Search for: All records

Despite long-contested viability, numerous applications still rely upon Advance Encryption Standard (AES) in Counter mode (AES-CTR). Research supports that the vulnerabilities associated with CTR from a mathematical perspective, mainly forgery attempts, stem from misusing the nonce. When paired with cryptographic algorithms, assuming no nonce misuse increases the complexity of unraveling CTR. This paper examines the pairing of CTR with AES-128 (AES-CTR). It includes (1) full key recovery for a software implementation of AES-CTR utilizing a template attack (TA) and (2) enhancing the TA analysis's point of interest (POI) using first-order analysis and known key to identify leaky samples. 

Project Connected Home over IP, known as Matter, a unifying standard for the smart home, will begin formal device certification in late 2022. The standard will prioritize connectivity using short-range wireless communication protocols such as Wi-Fi, Thread, and Ethernet. The standard will also include emerging technologies such as Blockchain for device certification and security. In this paper, we rely on the Matter protocol to solve the long-standing heterogeneity problem in smart homes. This work presents a hardware Testbed built using development kits, as there is currently very few devices supporting Matter protocol. In addition, it presents a network architecture that automates smart homes to cloud services. The work is a simple and cheap way of developing a Testbed for automating smart homes that uses Matter protocol. The architecture lays the foundation for exploring security and privacy issues, data collection analysis, and data provenance in a smart home ecosystem built on Matter protocol. 

Internet of Things (IoT) is a connected network of devices that exchange data using different protocols. The application of IoT ranges from intelligent TVs and intelligent Refrigerators to smart Transportation. This research aims to provide students with hands-on training on how to develop an IoT platform that supports device management, connectivity, and data management. People tend to build interconnected devices without having a basic understanding of how the IoT platform backend function. Studying the Arm Pelion will help to understand how IoT devices operate under the hood. This past summer, Morgan State University has hosted undergraduate engineering students and high school STEM teachers to conduct IoT security research in the Cybersecurity Assurance & Policy (CAP) Center. The research project involved integrating various hardware sensor devices and real-time data monitoring using the Arm Pelion IoT development platform. Some of the student/teacher outcomes from the project include: 1) Learning about IoT Technology and security; 2) Programming an embedded system using Arm Mbed development board and IDE; 3 3) Developing a network of connected IoT devices using different protocols such as LWM2M, MQTT, CoAP; 4) Investigating the cybersecurity risks associated with the platform; and 5) Using data analysis and visualization to understand the network data and packet flow. First, the student/teacher must consider the IoT framework to understand how to address the security. The IoT framework describes the essential functions of an IoT network, breaking it down into separate layers. These layers include an application layer, middleware layer, and connectivity layer. The application layer allows the users to access the platform via a smartphone or any other dashboard. The Middleware layer represents the backend system that provides edge devices with data management, messaging, application services, and authentication. Finally, the connectivity layer includes devices that connect the user to the network, including Bluetooth or WiFi. The platform consists of several commercial IoT devices such as a smart camera, baby monitor, smart light, and other devices. We then create algorithms to classify the network data flow; to visualize the packets flow in the network and the structure of the packets data frame over time. 

The NTT (Nippon Telegraph and Telephone) Data Corporation report found that 80% of U.S. consumers are concerned about their smart home data security. The Internet of Things (IoT) technology brings many benefits to people's homes, and more people across the world are heavily dependent on the technology and its devices. However, many IoT devices are deployed without considering security, increasing the number of attack vectors available to attackers. Numerous Internet of Things devices lacking security features have been compromised by attackers, resulting in many security incidents. Attackers can infiltrate these smart home devices and control the home via turning off the lights, controlling the alarm systems, and unlocking the smart locks, to name a few. Attackers have also been able to access the smart home network, leading to data exfiltration. There are many threats that smart homes face, such as the Man-in-the-Middle (MIM) attacks, data and identity theft, and Denial of Service (DoS) attacks. The hardware vulnerabilities often targeted by attackers are SPI, UART, JTAG, USB, etc. Therefore, to enhance the security of the smart devices used in our daily lives, threat modeling should be implemented early on in developing any given system. This past Spring semester, Morgan State University launched a (senior) capstone project targeting undergraduate (electrical) engineering students who were thus allowed to research with the Cybersecurity Assurance and Policy (CAP) center for four months. The primary purpose of the capstone was to help students further develop both hardware and software skills while researching. For this project, the students mainly focused on the Arduino Mega Board. Some of the expected outcomes for this capstone project include: 1) understanding the physical board components, 2) learning how to attack the board through the STRIDE technique, 3) generating a Data Flow Diagram (DFD) of the system using the Microsoft threat modeling tool, 4) understanding the attack patterns, and 5) generating the threat based on the user's input. To prevent future threats and attacks from taking advantage of systems vulnerabilities, the practice of "threat modeling" is implemented. This method allows the analysis of potential attackers, including their goals and techniques, while also providing solutions and mitigation strategies. Although Threat modeling can be performed throughout the development of a system, implementing it during developmental stages will prevent further problems in the future. Threat Modeling is crucial because it will help identify any potential threat before it propagates in the system. Identifying threats and providing countermeasures will save both time and money while also keeping the consumers safe. As a result, students must grow to understand how essential detecting and preventing attacks are to protect consumer information systems and networks. At the end of this capstone project, students should take away hands-on skills in cyber defense. 

The Internet of Medical Things (IoMT) is a rapidly growing community of intelligent medical technologies dedicated to sensing, monitoring, and reporting patient vitals, often with the intent of communicating findings with healthcare professionals (HCPs). For the past two summers, 2020 and 2021, four undergraduate electrical/computer engineering and computer science students, and two high school STEM teachers, worked with two graduate student mentors to explore various IoMT use cases via their participation in a Research Experiences for Undergraduates (REU) and Teachers (RET) program. During both summers, the REU/RET program was conducted remotely over nine weeks, not including pre-summer engagement activities. These pre-summer activities were designed to promote and encourage healthy mentor-mentee interactions while also providing an additional opportunity for participants to acclimate to their research projects before the program start. Throughout this work, participants were able to gain or further develop skills in some of the following areas: Ethical Hacking, Data Science, Intrusion Detection Systems, Linux, Machine Learning, Networking, and Python, as well as interact with a designated smart device and testing environment. In the first summer, participants were assigned a smart glucose meter and tasked with 1) exploiting the potential threats associated with installing smart devices onto unsecured network configurations via address resolution protocol (ARP) poisoning, and 2) exploring social engineering tactics through cloning the device user application. Additionally, in the following summer, participants became acquainted with an existing IoMT dataset, developing an intrusion detection system (IDS) to accurately distinguish between normal and abnormal network packets due to a deployed Man-in-the-Middle (MitM) attack. The outputs of this work include: both sets of participants preparing verbal presentations, including demonstrations, and written papers outlining their results and experiences. After the project, participants should understand and implement a set of guidelines for utilizing IoMT devices more securely and with added privacy.