis observes the states of the connected smart home entities (sensors and devices) for different user activities and usage patterns in a SHS and builds a contextual model to differentiate between malicious and benign behavior. We evaluated the efficacy and performance of Aegis in multiple smart home settings (i.e., single bedroom, double bedroom, duplex) with real-life users performing day-to-day activities and real SHS devices. We also measured the performance of Aegis against five different malicious behaviors. Our detailed evaluation shows that Aegis can detect malicious behavior in SHS with high accuracy (over 95%) and secure the SHS regardless of the smart home layout, device configuration, installed apps, and enforced user policies. Finally, Aegis achieves minimum overhead in detecting malicious behavior in SHS, ensuring easy deployability in real-life smart environments.},

keywords = {IoT Security, Smart Home Security},

pubstate = {published},

tppubtype = {conference}

}

Close

92.

Kemal Akkaya, Vashish Baboolal, Nico Saputro, Selcuk Uluagac, Hamid Menouar

Privacy-Preserving Control of Video Transmissions for Drone-based Intelligent Transportation Systems Conference

In the proceedings of the IEEE Conference on Communications and Network Security (CNS), 2019.

Abstract | Links | BibTeX | Tags: UAV Security

@conference{Akkaya2019UAVSec,

title = {Privacy-Preserving Control of Video Transmissions for Drone-based Intelligent Transportation Systems},

author = {Kemal Akkaya and Vashish Baboolal and Nico Saputro and Selcuk Uluagac and Hamid Menouar},

url = {https://ieeexplore.ieee.org/abstract/document/8802665/},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

booktitle = {In the proceedings of the IEEE Conference on Communications and Network Security (CNS)},

abstract = {The drones are now frequently used for many smart city applications including intelligent transportation to provide situational awareness for drivers as well as other stakeholders that manage the traffic. In such situations one of the widely collected data is video that is recorded by a drone and streamed in real-time to a remote control center. The data can then be accessed through cloud services to do further analysis and take actions. However, this captured video may contain private information from the passing by citizens and allow recognition and tracking if it is intercepted by malicious users. While the video data can be stored as encrypted in the cloud, this still does not address the privacy problem as the third party providers still need to decrypt the data to perform any further processing. To address this issue, we propose using fully homomorphic encryption (FHE)which will not only provide confidentiality of the data but also enable processing on the encrypted video data by cloud providers and other third parties without exposing any privacy. However, since fully homomorphic systems have a lot of overhead, in this paper, we propose to conduct background extraction on video images and transmit only the changing foreground to minimize data transmission. As we use FHE, this allows reconstruction of the video at the server without decrypting the data. We tested the feasibility of the proposed approach extensively under various conditions including the type of FHE used, the underlying communication protocols and video size. The results indicate that our approach can even outperform AES-based method in terms of total time to complete the video transmission while additionally enabling privacy features},

keywords = {UAV Security},

pubstate = {published},

tppubtype = {conference}

}

Close

93.

Luis Puche Rondon, Leonardo Babun, Kemal Akkaya, A. Selcuk Uluagac

HDMI-Walk: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol Conference

In the Proceedings of the 35th Annual Computer Security Applications Conference, 2019.

Abstract | Links | BibTeX | Tags: Enterprise Security, Network Security

@conference{Rondon2019HDMI-walk,

title = {HDMI-Walk: Attacking HDMI Distribution Networks via Consumer Electronic Control Protocol},

author = {Luis Puche Rondon and Leonardo Babun and Kemal Akkaya and A. Selcuk Uluagac},

url = {https://doi.org/10.1145/3359789.3359841},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

booktitle = {In the Proceedings of the 35th Annual Computer Security Applications Conference},

abstract = {The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video interfacing between video-enabled devices. Today, almost tens of billions of HDMI devices exist in the world and are widely used to distribute A/V signals in smart homes, offices, concert halls, and sporting events making HDMI one of the most highly deployed systems in the world. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows for the interaction between devices within an HDMI distribution network. Nonetheless, existing network security mechanisms only protect traditional networking components, leaving CEC outside of their scope. In this work, we identify and tap into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks. We study, how current insecure CEC protocol practices and carelessly implemented HDMI distributions may grant an adversary a novel attack surface for HDMI devices otherwise thought to be unreachable through traditional means. To introduce this novel attack surface, in this paper, we present HDMI-Walk, which opens a realm of remote and local CEC attacks to HDMI devices. Specifically, with HDMI-Walk, an attacker can perform malicious analysis of devices, eavesdropping, Denial of Service attacks, targeted device attacks, and even facilitate other well-known existing attacks through HDMI. With HDMI-Walk, we prove that it is feasible for an attacker to gain arbitrary control of HDMI devices. We demonstrate the implementations of both local and remote attacks with commodity HDMI devices including Smart TVs and Media Players. Our work aims to uncover vulnerabilities in a very well deployed system like HDMI distributions. The consequences of which can largely impact HDMI users as well as other systems which depend on these distributions. Finally, we discuss security mechanisms to provide impactful and comprehensive security evaluation to these real-world systems while guaranteeing deployability and providing minimal overhead, while considering the current limitations of the CEC protocol. To the best of our knowledge, this is the first work solely investigating the security of HDMI device distribution networks.},

keywords = {Enterprise Security, Network Security},

pubstate = {published},

tppubtype = {conference}

}

Close

The High Definition Multimedia Interface (HDMI) is the backbone and the de-facto standard for Audio/Video interfacing between video-enabled devices. Today, almost tens of billions of HDMI devices exist in the world and are widely used to distribute A/V signals in smart homes, offices, concert halls, and sporting events making HDMI one of the most highly deployed systems in the world. An important component in HDMI is the Consumer Electronics Control (CEC) protocol, which allows for the interaction between devices within an HDMI distribution network. Nonetheless, existing network security mechanisms only protect traditional networking components, leaving CEC outside of their scope. In this work, we identify and tap into CEC protocol vulnerabilities, using them to implement realistic proof-of-work attacks on HDMI distribution networks. We study, how current insecure CEC protocol practices and carelessly implemented HDMI distributions may grant an adversary a novel attack surface for HDMI devices otherwise thought to be unreachable through traditional means. To introduce this novel attack surface, in this paper, we present HDMI-Walk, which opens a realm of remote and local CEC attacks to HDMI devices. Specifically, with HDMI-Walk, an attacker can perform malicious analysis of devices, eavesdropping, Denial of Service attacks, targeted device attacks, and even facilitate other well-known existing attacks through HDMI. With HDMI-Walk, we prove that it is feasible for an attacker to gain arbitrary control of HDMI devices. We demonstrate the implementations of both local and remote attacks with commodity HDMI devices including Smart TVs and Media Players. Our work aims to uncover vulnerabilities in a very well deployed system like HDMI distributions. The consequences of which can largely impact HDMI users as well as other systems which depend on these distributions. Finally, we discuss security mechanisms to provide impactful and comprehensive security evaluation to these real-world systems while guaranteeing deployability and providing minimal overhead, while considering the current limitations of the CEC protocol. To the best of our knowledge, this is the first work solely investigating the security of HDMI device distribution networks.

Close

94.

Luis Puche Rondon, Leonardo Babun, Kemal Akkaya, A. Selcuk Uluagac

Attacking HDMI Distribution Networks: Poster Demo/Posters

2019.

Abstract | Links | BibTeX | Tags: Network Security

95.

AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, A. Selcuk Uluagac

HealthGuard: A Machine Learning-Based Security Framework for Smart Healthcare Systems Conference

In the Proceedings of the 6th International Conference on Social Networks Analysis, Management and Security (SNAMS), 2019.

Abstract | Links | BibTeX | Tags: Machine Learning Security

@conference{Newaz2019Hcguard,

title = {HealthGuard: A Machine Learning-Based Security Framework for Smart Healthcare Systems},

author = {AKM Iqtidar Newaz and Amit Kumar Sikder and Mohammad Ashiqur Rahman and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8931716},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

booktitle = {In the Proceedings of the 6th International Conference on Social Networks Analysis, Management and Security (SNAMS)},

abstract = {The integration of Internet-of-Things and pervasive computing in medical devices have made the modern healthcare system “smart.” Today, the function of the healthcare system is not limited to treat the patients only. With the help of implantable medical devices and wearables, Smart Healthcare System (SHS) can continuously monitor different vital signs of a patient and automatically detect and prevent critical medical conditions. However, these increasing functionalities of SHS raise several security concerns and attackers can exploit the SHS in numerous ways: they can impede normal function of the SHS, inject false data to change vital signs, and tamper a medical device to change the outcome of a medical emergency. In this paper, we propose HealthGuard, a novel machine learning-based security framework to detect malicious activities in a SHS. HealthGuard observes the vital signs of different connected devices of a SHS and correlates the vitals to understand the changes in body functions of the patient to distinguish benign and malicious activities. HealthGuard utilizes four different machine learning-based detection techniques (Artificial Neural Network, Decision Tree, Random Forest, k-Nearest Neighbor) to detect malicious activities in a SHS. We trained HealthGuard with data collected for eight different smart medical devices for twelve benign events including seven normal user activities and five disease-affected events. Furthermore, we evaluated the performance of HealthGuard against three different malicious threats. Our extensive evaluation shows that HealthGuard is an effective security framework for SHS with an accuracy of 91 % and an F1 score of 90 %.},

keywords = {Machine Learning Security},

pubstate = {published},

tppubtype = {conference}

}

Close

96.

Leonardo Babun, Z Berkay Celik, Patrick McDaniel, A Selcuk Uluagac

Real-time analysis of privacy-(un) aware IoT applications Conference

In the Proceedings of the Privacy Enhancing Technologies Symposium (PoPETs), 2019.

Abstract | Links | BibTeX | Tags: IoT Security

97.

Leonardo Babun, Amit K. Sikder, Abbas Acar, A. Selcuk Uluagac

A Digital Forensics Framework for Smart Settings: Poster Conference

In the Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks (WiSec), 2019.

Abstract | Links | BibTeX | Tags: Forensics, IoT Security

98.

Abbas Acar, Long Lu, A. Selcuk Uluagac, Engin Kirda

An Analysis of Malware Trends in Enterprise Networks Conference

In the Proceedings of the Information Security Conference (ISC), 2019.

Abstract | Links | BibTeX | Tags: Enterprise Security, Malware

@conference{Acar2019MalwareTrendsb,

title = { An Analysis of Malware Trends in Enterprise Networks},

author = {Abbas Acar and Long Lu and A. Selcuk Uluagac and Engin Kirda},

url = {https://link.springer.com/chapter/10.1007/978-3-030-30215-3_18},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

booktitle = {In the Proceedings of the Information Security Conference (ISC)},

abstract = {We present an empirical and large-scale analysis of malware samples captured from two different enterprises from 2017 to early 2018. Particularly, we perform threat vector, social-engineering, vulnerability and time-series analysis on our dataset. Unlike existing malware studies, our analysis is specifically focused on the recent enterprise malware samples. First of all, based on our analysis on the combined datasets of two enterprises, our results confirm the general consensus that AV-only solutions are not enough for real-time defenses in enterprise settings because on average 40% of the malware samples, when first appeared, are not detected by most AVs on VirusTotal or not uploaded to VT at all (i.e., never seen in the wild yet). Moreover, our analysis also shows that enterprise users transfer documents more than executables and other types of files. Therefore, attackers embed malicious codes into documents to download and install the actual malicious payload instead of sending malicious payload directly or using vulnerability exploits. Moreover, we also found that financial matters (e.g., purchase orders and invoices) are still the most common subject seen in Business Email Compromise (BEC) scams that aim to trick employees. Finally, based on our analysis on the timestamps of captured malware samples, we found that 93% of the malware samples were delivered on weekdays. Our further analysis also showed that while the malware samples that require user interaction such as macro-based malware samples have been captured during the working hours of the employees, the massive malware attacks are triggered during the off-times of the employees to be able to silently spread over the networks.},

howpublished = {In the proceedings of the Information Security Conference (ISC)},

keywords = {Enterprise Security, Malware},

pubstate = {published},

tppubtype = {conference}

}

Close

99.

