I2S Masters/ Doctoral Theses

Today’s smartphone platforms have millions of applications, which not only access users’ private data but also information from the connected external services and IoT/CPS devices. Mobile application security involves protecting sensitive information and securing communication between the application and external services or devices. We focus on these two key aspects of mobile application security.

In the first part of this dissertation, we aim to ensure the security of user information collected by mobile apps. Mobile apps seek consent from users to approve various permissions to access sensitive information such as location and personal information. However, users often blindly accept permission requests and apps start to abuse this mechanism. As long as a permission is requested, the state-of-the-art security mechanisms will treat it as legitimate. We ask the question whether the permission requests are valid? We attempt to validate permission requests using statistical analysis on permission sets extracted from groups of functionally similar apps. We detected mobile applications with abusive permission access and measure the risk of information leaks through each mobile application.

Second, we propose to investigate the security of auto companion apps. Auto companion apps are mobile apps designed to remotely connect with cars to provide features such as diagnostics, navigation, entertainment, and safety alerts. However, this can lead to several security threats, for instance, onboard information of vehicles can be tracked or altered through a malicious app. We design a comprehensive security analysis framework on automotive companion apps all stages of communication and collaboration between vehicles and companion apps such as connection establishment, authentication, encryption, information storage, and Vehicle diagnostic and control command access. By conducting static and network traffic analysis of Android OBD apps, we identify a series of vulnerability scenarios. We further evaluate these vulnerabilities with vehicle-based testing and identify potential security threats associated with auto companion apps.

Layered attestation is a process by which one can establish trust in a remote party. It is a special case of attestation in which different layers of the attesting system are handled distinctly. This type of trust is desirable because a vast and growing number of people depend on networked devices to go about their daily lives. Current architectures for remote attestation are lacking in process isolation, which is evidenced by the existence of virtual machine escape exploits. This implies a deficiency of trustworthy ways to determine whether a networked Linux system has been exploited. The seL4 microkernel, uniquely in the world, has machine-checked proofs concerning process confidentiality and integrity. The seL4 microkernel is leveraged here to provide a verified level of software-based process isolation. When complemented with a comprehensive collection of measurements, this architecture can be trusted to report its own corruption. The architecture is described, implemented, and tested against a variety of exploits, which are detected using introspective measurement techniques.

Multimedia networking is the area of study associated with the delivery of heterogeneous data including, but not limited to, imagery, video, audio, and interactive content. Multimedia and communication network researchers have continually struggled to devise solutions for addressing the three core challenges in multimedia delivery: security, reliability, and performance. Solutions to these challenges typically exist in a spectrum of compromises achieving gains in one aspect at the cost of one or more of the others. Networked videogames represent the pinnacle of multimedia presented in a real-time interactive format. Continual improvements to multimedia delivery have led to tools such as buffering, redundant coupling of low-resolution alternative data streams, congestion avoidance, and forced in-order delivery of best-effort service; however, videogames cannot afford to pay the latency tax of these solutions in their current state.

I developed the Secure Multi-Channel Internet Memory Information Control (S-MIMIC) protocol as a novel solution to address these challenges. The S-MIMIC protocol leverages recent developments in blockchain and distributed ledger technology, coupled with creative enhancements to data representation and a novel data model. The S-MIMIC protocol also implements various novel algorithms for create, read, update, and delete (CRUD) interactions with distributed ledger and blockchain technologies. For validation, the S-MIMIC protocol was integrated with an open source open source First-Person Shooter (FPS) videogame to demonstrate its ability to transfer complex data structures under extreme network latency demands. The S-MIMIC protocol demonstrated improvements in confidentiality, integrity, availability and data read operations under all test conditions. Data write performance of S-MIMIC is slightly below traditional TCP-based networking in unconstrained networks, but matches performance in networks exhibiting 150 milliseconds of delay or more.

Though the S-MIMIC protocol was evaluated for use in networked videogames, its potential uses are far reaching with promising applicability to medical information, legal documents, financial transactions, information security threat feeds and many other use cases that require security, reliability and performance guarantees.

Early diagnosis can effectively treat non-small cell lung cancer (NSCLC). Lung cancer cells usually have altered gene expression patterns compared to normal cells, which can be utilized to predict cancer through gene expression tests. This study analyzed gene expression values measured from 15227-probe microarray, and 290 patients consisting of cancer and control groups, to find relations between the gene expression features and lung cancer. The study explored k-means, statistical tests, and deep neural networks to obtain optimal feature representations and achieved the highest accuracy of 82%. Furthermore, a bipartite graph was built using the Bio Grid database and gene expression values, where the probe-to-probe relationship based on gene relevance was leveraged to enhance the prediction performance.

