Yong Guan - US grants

This project creates a computer forensics course and supporting laboratory, which enables undergraduate and graduate students at Iowa State University to obtain knowledge and skills in this important area. Further, the laboratory supports graduate and faculty research and provide a test-bed facility in which new tools and forensic procedures can be tested. The information assurance faculty at Iowa State currently support about 12 regularly offered graduate courses in network and systems security, however we do not offer studies in forensics. The need for such a course and laboratory coupled with recent hires of faculty in this area, has motivated this proposal. All course materials, lab experiments, and lessons learned will be shared with faculty from any interested University.

A wide range of resource-constrained wireless networks including wireless sensor networks have shown considerable promise in bringing many envisioned applications and services to reality, such as healthcare, search and rescue operations, watch-my-child/aging-parent, power grid control and operations, battlefield surveillance, etc. However, due to the nature of their resource-constrained design and ways of being deployed and used, they are vulnerable to attacks. The failure of these applications may cause catastrophic damage or unwanted impacts that affect public safety, personal privacy, homeland security, the economy and society. The objective of this project is to develop methodologies for providing practical solutions in support of secure and resilient data-centric applications and services for resource-constrained wireless networks. The project will focus on addressing fundamental security and resilience problems and challenging issues due to the resource-constrained device design and the complicated situations brought by the use of network coding techniques. The proposed research will provide efficient, provably secure, and resilient solutions for filtering false data reports, localization verification, and dynamic sensor revoking and re-tasking. This project has immediate and significant impacts. The developed solutions can serve as an important foundation to effectively provide secure and resilient support for data-centric applications and services. Integrated educational activities are another important part of this proposal and will expose a large number of students at various levels and the general public to this new knowledge. Accordingly, this project benefits society in a variety of meaningful ways.

With the rapid growth of the Internet, online advertisement plays a more and more important role in the advertising market and has become a billion-dollar business ($19.5 billon in 2007). One of the current and widely used revenue models for online advertising is Pay-per-click (PPC), which involves charging for each click based on the popularity of keywords and the number of competing advertisers. However, the pay-per-click model leaves room for individuals or rival companies to generate false clicks (i.e., click fraud) due to the lack of verifiable engagement in PPC requests. It has been reported that in online ad market, 14.6% are paid to Click Fraud, which has damaged the development and healthiness of online advertising. This project is (1) developing a fundamentally new framework for verifiable clicks and a new way of defining the quality of clicks; and (2) developing filtering-based tools for validating and weeding out suspicious clicks, each of which provides quantifiable guarantees on false positive and negative rates while involving a reasonable processing overhead and space requirements. The new framework promotes transparency and trust between advertisers and online ad businesses and eliminates the need for keeping ?click filters? as trade secrets. A set of portable course materials is also being developed to facilitate the teaching of developed techniques in undergraduate and graduate courses. Some of these results are planned to be licensed for use by online ad businesses.

Funds are requested to support students to attend the first IEEE Conference on Communications and Network Security (CNS), which is sponsored by IEEE ComSoc and will be held on October 14-16, 2013, in Washington DC, USA. IEEE CNS conference is a spin-off of IEEE INFOCOM, and is positioned to be a core ComSoc conference that serves as a premier forum for communications and network researchers, practitioners, policy makers, and users to exchange ideas, techniques and tools, raise awareness, and share experience related to security and privacy. It provides a unique bridge for the communications and networking community and the security community. The technical scope of this conference encompasses a large number of areas in communications and network security which facilitates gathering of prominent scientists from academia, governments and industries from around the world to discuss the emerging and multidisciplinary frontiers of networking security technology. The PI requests support from NSF (at the total amount of $14,000) to help cover the expenses of approximately 15-20 US-based graduate students. The selection process for the travel award will involve a sub-committee of the CNS 2013 Executive Committee, chaired by the PI. Priority will be given to students who will benefit from attending this conference, but are unlikely to attend due to the unavailability of travel funding. The travel grants will tend to benefit a wider demographic of graduate students, which will help to broaden participation in the research area of communications and network security.

