Georgia State University - Computer Science
Vice President for Interdisciplinary Research at Georgia Institute of Technology
Higher Education
Raheem
Beyah
Atlanta, Georgia
Raheem Beyah, a native of Atlanta, GA, serves as Georgia Tech's Vice President for Interdisciplinary Research, Executive Director of the Online Masters of Cybersecurity program (OMS Cybersecurity), and is the Motorola Foundation Professor in School of Electrical and Computer Engineering. He has held several other leadership roles including chairing ECE's Computer Systems and Software Technical Interest Group (2015 - 2017), serving as ECE's Associate Chair for Strategic Initiatives and Innovation (2016 - 2018), and serving as the Interim Steve W. Chaddick ECE School Chair during the 2018-2019 academic year. He leads the Communications Assurance and Performance Group (CAP) and is affiliated with the Institute for Information Security & Privacy (IISP). He is also Co-Founder of Fortiphyd Logic, Inc.
As a faculty member, he has secured millions of dollars to support his research program and has served as the Principal Investigator on dozens of projects. Prof. Beyah's areas of expertise include: Cyber-Physical Systems Security, Network Monitoring, Network Security, Intrusion Detection, and Wireless Networking and Security.
Prof. Beyah has received numerous awards in his field including the NSF CAREER award and was selected for DARPA's Computer Science Study Panel in 2010. He is a Senior Member of the Institute of Electrical and Electronics Engineers (IEEE) and a Distinguished Member of the Association for Computing Machinery (ACM). Prof. Beyah was named to the Georgia Trend Magazine 40 Best and Brightest Under 40 (2006) and the Atlanta Business Chronicle Up & Comers 40 Under 40 (2007). He is a graduate of the United Way's Volunteer Involvement Program (V.I.P.), L.E.A.D. Atlanta, Leadership Georgia, and Leadership Atlanta, and has been named an Outstanding Atlantan.
Motorola Foundation Professor
-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).
Professor
-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).
Vice President for Interdisciplinary Research
-Advise the Executive Vice President for Research (EVPR) on matters related to interdisciplinary research strategy.
-Collaborate with vice presidents/provosts, deans, members of the President’s cabinet, school chairs, and associate deans and associate chairs for research to ensure that interdisciplinary research activities meet the highest standard of excellence and are supported in pursuit of Georgia Tech’s strategic research goals.
-Assist the EVPR and colleges with strategy and operational support for interdisciplinary research. Identify and address issues to enhance and advance interdisciplinary research activities.
-Provide oversight, direction and supervision to the operations and ongoing activities of the Interdisciplinary Research Institutes and Centers (IRIs and IRCs); the Pediatric Technology Center (PTC); the Global Center for Medical Innovation (GCMI); the Smart Cities Initiatives.
-Develop procedures and policies to further support and facilitate interdisciplinary research activities.
-Develop and supervise staff assigned in support of the activities of the Office of the Vice President for Interdisciplinary Research.
-Represent the Office of the EVPR, as appropriate, to various internal constituencies, as well as externally to agencies, institutions, and organizations.
-Facilitates research faculty integration and the GTRI/RI relationship; and other interdisciplinary research initiatives and activities which may emerge in the future.
Executive Director, Online Masters in Cybersecurity program (OMS Cybersecurity)
-Oversee curriculum matters and academic affairs for OMS Cybersecurity Degree program.
-Corporate fundraising in partnership with development officers for the Institute.
-Set strategic priorities for the OMS Cybersecurity Degree program.
Research Engineer
A. Raheem worked at Georgia Institute of Technology as a Research Engineer
Associate Chair for Strategic Initiatives and Innovation
-Managed the School's large portfolio of corporate partners and affiliates.
-Lead various strategic initiatives internal and external to the School.
-Facilitated industry partnerships, corporate research contract development, intellectual property negotiations.
-Supported partnership with the School’s advisory board.
-Partnered with engineering faculty members to develop and sustain a culture of innovation and entrepreneurship within their groups.
