Current CAST Research Projects:

PKChain: Decentralized Public-Key Management System based on Blockchain Technology

Kan Yang, Lan Wang

Public Key Cryptography (PKC) has been extensively applied to protect data security. For example, Transport Layer Security (TLS) and Secure Sockets Layer (SSL) use PKC to perform mutual authentication between a sender and a receiver during data transmission. It is also used in Digital Signatures to guarantee data authenticity. More specifically, a data producer generates a signature on a piece of data using his/her private key and a data consumer checks the data authenticity by verifying the signature using the producer's public key. To ensure that the signer is the expected data producer, it is necessary to verify that the public key used in the signature verification indeed belongs to the correct data producer, not an attacker.

Exploring Cyber Security Issue and Solution for Energy Storage at Smart Microgrid System

Mohd Hasan Ali, Dipankar Dasgupta

A smart grid aims to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electrical power. Two-way digital communication and computer-based remote control and automation are the keys to a smart grid system. Microgrids are localized grids that can strengthen grid resilience and help mitigate grid disturbances while supporting a flexible and efficient electric grid via integration of renewable energy sources, energy storage, and demand response. Without the energy storage system, smoothed power cannot be delivered to customers. The charge and discharge of an energy storage system can be regulated through an internet based supervisory control system. Thus, there is a high possibility of cyber-attacks, which may significantly affect the functionality of the energy storage system. If the energy storage does not function properly, then the distributed generators will provide fluctuated power, voltage and frequency to the customers, i.e., the power quality of the smart grid system will be deteriorated. The goal of this project is to investigate and test cyber security for the energy storage system with a view to building a resilient and reliable smart microgrid.

Exploration of the Impact of Malware Warning Messages

Nirmalee Raddatz

The rapid use of electronic data processing and electronic businesses through the Internet increased the need for protecting the computer devices and the information stored in them. As result several methods of protecting data such as anti-virus software, data encryption techniques, and regulating access to information through access controls has emerged over time. These data protection methods strive to protect the confidentiality, availability and integrity of information from various threats to information security. Past research in the information security has focused on malware, viruses, hacking, insider threat, employee non-compliance, social engineering and unauthorized access as some of the potential threats to computer devices and the information stored in them.

Machine Learning Approaches to Secure Virtual Machine Migration in the Cloud

Sajjan Shiva, Deepak Venugopal, Naveen Kumar

The use of virtualization is ubiquitous in cloud computing. IT providers can reduce costs and improve efficiency through the use of cloud-based virtual machines (VMs). A fundamental technique that is commonly used in cloud-based VM management is live migration. Specifically, live migration is an important technique enabling elastic management of virtualized resources. For dynamic load balancing, or for fault management, virtual machines (VMs) are routinely moved between servers within a datacenter or across datacenters. VMs can be migrated transparently to a physically distinct host with live migration. Specifically, the states of the running applications are maintained during such migrations, and thus has minimal impact on end-users or customers.

Design of Secure Random Number Generators for Cyber Security Applications

Lih-Yuan Deng, Dale Bowman

In many areas of scientific research, pseudo-random number generators (PRNGs) have been playing a very important role. Many PRNGs recently proposed in the field of computer simulation have several nice properties of HELP. Many of the generators that have the desirable properties for a "good" random number generator for computer simulation are linear generators and are predictable from a few past number of variates. Hence, they are unsuitable for cyber security applications. There are several applications in cryptography where it is essential to have good and secure cations such as automatic password generation, online gambling, and financial transactions. Secure PRNGs are essential in many digital signature schemes such as DSA (Digital Signature Algorithm). It is generally agreed that the PRNGs has been one of the weakest links in various cyber security applications. To design good random number generators suitable for both security and computer simulation applications is a very challenging task. A new design to combine the best features from both approaches is proposed.

