Award Abstract # 1453647
CAREER: Securing Sensory Side-Channels in Cyber-Physical Systems

NSF Org: CNS
Division Of Computer and Network Systems
Recipient: FLORIDA INTERNATIONAL UNIVERSITY
Initial Amendment Date: May 7, 2015
Latest Amendment Date: May 26, 2022
Award Number: 1453647
Award Instrument: Continuing Grant
Program Manager: Jeremy Epstein
CNS
 Division Of Computer and Network Systems
CSE
 Directorate for Computer and Information Science and Engineering
Start Date: June 1, 2015
End Date: August 31, 2022 (Estimated)
Total Intended Award Amount: $480,484.00
Total Awarded Amount to Date: $496,484.00
Funds Obligated to Date: FY 2015 = $107,418.00
FY 2016 = $134,018.00

FY 2017 = $81,216.00

FY 2018 = $128,686.00

FY 2019 = $45,146.00
History of Investigator:
  • Selcuk Uluagac (Principal Investigator)
    suluagac@fiu.edu
Recipient Sponsored Research Office: Florida International University
11200 SW 8TH ST
MIAMI
FL  US  33199-2516
(305)348-2494
Sponsor Congressional District: 26
Primary Place of Performance: Florida International University
10555 W Flagler St
Miami
FL  US  33174-3900
Primary Place of Performance
Congressional District:
27
Unique Entity Identifier (UEI): Q3KCVK5S9CP1
Parent UEI: Q3KCVK5S9CP1
NSF Program(s): Special Projects - CNS,
CPS-Cyber-Physical Systems,
Secure &Trustworthy Cyberspace
Primary Program Source: 01001516DB NSF RESEARCH & RELATED ACTIVIT
01001617DB NSF RESEARCH & RELATED ACTIVIT

01001718DB NSF RESEARCH & RELATED ACTIVIT

01001819DB NSF RESEARCH & RELATED ACTIVIT

01001920DB NSF RESEARCH & RELATED ACTIVIT
Program Reference Code(s): 7918, 7434, 9251, 1045, 025Z, 9178
Program Element Code(s): 171400, 791800, 806000
Award Agency Code: 4900
Fund Agency Code: 4900
Assistance Listing Number(s): 47.070

ABSTRACT

Cyber-Physical Systems (CPS) integrate devices that can interact with each other and the physical world around them. With CPS applications, engineers monitor the structural health of highways and bridges, farmers check the health of their crops, and ecologists observe wildlife in their natural habitat. Using sensory side-channels (e.g., light, temperature, infrared, acoustic), an adversary can successfully attack CPS devices and applications by (1) triggering existing malware, (2) transferring malware, (3) combining multiple side-channels to increase the impact of a threat, or (4) leaking sensitive information. This project develops novel security tools and techniques to protect CPS devices and applications against sensory side-channel threats. The project results are released as an open source project, so interested software developers can extend and reuse them in other CPS research. Broader impacts include educational training and tools for the CPS field, and a collaboration with the Miami-Dade County Public Schools (M-DCPS), to expose underrepresented middle school students to state-of-the art technology topics to pique students' interests in cyber-security and cyber-physical systems.

The project investigates the sensory side-channel (e.g., acoustic, seismic, light, temperature) threats to CPS devices and applications and evaluates the feasibility and practicality of the attacks on real CPS equipment. The result is novel sensory side-channel-aware security tools and techniques for the CPS devices. Specifically, the principal investigator (1) analyzes the physical characteristics of the sensory CPS side-channels to understand how the physical world impacts the cyber world of CPS devices; (2) investigates the information leakage through the sensory side-channels on the CPS devices; (3) develops a novel IDS particularly designed to be aware of the sensory CPS side-channels; (4) designs and develops a CPS security testbed for test and experiments on real equipment and simulation tools.

