Students enrolled in the Secure Computing and Networks (SCAN) CD program perform research and do projects in some of the courses that they are required to take. They also do research and publish papers under the supervision of individual faculty members. Below we provide examples of papers or projects produced by students in the SCAN minor within the last 3 years.
1. Cross-Site Scripting XSS
This paper (authored by undergraduate IT students) discusses Cross-Site Scripting (or XSS) which is a security attack that occurs when an attacker uses another's browser to run a malicious script. It is called "cross-site" because it involves the interactions of two or more sites.
- Link to Paper: http://cyber.cecs.ucf.edu/sites/default/files/COP4910-Cross-Site%20Scripting%20XSS.pdf
2. USB Rubber Ducky Analysis
This paper (authored by an undergraduate IT student) discusses how the USB Rubber Ducky takes advantage of the fact that computers trust human input. If computers trust human input, they also trust keyboards. Through the use of an easy to learn scripting language and open source platform, the USB Rubber Ducky demonstrates just how effective an attacker can be by plugging in a simple USB flash drive.
- Link to Paper: http://cyber.cecs.ucf.edu/sites/default/files/COP4910-USB%20Rubber%20Ducky%20Analysis.pdf
This paper (authored by undergraduate IT students) discusses CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart). CAPTCHA is a modern security device used to determine whether a user is human or not. It is commonly found on websites that ask for user inputs, and it helps prevent spam and abuse by automated bots. CAPTCHA was developed on the premise that what can be easy for a human brain to decipher and infer can be nearly impossible for a computer. It has been an invaluable tool for businesses and website designers as the internet has developed, but it is not without its flaws.
4. Biometric Security
This paper (authored by undergraduate IT students) discusses the Biometric technology used for security to prevent fraud and to aid in the apprehension of criminals, as well as many other applications.
5. Antivirus Software
The purpose of this research (performed by undergraduate IT students) is to explore various topics regarding antivirus software, including: an introduction to the technology, technical aspects, professional impacts (careers), social impacts, and the ethical issues associated with the technology.
6. Smart Nest Thermostat
Y. Jin, G. Hernandez (undergraduate UCF Computer Engineering student), and D. Buentello, “Smart Nest Thermostat: A Smart Spy in Your Home,” Black Hat USA, 2014.
- Link to Paper: http://cyber.cecs.ucf.edu/sites/default/files/us-14-Jin-Smart-Nest-Thermostat-A-Smart-Spy-In-Your-Home-WP.pdf
7. Hardware-Assisted Flow Integrity Extension
Lucas Davi, Matthias Hanreich, Debayan Paul, Ahmad-Reza Sadeghi (UT Darmstadt), Patrick Koeberl, Dean Sullivan, Orlando Arias (undergraduate UCF Computer Engineering student), and Yier Jin (UCF Faculty), “HAFIX: Hardware-Assisted Flow Integrity Extension," IEEE/ACM Design Automation Conference (DAC'15), 2015. (Best Paper Award)
- Link to Paper: http://cyber.cecs.ucf.edu/sites/default/files/HAFIX.pdf
D. Sullivan (undergraduate UCF Computer Engineering student), J. Biggers (undergraduate UCF Computer Engineering student), G. Zhu, S. Zhang, and Y. Jin (UCF Faculty), “FIGHT-Metric: Functional Identification of Gate-Level Hardware Trustworthiness,” Design Automation Conference (DAC), 2014, pp. 173:1-173:4.
9. Privacy and Security in Internet of Things
Orlando Arias (undergraduate UCF Computer Engineering student), Jacob Wurm (undergraduate UCF Computer Engineering student), Khoa Hoang (undergraduate UCF Computer Engineering student), Y. Jin (UCF Faculty), “Privacy and Security in Internet of Things and Wearable Devices,” IEEE Transactions on Multi-Scale Computing Systems; to appear.
- Link to Paper: http://www.computer.org/csdl/trans/mc/preprint/07321811.pdf
10. IoT Devices Software Security Analysis (IDSSA)
The goal of this project is to provide a thorough analysis of security vulnerabilities in the software associated with various Internet of Things (IoT) devices. Using a reverse engineering procedure crafted by the team, we analyze the Bluetooth Low Energy communication protocols behind the Nike+ Fueldband and Xiaomi Mi Band fitness bands and introduce modifications to the mobile companion apps in order to expose possible security holes. We also analyze security vulnerabilities in the Nest Thermostat in an effort to help automate the introduction of custom patches onto the device that are developed by the Security in Silicon Lab research team. Our aim is to bring to light any exploits that may help companies produce more secure versions of these devices in future product iterations.
- Senior Design: http://www.eecs.ucf.edu/cssd/spring15/idssa/