Moral Intuition and Consumer Response to Privacy Norm Violations: An N400 ERP Study

George D. Deitz

The frequency and extent of privacy violation in cyberspace has increased in scope and intensity and exposure of customer private data on a large scale has become a common occurrence. While most agree that privacy is important, there remains limited understanding of the psychological and social consequences of privacy violations, especially at they relate to technology use. In the proposed research, I seek to apply Haidt's (1995) social intuitionist model (SIM) of moral judgment as a theoretical framework for exploring how individuals process and respond to the loss of personal information. The proposal provides a brief summary of SIM, carefully laying out its potential application in the context of privacy norm violations. Next, it outlines the design and execution of a series of experimental studies. The potential contribution of the study (and attractiveness to grant-funding agencies down the line) is expected to be enhanced through use of neuroscientific research methods.

Exploring Cyber Security Issues and Solutions for Photovoltaic (PV) System Connected to DC Microgrid

Mohd Hasan Ali, Dipankar Dasgupta

A smart grid aims to improve the efficiency, reliability, economics, and sustainability of the production and distribution of electrical power. Two-way digital communication and computer-based remote control and automation are the keys to a smart grid system. Nowadays, considering the growing demand for the DC loads and simplified interface with renewable power generation sources like photovoltaic (PV) system, DC microgrids could be cheaper and more efficient solutions for the power supply in a small-scale area. The supervisory control and data acquisition (SCADA) system maintains the bidirectional power communication through the integration of internet connectivity with the microgrid. However, this intelligent and interactive feature of the modern power grid may pose a cyber security threat to the system. An intruder may enter to the cyber-physical system of the power grid and disconnect the PV system. This will result in power deficiency in the grid and thus will affect the consumers resulting the dark out situation. The goal of this project is to investigate and test cyber security for the PV system with a view to building a resilient and reliable smart microgrid. To mitigate the adverse effects of cyber-attacks on the PV system performance, two new techniques based on non-linear and proportional-integral (PI) controllers have been proposed.

Case Studies on Health Information Security and Privacy Breach in the United States

Soumitra Bhuyan

The use of information technology in healthcare has drastically increased in recent times owing to the passage of the Health Information Technology for Economic and Clinical Health (HITECH). This development, however, has been accompanied by an increase in susceptibility of sensitive patient information to breaches. A breach of information happens when data is lost, stolen, displaced, hacked or communicated to unofficial recipients. Nationally, an estimated that half of all healthcare organizations experienced one in five cyber-attacks in 2014 and another study concluded that about 94% of healthcare companies had experienced at least one form of cyber-attack, which have or could result to breach of information. The high number of breaches of healthcare due to cyber-attacks has been attributed to the richness of data housed by healthcare organizations. The increase in the prevalence of data breach should allude to the need for healthcare to better invest in securing their data. The objective of this study is to gain an in-depth understanding of the impact of data breach on healthcare organizations. To further understand their response to such an event and how it affects an organizations on issues like Overall organizational performance, Quality of care and Organizational moral.

Content-based detection of Fake Reviews using Deep Learning

Deepak Venugopal, Naveen Kumar

Reviews play a highly influential role in the age of social media. Some surveys have shown that 90% of consumers read online reviews before making a purchase decision, and that almost 70% of consumers trust the opinions in online reviews. Additionally, businesses pay close attention to what consumers are writing about them online to maintain their brand reputation. Maintaining a fair, unbiased review system is extremely important for both users and businesses, particularly because it is relatively easy to influence people on social media. Unfortunately, detecting anomalous or fake reviews automatically is well-known to be an extremely challenging problem. Though, several machine learning approaches have been proposed for this problem, they are quite simplistic since most of them look at meta-level features. Unfortunately, it is quite simple to fool learning algorithms that use such features. For instance, a fake user could create several aliases and write a single review under every new alias or the fake user could simply adjust his/her rate of writing reviews to avoid detection, etc. The central issue here is that one needs a much more deeper level understanding of what fakeness means to effectively detect fake reviews. In this project, we propose to develop a fake review detection mechanism using advanced linguistic analysis. That is, we will analyze the language content in the reviews to determine whether a review is fake or genuine.