Two winners announced for the ACSC Cybersecurity Poster Session

November 15, 2015

Hosted by Dr. Howard Shrobe, Principal Research Scientist at MIT CSAIL, the ACSC Cybersecurity Poster Session was sponsored by Allied Minds and .406 Ventures to promote the talent and innovation in cybersecurity being developed in New England's institutions of higher education.

Attendees of the ACSC Annual Conference on November 4 voted for the “next best thing” in cybersecurity at the annual Student Poster Session. Cybersecurity student projects represented New England colleges and universities including:

• Boston University
• Dartmouth College
• Northeastern University
• University of Massachusetts, Amherst
• University of Massachusetts, Dartmouth
• University of Massachusetts, Lowell
• University of Connecticut

During the event, students presented a brief project synopsis and answered questions at their individual poster display. Upon completion, attendees voted by secret ballot and the two posters with the most votes received $1000 prize each. The winners are:

TEDDI: Tamper Detection on Distributed Infrastructure
 Jason Reeves, Graduate Student, Dartmouth College
 Chris Frangieh, Undergraduate Student, Dartmouth College

As part of the push towards a smarter electric grid, utilities have installed a number of low-powered devices (for example, smart meters) along the periphery of their SCADA networks. These devices pose a security risk for utilities, as they are easy to find and access, have little physical security, and often have a connection directly to a utility’s SCADA network. Thus, an attacker could potentially compromise one of these devices and use it as a launchpad for attacks on other targets on the network, such as generating plants or control centers.
    
Despite the large amount of prior tamper protection research, however, traditional tamper solutions are not feasible for deployment in this environment. This is for several reasons:

To fill this gap, we developed TEDDI (Tamper Event Detection on Distributed Infrastructure), a sensor-based tamper protection system that fuses together data from a number of embedded devices to determine the tamper state of both the individual devices and the overall network. We use factor graphs to provide a data fusion tool for operators that is both easy to configure and powerful enough to handle a wide range of events, and we also include a flexible response mechanism that can be configured to perform different tasks for different events. We have also built the TEDDI Generation Tool, which can automatically produce the necessary code for deployment on arbitrary networks. Currently, we are working on evaluating the speed, accuracy, and usability of TEDDI within a realistic grid simulation.

Security Analysis of USB Technology
Daniel R. Noyes, Graduate Student, University of Massachusetts Dartmouth

One of the most commonly used standards in the computer industry today is the Universal Serial Bus (USB). Through the use of a common bus, USB allows numerous peripheral devices the ability to communicate with each other. Several leading companies in the industry have adopted the USB standard, designing interfaces to better transmit data between devices. The usage of this technology spans from printers and storage media to user input devices, such as distributed power sources for cell phones. Since these devices are ubiquitous in our everyday lives, ensuring their security is essential. USB devices are notorious for exposing unnecessary security vulnerabilities in computer systems. Due to these systematic and widespread insecurities, methods to protect critical devices are vital. With confidential and sensitive data on the line, how can these devices maintain their integrity?

This project aims to analyze the USB protocol regarding vulnerabilities as well as experimenting with security mechanics to protect the USB from both passive and active attacks. The project looks at various security incidents, and provides a basis to show the potential threat of any information communication using the USB protocol. This information which is transmitted between devices can be ambiguous, and is susceptible. The work then examines the state-of-the-art security measures deployed in current USB technology. It will also will look at various possible methods to improve the security.

In today's time we witness numerous incidences involving security. These incidences affect both
consumers and businesses alike. For example if a common device is infected with malicious software, what are the chances that this infected devices will capture data from a user? What are the chances that this device will be able to relay the data to someone else? With the common idea of the “Internet of Things” (IoT) we can see this idea as a potential threat for malicious intrusion upon users. The results of this project will help provide consumers with guidelines to assist in product selection, and direct future efforts to strengthen USB security. This will also open the door for further development towards building a resilient system for today’s technology.