Professional Awards Received
Place	Name	Description
1S	Univ of Mich Chapter of Sigma Xi	Certificate of award and cash award in the Senior Division
1SR	United States Navy	Letter of Congratulations, ONR Medallion, Naval Science Award Certificate, and $50 gift card

 

Research Plan

The COVID-19 Pandemic has increased our dependence on digital technology and the importance of protecting systems and our assets has never been more critical. The number of cyber-attacks has seen an exponential increase since the start of the pandemic. The gold standard in the protection from cybersecurity threats is the technique of air-gapping (isolated /disconnected systems). This technique is used heavily in many industries including healthcare, military, banking, utilities, nuclear and space. But even this is no longer secure. The purpose of this project is to infiltrate into an air-gapped system and extract a file (data). This project will provide effective methods to strengthen our protection by fixing these possible gaps. Step 1: A new program in Python language running clandestinely in the background will transmit the contents of a file through the computer’s monitor by only manipulating its screen brightness. Step 2: Using a luminescence reader, these slight variations in brightness are captured and using another Python program, the message is decrypted. Step 3: Provide some counter measures to mitigate these attacks.

Abstract

The COVID-19 Pandemic has increased our dependence on digital technology and the importance of protecting systems and our assets has never been more critical. However, the number of cyber-attacks has seen an exponential increase since the start of the pandemic. Air-Gapping (isolating the computer from any connectivity) is a protection method used heavily in many industries including healthcare, military, banking, utilities, nuclear and space. “Stuxnet '' infiltrated into Iranian nuclear facilities and destroyed the centrifuges in uranium enrichments. I will infiltrate into an airgapped computer but instead of just destroying the data will exfiltrate it. Step 1: I wrote a program in Python language which will convert a file containing the message “SecretKey” into binary. Then I found a way to insert this code into the air-gapped computer (This is a common process used by many including the recent attacks on US utilities). Running in the background and will start transmitting the contents of that secret file. My program will slightly manipulate the brightness of the computer’s monitor. I made it as a binary message every change is a zero or one. Step 2: Using a luminescence reader in my phone (which also is used as a camera), I captured these slight variations in brightness. I wrote another Python program which basically decoded these binary messages from the screen brightness reader and decrypted them into ASCII. Now the exfiltration is complete. Step 3: To counter this: (a) Multi-factor authentication of critical file access (b) Encryption of the core files.