Skip to the content of the web site.
a look into the future of secure and privacy systems ...

Secure and Privacy-Preserving Cyber-Physical Systems: Software and Hardware Approaches


List of Projects

  1. Securing CPSs using the Revolutionary Blockchain Technology

  2. Secure Communication Schemes for Smart Power Grid

  3. Hardware Intrinsic Security Threats in IoTs

  4. Security Vulnerabilities in Deep Learning Deployment to Edge Devices in CPSs

  5. Anomaly Detection using Graph Streams to Protect Cyber Networks

  6. Formal Security Analysis of Industrial IoT (IIoT) Systems

  7. Secure Industrial Control Systems (ICSs)





Project (1): Securing CPSs using the Revolutionary Blockchain Technology

Blockchain is a decentralized and public digital ledger that is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the consensus of the network. Blockchain is the technology behind the cryptocurrency Bitcoin that lets people who do not know or trust each other build a dependable ledger. Blockchain technology has implications far beyond the cryptocurrency. In this project, the REU students will study using Blockchain to solve different security problems for real-world applications, investigate the advantages of using Blockchain over traditional approaches, and implement/evaluate the solutions on real Blockchain platform. Specifically, the REU students will work on the following cutting-edge research topic.

Secure Data Collection and Management of Internet of Things (IoT) Devices. In situations where thousands or tens of thousands of IoT devices are connected, using server-client model to control and manage the devices may have some limitations. Due to the centralized nature of the system, if the server fails (e.g., due to denial of service (DoS) attacks), the whole system fails. Moreover, in smart grid, some IoT devices should frequently report measurements, and attackers can compromise these measurements to launch data false injection attacks. Blockchain is a promising technology that can help solve the aforementioned challenges. The decentralized and immutable nature of the Blockchain makes it hard to launch DoS attacks and forge or modify the measurements stored in the Blockchain. In this task, the REU students will design a secure Blockchain-based IoT system to control IoT devices and store the measurements, and implement the system using Ethereum and a number of Raspberry Pis acquired from prior grants.


Qualifications: Self-driven and outcome-oriented work attitude, strong programming skills in Java, and knowledge/strong interest in security, cryptography, and networking fields is a plus, but not mandatory.

Mentor: Dr. Mahmoud (mmahmoud@tntech.edu)

Back to Top



Project (2):   Secure Communication Schemes for Smart Power Grid

The smart power grid is a revolutionary upgrade to the existing grid. It uses two-way communication and computational intelligence to create a system that is resilient and efficient. It also aims to reduce greenhouse gas emissions by integrating more renewable resources and electric vehicles (EVs). In this project, the REU students will work on the following cutting-edge research topic.

Secure and Privacy-Preserving Data Multicast Protocol. One of the main objectives of the smart grid is enabling several electricity suppliers (vendors) and consumers can subscribe to different vendors and programs. Thus, there is a need for a secure data multicast protocol to enable the grid operators and electricity suppliers to communicate securely with users who subscribe to a certain plan and/or reside in a specific area. Attribute based encryption (ABE) is a novel cryptosystem that can be used while considering secure multicasting. ABE is a type of public-key encryption in which the secret key of a user and the ciphertext are dependent upon attributes, e.g., the city in which a user lives, or the subscription plan. A ciphertext is generated based on an access policy which defines the set of attributes a user should have in order to decrypt that ciphertext. In this task, the REU students will study an efficient multicast scheme based on ABE to ensure message confidentiality. The REU students will use Raspberry Pis to emulate an AMI network and implement the proposed scheme and evaluate it.


Qualifications: Self-driven and outcome-oriented work attitude, strong programming skills in Java, and knowledge/strong interest in security, cryptography, and networking fields is a plus, but not mandatory.

