Lisa A. Shay

A framework for analysis of quotidian exposure in an instrumented world

For a variety of often reasonable motives such as increased security or increased profit, individuals and organizations fill our world with sensors and data collection systems that sample and track our day-to-day activities. Some people freely invite tracking into their lives. Others are enticed by offers of discounts or even free products and services. But frequently our lives are quietly sampled, unbeknownst to us, by those with the power to do so. As a result, individuals face a rapidly declining freedom to lead a private life. While significant sampling and tracking occur online, this study focuses on the convergence of sensor systems in the physical world. It explores the privacy implications of sensors found on our person, in our home, in our communities, and while travelling. This paper provides the following contributions: a model of human-targeted sensor systems and a framework for sensor categorization, privacy threat analysis, and countermeasure development. It concludes with a detailed case study that employs the framework to analyze the quotidian exposure encountered in an ordinary citizens life.

Beyond sunglasses and spray paint: A taxonomy of surveillance countermeasures

The rapid decline in size and cost of networked sensors combined with increased incentives for use including monitoring physical fitness, improving public safety, increasing security, and adding convenience is causing the physical and online worlds to become heavily instrumented. Some welcome such developments, but others seek to retain privacy, often by focusing on countering the sensors themselves. Scholars have begun to consider surveillance countermeasures as a stand-alone area of research. However, a scholarly taxonomy useful for critical analysis and systematic countermeasure development is lacking. In this paper we provide such a taxonomy illustrated with example countermeasures that have been successfully employed.

Experiences in preparing multiple programs for a joint ABET accreditation general review

The United States Military Academy (USMA) will have seven of its programs undergo a joint review by the Engineering Accreditation Commission (EAC) and the Computing Accreditation Commission (CAC) of the Accreditation Board for Engineering and Technology (ABET). Evaluating all seven programs simultaneously allows synergy, but it necessitates coordination at the institutional level, and requires the support and cooperation of nonreviewed programs. The Department of Electrical Engineering and Computer Science will have both programs reviewed, by the EAC and CAC, respectively. There are many similarities and differences between the two, requiring internal controls, timelines, and processes to ensure correct completion of the requirements. Course directors and other faculty need guidance in preparing for the visit, managing additional administrative loads during the record year, and in understanding how assessment improves their programs. Although all of the areas mentioned above are discussed in the context of the USMA, they should prove useful to any institution preparing for an ABET visit.

Intrusion prevention system of automotive network CAN bus

Automotive networks based on the Controller Area Network (CAN) bus (ISO 11898) family of protocols have been shown to be vulnerable to exploits by hackers who are outside the vehicle. These networks can be compromised in a manner which could jeopardize vehicle occupants. One well-publicized exploit led to a costly automotive recall that affected more than a million vehicles. Other exploits can allow criminals to steal cars without physically breaking into them. While no fatalities have yet occurred, hackers could trigger an event that led to accident involving serious injury or even death. The CAN bus connects electronic control units (ECUs), some of which are required for safety and emissions systems such as the anti-lock braking and fuel injection systems. In addition to controlling required functions, other ECUs provide consumer-oriented features such as infotainment and lighting. Whether factory installed or aftermarket add-ons, each ECU introduces attack vectors into the overall automotive network. This research focuses on securing these vehicle networks, specifically the CAN bus. This paper will analyze the current vulnerabilities and describe our design for a real-time intrusion prevention system (IPS) that neutralizes attacks by actively monitoring the CAN bus and eliminating malicious messages.

Confronting automated law enforcement

The time has come for a cohesive approach to automated law enforcement. The ubiquity of sensors, advances in computerized analysis and robotics, and widespread adoption of networked technologies have paved the way for the combination of sensor systems with law enforcement algorithms and punishment feedback loops. While in the past, law enforcement was manpower intensive and moderated by the discretion of the police officer on the beat, automated systems scale efficiently, allow meticulous enforcement of the law, provide rapid dispatch of punishment and offer financial incentives to law enforcement agencies, governments, and purveyors of these systems. Unfortunately, laws were not created with such broad attempts at enforcement in mind and the future portends significant harms to society where many types of violations, particularly minor infractions, can be enforced with unprecedented rigor.

Techniques in hacking and simulating a modem automotive controller area network

This research will demonstrate hacking techniques on the modern automotive network and describe the design and implementation of a benchtop simulator. In currently-produced vehicles, the primary network is based on the Controller Area Network (CAN) bus described in the ISO 11898 family of protocols. The CAN bus performs well in the electronically noisy environment found in the modern automobile. While the CAN bus is ideal for the exchange of information in this environment, when the protocol was designed security was not a priority due to the presumed isolation of the network. That assumption has been invalidated by recent, well-publicized attacks where hackers were able to remotely control an automobile, leading to a product recall that affected more than a million vehicles. The automobile has a multitude of electronic control units (ECUs) which are interconnected with the CAN bus to control the various systems which include the infotainment, light, and engine systems. The CAN bus allows the ECUs to share information along a common bus which has led to improvements in fuel and emission efficiency, but has also introduced vulnerabilities by giving access on the same network to cyber-physical systems (CPS). These CPS systems include the anti-lock braking systems (ABS) and on late model vehicles the ability to turn the steering wheel and control the accelerator. Testing functionality on an operational vehicle can be dangerous and place others in harms way, but simulating the vehicle network and functionality of the ECUs on a bench-top system provides a safe way to test for vulnerabilities and to test possible security solutions to prevent CPS access over the CAN bus network. This paper will describe current research on the automotive network, provide techniques in capturing network traffic for playback, and demonstrate the design and implementation of a benchtop system for continued research on the CAN bus.

FDTD Simulation of Photonic Crystal Vertical-Cavity Surface-Emitting Lasers

Photonic crystal vertical-cavity surface-emitting lasers have potential applications in optical interconnects, extended area coherent sources, and steerable beams. Full three-dimensional FDTD simulations are used to understand the effects of fabrication variances in these devices.

Hole Depth Studies in Single-Defect Photonic Crystal Vertical-Cavity Surface-Emitting Lasers Using 3-D FDTD Simulations

Three-dimensional finite difference time domain calculations are performed on single defect photonic crystal vertical-cavity surface emitting lasers. Simulation results are presented in comparison with measured near- and far-field radiation patterns and optical spectrum measurements.

The Optical and Electronic Characteristics of Photonic Crystal Vertical-Cavity Surface-Emitting Lasers

Near- and far-field radiation patterns, optical spectrum measurements, and light/ voltage versus current plots are used to characterize photonic crystal vertical-cavity surface-emitting lasers. The experimental apparatus is validated and measurements are reported.

Technology-Independent Link Sensing in Wireless Ad-Hoc Networks: Benefits and Challenges

Wireless-connected computing and communication devices such as cell phones, pagers, hand-held PCs, and the latest “integrated” devices that incorporate a PC or PDA and a cell phone into one package are becoming increasingly more popular. Some of these devices have several network interface options, such as Bluetooth