Funded programs 2021

1. Title: Automated Methods to Identify CPS Attacks on Driverless Vehicles
PI: Javier Alcazar
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Engagement

Summary: Cyber-attacks on Autonomous and automated vehicles can be done externally via physical sensor modifications. In specific, a film or layer that could be invisible to the human eye could be degrading the performance of automotive sensors jeopardizing the safety of the occupants. JBweld, Bondo Mesh, Pine needles, Epoxy and Blacktop applied on the sensing path of a radar (e.g., applied behind the bumper) are the top 5 physical elements that were found to harmfully make the sensor misbehave and report wrongful information. Off gas, Sealant, Tinted glass, Sandblast, Shellac applied on the sensing path of cameras and LiDARs (e.g., applied on the windshield) are the top 5 physical elements that were found to harmfully make the sensor misbehave and report wrongful information.

2. Title: SmallSat Cybersecurity and Resiliency
PI: Jonathan Black
Lead Institution: Virginia Tech
Co-PIs & Institution: Krzysztof Gaj, Jens-Peter Kaps, Piotr Pachowicz, Kai Zeng (GMU) Chris Goyne (UVA) Michael Fowler, Leon Harding (VT)
Funding Program: FY21 CCI Research Collaboration

Summary: SmallSats, particularly those built and flown by private non-US Government contractors, have almost no guidance or regulation on cybersecurity or cyber resiliency. There is, therefore, a clear need for the proposed work to establish, analyze, and publish best-practices. Top-level working group goals include: 1) Single consolidated repository of cybersecurity and cyber resiliency applied to SmallSats with the open version targeted at non-defense SmallSat manufacturers and operators, and restricted version communicating how open standards map to Federal Government type 1 requirements, 2) Coordination with space licensing to streamline process for manufacturers and operators and provide a level of assurance to USG, 3) Others as identified by the working group.

3. Title: Sensor Degradation Detection Algorithm for Automated Driving Systems
PI: Michelle Chaka
Lead Institution: Virginia Tech
Co-PIs & Institution: ChunSheng Xin (ODU), Kevin Kefauver (GCAPS)
Funding Program: FY21 CCI Research Collaboration

Summary: The project will develop a sensor degradation detection algorithm for Automated Driving Systems (ADS). Sources of degraded sensor information include weather, cyberattacks (e.g., direct communication and passive false signage), and sensor malfunction. Incorrect information from a sensor could result in significant safety issues, such as leading the vehicle off the road or causing the vehicle to suddenly stop in the middle of an intersection. From the Virginia Tech Transportation Institute’s (VTTI’s) Naturalistic Driving Database (NDD), 1000 events related to sensor perception will be selected to establish baseline sensor performance. VTTI will then determine performance metrics using these events extracted from the NDD for comparison in simulation. A virtual framework will be used to test degraded sensor states and the response of the vehicle control systems to develop the detection algorithm. The framework will integrate the sensors models, environments, vehicle model, cyberattacks, and algorithm. Old Dominion University will develop the GPS model, which is a localization sensor, and collaborate with the Global Center for Automotive Performance Simulation (GCAPS) to develop the degradation detection algorithm. GCAPS will also create the virtual framework, develop the LiDAR and radar sensor models, and execute the simulations. The sensor degradation detection algorithm will aid ADS vehicles in decision making by identifying degraded sensor performance.

4. Title: Novel Schemes for Ensuring Trustworthiness and Reliability of Crowd-sourced Frequency Occupancy Data in Spectrum Sharing Systems
PI:  Carl Dietrich
Lead Institution: Virginia Tech
Co-PIs & Institution: Vijay Shah (VT)
Funding Program: FY21 Research Engagement

Summary: Researchers working on the project completed a draft manuscript for a literature survey that summarizes, categorizes, compares, and contrasts prior work on secure crowdsourcing of frequency occupancy data and proposes novel schemes to accomplish this goal for spectrum sharing systems managed by a spectrum access system (SAS), a central coordinating system for near-real-time spectrum management.

5. Title: Preliminary Research and Multi-University Proposal Development for Efficient Measurement of Robustness/ Resilience of Spectrum Sharing 5G Networks to Physical and Higher-layer Attacks
PI:  Carl Dietrich
Lead Institution: Virginia Tech
Co-PIs & Institution: Inyoung Kim, Lingjia Liu (VT)
Funding Program: FY21 CCI SWVA Research Collaboration

Summary: The project sought to refine ideas for a large project that will assess feasibility and effectiveness of using psychometrics-inspired statistical methods to test and evaluate 5G radio systems and networks. VT, GMU, and MIT researchers designed a novel, psychometric-inspired statistical and optimization framework for intelligent dynamic spectrum sharing (DSS) systems testing for 5G+. The team submitted a proposal, “Collaborative Research: CNS Core: Medium:  Toward Efficient Testing of Intelligent Dynamic Spectrum Sharing Systems,” to NSF in November 2020.