Enes Erdin, Mumin Cebe, Kemal Akkaya, Eyuphan Bulut, A. Selcuk Uluagac

A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links Conference

In the Proceedings of the IEEE International Conference on Blockchain (Blockchain), 2019.

Abstract | Links | BibTeX | Tags: Bitcoin, Blockchain Security

@conference{Erdin2019Blockchainb,

title = {A Heuristic-Based Private Bitcoin Payment Network Formation Using Off-Chain Links},

author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Eyuphan Bulut and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8946276},

year  = {2019},

date = {2019-01-01},

urldate = {2019-01-01},

booktitle = {In the Proceedings of the  IEEE International Conference on Blockchain (Blockchain)},

abstract = {While Bitcoin dominates the market for cryptocurrencies, its use in micropayments is still a challenge due to its long transaction validation times and high fees. Recently, the concept of off-chain payments is introduced that led to the idea of establishing a payment network called Lightning Network (LN). Off-chain links provide the ability to do transactions without writing to Blockchain. However, LN's design still favors fees and is creating hub nodes that defeat the purpose of Blockchain. In addition, it is still not reliable as not all the transactions are guaranteed to be transmitted to their destinations. If current retailers would like to use it, these problems might hinder its adoption. To address this issue, in this paper, we advocate creating a private payment network among a given set of retailers that will serve their business needs, just like the idea of private Blockchains. The goal is to build a pure peer-to-peer topology that will eliminate the need for relays and increase the robustness of payments. Using off-chain links as edges and retailers as nodes, the problem is formulated as a multi-flow commodity problem where transactions represent the commodities from various sources to destinations. As the multi-flow commodity problem is NP-Complete, we propose a heuristic approach that utilizes Dijkstra's shortest path algorithm in a dynamic way by updating the edge weights when new payment paths are to be found. The order of transactions is randomized to provide fairness among the retailers. The evaluations indicate that the proposed heuristic comes close to an optimal solution while providing scalability and user privacy.},

howpublished = {In the proceedings of the International Conference on Blockchain},

keywords = {Bitcoin, Blockchain Security},

pubstate = {published},

tppubtype = {conference}

}

Close

100.

Abbas Acar, Hidayet Aksu, Kemal Akkaya, A Selcuk Uluagac

Method for continuous user authentication with wearables Patent

2018.

Abstract | Links | BibTeX | Tags: Authentication, patent

101.

Abbas Acar, Hidayet Aksu, Kemal Akkaya, A. Selcuk Uluagac

Method for Continuous User Authentication with Wearables Patent

US10075846B1, 2018.

Links | BibTeX | Tags:

102.

Z. Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, A. Selcuk Uluagac

Sensitive Information Tracking in Commodity IoT Conference

In the Proceedings of the 27th USENIX Security Symposium, 2018.

Abstract | Links | BibTeX | Tags: IoT Security, Mobile Security

@conference{Berkay2018InfoTrackingb,

title = {Sensitive Information Tracking in Commodity IoT},

author = {Z. Berkay Celik and Leonardo Babun and Amit Kumar Sikder and Hidayet Aksu and Gang Tan and Patrick McDaniel and A. Selcuk Uluagac},

url = {https://www.usenix.org/conference/usenixsecurity18/presentation/celik},

year  = {2018},

date = {2018-08-01},

urldate = {2018-08-01},

booktitle = {In the Proceedings of the 27th USENIX Security Symposium},

abstract = {Broadly defined as the Internet of Things (IoT), the growth of commodity devices that integrate physical processes with digital connectivity has had profound effects on society--smart homes, personal monitoring devices, enhanced manufacturing and other IoT applications have changed the way we live, play, and work. Yet extant IoT platforms provide few means of evaluating the use (and potential avenues for misuse) of sensitive information. Thus, consumers and organizations have little information to assess the security and privacy risks these devices present. In this paper, we present SainT, a static taint analysis tool for IoT applications. SainT operates in three phases; (a) translation of platform-specific IoT source code into an intermediate representation (IR), (b) identifying sensitive sources and sinks, and (c) performing static analysis to identify sensitive data flows. We evaluate SainT on 230 SmartThings market apps and find 138 (60%) include sensitive data flows. In addition, we demonstrate SainT on IoTBench, a novel open-source test suite containing 19 apps with 27 unique data leaks. Through this effort, we introduce a rigorously grounded framework for evaluating the use of sensitive information in IoT apps---and therein provide developers, markets, and consumers a means of identifying potential threats to security and privacy.},

howpublished = {In the proceedings of the 27th USENIX Security Symposium},

keywords = {IoT Security, Mobile Security },

pubstate = {published},

tppubtype = {conference}

}

Close

103.

Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, Mauro Conti

A Survey on Homomorphic Encryption Schemes: Theory and Implementation Journal Article

In: ACM Computing Surveys, 2018.

Abstract | Links | BibTeX | Tags: Cryptography, Privacy-preserving

@article{Acar2018HomomEncb,

title = {A Survey on Homomorphic Encryption Schemes: Theory and Implementation},

author = {Abbas Acar and Hidayet Aksu and A. Selcuk Uluagac and Mauro Conti},

url = {https://doi.org/10.1145/3214303},

year  = {2018},

date = {2018-07-01},

urldate = {2018-07-01},

journal = {ACM Computing Surveys},

publisher = {Association for Computing Machinery (ACM)},

address = {New York, NY, USA},

abstract = {Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars for achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes, are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, and extending the state-of-the-art HE, PHE, SWHE, and FHE systems.},

howpublished = {ACM Computing Surveys},

keywords = {Cryptography, Privacy-preserving},

pubstate = {published},

tppubtype = {article}

}

Close

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. The users or service providers with the key have exclusive rights on the data. Especially with popular cloud services, control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. Therefore, this survey focuses on HE and FHE schemes. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars for achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes, are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, and extending the state-of-the-art HE, PHE, SWHE, and FHE systems.

Close

104.

Nico Saputro, Kemal Akkaya, Ramazan Algin, Selcuk Uluagac

Drone-Assisted Multi-Purpose Roadside Units for Intelligent Transportation Systems Conference

In the proceedings of the 88th Vehicular Technology Conference (VTC-Fall), 2018.

Abstract | Links | BibTeX | Tags: Network Security, UAV Security

105.

Samet Tonyali, Kemal Akkaya, Nico Saputro, A. Selcuk Uluagac, Mehrdad Nojoumian

Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems Journal Article

In: Future Generation Computer Systems journal, 2018.

Abstract | Links | BibTeX | Tags: IoT Security, Smart-grid Security

@article{TONYALI2018IoTdataAgreb,

title = {Privacy-preserving protocols for secure and reliable data aggregation in IoT-enabled Smart Metering systems},

author = {Samet Tonyali and Kemal Akkaya and Nico Saputro and A. Selcuk Uluagac and Mehrdad Nojoumian},

url = {https://www.sciencedirect.com/science/article/pii/S0167739X17306945},

doi = {https://doi.org/10.1016/j.future.2017.04.031},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

journal = {Future Generation Computer Systems journal},

abstract = {As the Internet of Things (IoT) gets more pervasive, its areas of usage expands. Smart Metering systems is such an IoT-enabled technology that enables convenient and high frequency data collection compared to existing metering systems. However, such a frequent data collection puts the consumers’ privacy in risk as it helps expose the consumers’ daily habits. Secure in-network data aggregation can be used to both preserve consumers’ privacy and reduce the packet traffic due to high frequency metering data. The privacy can be provided by performing the aggregation on concealed metering data. Fully homomorphic encryption (FHE) and secure multiparty computation (secure MPC) are the systems that enable performing multiple operations on concealed data. However, both FHE and secure MPC systems have some overhead in terms of data size or message complexity. The overhead is compounded in the IoT-enabled networks such as Smart Grid (SG) Advanced Metering Infrastructure (AMI). In this paper, we propose new protocols to adapt FHE and secure MPC to be deployed in SG AMI networks that are formed using wireless mesh networks. The proposed protocols conceal the smart meters’ (SMs) reading data by encrypting it (FHE) or computing its shares on a randomly generated polynomial (secure MPC). The encrypted data/computed shares are aggregated at some certain aggregator SM(s) up to the gateway of the network in a hierarchical manner without revealing the readings’ actual value. To assess their performance, we conducted extensive experiments using the ns-3 network simulator. The simulation results indicate that the secure MPC-based protocol can be a viable privacy-preserving data aggregation mechanism since it not only reduces the overhead with respect to FHE but also almost matches the performance of the Paillier cryptosystem when it is used within a proper sized AMI network.},

keywords = {IoT Security, Smart-grid Security},

pubstate = {published},

tppubtype = {article}

}

Close

106.

Nico Saputro, Kemal Akkaya, Selcuk Uluagac

Supporting Seamless Connectivity in Drone-assisted Intelligent Transportation Systems Conference

In the Proceedings of the 43rd IEEE Conference on Local Computer Networks Workshops (LCN Workshops), 2018.

Abstract | Links | BibTeX | Tags: Network Security, UAV Security

107.

Enes Erdin, Hidayet Aksu, Selcuk Uluagac, Micheal Vai, Kemal Akkaya

OS Independent and Hardware-Assisted Insider Threat Detection and Prevention Framework Conference

In the Proceedings of the IEEE Military Communications Conference (MILCOM), 2018.

Abstract | Links | BibTeX | Tags: Hardware Security, Malware

@conference{8599719b,

title = {OS Independent and Hardware-Assisted Insider Threat Detection and Prevention Framework},

author = {Enes Erdin and Hidayet Aksu and Selcuk Uluagac and Micheal Vai and Kemal Akkaya},

url = {https://ieeexplore.ieee.org/abstract/document/8599719},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

publisher = {In the Proceedings of the IEEE Military Communications Conference (MILCOM)},

abstract = {Governmental and military institutions harbor critical infrastructure and highly confidential information. Although institutions are investing a lot for protecting their data and assets from possible outsider attacks, insiders are still a distrustful source for information leakage. As malicious software injection is one among many attacks, turning innocent employees into malicious attackers through social attacks is the most impactful one. Malicious insiders or uneducated employees are dangerous for organizations that they are already behind the perimeter protections that guard the digital assets; actually, they are trojans on their own. For an insider, the easiest possible way for creating a hole in security is using the popular and ubiquitous Universal Serial Bus (USB) devices due to its versatile and easy to use plug-and-play nature. USB type storage devices are the biggest threats for contaminating mission critical infrastructure with viruses, malware, and trojans. USB human interface devices are also dangerous as they may connect to a host with destructive hidden functionalities. In this paper, we propose a novel hardware-assisted insider threat detection and prevention framework for the USB case. Our novel framework is also OS independent. We implemented a proof-of-concept design on an FPGA board which is widely used in military settings supporting critical missions, and demonstrated the results considering different experiments. Based on the results of these experiments, we show that our framework can identify rapid-keyboard key-stroke attacks and can easily detect the functionality of the USB device plugged in. We present the resource consumption of our framework on the FPGA for its utilization on a host controller device. We show that the our hard-to-tamper framework introduces no overhead in USB communication in terms of user experience.},

keywords = {Hardware Security, Malware},

pubstate = {published},

tppubtype = {conference}

}

Close

108.

Enes Erdin, Mumin Cebe, Kemal Akkaya, Senay Solak, Eyuphan Bulut, Selcuk Uluagac

Building a Private Bitcoin-Based Payment Network Among Electric Vehicles and Charging Stations Conference

In the Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData), 2018.