PUBLICATIONS PRODUCED AS A RESULT OF THIS RESEARCH

Note:  When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

(Showing: 1 - 10 of 55)
A. Acar, Z. B. Celik, H. Aksu, A. S. Uluagac, and P. McDaniel "Achieving secure and differentially private computations in multiparty settings" IEEE Privacy-Aware Computing (PAC) Symposium , 2017 https://doi.org/10.1109/PAC.2017.12
A. Akkiraju, D. Gabay, B. Yesilyurt, H. Aksu, and A. S. Uluagac "Cybergrenade: Automated exploitation of local network machines via single board computers" 2017 IEEE 14th International Conference on Mobile Ad Hoc and Sensor Systems (MASS) , 2017 10.1109/MASS.2017.95
Abbas Acar, Hidayet Aksu, A. Selcuk Uluagac, and Mauro Conti "A Survey on Homomorphic Encryption Schemes: Theory, Implementation, and Applications" ACM Computing Surveys , v.51 , 2018 https://doi.org/10.1145/3214303
Abbas Acar, Long Lu, Selcuk Uluagac, Engin Kirda "An Analysis of Malware Trends in Enterprise Networks" In Proc. of 16th Conference on Detection of Intrusions and Malware & Vulnerability Assessment (DIMVA 2019) , 2019
Abbas Acar, Tigist Abera, Hossein Fereidooni, Markus Miettinen, Hidayet Aksu, Ahmad-Reza Sadeghi, A. Selcuk Uluagac "Peek-a-Boo: I see your smart home activities, even encrypted!" ACM WiSec 2020 , 2020
Acar, Abbas and Aksu, Hidayet and Uluagac, A. Selcuk and Conti, Mauro "A Survey on Homomorphic Encryption Schemes: Theory and Implementation" ACM Computing Surveys , v.51 , 2018 10.1145/3214303 Citation Details
A. Cosson, A. K. Sikder, L. Babun, Z. B. Celik, P. McDaniel, and S. Uluagac "Sentinel: A robust intrusion detection system for iot networks using kernel-level system information" 6th ACM/IEEE Conference on Internet of Things Design and Implementation (IoTDI) , 2021
AKM Iqtidar Newaz, A. K. Sikder, A. S. Uluagac "A Survey on Security and Privacy Issues in Modern Healthcare Systems: Attacks and Defenses" ACM Transactions on Computing for Healthcare , 2020
AKM Iqtidar Newaz, A. K. Sikder, L. Babun, and A. S. Uluagac "HEKA: A Novel Intrusion Detection System for Attacks to Personal Medical Devices" In Proc. of IEEE Conference on Communications and Network Security (CNS) , 2020
AKM Iqtidar Newaz, Amit Kumar Sikder, Mohammad Ashiqur Rahman, A. Selcuk Uluagac "HealthGuard: A Machine Learning-Based Security Framework for Smart Healthcare Systems" In 6th IEEE International Conference on Social Networks Analysis, Management and Security (SNAMS), Spain, October, 2019 , 2019
Akm Iqtidar Newaz, Nur Imtiazul Haque, Amit Kumar Sikder, Mohammad Ashiqur Rahman and A. Selcuk Uluagac "Adversarial Attacks on A Machine Learning-Based Smart Healthcare System" IEEE Globecom 2020 , 2020
(Showing: 1 - 10 of 55)

PROJECT OUTCOMES REPORT

Disclaimer

This Project Outcomes Report for the General Public is displayed verbatim as submitted by the Principal Investigator (PI) for this award. Any opinions, findings, and conclusions or recommendations expressed in this Report are those of the PI and do not necessarily reflect the views of the National Science Foundation; NSF has not approved or endorsed its content.

Emerging Cyber-Physical Systems (CPS) and Internet of Things (IoT) devices include numerous sensors onboard such as light, temperature, gyroscope, accelerometer, infrared, acoustic to facilitate our lives and the applications. However, these devices and applications can be hacked via their sensors.

In this project, we first investigated the sensor-based threats to CPS and IoT devices and applications and evaluated the feasibility and practicality of the attacks in real environments. For this, we showed how some existing IoT and smart platforms were vulnerable to sensor-based threats using real data from the devices and apps. Then, we developed novel context-aware security tools and techniques that are configurable and easy-to-deploy utilizing different machine learning (ML) algorithms. We tested the efficacy of the solutions with extensive analysis and data from real environments. In our solutions, we analyzed the trade-offs between security and performance, and found an optimal balance between them. Our formal security models and analysis have been supported by our extensive implementations and user studies.

The project team consisted of one PI and several PhD and undergraduate students from the PI's institute.  The team members gained hands-on experience and improved their knowledge basis in the area of cybersecurity. They were also actively involved in paper writing and patent filing processes. Research findings have been disseminated through publishing numerous research papers, PhD dissertations, filing patent applications (2 awarded and 2 pending), presentations and papers at top-tier cybersecurity conferences and journals, doing several demos of the project, and giving numerous invited talks. The project produced one of the first practical novel context-aware security tools and techniques that can be easily used in a wide variety of use-cases in a cost-effective and convenient manner against serious sensor-based cyber threats.  Moreover, the PI introduced the different cybersecurity tools developed in this project to thousands of K-12 Miami-Dade County Public Schools (M-DCPS) visiting the PI's lab to expose the students to the state-of-the art technology topics to pique their interests in cyber-security and cyber-physical and IoT systems.

Today, CPS and IoT devices and applications are not solely used by computer engineers and scientists, but also by ecologists for observing wildlife, geophysicists for monitoring seismic activities of volcanoes, farmers for precision agriculture, civil engineers for monitoring the health of deteriorating civil structures like highways and bridges, medical doctors and nurses for monitoring patients, and technology enthusiasts to develop applications. Since a significant number of critical functionalities in the CPS/IoT realm of other disciplines are also realized by interaction with the real world through the sensors, understanding the threats emanating from the sensory equipment on IoT and CPS devices and applications and securing the sensors through the tools that were developed in this project will have a significant impact on other disciplines as well.

 


Last Modified: 12/30/2022
Modified by: Selcuk Uluagac

Please report errors in award information by writing to: awardsearch@nsf.gov.

Print this page

Back to Top of page