Search

Your search keyword '"Bollmann, Chad A."' showing total 83 results
Start Over Author "Bollmann, Chad A."
83 results on '"Bollmann, Chad A."'

5. MACHINE LEARNING STATISTICAL DETECTION OF ANOMALIES USING NETFLOW RECORDS

Author

Bollmann, Chad A., Dinolt, George W., Electrical and Computer Engineering (ECE), Putman, Zachary W., Bollmann, Chad A., Dinolt, George W., Electrical and Computer Engineering (ECE), and Putman, Zachary W.

Abstract

NetFlow is a network protocol system that is used to represent an overall summary of computer network conversations. A NetFlow record can convert previously captured packet captures or obtain NetFlow session data in real time. This research examines the use of machine-learning techniques to identify anomalies in NetFlow records and classify malware behavior for further investigation. The intent is to identify low-cost solutions leveraging open-source software capable of deployment on computer hardware of currently in-use data networks. This work seeks to determine whether expert selection of features can improve machine-learning detection algorithm performance and evaluate the trade-offs associated with eliminating redundant or excessive numbers of features. We identify the Random Forest algorithm as the strongest single algorithm across three of four metrics, with our chosen NetFlow features cutting the testing and training times in half while incurring minor reductions in two metrics. The experiment demonstrates that the chosen NetFlow features are sufficiently discriminative to detect attacks with a success rate higher than 94%., NCWDG, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published
2023

6. IDENTIFICATION AND ANALYSIS OF ATTACKS USING RECOVERED RADIO NETWORK TEMPORARY IDENTIFIERS ON 5G USER EQUIPMENT

Author

Bollmann, Chad A., Hale, Britta, Computer Science (CS), Schindler, Thomas M., Bollmann, Chad A., Hale, Britta, Computer Science (CS), and Schindler, Thomas M.

Abstract

The next cellular network, 5G, will drastically increase the number of devices on a network. The increase in devices will provide a bigger attack surface for potential intruders and offer a pivot point to get inside networks once exploited. Researchers have already discovered how to de-anonymize the messages in the physical downlink control channel to recover Radio Network Temporary Identifiers (RNTI). Analysis of the 5G protocols identified potential vulnerabilities when an RNTI is known. A potential attacker is now able to recover RNTIs, making attacks on 5G devices inevitable. Additional research conducted into protocol vulnerabilities was completed and found possible vulnerabilities in some of the 5G protocols. This thesis examined how the aggregated results of prior work can be utilized to attack individual pieces of user equipment. Cyber security professionals will benefit from this research by understanding how these attacks will be carried out in order to identify defenses against them., Major, United States Army, Approved for public release. Distribution is unlimited.

Published
2023

8. FRAMEWORK FOR ANONYMIZED COVERT COMMUNICATIONS: A BLOCKCHAIN-BASED PROOF-OF-CONCEPT

Author

McEachen, John C., Tummala, Murali, Martinsen, Thor, Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), Kanth, Vikram K., McEachen, John C., Tummala, Murali, Martinsen, Thor, Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Kanth, Vikram K.

Abstract

In this dissertation, we present an information hiding approach incorporating anonymity that builds on existing classical steganographic models. Current security definitions are not sufficient to analyze the proposed information hiding approach as steganography offers data privacy by hiding the existence of data, a property that is distinct from confidentiality (data existence is known but access is restricted) and authenticity (data existence is known but manipulation is restricted). Combinations of the latter two properties are common in analyses, such as Authenticated Encryption with Associated Data (AEAD), yet there is a lack of research on combinations with steganography. This dissertation also introduces the security definition of Authenticated Stegotext with Associated Data (ASAD), which captures steganographic properties even when there is contextual information provided alongside the hidden data. We develop a hierarchical framework of ASAD variants, corresponding to different channel demands. We present a real-world steganographic embedding scheme, Authenticated SteGotex with Associated tRansaction Data (ASGARD), that leverages a blockchain-based application as a medium for sending hidden data. We analyze ASGARD in our framework and show that it meets Level-4 ASAD security. Finally, we implement ASGARD on the Ethereum platform as a proof-of-concept and analyze some of the ways an adversary might detect our embedding activity by analyzing historical Ethereum data., Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

9. LEVERAGING OPENAIRINTERFACE AND SOFTWARE DEFINED RADIO TO ESTABLISH A LOW-COST 5G NON-STANDALONE ARCHITECTURE

Author

Bollmann, Chad A., Rogers, Darren J., Information Sciences (IS), Jasmin, Jean P., Bollmann, Chad A., Rogers, Darren J., Information Sciences (IS), and Jasmin, Jean P.