Abstract | Links | BibTeX | Tags: Blockchain Security, Vehicle security

@conference{Erdin2018PrivBCNetc,

title = {Building a Private Bitcoin-Based Payment Network Among Electric Vehicles and Charging Stations},

author = {Enes Erdin and Mumin Cebe and Kemal Akkaya and Senay Solak and Eyuphan Bulut and Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8726825},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

publisher = {In the Proceedings of the IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)},

abstract = {Mass penetration and market dominance of Electric Vehicles (EVs) are expected in the upcoming years. Due to their frequent charging needs, not only public and private charging stations are being built, but also V2V charging options are considered. This forms a charging network with various suppliers and EV customers which can communicate to schedule charging operations. While an app can be designed to develop matching algorithms for charging schedules, the system also needs a convenient payment method that will enable privacy-preserving transactions among the suppliers and EVs. In this paper, we adopt a Bitcoin-based payment system for the EV charging network payments. However, Bitcoin has a transaction fee which would be comparable to the price of the charging service most of the time and thus may not be attractive to users. High transaction fees can be eliminated by building a payment network in parallel to main ledger, with permission and signatures. In this paper, we design and implement such a network among charging stations and mobile EVs with flow, connectivity and fairness constraints, and demonstrate results for the feasibility of the scheme under different circumstances. More specifically, we propose a payment network optimization model for determining payment channels among charging stations. We present numerical results on the characteristics of the network model by using realistic use cases.},

keywords = {Blockchain Security, Vehicle security},

pubstate = {published},

tppubtype = {conference}

}

Close

109.

Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, Kemal Akkaya

WACA: Wearable-Assisted Continuous Authentication Conference

In the Proceedings of the IEEE Security and Privacy Workshops (SPW) , 2018.

Abstract | Links | BibTeX | Tags: Authentication, Vehicle security

110.

Amit Kumar Sikder, Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, Kemal Akkaya, Mauro Conti

IoT-enabled smart lighting systems for smart cities Conference

In the Proceedings of the IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC), 2018.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security

@conference{Sikder2018Smartlightingb,

title = {IoT-enabled smart lighting systems for smart cities},

author = {Amit Kumar Sikder and Abbas Acar and Hidayet Aksu and A. Selcuk Uluagac and Kemal Akkaya and Mauro Conti},

url = {https://ieeexplore.ieee.org/abstract/document/8301744},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

booktitle = {In the Proceedings of the IEEE 8th Annual Computing and Communication Workshop and Conference (CCWC)},

abstract = {Over the past few decades, the rate of urbanization has increased enormously. More enhanced services and applications are needed in urban areas to provide a better lifestyle. Smart city, which is a concept of interconnecting modern digital technologies in the context of a city, is a potential solution to enhance the quality and performance of urban services. With the introduction of Internet-of-Things (IoT) in the smart city, new opportunities have emerged to develop new services and integrate different application domains with each other using Information and Communication Technologies. However, to ensure seamless services in an IoT-enabled smart city environment, all the applications have to be maintained with limited energy resources. One of the core sectors that can be improved significantly by implementing IoT is the lighting system of a city since it consumes more energy than other parts of a city. In a smart city, the lighting system is integrated with advanced sensors and communication channels to obtain a Smart Lighting System (SLS). The goal of an SLS is to obtain an autonomous and more efficient lighting management system. In this paper, we provide an overview of the SLS and review different IoT-enabled communication protocols, which can be used to realize the SLS in the context of a smart city. Moreover, we analyzed different usage scenarios for IoT-enabled indoor and outdoor SLS and provide an analysis of the power consumption. Our results reveal that IoT-enabled smart lighting systems can reduce power consumption up to 33.33% in both indoor and outdoor settings. Finally, we discussed the future research directions in SLS in the smart city.},

keywords = {IoT Security, Network Security},

pubstate = {published},

tppubtype = {conference}

}

Close

111.

Abdullah Aydeger, Nico Saputro, Kemal Akkaya, Selcuk Uluagac

Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications Conference

In the Proceedings of the 15th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2018.

Abstract | Links | BibTeX | Tags: Authentication, SDN Security

@conference{Aydeger2018AuthOverheadb,

title = {Assessing the overhead of authentication during SDN-enabled restoration of smart grid inter-substation communications},

author = {Abdullah Aydeger and Nico Saputro and Kemal Akkaya and Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8319206},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

publisher = {In the Proceedings of the 15th IEEE Annual Consumer Communications & Networking Conference (CCNC)},

abstract = {Since real-time and resilient recovery of link failures is crucial for power grid infrastructure to continue its services, emerging technologies such as Software Defined Networking (SDN) has started to be employed for such purposes. SDN switches can be remotely controlled to change their configurations by exploiting the wireless communication options. However, when wireless is to be used in Smart Grid communications, security and reliability become important issues due to the specific characteristics of wireless communications. This paper investigates the overhead of providing such services on wireless links when SDN is utilized. Specifically, we consider the establishment of authentication services when wireless back-up links (i.e., WiFi or LTE) are employed as a result of a reactive link failure detection mechanism. To the best of our knowledge, this work is the first to consider authentication of such an SDN-enabled Smart Grid inter-substation communication with WiFi and LTE. To be able to effectively evaluate the performance of this proposed SDN-enabled framework, we developed it in Mininet emulator. Since Mininet does not support the authentication services for WiFi or LTE, we proposed several novel extensions to Mininet by integrating it with ns-3 simulator that supports the LTE/WiFi protocol stacks. We conducted extensive experiments by considering a general application using Smart Grid Manufacturing Message Specification (MMS) standard to assess the recovery performance of the proposed secure SDN-enabled recovery system. The results show that when authentication and reliable protocols such as TCP are to be employed, the proposed framework can still meet the deadlines of 100 ms with WiFi while LTE misses only a few packets.},

keywords = {Authentication, SDN Security},

pubstate = {published},

tppubtype = {conference}

}

Close

112.

Halim Burak Yesilyurt, Hidayet Aksu, Selcuk Uluagac, Raheem Beyah

SOTA: Secure Over-the-Air Programming of IoT Devices Conference

In the Proceedings of the IEEE Military Communications Conference (MILCOM), 2018.

Abstract | Links | BibTeX | Tags: IoT Security

113.

Hidayet Aksu, Leonardo Babun, Mauro Conti, Gabriele Tolomei, A. Selcuk Uluagac

Advertising in the IoT Era: Vision and Challenges Journal Article

In: IEEE Communications Magazine, 2018.

Abstract | Links | BibTeX | Tags: IoT Security

114.

Cengiz Kaygusuz, Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

Detection of Compromised Smart Grid Devices with Machine Learning and Convolution Techniques Conference

In the Proceedings of the IEEE International Conference on Communications (ICC), 2018.

Abstract | Links | BibTeX | Tags: Smart-grid Security

@conference{Kaygusuz2018SmartGridMLb,

title = {Detection of Compromised Smart Grid Devices with Machine Learning and Convolution Techniques},

author = {Cengiz Kaygusuz and Leonardo Babun and Hidayet Aksu and A. Selcuk Uluagac},

url = {https://ieeexplore.ieee.org/abstract/document/8423022},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

booktitle = {In the Proceedings of the IEEE International Conference on Communications (ICC)},

abstract = {The smart grid concept has transformed the traditional power grid into a massive cyber- physical system that depends on advanced two-way communication infrastructure to integrate a myriad of different smart devices. While the introduction of the cyber component has made the grid much more flexible and efficient with so many smart devices, it also broadened the attack surface of the power grid. Particularly, compromised devices pose great danger to the healthy operations of the smart-grid. For instance, the attackers can control the devices to change the behaviour of the grid and can impact the measurements. In this paper, to detect such misbehaving malicious smart grid devices, we propose a machine learning and convolution-based classification framework. Our framework specifically utilizes system and library call lists at the kernel level of the operating system on both resource-limited and resource-rich smart grid devices such as RTUs, PLCs, PMUs, and IEDs. Focusing on the types and other valuable features extracted from the system calls, the framework can successfully identify malicious smart-grid devices. In order to test the efficacy of the proposed framework, we built a representative testbed conforming to the IEC-61850 protocol suite and evaluated its performance with different system calls. The proposed framework in different evaluation scenarios yields very high accuracy (avg. 91%) which reveals that the framework is effective to overcome compromised smart grid devices problem.},

keywords = {Smart-grid Security},

pubstate = {published},

tppubtype = {conference}

}

Close

115.

Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

Method of Resource-Limited Device and Device Class Identification Patent

2018.

Links | BibTeX | Tags:

116.

Kyle Denney, A. Selcuk Uluagac, Hidayet Aksu, Kemal Akkaya

An Android-Based Covert Channel Framework on Wearables Using Status Bar Notifications Journal Article

In: 2018.

Abstract | Links | BibTeX | Tags: Covert channels, Network Security, Wearables

117.

Muhammad A Hakim, Hidayet Aksu, A Selcuk Uluagac, Kemal Akkaya

U-pot: A honeypot framework for upnp-based iot devices Conference

In the Proceedings of the IEEE 37th International Performance Computing and Communications Conference (IPCCC), 2018.

Abstract | Links | BibTeX | Tags: Honeypot/Honeynet, IoT Security

@conference{hakim2018u,

title = {U-pot: A honeypot framework for upnp-based iot devices},

author = {Muhammad A Hakim and Hidayet Aksu and A Selcuk Uluagac and Kemal Akkaya},

url = {https://ieeexplore.ieee.org/document/8711321},

year  = {2018},

date = {2018-01-01},

urldate = {2018-01-01},

booktitle = {In the Proceedings of the IEEE 37th International Performance Computing and Communications Conference (IPCCC)},

abstract = {The ubiquitous nature of the IoT devices has brought serious security implications to its users. A lot of consumer IoT devices have little to no security implementation at all, thus risking user's privacy and making them target of mass cyber-attacks. Indeed, recent outbreak of Mirai botnet and its variants have already proved the lack of security on the IoT world. Hence, it is important to understand the security issues and attack vectors in the IoT domain. Though significant research has been done to secure traditional computing systems, little focus was given to the IoT realm. In this work, we reduce this gap by developing a honeypot framework for IoT devices. Specifically, we introduce U-PoT: a novel honeypot framework for capturing attacks on IoT devices that use Universal Plug and Play (UPnP) protocol. A myriad of smart home devices including smart switches, smart bulbs, surveillance cameras, smart hubs, etc. uses the UPnP protocol. Indeed, a simple search on Shodan IoT search engine lists 1,676,591 UPnP devices that are exposed to public network. The popularity and ubiquitous nature of UPnP-based IoT device necessitates a full-fledged IoT honeypot system for UPnP devices. Our novel framework automatically creates a honeypot from UPnP device description documents and is extendable to any device types or vendors that use UPnP for communication. To the best of our knowledge, this is the first work towards a flexible and configurable honeypot framework for UPnP-based IoT devices. We released U-PoT under an open source license for further research on IoT security and created a database of UPnP device descriptions. We also evaluated our framework on two emulated deices. Our experiments show that the emulated devices are able to mimic the behavior of a real IoT device and trick vendor-provided device management applications or popular IoT search engines while having minimal performance ovherhead.},

keywords = {Honeypot/Honeynet, IoT Security},

pubstate = {published},

tppubtype = {conference}

}

Close

118.

Mumin Cebe, Enes Erdin, Kemal Akkaya, Hidayet Aksu, Selcuk Uluagac

Block4forensic: An integrated lightweight blockchain framework for forensics applications of connected vehicles Journal Article

In: IEEE Communications Magazine, 2018.

Abstract | Links | BibTeX | Tags: Blockchain Security, Forensics, IoT Security

119.

Hidayet Aksu, A Selcuk Uluagac, Elizabeth S Bentley

Identification of wearable devices with bluetooth Journal Article

In: IEEE Transactions on Sustainable Computing Journal, 2018.

Abstract | Links | BibTeX | Tags: Fingerprinting, IoT Security

120.

Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

Detection of counterfeit and compromised devices using system and function call tracing techniques Patent

2017.

Abstract | Links | BibTeX | Tags: Fingerprinting, Smart-grid Security

121.

Juan Lopez, Leonardo Babun, Hidayet Aksu, A Selcuk Uluagac

A Survey on Function and System Call Hooking Approaches Journal Article

In: Journal of Hardware and Systems Security, 2017.

Abstract | Links | BibTeX | Tags: Fingerprinting

122.

Anurag Akkiraju, David Gabay, Halim Burak Yesilyurt, Hidayet Aksu, Selcuk Uluagac

Cybergrenade: Automated Exploitation of Local Network Machines via Single Board Computers Conference

In the Proceedings of the IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS), 2017.