As Electronic Health Records (EHRs) become more available, there is increasing interest in discovering hidden disease patterns by leveraging cutting-edge data visualization techniques, such as graph-based knowledge representation and interactive graphical user interfaces (GUIs). In this project, we have developed a web-based interactive EHR analytics and visualization tool to provide healthcare professionals with valuable insights that can ultimately improve the quality and cost-efficiency of patient care. Specifically, we have developed two visualization panels: one for the intelligence of individual patients and the other for the relevance among diseases. For individual patients, we capture the similarity between them by linking them based on their relatedness in diagnosis. By constructing a graph representation of patients based on this similarity, we can identify patterns and trends in patient data that may not be apparent through traditional methods. For disease relationships, we provide an ontology graph for the specific diagnosis (ICD10 code), which helps to identify ancestors and predecessors of a particular diagnosis. Through the demonstration of this dashboard, we show that this approach can provide valuable insights to better understand patient outcomes with an informative and user-friendly web interface.

This research project aims to predict the outcome of the Naval Discharge Review Board decision for an applicant based on factors in the application, using Machine Learning techniques. The study explores three popular machine learning algorithms: MLP, Adaboost, and KNN, with KNN providing the best results. The training is verified through hyperparameter optimization and cross fold validation.

Additionally, the study investigates the ability of ChatGPT's API to classify the data that couldn't be classified manually. A total of over 8000 samples were classified by ChatGPT's API, and an MLP model was trained using the same hyperparameters that were found to be optimal for the 3000 size manual sample.The model was then tested on the manual sample. The results show that the model trained on data labeled by ChatGPT performed equivalently, suggesting that ChatGPT's API is a promising tool for labeling in this domain.

Development and deployment of trusted systems often require definitive identification of devices. A remote entity should have confidence that a device is as it claims to be. An ideal method for fulfulling this need is through the use of secure device identitifiers. A secure device identifier (DevID) is defined as an identifier that is cryptographically bound to a device. A DevID must not be transferable from one device to another as that would allow distinct devices to be identified as the same. Since the Trusted Platform Module (TPM) is a secure Root of Trust for Storage, it provides the necessary protections for storing these identifiers. Consequently, the Trusted Computing Group (TCG) recommends the use of TPM keys for DevIDs. The TCG's specification TPM 2.0 Keys for Device Identity and Attestation describes several methods for remotely proving a key to be resident in a specific device's TPM. These methods are carefully constructed protocols which are intended to be performed by a trusted Certificate Authority (CA) in communication with a certificate-requesting device. DevID certificates produced by an OEM's CA at device manufacturing time may be used to provide definitive evidence to a remote entity that a key belongs to a specific device. Whereas DevID certificates produced by an Owner/Administrator's CA require a chain of certificates in order to verify a chain of trust to an OEM-provided root certificate. This distinction is due to the differences in the respective protocols prescribed by the TCG's specification. We aim to abstractly model these protocols and formally verify that their resulting assurances on TPM-residency do in fact hold. We choose this goal since the TCG themselves do not provide any proofs or clear justifications for how the protocols might provide these assurances. The resulting TPM-command library and execution relation modeled in Coq may easily be expanded upon to become useful in verifying a wide range of properties regarding DevIDs and TPMs.

During remote attestation, a relying party prompts a target to perform some stateful measurement which can be appraised to determine trust in the target's system. In this current framework, requested measurement operations must be provisioned by a knowledgeable system user who may fail to consider situational demands which potentially impact the desired measurement. To solve this problem, we introduce negotiation: a framework that allows the target and relying party to mutually determine an attestation protocol that satisfies both the target's need to protect sensitive information and the relying party's desire for a comprehensive measurement. We designed and verified this negotiation procedure such that for all negotiations, we can provably produce an executable protocol that satisfies the targets privacy standards. With the remainder of this work, we aim to realize and instantiate protocol orderings ensuring negotiation produces a protocol sufficient for the relying party. All progress is towards our ultimate goal of producing a working, fully verified negotiation scheme which will be integrated into our current attestation framework for flexible, end-to-end attestations.