A Novel Technique for Sample Point Discovery and Its Use in a Proposed Broadcast Confusion Attack on High-Speed Controller Area Networks

Over the last twenty-five years, the Controller Area Network, or CAN, has become ubiquitous in the automotive world as a communication network. That ubiquity is attributed to its high immunity to electrical interference and its resilience to data errors. CAN was designed to ensure data integrity during transmission and allow for multiple nodes to transmit information without a central device controlling that transmission. Given the ubiquity of CAN, much research has been performed to detect and protect against external intrusions on the network. In this paper, I present a methodology for the measurement of key CAN timing parameters. With the detection and understanding of these parameters, I demonstrate a proof of concept attack, dubbed the Broadcast Confusion Attack, which allows for the data integrity of the network to be weakened. Evolutions of this attack could be performed without being detected by two of the three categories of CAN intrusion detection systems. In the evolutions of the attack, devices could be completely overwritten by the attacker without any device (even the victim) knowing such an attack has occurred

Cybersecurity Methods for Grid-Connected Power Electronics

The present work shows a secure-by-design process, defense-in-depth method, and security techniques for a secure distributed energy resource. The distributed energy resource is a cybersecure, solar inverter and battery energy storage system prototype, collectively called the Cybersecure Power Router. Consideration is given to the use of the Smart Green Power Node for a foundation of the present work. Metrics for controller security are investigated to evaluate firmware security techniques. The prototype\u27s ability to mitigate, respond to, and recover from firmware integrity degradation is examined. The prototype shows many working security techniques within the context of a grid-connected, distributed energy resource. Further work is expected in the Cybersecure Power Router project. Consideration is also provided for the migration of the present research and the Smart Green Power Node to realize a pre-production prototype

DESIGN OF A NON-DESTRUCTIVE SYSTEM FOR ARCTIC PERMAFROST DETECTION VIA HIGH FREQUENCY ELECTROMAGNETIC INDUCTION

Electromagnetic induction (EMI) sensors have been utilized in the past by the United States Army Corps of Engineers as a method of detecting unexploded ordnance (UXO). Recently, an EMI instrument was constructed that extended the traditional EMI frequency range from 100 kHz to 15 MHz to aid in the detection of nonmetallic ordnance, landmines, and improvised explosive devices. Building on this research, the iFROST mapper project aims to use the same high-frequency (HF) EMI technique to characterize arctic soil and subsurface permafrost deposits. Based on a device used by the US Army for UXO detection, an HF EMI instrument was created to study soil characteristics in arctic environments simulated by thermal chambers capable of creating internal temperatures as cold as -75°C. In parallel, a land-mobile HF EMI system was designed to complete three-dimensional nondestructive subsurface soil studies beneath existing infrastructure in arctic areas of interest. This thesis covers the design, fabrication, and initial testing of the HF EMI system for laboratory experiments in simulated environments. Additionally, this thesis presents the system architecture, hardware and software design, and component-level testing of the iFROST mapper, a land-mobile arctic regions HF EMI instrument