Abstract | Links | BibTeX | Tags: Network Security

123.

Amit Kumar Sikder, Hidayet Aksu, A Selcuk Uluagac

{6thSense}: A context-aware sensor-based attack detector for smart devices Conference

In the Proceedings of the 26th USENIX Security Symposium (USENIX Security 17), 2017.

Abstract | Links | BibTeX | Tags: IoT Security, Smart Home Security

@conference{Sikder6thSenseUSENIX,

title = {{6thSense}: A context-aware sensor-based attack detector for smart devices},

author = {Amit Kumar Sikder and Hidayet Aksu and A Selcuk Uluagac},

url = {https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/sikder},

year  = {2017},

date = {2017-01-01},

urldate = {2017-01-01},

booktitle = {In the Proceedings of the 26th USENIX Security Symposium (USENIX Security 17)},

abstract = {Sensors (e.g., light, gyroscope, accelerometer) and sensing enabled applications on a smart device make the applications more user-friendly and efficient. However, the current permission-based sensor management systems of smart devices only focus on certain sensors and any App can get access to other sensors by just accessing the generic sensor API. In this way, attackers can exploit these sensors in numerous ways: they can extract or leak users’ sensitive information, transfer malware, or record or steal sensitive information from other nearby devices. In this paper, we propose 6thSense, a context-aware intrusion detection system which enhances the security of smart devices by observing changes in sensor data for different tasks of users and creating a contextual model to distinguish benign and malicious behavior of sensors. 6thSense utilizes three different Machine Learning-based detection mechanisms (i.e., Markov Chain, Naive Bayes, and LMT) to detect malicious behavior associated with sensors. We implemented 6thSense on a sensor-rich Android smart device (i.e., smartphone) and collected data from typical daily activities of 50 real users. Furthermore, we evaluated the performance of 6thSense against three sensor-based threats: (1) a malicious App that can be triggered via a sensor (e.g., light), (2) a malicious App that can leak information via a sensor, and (3) a malicious App that can steal data using sensors. Our extensive evaluations show that the 6thSense framework is an effective and practical approach to defeat growing sensor-based threats with an accuracy above 96% without compromising the normal functionality of the device. Moreover, our framework costs minimal overhead.},

keywords = {IoT Security, Smart Home Security},

pubstate = {published},

tppubtype = {conference}

}

Close

124.

Abbas Acar, Z. Berkay Celik, Hidayet Aksu, A. Selcuk Uluagac, Patrick McDaniel

Achieving Secure and Differentially Private Computations in Multiparty Settings Conference

In the Proceedings of the IEEE Symposium on Privacy-Aware Computing (PAC), 2017.

Abstract | Links | BibTeX | Tags: Cryptojacking, Secure Multipart Computation

@conference{AcarSecureIEEEPAC,

title = {Achieving Secure and Differentially Private Computations in Multiparty Settings},

author = {Abbas Acar and Z. Berkay Celik and Hidayet Aksu and A. Selcuk Uluagac and Patrick McDaniel},

url = {https://patrickmcdaniel.org/pubs/aca17.pdf},

year  = {2017},

date = {2017-01-01},

urldate = {2017-01-01},

booktitle = {In the Proceedings of the IEEE Symposium on Privacy-Aware Computing (PAC)},

abstract = {Sharing and working on sensitive data in distributed settings from healthcare to finance is a major challenge due to security and privacy concerns. Secure multiparty computation (SMC) is a viable panacea for this, allowing distributed parties to make computations while the parties learn nothing about their data, but the final result. Although SMC is instrumental in such distributed settings, it does not provide any guarantees not to leak any information about individuals to adversaries. Differential privacy (DP) can be utilized to address this; however, achieving SMC with DP is not a trivial task, either. In this paper, we propose a novel Secure Multiparty Distributed Differentially Private (SM-DDP) protocol to achieve secure and private computations in a multiparty environment. Specifically, with our protocol, we simultaneously achieve SMC and DP in distributed settings focusing on linear regression on horizontally distributed data. That is, parties do not see each others' data and further, can not infer information about individuals from the final constructed statistical model. Any statistical model function that allows independent calculation of local statistics can be computed through our protocol. The protocol implements homomorphic encryption for SMC and functional mechanism for DP to achieve the desired security and privacy guarantees. In this work, we first introduce the theoretical foundation for the SM-DDP protocol and then evaluate its efficacy and performance on two different datasets. Our results show that one can achieve individual-level privacy through the proposed protocol with distributed DP, which is independently applied by each party in a distributed fashion. Moreover, our results also show that the SM-DDP protocol incurs minimal computational overhead, is scalable, and provides security and privacy guarantees.},

keywords = {Cryptojacking, Secure Multipart Computation},

pubstate = {published},

tppubtype = {conference}

}

Close

125.

Kemal Akkaya, A Selcuk Uluagac, Abdullah Aydeger, Apurva Mohan

Secure Software Defined Networking Architectures for The Smart Grid Journal Article

In: Smart Grid-Networking, Data Management, and Business Models Book, 2017.

Abstract | Links | BibTeX | Tags: CPS Security, SDN Security, Smart Home Security

126.

Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

Identifying counterfeit smart grid devices: A lightweight system level framework Conference

In the Proceedings of the IEEE International Conference on Communications (ICC), 2017.

Abstract | Links | BibTeX | Tags: Fingerprinting, Smart Home Security

127.

Hamid Menouar, Ismail Guvenc, Kemal Akkaya, A. Selcuk Uluagac, Abdullah Kadri, Adem Tuncer

UAV-Enabled Intelligent Transportation Systems for the Smart City: Applications and Challenges Journal Article

In: IEEE Communications Magazine, 2017.

Abstract | Links | BibTeX | Tags: UAV Security

128.

Mehmet Hazar Cintuglu, Osama A. Mohammed, Kemal Akkaya, A. Selcuk Uluagac

A Survey on Smart Grid Cyber-Physical System Testbeds Journal Article

In: IEEE Communications Surveys & Tutorials Journal, 2017.

Abstract | Links | BibTeX | Tags: CPS Security

129.

Kyle Denney, A. Selcuk Uluagac, Kemal Akkaya, Shekhar Bhansali

A novel storage covert channel on wearable devices using status bar notifications Proceedings Article

In: 2016 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), pp. 845-848, 2016.

Links | BibTeX | Tags:

130.

Abdullah Aydeger, Kemal Akkaya, Mehmet H. Cintuglu, A. Selcuk Uluagac, Osama Mohammed

Software defined networking for resilient communications in Smart Grid active distribution networks Conference

In the Proceedings of the IEEE International Conference on Communications (ICC), 2016.

Abstract | Links | BibTeX | Tags: Network Security, SDN Security

131.

Edwin Vattapparamban, Ismail Güvenç, Ali I Yurekli, Kemal Akkaya, Selçuk Uluağaç

Drones for smart cities: Issues in cybersecurity, privacy, and public safety Conference

In the Proceedings of the International Wireless Communications and Mobile Computing Conference (IWCMC), 2016.

Abstract | Links | BibTeX | Tags: CPS Security, UAV Security

132.

Samet Tonyali, Kemal Akkaya, Nico Saputro, A. Selcuk Uluagac

A reliable data aggregation mechanism with Homomorphic Encryption in Smart Grid AMI networks Conference

In the Proceedings of the 13th IEEE Annual Consumer Communications & Networking Conference (CCNC), 2016.

Abstract | Links | BibTeX | Tags: CPS Security

133.

Gong Chen, Jacob H. Cox, A. Selcuk Uluagac, John A. Copeland

In-Depth Survey of Digital Advertising Technologies Journal Article

In: IEEE Communications Surveys & Tutorials, 2016.

Abstract | Links | BibTeX | Tags: Web Security

@article{ChenSurveyIEEE,

title = {In-Depth Survey of Digital Advertising Technologies},

author = {Gong Chen and Jacob H. Cox and A. Selcuk Uluagac and John A. Copeland},

url = {https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=7390161},

year  = {2016},

date = {2016-01-01},

urldate = {2016-01-01},

journal = {IEEE Communications Surveys & Tutorials},

abstract = {Some of the world’s most well-known IT companies are in fact advertising companies deriving their primary revenues through digital advertising. For this reason, these IT giants are able to continually drive the evolutions of information technology in ways that serve to enhance our everyday lives. The benefits of this relationship include free web browsers with powerful search engines and mobile applications. Still, it turns out that “free” comes at a cost that is paid through our interactions within a digital advertising ecosystem. Digital advertising is not without its challenges. Issues originate from the complex platforms utilized to support advertising over web and mobile application interfaces. This is especially true for advertising links. Additionally, as new methods for advertising develop so too does the potential for impacting its underlying ecosystem for good or ill. Accordingly, researchers are interested in understanding this ecosystem, the factors that impact it, and the strategies for improving it. The major contribution of this survey is that it is the first review of the digital advertising ecosystem as it applies to online websites and mobile applications. In doing so, we explain the digital advertising relationships within this ecosystem along with their technical, social, political, and physical implications. Furthermore, advertising principles along with a variation of other advertising

approaches, both legitimate and malicious, are explored in order to compare and contrast competing digital advertising methods.},

keywords = {Web Security},

pubstate = {published},

tppubtype = {article}

}

Close

134.

Leonardo Babun, Hidayet Aksu, A. Selcuk Uluagac

A framework for counterfeit smart grid device detection Conference

In the Proceedings of the IEEE Conference on Communications and Network Security (CNS), 2016.

Abstract | Links | BibTeX | Tags: CPS Security, Fingerprinting

135.

Selcuk Uluagac, Kemal Akkaya, Apurva Mohan, Mehmet H Cintuglu, Tarek Youssef, Osama Mohammed, Daniel Sullivan

Wireless Infrastructure in Industrial Control Systems Journal Article

In: Cyber-security of SCADA and Other Industrial Control Systems, 2016.

Links | BibTeX | Tags: CPS Security, Network Security

136.

Nico Saputro, Ali Ihsan Yurekli, Kemal Akkaya, Selcuk Uluagac

Privacy preservation for IoT used in smart buildings Journal Article

In: Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations, 2016.

Abstract | Links | BibTeX | Tags: IoT Security, Privacy Preserving, Smart Home Security

@article{SaputroPrivacyIOT,

title = {Privacy preservation for IoT used in smart buildings},

author = {Nico Saputro and Ali Ihsan Yurekli and Kemal Akkaya and Selcuk Uluagac},

url = {https://www.sciencedirect.com/science/article/pii/S0167739X23001322},

year  = {2016},

date = {2016-01-01},

urldate = {2016-01-01},

journal = {Security and Privacy in Internet of Things (IoTs): Models, Algorithms, and Implementations},

abstract = {Smart Buildings (SBs) employ the latest IoT technologies to automate building operations and services with the objective of increasing operational efficiency, maximising occupant comfort, and minimising environmental impact. However, these smart devices – mostly cloud-based – can capture and share a variety of sensitive and private data about the occupants, exposing them to various privacy threats. Given the non-intrusive nature of these devices, individuals typically have little or no awareness of the data being collected about them. Even if they do and claim to care about their privacy, they fail to take the necessary steps to safeguard it due to the convenience offered by the IoT devices. This discrepancy between user attitude and actual behaviour is known as the ‘privacy paradox’. To address this tension between data privacy, consent and convenience, this paper proposes a novel solution for informed consent management in shared smart spaces. Our proposed Informed Consent Management Engine (ICME) (a) increases user awareness about the data being collected by the IoT devices in the SB environment, (b) provides fine-grained visibility into privacy conformance and compliance by these devices, and (c) enables informed and confident privacy decision-making, through digital nudging. This study provides a reference architecture for ICME that can be used to implement diverse end-user consent management solutions for smart buildings. A proof-of-concept prototype is also implemented to demonstrate how ICME works in a shared smart workplace. Our proposed solution is validated by conducting expert interviews with 15 highly experienced industry professionals and academic researchers to understand the strengths, limitations, and potential improvements of the proposed system.},

keywords = {IoT Security, Privacy Preserving, Smart Home Security},

pubstate = {published},

tppubtype = {article}

}

Close

137.

