The objective of this project is to exploit the vulnerabilities of IoT devices. IoT devices come in many different sizes running a variety of hardware, embedded operating systems, firmware, software, and communication protocols. Each IoT device is a standalone system and presents unique challenges for vulnerability exploitation. This project will select consumer IoT products available in local or online stores and conduct vulnerability exploitation on them. Examples of IoT devices to be studied include home routers, cable modems, smart locks, etc. The students studying this content area will participate in this project by conducting the following research activities: 1) network scanning: an initial scan can be conducted using the Nmap (Network Mapper). Scans will be conducted on both the LAN and WLAN sides to provide a broader array of surfaces for attacks. 2) bypassing authentication: the second step is to attempt to bypass authentication which would provide access to intended functionality without having to sign in to the device. 3) vulnerability exploitation: the third step is to attempt to execute arbitrary code on the device which would provide access to unintended functionality. This step is more challenging as it includes running and adjusting commands until something works or fails to work. We will also utilize other techniques to help exploit vulnerabilities on IoT devices. These techniques include, but are not limited to, static analysis, reverse engineering, fuzz testing, and computer forensics.
The objective of this project is to investigate the reconstruction of security incidents from evidence data collected from our IoT testing networks. Although there are many mature classic digital forensics techniques existed, conducting forensics on IoT devices is new and face many challenges. Reconstruction of security incidents from evidence data itself is also a very challenging issue in digital forensics. The students studying this content area will participate in this project by conducting the following research activities: 1) set up a small IoT testing network for ethical hacking: this small testing network will include firewall and intrusion detection system, etc. 2) design attack model and evidence model: we design attack models that aim to exploit the vulnerabilities on IoT devices and create evidence models for these attacks. An attack model defines the actions to be taken on an IoT device. An evidence model defines the effect of the attack actions, including fingerprints of sensitive operations and metadata of the artifacts (e.g., log name, format, location, and timestamp). 3) incident reconstruction: based on attack models, we perform the attacks against the target IoT devices. After the attacks are accomplished, we collect all related files. The above ethical hacking experiment will be followed by a manual forensics investigation. The investigation aims to find evidence from the collected files and correlate the evidence with the attack actions.
Traditional vehicular systems present a variety of inefficiencies in modern society, such as serious traffic congestion in cities around the world. To address these issues, the advances made with the new wave of semi-autonomous vehicles can be harnessed. A pervasive computing and networking paradigm is necessary for vehicles to convey information that human drivers could not easily perceive on their own. A cloud-based network made up of a combination of edge and remote clouds could meet the demands of the proposed network. Using such a system, drivers’ behaviors, road conditions and surroundings could be communicated between vehicles, providing the information necessary to better optimize transportation. In this research, we seek to test how the psychological concept of Nudge Theory could be applied to smart vehicular transportation. First, we look at how nudging drivers’ psychology can affect the overall system. Second, we create a simulation environment to implement the nudging algorithm in a cloud-based smart vehicular system. The expected outcomes will be an optimized nudge algorithm and a cloud-based smart vehicular system. Such a system is useful for transportation departments to simulate drivers’ behaviors and resolve shortcomings in traffic management.
The objective of this project is to identify firmware vulnerabilities on IoT devices and develop a remediation plan to prevent exploiting vulnerabilities in firmware. Many vulnerabilities have been reported in firmware including hardcoded credentials, secrete keys, network values, and buffer overflow. However, it requires many skills and is also very challenging to conduct firmware analysis. The students studying this content area will participate in this project by conducting the following research activities: 1) utilize static and dynamic analysis and fuzzing testing to identify vulnerabilities in firmware. The tools used for firmware analysis include Binwalker, Firmwalker, Firmadyne, etc. 2) establish a firmware testing framework to conduct firmware analysis in batch. 3) develop a remediation plan to prevent exploiting vulnerabilities in firmware. The outcomes of this project include identifying new firmware vulnerabilities on IoT devices, developing new tools for firmware analysis, etc.