6. Title: Networking Optimization in Rural Agriculture Testbeds
PI:  Susan Duncan
Lead Institution: Virginia Tech
Co-PIs & Institution: Ford Ramsey, Daphne Yao (VT)
Funding Program: FY21 Research Program

Summary: The Center for Advanced Innovation in Agriculture (CAIA) was created to position Virginia Tech as a global leader in smart and secure agriculture technologies and data analytics for informed decisions. CAIA and CCI SWVA Node, together, are advancing Virginia’s capacity for ‘Farms of the Future’. CAIA serves as a networking community with researchers, creating new knowledge and innovations and building partnerships with farmer/producers, agribusinesses, commodity boards, food companies, and supply chain partners throughout the agriculture and food system. This CCI networking optimization in rural agriculture testbeds supported 3 faculty involved in developing agricultural testbeds in sustainable animal precision agriculture, cyberbiosecurity research and rural broadband discussions at ARECs across the commonwealth and Kentland Farm near Blacksburg, as well as funding for 3 experiential learning projects for undergraduate students in agricultural technologies, data analytics, and cyberbiosecurity for row crops. Animal precision agriculture testbeds are located off-campus Agricultural Research and Extension Centers (ARECs) in northern Virginia (Middleburg), central Virginia’s Shenandoah Valley (Raphine), and southwest Virginia (Glade Spring). Three summer (2021) experiential learning students are conducting research and supporting digital agriculture applications in Eastern Virginia AREC in the Northern Neck of Virginia (Waraw) working with agricultural technology as part of the CAIA Smart Technologies for Crop and Green Industries research platforms data analyses. The impact of these projects is showcased through networking with agriculture producers and companies through agricultural field days, with demonstrations and presentations.

7. Title: Secure Quantum Networks with Entangled Graph States
PI:  Sophia Economou
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Program

Summary: We have developed the novel concept of superconducting qubits, such as those developed by IBM and Google for quantum computing, in order to create the complex, quantum correlated states and transfer them to photons in the microwave regime, which in turn are converted via nonlinear processes into photons in the telecommunication frequency window, where the losses are minimized. This overcomes the inherent limitation of photons, which is that they do not interact with each other. We have incorporated photon loss tolerance, the quantum analog to codes used to protect against information loss in classical communication.

8. Title: Security Analysis of Hardware Security Primitives Employed by IoT and Cyber-physical Systems
PI:  Matthew Hicks
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Engagement

Summary: Underlying all cryptographic operations, whether they be encryption, integrity checks, or authentication, is a source of key material. Hardware is in a unique position to serve as a source of key material because, unlike software, it is influenced by chaos—both at manufacturing time and during operation. Research provides three hardware-level mechanisms for providing key material: Phase Locked Loops (PLLs), Ring Oscillators (ROs), and Static Random-Access Memory (SRAM). While it is clear is that the approach employed by commodity processors (i.e., PLLs) is ill-suited for ultra-low SWaP devices due to their reliance on special-purpose black-box hardware circuits that have a high latency and are high power, it is not clear what the landscape looks like between RO- and SRAM-based approaches. This is because research on RO- and SRAM-based hardware security primitives has bifurcated itself such that it ignores the other class of approach in their evaluation; this self-segregation holds for both defense and attack papers. This project examines the real-world trade-offs of the two most popular hardware security primitives suitable for ultra-low SWaP devices common to cyber-physical systems. Prior results of the PI motivate a new primitive that combines ROs and SRAM primitives to create a best-of-breed solution.

9. Title: Supporting Multi-Scale Latency Services in 5G Communications 
PI:  Thomas Hou
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Program

Summary: A major challenge in 5G NR cellular networks is to support service types with extremely diverse requirements using with a unified air interface. In addition to supporting services such as Enhanced Mobile BroadBand (eMBB) and Ultra-Reliable and Low Latency Communications (URLLC), 5G infrastructure will also support applications with Age of Information (AoI) requirements.  The AoI metric is designed for freshness-sensitive IoT applications and is beyond traditional network-centric delay metric. This CCI research initiative aims to make a major advance in 5G research by addressing multi-scale latency services, such as eMBB, URLLC, and AoI. Specifically, we propose to develop fundamental principles and scheduling algorithms to support multi-scale latency services in realistic 5G settings. This research not only generalizes existing research with greater technical depth, but also transforms latency research with new results of greater practical impacts. For example, we propose to employ GPU-based design for latency scheduling, which has the potential to offer a low-cost, COTS solution in a time scale of ~100 us. This approach represents a new direction for scheduler design to meet the most stringent time resolution in the 5G standard. Our validation plan pursues a system-oriented approach that helps us to close the gap between new 5G latency algorithms and what can be achievable in practice. The outcome of this research will produce practical algorithms and solutions that address 5G latency problems in the field. It has the potential to shape the future direction of 5G and IoT research.

