An Optimization Framework for Generalized Relevance Learning Vector Quantization with Application to Z-Wave Device Fingerprinting

Z-Wave is low-power, low-cost Wireless Personal Area Network (WPAN) technology supporting Critical Infrastructure (CI) systems that are interconnected by government-to-internet pathways. Given that Z-wave is a relatively unsecure technology, Radio Frequency Distinct Native Attribute (RF-DNA) Fingerprinting is considered here to augment security by exploiting statistical features from selected signal responses. Related RF-DNA efforts include use of Multiple Discriminant Analysis (MDA) and Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifiers, with GRLVQI outperforming MDA using empirically determined parameters. GRLVQI is optimized here for Z-Wave using a full factorial experiment with spreadsheet search and response surface methods. Two optimization measures are developed for assessing Z-Wave discrimination: 1) Relative Accuracy Percentage (RAP) for device classification, and 2) Mean Area Under the Curve (AUCM) for device identity (ID) verification. Primary benefits of the approach include: 1) generalizability to other wireless device technologies, and 2) improvement in GRLVQI device classification and device ID verification performance

Multivariate Stochastic Approximation to Tune Neural Network Hyperparameters for Criticial Infrastructure Communication Device Identification

The e-government includes Wireless Personal Area Network (WPAN) enabled internet-to-government pathways. Of interest herein is Z-Wave, an insecure, low-power/cost WPAN technology increasingly used in critical infrastructure. Radio Frequency (RF) Fingerprinting can augment WPAN security by a biometric-like process that computes statistical features from signal responses to 1) develop an authorized device library, 2) develop classifier models and 3) vet claimed identities. For classification, the neural network-based Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier is employed. GRLVQI has shown high fidelity in classifying Z-Wave RF Fingerprints; however, GRLVQI has multiple hyperparameters. Prior work optimized GRLVQI via a full factorial experimental design. Herein, optimizing GRLVQI via stochastic approximation, which operates by iterative searching for optimality, is of interest to provide an unconstrained optimization approach to avoid limitations found in full factorial experimental designs. The results provide an improvement in GRLVQI operation and accuracy. The methodology is further generalizable to other problems and algorithms

Tuning Hyperparameters for DNA-based Discrimination of Wireless Devices

The Internet of Things (IoT) and Industrial IoT (IIoT) is enabled by Wireless Personal Area Network (WPAN) devices. However, these devices increase vulnerability concerns of the IIoT and resultant Critical Infrastructure (CI) risks. Secure IIoT is enabled by both pre-attack security and post-attack forensic analysis. Radio Frequency (RF) Fingerprinting enables both pre- and post-attack security by providing serial-number level identification of devices through fingerprint characterization of their emissions. For classification and verification, research has shown high performance by employing the neural network-based Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier. However, GRLVQI has numerous hyperparameters and tuning requires AI expertise, thus some researchers have abandoned GRLVQI for notionally simpler, but less accurate, methods. Herein, we develop a fool-proof approach for tuning AI algorithms. For demonstration, Z-Wave, an insecure low-power/cost WPAN technology, and the GRLVQI classifier are considered. Results show significant increases in accuracy (5% for classification, 50% verification) over baseline methods

User-Friendly Interface for Forensic Analysis Using Raspberry Pi

With a high variety of Internet of Things (IoT) devices and their inherently high vulnerability level, it is crucial to save investigators&rsquo; time for forensic analysis (Bertino3). This research aims to develop an application that would assist with performing forensic analysis on Raspberry Pi devices and would provide user-friendly information to investigators or researchers. Automating many tasks and highlighting areas that need human inspection would optimize investigators&rsquo; time and effort (Kebande12). Providing user-friendly graphs and text outputs suitable for reports and communication would empower non-technical persons to understand the results of inspections (Tassone25). Research methods for this effort include setting up Raspberry Pi devices, performing attacks over the network on one device, collecting commands that get events history, automating these commands as feasible, and visualizing the forensic data. As a result, I identified the tasks that lend themselves to automation, forensic data that can be communicated with visual representations, and I developed an application that assists in performing forensics quickly.</p

Cyber-Physical Security with RF Fingerprint Classification through Distance Measure Extensions of Generalized Relevance Learning Vector Quantization

Radio frequency (RF) fingerprinting extracts fingerprint features from RF signals to protect against masquerade attacks by enabling reliable authentication of communication devices at the “serial number” level. Facilitating the reliable authentication of communication devices are machine learning (ML) algorithms which find meaningful statistical differences between measured data. The Generalized Relevance Learning Vector Quantization-Improved (GRLVQI) classifier is one ML algorithm which has shown efficacy for RF fingerprinting device discrimination. GRLVQI extends the Learning Vector Quantization (LVQ) family of “winner take all” classifiers that develop prototype vectors (PVs) which represent data. In LVQ algorithms, distances are computed between exemplars and PVs, and PVs are iteratively moved to accurately represent the data. GRLVQI extends LVQ with a sigmoidal cost function, relevance learning, and PV update logic improvements. However, both LVQ and GRLVQI are limited due to a reliance on squared Euclidean distance measures and a seemingly complex algorithm structure if changes are made to the underlying distance measure. Herein, the authors (1) develop GRLVQI-D (distance), an extension of GRLVQI to consider alternative distance measures and (2) present the Cosine GRLVQI classifier using this framework. To evaluate this framework, the authors consider experimentally collected Z -wave RF signals and develop RF fingerprints to identify devices. Z -wave devices are low-cost, low-power communication technologies seen increasingly in critical infrastructure. Both classification and verification, claimed identity, and performance comparisons are made with the new Cosine GRLVQI algorithm. The results show more robust performance when using the Cosine GRLVQI algorithm when compared with four algorithms in the literature. Additionally, the methodology used to create Cosine GRLVQI is generalizable to alternative measures

A systematic review of crime facilitated by the consumer Internet of Things

The nature of crime is changing — estimates suggest that at least half of all crime is now committed online. Once everyday objects (e.g. televisions, baby monitors, door locks) that are now internet connected, collectively referred to as the Internet of Things (IoT), have the potential to transform society, but this increase in connectivity may generate new crime opportunities. Here, we conducted a systematic review to inform understanding of these risks. We identify a number of high-level mechanisms through which offenders may exploit the consumer IoT including profiling, physical access control and the control of device audio/visual outputs. The types of crimes identified that could be facilitated by the IoT were wide ranging and included burglary, stalking, and sex crimes through to state level crimes including political subjugation. Our review suggests that the IoT presents substantial new opportunities for offending and intervention is needed now to prevent an IoT crime harvest

The Z-Wave Routing Protocol and Its Security Implications

Z-Wave is a proprietary technology used to integrate sensors and actuators over RF and perform smart home and office automation services. Lacking implementation details, consumers are under-informed on the security aptitude of their installed distributed sensing and actuating systems. While the Physical (PHY) and Medium Access Control (MAC) layers of the protocol have been made public, details regarding the network layer are not available for analysis. Using a real-world Z-Wave network, the frame forwarding and topology management aspects of the Z-Wave routing protocol are reverse engineered. A security analysis is also performed on the network under study to identify source and data integrity vulnerabilities of the routing protocol. It is discovered that the topology and routes may be modified by an outsider through the exploitation of the blind trust inherent to the routing nodes of the network. A Black Hole attack is conducted on a real-world Z-Wave network to demonstrate a well-known routing attack that exploits the exposed vulnerabilities. As a result of the discoveries, several recommendations are made to enhance the security of the routing protocol

Air Force Institute of Technology Research Report 2016

This Research Report presents the FY16 research statistics and contributions of the Graduate School of Engineering and Management (EN) at AFIT. AFIT research interests and faculty expertise cover a broad spectrum of technical areas related to USAF needs, as reflected by the range of topics addressed in the faculty and student publications listed in this report. In most cases, the research work reported herein is directly sponsored by one or more USAF or DOD agencies. AFIT welcomes the opportunity to conduct research on additional topics of interest to the USAF, DOD, and other federal organizations when adequate manpower and financial resources are available and/or provided by a sponsor. In addition, AFIT provides research collaboration and technology transfer benefits to the public through Cooperative Research and Development Agreements (CRADAs)

Academic Year 2019-2020 Faculty Excellence Showcase, AFIT Graduate School of Engineering & Management

An excerpt from the Dean\u27s Message: There is no place like the Air Force Institute of Technology (AFIT). There is no academic group like AFIT’s Graduate School of Engineering and Management. Although we run an educational institution similar to many other institutions of higher learning, we are different and unique because of our defense-focused graduate-research-based academic programs. Our programs are designed to be relevant and responsive to national defense needs. Our programs are aligned with the prevailing priorities of the US Air Force and the US Department of Defense. Our faculty team has the requisite critical mass of service-tested faculty members. The unique composition of pure civilian faculty, military faculty, and service-retired civilian faculty makes AFIT truly unique, unlike any other academic institution anywhere