Optical Synchronization of Time-of-Flight Cameras

Time-of-Flight (ToF)-Kameras erzeugen Tiefenbilder (3D-Bilder), indem sie Infrarotlicht aussenden und die Zeit messen, bis die Reflexion des Lichtes wieder empfangen wird. Durch den Einsatz mehrerer ToF-Kameras können ihre vergleichsweise geringere Auflösungen überwunden, das Sichtfeld vergrößert und Verdeckungen reduziert werden. Der gleichzeitige Betrieb birgt jedoch die Möglichkeit von Störungen, die zu fehlerhaften Tiefenmessungen führen. Das Problem der gegenseitigen Störungen tritt nicht nur bei Mehrkamerasystemen auf, sondern auch wenn mehrere unabhängige ToF-Kameras eingesetzt werden. In dieser Arbeit wird eine neue optische Synchronisation vorgestellt, die keine zusätzliche Hardware oder Infrastruktur erfordert, um ein Zeitmultiplexverfahren (engl. Time-Division Multiple Access, TDMA) für die Anwendung mit ToF-Kameras zu nutzen, um so die Störungen zu vermeiden. Dies ermöglicht es einer Kamera, den Aufnahmeprozess anderer ToF-Kameras zu erkennen und ihre Aufnahmezeiten schnell zu synchronisieren, um störungsfrei zu arbeiten. Anstatt Kabel zur Synchronisation zu benötigen, wird nur die vorhandene Hardware genutzt, um eine optische Synchronisation zu erreichen. Dazu wird die Firmware der Kamera um das Synchronisationsverfahren erweitert. Die optische Synchronisation wurde konzipiert, implementiert und in einem Versuchsaufbau mit drei ToF-Kameras verifiziert. Die Messungen zeigen die Wirksamkeit der vorgeschlagenen optischen Synchronisation. Während der Experimente wurde die Bildrate durch das zusätzliche Synchronisationsverfahren lediglich um etwa 1 Prozent reduziert.Time-of-Flight (ToF) cameras produce depth images (three-dimensional images) by measuring the time between the emission of infrared light and the reception of its reflection. A setup of multiple ToF cameras may be used to overcome their comparatively low resolution, increase the field of view, and reduce occlusion. However, the simultaneous operation of multiple ToF cameras introduces the possibility of interference resulting in erroneous depth measurements. The problem of interference is not only related to a collaborative multicamera setup but also to multiple ToF cameras operating independently. In this work, a new optical synchronization for ToF cameras is presented, requiring no additional hardware or infrastructure to utilize a time-division multiple access (TDMA) scheme to mitigate interference. It effectively enables a camera to sense the acquisition process of other ToF cameras and rapidly synchronizes its acquisition times to operate without interference. Instead of requiring cables to synchronize, only the existing hardware is utilized to enable an optical synchronization. To achieve this, the camera’s firmware is extended with the synchronization procedure. The optical synchronization has been conceptualized, implemented, and verified with an experimental setup deploying three ToF cameras. The measurements show the efficacy of the proposed optical synchronization. During the experiments, the frame rate was reduced by only about 1% due to the synchronization procedure

Advancements in Multinuclear Multichannel NMR and MRI

The introduction of receive arrays revolutionized ^1H MRI and in vivo NMR by increasing SNR and enabling accelerated imaging. All MRI scanners manufactured today are equipped to receive signals from ^1H array coils, but few support multi-channel reception for other nuclei. The extension of receive arrays to non^1H nuclei has proven difficult because of the lack of broadband array receivers. These nuclei often have low sensitivity and stand to benefit greatly from the increase in SNR arrays provide. This dissertation presents a variety of technologies that have been developed to enable the development and use of X-nuclear and multi-nuclear arrays. Frequency conversion receiver front-ends provide a straightforward and cost-effective approach for adapting standard ^1H multi-channel array receivers for use with other nuclei. Two generations of frequency translation receiver front-ends have been developed that use active mixers to convert the received signal from a non^1H array to the ^1H frequency for reception by the host system receiver. This first-generation system has been demonstrated on 4.7T and 7T systems without any decrease in SNR as compared to the stock systems, and has been shown to be capable of accommodating ^1H decoupling. The second-generation receiver was developed to add the capability to simultaneously convert signals received from multiple nuclei as well as to streamline the setup and use of the translation system. Frequency translation has been shown to be able to convert ^1H-only multi-channel receivers for use with other nuclei with minimal degradation of SNR. In addition, a standalone broadband system capable of simultaneous multi-nuclear imaging and spectroscopy at 1T and 4.7T has been developed. This system can either operate completely independently or interface with existing systems. The broadband system has been demonstrated with simultaneous imaging and spectroscopy of three nuclei. This work allows existing multi-channel MRI receivers to be adapted to receive signals from nuclei other than hydrogen, allowing for the use of receive arrays for in vivo multi-nuclear NMR

Cost-Effective and Energy-Efficient Techniques for Underwater Acoustic Communication Modems

