CEDAR Symposium 2022

Authors: Alicia Thoney, Allyson Hays, Calvin VanWormer, Francis Korsah, Jenna Goodrich, Marc Wodahl, Shawna Wolf, William Frost

Project Lead: Alicia Thoney

Advisor: Dr. Mike Borowczak

Abstract: Due to the staggering cost of cyber-crime, industry professionals that fail to monitor and understand their infrastructure risk millions of dollars and gamble the future of their company. Our team researched cyber threat intelligence (CTI) data feeds and data visualization techniques to build a web application that compiles and displays vulnerabilities associated with a specific software configuration. Our initial functionality utilizes the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerability database to graphically display CTI. This display leverages Structured Threat Information Expression (STIX), a ubiquitous and digestible CTI language (which encourages relevance to a wide range of researchers). Future research aims to enrich STIX graphs and provide a personalized experience based on an organization's infrastructure.

Authors: Rafer Cooley, Taylor McCampbell

Project Lead: Rafer Cooley

Advisor: Dr. Mike Borowczak

Abstract: New malware programs have been known to evade defenses for some period of time until some event causes the malware to be evaluated and indexed by antivirus programs. After this event malware authors often use standard evasion techniques such as binary packing, encryption, null-string addition or control flow manipulation. The goal of this project is to evaluate the initial variant of a malware program then generate a library of indicators that will be able to detect any future versions of the malware sample.

Group Members: Shawna Wolf, Dr. Mike Borowczak, Alicia Thoney, Andey Robins, Natasha Miller, Francis Korsah, Kellen Mentock, Marc Wodahl

Project Lead: Shawna Wolf

Advisor: Mike Borowczak

Abstract: Every summer since 2015, The University of Wyoming has hosted a week-long cross-collaborative science/art summer camp for 80 upcoming 5th and 6th graders called The Artful Craft of Science (TACoS). Throughout each day of camp, attendees rotate through a variety of STEM-themed sections, including a 5-day introduction to computer science. Adaptations to course content delivery were necessary in 2020 and 2021 due to COVID-19. During those years, TACoS was moved to a fully virtual, asynchronous format. In 2022, the camp was still available asynchronously, but attendees were able to attend person. Over these past three summers, attention was given to improving video quality. In 2020, lessons were presented in five long, single-shot videos, showing the instructor going through course content and explaining concepts. In 2021, graphics and music were added to videos to present concepts in a visual way, and to break up long sections of explaining concepts. Improvement in video content between 2020 and 2021 could have encouraged more participation, increased retention, and higher student engagement throughout the 2021 camp. Videos in 2022 maintained higher quality video standards. Additionally, rather than having one long video per day, each day was divided into multiple 2- to 3-minute videos. Qualitative analysis for 2022 videos is in progress.

Authors: Clay Carper, Andey Robins, Dr. Mike Borowczak

Project Lead: Clay Carper

Advisor: Dr. Mike Borowczak

Abstract:  Modern embedded systems are ever present within our daily lives. Such devices remain vulnerable to Differential Power Analysis via side-channel attacks, which provide a powerful and flexible framework for exfiltrating valuable information. This work applies these principles with respect to determining properties of the underlying finite state machine dictating code execution on a STM32F030 microcontroller. A K-nearest neighbors classification model is used to determine the order of state transitions within the finite state machine with a maximum accuracy of 81% over 256 different classes. A second experiment was performed to evaluate the effect of dimensionality on the classification accuracy and found an ability to classify with an accuracy over 95% in classes with 32 elements and perfectly classify between only two classes. Results validate the need for protections against power-based side-channel attacks when sensitive information is handled by FSM-controlled components.

Authors: Clay Carper, Melanie Griffith

Project Lead: Clay Carper

Advisor: Dr. Mike Borowczak

Abstract: This poster goes over the hardware implementations that were done over the summer. It explains how buttons and a segmented display were driven using a target board and how those components went into making a pin checking functionality. First this poster will provide some background information about the project and then states the challenges of integrating the hardware components. Next it goes over how including the buttons and display was first tested on other boards and then sent via JTAG to the target board. Finally, the poster presents the results and goes over work and challenges that will be addressed in the future.

Authors: Clay Carper, Melanie Griffith, Caylie Charlton

Project Lead: Clay Carper

Advisor: Dr. Mike Borowczak

Abstract: This poster goes over the goals for what we would like to achieve over this academic year. The poster starts with a brief background statement about why the reader should be interested in this project and why it is important. Then it goes on to talk about the current setup of the xyz bed and the downfalls of such a setup. Next, the poster goes on to identify the problem statement and what we would like to change about the setup. The proposed method of how the digital control system will work is listed out and explained. Finally, the project goes over the work that we will need to put in over the upcoming months.

Authors: Jarek Brown

Project Lead: Jarek Brown

Mentors: Clay Carper, Shaya Wolf, Rafer Cooley

Advisor: Dr. Mike Borowczak

Abstract: The Secure, Heterogeneous, Autonomous, and Rotational Knowledge for Swarms (SHARKS) protocol investigates distributed algorithms for swarm movement patterns. The drones in any given swarm have restrained compute resources and little memory, so developing efficient behaviors is necessary for the agents to work within these restrictions. In addition to positioning behaviors, this project investigates safety protocols to protect the swarm from adversarial swarms and environmental obstacles. Current research aims to implement the protocol in physical hardware. This next step will begin with two wheeled drones operating in 2-D, with aerial drones being the desired end goal.