Mentor: Dr. Mahmoud (mmahmoud@tntech.edu)

Back to Top



Project (3):   Hardware Intrinsic Security Threats in Internet of Things (IoTs)

Every year, more than 10 billion microcontrollers are manufactured, many of which are used in the smart devices. In the near future, even more devices around us will be smarter and connected to each other through the IoT. It i sexpected that 20 billion connected devices will be used worldwide by 2020. Many of the IoT devices are small in size, low in computation capabilities and powered by low capacity batteries. The amount of the information exchanged among IoT devices is very attractive to attackers, making them a target for cyber-attacks. The small size and low computation capability of battery-powered IoT devices make the traditional public key cryptography too expensive to be implemented. Although some efforts have been made in applying lightweight cryptography on IoT devices, they are not enough to protect the IoT networks from internal hardware Trojan (HT) based attacks. Because of the unique nature of HT, most of the traditional digital communication network vulnerability detection techniques cannot be used for HT-based IoT attacks. Hence, in this research, an REU participant will explore potential hardware intrinsic (HI) attack scenarios and their mitigation techniques.

Leveraging Network Traffic Modeling to Secure Home Area Network against Hardware Attacks. The smart home appliance (SHA) has been extensively deployed in millions of houses around the globe and connected to the internet. The recent threats due to HT in the integrated circuit (IC) has become a serious concern. REU participants will investigate a new approach to detect hardware Trojan based SHA in HAN by utilizing Hurst exponent value to model the network data traffic in real time. Students will explore how the network behavior changes due to HT of some of the well-known attacks on the HAN, namely, ARQ, DoS, power depletion, and impersonation attacks. Experimental verification using our in-house testbed [85] will be conducted against different attack scenarios.


Qualifications: Matlab, c/c++, microcontroller programming, EE, CmpE or CmpSci major, knowledge of encryption.

Mentor: Dr. Hasan (shasan@tntech.edu)

Back to Top



Project (4):   Security Vulnerabilities in Deep Learning Deployment to Edge Devices in CPSs

Deep learning has outperformed the conventional machine learning approaches. Deep learning uses the raw data itself to learn intrinsic features and make a classification or detection. This is achieved by building an architecture with a number of layers where each layer learns a certain feature inside the input data by transforming it into another abstraction. The initial layers (e.g Convolution layers and Pooling layers) learn low level features while the deeper layers (deeper Convolutional layer and fully connecter layers) learn complex features by representing the data in a higher abstraction. Therefore, having a number of layers between the lowest and the highest layers gives a freedom to learn more complex features compared to their ancestors which have limited number of layers. There are different phases of deep learning, including a training phase, testing phase and validation (inference) phase. Although deep learning is a very promising technique, its deployment into edge devices to perform inference phase of the deep learning on-site, requires further investigation. Firstly, deep learning architectures are very complex, and hence, compressing it into the reduced processing capabilities of edge devices is a challenge. Secondly, the compressed deployments bring their own security vulnerability issues. In this project, the REU students will investigate the new security challenges associated with such deep neural network (DNN) architectures.

Studying Deep Convolutional Neural Network Architectures against Adversarial Training. Recently, It has been proven an attack scenario where carefully and uniformly adding weight perturbations can lead to maliciously erroneous training results. However, for large DNN, such weight perturbations can be noticeable and easy to detect. In this research task, the REU students will further investigate the effect of weight perturbation on a small subset of weights. We will utilize the combination of identification of critical weights with the optimization problem of weigh perturbation, such as hardware oriented Fast Gradient Sign Method (FGSM) and Jacobian-based Saliency Map Approach (JSMA).


Qualifications: Matlab, c/c++, microcontroller programming, EE, CmpE or CmpSci major, knowledge of encryption.