Finally, the modem developed has been tested experimentally in laboratory (aquatic environment) showing that can communicates at different data rates (100..1200 bps) compared to state-of-the-art research modems. The software used include LabVIEW, MATLAB, Simulink, and Multisim (to test the electronic circuit built) has been employed.Underwater wireless sensor networks (UWSNs) are widely used in many applications related to ecosystem monitoring, and many more fields. Due to the absorption of electromagnetic waves in water and line-of-sight communication of optical waves, acoustic waves are the most suitable medium of communication in underwater environments. Underwater acoustic modem (UAM) is responsible for the transmission and reception of acoustic signals in an aquatic channel. Commercial modems may communicate at longer distances with reliability, but they are expensive and less power efficient. Research modems are designed by using a digital-signal-processor (DSP is expensive) and field-programmable-gate-array (FPGA is high power consuming device). In addition to, the use of a microcontroller is also a common practice (which is less expensive) but provides limited computational power. Hence, there is a need for a cost-effective and energy-efficient UAM to be used in budget limited applications. In this thesis different objectives are proposed. First, to identify the limitations of state-of-the-art commercial and research UAMs through a comprehensive survey. The second contribution has been the design of a low-cost acoustic modem for short-range underwater communications by using a single board computer (Raspberry-Pi), and a microcontroller (Atmega328P). The modulator, demodulator and amplifiers are designed with discrete components to reduce the overall cost. The third contribution is to design a web based underwater acoustic communication testbed along with a simulation platform (with underwater channel and sound propagation models), for testing modems. The fourth contribution is to integrate in a single module two important modules present in UAMs: the PSK modulator and the power amplifier

Doctor of Philosophy

dissertationLow-cost wireless embedded systems can make radio channel measurements for the purposes of radio localization, synchronization, and breathing monitoring. Most of those systems measure the radio channel via the received signal strength indicator (RSSI), which is widely available on inexpensive radio transceivers. However, the use of standard RSSI imposes multiple limitations on the accuracy and reliability of such systems; moreover, higher accuracy is only accessible with very high-cost systems, both in bandwidth and device costs. On the other hand, wireless devices also rely on synchronized notion of time to coordinate tasks (transmit, receive, sleep, etc.), especially in time-based localization systems. Existing solutions use multiple message exchanges to estimate time offset and clock skew, which further increases channel utilization. In this dissertation, the design of the systems that use RSSI for device-free localization, device-based localization, and breathing monitoring applications are evaluated. Next, the design and evaluation of novel wireless embedded systems are introduced to enable more fine-grained radio signal measurements to the application. I design and study the effect of increasing the resolution of RSSI beyond the typical 1 dB step size, which is the current standard, with a couple of example applications: breathing monitoring and gesture recognition. Lastly, the Stitch architecture is then proposed to allow the frequency and time synchronization of multiple nodes' clocks. The prototype platform, Chronos, implements radio frequency synchronization (RFS), which accesses complex baseband samples from a low-power low-cost narrowband radio, estimates the carrier frequency offset, and iteratively drives the difference between two nodes' main local oscillators (LO) to less than 3 parts per billion (ppb). An optimized time synchronization and ranging protocols (EffToF) is designed and implemented to achieve the same timing accuracy as the state-of-the-art but with 59% less utilization of the UWB channel. Based on this dissertation, I could foresee Stitch and RFS further improving the robustness of communications infrastructure to GPS jamming, allow exploration of applications such as distributed beamforming and MIMO, and enable new highly-synchronous wireless sensing and actuation systems

A novel cosmic-ray neutron detector for soil moisture estimation over large areas