Abstract

Includes Supplementary Material, Commercial cellular service providers are at the forefront of the paradigm shift from 4G Long Term Evolution (LTE) to 5G New Radio (NR). The increase in throughput, provisioning of ultra-low latency, and greater reliability of 5G enable potential uses that no other wireless communication could support. The Department of Defense (DOD) is interested in 5G NR technologies, but the implementation of the architecture can be lengthy and costly. This capstone configured a 4G LTE network and a 5G non-standalone network using OpenAirInterface and software defined radios (SDRs). Universal Subscriber Identity Module (USIM) cards were configured and introduced to user equipment and attached to the 4G LTE network. A gNodeB (gNB) was added to the 4G LTE network to establish the 5G non-standalone (NSA) network architecture (3GPP Option 3). The testbed developed in this research was able to connect the core to a commercial internet service provider and browse the internet using third-party applications. Our analysis educates future researchers on the challenges and lessons learned when implementing the OpenAirInterface 4G LTE and 5G NSA networks. This work also provides a better understanding of 4G LTE and 5G NSA OpenAirInterface software usability, flexibility, and scalability for potential use cases for the DOD., Chief Petty Officer, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

10. ASIC BENCHMARKING FOR PROPOSED LIGHTWEIGHT CRYPTOGRAPHY STANDARD XOODYAK

Author

Bollmann, Chad A., Henry, Gaylord, Electrical and Computer Engineering (ECE), Wakeland, Michael C., Bollmann, Chad A., Henry, Gaylord, Electrical and Computer Engineering (ECE), and Wakeland, Michael C.

Abstract

The U.S. National Institute of Standards and Technology (NIST) has initiated a process to standardize a “lightweight” cryptographic algorithm. Lightweight algorithms are designed for use in gate and performance-limited devices. This report compares an Application Specific Integrated Circuit (ASIC) implementation of the NIST Advanced Encryption Standard-128 (AES-128) and a competition finalist, Xoodyak. Implementations were written in SystemVerilog. Testing was performed using Vivado field programmable gate array simulations. Twenty six instances of AES and Xoodyak were built. These builds were optimized for throughput, clock frequency, and cell area, respectively. Size and performance benchmarks were obtained from builds using an 5nm and 16nm ASIC technology. Results indicate Xoodyak is capable of higher throughput than AES-128 while using a lower cell area.

Published
2022

11. DETECTION OF SYNTHETIC ANOMALIES ON AN EXPERIMENTALLY GENERATED 5G DATA SET USING CONVOLUTIONAL NEURAL NETWORKS

Author

Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), Edmond, Ashley E., Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Edmond, Ashley E.

Abstract

The research microgrid currently deployed at Marine Corps Air Station, Miramar, is leveraging Verizon’s Non-Standalone (NSA) 5G communications network to provide connectivity between dispersed energy assets and the energy and water operations center (EWOC). Due to its anchor to the Verizon 4G/LTE core, the NSA network does not provide technological avenues for cyber anomaly detection. In this research, we developed a traffic anomaly detection model using supervised machine learning for the energy communication infrastructure at Miramar. We developed a preliminary cyber anomaly detection platform using a convolutional neural network (CNN). We experimentally generated a benign 5G data set using the AT&T 5G cellular tower at the NPS SLAMR facility. We injected synthetic anomalies within the data set to test the CNN and its effectiveness at classifying packets as anomalous or benign. Data sets with varying amounts of anomalous data, ranging from 10% to 50%, were created. Accuracy, precision, and recall were used as performance metrics. Our experiments, conducted with Python and TensorFlow, showed that while the CNN did not perform its best on the data sets generated, it has the potential to work well with a more balanced data set that is large enough to host more anomalous traffic., ONR, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

12. A SECURITY-CENTRIC APPLICATION OF PRECISION TIME PROTOCOL WITHIN ICS/SCADA SYSTEMS

Author

Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), Allen, Charles A., Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), and Allen, Charles A.

Abstract

Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems are key pieces of larger infrastructure that are responsible for safely operating transportation, industrial operations, and military equipment, among many other applications. ICS/SCADA systems rely on precise timing and clear communication paths between control elements and sensors. Because ICS/SCADA system designs place a premium on timeliness and availability of data, security ended up as an afterthought, stacked on top of existing (insecure) protocols. As precise timing is already resident and inherent in most ICS/SCADA systems, a unique opportunity is presented to leverage existing technology to potentially enhance the security of these systems. This research seeks to evaluate the utility of timing as a mechanism to mitigate certain types of malicious cyber-based operations such as a man-on-the-side (MotS) attack. By building a functioning ICS/SCADA system and communication loop that incorporates precise timing strategies in the reporting and control loop, specifically the precision time protocol (PTP), it was shown that certain kinds of MotS attacks can be mitigated by leveraging precise timing., Navy Cyber Warfare Development Group, Suitland, MD, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

13. AIS CYBERSECURITY SYSTEM FOR REDUCING THE ATTACK SURFACE OF VOYAGE NETWORKS

Author

Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Vasquez, Jorge Jr., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Vasquez, Jorge Jr.

