2011 TRUST Research Experiences for Undergraduates (TRUST-REU)

Program Overview

The Team for Research in Ubiquitous Secure Technology sponsored 13 undergraduate students to participate in the summer 2011 TRUST-REU program. Below are descriptions of the 2011 TRUST-REU research projects and links to each student's or team's research report and poster presentation.

Research Projects

• Final Project Paper
• Final Project Poster

 

Patrick Baxter Clemson University

Automated Election Auditing from DRE Logs
Voting audit logs produced by Direct Recording Electronic (DRE) machines are often unwieldy and unintelligible to a human reader. These logs detail all events recorded on the DREs and include data on ballots cast and post-election procedures. The authors of the paper “Auditing a DRE-Based Election in South Carolina” demonstrated that these logs can be analyzed to uncover both procedural errors and election anomalies. In this study, we replicate the results from the aforementioned paper and develope additional analyses. These include identification of procedural errors by election officials, DRE hardware problems and precinct statistics. We have integrated these reports into a public website that produces a detailed report from the ES&S iVotronic log files. We intend this work to stand as proof-of-concept software for future auditing tools and as an immediately accessible tool to assist those working with election auditing and integrity.

• Final Project Paper
• Final Project Poster

 

Robert Carlson California State University, Chico

Privacy Policy Language

• Final Project Poster

 

Anne Edmundson Cornell University

Automated Election Auditing from DRE Logs
Voting audit logs produced by Direct Recording Electronic (DRE) machines are often unwieldy and unintelligible to a human reader. These logs detail all events recorded on the DREs and include data on ballots cast and post-election procedures. The authors of the paper “Auditing a DRE-Based Election in South Carolina” demonstrated that these logs can be analyzed to uncover both procedural errors and election anomalies. In this study, we replicate the results from the aforementioned paper and develope additional analyses. These include identification of procedural errors by election officials, DRE hardware problems and precinct statistics. We have integrated these reports into a public website that produces a detailed report from the ES&S iVotronic log files. We intend this work to stand as proof-of-concept software for future auditing tools and as an immediately accessible tool to assist those working with election auditing and integrity.

• Final Project Paper
• Final Project Poster

 

Jovanni Hernandez Drexel University

Understanding Web Advertising Privacy Through Browser Instrumentation
A growing number of websites serve tracking content from third party advertisers, advertising networks, advertising exchanges, advertising data providers, and more. Most consumers are unaware of what information is gathered and how it is used. We conducted web crawls with a new browser instrumentation tool to better understand the privacy-related business practices of the largely unregulated and unstudied online advertising ecosystem.

• Final Project Paper
• Final Project Poster

 

Hector Tosado Jimenez University of Puerto Rico, Mayagüez

Hector Codes - SoNIC Steganography
The design of this project is to enable the sending of a covert message between 2 communication devices utilizing steganographic techniques. These will allow a message to be sent without a higher level application or a router knowing. This type of network steganography will be achieved using Hector Codes, which the author implemented during a summer internship program, and SoNIC.

• Final Project Paper
• Final Project Presentation

 

Ryan Kaczowka Youngstown State University

Opt-in Procedures of Web Sites Selling Information to Third Parties

• Final Project Poster

 

Keishla Ortiz López University of Puerto Rico, Arecibo

Automated Election Auditing from DRE Logs
Voting audit logs produced by Direct Recording Electronic (DRE) machines are often unwieldy and unintelligible to a human reader. These logs detail all events recorded on the DREs and include data on ballots cast and post-election procedures. The authors of the paper “Auditing a DRE-Based Election in South Carolina” demonstrated that these logs can be analyzed to uncover both procedural errors and election anomalies. In this study, we replicate the results from the aforementioned paper and develope additional analyses. These include identification of procedural errors by election officials, DRE hardware problems and precinct statistics. We have integrated these reports into a public website that produces a detailed report from the ES&S iVotronic log files. We intend this work to stand as proof-of-concept software for future auditing tools and as an immediately accessible tool to assist those working with election auditing and integrity.