Authors: Kegan McIlwaine, Stone Olguin, James Caldwell

Project Lead: Kegan McIlwaine

Advisor: Dr. James Caldwell

Abstract:  Faustus is a formally verified extension of the smart contract programming language Marlowe. Marlowe itself is implemented in Haskell as a deeply embedded Domain Specific Language (DSL). Parameterized contracts provided in Faustus extend the language features in Marlowe to provide the means to compactly represent a large class of Marlowe contracts, and make Marlowe contracts more readable by eliminating duplicated code. We have developed the syntax, typing rules, and formal small-step semantics for Faustus. We have also implemented a compiler mapping Faustus programs to Marlowe programs, and proved the compiler correct with respect to the semantics of the two languages.

Authors: Sindhu Reddy Kalathur Gopal, Dr. Diksha Shukla

Project Lead: Sindhu Reddy Kalathur Gopal

Advisor: Dr. Diksha Shukla

Abstract: Two Factor Authentication (2FA) aims to enhance the security of users' accounts and data during password or pin-based login procedures. Two-factor authentication, however, raises usability concerns: users must go through an additional step to verify their identity. For example, the user must enter an OTP code or accept a push notification within the specified time. Traditionally used 2FA systems are susceptible to security threats, such as phishing attacks, losing tokens and mobile devices. In order to overcome the issues associated with 2FA methods that are currently in use, we propose EEG-2FA, which validates the user seamlessly without taking time off from work. EEG-2FA is a one step, two factor authentication system that relies only on familiarity factor in concealable electroencephalogram (EEG) signals while the user enters passwords to log in to their systems. Using EEG-2FA mitigates impersonation attacks because EEG is unique to each individual and is resistant to spoofing attacks, and identifies the user unobtrusively.

Authors: Danny Radosevich, Matt Bare, Matt Baker, Cody Danielson

Project Lead: Danny Radosevich

Advisor: Dr. Mike Borowczak

Abstract: SecretAgent works to subvert continuous authentication by learning user typing dynamics.

Authors: Dr. Hui Hu, Jessa Gegax-Randazzo, Clay Carper

Project Lead: Dr. Hui Hu

Advisor: Dr. Mike Borowczak

Abstract: Recent studies have shown the internal structure of a deep neural network is easily inferred via side-channel power attacks in the training process. To address this pressing privacy issue, we propose TP-NET, a novel solution for training privacy-preserving deep neural networks under side-channel power attacks. The main idea of TP-NET is to introduce randomness into the internal structure of a deep neural network and the training process.

Authors: Taylor McCampbell, Will Brant

Project Lead: Taylor McCampbell and Will Brant

Advisor: N/A

Abstract: The Machine Learning and Artificial Intelligence Pipeline is utilized more each day. However, its broad acceptance poses risks provided that an attacker can find vulnerabilities. The team will focus on testing and modeling the vulnerabilities of CUDA (Compute Unified Device Architecture) on Nvidia Jetson NanosTM. If the Nanos are proven vulnerable through CUDA privilege escalation, any GPU using CUDA will therefore be proven vulnerable. Additionally, the researchers will also analyze pipelines like Hugging Face and TensorFlow for exploitable opportunities. The team will focus on developing reproducible methods of privilege escalation. Tactics utilized will include fuzzing input data for segmentation faults and designing models that make segmentation faults controllable.

Authors: Shaya Wolf

Project Leadership: Mike Borowczak, Rita Foster, Jed Haile

Abstract: Machine learning applications, while ubiquitous, integrate vulnerabilities into various systems that rely on pattern detection tactics. Securing such systems requires intimate knowledge of the data flows and the models. This work includes four projects, two focused on machine learning attacks using academic-centric data, and two focused on securing machine learning models in industry settings. These projects rely on data typing, specified data sources, efficient data management, and thorough data validation, known as four of the nine machine learning pillars developed by Idaho National Laboratory.

Authors: Clay Carper, Stone Olguin

Project Lead: Clay Carper

Advisor: Dr. Mike Borowczak

Abstract: Statistical analysis methods for side-channel attacks are fairly limited. Testing side channel is through Test Vector Leakage Assessment (TVLA). The importance of TVLA is to show whether side channel attacks can get data from the cryptographic device in question. The three major methods used currently are the Pearson Chi-square test, Pearson's correlation coefficient and Welch's t-test for testing differences of means. We aim to generate data for validating current statistical methods and to explore alternate methods for testing statistical hypotheses.

Authors: Clay Carper, Andey Robins

Project Lead: Clay Carper

Advisor: Dr. Mike Borowczak

Abstract: Kraken, a cyrptocurrency exchange, sponsored a 16-hour camp for middle school aged students to learn about blockchain and cryptocurrency. We designed and executed a camp structured around game-based learning strategies that taught students about encryption, consensus, trust, simple blockchain elements, and other similar concepts. The camp concluded with a multi-stage puzzle game called "Blockchain Murder Mystery".

Group Members: INL Team of Experts, A Boise State University Senior-to-Master Student

Project Leadership: Shaya Wolf, Rita Foster, Jed Haile

Advisor: Mike Borowczak

Abstract: New-age industrial architectures for systems and processes require new-age security solutions. While advancements have been made in maintaining networks without inherently trusting agents, zero-trust architectures have yet to permeate industrial internet of things (IIoT) devices. This project is looking for a senior looking to master in cybersecurity and would provide funding for them to explore zero-trust IIoT systems while partnering with Idaho National Laboratory. This multidisciplinary project will give such a student the opportunity to work with experts in the field, collaborate with students from Boise State University, and work with CEDAR alumni.