Jump to content, Georgia Institute of Technology, College of Engineering, School of Electrical and Computer Engineering (ECE), ECE Research, ECE Research Labs
College of Engineering
Search | Contact ECE | Feedback | BuzzPort
GT Home > COE Home > ECE Home > Research > Labs > Communications Assurance and Performance Group
Georgia Tech

Research Areas

CAP Research areas: (1) intrusion detection, access control, device fingerprinting; (2) covert channels in computer networks; (3) security in wireless networks; (4) network monitoring and performance; and (5) cybersecurity for critical infrastructure networks.

1. Intrusion Detection Using Information Leakage

Information leakage occurs when an entity (e.g., system, protocol, hardware, software) unknowingly gives off more information than intended during normal operation (or communication for my interest). Network traffic generated by the transmitting parties can be passively monitored. Information about the entity that generated the traffic can then be extracted from the captured traffic. This information can be used to: (1) secure computer systems; (2) attack computer systems; and (3) improve the performance of certain types of networks (e.g., grid networks).

2. Network Steganography

As defined by Webster, steganography is the art or practice of concealing a message, image, or file within another message, image, or file. Network steganography involves concealing a message in normal traffic on the network. Many of the current network protocols are considered non-deterministic. Non-deterministic systems can be modeled as a set of states and state transitions that have a given probability. Therefore, any system that can be modeled as such is vulnerable to covert channels. Our work in this area involves creating algorithms capable of generating covert side channels that exploit this non-determinism and that have little probability of being detected. This covert communication has many applications, including sending information while evading traditional intrusion detection systems. We have developed various types of covert channels for wired and wireless systems at the network and MAC layers.

3. Security in Wireless Networks

Wireless networks differ from wired networks in several ways including: (1) node proximity - attackers often are physically close to victims in wireless networks; (2) signal propagation - the wireless link is inherently insecure as it broadcasts traffic, giving surrounding nodes an opportunity to eavesdrop; (3) resource constraints - often the devices on a wireless network have a finite amount of power supplied by a battery and have limited processing and transmission power (e.g., sensor nodes); and (4) mobility - wireless nodes often have varying levels of mobility. As a result of the above differences between wired and wireless networks, techniques for providing security in wired networks cannot be directly applied to resource-constrained wireless networks. Our work in this area involves the development of resource-aware security protocols for various wireless networks.

4. Network Monitoring and Performance

Ensuring that network protocols operate efficiently is a challenging problem. Additionally, ensuring that network protocols operate as designed and detecting malicious behavior on networks have become increasingly challenging problems.These challenges are heightened as networks become large and distributed or operate over a wireless medium. Our work in this area involves designing efficient protocols that reduce network overhead and energy consumption of wireless devices, and improve the overall performance of the network. Further, we develop techniques to detect and characterize traffic on networks with a primary goal of detecting malicious behavior on these networks

5. Cybersecurity for Critical Infrastructure Networks

The supervisory control and data acquisition (SCADA) networks and smart grids gather real-time data, control operations, and remotely monitor terminal units and industrial equipment. These networks are used in a variety of critical infrastructure applications such as power plants, oil and gas pipelines, chemical refineries, flood control dams, waste and water distribution systems, wind farms, and civil defense siren systems. Secure distribution of data in these critical networks is imperative because injection of false or redundant data is, at a minimum costly, and could lead to loss of life in extreme cases. Our work in this area involves the development of architectures, protocols, and algorithms to address challenges faced in securing current and future critical infrastructure networks against cyber attacks.