UMass Dartmouth first-year electrical and computer engineering graduate student, Daniel Noyes, was named one of two winners at the Advanced Cyber Security Center’s (ACSC) New England cyber security conference held onNovember 5, at the Federal Reserve Bank of Boston. Daniel presented on USB security and its vulnerabilities to passive and active cyber-attacks. Daniel’s advisors on the presentation were Electrical and Computer Engineering (ECE) professors Hong Liu and Paul Fortier.
“My interest in USB security originated almost a year ago in Dr. Liu’s Network Security course,” said Daniel, who earned his Bachelor of Science degree from UMass Dartmouth’s College of Engineering in May 2015. “This course helped spark my interest in secure communication as well as embedded security. It dawned on me how a communication standard like the USB lacks security.”
Daniel was one of 15 students from a New England college or university selected to present at the conference. Overall five UMass Dartmouth students took part in the competition. The other winner was a team of two students from Dartmouth College. Each of the winners received a $1,000 prize. The competition was judged by members of the cyber security community who attended the conference. Dr. Howard Shrobe, Principal Research Scientist at MIT’s Computer Science and Artificial Intelligence Laboratory, chaired the session.
One of the most commonly used devices in the computer industry today is the Universal Serial Bus (USB). Through the use of a common connection, USB allows numerous peripheral devices the ability to communicate with each other. The usage of this technology spans from printers and storage media to user input devices, such as distributed power sources for cell phones. Because these devices are abundant in our everyday lives, ensuring security is essential.
“I think consumers right now know little about how secure the products they use are,” Daniel said. “But that is slowly changing and soon consumers will have adequate knowledge to protect themselves as well as the products they use. We see more and more companies offering protection for consumers. .”
USB devices have the potential to become gateways for malicious software according to Daniel. Due to these widespread insecurities, methods to protect critical devices are vital. The lack of security in current technology and lack of knowledge by consumers can lead to malicious software and/or individuals obtaining data via unsecure USB lines or other commonly used devices such as printers. Daniel’s project also outlined the ability of a malicious device to collect data simply through a user’s keyboard input.
Sniffing out an attack
Daniel’s project aims to analyze the USB protocol regarding vulnerabilities in addition to experimenting with security measurements to protect the USB from both passive and active cyber-attacks. The project looks at various security scenarios and provides a basis to show the potential threat of any information communication using the USB.
Through two experiments, Daniel detailed how ever-expanding technology is creating new frontiers in the encryption security field. Daniel’s first experiment outlined a sniffer attack, a common cyber-attack of software or device that can read, monitor, and capture data. Without encryption, a “sniffer” provides a full view of the data. Daniel’s second experiment demonstrated the benefits of additional security overlays through encryption of the USB device. If a user was able to utilize this additional layer of protection, even if an attack was attempted, the malicious software or individual would not be able to collect any sensitive data.
ACSC is a non-profit consortium launched and supported by Mass Insight Global Partnerships, which brings together industry, university, and government organizations to address the most advanced cyber threats. ACSC focuses on sharing cyber threat information, engaging in next-generation cybersecurity research and development, creating education programs that will address the shortfall in cyber talent, and advancing public policies that will enhance security.
UMass Dartmouth distinguishes itself as a vibrant public university actively engaged in personalized teaching and innovative research, and acting as an intellectual catalyst for regional economic, social, and cultural development. UMass Dartmouth's mandate to serve its community is realized through countless partnerships, programs, and other outreach efforts to engage the community, and apply its knowledge to help address local issues and empower others to facilitate change for all.