10. Title: 5GPG: 5G Power Grid
PI:  Chen-Ching Liu
Lead Institution: Virginia Tech
Co-PIs & Institution: Dushan Boroyevich, Igor Cvetkovic, Ali Mehrizi-Sani (VT)
Funding Program: FY21 Research Program

Summary: In this project, we are developing a 5G Power Grid (5GPG) testbed that can provide an environment for co-simulation of physical and cyber aspects of the power grid. This testbed leverages existing facilities and equipment available at Virginia Tech’s Power and Energy Center (PEC) and Center for Power Electronics Systems (CPES). Our goal is to enable future power grids with the emerging 5G communication capabilities. The 5GPG will allow power systems to greatly enhance the monitoring, operation, control, protection, and trading functions. The 5G provides a convergence of pervasive broadband, sensing, and intelligence. Furthermore, moving to 5G brings the Internet-of-Energy into future power markets, providing greater benefits to the utilities and consumers. The testbed includes the following components and functions: transmission and distribution, distributed energy resources, loads, and controllers. We are developing the access to the CCI 5G Testbed. VT Electric Service (VTES) and PEC have established a strong partnership for research and educational collaborations. The VT 5GPG testbed enables the investigation of different communication strategies on the cyber-power system. An advanced real time digital simulator (RTDS) has been purchased for the 5GPG program and set up in the cyber-power laboratory at Virginia Tech. The computing testbed is integrated with hardware components in a power and energy laboratory through optical fibers. The testbed uses a model of the VTES distribution system as a test system for evaluation of the capabilities of 5G communications. The 5G testbed available through CCI in Arlington, VA, is used for communications among components of the 5GPG testbed. 

11. Title: Polar Coding and its use in 5G
PI:  Gretchen Matthews
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Engagement

Summary: Polar coding supports 5G technology with a new communication paradigm introduced in 2009. While both efficient and flexible, there is a gap between theoretical results and applications that may impact their use in cyberphysical systems, potentially introducing both security advantages and risks. Polar codes use an explicit channel model, so the precise nature of the communication channel determines if and when polarization occurs. When this polarization phenomenon occurs, a substantial proportion of the synthetic channels are practically perfect, allowing for essentially error-free communication while others are complete noise and unreliable, making polar codes relevant to fields ranging from data compression to cryptography. Most results in the field focus on memoryless channel models, yet communication channels typically have memory which affects the probability of error in nearby symbols. Ignoring the impact of channel memory and assuming that polarization is guaranteed can lead to miscommunication of data in settings relying on 5G. This project addresses issues arising from a fundamental disconnect between the theoretical construction of polar codes and their practical use. The focus is on polar coding over channels with memory to develop a framework for this setting that addresses intersymbol interference laying the groundwork for employing polar codes in security applications.

12. Title: C3-5GPG: Cybersecure Communications and Control for 5G-enabled Power Grid
PI:  Ali Mehrizi-Sani
Lead Institution: Virginia Tech
Co-PIs & Institution: Vijay Shah (VT) Duminda Wijesekera (GMU)
Funding Program:  FY21 CCI Research Collaboration

Summary: The overarching goal of this research proposal is to create a cybersecure distributed control, protection, and monitoring infrastructure for distributed energy resources (DER) within a microgrid power system. We capitalize on the URLLC feature of 5G communication and further evaluate our proposed algorithms via both simulation studies and 5G and power grid testbed experiments. The salient aspects of this architecture are its cybersecurity and distributed nature, which coupled with the promise of 5G communications are expected to enable a paradigm shift in power system control. The current power system practice uses proprietary communication assets to handle high-reliability applications at the transmission and generation levels. However, this legacy approach invariably limits future expansion of the system, requires specialized personnel training, and lacks interoperability. Simultaneously, for long, the power community has avoided reliance on commercial communication technologies at the distribution level because of cost of equipment, security/privacy concerns, and lack of performance. 5G communication infrastructure, however, has the promise of enabling such applications via its URLLC capabilities. In this project, we investigate the impact of practical 5G communication, considering both its promise and limitations, on the power system. We then optimally design cybersecure low-latency communications and control for the 5G-enabled power grid. Our specific objectives are (i) designing coordinated control of DERs in a microgrid, (ii) optimizing 5G communications for the microgrid application, (iii) enhancing cybersecurity of 5G based communication, and (iv) evaluation via experiments and testbed demonstration.