Abstract

U.S. Navy and commercial vessels use modern navigation technology consisting of computers and electronic systems that are highly interconnected and create a cyber terrain that is vulnerable to novel cyberattacks. Previous research proved that voyage networks are vulnerable to radio frequency attacks. One especially vulnerable component is the Automatic Identification System (AIS), a navigation and safety tool required on all vessels with a gross weight of 300 tons or greater. Previous security researchers were able to transmit data packets through the AIS receiver. The AIS blindly accepted packets as long as they followed ITU-R M.1371-5 standard protocol. This work aims to design a low-cost AIS data validation system that will reduce the attack surface of voyage networks. In this work, we leverage the NMEA-0183 and ITU-R M.1371-5 standards to implement two cybersecurity strategies, allow-listing and validating inputs, based on the quality dimensions of the data. The threat models that this security system attempts to address are contact spoofing attacks and arbitrary data injection attacks. We believe that a minimalist security system that is standalone, is not resource intensive, and can handle large volumes of AIS traffic is necessary for an effective design. The system proposed in this work fulfills these objectives. The resulting security system is implemented and validated using Python., Navy Cyber Warfare Development Group, Suitland, MD, Ensign, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

14. IMPLEMENTATION OF TACTICAL OPEN SOURCE 5G MOBILE NETWORKS

Author

Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Mitchell, Justin T., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Mitchell, Justin T.

Abstract

The implementation of fifth-generation (5G) communications technology is a global effort, with China leading the way. The Department of Defense has initiated efforts on 5G implementation from smart warehouses to virtual combat training; however, focus on the tactical communications level remains minimal. This thesis examines the feasibility of using OpenAirInterface Software Alliance (OSA) software to build a private mobile ad hoc 5G network for various military applications. First, we created a Fourth Generation/Long Term Evolution network utilizing commercial off-the-shelf equipment and software to operate the radio access network (RAN), software-defined radio, and an evolved packet core (EPC). Then we connected the EPC to an 802.11 network for internet access. We successfully configured a subscriber identification module and smartphone and attached it to the network for data services. Although the OSA software is robust and customizable, it is difficult to make changes, is restrictive in which user equipment (UE) can connect to the network, and does not reliably allow the UE to connect. The potential of OSA software for military applications is apparent but does not appear ready for field implementation. Going forward, we recommend researchers use this work to implement new software versions and test scalability to reassess the feasibility of OSA software.

Published
2022

15. USAGE OF 5G IN UAV MISSIONS FOR ISR

Author

Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Leviton, Melissa C., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Leviton, Melissa C.

Abstract

Traditionally, UAVs operate on a one-to-one transmission mode where the UAVs have one data link between one ground command and control station. Therefore, the radius at which the UAV can travel is limited. The bandwidth of the traditional link is limited to less than 8Mbps and the quality of the video is below 1080p. 4G technology has been applied to the UAV data link to solve some of these more traditional problems. However, the 4G data link also comes with its own limitations such as downlink interference and can only be useful in scenarios with a high delay tolerance. 5G technology solves the spatial coverage problem by increasing the number of antenna modules and fusing the antenna module and radio hardware. The result is a three-dimensional beam. The UAV itself can be used as a base station for the 5G network, so that all ground stations can be connected as the UAV continues its flight path. UAVs can also be used as aerial nodes in a larger swarm network to offer coverage over larger areas. Additionally, the use of the OpenStack architecture can allow the Navy to customize protocols as desired. The proposed research includes investigating how current UAV to ship/shore communications are conducted. The objective of this thesis is to determine if 5G communications are possible between UAV and ship/shore assets, to successfully connect a UAV to the 4G and possibly 5G network and to determine if UAVs can send data between each other to the ground station., Lieutenant Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published
2022

19. Cyber Systems: Their Science, Engineering, and Security

Author

Scrofani, James, Bollmann, Chad, Roth, John, Hale, Britta, and Naval Postgraduate School (U.S.)

Abstract

17 USC 105 interim-entered record; under temporary embargo. Cyber security is a multi-functionary area of practice; effective solutions are difficult because of the diverse range of expertise required and the involvement of fallible humans. The impact and number of successful attacks grows every year even while cyber security spending grows at a double-digit annual rate. To fundamentally improve the state of cyber security, research must consider cross-disciplinary techniques and investigate novel paths; incremental progress is unlikely to fundamentally improve the state of the practice. U.S. Government affiliation is unstated in article text.

Published
2021

20. SPECTRAL GRAPH-BASED CYBER DETECTION AND CLASSIFICATION SYSTEM WITH PHANTOM COMPONENTS

Author

McEachen, John C., Tummala, Murali, Gera, Ralucca, Roth, John D., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Safar, Jamie L., McEachen, John C., Tummala, Murali, Gera, Ralucca, Roth, John D., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Safar, Jamie L.