Mentor: Dr. Hasan (shasan@tntech.edu)

Back to Top



Project (5):   Anomaly Detection using Graph Streams to Protect Cyber Networks

The continual increase in communication speeds, electronic data storage volumes, and sensors collecting diverse information about an environment, has resulted in a deluge of heterogeneous data being stored, processed, and analyzed. The number of applications of this information also continues to increase, e.g., thwart terrorist activities being planned online, detect cyber-bullying through social media, and improve patient care through sensors and data, just to name a few. One potential way to address these challenges, and discover interesting patterns and anomalies, is to represent the data as graph streams. However, there are many challenges associated with graph mining methods in regards to designing scalable algorithms that can operate in real-time on multiple graph streams. This project will focus on the detection of graph-based patterns and anomalies, in particular to (1) handle multiple, heterogeneous data streams, (2) integrate temporal attributes associated with changes in a network, and (3) improve upon the scalability and accuracy of graph-based anomaly detection on big data. The objective is not only to show that known patterns and anomalies in individual streams can still be discovered efficiently, but also that new patterns and anomalies consisting of information from multiple streams can be identified.

Temporal Anomaly Detection. Building upon what we learn from Year 1, we will expand our efforts by investigating advanced graph mining algorithms on data streams with a temporal component. We will go beyond existing methods to discover new types of patterns and anomalies based on the evolutionary changes in the graph streams. Using datasets that represent various temporal networks, the students will be able to experiment with different approaches when applied to various types of cyber-networks, and evaluate the effectiveness of detecting potential security risks within networks that include temporal attributes.


Qualifications: Solid programming experience, particularly in C/C++ in a Unix/Linux environment.

Mentor: Dr. Eberle (weberle@tntech.edu)

Back to Top

Project (6):   Formal Security Analysis of Industrial IoT (IIoT) Systems

A typical control loop of Industrial IoT (IIoT) system involves acquiring measurement data from the sensors/ physical devices and applying it to the controllers, while delivering commands from the controllers to the actuators/physical devices. Cyberattacks like denial of service, false data injection, or accidental/ technical failures may cause failed or altered data transmission, leading to an incorrect estimation of the system as well as incorrect control commands toward physical devices, leading the system into a nonoptimal or malicious state. The empirical analysis of these security attacks are overwhelming. Formal analysis of security properties has been proven to be efficient to proactively and provably identify potential threats. In this project, the REU students will model and develop a formal analyzer to assess the resiliency of an IIoT network. The smart additive manufacturing (3D printing) system will be used as the case study.

False Data Injection (FDI) Attack Analysis on the Controller. The sensor data can be altered to control the corrective measures of the QA controller maliciously to reach an attack objective, e.g., creating a specific distorted object. In this year, the REU student will learn the relation between the sensor data (the changes), the corrective measures, and the attack goal. The student will study if a formal framework can be produced through this relation.


Qualifications: High motivation in research with programming skill, especially in C/C++, C#, or Python.

Mentor: TBD (TBD)

Back to Top



Project (7):   Secure Industrial Control Systems (ICSs)

Sensors, IIoT, and CPSs can transform traditional manufacturing to smart manufacturing with focus on the increasing digitization and interconnection of products, value chains, and business models. Both IIoT systems and Industrial Control Systems (ICSs) are vulnerable to a variety of attacks. In this project, the REU students will study the following research topic.

Data-driven Early Detection of Intrusion. Different from general Information Technology (IT) systems, the states of ICSs change dynamically following physics laws. This ICS nature poses challenges to intrusion detection in ICSs because the dynamic behavior has to be precisely tracked to detect potential intrusions in real time. The predictor is a physical model that needs to be formed previously. Normally, the predictor can be built using linear system identification techniques, if sufficient operation data is available. Most of the existing intrusion detection systems assume that the ICSs can be modeled as discretetime memoryless Linear Time Invariant (LTI) systems. In real world, many ICSs have nonlinear behavior and memory effect. The REU students will design and examine an intrusion detector for a nonlinear ICS with memory. Simulated data will be used to identify the predictor using a model other than LTI system (e.g., neural network based), and few detection techniques will be adopted to generate alerts.


Qualifications: Matlab, c/c++, microcontroller programming, EE, CmpE or CmpSci major, knowledge of encryption.

Mentor: Dr. Guo (nguo@tntech.edu) and TBD (TBD)

Back to Top