The essence of information assurance resides in the ability of the legitimate communication parties to establish and maintain an advantage over their adversary. Most often, such an advantage is in the form of a secret key. The high costs associated with standard key establishment protocols motivate the recent surge of less conventional protocols, which derive the legitimate parties' advantage from physical features (the adversary may have a worse channel than the legitimate receiver) or from correlated sources of randomness (accelerometer readings when two devices are shaken together). The main drawback is that the devices will usually not be aware of their physical location relative to each-other. Therefore, human intervention (generally recognized as the weakest link in security protocols) is required to inform them that a secure environment has been realized. Even if the devices automatically measure their relative distance, they cannot know whether they're at home, or in a crowded bus. Moreover, whether automatic or human-initiated, such key exchanges rely on the security of an underlying authentication protocol. The goal of this project is to explore an entirely overlooked resource for key establishment: Time. The project investigates how the long and uninterrupted time intervals spent in secure environments can be used to create or complement secure key-establishment protocols for low-cost wireless consumer electronics. The derived protocols have to (1) stand alone (not rely on the security of other protocols, like authentication) and (2) be automatic (not require human intervention). The proposed research will be applicable to a broad spectrum of information-assurance applications, and has the potential to inspire an abundance of related research, and create opportunities for both undergraduate and graduate students (in particular minority and female) to participate in the cutting-edge research.

To avoid the reliance on human interaction or authentication mechanisms, one research direction is to implement a counter-intuitive paradigm: one of the legitimate parties creates a puzzle and outputs time-throttled clues, while the other legitimate parties gather clues until they are able to solve the puzzle and process its solution into a secret key. The idea is based around ciphers that leak information at an exponential rate over time. Therefore, metrics for key-information leakage are needed to quantify both the availability at the legitimate parties, and the security from an adversary. The project consists of three major simultaneous tasks: (a) the construction of a formal mathematical framework for evaluating the security of time-based key-establishment protocols, under the puzzle-based paradigm, and the investigation of new paradigms fit for time-based security; (b) the design and evaluation of such protocols for low-cost wireless devices (that may have neither an objective notion of time, nor the computational resources to engage in advantage distillation, information reconciliation or privacy amplification); (c) implementation of the resulted solutions on a physical wireless testbed.

Validating a user's identity is one of the fundamental security requirements in cyberspace. Current authentication approaches require people to create and remember secret credentials such as complex passwords, or to possess special hardware authentication tokens. Both are vulnerable to being compromised, or illegally shared. Even worse, authentication is typically supported solely at the start of a session. Recent developments in biometric authentication aim to overcome these challenges, but are either easy to bypass (e.g., imposter attacks), incapable of satisfactory false-positive-false-negative tradeoffs, or require expensive dedicated equipment. To address these weaknesses, the objective of this project is to develop a non-traditional approach to biometric authentication, which exploits motor learning and visual-motor adaptation to provide secure, effective and continuous human-user authentication.

This project focuses on developing a new paradigm in cyber security - expertise-based continuous biometric authentication. The uniqueness of the new paradigm is to actively train the subject to achieve continuous authentication, by inducing a specific expertise into a human subject's interaction with a machine. An expertise is defined as an artificially-induced interaction pattern that is unique to the human subject. Once the subjects have been exposed to specific stimuli and learned their expertise, their behaviors are easily differentiable as long as the stimuli are maintained. To enhance the security of the system, as well as to preserve user privacy (by facilitating expertise fade-out after the cessation of the stimuli), the induced expertise are not static, but rather continuously evolving between randomly-chosen targets. The project develops expertise-based active biometric authentication modalities based on keyboard, mouse, and touchscreen devices. The outcome of this research shall have broader impacts on the nation's higher education, high-tech industries, and government. The research enhances the PIs' curriculum developments and helps attract, recruit and retain engineering students and broaden the participation of under-represented minorities and women in engineering programs. It also supports the PIs to outreach to talented college and high-school students and motivate them to study and eventually pursue Doctoral degrees in computer engineering areas.