Abstract

With cyber attacks on the rise, cyber defenders require new, innovative solutions to provide network protection. We propose a spectral graph-based cyber detection and classification (SGCDC) system using phantom components, the strong node concept, and the dual-degree matrix to detect, classify, and respond to worm and distributed denial-of-service (DDoS) attacks. The system is analyzed using absorbing Markov chains and a novel Levy-impulse model that characterizes network SYN traffic to determine the theoretical false-alarm rates of the system. The detection mechanism is analyzed in the face of network noise and congestion using Weyl’s theorem, the Davis-Kahan theorem, and a novel application of the n-dimensional Euclidean metric. The SGCDC system is validated using real-world and synthetic datasets, including the WannaCry and Blaster worms and a SYN flood attack. The system accurately detected and classified the attacks in all but one case studied. The known attacking nodes were identified in less than 0.27 sec for the DDoS attack, and the worm-infected nodes were identified in less than one second after the second infected node began the target search and discovery process for the WannaCry and Blaster worm attacks. The system also produced a false-alarm rate of less than 0.005 under a scenario. These results improve upon other non-spectral graph systems that have detection rates of less than 0.97 sec and false alarm rates as high as 0.095 sec for worm and DDoS attacks., Lieutenant Commander, United States Navy, Approved for public release. distribution is unlimited

Published
2021

21. Spoofed Networks: Exploitation of GNSS Security Vulnerability in 4G and 5G Mobile Networks

Author

Michael, James B., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Lanoue, Matthew J., Michael, James B., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Lanoue, Matthew J.

Abstract

Includes supplementary material, Fifth Generation New Radio (5G NR) represents a shift in mobile telephony whereby the network architecture runs containerized software on commodity hardware. In preparation for this transition, numerous 4G Long Term Evolution software stacks have been developed to test the containerization of core network functions and the interfaces with radio access network protocols. In this thesis, one such stack, developed by the OpenAirInterface Software Alliance, was used to create a low-cost, simplified mobile network compatible with the Naval Operational Architecture. Commercial off-the-shelf user equipment was then connected to the network to demonstrate how a buffer overflow vulnerability found in Qualcomm Global Navigation Satellite System chipsets and identified as CVE-2019-2254 can be leveraged to enable a spoofed network attack. The research also yielded an extension of the attack method to 5G NR networks., http://archive.org/details/aplaceholderreco1094567451, Lieutenant, United States Navy, Approved for public release. Distribution is unlimited.

Published
2021

22. HARDENING AUTOMATIC IDENTIFICATION SYSTEMS: PROVIDING INTEGRITY THROUGH AN APPLICATION OF LIGHTWEIGHT CRYPTOGRAPHIC TECHNIQUES

Author

Bollmann, Chad A., Hale, Britta, Information Sciences (IS), Nguyen, Duc H., Bollmann, Chad A., Hale, Britta, Information Sciences (IS), and Nguyen, Duc H.

Abstract

The Automatic Identification System (AIS) employed onboard maritime vessels was designed to improve the safety of navigation at sea, but focused on functionality rather than cybersecurity. Previous research has revealed that the AIS technical architecture and protocol have significant vulnerabilities that have the potential to facilitate cyber attacks such as spoofing and denial-of-service against AIS-equipped maritime vessels and port facilities. AIS data manipulation could have significant negative impacts on the global economy, regional geo-political stability, and safety-of-navigation at sea. This thesis examines the technical and architectural feasibility of augmenting the current AIS architecture with data integrity and authentication capabilities to potentially mitigate AIS spoofing vulnerabilities. We assess the existing AIS architecture and lightweight cryptographic algorithms to determine an optimal, backwards-compatible authentication system. We then engineer a proof-of-concept AIS authenticator system using commercial AIS equipment and a physical testbench and demonstrate AIS message validation through public key digital signature verification., Lieutenant, United States Navy, Approved for public release. distribution is unlimited

Published
2021

23. USER EQUIPMENT-SIDE INITIATION FOR 5G COMMUNICATIONS

Author

Kragh, Frank E., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Monti, Jonathan D., Kragh, Frank E., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Monti, Jonathan D.

Abstract

The electromagnetic (EM) spectrum is an integral part of the modern battlefield, and the use of wireless connections presents both benefits and risks for U.S. forces. 5G New Radio (5G NR) represents the latest in wireless cellular technology and provides the foundation for a powerful network. However, the requirement for military communications to be low–probability of detection (LPD) and low–probability of intercept (LPI) makes 5G NR unsuitable for use in hostile environments in its current form. 5G NR initial access procedures were designed to provide a large area of coverage to a high number of users and results in substantial stray emissions. This research seeks to introduce a replacement procedure for 5G NR initial access utilizing a user equipment-side connection process (UECP). By capitalizing on the directionality of massive multiple-input multiple-output antenna arrays (MIMO) and utilizing a novel detection process known as passive array sweep listening (PASL), connections can be established between the user equipment (UE) and gNodeB (gNB) at ultra-low signal-to-noise ratios (SNRs). The performance of UECP was evaluated utilizing multiple simulations created in MATLAB. The ability of UECP to function at ultra-low SNRs, combined with the directionality of large antenna arrays, results in a substantial decrease of stray emissions normally found in 5G NR initial access, which greatly reduces the probability of intercept or detection., Captain, United States Marine Corps, Approved for public release. Distribution is unlimited.