• Final Project Paper
• Final Project Poster

 

John Mela Youngstown State University

Generating Attack Traffic using DETERLab in an Emulation-Simulation Environment
The inclusion of attack traffic into the Command and Control Wind Tunnel (C2WT) tool suite with network emulation capability was achieved by integration with the back-end of the Security Experimentation Environment (SEER) workbench. “SEER integrates various tools for configuring and executing experiments and provides a user-friendly interface for experimenters to use the tools.” We wrap a Java application around an executable used by SEER to create attack traffic in the emulation. The addition of this application allows us to generate attacks at varying intensities. We can produce traffic at types of flat rate, ramp up, ramp down and ramp pulse. The existing Java code used to coordinate communication between entities in the simulation and emulation is tied together by Run-Time Infrastructure (RTI) implemented on a Publish/Subscribe system. RTI is an extension of High Level Architecture (HLA) and is responsible for time synchronization between the emulation and simulation environments. Time synchronization is required due to the in-congruent passage of time between these environments. Although the in depth analysis and solution to the time synchronization problem is beyond the scope of this paper, resources exist for further explanation. We extend the C2WT code to communicate attack commands to the emulated network. Extending the existing code allows for the future possibility of simulated attackers. In order to test our implementation, we create a simple application which instructs the emulation to perform four attacks of each type listed above. We monitor traffic using SEER to confirm that the application is doing what it should be.

• Final Project Paper

 

AnaMaria Quevedo Miami Dade College

Automated Election Auditing from DRE Logs
Voting audit logs produced by Direct Recording Electronic (DRE) machines are often unwieldy and unintelligible to a human reader. These logs detail all events recorded on the DREs and include data on ballots cast and post-election procedures. The authors of the paper “Auditing a DRE-Based Election in South Carolina” demonstrated that these logs can be analyzed to uncover both procedural errors and election anomalies. In this study, we replicate the results from the aforementioned paper and develope additional analyses. These include identification of procedural errors by election officials, DRE hardware problems and precinct statistics. We have integrated these reports into a public website that produces a detailed report from the ES&S iVotronic log files. We intend this work to stand as proof-of-concept software for future auditing tools and as an immediately accessible tool to assist those working with election auditing and integrity.

• Final Project Paper
• Final Project Poster

 

Cody Rigney Youngstown State University

Third Party Information Sharing Disclosure Practices

• Final Project Poster

 

Samuel Rodriguez University of Puerto Rico, Mayagüez

Automated Election Auditing from DRE Logs
Voting audit logs produced by Direct Recording Electronic (DRE) machines are often unwieldy and unintelligible to a human reader. These logs detail all events recorded on the DREs and include data on ballots cast and post-election procedures. The authors of the paper “Auditing a DRE-Based Election in South Carolina” demonstrated that these logs can be analyzed to uncover both procedural errors and election anomalies. In this study, we replicate the results from the aforementioned paper and develope additional analyses. These include identification of procedural errors by election officials, DRE hardware problems and precinct statistics. We have integrated these reports into a public website that produces a detailed report from the ES&S iVotronic log files. We intend this work to stand as proof-of-concept software for future auditing tools and as an immediately accessible tool to assist those working with election auditing and integrity.

• Final Project Paper
• Final Project Poster

 

Dietrich Wambach University of Wyoming

Analysis of FLASH,HTTP, and HTML5 DATA
In August of 2009, we deminstrated that popular websites were using "Flash Cookies" to track some users. Some advertisers had adopted this technology because it allowed persistent tracking even where users had taken steps to avoid web profiling. We also demonstrated "Respawning" on top sites with Flash technology. This allowed sites to reinstantiate http cookies deleted by a user, making tracking more resistant to users' privacy-seeking behaviors. In this follow-up study, we reassess the Flas Cookies landscape and examine a new tracking vector, HTML5 local storage and cache-cookies via etags. We found over 5,600 standard http cookies on popular sites, over 4,900 were from third parties. Google-controlled cookies were present on 97 of the top 100 sites, including popular government websites. Seventeen sites were using HTML5, and seven sites had HTML5 local storage and HTTP Cookies with matching values. Flash Cookies were present on 37 of the top 100 websites. We found 2 sites were respawning cookies, including one site Hulu.com where both flash and cache cookies were employed to make identifiers more persistent.The cache cookie method used etags and is more capable of unique tracking even where all cookies are blocked by the user and "Private Browsing Mode" is enabled.

• Final Project Paper
• Final Project Poster