Shruthi Ravichandran, Ramalingam K Chandrasekar, A Selcuk Uluagac, Raheem Beyah

A simple visualization and programming framework for wireless sensor networks: PROVIZ Journal Article

In: Ad Hoc Networks Journal, 2016.

Abstract | Links | BibTeX | Tags: IoT Security

@article{RavichandranPROVIZElsevier,

title = {A simple visualization and programming framework for wireless sensor networks: PROVIZ},

author = {Shruthi Ravichandran and Ramalingam K Chandrasekar and A Selcuk Uluagac and Raheem Beyah},

url = {https://www.sciencedirect.com/science/article/pii/S1570870516301639},

year  = {2016},

date = {2016-01-01},

urldate = {2016-01-01},

journal = {Ad Hoc Networks Journal},

publisher = {Elsevier},

abstract = {Wireless Sensor Networks (WSNs) are rapidly gaining popularity in various critical domains like health care, critical infrastructure, and climate monitoring, where application builders have diversified development needs for programming, visualization, and simulation tools. However, these tools are designed as separate stand-alone applications. To avoid the complexity of using multiple tools, we have designed a new extensible, multi-platform, scalable, and open-source framework called PROVIZ. PROVIZ is an integrated visualization and programming framework with the following features: PROVIZ includes (1) a visualization tool that can visualize heterogeneous WSN traffic (with different packet payload formats) by parsing the data received either from a packet sniffer (e.g., a sensor-based sniffer or a commercial TI SmartRF 802.15.4 packet sniffer) or from a simulator (e.g., OMNeT); (2) a scripting language based on the TinyOS sensor network platform that aims at reducing code size and improving programming efficacy; (3) an over-the-air programming tool to securely program sensor nodes; (4) a visual programming tool with basic sensor drag-and-drop modules for generating simple WSN programs; and (5) a visual network comparison tool that analyzes packet traces of two networks to generate a juxtaposed visual comparison of contrasting network characteristics. PROVIZ also includes built-in extensible visual demo deployment capabilities that allow users to quickly craft network scenarios and share them with other users. In this work, we introduce the various features of PROVIZ’s visualization and programming framework, analyze test scenarios, and discuss how all the tools can be used in sync with each other to create an all-encompassing development and test environment.},

keywords = {IoT Security},

pubstate = {published},

tppubtype = {article}

}

Close

138.

Spencer Michaels, Kemal Akkaya, A. Selcuk Uluagac

Inducing data loss in Zigbee networks via join/association handshake spoofing Conference

In the Proceedings of the IEEE Conference on Communications and Network Security (CNS), 2016.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security

139.

A Selcuk Uluagac

Sensory Channel Threats to Military CPS and loT Assets journal

2015.

BibTeX | Tags:

140.

Kemal Akkaya, A. Selcuk Uluagac, Abdullah Aydeger

Software defined networking for wireless local networks in Smart Grid Conference

In the Proceedings of the 40th IEEE Local Computer Networks Conference Workshops (LCN Workshops), 2015.

Abstract | Links | BibTeX | Tags: Network Security, SDN Security

@conference{AkkayaSofrwareIEEELCN,

title = {Software defined networking for wireless local networks in Smart Grid},

author = {Kemal Akkaya and A. Selcuk Uluagac and Abdullah Aydeger},

url = {https://ieeexplore.ieee.org/document/7365934},

year  = {2015},

date = {2015-01-01},

urldate = {2015-01-01},

booktitle = {In the Proceedings of the 40th IEEE Local Computer Networks Conference Workshops (LCN Workshops)},

abstract = {Emerging Software Defined Networking (SDN) technology has provided excellent flexibility to large-scale networks in terms of control, management, security, and maintenance. With SDN, network architectures can be deployed and maintained with ease. New trends in computing (e.g., cloud computing, data centers, and virtualization) can seamlessly be integrated with the SDN architecture. On the other hand, recent years witnessed a tremendous growth in the upgrade and modernization of the critical infrastructure networks, namely the Smart-Grid, in terms of its underlying communication infrastructure. From Supervisory Control and Data Acquisition (SCADA) systems to Advanced Metering Infrastructure (AMI), an increasing number of networking devices are being deployed to connect all the local network components of the Smart Grid together. Such large local networks requires significant effort in terms of network management and security, which is costly in terms of labor and hardware upgrades. SDN would be a perfect candidate technology to alleviate the costs while providing fine-grained control of this critical network infrastructure. Hence, in this paper, we explore the potential utilization of the SDN technology over the Smart Grid communication architecture. Specifically, we introduce three novel SDN deployment scenarios in local networks of Smart Grid. Moreover, we also investigate the pertinent security aspects with each deployment scenario along with possible solutions.},

keywords = {Network Security, SDN Security},

pubstate = {published},

tppubtype = {conference}

}

Close

141.

Troy Nunnally, A Selcuk Uluagac, Raheem Beyah

InterSec: An interaction system for network security applications Conference

In the Proceedings of the IEEE International Conference on Communications (ICC), 2015.

Abstract | Links | BibTeX | Tags: Network Security

142.

Christopher Wampler, Selcuk Uluagac, Raheem Beyah

Information leakage in encrypted ip video traffic Conference

In the Proceedings of the IEEE Global Communications Conference (GLOBECOM), 2015.

Abstract | Links | BibTeX | Tags: Network Security

143.

Abdullah Aydeger, Kemal Akkaya, A. Selcuk Uluagac

SDN-based resilience for smart grid communications Conference

In the Proceedings of the IEEE Conference on Network Function Virtualization and Software Defined Network (NFV-SDN), 2015.

Abstract | Links | BibTeX | Tags: SDN Security

144.

Sakthi Vignesh Radhakrishnan, A. Selcuk Uluagac, Raheem Beyah

GTID: A Technique for Physical Device and Device Type Fingerprinting Journal Article

In: IEEE Transactions on Dependable and Secure Computing Journal, 2015.

Abstract | Links | BibTeX | Tags: Fingerprinting, Network Security

145.

A. Selcuk Uluagac, Wenyi Liu, Raheem Beyah

A multi-factor re-authentication framework with user privacy Conference

In the Proceedings of the IEEE Conference on Communications and Network Security, 2014.

Abstract | Links | BibTeX | Tags: Authentication

@conference{UluagacAuthenticationIEEE,

title = {A multi-factor re-authentication framework with user privacy},

author = {A. Selcuk Uluagac and Wenyi Liu and Raheem Beyah},

url = {https://ieeexplore.ieee.org/document/6997526},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

booktitle = {In the Proceedings of the IEEE Conference on Communications and Network Security},

abstract = {Continuous re-authentication of users is a must to protect connections with long duration against any malicious activity. Users can be re-authenticated in numerous ways. One popular way is an approach that requires the presentation of two or more authentication factors (i.e., knowledge, possession, identity) called Multi-factor authentication (MFA). Given the market dominance of ubiquitous computing systems (e.g., cloud), MFA systems have become vital in re-authenticating users. Knowledge factor (i.e., passwords) is the most ubiquitous authentication factor; however, forcing a user to re-enter the primary factor, a password, at frequent intervals could significantly lower the usability of the system. Unfortunately, an MFA system with a possession factor (e.g., Security tokens) usually depends on the distribution of some specific device, which is cumbersome and not user-friendly. Similarly, MFA systems with an identity factor (e.g., physiological biometrics, keystroke pattern) suffer from a relatively low deployability and are highly intrusive and expose users sensitive information to untrusted servers. These servers can keep physically identifying elements of users, long after the user ends the relationship with the server. To address these concerns, in this poster, we introduce our initial design of a privacy-preserving multi-factor re-authentication framework. The first factor is a password while the second factor is a hybrid profile of user behavior with a large combination of host- and network-based features. Our initial results are very promising as our framework can successfully validate legitimate users while detecting impostors.},

keywords = {Authentication},

pubstate = {published},

tppubtype = {conference}

}

Close

146.

Aaron D Goldman, A Selcuk Uluagac, John A Copeland

Cryptographically-curated file system (CCFS): Secure, inter-operable, and easily implementable information-centric networking Conference

In the Proceedings of the 39th Annual IEEE Conference on Local Computer Networks, 2014.

Abstract | Links | BibTeX | Tags: Cryptojacking

147.

A. Selcuk Uluagac, Venkatachalam Subramanian, Raheem Beyah

Sensory channel threats to Cyber Physical Systems: A wake-up call Conference

In the Proceedings of the IEEE Conference on Communications and Network Security, 2014.

Abstract | Links | BibTeX | Tags: CPS Security

@conference{UluagacSensoryIEEE,

title = {Sensory channel threats to Cyber Physical Systems: A wake-up call},

author = {A. Selcuk Uluagac and Venkatachalam Subramanian and Raheem Beyah},

url = {https://ieeexplore.ieee.org/document/6997498},

year  = {2014},

date = {2014-01-01},

urldate = {2014-01-01},

booktitle = {In the Proceedings of the IEEE Conference on Communications and Network Security},

abstract = {Cyber-Physical Systems (CPS) is a relatively novel computing paradigm where there is a tight integration of communications, computation, and the physical environment. An important component of the CPS devices is the sensors they use to interact with each other and the physical world around them. With CPS applications, engineers monitor the structural health of highways and bridges, farmers check the health of their crops, and ecologists observe wildlife in their natural habitat. Nonetheless, current security models consider protecting only networking components of the CPS devices utilizing traditional security mechanisms (e.g., an intrusion detection system for the data that traverse the network protocol stacks). The protection mechanisms are not sufficient to protect CPS devices from threats emanating from sensory channels. Using sensory channels (e.g., light, temperature, infrared), an adversary can successfully attack systems. Specifically, the adversary can (1) trigger existing malware, (2) transfer malware, or (3) combine malicious use of different sensory channels to increase the impact of the attack on CPS devices. In this work, we focus on these novel sensory channel threats to CPS devices and applications. We first note how sensory channel threats are an emerging area for the CPS world. Then, we analyze the performance various sensory channel threats. Moreover, using an iRobot Create as our CPS platform, we exploit simple vulnerable programs on iRobot through its infrared channel. Finally, we introduce the design of a novel sensory channel aware intrusion detection system as a protection mechanism against the sensory channel threats for CPS devices.},

keywords = {CPS Security},

pubstate = {published},

tppubtype = {conference}

}

Close

148.

Xiaojing Liao, A. Selcuk Uluagac, Raheem A. Beyah

S-MATCH: Verifiable Privacy-Preserving Profile Matching for Mobile Social Services Conference

In the proceedings of the 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2014.

Abstract | Links | BibTeX | Tags: Mobile Security , Privacy-preserving, Social Networks Security

149.

Wenyi Liu, A. Selcuk Uluagac, Raheem Beyah

MACA: A privacy-preserving multi-factor cloud authentication system utilizing big data Conference

In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM Wksps) , 2014.

Abstract | Links | BibTeX | Tags: Authentication, Big Data Security

150.

Albert Brzeczko, A. Selcuk Uluagac, Raheem Beyah, John Copeland

Active deception model for securing cloud infrastructure Conference

In the proceedings of IEEE Conference on Computer Communications Workshops (INFOCOM), 2014.

Abstract | Links | BibTeX | Tags: Cloud Security, Honeypot/Honeynet

151.

Jinyoun Cho, A. Selcuk Uluagac, John Copeland, Yusun Chang

Efficient safety message forwarding using multi-channels in low density VANETs Conference

In the proceedings of the IEEE Global Communications Conference (GLOBECOM), 2014.

Abstract | Links | BibTeX | Tags: Vehicle security, Wireless Security

152.

Shouling Ji, A. Selcuk Uluagac, Raheem Beyah, Zhipeng Cai

Practical unicast and convergecast scheduling schemes for Cognitive Radio Networks Journal Article

In: Journal of Combinatorial Optimization, 2013.

Abstract | Links | BibTeX | Tags: Network Security, Wireless Security

153.

Shouling Ji, Jing (Selena) He, A. Selcuk Uluagac, Raheem Beyah, Yingshu Li

Cell-Based Snapshot and Continuous Data Collection in Wireless Sensor Networks Journal Article

In: ACM Transactions on Sensor Networks (TOSN), 2013.

