Research Experience for Undergraduates 2016

NSF/DoD Summer Research Experience for Undergraduates in Trustable Computing Systems Departments of Electrical and Computer Engineering and Computer Science and Engineeringnsf1 May 31 – Aug 5, 2016

The 2016 REU class included the following students:

Jack Billings, North Central College

Implementing a Trust Profile for Adaptive Trust Negotiation in Mobile Devices

The healthcare industry is seeing large growth in the number stakeholders that utilize mobile devices on a daily basis. Problems arise when a healthcare stakeholder needs to access data on a foreign system for which they do not possess credentials. If an emergency room doctor is treating a patient in critical condition, whose medical records are stored on another hospital’s system, the doctor would require access to that system rapidly and securely. One possible solution to this problem is the use of a digital trust profile, which contains proof of successful access to sensitive healthcare data. The doctor would present these records of access as proof of their trustworthiness when attempting to access data stored on foreign systems. If they are granted access to data on the new system, the doctor would acquire a new record of that access to store in their trust profile. Jack implemented a trust profile system in the Connecticut Concussion Tracker (CT2) mobile application and a corresponding server. The system ensures the secure exchange of credentials between the mobile device and server, as well as providing means with which to authenticate and authorize a doctor to access sensitive healthcare data.

Erica Blum, Haverford College
Madeleine Rhee, Simmons College

A Linux Container-Based Approach to File Provenance

Linux containers allow developers to create well controlled yet lightweight envi- ronments within a host machine, and as such could provide an interesting foundation for secure, provenanced file storage. The provenance of a file describes the file‘s history, including which users have accessed it and what changes they made. This information can be invaluable if a file contains sensitive information, such as medical records or legal files. Prior research has sought to implement file storage with complete and verifiable records of file access; our research expands on these concepts and uses Linux containers to manage processes’ access to system resources. Linux containers are a lightweight alternative to virtual machines, as they share a kernel with the host machine rather than simulating an independent kernel. IMG_1976A FUSE (filesystem in userspace) interface mounted inside the container allows us to implement custom system calls that log provenance information. Linux containers have some security limitations, especially in the case that a user has root privileges on the machine, though these could potentially be addressed by introducing sections of memory not even root users can access.

Jason Corriveau, Bucknell University

Spatio-Situation-Based Access Control Model for Dynamic Permission on Mobile Applications

As mobile applications continue to grow in popularity, so does the concern of the security of personal information that is being entered, stored, and transmitted. This increased mobility has resulted in additional risks for private information being used improperly, particularly in the medical field when dealing with confidential health and fitness data. To address this privacy concern, the spatio-situation-based access control (SSBAC) model ensures that users only access information or perform actions when and where they are permitted. The SSBAC takes the user’s location, time, and situation (action that a user takes) into consideration to authorize a user based in his/her role. In order to demonstrate the effectiveness of a SSBAC, Jason implemented the underlying model of SSBAC in the Connecticut Concussion Tracker (CT2) as a proof of concept. The implementation consists of zones and access times being assigned to users based upon their role and which K-12 school that the user is located within. Jason’s contributions to the project include: creation of zones; assigning users to specific zones and times; updating the API and database to properly associate multiple users with different zones and times; and, designing and implementing a service which validates user authorization as they use CT2. Additionally, Jason conducted extensive testing of the system on the University of Connecticut campus, using different buildings as zones and ensuring the app handles zone changes properly. The focus of Jason’s work was towards implementing a SSBAC model in the CT2 app to demonstrate how effective it is in keeping patient data secure. Overall, the SSBAC model can be used in order to change the permission of users dynamically depending upon time and location to enhance security in mobile applications and ensure that personal information is handled as intended.

Alaina Doehrmann, University of St. Thomas

Secure Computer Systems And Hardware Auditing

This goal of this project was to investigate the software and hardware vulnerabilities of a network gateway. This was done by looking at the gateway from the perspective of an attacker in order to accurately follow the steps that would be taken to gain access to the gateway. There were found to be several vulnerabilities, such as a code injection vulnerability in the webfront and open serial ports, that could be used to gain access to the gateway.