Published
2021

24. ADVERSARIAL MACHINE LEARNING FOR PHYSICAL-LAYER AUTHENTICATION

Author

Kragh, Frank E., Michael, James B., Romero, Ric, Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), St. Germain, Kenneth W., Kragh, Frank E., Michael, James B., Romero, Ric, Thulasiraman, Preetha, Bollmann, Chad A., Electrical and Computer Engineering (ECE), and St. Germain, Kenneth W.

Abstract

In this dissertation, we propose the use of adversarial machine learning to characterize wireless radio transmitters for the purpose of physical-layer authentication. Wireless communication systems are quickly evolving to take advantage of autonomous networking for applications such as 5th generation mobile networks, Internet of Things, and vehicular-to-everything technologies. Robust and efficient network security mechanisms are necessary to protect the authenticity of the data and safeguard the integrity of the greater interconnected network. To this end, we leverage unique channel-dependent differences in received transmissions, known as channel state information (CSI), to make authentication decisions with machine learning algorithms. Many physical-layer authentication techniques are not effective when used in the presence of nefarious users who are able to spoof the underlying physical-layer authentication traits. Our approach uses adversarial learning to counter malicious actions such as spoofing against legitimate transmitter CSI, an already difficult characteristic to emulate. We simulated various radio frequency channel environments and our results indicate that the use of machine learning techniques can produce high authentication accuracy., Commander, United States Navy, Approved for public release. Distribution is unlimited.

Published
2021

25. A SECURITY-CENTRIC APPLICATION OF PRECISION TIME PROTOCOL WITHIN ICS/SCADA SYSTEMS

Author

Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), Allen, Charles A., Dinolt, George W., Bollmann, Chad A., Rogers, Darren J., Computer Science (CS), and Allen, Charles A.

Abstract

Industrial Control System and Supervisory Control and Data Acquisition (ICS/SCADA) systems are key pieces of larger infrastructure that are responsible for safely operating transportation, industrial operations, and military equipment, among many other applications. ICS/SCADA systems rely on precise timing and clear communication paths between control elements and sensors. Because ICS/SCADA system designs place a premium on timeliness and availability of data, security ended up as an afterthought, stacked on top of existing (insecure) protocols. As precise timing is already resident and inherent in most ICS/SCADA systems, a unique opportunity is presented to leverage existing technology to potentially enhance the security of these systems. This research seeks to evaluate the utility of timing as a mechanism to mitigate certain types of malicious cyber-based operations such as a man-on-the-side (MotS) attack. By building a functioning ICS/SCADA system and communication loop that incorporates precise timing strategies in the reporting and control loop, specifically the precision time protocol (PTP), it was shown that certain kinds of MotS attacks can be mitigated by leveraging precise timing.

Published
2021

26. LEVERAGING OPENAIRINTERFACE AND SOFTWARE DEFINED RADIO TO ESTABLISH A LOW-COST 5G NON-STANDALONE ARCHITECTURE

Author

Bollmann, Chad A., Rogers, Darren J., Information Sciences (IS), Jasmin, Jean P., Bollmann, Chad A., Rogers, Darren J., Information Sciences (IS), and Jasmin, Jean P.

Abstract

Commercial cellular service providers are at the forefront of the paradigm shift from 4G Long Term Evolution (LTE) to 5G New Radio (NR). The increase in throughput, provisioning of ultra-low latency, and greater reliability of 5G enable potential uses that no other wireless communication could support. The Department of Defense (DOD) is interested in 5G NR technologies, but the implementation of the architecture can be lengthy and costly. This capstone configured a 4G LTE network and a 5G non-standalone network using OpenAirInterface and software defined radios (SDRs). Universal Subscriber Identity Module (USIM) cards were configured and introduced to user equipment and attached to the 4G LTE network. A gNodeB (gNB) was added to the 4G LTE network to establish the 5G non-standalone (NSA) network architecture (3GPP Option 3). The testbed developed in this research was able to connect the core to a commercial internet service provider and browse the internet using third-party applications. Our analysis educates future researchers on the challenges and lessons learned when implementing the OpenAirInterface 4G LTE and 5G NSA networks. This work also provides a better understanding of 4G LTE and 5G NSA OpenAirInterface software usability, flexibility, and scalability for potential use cases for the DOD.

Published
2021

27. AIS CYBERSECURITY SYSTEM FOR REDUCING THE ATTACK SURFACE OF VOYAGE NETWORKS

Author

Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Vasquez, Jorge Jr., Rogers, Darren J., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Vasquez, Jorge Jr.