Abstract | Links | BibTeX | Tags: Network Security

154.

Troy Nunnally, Penyen Chi, Kulsoom Abdullah, A. Selcuk Uluagac, John A. Copeland, Raheem Beyah

P3D: A parallel 3D coordinate visualization for advanced network scans Conference

In the proceedings of the IEEE International Conference on Communications (ICC), 2013.

Abstract | Links | BibTeX | Tags: Network Security, Security Visualization

155.

Troy Nunnally, Kulsoom Abdullah, A. Selcuk Uluagac, John A. Copeland, Raheem Beyah

NAVSEC: A Recommender System for 3D Network Security Visualizations Conference

In the proceedings of the 10th Workshop on Visualization for Cyber Security, 2013.

Abstract | Links | BibTeX | Tags: Network Security, Security Visualization

@conference{NunnallyNAVSECVizSec2013,

title = {NAVSEC: A Recommender System for 3D Network Security Visualizations},

author = {Troy Nunnally and Kulsoom Abdullah and A. Selcuk Uluagac and John A. Copeland and Raheem Beyah},

url = {https://dl.acm.org/doi/abs/10.1145/2517957.2517963},

year  = {2013},

date = {2013-01-01},

urldate = {2013-01-01},

booktitle = {In the proceedings of the 10th Workshop on Visualization for Cyber Security},

abstract = {As network attacks increase in complexity, the ability to quickly analyze security data and mitigate the effect of these attacks becomes a difficult problem. To alleviate these challenges, researchers are looking into various two-dimensional (2D) and three-dimensional (3D) visualization tools to detect, identify, and analyze malicious attacks. These visualization tools often require advanced knowledge in networking, visualization, and information security to operate, navigate, and successfully examine malicious attacks. Novice users, deficient in the required advanced knowledge, may find navigation within these visualization tools difficult. Furthermore, expert users may be limited and costly. We discuss the use of a modern recommender system to aid in navigating within a complex 3D visualization for network security applications. We developed a visualization module called NAVSEC, a recommender system prototype for navigating in 3D network security visualization tools. NAVSEC recommends visualizations and interactions to novice users. Given visualization interaction input from a novice user and expert communities, NAVSEC is instrumental in reducing confusion for a novice user while navigating in a 3D visualization. We illustrate NAVSEC with a use-case from an emulated stealthy scanning attack disguised as a file transfer with multiple concurrent connections. We show that using NAVSEC, a novice user's visualization converges towards a visualization used to identify or detect a suspected attack by an expert user. As a result, NAVSEC can successfully guide the novice user in differentiating between complex network attacks and benign legitimate traffic with step-by-step created visualizations and suggested user interactions.},

keywords = {Network Security, Security Visualization},

pubstate = {published},

tppubtype = {conference}

}

Close

156.

Sakthi V. Radhakrishnan, A. Selcuk Uluagac, Raheem Beyah

Realizing an 802.11-based covert timing channel using off-the-shelf wireless cards Conference

In the proceedings of the IEEE Global Communications Conference (GLOBECOM), 2013.

Abstract | Links | BibTeX | Tags: Covert channels, Network Security

157.

A. Selcuk Uluagac, Sakthi V. Radhakrishnan, Cherita Corbett, Antony Baca, Raheem Beyah

A passive technique for fingerprinting wireless devices with Wired-side Observations Conference

In the proceedings of the IEEE Conference on Communications and Network Security (CNS) , 2013.

Abstract | Links | BibTeX | Tags: Fingerprinting, Wireless Security

158.

Xiaojing Liao, A. Selcuk Uluagac, Raheem A. Beyah

S-Match: An efficient privacy-preserving profile matching scheme Conference

In the proceedings of IEEE Conference on Communications and Network Security (CNS), 2013.

Abstract | Links | BibTeX | Tags: Authentication, Privacy-preserving

159.

Venkatachalam Subramanian, A. Selcuk Uluagac, Hasan Cam, Raheem Beyah

Examining the characteristics and implications of sensor side channels Conference

In the proceedings of IEEE International Conference on Communications (ICC), 2013.

Abstract | Links | BibTeX | Tags: CPS Security, Network Security, Side Channel

160.

Ramalingam K. Chandrasekar, A. Selcuk Uluagac, Raheem Beyah

PROVIZ: An integrated visualization and programming framework for WSNs Conference

In the proceedings of the 38th Annual IEEE Conference on ALocal Computer Networks Workshops (LCN Workshops), 2013.

Abstract | Links | BibTeX | Tags: IoT Security, Security Visualization

161.

A. Selcuk Uluagac, Raheem A. Beyah, John A. Copeland

Secure SOurce-BAsed Loose Synchronization (SOBAS) for Wireless Sensor Networks Journal Article

In: In proceedings of IEEE Transactions on Parallel and Distributed Systems, 2013.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@article{UluagacSOBASIEEE2013,

title = {Secure SOurce-BAsed Loose Synchronization (SOBAS) for Wireless Sensor Networks},

author = {A. Selcuk Uluagac and Raheem A. Beyah and John A. Copeland},

url = {https://ieeexplore.ieee.org/abstract/document/6216359},

doi = {10.1109/TPDS.2012.170},

year  = {2013},

date = {2013-01-01},

urldate = {2013-01-01},

journal = {In proceedings of IEEE Transactions on Parallel and Distributed Systems},

abstract = {We present the Secure SOurce-BAsed Loose Synchronization (SOBAS) protocol to securely synchronize the events in the network, without the transmission of explicit synchronization control messages. In SOBAS, nodes use their local time values as a one-time dynamic key to encrypt each message. In this way, SOBAS provides an effective dynamic en-route filtering mechanism, where the malicious data is filtered from the network. With SOBAS, we are able to achieve our main goal of synchronizing events at the sink as quickly, as accurately, and as surreptitiously as possible. With loose synchronization, SOBAS reduces the number of control messages needed for a WSN to operate providing the key benefits of reduced energy consumption as well as reducing the opportunity for malicious nodes to eavesdrop, intercept, or be made aware of the presence of the network. Albeit a loose synchronization per se, SOBAS is also able to provide (7.24μ)s clock precision given today's sensor technology, which is much better than other comparable schemes (schemes that do not employ GPS devices). Also, we show that by recognizing the need for and employing loose time synchronization, necessary synchronization can be provided to the WSN application using half of the energy needed for traditional schemes. Both analytical and simulation results are presented to verify the feasibility of SOBAS as well as the energy consumption of the scheme under normal operation and attack from malicious nodes.},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {article}

}

Close

162.

Troy Nunnally, A. Selcuk Uluagac, John A. Copeland, Raheem Beyah

3DSVAT: A 3D Stereoscopic Vulnerability Assessment Tool for network security Conference

In the proceedings of 37th Annual IEEE Conference on Local Computer Networks (LCN), 2012.

Abstract | Links | BibTeX | Tags: Network Security, Security Visualization

@conference{Nunnally3DSVATIEEE2012,

title = {3DSVAT: A 3D Stereoscopic Vulnerability Assessment Tool for network security},

author = {Troy Nunnally and A. Selcuk Uluagac and John A. Copeland and Raheem Beyah},

url = {https://ieeexplore.ieee.org/abstract/document/6423586/},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

booktitle = {In the proceedings of 37th Annual IEEE Conference on Local Computer Networks (LCN)},

abstract = {As the volume of network data continues to increase and networks become more complex, the ability to accurately manage and analyze data quickly becomes a difficult problem. Many network management tools already use two-dimensional (2D) and three-dimensional (3D) visualization techniques to help support decision-making and reasoning of network anomalies and activity. However, a poor user interface combined with the massive amount of data could obfuscate important network details. As a result, administrators may fail to detect and identify malicious network behavior in a timely manner. 3D visualizations address this challenge by introducing monocular and binocular visual cues to portray depth and to increase the perceived viewing area. In this work, we explore these cues for 3D network security applications, with a particular emphasis on binocular disparity or stereoscopic 3D. Currently, no network security tool takes advantage of the enhanced depth perception provided by stereoscopic 3D technologies for vulnerability assessment. Compared to traditional 3D systems, stereoscopic 3D helps improve the perception of depth, which can, in turn reduce the number of errors and increase response times of network administrators. Thus, we introduce a stereoscopic 3D visual Framework for Rendering Enhanced 3D Stereoscopic Visualizations for Network Security (FRE3DS). Our novel framework uses state-of-the art 3D graphics rendering to assist in 3D visualizations for network security applications. Moreover, utilizing our framework, we propose a new 3D Stereoscopic Vulnerability Assessment Tool (3DSVAT). We illustrate the use of 3DSVAT to assist in rapid detection and correlation of attack vulnerabilities in a subset of a modified local area network data set using the enhanced perception of depth in a stereoscopic 3D environment.},

keywords = {Network Security, Security Visualization},

pubstate = {published},

tppubtype = {conference}

}

Close

163.

Aaron D Goldman, A. Selcuk Uluagac, Raheem Beyah, John A Copeland

Plugging the leaks without unplugging your network in the midst of Disaster Conference

In the proceedings of 37th Annual IEEE Conference on Local Computer Networks (LCN), 2012.

Abstract | Links | BibTeX | Tags: Network Security

@conference{GoldmanIEEE2012,

title = {Plugging the leaks without unplugging your network in the midst of Disaster},

author = {Aaron D Goldman and A. Selcuk Uluagac and Raheem Beyah and John A Copeland},

url = {https://ieeexplore.ieee.org/abstract/document/6423620/},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

booktitle = {In the proceedings of 37th Annual IEEE Conference on Local Computer Networks (LCN)},

abstract = {Network Disaster Recovery research has examined behavior of networks after disasters with an aim to restoring normal conditions. In addition to probable loss of connectivity, a disaster scenario can also lead to security risks. However, network security has been examined extensively under normal conditions, and not under conditions that ensue after disasters. Therefore, security issues should be addressed during the period of chaos after a disaster, but before operating conditions return to normal. Furthermore, security should be assured, while still allowing access to the network to enable public communication in order to assist in disaster relief efforts. In general, the desire to help with public assistance requires opening up access to the network, while security concerns add pressure to close down or limit access to the network. In this study, we show that the objectives of availability and confidentiality, two objectives that have not previously been considered together in disaster scenarios, can be simultaneously achieved. For our study, we evaluated six wireless devices with various network configurations, including a laptop, a Kindle Fire e-reader, an Android tablet, a Google Nexus phone, an IP camera, and an Apple TV, to approximate behaviors of a communication network under a disaster scenario. Actual data leakage was tracked and observed for these devices. To the best of our knowledge this has not previously been examined in a systematic manner for post-disaster scenarios. After illustrating the data leakage of various devices, we analyze the risk associated with the various types of leakage. Moving private traffic to a VPN would free the physical network for use as a public resource.},

keywords = {Network Security},

pubstate = {published},

tppubtype = {conference}

}

Close

164.