The emerging Internet of Things (IoT) has tremendous potential to allow people to communicate with and remotely control, monitor, and manage an unprecedented multitude of physical devices and systems for applications like healthcare, smart cities, manufacturing, transportation, etc. IoT devices will generate large amounts of information-rich data, and the associated security risks are far beyond what people have previously seen and experienced. Researchers need an IoT research infrastructure that allows them to address the challenges associated with the IoT. IoTE^3 (IoT Event Emulation Environment) is a new research infrastructure proposed for this purpose. It will leverage an existing research platform at Iowa State University (ISU) to support a variety of IoT research, ranging from IoT Informatics to IoT-based Intelligent Physical Systems to IoT Security Attacks and Prevention. It will be freely available to the general public upon completion, so that experimenters can undertake hands-on activities with IoT networking and cyber security. In addition, IoTE^3 will be integrated with ISU's Cyber Defense Competition (CDC) platform, exposing students and faculty to the security challenges specific to the IoT.

IoTE^3 will be built upon the existing ISEAGE (Internet Scale Event and Attack Generation Environment), which creates a virtual Internet for the purpose of researching, designing, and testing cyber defense mechanisms. In the controlled ISEAGE environment, real-world events and attacks can be tested against different configurations of the environment, unlike computer-based simulations. Currently, ISEAGE is limited to emulation of events and attacks on the traditional Internet. IoTE^3 is proposed to enhance and expand ISEAGE for IoT research. IoTE^3 provides a unique emulation environment based on the integration of physical and cyber environment that is scalable, flexible and realistic. The physical environment will consist of physical networks of actual IoT devices. Each of these physical IoT networks can host small-scale localized experiments by itself. They also can be connected to the ISEAGE to host larger-scale experiments. The cyber environment will consist of multiple high-end servers (IoT emulators) to host a configurable number of virtual IoT networks. Each virtual network can be configured as either a trace-based emulation to replay IoT traffic captured from the physical environment, or a model-based emulation to generate synthetic traffic based on models learned from the captured IoT traffic. The cyber and physical environments will be connected and interact with each other through ISEAGE.

This project seeks to enable more sustainable food and energy systems by creating more direct channels between consumers and farmers across food supply chains. Consumers have growing interest in supporting sustainable and environmentally friendly food and energy production practices. They will consider paying more for products that contribute towards cleaner air, water, and natural environments if they can be assured sustainability goals are being met. Farmers and suppliers are also interested in improving field-to-market supply chains. Advances in information technology and computational systems could allow farmers and suppliers to keep track of their practices in ways that consumers can incentivize. Blockchain networks are a computational approach to securely storing and sharing records that could fill this role. However, our scientific understanding of how blockchains could work to increase consumer awareness of sustainable products, incentivize farmer participation in sustainable practices, and lead to a dynamic system with long-term environmental benefits is limited. This project will evaluate the feasibility of blockchain networks to connect farmers to consumers and thereby increase agricultural practices that improve sustainability. Broader impacts from this study will include the development of fundamental mechanisms and metrics for the design and prototype of blockchain networks in agricultural and other industries. Curricular materials will be developed to educate K-12 teachers and underrepresented minority students on the engineering aspects of blockchain networks to better prepare them for future technological advances. Additionally, these materials will be incorporated into the People in Ecosystems Watershed Integration (PEWI) model for use in K-12 classrooms.

The project will develop a framework for blockchain networks that connects farmers and suppliers to consumers in a field-to-market supply chain. The framework investigates optimal blockchain network designs in terms of economic cost, accessibility, energy use, and information efficiency. Some of the factors that will be considered include the network structure, the information storage medium, and the transaction model. The optimal design will also account for consumer and farmer acceptance to encourage broad participation. The driving hypothesis is that consumers will be willing to pay higher prices for products when the incentive can be traced directly to the original supplier. The findings could lead to novel approaches for developing market-driven incentive systems that empower consumers to support sustainable practices.