13. Title:  SWIFT: Southwest Wireless Information Freshness for Power Grid Technologies
PI:  Ali Mehrizi-Sani
Lead Institution: Virginia Tech
Co-PIs & Institution: Vijay Shah (VT) Duminda Wijesekera (GMU)
Funding Program: FY21 CCI SWVA Research Collaboration

Summary: The overarching collaboration goal of this project is to capitalize on the expertise in power system (Power and Energy Center) and communication (Wireless@VT) at Virginia Tech (VT) and evaluate the impact of communication non-idealities within the CCI-funded 5G Power Grid (5GPG) testbed being developed at VT. This is important as the power system and communication networks have become increasingly interdependent due to the need to increase wide-area situational awareness in a grid with increasing distributed/renewable energy resources (DER). This project creates models and experiments that enable the study of the impact of information freshness, measured as Age of Information (AoI), on the power system. Along this route, we also identify power system features (e.g., measurements, statuses, and renewable generation predictions) that have a dominant impact on the grid's performance so they need to be given priority in utilizing the limited network bandwidth. These efforts will contribute to the understanding of how future 5G networks will enable new distributed and decentralized functionality for the power system. The intellectual challenges in the proposed research vision require close synergies among experts in power engineering and communications engineering. Additionally, this project will inform the design of the communication aspects of the 5GPG testbed we are creating at Virginia Tech under a separate CCI-support project.

14. Title: Secure Communication between Autonomous Systems - Drones, Automobiles, and Infrastructure
PI:  Michael Mollenhauer
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Program 

Summary: This project focuses on autonomous system security testing in the context of remote monitoring and operation through secure communications between ground and infrastructure. Establishing and verifying secure communications via Cellular Vehicle-to-Everything (C-V2X) are a critical component for safe deployment. Building upon VTTI’s existing Automated Truck Mounted Attenuator (ATMA) platform, this effort investigates and develops a fully remote operation implementation which uses C-V2X and 4G as communication channels for full coverage at VTTI’s Smart Road and transmit telemetry data including vehicle’s sensor information, automation system related variables and video streaming up to 3 video sources. VTTI accomplished these tasks, developing and validating real-world applicable solution, which uses hardware and software modules to optimize the communication link between an automated platform and the remote operator system and supporting redundancy for low latency and minimal packet loss. The VTTI team also worked with the Global Center for Automotive Performance and Simulation (GCAPS) on evaluating opportunities for misinformation in a connected environment, researching how misinformation could be introduced by affecting sensor technology or sensing mechanisms. Both teams targeted the automation platform sensor set and how they could be affected by external factors. Sensors such as GPS, LiDAR, and Radar can be indirectly affected to produce misinformation, and this work covers detection mechanism and workarounds for these situations.

15. Title: Remote Operator Workstation and Misinformation Analysis
PI:  Michael Mollenhauer
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program:  FY21 Research Program 

Summary: This project focuses on autonomous system security testing in the context of remote operation through secure communications between ground, aerial, and infrastructure. Building upon VTTI’s existing Automated Truck Mounted Attenuator (ATMA) platform, it investigates and develops two useful additions: 1) Remote Operator, providing remote control and a live video feed allowing a remote operator to safely maneuver the ATMA around unexpected hazards, and 2) a paired Unmanned Aerial Vehicle (UAV) that provides operators with a live aerial video feed of the ATMA and mobile work zone environment. This effort involved the development of specialized messages to contain control, vehicle, and heartbeat information between the vehicle and operator station, along with packet queue and message forwarding applications on the C-V2X hardware. This novel integration was leveraged for autonomous UAV following applications developed under this project in what is thought to be the first instance of autonomous UAV-vehicle coordination using C-V2X communications.

16. Title: Algorithms for Supersingular Elliptic Curves
PI:  Travis Morrison
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Program 

Summary: Cryptography secures our electronic communications. The protocols in place today are believed to be secure against attacks using classical computers, but if an adversary builds a large-scale quantum computer, they will be able to break all currently deployed cryptosystems. NIST is organizing a process to standardize quantum-secure cryptosystems: these systems are resistant to both classical and quantum adversaries. One system considered in the process is SIKE (Supersingular Isogeny Key Encapsulation). SIKE bases its security on the hardness of finding paths in certain graphs involving elliptic curves. This project aims to generalize, improve, and implement an important number-theoretic algorithm due to Schoof-Elkies-Atkins. In particular, we speed up the computation of an important invariant of an endomorphism. This algorithm can be generalized to an important subroutine of an algorithm for computing the endomorphisms of an elliptic curve (these endomorphisms are the symmetries of the curve and can be used to break systems like SIKE). 

