A Blueprint for Implementing Security in Radiology

The HIPAA privacy and security regulation, the never ending series of operating system updates, the threat of intrusions and viruses from the outside as well as inside, and the requirement for remote access by service providers require a robust security framework for the PACS systems. The problems with the current deployments are: few guidelines to establish this framework, lack of tools, and the tools that are available are not well documented and/or adapted to this specific domain. Hence, PACS and Tele-radiology installations can be compromised, new installations, especially those requiring outside connectivity, can be stalled and the full benefits of this digital technology cannot be explored and used by several US institutions. In particular, current PACS archival systems, modalities, RIS and HIS need to be interconnected with set of routers, switches, firewalls, and intrusion detection systems. In particular, our work describes on how to secure DICOM and HL7 protocols using SSL/IPSec.

A Collaborative and Adaptive Feedback System for Physical Exercises

Maintaining motivation to meet physical exercise goals is a big challenge in virtual/home-based exercise guidance systems. The project aims to develop a virtual trainer capable of providing efficient feedback and motivation using reinforcement learning.  

Research areas: Pose estimation, Distributed machine learning, and Human Intervention.

Attack Containment Using Feedback Control

In a computer network, network security is accomplished using elements like firewalls, hosts, servers, routers, intrusion detection systems, and honey pots. These network elements need to know the nature or anomaly of the worm in priori to detect the attack. Modern day viruses like Code red, Sapphire and Nimda spread very fast. Therefore it is impractical if not impossible for human mediated responses to these modern day fast spreading viruses. Several epidemic studies show that automatic tracking of resource usage and control is an effective method in containing the damage. We propose novel security architecture based on control system theory. In particular we described a state space feedback control model to detect and control the spread of these viruses or worms by measuring the velocity of the number of new connections an infected host makes. The objective of the mechanism is to slow down the spreading velocity of a worm by controlling (delaying) the total number of new connections made by an infected host. A proportional and integral controller is used for a continuous control of the feedback loop. An S-shaped spreading function is applied as a disturbance to the controller and we were able to contain the spreading within few time units. Also, we observed that the velocity profile can differentiate between legitimate traffic and flash worm. We have setup a worm propagation environment on which we are doing our experiments using our model. The results from the simulation and experimental setup combined with the sensitivity analysis are a good indication of the applicability and accuracy of the approach.

Working on implementation of a model to generate and test worm propagation by applying feedback control.

Attack Graph Based Vulnerability Analysis of Voice over IP Networks

Voice over IP (VoIP) technology has been aggressively deployed for the last one year in several enterprises and it is estimated that by 2006, the deployment of IP phones is going to exceed the PSTN phones. This high level of interest is based on reduced long distance cost and ease of management. But, there are substantial issues in the Quality of Service (QoS) and security of the IP telephony. IP phone threat levels, user behavior and experiences are different from data-specific applications like email. We have formalized the sequence of attacker actions in an attack graph and analyzed the risk level of a VoIP Network Element (NE) based on a given threat. These attack graphs can be used for representing structured elaboration of events that must occur for a successful intrusion and subsequently for formal analysis of intrusion detection. These attack graphs are transformed to vulnerability graphs using Bayesian networks. The vulnerability graph gives the probability of an attack, hence enabling us to measure the risk-level of a NE. The initial probability of an event in an attack graph is obtained by analyzing the traffic pattern of the VoIP network. To compute the risk, we have formulated an analytical model that performs vulnerability analysis and risk mitigation. This model helps us in analyzing multiple threat levels thus producing more accurate results when compared to the other Bayesian inference tools that are limited to analyzing single threat level. We believe that our work can be used for penetration testing and patch management of VoIP networks.

Automatic Skills Extraction from Online Job Postings

The Automatic Skills Extraction process is a tool being developed to connect employers in industry to students graduating from university. In order to understand what employers are looking for, we can analyze employer's career pages and job postings. Those mediums are primary sources for identifying the required skills and knowledge that students need in order to work in those roles. From the scraping of website data, to keyword identification, and clustering and classification of skills -- this tool attempts to bridge the gap between potential employee and employer.

Detecting Spam in VoIP Networks

Voice over IP (VoIP) is a key enabling technology for the migration of circuit-switched PSTN architectures to packet-based networks. The problem of spam in VoIP networks has to be solved in real time compared to e-mail systems. Many of the techniques devised for e-mail spam detection rely upon content analysis and in the case of VoIP it is too late to analyze the media after picking up the receiver. So we need to stop the spam calls before the telephone rings. From our observation, when it comes to receiving or rejecting a voice call people use social meaning of trust and reputation of the calling party. We describe a multi-stage spam filter based on trust, and reputation for detecting the spam. In particular we used closed loop feedback between different stages in deciding if the incoming call is a spam or not. For verifying the concepts, we used a laboratory setup of several thousand soft-phones and a commercial grade proxy server. We verified our filtering mechanisms by simulating the spam calls and measured the accuracy of the filter. Results show that multistage feedback loop fares better than any single stage. Also, the larger the network size, the harder to detect a spam call. Further work includes understanding the behavior of different controlling parameters in trust and reputation calculations and deriving meaningful relationships between them.