Abstract

U.S. Navy and commercial vessels use modern navigation technology consisting of computers and electronic systems that are highly interconnected and create a cyber terrain that is vulnerable to novel cyberattacks. Previous research proved that voyage networks are vulnerable to radio frequency attacks. One especially vulnerable component is the Automatic Identification System (AIS), a navigation and safety tool required on all vessels with a gross weight of 300 tons or greater. Previous security researchers were able to transmit data packets through the AIS receiver. The AIS blindly accepted packets as long as they followed ITU-R M.1371-5 standard protocol. This work aims to design a low-cost AIS data validation system that will reduce the attack surface of voyage networks. In this work, we leverage the NMEA-0183 and ITU-R M.1371-5 standards to implement two cybersecurity strategies, allow-listing and validating inputs, based on the quality dimensions of the data. The threat models that this security system attempts to address are contact spoofing attacks and arbitrary data injection attacks. We believe that a minimalist security system that is standalone, is not resource intensive, and can handle large volumes of AIS traffic is necessary for an effective design. The system proposed in this work fulfills these objectives. The resulting security system is implemented and validated using Python.

Published
2021

28. PERFORMANCE OF HYBRID SIGNATURES FOR PUBLIC KEY INFRASTRUCTURE CERTIFICATES

Author

Hale, Britta, Bollmann, Chad A., Information Sciences (IS), Lytle, John, Hale, Britta, Bollmann, Chad A., Information Sciences (IS), and Lytle, John

Abstract

The modern public key infrastructure (PKI) model relies on digital signature algorithms to provide message authentication, data integrity, and non-repudiation. To provide this, digital signature algorithms, like most cryptographic schemes, rely on a mathematical hardness assumption for provable security. As we transition into a post-quantum era, the hardness assumptions used by traditional digital signature algorithms are increasingly at risk of being solvable in polynomial time. This renders the entirety of public key cryptography, including digital signatures, vulnerable to being broken. Hybrid digital signature schemes represent a potential solution to this problem. In this thesis, we provide the first test implementation of true hybrid signature algorithms. We evaluate the viability and performance of several hybrid signature schemes against traditional hybridization techniques via standalone cryptographic operations. Finally, we explore how hybrid signatures can be integrated into existing X.509 digital certificates and examine their performance by integrating both into the Transport Layer Security 1.3 protocol.

Published
2021

29. Cyber Systems: Their Science, Engineering, and Security

Author

Naval Postgraduate School (U.S.), Scrofani, James, Bollmann, Chad, Roth, John, Hale, Britta, Naval Postgraduate School (U.S.), Scrofani, James, Bollmann, Chad, Roth, John, and Hale, Britta

Abstract

Cyber security is a multi-functionary area of practice; effective solutions are difficult because of the diverse range of expertise required and the involvement of fallible humans. The impact and number of successful attacks grows every year even while cyber security spending grows at a double-digit annual rate. To fundamentally improve the state of cyber security, research must consider cross-disciplinary techniques and investigate novel paths; incremental progress is unlikely to fundamentally improve the state of the practice.

Published
2021

30. An Attack Vector Taxonomy for Mobile Telephony Security Vulnerabilities

Author

Naval Postgraduate School (U.S.), Electrical & Computer Engineering (ECE), Computer Science (CS), Lanoue, Matthew, Bollmann, Chad A., Michael, James Bret, Roth, John, Wijesekera, Duminda, Naval Postgraduate School (U.S.), Electrical & Computer Engineering (ECE), Computer Science (CS), Lanoue, Matthew, Bollmann, Chad A., Michael, James Bret, Roth, John, and Wijesekera, Duminda

Abstract

A simplified cybersecurity threat matrix may provide a unifying way to define the security risk posed by current and future generations of mobile telephony.

Published
2021

31. Resilient real-time network anomaly detection using novel non-parametric statistical tests

Author

Naval Postgraduate School (U.S.), Bollmann, Chad A., Tummala, Murali, McEachen, John C., Naval Postgraduate School (U.S.), Bollmann, Chad A., Tummala, Murali, and McEachen, John C.

Abstract

This work describes a novel application of robust estimation to the detection of volumetric anomalies in computer network traffic. The proposed tests are based on sample location and dispersion and derived from relatively unknown Zero Order Statistics. The proposed tests are non-parametric and suitable for a range of applications to heavy-tailed data analysis outside of network traffic. The performance of these tests is examined using two different real-world denial-of-service attacks contained in actual high-volume backbone traffic. The proposed tests outperform traditional metrics such as mean and variance due to the presence of heavy tails in the network traffic, a frequent characteristic of traffic in actual networks. Monte Carlo analysis is used to quantify the performance gains and show an improvement in accuracy between 7 and 11% at very low false alarm rates. The proposed tests also demonstrate equivalent or superior performance to the median, a common robust statistic. Constructive timing of key system processes is used to demonstrate near real-time perfor- mance. Three- and six- second data windows containing between 750 and 1200 elements can be processed in less than one second using commodity hardware running unoptimized code. These timing results imply scalability to a variety of networks and commercial ap- plications. Scalability prospects are further enhanced by demonstrating resilient detection performance at attack volumes between 25 and 100 percent of baseline rates in both real and generated traffic.

Published
2021

33. Education is the Next Offset

Author

Bollmann, Chad, Tomlinson, Warren, Herring, Clay, Pace, Howard Jr., and Naval Postgraduate School (U.S.)

Subjects
ComputingMilieux_GENERAL
Abstract

17 USC 105 interim-entered record; under review. The article of record as published may be found at https://www.usni.org/magazines/proceedings/2020/november/education-next-offset The Department of Defense (DoD) is seeking to identify and develop emerging and disruptive technologies to reestablish a technology "off-set" from peer and near-peer adversaries such as Russia and China. But the Third Offset will not result solely from identifying and choosing a few or even several revolutionary or disruptive technologies. Tech is too unpredictable and subject to theft, obsolescence, and mitigation.

Published
2020

34. A STATISTICAL ANALYSIS AND ASSESSMENT OF THE IMSI-CATCHING THREAT AGAINST MOBILE SECURITY STANDARDS

Author

McAbee, Carson C., Bollmann, Chad A., Roth, John D., Electrical and Computer Engineering (ECE), Johnson, Carmen A., McAbee, Carson C., Bollmann, Chad A., Roth, John D., Electrical and Computer Engineering (ECE), and Johnson, Carmen A.

Abstract

International mobile subscriber identity (IMSI) catching is a man-in-the-middle attack that utilizes rogue base stations to intercept the IMSIs of mobile users. Attackers can use software-defined radios (SDR) and open source software to create rogue base stations that geolocate or execute other malicious attacks against their targets. Prior work proves that attackers are not limited to targeting either old or new cellular devices since current devices are interoperable with older mobile networks, including GSM. The goal of this thesis is to determine if cellular devices are susceptible to target profiling based on the model or manufacturer of the device. If devices can be profiled, then can attackers improve rogue base stations to capture devices faster? To answer this, we created an enclosed test network using SDRs and OpenBTS to mimic GSM base stations. We strived to eliminate the factors that devices use to select base stations. We then presented an IMSI-catching program that can configure base stations, capture IMSIs, and log base station selection data for analysis. Finally, we conducted a set of experiments to assess if cellular devices have connection preferences that can be profiled. The results of the experiments suggest that we were not able to successfully eliminate some decision-making factors. However, more rounds and an examination of the factors that could have affected the outcome are required to make any conclusions on the selections that were exhibited., Lieutenant, United States Navy, Approved for public release. distribution is unlimited

Published
2020

35. SPECTRAL GRAPH-BASED CYBER DETECTION AND CLASSIFICATION SYSTEM WITH PHANTOM COMPONENTS

Author

McEachen, John C., Tummala, Murali, Gera, Ralucca, Roth, John D., Bollmann, Chad A., Electrical and Computer Engineering (ECE), Safar, Jamie L., McEachen, John C., Tummala, Murali, Gera, Ralucca, Roth, John D., Bollmann, Chad A., Electrical and Computer Engineering (ECE), and Safar, Jamie L.

Abstract

With cyber attacks on the rise, cyber defenders require new, innovative solutions to provide network protection. We propose a spectral graph-based cyber detection and classification (SGCDC) system using phantom components, the strong node concept, and the dual-degree matrix to detect, classify, and respond to worm and distributed denial-of-service (DDoS) attacks. The system is analyzed using absorbing Markov chains and a novel Levy-impulse model that characterizes network SYN traffic to determine the theoretical false-alarm rates of the system. The detection mechanism is analyzed in the face of network noise and congestion using Weyl’s theorem, the Davis-Kahan theorem, and a novel application of the n-dimensional Euclidean metric. The SGCDC system is validated using real-world and synthetic datasets, including the WannaCry and Blaster worms and a SYN flood attack. The system accurately detected and classified the attacks in all but one case studied. The known attacking nodes were identified in less than 0.27 sec for the DDoS attack, and the worm-infected nodes were identified in less than one second after the second infected node began the target search and discovery process for the WannaCry and Blaster worm attacks. The system also produced a false-alarm rate of less than 0.005 under a scenario. These results improve upon other non-spectral graph systems that have detection rates of less than 0.97 sec and false alarm rates as high as 0.095 sec for worm and DDoS attacks.

Published
2020

36. HARDENING AUTOMATIC IDENTIFICATION SYSTEMS: PROVIDING INTEGRITY THROUGH AN APPLICATION OF LIGHTWEIGHT CRYPTOGRAPHIC TECHNIQUES

Author

Bollmann, Chad A., Hale, Britta, Information Sciences (IS), Nguyen, Duc H., Bollmann, Chad A., Hale, Britta, Information Sciences (IS), and Nguyen, Duc H.

Abstract

The Automatic Identification System (AIS) employed onboard maritime vessels was designed to improve the safety of navigation at sea, but focused on functionality rather than cybersecurity. Previous research has revealed that the AIS technical architecture and protocol have significant vulnerabilities that have the potential to facilitate cyber attacks such as spoofing and denial-of-service against AIS-equipped maritime vessels and port facilities. AIS data manipulation could have significant negative impacts on the global economy, regional geo-political stability, and safety-of-navigation at sea. This thesis examines the technical and architectural feasibility of augmenting the current AIS architecture with data integrity and authentication capabilities to potentially mitigate AIS spoofing vulnerabilities. We assess the existing AIS architecture and lightweight cryptographic algorithms to determine an optimal, backwards-compatible authentication system. We then engineer a proof-of-concept AIS authenticator system using commercial AIS equipment and a physical testbench and demonstrate AIS message validation through public key digital signature verification.