17. Title: AI-based Air Traffic Control Decision Aid
PI:  Eric Paulz
Lead Institution: Virginia Tech
Co-PIs & Institution: Alan Michaels (VT)
Funding Program: FY21 Research Engagement 

Summary: The goal of this project is to build a prototype system that demonstrates how artificial intelligence (AI) can supplement a human air traffic controller in high-stress scenarios.  The idea of using AI in air traffic control (ATC) is not completely new, however most researchers are focused on using AI in either offline training applications or fully autonomous solutions.  We believe it is useful to look at a solution that keeps the human at the center of the decision-making process while also receiving input from a powerful AI engine that can multi-task, detect trends and make predictions better than a human in certain cases. The project has produced a fully functional simulation framework including a mature air traffic simulator, integrated AI algorithms written in Python, and a basic HMI which allows external control of the simulation while receiving input communications from the AI engine. A simple scenario of two aircraft converging to one common waypoint before proceeding along the same route to their common destination.  This forces the aircraft to coordinate a smooth merge by either speeding up or slowing down to avoid the other plane. Results of these tests that the agents were in fact learning, with the rewards increasing and flattening out as well as the decreased number of conflicts over time. 

18. Title: SWVA Testbed Deployment
PI:  Jeffrey Reed
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Program

Summary: This project focuses on the deployment of the CCI 5G testbed in Southwest Virginia, specifically at Virginia Tech in Blacksburg. It involves conducting experimental research in the broad scope of wireless communications and networking, with a particular focus on 5G and Beyond 5G technologies and applications of artificial intelligence and machine learning to wireless systems. It involves engaging with the CCI hub and nodes in Northern, Coastal, and Central Virginia to coordinate the 5G testbed deployment and establish best practices as well as research in wireless communication networks, with a focus on 5G and Beyond 5G technology and applications of AI to wireless systems.

19. Title: Internet of Structures: Quantifying Cyber Security Risks for Connected Monitoring of Civil Structures
PI:   Rodrigo Sarlo
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Engagement 

Summary: Sensor-based structural health monitoring (SHM) aims to identify and manage structural damages in a wide range of critical infrastructure, e.g., bridges, power plants, and satellites. Current systems are deployed in an ad hoc manner without considerations for the consequences of attacks at the sensor, network, or data levels. While work on cyber-physical system security addresses some of these concerns, there remain unexplored vulnerabilities: 1) analog interference attacks which compromise sensor output integrity and 2) eavesdropping attacks which can infer unintended information from available data. This project is currently exploring the possible extent of these methods along with corresponding consequences. In the case of vulnerability 1, we have shown the potential of Generative Adversarial Networks (GANs) to generate fake damage-like data, capable of fooling damage detection algorithms. We have also developed a method for testing sensor output integrity, even in cases of highly unbalanced data. In the case of vulnerability 2, we have demonstrated that a completely unsupervised approach can be used to cluster “events” captured by a building structural monitoring system. These events can be used to build a “pattern of life” for the building based on data that was not intended for this purpose.

20. Title: Scalable Intelligent RAN System for Next-Generation Mobile Networks
PI:  Vijay Shah
Lead Institution: Virginia Tech
Co-PIs & Institution: Ying Wang (VT)
Funding Program: FY21 Research Engagement 

Summary: The future generation mobile network is expected to support various types of services such as eMBB (enhanced Mobile Broadband), mMTC (massive Machine Type Communications), and URLLC (Ultra-Reliable and Low Latency Communications) and beyond, while at the same time fulfilling different quality of service and quality of experience requirements. In this project, we envision to architect a RAN-level intelligent system that dynamically predicts network progression and conducts network design strategies and auto-deployment within the network periodically through temporal data mining of the RAN behaviors. The proposed method observes the behavior of the network, translates the policy restrictions of service agreement, spectrum, and physical resources, and applies deep learning to optimize allocations of various RAN resources promptly. Comparing earlier network generations have been designed as general-purpose connectivity platforms with limited differentiation capabilities across use cases, 5G (and Next-G) intends to create an ecosystem for technical and business innovation involving vertical markets such as automotive, energy, healthcare, etc. Through abstracting the features of each scenario, our system adapts to meet the requirements from different fields and markets in an efficient way. In particular, this project developed a novel user-driven RAN resource management (RRM) system for 5G and beyond mobile networks. Specifically, the RRM system utilizes (i) a ML approach (particularly, LSTM) to predict user traffic behavior and subsequently (ii) a novel concept of prospect theoretic “user happiness” model – to optimally allocate radio resources (e.g., resource blocks) to each user, in order to maximize user satisfaction (or happiness) over time. An investigation of how the envisioned RRM system can be implemented utilizing O-RAN architecture to enable the deployment feasibility on carrier-grade cellular networks.