Driver Safety Systems Using Smartphones

Vehicle manufacturers are adding advanced driver assistance systems (ADAS), such as lane departure warnings, to many of their vehicles. However, vehicles with these newer systems are more expensive, and older vehicles cannot take advantage of these systems. 

We have developed smartphone applications that can be used to monitor driver behavior in any car. 

Email Spamming

The Internet is growing on a daily basis and just like any other transport network, any body can use it. But on a daily basis more and more people are annoyed by unwanted emails known as Spam. In general, spammers can use email address on ones web site could send junk mail forever. For years people have been researching the way spam is produced. Different methods have come about to do away with unwanted emails, but to this day we have not found anything that has a long-term effect.

We are working on a solution that parses the entire text, including headers, embedded html and script code in each message of the two corpuses (spam and valid – with each having around 8000 messages) for spam detection. The header also has information about the relay servers, which we believe can be used to build a network topology for spam source identification. But, this solution alone is not enough to effectively differentiate between spam and regular messages. Currently we are developing a filter which effectively combines the results derived from the inferential knowledge of a user with a content based filter, to classify the messages. Based on the past history, trust, reputation and inferential knowledge of the user, a source can be recognized as spam or genuine. This is an adaptive filter, which uses Bayesian learning algorithms and learns over time, and dynamically updates its database with the source user information. Further work includes using this filter to detect spam in real time traffic environment like VoIP.

Ideal Revenue Allocation for Data Cooperatives

Data Cooperatives are newly established institutions created to address various issues in the current data landscape by empowering individuals to control, receive compensation, and create insights with their data. This project develops an ideal revenue scheme that adequately addresses the novel characteristics of data products as they function within cooperative organizations.

Magnetic Maps for Indoor Navigation

Indoor localization, or identifying where one is within a building, is a significant challenge. Global Positioning System (GPS) signals usually do not work inside buildings. Not all buildings have Wi-Fi access points, and adding enough access points to be usable for indoor localization is expensive. 

We have developed smartphone applications that can detect changes in magnetic fields caused by doors, walls, and other things inside buildings. The smartphone applications can then use these changes to determine a person's location within a building.

Modeling Security Vulnerabilities in Mobile Platforms

Mobile phones are one of the essential parts of modern life. Making a phone call is not the main purpose of a smart phone anymore, but merely one of many other features. Online social networking, chatting, short messaging, web browsing, navigating, and photography are some of the other features users enjoy in modern smartphones, most of which are provided by mobile apps.

However, with this advancement, many security vulnerabilities have opened up in these devices. Malicious apps are a major threat for modern smartphones. Protecting everyday users of mobile devices from the attacks of technologically competent hackers, illegitimate users, trolls, and eavesdroppers is a complex task.

We have developed techniques for identifying a smartphone application's intentions, ensuring that the application only does what is expected, and identifying requests for abilities that are not required for the application's purpose.

Next-Generation 9-1-1 Services and Protocols

Emergency Medical Dispatch Protocols are guidelines that a 9-1-1 dispatcher uses to evaluate the nature of emergency, resources to send and the nature of help provided to the 9-1-1 caller. The current Dispatch Protocols are based on voice only calls.

However, the Next Generation 9-1-1 (NG9-1-1) architecture will allow multimedia emergency calls.

Smartphones can be used to send and receive video, pictures and text. Smartphone sensors can be used to create applications to help monitor vital signs such as heart rate and breathing rate. These sensors can also be used to create applications that can provide guidance on how to do first aid procedures such as cardiopulmonary rescuscitation (CPR).

We have developed protocols that will allow NG9-1-1 operators to remotely control a smartphone's sensors to gather additional information about the scene.

The dispatchers at the 9-1-1 call centers can make use of these new protocols, procedures, and applications to improve the quality and the response time.

Online and Offline Authentication Protocols

People often need help from others to perform tasks. In today's connected world, this help could come from anyone located almost anywhere in the world. However, verifying that the potential helpers are who they say they are can be challenging. Determining how qualified they are to help with the tasks at hand can be challenging as well. Existing physical identity documents and certificates come in several different formats. Each department, organization, or level of government will often have its own format or list of formats. Thus, distinguishing the real identity documents and physical certificates from the fake ones is extremely difficult. Imposters could also create Mission Impossible style facemasks to look like the rightful owners of the physical identity documents and certificates.

Digital certificates are harder to fake, and typically come in a small handful of formats. We are creating extensions to existing digital certificate formats so that they are capable of replacing the existing physical identity documents and certificates. In addition, we are developing protocols and procedures for securely exchanging and verifying the extended digital certificates.