Marco Valero, Sang Shin Jung, A. Selcuk Uluagac, Yingshu Li, Raheem Beyah

Di-Sec: A distributed security framework for heterogeneous Wireless Sensor Networks Conference

In the proceedings IEEE International Conference on Computer Communications (INFOCOM), 2012.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@conference{ValeroDi-SecIEEE2012,

title = {Di-Sec: A distributed security framework for heterogeneous Wireless Sensor Networks},

author = {Marco Valero and Sang Shin Jung and A. Selcuk Uluagac and Yingshu Li and Raheem Beyah},

url = {https://ieeexplore.ieee.org/abstract/document/6195801/},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

booktitle = {In the proceedings IEEE International Conference on Computer Communications (INFOCOM)},

abstract = {Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for the Jamming attack does not defend against other attacks (e.g., Sybil and Selective Forwarding). In reality, one cannot know a priori what type of attack an adversary will launch. This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers statistics relevant for the defense mechanisms. The M-Core allows for the monitoring of both internal and external threats and supports the execution of multiple detection and defense mechanisms (DDMs) against different threats in parallel. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation of memory, communication, and sensing components shows that Di-Sec is feasible on today's resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the basic functionality of Di-Sec by implementing and simultaneously executing DDMs for attacks at various layers of the communication stack (i.e., Jamming, Selective Forwarding, Sybil, and Internal attacks).},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {conference}

}

Close

Wireless Sensor Networks (WSNs) are deployed for monitoring in a range of critical domains (e.g., health care, military, critical infrastructure). Accordingly, these WSNs should be resilient to attacks. The current approach to defending against malicious threats is to develop and deploy a specific defense mechanism for a specific attack. However, the problem with this traditional approach to defending sensor networks is that the solution for the Jamming attack does not defend against other attacks (e.g., Sybil and Selective Forwarding). In reality, one cannot know a priori what type of attack an adversary will launch. This work addresses the challenges with the traditional approach to securing sensor networks and presents a comprehensive framework, Di-Sec, that can defend against all known and forthcoming attacks. At the heart of Di-Sec lies the monitoring core (M-Core), which is an extensible and lightweight layer that gathers statistics relevant for the defense mechanisms. The M-Core allows for the monitoring of both internal and external threats and supports the execution of multiple detection and defense mechanisms (DDMs) against different threats in parallel. Along with Di-Sec, a new user-friendly domain-specific language was developed, the M-Core Control Language (MCL). Using the MCL, a user can implement new defense mechanisms without the overhead of learning the details of the underlying software architecture (i.e., TinyOS, Di-Sec). Hence, the MCL expedites the development of sensor defense mechanisms by significantly simplifying the coding process for developers. The Di-Sec framework has been implemented and tested on real sensors to evaluate its feasibility and performance. Our evaluation of memory, communication, and sensing components shows that Di-Sec is feasible on today's resource-limited sensors and has a nominal overhead. Furthermore, we illustrate the basic functionality of Di-Sec by implementing and simultaneously executing DDMs for attacks at various layers of the communication stack (i.e., Jamming, Selective Forwarding, Sybil, and Internal attacks).

Close

165.

Marco Valero, A. Selcuk Uluagac, S. Venkatachalam, K. C. Ramalingam, Raheem Beyah

The Monitoring Core: A framework for sensor security application development Conference

In the proceedings of the IEEE 9th International Conference on Mobile Adhoc and Sensor Systems (MASS) , 2012.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@conference{ValeroMonitoringCoreIEEE2012,

title = {The Monitoring Core: A framework for sensor security application development},

author = {Marco Valero, A. Selcuk Uluagac, S. Venkatachalam, K. C. Ramalingam and Raheem Beyah},

url = {https://ieeexplore.ieee.org/abstract/document/6502525/},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

booktitle = {In the proceedings of the IEEE 9th International Conference on Mobile Adhoc and Sensor Systems (MASS)



},

abstract = {Wireless sensor networks (WSNs) are used for the monitoring of physical and environmental phenomena, and applicable in a range of different domains (e.g., health care, military, critical infrastructure). When using WSNs in a variety of real-world applications, security is a vital problem that should be considered by developers. As the development of security applications (SAs) for WSNs require meticulous procedures and operations, the software implementation process can be more challenging than regular applications. Hence, in an effort to facilitate the design, development and implementation of WSN security applications, we introduce the Monitoring Core (M-Core). The M-Core is a modular, lightweight, and extensible software layer that gathers necessary data including the internal and the external status of the sensor (e.g., information about ongoing communications, neighbors, and sensing), and provides relevant information for the development of new SAs. Similar to other software development tools, the M-Core was developed to facilitate the design and development of new WSN SAs on different platforms. Moreover, a new user-friendly domain-specific language, the M-Core Control Language (MCL), was developed to further facilitate the use of the M-Core and reduce the developer's coding time. With the MCL, a user can implement new SAs without the overhead of learning the details of the underlying sensor software architecture (e.g., TinyOS). The M-Core has been implemented in TinyOS-2.x and tested on real sensors (Tmote Sky and MicaZ). Using the M-Core architecture, we implemented several SAs to show that the M-Core allows easy and rapid development of security programs efficiently and effectively.},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {conference}

}

Close

166.

KC Ramalingam, Venkatachalam Subramanian, Selcuk Uluagac, Raheem Beyah

SIMAGE: Secure and Link-Quality Cognizant Image Distribution for wireless sensor networks Conference

In the proceedings of IEEE Global Communications Conference (GLOBECOM), 2012.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@conference{RamalingamSimageIEEE2012,

title = {SIMAGE: Secure and Link-Quality Cognizant Image Distribution for wireless sensor networks},

author = {KC Ramalingam, Venkatachalam Subramanian, Selcuk Uluagac and Raheem Beyah},

url = {https://ieeexplore.ieee.org/abstract/document/6503181/},

year  = {2012},

date = {2012-01-01},

urldate = {2012-01-01},

booktitle = {In the proceedings of IEEE Global Communications Conference (GLOBECOM)},

abstract = {Wireless sensor networks (WSNs) are used in a range of critical domains (e.g., health care, military, critical infrastructure) where it is necessary that the nodes be reprogrammed with a new or modified code image without removing them from the deployment area. Various protocols have been developed for the dissemination of code images between sensors in multi-hop WSNs, where these sensor nodes may have varying levels of link quality. However, the code dissemination process in these protocols is hindered by the nodes with poor link quality. This results in an increased number of retransmissions and code dissemination time. Also, in several of the techniques, the code dissemination process is not secure and can be eavesdropped or disrupted by a malicious wireless sensor node in the transmission range. In this paper, we propose a simple approach, Secure and Link-Quality Cognizant Image Distribution (SIMAGE), to enhance the existing code dissemination protocol using the available resources in the sensors. Specifically, our approach adapts to the varying link conditions via dynamic packet sizing to reduce the number of retransmissions and overall code dissemination time. Our approach also provides confidentiality and integrity to the code dissemination process by utilizing energy-efficient encryption and authentication mechanisms with RC4 and the CBC-MAC. We have evaluated SIMAGE in a network of real sensors and the results show that adjusting the packet size as a function of link quality reduces the retransmitted data by 93% and the image transmission time by 35% when compared to the existing code dissemination protocols. The trade-offs between reliability, security overhead, and overall transmission time for SIMAGE are also discussed.},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {conference}

}

Close

167.

Christopher P. Lee, Arif Selcuk Uluagac, Kevin D. Fairbanks, John A. Copeland

The Design of NetSecLab: A Small Competition-Based Network Security Lab Journal Article

In: IEEE Transactions on Education Journal, 2011.

Abstract | Links | BibTeX | Tags: Network Security, Security Education

168.

A. Selcuk Uluagac, Raheem A. Beyah, Yingshu Li, John A. Copeland

VEBEK: Virtual Energy-Based Encryption and Keying for Wireless Sensor Networks Journal Article

In: IEEE Transactions on Mobile Computing Journal, 2010.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@article{UluagacVEBEKIEEE2010,

title = {VEBEK: Virtual Energy-Based Encryption and Keying for Wireless Sensor Networks},

author = {A. Selcuk Uluagac, Raheem A. Beyah, Yingshu Li and John A. Copeland},

url = {https://ieeexplore.ieee.org/abstract/document/5438995/},

doi = {10.1109/TMC.2010.51},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

journal = {IEEE Transactions on Mobile Computing Journal},

abstract = {Designing cost-efficient, secure network protocols for Wireless Sensor Networks (WSNs) is a challenging problem because sensors are resource-limited wireless devices. Since the communication cost is the most dominant factor in a sensor's energy consumption, we introduce an energy-efficient Virtual Energy-Based Encryption and Keying (VEBEK) scheme for WSNs that significantly reduces the number of transmissions needed for rekeying to avoid stale keys. In addition to the goal of saving energy, minimal transmission is imperative for some military applications of WSNs where an adversary could be monitoring the wireless spectrum. VEBEK is a secure communication framework where sensed data is encoded using a scheme based on a permutation code generated via the RC4 encryption mechanism. The key to the RC4 encryption mechanism dynamically changes as a function of the residual virtual energy of the sensor. Thus, a one-time dynamic key is employed for one packet only and different keys are used for the successive packets of the stream. The intermediate nodes along the path to the sink are able to verify the authenticity and integrity of the incoming packets using a predicted value of the key generated by the sender's virtual energy, thus requiring no need for specific rekeying messages. VEBEK is able to efficiently detect and filter false data injected into the network by malicious outsiders. The VEBEK framework consists of two operational modes (VEBEK-I and VEBEK-II), each of which is optimal for different scenarios. In VEBEK-I, each node monitors its one-hop neighbors where VEBEK-II statistically monitors downstream nodes. We have evaluated VEBEK's feasibility and performance analytically and through simulations. Our results show that VEBEK, without incurring transmission overhead (increasing packet size or sending control messages for rekeying), is able to eliminate malicious data from the network in an energy-efficient manner. We also show that our framework performs better than other comparable schemes in the literature with an overall 60-100 percent improvement in energy savings without the assumption of a reliable medium access control layer.},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {article}

}

Close

Designing cost-efficient, secure network protocols for Wireless Sensor Networks (WSNs) is a challenging problem because sensors are resource-limited wireless devices. Since the communication cost is the most dominant factor in a sensor's energy consumption, we introduce an energy-efficient Virtual Energy-Based Encryption and Keying (VEBEK) scheme for WSNs that significantly reduces the number of transmissions needed for rekeying to avoid stale keys. In addition to the goal of saving energy, minimal transmission is imperative for some military applications of WSNs where an adversary could be monitoring the wireless spectrum. VEBEK is a secure communication framework where sensed data is encoded using a scheme based on a permutation code generated via the RC4 encryption mechanism. The key to the RC4 encryption mechanism dynamically changes as a function of the residual virtual energy of the sensor. Thus, a one-time dynamic key is employed for one packet only and different keys are used for the successive packets of the stream. The intermediate nodes along the path to the sink are able to verify the authenticity and integrity of the incoming packets using a predicted value of the key generated by the sender's virtual energy, thus requiring no need for specific rekeying messages. VEBEK is able to efficiently detect and filter false data injected into the network by malicious outsiders. The VEBEK framework consists of two operational modes (VEBEK-I and VEBEK-II), each of which is optimal for different scenarios. In VEBEK-I, each node monitors its one-hop neighbors where VEBEK-II statistically monitors downstream nodes. We have evaluated VEBEK's feasibility and performance analytically and through simulations. Our results show that VEBEK, without incurring transmission overhead (increasing packet size or sending control messages for rekeying), is able to eliminate malicious data from the network in an energy-efficient manner. We also show that our framework performs better than other comparable schemes in the literature with an overall 60-100 percent improvement in energy savings without the assumption of a reliable medium access control layer.

Close

169.

Selcuk Uluagac, Raheem A. Beyah, John A. Copeland

Time-Based Dynamic Keying and En-Route Filtering (TICK) for Wireless Sensor Networks Conference

In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM), 2010.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

170.

Selcuk Uluagac, Raheem A Beyah,, John A. Copeland

Analysis of Varying AS Path Lengths from the Edge of the Network Conference

In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM), 2010.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security, Wireless Security

@conference{UluagacIEEE2010,

title = {Analysis of Varying AS Path Lengths from the Edge of the Network},

author = {Selcuk Uluagac, Raheem A Beyah, and John A. Copeland},

url = {https://ieeexplore.ieee.org/abstract/document/5683787/},

year  = {2010},

date = {2010-01-01},

urldate = {2010-01-01},

booktitle = {In the proceedings of IEEE Global Telecommunications Conference (GLOBECOM)},

abstract = {Understanding and analyzing the past and current behavior of the Internet will be instrumental in building tomorrow's more efficient and scalable networks (e.g., the future Internet). In this paper, we study the impact of Autonomous Systems (ASs) paths' end-to-end latency. Unfortunately, due to the diverse set of non-disclosed routing policies among ASs, packets belonging to a certain end-to- end connection may traverse different ASs, causing fluctuating AS paths. Fluctuation of AS paths has been studied in the literature directly from the core of the network. In this paper, we take a different approach to the analysis of the fluctuation, solely from the edge of the network. Specifically, from the end user's perspective, some AS paths may be optimal (or better) and some sub-optimal. Furthermore, there is not a unique definition for sub- optimality as it may be reflected with various measures (e.g., latency) depending on the application requirements and expectations. In this paper we analyze fluctuating AS path lengths (ASPLs) and investigate their impact on the end-to-end latency over the Internet at a greater scale than previous studies. This study was conducted using Scriptroute to probe various PlanetLab nodes. Our results show that all of the source nodes experienced some AS path differences and the ASPL values that the sources use greatly vary. At worst, some nodes experienced different paths over 70% of the time during our measurements. We observed that the largest difference in ASPLs on a particular connection was as high as 6 with an average of 2.5. Moreover, we present real cases where ASPL and latency values are related, inversely related, and not related at all. Finally, we provide a simple definition for suboptimality and analyze the collected data against this definition. We show that overall 82% of the fluctuating paths and 9% of all the traces between source-destination pairs faced sub-optimal AS paths.},

keywords = {IoT Security, Network Security, Wireless Security},

pubstate = {published},

tppubtype = {conference}

}

Close

171.