Published
2020

38. Education is the Next Offset

Author

Naval Postgraduate School (U.S.), Bollmann, Chad, Tomlinson, Warren, Herring, Clay, Pace, Howard Jr., Naval Postgraduate School (U.S.), Bollmann, Chad, Tomlinson, Warren, Herring, Clay, and Pace, Howard Jr.

Abstract

The Department of Defense (DoD) is seeking to identify and develop emerging and disruptive technologies to reestablish a technology "off-set" from peer and near-peer adversaries such as Russia and China. But the Third Offset will not result solely from identifying and choosing a few or even several revolutionary or disruptive technologies. Tech is too unpredictable and subject to theft, obsolescence, and mitigation.

Published
2020

42. Cyber System Assurance through Improved Network Anomaly Modeling and Detection

Author

Bollmann, Chad A., Naval Postgraduate School (U.S.), Naval Research Program (NRP), Graduate School of Engineering and Applied Sciences (GSEAS), and Electrical and Computer Engineering (ECE)

Subjects
network anomaly detection, alpha-stable, generalized central limit theorem, ComputerApplications_COMPUTERSINOTHERSYSTEMS, renewal theory, GCLT
Abstract

NPS NRP Executive Summary Cyber System Assurance through Improved Network Anomaly Modeling and Detection N8 - Integration of Capabilities & Resources This research is supported by funding from the Naval Postgraduate School, Naval Research Program (PE 0605853N/2098). https://nps.edu/nrp Chief of Naval Operations (CNO) Approved for public release. Distribution is unlimited.

Published
2019

43. Cyber System Assurance through Improved Network Anomaly Modeling and Detection

Author

Naval Postgraduate School (U.S.), Naval Research Program (NRP), Graduate School of Engineering and Applied Sciences (GSEAS), Electrical and Computer Engineering (ECE), Bollmann, Chad A., Naval Postgraduate School (U.S.), Naval Research Program (NRP), Graduate School of Engineering and Applied Sciences (GSEAS), Electrical and Computer Engineering (ECE), and Bollmann, Chad A.

Abstract

Cyber System Assurance through Improved Network Anomaly Modeling and Detection

Published
2019

44. Improved Detection of Cyber Anomalies

Author

Bollmann, Chad, Tummala, Murali, McEachen, John, Naval Postgraduate School (U.S.), Naval Research Program, Graduate School of Engineering and Applied Sciences (GSEAS), and Electrical and Computer Engineering (ECE)

Subjects
ComputingMilieux_THECOMPUTINGPROFESSION, ComputingMethodologies_SIMULATIONANDMODELING, ComputerApplications_COMPUTERSINOTHERSYSTEMS, ComputingMethodologies_GENERAL
Abstract

Naval Research Program NRWG Poster

Published
2018

45. Techniques to Improve Stable Distribution Modeling of Network Traffic

Author

Bollmann, Chad, Tummala, Murali, McEachen, John C., Scrofani, James W., Kragh, Mark, Naval Postgraduate School (U.S.), and Electrical and Computer Engineering (ECE)

Abstract

The stable distribution has been shown to more accurately model some aspects of network traffic than alternative distributions. In this work, we quantitatively examine aspects of the modeling performance of the stable distribution as envisioned in a statistical network cyber event detection system. We examine the flexibility and robustness of the stable distribution, extending previous work by comparing the performance of the stable distribution against alternatives using three different, public network traffic data sets with a mix of traffic rates and cyber events. After showing the stable distribution to be the overall most accurate for the examined scenarios, we use the Hellinger metric to investigate the ability of the stable distribution to reduce modeling error when using small data windows and counting periods. For the selected case and metric, the stable model is compared to a Gaussian model and is shown to produce the best overall fit as well as the best (or at worst, equivalent) fit for all counting periods. Additionally, the best stable fit occurs at a counting period that is five times shorter than the best Gaussian case. These results imply that the stable distribution can provide a more robust and accurate model than Gaussian-based alternatives in statistical network anomaly detection implementations while also facilitating faster system detection and response. Laboratory for Telecommunication Sciences

Published
2018

50. Improved Detection of Cyber Anomalies

Author

Naval Postgraduate School (U.S.), Naval Research Program, Graduate School of Engineering and Applied Sciences (GSEAS), Electrical and Computer Engineering (ECE), Bollmann, Chad, Tummala, Murali, McEachen, John, Naval Postgraduate School (U.S.), Naval Research Program, Graduate School of Engineering and Applied Sciences (GSEAS), Electrical and Computer Engineering (ECE), Bollmann, Chad, Tummala, Murali, and McEachen, John

Published
2018

Catalog

Books, media, physical & digital resources
See catalog results