21. Title:  Enhancing the Privacy and Reliability of Massive-scale Bluetooth Low Energy Contact Tracing
PI:  Danfeng (Daphne) Yao
Lead Institution: Virginia Tech
Co-PIs & Institution: Tijay Chung (VT) Carol Fung (VCU)
Funding Program:  FY21 CCI Research Collaboration 

Summary: COVIDWISE, the state of Virginia’s official contact tracing app, uses the Google/Apple Exposure Notification (GAEN) system. We experimentally evaluated several BLE-related properties and confirmed that GAEN prevents tracking through random Bluetooth addresses, thus providing strong privacy guarantees. We found that iPhones deliver strong privacy protection via the non-resolvable random private address and prevent malicious apps from snooping on users’ Rolling Proximity Identifiers (RPIs). We also confirmed that the Bluetooth beacon refreshing interval is within the range of 10-20 minutes (as stated in the specification) and varies with the distance between devices. Equally importantly, if not more important, we conducted the first analysis on the feasibility of advanced attacks described in the literature. For advanced attacks targeting contact tracing apps, we systematically analyzed their assumptions and assessed their attack feasibility. We found that some advanced attack demonstrations are misleading, as they are expensive to launch, i.e., low feasibility. Our investigation on attack feasibility (or the lack thereof) is extremely meaningful for the general public to gain faith in the security/privacy guarantees of contact tracing technologies, preparing for waves of COVID-19 and future pandemic outbreaks. Without such thorough investigations on feasibility, proof-of-concept attacks in research papers likely erode public’s trust in contact tracing apps like COVIDWISE, which is entirely undesirable. It has become apparent that human’s struggle with COVID will be a long-lasting one. Thus, technology-supported preventive measures (such as BLE-based mobile contact tracing) are the key. Our work will help convey and disseminate correct contact tracing knowledge to the public, refuting misleading attack results or unfounded and unscientific privacy concerns. 

22. Title: Probabilistic and Evidence-based Insider Threat Reasoning and Detection for Critical Infrastructures
PI: Danfeng (Daphne) Yao
Lead Institution: Virginia Tech
Co-PIs & Institution: none
Funding Program: FY21 Research Engagement

Summary: The proposed work aims to design and develop an accurate and easy-to-deploy solution for an organization to detect insider threat anomalies. It aims to design and develop a probabilistic programming language-based insider threat reasoning and detection system. The system will provide the ability to sift through a huge amount of multi-dimensional data and logs and recognize outlier user activities by modeling and capturing uncertainties associated with human behaviors. The approach is to observe, learn, and detect abnormalities among inter-dependent events and user-actions within a learnable or customizable duration of time. The main design focuses include high accuracy, plug-and-play deployment, and scalability. The effort is focused on experimentally validating the detection of a multitude of known anomalous scenarios.

23. Title: System-wide Measurement of Defense-in-depth Readiness of Medical CPS Devices
PI:  Danfeng (Daphne) Yao
Lead Institution: Virginia Tech
Co-PIs & Institution: Bismal Viswanath (VT) Homa Alemzadeh (UVA)
Funding Program:  FY21 CCI SWVA Research Collaboration

Summary: Studying the security of Internet of things (IoT) devices for medical uses or daily activities helps us extract principles and design methodologies for a broad range of cyber-physical systems (CPS). This project aims to prevent unauthorized device operation and sensitive data access in medical CPS (MCPS). Risk categories will be related to, but not limited to, the security of i) program executions on the device, ii) user interfaces (UI), e.g., operator errors, authentication bypassing attacks, iii) connectivity and data transmission (e.g., data exfiltration). It assesses the robustness against common threats and attacks targeting medical devices, as well as evaluates the feasibility and accuracy of anomaly-based detection solutions. A thrust is on developing evaluation benchmarks for standardized accuracy experimentation. The benchmark for evaluating CPS anomaly detection accuracy has the potential to drive researchers and the relevant industry vendors to adopt more rigorous evaluation standards. 

1. Title:  Range Readiness and Reach Platform Prep
PI:  Art Carter
Lead Institution: Radford University
Co-PIs & Institution:  Joe Chase, Prem Uppuluri (RU)
Funding Program: FY21 Workforce Program

Summary: Radford University’s School of Computing and Information Sciences is developing six graduate level classes in cybersecurity intended for K-12 teachers. The classes will develop the competence in cybersecurity basics necessary to incorporate cybersecurity topics into K-12 classes and the required technical competence to utilize Virginia’s Cyber Range. The courses are for online asynchronous delivery to allow the flexibility and accessibility to teachers across the commonwealth. The modules prepare teachers in the K-12 system the skills and knowledge necessary to incorporate cybersecurity into their classes and utilize Virginia’s cyber range as a teaching resource.  