Lukas Gnirke, Oberlin College

Server Side Framework for Role-Based Access Control in Mobile Applications

The use of mobile devices is rapidly replacing the role that desktop computers play in our daily lives. While their mobility allows for information to be more easily accessible through one of the many mobile applications available, it also poses a security risk in that any security based on physical location that a desktop computer may provide is no longer feasible. Because many of these applications handle highly sensitive data such as banking, social, or health information, ensuring that only authorized users can access the information is extremely important. To secure sensitive information stored in mobile applications, Lukas utilized role-based access control (RBAC) to create permissions defining the information accessible to each user, and based on these permissions, present a different version of the app to each user, displaying only the information they are authorized to see. Lukas implemented this RBAC security approach by using an intercepting server to intercept API calls made by the application, checking role-based permissions for each API call before allowing the API request to proceed to the original server. If the user does not have permission to be executing the API request, the intercepting server returns NULL to the application. For additional security, the user’s role is stored in a Java Web Token, which is then verified in each of the intercepting API calls.

Luke Johnson, Gonzaga University

Cryptography in Electronic Poll Book Systems: Trying is Not Good EnoughIMG_1981

Poll books are a way of verifying that each registered voter gets a single ballot. Poll station workers check in registered voters by finding their names in a printed paper list and crossing them out. Relying on humans makes this system slow, inaccurate and cumbersome. Moving paper processes like this to digital systems could improve speed, accuracy, and convenience. This switch would also remove the guaranteed reliability of the process given by the physical list. These sensitive digital systems require intelligent design and strong cryptography in order to maintain the integrity of election processes. This paper evaluates an electronic poll book system which has the illusion of security but fails to properly deploy cryptographic schemes. These failures allow attackers to completely disrupt the operations of a poll station. Luke developed an attack demonstrating that the individual failures at each security layer align to compromise the system as a whole. He also offered solutions to the attacks in an attempt to help future developers secure high value systems.

Kolby Lacy, Howard University
Mohamed Rilvan, Southern Connecticut State University

User Authentication on Smart Phones by Incorporating Capacitive Touch Screen

Smart phones, while providing users ease of access to sensitive information on the go, also present severe security risks if an attacker is able to gain access to them. Conventional authentication techniques such as 4-digit PIN and the pattern lock are prone to a user fault of predictable passwords due to necessity to remember the PIN/pattern, known as security fatigue. Biometric authentication has been introduced in order to lessen security fatigue. A form of biometric IMG_1974authentication for mobile phones that is currently deployed is the fingerprint scanner. These show a higher accuracy in authentication but require additional sensors. To strengthen the user authentication in a smartphone, Kolby and Mohamed developed a biometric authentication system which uses the capacitive sensors of the touchscreen, that are featured in all current smartphones. Their methodology focused on using the touchscreen as a image sensor to capture users’ body parts, such as ears and fingers. They extracted the capacitive raw data from the touched body part to obtain a 15 × 27 capacitive image. This image was used to capture geometric features (e.g., widths of fingers) and capacitive features (e.g., range of capacitive values). Machine learning classifiers (SVM classifier) recognized genuine and impostor touched body part placements.

James Palmer, University of Central Arkansas

Oblivious SSSP Algorithm for Graph Processing

Graph algorithms, such as single source shortest path (SSSP), make memory accesses in a predictable and highly input dependent way. Thus, even if memory is encrypted, the memory access pattern will leak information. This vulnerability may be exploited on shared systems in the cloud. We present a single source shortest path algorithm which has an oblivious, or input independent, memory access pattern. The oblivious algorithm has a constant time performance penalty compared to the non oblivious algorithm for the same graph. This constant increases logarithmically as a function of the graph’s degree.

Emanuel Correa Rivera, University of Puerto Rico at Bayaman


Jesse Stern, University of Rochester

Fully-Stateless SteganographyIMG_1982

The study of steganography has been around for a long time, but was only recently formalized in a complexity-theoretic manner by Hopper, Langford and von Ahn. One variant of the universal stateful steganographic protocol is that of a stateless protocol. In a stateful steganographic protocol, the two parties wishing to communicate, call them Alice and Bob, have access to a synchronized counter which is often used to refresh a pseudo-random function or draw a psudorandom predicate from a distribution. In the stateless case, no such counter is permitted and Alice and Bob are unable to trivially synchronize such actions. The capabilities of the protocol is further restricted by initiating the study of fully-stateless steganography, where not only is there no access to a synchronized counter, but Alice has no memory between communications of stegotext, repeating the application of the same algorithm repeatedly.