Water scarcity and droughts problems in several parts of the world highlight the necessity of new solutions for better management of water resources. The prerequisite is reliable soil moisture data, measured over large-scales and in real-time. Due to this crucial role, many devices have been developed to measure soil moisture at different spatial and temporal scales. Available technologies range from point-scale invasive approaches as for instances Time Domain Reflectometry (TDR) probes to remote sensing approaches, like satellite remote methods. Nevertheless, practical problems arise when using these techniques: point-scale probe are invasive and their estimate difficult to scale up to field level, on the other hand, remote sensing exhibit unsuitable temporal resolution and, most importantly, they are sensitive only to a thin part of the soil and land surface. In the last decade, to overcome operational challenges of the aforementioned techniques, a proximal geophysical method has been developed, in order to fill the gap between point scale and remote sensing approaches: the Cosmic-ray Neutron Sensing (CRNS). CRNS is a valid and robust alternative, offering many advantages: it is contactless, allows quantification of soil moisture averaged over large areas with only one probe, and is not invasive for agricultural field operations. The significant advantages of the CRNS are its large horizontal footprint (up to tens of hectares) and the penetration depth of tens of centimeters, enough to reach typical roots depth. State-of-the-art probes used in CRNS are based on Helium-3 proportional counter tubes. Helium-3 is a nuclide produced almost entirely in artificial contexts as sub-product of the tritium decay, the current storage is depleting, and the price is high and rising, as it comes mainly from the production or dismantling of the nuclear weapons of the past decades. In the thesis, a new solution was studied. This new probe is based on a composite detector made of commercial scintillation detectors: EJ-276 and EJ-420(6) both manufactured by Eljen Technology (USA). In this kind of detectors, particles are identified and discriminated according to the generated signals, with an algorithm based on Pulse Shape Discrimination (PSD) which exploits the different processes activated by different particles interacting in the scintillator. PSD parameters were optimized with the aim of ensuring optimal discrimination capabilities. The readout is made of a flat panel photomultiplier H8500 from Hamamatsu, a fast digitizer DT5725 from CAEN, a low-cost, low-power, embedded computer Beaglebone black from Beagleboard and a low cost High Voltage power supply A7505 from CAEN. The digitizer is interfaced with the embedded computer, which hosts the acquisition and the analysis software. The online analysis software was developed as a distributed system where each task is handled by an independent server always running. Finally, the probe was installed in a recent orchard with walnut trees for four months. Results showed that the reconstructed soil moisture is well correlated with precipitations, and it shows the limit of standard measurement, that can be influenced by the heterogeneity of the soil and the irrigation distribution

Secure Control and Operation of Energy Cyber-Physical Systems Through Intelligent Agents

The operation of the smart grid is expected to be heavily reliant on microprocessor-based control. Thus, there is a strong need for interoperability standards to address the heterogeneous nature of the data in the smart grid. In this research, we analyzed in detail the security threats of the Generic Object Oriented Substation Events (GOOSE) and Sampled Measured Values (SMV) protocol mappings of the IEC 61850 data modeling standard, which is the most widely industry-accepted standard for power system automation and control. We found that there is a strong need for security solutions that are capable of defending the grid against cyber-attacks, minimizing the damage in case a cyber-incident occurs, and restoring services within minimal time. To address these risks, we focused on correlating cyber security algorithms with physical characteristics of the power system by developing intelligent agents that use this knowledge as an important second line of defense in detecting malicious activity. This will complement the cyber security methods, including encryption and authentication. Firstly, we developed a physical-model-checking algorithm, which uses artificial neural networks to identify switching-related attacks on power systems based on load flow characteristics. Secondly, the feasibility of using neural network forecasters to detect spoofed sampled values was investigated. We showed that although such forecasters have high spoofed-data-detection accuracy, they are prone to the accumulation of forecasting error. In this research, we proposed an algorithm to detect the accumulation of the forecasting error based on lightweight statistical indicators. The effectiveness of the proposed algorithms was experimentally verified on the Smart Grid testbed at FIU. The test results showed that the proposed techniques have a minimal detection latency, in the range of microseconds. Also, in this research we developed a network-in-the-loop co-simulation platform that seamlessly integrates the components of the smart grid together, especially since they are governed by different regulations and owned by different entities. Power system simulation software, microcontrollers, and a real communication infrastructure were combined together to provide a cohesive smart grid platform. A data-centric communication scheme was selected to provide an interoperability layer between multi-vendor devices, software packages, and to bridge different protocols together