2. Title:   HackHouse: Pedagogical framework for IoT experiments
PI:   Joe Chase 
Lead Institution: Radford University
Co-PIs & Institution:  Prem Uppulur (RU) Bathurst Bagby (VWCC)
Funding Program: FY21 Workforce Program

Summary: This collaborative project between researchers at Radford University and faculty from Virginia Western Community College (VWCC) develops a platform that supports pedagogical experiments in security and privacy issues of IoT devices. The project builds on the strengths of its various collaborators: Radford University’s grant supported projects in cybersecurity pedagogy, and VWCC’s focus and expertise in developing hands-on exercises from high school through community college students.  The salient contributions of the grant will be an IoT cyber range and sample exercises and lesson plans on security and privacy issues of IoT devices that range from high school to undergraduate level. The current state of Hackhouse includes: a plug and play architecture to plug in heterogenous IoT devices compatible with either Zwave or Zigbee platform, including a central server to capture data from across multiple devices; scripts to generate and capture data from these devices as a foundational step to create data repositories; and hands-on exercises that provide experiential learning at the undergraduate level on analysis of cryptographic standards being used in communication across these devices, identifying privacy leaks in data, and deep packet inspection using Wireshark.

3. Title:  Biosecurity Summit – Securing the Agriculture and Food System (SAFE) with Cyberbiosecurity
PI:  Susan Duncan
Lead Institution:  Virginia Tech
Co-PIs & Institution:  none
Funding Program: FY21 Workforce Program

Summary:  To identify and address the gaps in awareness and knowledge as well as encourage collaborations, Virginia Tech hosted a virtual workshop consisting of professionals from agriculture, cybersecurity, government, and academia. During the workshop, thought leaders and influencers discussed (1) common food and agricultural system challenges, scenarios, outcomes and risks to various sectors of the system; (2) cyberbiosecurity strategies for the system, gaps in workforce and training, and research and policy needs. Through qualitative methodology, meeting sessions were transcribed and analyzed for major themes, resulting in challenges, solutions, viewpoints, vocabulary being identified. From the discussion, it is evident that there is a lack of cyberbiosecurity training and resources available. Identifying the future pathways for evolving cyberbiosecurity to address the agriculture and food system needs was unclear to participants. Recommendations for further advancement of cyberbiosecurity included creating training and education, continued interdisciplinary collaboration, and recruiting government involvement to speed up better security practices. Case studies are one approach to advancing understanding of biological data progression in the agriculture and food system and where data vulnerabilities exist.

4. Title:  Student Training-Engagement Program (STEP)
PI:  Bobby Keener
Lead Institution: CyberCivilian
Co-PIs & Institution:  none
Funding Program: FY21 Workforce Program

Summary: To reduce the cybersecurity workforce gap in Virginia, the Student Training-Engagement Program (STEP) provides a six-month STEP experience which includes accredited student-centered training integrated with a cybersecurity internship. Decreasing the cybersecurity workforce gap in Virginia via STEP will allow organizations to use data and technology more effectively and better serve their customers, while simultaneously presenting an opportunity to reskill under/unemployed persons into high-paying careers. CivilianCyber will develop and deliver the Student Training-Engagement Program (STEP) pilot. STEP will use the CivilianCyber AWSAM technology to identify students with the aptitude and attitude to enter a cybersecurity career. CivilianCyber will work with the student to place them in an internship while also delivering accredited hard and soft skills training that will lead to an industry recognized cybersecurity certificate. Internship providers and students will be given a program overview and best practice guidance. Routine feedback will be solicited to improve the provider and student experiences.

5. Title: CyberTeams VIPs
PI:  Alan Michaels
Lead Institution: Virginia Tech
Co-PIs & Institution:  Kevin Heaslip (VT)
Funding Program: FY21 Workforce Program

Summary: The Cyber Team VIP program introduced students to automotive cybersecurity through the conduct of literature review, development of experiments, and the implementation of the experiments on a vehicle provided by Ford Motor Company. This year, the students focused primarily on the security of the controller area network (CAN) Bus, the on-board diagnostics (OBD)-II port, and the charging of the electric vehicle. The experiments provided increased visibility to the automotive cybersecurity area and built a significant cohort of students that are interested in automotive cybersecurity. Several students from the cohort have taken internships in the automotive cybersecurity industry, helping establish Virginia Tech and the Commonwealth of Virginia as a location where the automotive cybersecurity workforce is being trained. Additionally, the results have deepened relationships with Ford Motor Company, with conversations continuing (slowed due to pandemic) towards future investment in a large-scale automotive cybersecurity center. Motivated by this project, the Hume team added a second undergraduate cybersecurity VIP research team, aimed primarily at the multi-disciplinary evaluation of propagation of personal information across the Internet.