Paradigm Shift from Ambiguous Legal Contracts to Blockchain-based Smart Contracts

There is a huge research gap where the legal contracts with the challenges concerning vagueness and ambiguity have not been addressed. This research work is focused on addressing and tackling the open problem caused due to ambiguity and vagueness and how an ambiguous legal contract can be converted into ambiguity and vagueness-free blockchain-based smart legal contract. With the use of Fuzzy Logic and Artificial Intelligence, formal proof-of-concept methodologies have been developed that consist of several architectures, models, and algorithms that have made this work novel in this field which has resulted in several publications in top conferences.

Privacy Management for Online Social Networks

One in seven people in the world use online social networking for a variety of purposes -- to keep in touch with friends and family, to share special occasions, to broadcast announcements, and more. The majority of society has been bought into this new era of communication technology, which allows everyone on the internet to share information with friends. Since social networking has rapidly become a main form of communication, holes in privacy have become apparent. It has come to the point that the whole concept of sharing information requires restructuring. No longer are online social networks simply technology available for a niche market; they are in use by all of society. Thus it is important to not forget that a sense of privacy is inherent as an evolutionary by-product of social intelligence. In any context of society, privacy needs to be a part of the system in order to help users protect themselves from others. 

We have attempted to address the lack of privacy management in online social networks by designing models which understand the social science behind how we form social groups and share information with each other. We have modeled the strength of social relationships, and devised systems for automatically configuring privacy settings that honor users' privacy.

Risk Management and Network Security

Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by Microsoft, HP and other vendors, system administrators require a barrage of tools for analyzing the risk due to these vulnerabilities. In addition to this, criticalities in patching some end hosts (eg., in hospitals) raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources (e.g., Oracle Server in HR department) keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by an attacker depends on the social behavior (e.g., skill level, tenacity, financial ability). We extended this and formulated a mechanism to estimate the risk level of critical resources that may be compromised based on attacker behavior. This estimation is accomplished using behavior based attack graphs. These graphs represent all the possible attack paths to all the critical resources. Based on these graphs, we calculate the risk level of a critical resource using Bayesian methodology and periodically update the subjective beliefs about the occurrence of an attack. Such a calculated risk level would be a measure of the vulnerability of the resource and it forms an effective basis for a system administrator to perform suitable changes to network configuration. Thus suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attackers (script kiddies, hackers, criminals and insiders).

Sensor Networks

Meteorological and hydrological sensors deployed over several hundred kilometers of geographical area comprise an environmental sensor network. Large amounts of data need to be processed in minimal time and transmitted over the available low speed and low bandwidth links. This paper describes algorithms for optimal data collection and data fusion. An inductive model using exponential back-off policy is used to collect optimal amount of data.

Setting up an Enterprise for Secured VoIP Infrastructure

Many enterprises are currently are contemplating on moving from traditional phone service to VoIP. Since VoIP isn't inherently secure, it is necessary for companies to strongly consider what can be done to secure VoIP communications. This project deals with four areas that enterprises need to address to provide a complete and secure VoIP setup.

  1. Constructing a secured SSL/TLS based proxy server.
  2. Configuration VoIP traversal through the existing firewall / NAT
  3. Placing VoIP equipment on a separate VLAN from the rest of the network
  4. Install and verify enterprise level VoIP security monitoring.

Many issues relating to end point authentication, secure tunneling of SIP messages and Quality of service etc. are being studied as part of this project.

Vulnerabilities in Heterogeneous Signaling Networks

Voice over IP (VoIP) telephony is emerging as an alternative to traditional public switched telephone systems (PSTN) all over the world. Currently VoIP and PSTN interoperate with each other, where a signal that begins in one may go overa series of VoIP or PSTN network and end up in a destination situated in either one of them. Conversely, liberalization of PSTN networks and growing acceptance of SIGTRAN protocol suite have introduced new and yet to be trusted signaling entities. Thus security threats emerging from one network not only affects itself but other network also. We show how any signaling node from either side can exploit the protocol behavior and inject fabricated/spoofed message signal units (MSUs) or signaling network management (SNM) messages towards its peer with the aim of disrupting telephony services. As a solution, we propose an integrated security framework that not only enforces authentication and integrity of the messages but also detects any protocol misbehavior.

Vulnerability and Threat Analysis for Drones

We are currently trying to answer following questions by doing our research:

  • What are the main vulnerabilities for Drones and  can we apply threat analysis on them?
  • How to identify the operations are valid and can we model the normal drone behavior?
  • How can we understand if any malicious components/activities enabled?
  • How to operate drones in a resilient way in spite of cyber attacks and physical attacks?

Vulnerability_and_Threat_Analysis_of_UAVs.pdf