Georgia Institute of Technology

Motorola Foundation Professor

-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).

Georgia Institute of Technology

Professor

-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).

Georgia Institute of Technology

Vice President for Interdisciplinary Research

-Advise the Executive Vice President for Research (EVPR) on matters related to interdisciplinary research strategy.
-Collaborate with vice presidents/provosts, deans, members of the President’s cabinet, school chairs, and associate deans and associate chairs for research to ensure that interdisciplinary research activities meet the highest standard of excellence and are supported in pursuit of Georgia Tech’s strategic research goals.
-Assist the EVPR and colleges with strategy and operational support for interdisciplinary research. Identify and address issues to enhance and advance interdisciplinary research activities.
-Provide oversight, direction and supervision to the operations and ongoing activities of the Interdisciplinary Research Institutes and Centers (IRIs and IRCs); the Pediatric Technology Center (PTC); the Global Center for Medical Innovation (GCMI); the Smart Cities Initiatives.
-Develop procedures and policies to further support and facilitate interdisciplinary research activities.
-Develop and supervise staff assigned in support of the activities of the Office of the Vice President for Interdisciplinary Research.
-Represent the Office of the EVPR, as appropriate, to various internal constituencies, as well as externally to agencies, institutions, and organizations.
-Facilitates research faculty integration and the GTRI/RI relationship; and other interdisciplinary research initiatives and activities which may emerge in the future.

Georgia Institute of Technology

Executive Director, Online Masters in Cybersecurity program (OMS Cybersecurity)

-Oversee curriculum matters and academic affairs for OMS Cybersecurity Degree program.
-Corporate fundraising in partnership with development officers for the Institute.
-Set strategic priorities for the OMS Cybersecurity Degree program.

Georgia Institute of Technology

Research Engineer

A. Raheem worked at Georgia Institute of Technology as a Research Engineer

Georgia Institute of Technology

Associate Chair for Strategic Initiatives and Innovation

-Managed the School's large portfolio of corporate partners and affiliates.
-Lead various strategic initiatives internal and external to the School.
-Facilitated industry partnerships, corporate research contract development, intellectual property negotiations.
-Supported partnership with the School’s advisory board.
-Partnered with engineering faculty members to develop and sustain a culture of innovation and entrepreneurship within their groups.

Fortiphyd Logic

Co-Founder

A. Raheem worked at Fortiphyd Logic as a Co-Founder

Andersen Consulting

Consultant

A. Raheem worked at Andersen Consulting as a Consultant

Georgia State

Assistant Professor

A. Raheem worked at Georgia State as a Assistant Professor

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

An Empirical Study of TCP Vulnerabilities in Critical Power System Devices

Smart Energy Grid Security (SEGS) Workshop

Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

An Empirical Study of TCP Vulnerabilities in Critical Power System Devices

Smart Energy Grid Security (SEGS) Workshop

Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.

A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations

IEEE Communications and Network Security

In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

An Empirical Study of TCP Vulnerabilities in Critical Power System Devices

Smart Energy Grid Security (SEGS) Workshop

Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.

A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations

IEEE Communications and Network Security

In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.

Realizing an 802.11-based Covert Timing Channel Using Off-The-Shelf Wireless Cards

Globecom 2013 - Communication and Information System Security Symposium

By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

An Empirical Study of TCP Vulnerabilities in Critical Power System Devices

Smart Energy Grid Security (SEGS) Workshop

Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.

A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations

IEEE Communications and Network Security

In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.

Realizing an 802.11-based Covert Timing Channel Using Off-The-Shelf Wireless Cards

Globecom 2013 - Communication and Information System Security Symposium

By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.