Co-Founder
A. Raheem worked at Fortiphyd Logic as a Co-Founder
Consultant
A. Raheem worked at Andersen Consulting as a Consultant
Assistant Professor
A. Raheem worked at Georgia State as a Assistant Professor
BS
Electrical Engineering
PhD
Electrical and Computer Engineering
MS
Electrical and Computer Engineering
Motorola Foundation Professor
-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).
Professor
-Secure funding from the government and corporations for fundamental and applied research.
-Lead teams comprised of bachelors, masters, and doctoral level researchers and developers who innovate and make fundamental breakthroughs in engineering and science in the areas of cybersecurity and computer networking.
-Project formulation, initiation, grant proposal writing, and technical gap analysis with various industry stakeholders.
-Budget and expense management, and progress reporting to various sponsors (e.g., government funding agencies, corporations).
-Integration of developed systems into mission critical operational environments.
-Communicate complex technical concepts to various stakeholders (e.g., cybersecurity lectures to senior and graduate level computer networking and cybersecurity students, invited talks given to colleagues around the world, presentations to senior government officials, and presentations to leadership teams of various corporations).
Vice President for Interdisciplinary Research
-Advise the Executive Vice President for Research (EVPR) on matters related to interdisciplinary research strategy.
-Collaborate with vice presidents/provosts, deans, members of the President’s cabinet, school chairs, and associate deans and associate chairs for research to ensure that interdisciplinary research activities meet the highest standard of excellence and are supported in pursuit of Georgia Tech’s strategic research goals.
-Assist the EVPR and colleges with strategy and operational support for interdisciplinary research. Identify and address issues to enhance and advance interdisciplinary research activities.
-Provide oversight, direction and supervision to the operations and ongoing activities of the Interdisciplinary Research Institutes and Centers (IRIs and IRCs); the Pediatric Technology Center (PTC); the Global Center for Medical Innovation (GCMI); the Smart Cities Initiatives.
-Develop procedures and policies to further support and facilitate interdisciplinary research activities.
-Develop and supervise staff assigned in support of the activities of the Office of the Vice President for Interdisciplinary Research.
-Represent the Office of the EVPR, as appropriate, to various internal constituencies, as well as externally to agencies, institutions, and organizations.
-Facilitates research faculty integration and the GTRI/RI relationship; and other interdisciplinary research initiatives and activities which may emerge in the future.
Executive Director, Online Masters in Cybersecurity program (OMS Cybersecurity)
-Oversee curriculum matters and academic affairs for OMS Cybersecurity Degree program.
-Corporate fundraising in partnership with development officers for the Institute.
-Set strategic priorities for the OMS Cybersecurity Degree program.
Research Engineer
Associate Chair for Strategic Initiatives and Innovation
-Managed the School's large portfolio of corporate partners and affiliates.
-Lead various strategic initiatives internal and external to the School.
-Facilitated industry partnerships, corporate research contract development, intellectual property negotiations.
-Supported partnership with the School’s advisory board.
-Partnered with engineering faculty members to develop and sustain a culture of innovation and entrepreneurship within their groups.
IEEE International Conference on Communications (ICC) 2013, Hungary
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
Smart Energy Grid Security (SEGS) Workshop
Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
Smart Energy Grid Security (SEGS) Workshop
Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
IEEE Communications and Network Security
In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
Smart Energy Grid Security (SEGS) Workshop
Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
IEEE Communications and Network Security
In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.
Globecom 2013 - Communication and Information System Security Symposium
By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
Smart Energy Grid Security (SEGS) Workshop
Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
IEEE Communications and Network Security
In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.
Globecom 2013 - Communication and Information System Security Symposium
By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.
In the Ad Hoc Networks Journal (Elsevier)
The IEEE 802.15.4 is a standard that specifies the physical layer and media access control for low data rate wireless personal area networks (WPANs). The standard is intended to provide connectivity to mobile devices with storage, energy, and communication constraints that can be used in many industrial, military and civilian application areas. These mobile devices (usually sensors) and actuators are equipped with a radio transceiver, a microcontroller, and a source of energy which is usually a battery. In order to extend the lifetime of a WPAN using the beacon-enabled 802.15.4 standard, we propose an incrementally deployable and energy efficient 802.15.4 MAC protocol (DEEP) for beacon-enabled sensor networks. The implementation of our protocol requires modifications to the superframe guaranteed time slot (GTS) distribution mechanism to reduce energy consumption in the network by reducing the size of broadcast beacons. We implement DEEP through simulations and also using real sensors. For the simulations, we implemented our protocol using Omnet++, and tinyOS and the nesC language were used for the experiments. Our results show that DEEP reduces energy consumption up to nearly 50% when seven devices allocate guaranteed time slots descriptors during normal communication. We also show that DEEP is backward compatible and can be incrementally deployed to extend the lifetime of the network: a partial deployment of DEEP leads to proportional improvements in the network energy savings.
IEEE International Conference on Communications (ICC) 2013, Hungary
USENIX Security
The proceedings of IEEE International Communications Conference (ICC)
Data collection, redistribution and retrieval are essential components of wireless sensor networks (WSNs). In dense WSN deployments, the sensor data are usually sent to a sink that can be reached through one or multiple hops. In the case where communications with the sink are disrupted due to various reasons, the data must be stored in the network for later retrieval. When considering in-network storage, we must redistribute the data among an energy-constrained network with sensors that have a low storage capacity. In previous works, the data redistribution problem has been studied, but the focus was only on the redistribution costs while the data retrieval costs (which have been analyzed in other works as an independent problem) were ignored. We recognize that these two problems should be studied in concert and therefore, in this paper, we combine both data redistribution and retrieval into a single problem. We propose a graph transformation, formulate the problem as a minimum cost flow optimization problem and use linear programming to find the optimal solution. Moreover, we introduce an algorithm named EDR2: energy-efficient data redistribution and retrieval. EDR2 is a distributed energy-efficient algorithm for in-network storage and later retrieval in WSNs. To evaluate our solution on a large scale, we modeled different scenarios in a 400-node network, used the GNU Linear Programming Kit (GLPK) to obtain the optimal solutions, and ran simulations to find the solutions using our algorithm. Finally, we implemented EDR2 using real sensors to demonstrate the feasibility of our algorithm. We compared EDR2 with two heuristic algorithm and show that our approach is an energy-efficient solution for node selection when redistributing data in a WSN for eventual retrieval.
IEEE International Conference on Smart Grid Communications (SmartGridComm) 2014
Abstract - Nearly every aspect of modern life today, from businesses, transportation, and healthcare, depends on the power grid operating safely and reliably. While the recent push for a “Smart Grid” has shown promise for increased efficiency, security has often been an after-thought, leaving this critical infrastructure vulnerable to a variety of cyber attacks. For instance, devices crucial to the safe operation of the power grid are left in remote substations with their configuration interfaces completely open, providing a vector for outsiders as well as insiders to launch an attack. This paper develops the framework for an overlay network of gateway devices that provide authenticated access control and security monitoring for these vulnerable interfaces. We develop a working prototype of such a device and simulate the performance of deployment throughout a substation. Our results suggest that such a system can be deployed with negligible impact on normal operations, while providing important security mechanisms. By doing so, we demonstrate that our proposal is a practical and efficient solution for retro-fitting security onto crucial power system devices.
IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA
T. Nunnally, K. Abdullah, A. S. Uluagac, J. A. Copeland, and R. A. Beyah, "NAVSEC: A Recommender System for 3D Network Security Visualizations", IEEE Symposium on Information Visualization's Workshop on Visualization for Computer Security (VizSEC), Atlanta, GA, USA, October 2013.
Smart Energy Grid Security (SEGS) Workshop
Abstract - Implementations of the TCP/IP protocol suite have been patched for decades to reduce the threat of TCP sequence number prediction attacks. TCP, in particular, has been adopted to many devices in the power grid as a transport layer for their applications since it provides reliability. Even though this threat has been well-known for almost three decades, this does not hold true in power grid networks; weak TCP sequence number generation can still be found in many devices used throughout the power grid. Although our analysis only covers one substation, we believe that this is without loss of generality given: 1) the pervasiveness of the flaws throughout the substation devices; and 2) the prominence of the vendors. In this paper, we show how much TCP initial sequence numbers (ISNs) are still predictable and how time is strongly correlated with TCP ISN generation. We collected power grid network traffic from a live substation for six months, and we measured TCP ISN differences and their time differences between TCP connection establishments. In the live substation, we found three unique vendors (135 devices, 68%) from a total of eight vendors (196 devices) running TCP that show strongly predictable patterns of TCP ISN generation.
IEEE Communications and Network Security
In this paper, we introduce GTID, a technique that passively fingerprints wireless devices and their types from the wired backbone. GTID exploits the heterogeneity of devices, which is a function of different device hardware compositions and variations in devices' clock skew. We use statistical techniques to create unique, reproducible device and device type signatures that represent time variant behavior in network traffic and use artificial neural networks (ANNs) to classify devices and device types. We demonstrate the efficacy of our technique on both an isolated testbed and a live campus network (during peak hours) using a corpus of 27 devices representing a wide range of device classes. We collected more than 100 GB of traffic captures for ANN training and classification. We assert that for any fingerprinting technique to be practical, it must be able to detect previously unseen devices (i.e., devices for which no stored signature is available) and must be able to withstand various attacks. GTID is the first fingerprinting technique to detect previously unseen devices and to illustrate its resilience under various attacker models. We measure the performance of GTID by considering accuracy, recall, and processing time and illustrate how it can be used to complement existing authentication systems and to detect counterfeit devices.
Globecom 2013 - Communication and Information System Security Symposium
By using covert channels, a malicious entity can hide messages within regular traffic and can thereby circumvent security mechanisms. This same method of obfuscation can be used by legitimate users to transmit messages over hostile networks. A promising area for covert channels is wireless networks employing carrier sense multiple access with collision avoidance (CSMA/CA) (e.g., 802.11 networks). These schemes introduce randomness in the network that provides good cover for a covert timing channel. Hence, by exploiting the random back-off in distributed coordination function (DCF) of 802.11, we realize a relatively high bandwidth covert timing channel for 802.11 networks, called Covert-DCF. As opposed to many works in the literature focusing on theory and simulations, Covert-DCF is the first fully implemented covert timing channel for 802.11 MAC using off-the-self wireless cards. In this paper, we introduce the design and implementation of Covert-DCF that is transparent to the users of the shared medium. We also evaluate the performance of Covert-DCF and provide discussions on the feasibility of this technique in a real world scenario.
In the Ad Hoc Networks Journal (Elsevier)
The IEEE 802.15.4 is a standard that specifies the physical layer and media access control for low data rate wireless personal area networks (WPANs). The standard is intended to provide connectivity to mobile devices with storage, energy, and communication constraints that can be used in many industrial, military and civilian application areas. These mobile devices (usually sensors) and actuators are equipped with a radio transceiver, a microcontroller, and a source of energy which is usually a battery. In order to extend the lifetime of a WPAN using the beacon-enabled 802.15.4 standard, we propose an incrementally deployable and energy efficient 802.15.4 MAC protocol (DEEP) for beacon-enabled sensor networks. The implementation of our protocol requires modifications to the superframe guaranteed time slot (GTS) distribution mechanism to reduce energy consumption in the network by reducing the size of broadcast beacons. We implement DEEP through simulations and also using real sensors. For the simulations, we implemented our protocol using Omnet++, and tinyOS and the nesC language were used for the experiments. Our results show that DEEP reduces energy consumption up to nearly 50% when seven devices allocate guaranteed time slots descriptors during normal communication. We also show that DEEP is backward compatible and can be incrementally deployed to extend the lifetime of the network: a partial deployment of DEEP leads to proportional improvements in the network energy savings.
IEEE International Conference on Technologies for Homeland Security (HST)
Member
Member
Senior Member
Member
Senior Member
Senior Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member
Member
Senior Member
Senior Member
Lifetime Member
Member