Thomas Fallon Walter E. Thain Jr. Arif Uluagac, John Copeland

Development Of Undergraduate Network Security Labs With Open Source Tools Proceedings Article

In: 2009 Annual Conference & Exposition, ASEE Conferences, Austin, Texas, 2009, (https://peer.asee.org/5772).

BibTeX | Tags:

172.

A. Selcuk Uluagac, Douglas B. Williams

Building Hardware-Based Low-Cost Experimental DSP Learning Modules Proceedings Article

In: 2008 Annual Conference & Exposition, ASEE Conferences, Pittsburgh, Pennsylvania, 2008, (https://peer.asee.org/3627).

BibTeX | Tags:

173.

A. Selcuk Uluagac, Christopher P. Lee, Raheem A. Beyah, John A. Copeland

Designing Secure Protocols for Wireless Sensor Networks Book

Springer Berlin Heidelberg, Berlin, Heidelberg, 2008.

Abstract | Links | BibTeX | Tags: IoT Security, Network Security

174.

A. Selcuk Uluagac, Jon M. Peha

IP Multicast over Cable TV Networks Book

Springer Berlin Heidelberg, Berlin, Heidelberg, 2003.

Abstract | Links | BibTeX | Tags: Network Security

175.

N. I. Haque, M. A. Rahman,, S. Uluagac

Formal threat analysis of machine learning-based control systems: A study on smart healthcare systems Journal Article

In: Elsevier Computers & Security, vol. 139, 0000.

Abstract | Links | BibTeX | Tags:

@article{haque2024formal,

title = {Formal threat analysis of machine learning-based control systems: A study on smart healthcare systems},

author = {N. I. Haque, M. A. Rahman, and S. Uluagac},

url = {https://www.sciencedirect.com/science/article/pii/S0167404824000105},

journal = {Elsevier Computers & Security},

volume = {139},

abstract = {Modern cyber-physical systems (CPSs) use the Internet of Things (IoT) to collect and exchange data efficiently, monitor device/sensor level interaction effectively, and adopt new standards effortlessly. Machine learning (ML) models are growingly used in the controllers of these IoT-enabled CPSs for pattern identification, state estimation, prediction, and anomaly detection. However, sophisticated adversaries can launch various attacks on the communication network and the hardware/firmware to introduce corrupted sensor measurements to manipulate the ML-based CPSs and create critical physical hazards. Hence, analyzing the threat space of a CPS is essential to understand the system's strength and identify the most vital resources to protect. However, existing studies have not proposed any verifiable solution for the threat analysis of ML-based CPSs. This paper presents a novel framework that uses efficient mechanisms to extract constraints from ML-based decision models and perform a formal threat analysis to identify potential false data injection (FDI) attack paths and corresponding effects on an IoT-enabled ML-based CPS. Our framework can provide us with all possible attack vectors, each representing a set of sensor measurements to be altered for a CPS given a specific set of attack attributes. The attack vectors enable us to assess the system's resiliency, thus providing insight to enhance the system's robustness. We consider an internet of medical things-enabled safety-critical CPS naming smart healthcare system (SHS) as the reference case. We validate our framework on a real SHS dataset, proving our framework's success in revealing feasible FDI attack paths. Our evaluation using synthetic and two real SHS datasets also affirms the tool's efficacy in the threat analysis of ML-based CPSs.},

keywords = {},

pubstate = {published},

tppubtype = {article}

}

Close

176.

Carlo Mazzocca, Abbas Acar, Selcuk Uluagac, Rebecca Montanari

EVOKE: Efficient Revocation of Verifiable Credentials in IoT Networks Proceedings

0000, ISBN: 978-1-939133-44-1.

Abstract | Links | BibTeX | Tags:

@proceedings{298228,

title = {EVOKE: Efficient Revocation of Verifiable Credentials in IoT Networks},

author = {Carlo Mazzocca and Abbas Acar and Selcuk Uluagac and Rebecca Montanari},

url = {https://www.usenix.org/conference/usenixsecurity24/presentation/mazzocca},

isbn = {978-1-939133-44-1},

abstract = {The lack of trust is one of the major factors that hinder collaboration among Internet of Things (IoT) devices and harness the usage of the vast amount of data generated. Traditional methods rely on Public Key Infrastructure (PKI), managed by centralized certification authorities (CAs), which suffer from scalability issues, single points of failure, and limited interoperability. To address these concerns, Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) have been proposed by the World Wide Web Consortium (W3C) and the European Union as viable solutions for promoting decentralization and "electronic IDentification, Authentication, and trust Services" (eIDAS). Nevertheless, at the state-of-the-art, there are no efficient revocation mechanisms for VCs specifically tailored for IoT devices, which are characterized by limited connectivity, storage, and computational power.



This paper presents EVOKE, an efficient revocation mechanism of VCs in IoT networks. EVOKE leverages an ECC-based accumulator to manage VCs with minimal computing and storage overhead while offering additional features like mass and offline revocation. We designed, implemented, and evaluated a prototype of EVOKE across various deployment scenarios. Our experiments on commodity IoT devices demonstrate that each device only requires minimal storage (i.e., approximately 1.5 KB) to maintain verification information, and most notably half the storage required by the most efficient PKI certificates. Moreover, our experiments on hybrid networks, representing typical IoT protocols (e.g., Zigbee), also show minimal latency in the order of milliseconds. Finally, our large-scale analysis demonstrates that even when 50% of devices missed updates, approximately 96% of devices in the entire network were updated within the first hour, proving the scalability of EVOKE in offline updates.},

keywords = {},

pubstate = {published},

tppubtype = {proceedings}

}

Close

177.

Tushar Nayan, Qiming Guo, Mohammed Al Duniawi, Marcus Botacin, Selcuk Uluagac, Ruimin Sun

SoK: All You Need to Know About On-Device ML Model Extraction - The Gap Between Research and Practice Proceedings

0000, ISSN: 978-1-939133-44-1.

Abstract | Links | BibTeX | Tags:

178.

Ousat, Behzad, Schafir, Esteban, Hoang, Duc C, Tofighi, Mohammad Ali, Nguyen, Cuong V, Arshad, Sajjad, Uluagac, Selcuk, Kharraz, Amin

The Matter of Captchas: An Analysis of a Brittle Security Feature on the Modern Web Proceedings

0000, ISBN: 9798400701719.

Abstract | Links | BibTeX | Tags:

@proceedings{ousat2024matter,

title = {The Matter of Captchas: An Analysis of a Brittle Security Feature on the Modern Web},

author = {Ousat, Behzad and Schafir, Esteban and Hoang, Duc C and Tofighi, Mohammad Ali and Nguyen, Cuong V and Arshad, Sajjad and Uluagac, Selcuk and Kharraz, Amin},

url = {https://dl.acm.org/doi/abs/10.1145/3589334.3645619},

isbn = {9798400701719},

abstract = {The web ecosystem is a fast-paced environment. In this dynamic landscape, new security features are offered one after another to enhance the security and robustness of web applications and the operations they handle. This paper focuses on a fragile but still in-use security feature, text-based CAPTCHAs, that had been wildly used by web applications in the past to protect against automated attacks such as credential stuffing and account hijacking. The paper first investigates what it takes to develop automated scanners that can solve previously unseen text-based CAPTCHAs. We evaluated the possibility of developing and integrating a pre-trained CAPTCHA solver in the automated web scanning process without using a significantly large training dataset. We also perform an analysis of the impact of such autonomous scanners on CAPTCHA-enabled websites. Our analysis shows that solvable text-based CAPTCHAs on login, contact, and comment pages of websites are not uncommon. In particular, we identified over 3,100 text-based CAPTCHA websites in critical sectors such as finance, government, and health with hundreds of thousands of users. We showed that a web scanner with a pre-trained solver could solve more than 20% of previously unseen CAPTCHAs in just one single attempt. This result is worrisome considering the substantial potential to autonomously run the operation across thousands of websites on a daily basis with minimal training. The findings suggest that the integration of autonomous scanning with pre-training and local optimization of models can significantly increase adversaries' asymmetric power to launch their attacks cheaper and faster.},

keywords = {},

pubstate = {published},

tppubtype = {proceedings}

}

Close

179.

Veksler, Maryna, Akkaya, Kemal, Uluagac, Selcuk

Catch me if you can: Covert Information Leakage from Drones using MAVLink Protocol Proceedings

0000, ISBN: 9798400704826.

Abstract | Links | BibTeX | Tags:

180.

Topcuoglu, Cem, Martinez, Andrea, Acar, Abbas, Uluagac, Selcuk, Kirda, Engin

MacOS versus Microsoft Windows: A Study on the Cybersecurity and Privacy User Perception of Two Popular Operating Systems Conference

Network and Distributed Systems Security Symposium (NDSS) 2026, 0000.

Abstract | Links | BibTeX | Tags:

@conference{topcuoglumacos,

title = {MacOS versus Microsoft Windows: A Study on the Cybersecurity and Privacy User Perception of Two Popular Operating Systems},

author = {Topcuoglu, Cem and Martinez, Andrea and Acar, Abbas and Uluagac, Selcuk and Kirda, Engin},

url = {https://www.ndss-symposium.org/ndss-paper/auto-draft-511/},

publisher = {Network and Distributed Systems Security Symposium (NDSS) 2026},

abstract = {Operating Systems (OSs) play a crucial role in shaping user perceptions of security and privacy. Yet, the distinct perception of different OS users received limited attention from security researchers. The two most dominant operating systems today are MacOS and Microsoft Windows. Although both operating systems contain advanced cybersecurity features that have made it more difficult for attackers to launch their attacks and compromise users, the folk wisdom suggests that users regard MacOS as being the more secure operating system among the two. However, this common belief regarding the comparison of these two operating systems, as well as the mental models behind it, have not been studied yet.

In this paper, by conducting detailed surveys with a large number of MacOS and Windows users (n= 208) on Amazon Mechanical Turk, we aim to understand the differences in perception among MacOS and Windows users concerning the cybersecurity and privacy of these operating systems. Our results confirm the folk wisdom and show that many Windows and MacOS users indeed perceive MacOS as a more secure and private operating system compared to Windows, basing their belief on reputation rather than technical decisions. Additionally, we found that MacOS users often take fewer security measures, influenced by a strong confidence in their system’s malware protection capabilities. Moreover, our analysis highlights the impact of the operating system’s reputation and the primary OS used on users’ perceptions of security and privacy. Finally, our qualitative analysis revealed many misconceptions such as being MacOS malware-proof. Overall, our findings suggest the need for more focused security training and OS improvements and show the shreds of evidence that the mental model of users in this regard is a vital process to predict new attack surfaces and propose usable solutions.},

keywords = {},

pubstate = {published},

tppubtype = {conference}

}

Close

181.

Liberati, Edoardo, Visintin, Alessandro, Lazzeretti, Riccardo, Conti, Mauro, Uluagac, Selcuk

X-Lock: A Secure XOR-Based Fuzzy Extractor for Resource Constrained Devices Proceedings

0000.

Abstract | Links | BibTeX | Tags: