All are invited to join us for presentations and demonstrations about Cyber Security Technologies (IT-S 848 / ITMS 548) created by students in IIT's School of Applied Technology. The event is free and open to the public. Advance registration is not required.
The eight research and proof of principle projects described below began in August 2016 in the School of Applied Technology at IIT. The projects broadly focus on cyber security. These two-semester graduate school projects will continue through the end of April 2017.1 The presentations will be works in progress. Interim presentations and demonstrations will be held on Wednesday, November 30, 2016 in the Rice (Wheaton IL) campus auditorium (room 166) beginning at 6pm. The Rice campus is located just east of the Butterfield Rd and Naperville-Wheaton Rd intersection and just north of Butterfield Rd. the address is 201 East Loop Road Wheaton IL.
Android APP Authentication
Most Android apps have a need for authenticating and storing users’ credentials. For this reason, Android provides an interface to manage app and user credentials. Benefits include a simplified authentication, built-in support for different levels of authorization and token sharing and data synchronization between different devices, while keeping developer choices concerning identity management. This project involves writing a skeleton Android app that authenticates using the different APIs and Identity Providers. The different APIs and providers will then be compared with respect to their complexity, security robustness, and feature set.
Digital Image Fingerprinting Tool Using Sensor Photo Response Non-Uniformity
PRNU (Photo Response Non-Uniformity) is becoming widely accepted as a unique fingerprint of digital cameras. Using the PRNU fingerprint, the investigators can link the digital camera with the image. This project is investigating the mechanisms used in PRNU fingerprinting and its effectiveness across 4 different scenarios (1) against the images from the same source (2) against the images from different sources (3) against a large database of images (4) attempt a blind experiment against a random selection of digital images from several sources
Internet of Things Penetration Testing
This project researches the security and vulnerabilities of the Bluetooth Low Energy BLE) Protocol, widely used in IoT devices. This includes a deep look into the BLE protocol, its usages in the IoT sphere, and what vulnerabilities may exist for this protocol. The ability of current pen testing tool suites to communicate and operate effectively on BLE compatible devices are being evaluated. In addition, this project is investigating and evaluating the robustness BLE with respect to communication security.
Internet of Things Heart Rate
Bluetooth Low Energy device increases in popularity with lower energy consumption and reliable connectivity compare to the classic Bluetooth. Some of these device like Fitbit collect and transmit healthcare data such as heart rate. This project investigates the apparent weak communication security of Bluetooth Low Energy devices by building of an emulated heart rate monitor using an Intel Arduino 101. Once communication is established between the heart rate monitor and a smart phone application, Bluetooth Low Energy traffic is being captured and analyzed.
Blind F5 JPEG Steganalysis
Steganography aims for low possibility of detection. Algorithms that have been developed to address this goal for JPEG image file carriers began with JSTEG Algorithm. However statistical analysis made JSTEG detectable. An improved algorithm called F3 increased the difficulty of detection; however, it too succumbed to more advanced statistical analysis. The latest algorithm, named F5 has shown itself to be difficult to detect. This project is investigating proposed schemes for detecting the existence of data hidden using F5 steganography.
MP4 files have become the most widely used video media file that is available. This makes the MP4 file and interesting candidate for steganography. Due to its large size and structure, a great deal of information can be potentially hidden. Yet it has been a challenge to the steganography developers; few if any have been successful. This project analyzes steganographic schemes for hiding data in MP4 files to understand the apparent difficulties, develop a scheme for hiding and possibly develop a tool.
Machine Learning for MP3 Steganalysis
Steganography conceals a message or payload in a carrier such that the very existence of the message is unknown. Carriers can include image, audio, and video formats. They can even use network protocols as the carrier. Whereas the goal of steganography is to conceal a message, the goal of steganalysis is to detect and possibly recover the message.
Most steganalysis techniques either rely on signatures, similar to antivirus software, or statistical analysis to detect anomalies. Now a new system based on machine learning techniques has emerged. Machine Learning (ML) is composed of two broad approaches; supervised and unsupervised. In supervised machine learning the system is trained with data that has been categorized with the goal of creating a function to categorize new data. Conversely, in unsupervised machine learning the system must create the function without any prior knowledge of the data. ML has been applied to steganalysis, but it is difficult to use supervised techniques since there is little training data available, so the preferred technique is unsupervised.
The goal of this project is to develop a ML framework that can be applied to future steganalysis projects.
Blind MP3 Steganalysis of Post-Encoded Files
MP3 files have become ubiquitous for audio file storage due to their ease of use, high quality, and relatively small size. However, they are also ideal as secret carriers for steganographic data. A number of applications have been developed, both free and for a fee, that are able to place data into MP3 files with little to no impact on audio quality and either no or minimal size increase.
The authors are developing an application that examines an MP3 file, to determine the probability of the file being a carrier of hidden data, regardless of the application that hid the data.