This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

This research team will conduct preliminary studies leading to field trials of electromagnetic (radio-frequency) spectrum sharing at the ARA wireless living lab for rural broadband, which is sponsored by the NSF Platforms for Advanced Wireless Research (PAWR) program. Located in Central Iowa, ARA enables experimentation with novel spectrum sharing methods appropriate for rural areas. Rural areas have unique spectrum usage patterns, propagation characteristics, critical applications, and community needs, so spectrum sharing solutions for rural areas may differ from those appropriate for urban or suburban areas. The field trials enabled by this project will provide lessons learned that help improve real-world spectrum use efficiency, reduce spectrum access cost, and empower rural communities to participate in addressing the rural broadband challenge. This project will also create research opportunities for undergraduate and graduate students, as well as K-12 outreach. <br/><br/>The initial application considered for potential field trials is spectrum sharing to enhance the Control and Non-Payload Communications (CNPC) and sensing functions of unmanned aircraft systems (UAS). UAS operations, especially beyond visual line of sight operations that depend on reliable spectrum access, are envisioned as a high-payoff capability supporting economic growth and public safety in rural areas. UAS CNPC is limited to a small, reserved band today because of the high reliability requirements for the service, while UAS sensing faces the same spectrum access challenges as all other sensing systems. Two sharing opportunities are initially of interest: achieving high reliability UAS CNPC in non-CNPC-reserved bands where other users also employ controlled, high-reliability communications, such as connected agricultural robots; and adding UAS sensing activities into the reserved UAS CNPC band in ways that preserve CNPC capacity and reliability. Success in these types of spectrum sharing will reduce the cost of delivering important UAS capabilities. Technical studies on ways to extended current ARA capabilities to support future spectrum sharing field trials include: adoption of software-defined radios; use of programmable commercial-off-the-shelf wireless systems; and support for bring-your-own-device experiments, enabling operation at frequency bands not accessible with the installed ARA hardware. Propagation measurements in the project will generate real-world measurements of wireless channels in rural regions. These data are essential for development of effective spectrum sharing methods. The project team will openly share results and actively collaborate with the broader SII-NRDZ community, to help define and realize the National Radio Dynamic Zones vision.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

Rural broadband is important for the rural economy and quality of life, yet 39% of the rural US lacks broadband access, and most agriculture farms are not connected at all. To address the challenge, this project proposes to develop the OPen-source Ecosystem for bRoadband prAirie (OPERA). OPERA will enable researchers to transform their rural broadband research experiments into open-source software, data, and hardware designs that can be integrated with open-source platforms to generate rural-focused broadband solutions. The project is expected to not only enable rural-focused broadband technology innovation today but also empower rural regions to become active participants in continuous broadband innovation in the long term. <br/><br/>Leveraging the Agriculture and Rural Communities (ARA) wireless living lab (https://arawireless.org/), which is a part of the NSF Platforms for Advanced Wireless Research (PAWR) program, OPERA will provide the organization and governance structure as well as community building leadership in fostering the open-source ecosystem (OSE) for broadband prairie. In particular, to generate high-quality open-source software, data, and hardware-designs beyond typical research experiment results, OPERA will complement ARA-enabled scientific experimentation with open-source coaching as well as the OSE process, infrastructure, and partnership support. To facilitate the integration of research products into open-source platforms and their real-world adoption in specific rural applications. OPERA will facilitate cross-sector collaborations among researchers, open-source communities, and rural region stakeholders. These collaborations will build upon the existing 62+ ARA partners from academia, industry, government, and rural communities. Leveraging the complementary strengths of broadband researchers, open-source developers, and rural application communities, OPERA is poised to help unleash the full capacity of the research and open-source communities in addressing the rural broadband challenge. It provides the ecosystem support for individual researchers to make direct real-world impact, and it empowers rural regions in co-shaping the continuous broadband innovation. OPERA-enabled open-source coaching infuses real-world open-source practice into research experimentation, and it strengthens experiential learning by focusing on production-quality prototyping. OPERA-enabled open-source innovation and cross-sector collaboration will help attract underrepresented students in research, while providing unique learning opportunities for undergraduate and graduate education.<br/><br/>For additional information about the project and its latest results, go to the project website at https://wici.iastate.edu/opera.<br/><br/>This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.