6. Title: Wise Minds at Work
PI:  Daniel Orr
Lead Institution:  UVA - Wise
Co-PIs & Institution:  none
Funding Program: FY21 Workforce Program

Summary: Wise Minds at Work (WMAW) is an intensive in-the-field learning experience that brings together students in cross-disciplinary teams to address cybersecurity challenges of for-profit businesses and other organizations. Technology majors will anchor these teams. Teams may also include students majoring in criminal justice, psychology, sociology, etc., based upon the needs of the specific industry partner and as dictated by the needs of the project. This program offers a 360-degree benefit, which would include the possibility of full-time employment for Virginia’s college graduates, an opportunity for employers to sample the talent of rural Southwest Virginia, and a stronger relationship between UVA Wise and employers. Additionally, this project positions Southwest Virginia as a permanent technology recruitment pipeline for employers throughout the Commonwealth.

7. Title: Support for the Student Training-Engagement Program (STEP) Enhancing Virginia’s Cybersecurity Workforce Pipeline
PI:  Jeff Pittges
Lead Institution:  Radford University
Co-PIs & Institution: Courtney Conner-Stringer (UVA Wise), David Matlock (SWVA Higher Ed Center), Deri Draper (ODU), Bobby Keener (CivilianCyber)
Funding Program: FY21 Workforce Program

Summary: STEP is an immersive technology-driven experience that includes accredited, student-centered online cybersecurity training. Participants are provided experiential learning experiences via integrated internships and apprenticeships. Results associated with these objectives included developing a student program feedback survey, an organizational (internship/apprenticeship providers) feedback survey, operational processes and procedures that support student/organizational onboarding and support, and implementing program improvements to include the development of the STEP-UP small business pre-apprenticeship program, the creation of a Registered Apprenticeship Program (RAP), and financial support for via program registration with support agencies. Providing manageable ways to reduce the cybersecurity workforce gap in Virginia via STEP will allow organizations to use data and technology to serve their customers more effectively while simultaneously providing under/unemployed persons the opportunity to reskill into high-paying careers. Ten persons previously not in the cybersecurity field have entered cybersecurity careers. The STEP-UP pre-apprenticeship program was developed based on the outcomes of this research and has been commissioned to provide experiential learning to fifteen cybersecurity students in the southwest Virginia region.

8. Title: Cyber Range Accessibility Program
PI:  David Raymond
Lead Institution: Virginia Tech
Co-PIs & Institution:  none
Funding Program: FY21 Workforce Program

Summary: In order to make Virginia and U.S. Cyber Range resources broadly accessible to underserved individuals, as well as to reduce exposure to legal complaints under the ADA, the cyber range contracted with a third-party expert to conduct a full assessment of our resources using a Voluntary Product Accessibility Template (VPAT) and to work with our team to remediate accessibility shortfalls. This greatly improves the ability to commercialize the cyber range as many potential U.S. Cyber Range customers insist on a VPAT addressing WCAG 2.1 guidelines and will not use our resources without this. Prior to this project, the Virginia and U.S. Cyber Range Exercise Area, CTF platform, Courseware Repository, and Knowledge Base did not meet modern web accessibility standards.  W3C web accessibility standards are provided in the Web Content Accessibility Guidelines (WCAG) 2.1 (https://www.w3.org/TR/WCAG21/). The DOJ has cited WCAG 2.1 as an acceptable metric for web content accessibility under the ADA. The cyber range contracted with Level Access, a well-known accessibility support company, who did a thorough analysis of our software and services to identify shortfalls. The cyber range development team worked with Level Access to correct deficiencies and had an initial VPAT issued. The team will continue to work with Level Access in the coming years to refine and maintain our significantly enhanced level of web accessibility. This project also expansion of courseware in the cyber range catalog and support of capture-the-flag challenges for Virginia and U.S. Cyber Range competitions.

1. Title: Startup Toolkit for Early-Stage Potential Ventures
PI:  Mark Mondry
Lead Institution: Virginia Tech
Co-PIs & Institution:  none
Funding Program: FY21 Innovation Program

Summary: The commercialization of technologies from university research generally follows one of two paths: licensing the technology to an established company operating in a relevant market or facilitating the formation of a startup specifically created to pursue a perceived commercial opportunity for the technology and licensing the technology to that startup. When researchers participate in the creation of such a startup, it is referred to as a “spin-out.” Universities encourage researchers to engage in this second path, but only a small number engage in the spinout process for a variety of reasons. Many choose not to engage due to a lack of knowledge and a sense of ambiguity and high risk associated with entrepreneurship. If universities are to amplify economic and social impact from their research, we need to facilitate more spinouts from deep-tech research including cyber technologies. This project involves the creation of module-based informational resources related to the technology commercialization process designed specifically to support the needs of entrepreneurially minded cyber researchers with spinout opportunities. The objective of this project is to foster a more entrepreneurial culture in the SWVA Node cyber research community by anticipating the needs of potential spinout founders and addressing those needs by providing informational on-line resources and tools related to the spinout process. This effort is anticipated to result in increased startup formation by members of the SWVA Node research community.