An incrementally deployable energy efficient 802.15.4 MAC protocol (DEEP)

In the Ad Hoc Networks Journal (Elsevier)

The IEEE 802.15.4 is a standard that specifies the physical layer and media access control for low data rate wireless personal area networks (WPANs). The standard is intended to provide connectivity to mobile devices with storage, energy, and communication constraints that can be used in many industrial, military and civilian application areas. These mobile devices (usually sensors) and actuators are equipped with a radio transceiver, a microcontroller, and a source of energy which is usually a battery. In order to extend the lifetime of a WPAN using the beacon-enabled 802.15.4 standard, we propose an incrementally deployable and energy efficient 802.15.4 MAC protocol (DEEP) for beacon-enabled sensor networks. The implementation of our protocol requires modifications to the superframe guaranteed time slot (GTS) distribution mechanism to reduce energy consumption in the network by reducing the size of broadcast beacons. We implement DEEP through simulations and also using real sensors. For the simulations, we implemented our protocol using Omnet++, and tinyOS and the nesC language were used for the experiments. Our results show that DEEP reduces energy consumption up to nearly 50% when seven devices allocate guaranteed time slots descriptors during normal communication. We also show that DEEP is backward compatible and can be incrementally deployed to extend the lifetime of the network: a partial deployment of DEEP leads to proportional improvements in the network energy savings.

Examining the characteristics and implications of sensor side channels

IEEE International Conference on Communications (ICC) 2013, Hungary

SecGraph: A Uniform and Open-source Evaluation System for Graph Data Anonymization and De-anonymization

USENIX Security

EDR2: A Sink Failure Resilient Approach for WSNs.

The proceedings of IEEE International Communications Conference (ICC)

Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.

A Physical Overlay Framework for Insider Threat Mitigation of Power System Devices

IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014

Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.

NAVSEC: A Recommender System for 3D Network Security Visualizations

IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA

T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.

An Empirical Study of TCP Vulnerabilities in Critical Power System Devices

Smart Energy Grid Security (SEGS) Workshop

Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.

A Passive Technique for Fingerprinting Wireless Devices with Wired-side Observations

IEEE Communications and Network Security

In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.

Realizing an 802.11-based Covert Timing Channel Using Off-The-Shelf Wireless Cards

Globecom 2013 - Communication and Information System Security Symposium

By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.

An incrementally deployable energy efficient 802.15.4 MAC protocol (DEEP)

In the Ad Hoc Networks Journal (Elsevier)

The IEEE 802.15.4 is a standard that specifies the physical layer and media access control for low data rate wireless personal area networks (WPANs). The standard is intended to provide connectivity to mobile devices with storage, energy, and communication constraints that can be used in many industrial, military and civilian application areas. These mobile devices (usually sensors) and actuators are equipped with a radio transceiver, a microcontroller, and a source of energy which is usually a battery. In order to extend the lifetime of a WPAN using the beacon-enabled 802.15.4 standard, we propose an incrementally deployable and energy efficient 802.15.4 MAC protocol (DEEP) for beacon-enabled sensor networks. The implementation of our protocol requires modifications to the superframe guaranteed time slot (GTS) distribution mechanism to reduce energy consumption in the network by reducing the size of broadcast beacons. We implement DEEP through simulations and also using real sensors. For the simulations, we implemented our protocol using Omnet++, and tinyOS and the nesC language were used for the experiments. Our results show that DEEP reduces energy consumption up to nearly 50% when seven devices allocate guaranteed time slots descriptors during normal communication. We also show that DEEP is backward compatible and can be incrementally deployed to extend the lifetime of the network: a partial deployment of DEEP leads to proportional improvements in the network energy savings.

A Network-based Approach to Counterfeit Detection

IEEE International Conference on Technologies for Homeland Security (HST)

American Association for the Advancement of Science (AAAS)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member

American Association for the Advancement of Science (AAAS)

Member

Institute of Electrical and Electronics Engineers (IEEE)

Senior Member

Association for Computing Machinery (ACM)

Senior Member

National Society of Black Engineers (NSBE)

Lifetime Member

American Society for Engineering Education (ASEE)

Member