The Kentucky Cybersecurity & Forensics Conference (KCFC) is an annual cybersecurity event held every year by one of the National Centers of the Academic Excellence i.e. the CAE institutions within Kentucky. It is a cybersecurity conference that is hosted annually by one of Kentucky鈥檚 higher education institutions that has earned the CAE designation through NSA accreditation. This year, the KCFC 2024 will be hosted in person by 开心鬼传媒 (开心鬼传媒) in Griffin Hall, the home of the College of Informatics. This cybersecurity focused conference offers a great platform and opportunity for discussions, presentations, exchange of ideas, dissemination of research work via papers & posters, scholarly publications, workshops and networking with peers from academics, government and industry for advancing cybersecurity education, collaborations and innovations.
The 开心鬼传媒 College of Informatics is proud and honored to host this 2024 KCFC i.e. the annual Kentucky CAE Conference on Saturday, October 19. This conference will feature papers, posters, workshops, and presentations on a variety of cybersecurity topics.
Papers, short and full, which have been accepted to KCFC 2024 can be found in this page. Here, you can view paper presenters, paper titles, and paper abstracts. These papers will be published to Springer Nature and presented at KCFC 2024.
Title: Studying "Reflectacles" As An Anti-Surveillance Wearable Device: Adversarial Testing Plus Performance Analysis Using Three Facial Recognition Tools
Authors: Ryan Jackson (Undergrad Student, University of Wisconsin at Green Bay), Ankur Chatterjee (Faculty, 开心鬼传媒) and Bikash Acharya (Undergrad Student, 开心鬼传媒)
Abstract: While technological advances in public video surveillance technologies have helped in law enforcement, smart video surveillance technologies have led to human privacy invasion of law-abiding citizens. Sophisticated visual recognition techniques and tools are being used worldwide to monitor public places and analyze data from captured camera footage. Current state-of-the-art human facial recognition-based biometric tools are extensively used in public video surveillance as well as in consumer electronic products for user-authentication purposes. In an effort to counter the critical issue of human privacy invasion by surveillance applications, several 鈥渟oft privacy鈥 enhancing remedial solutions have been proposed by researchers, including the use of enhanced design of camera footage capturing techniques in surveillance cameras, such as post-processing of the camera images and videos. However, very few of these prior works have attempted to explore a 鈥渉ard privacy鈥 option, where surveilled subjects can utilize 鈥渁nti-surveillance鈥 technology in the form of specialized glasses or wearables to protect themselves from intrusive surveillance cameras. In this research paper, we study the capabilities of a wearable glasses product - 鈥淩eflectacles鈥 as a potential 鈥渁nti-surveillance鈥 wearable device for individuals to explore a 鈥渉ard privacy鈥 offering option by resisting human facial recognition technologies amidst to-day鈥檚 widespread privacy-invading public surveillance systems. As part of our research, we discuss and explore the potential 鈥渁nti-surveilling鈥 effect of Reflectacles by pitting this device against three (3) current state of the art visual recognition tools - IBM Watson Visual Analytics, Microsoft Azure Facial Recognition, and AWS Amazon Rekognition. Our experimental study shows that Reflectacles can successfully resist and reduce the human facial recognition performance in these tools. We also demonstrate how an anti-surveillance wearable device, like Reflectacles, can be prospectively utilized as a potential means for adversarial testing plus performance analysis of facial recognition tools to critically evaluate these tools and compare their performances against surveillance-resisting wearable devices. Our proposed approach of adversarial assessment and performance testing of facial recognition technologies using Reflectacles as a "hard privacy" offering anti-surveillance wearable device, is a fresh, non-traditional initiative. To the best of our knowledge, our work is the first ever research study involving the Reflectacles device as wearable glasses.
Title: User Awareness of Cybersecurity Risks with ChatGPT's New 鈥淢emory" Feature: A Knowledge-Attitude-Behavior Analysis
Authors: Nicholas Caporusso (Faculty, 开心鬼传媒), Nazmus Sadat (Faculty, 开心鬼传媒) and My Doan (Undergrad Student, 开心鬼传媒)
Abstract: Recently, OpenAI introduced a new feature called "memory''. This functionality enables ChatGPT to automatically extract and store relevant user information from conversations, to generate more personalized and relevant responses. However, several dynamics of this new functionality raise numerous concerns about potential cybersecurity risks for the user. This paper reports the results of a study that investigated users' familiarity with how ChatGPT鈥檚 new "memory'' feature functions, their attitudes toward its privacy implications, and their subsequent behavior in response to perceived risks. To this end, the Knowledge-Attitude-Behavior (KAB) model was utilized to design a questionnaire that was primarily distributed to Computer Science students. Findings from 119 responses reveal that while some users are aware of the feature, many are either unaware or uncertain of its operation, particularly regarding its data extraction, storage, and management policies. This research highlights the need for increased transparency and user control over memory features in ChatGPT and Large Language Models, emphasizing privacy and security concerns.
Title: A Survey Study Of Cloud Security and Privacy With A Focus On GDPR-Compliant SPICE Solutions
Authors: Nika Asatiani (Graduate Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Abstract: Since cloud computing allows information to be stored remotely, it has significantly transformed the way people store and access data. Due to cloud computing internet users can store, quickly download, and interact with their applications or documents over the internet. Cloud infrastructure also allows people to access their data without worrying about having access to storage devices. However, when data is archived in the cloud, it introduces various security and privacy challenges. This survey study investigates security solutions to tackle this issue. It mainly focuses on the following solution - the Simple Privacy-preserving Identity-management for the cloud environment (SPICE). This paper reviews existing literature and identifies four critical cybersecurity domains (P-IM-DI-AC), or four focus areas related to security and privacy issues in cloud computing, that include privacy (P), identity management (IM), data integrity (DI), and access control (AC). Threats, such as data loss and identity theft, highlight the importance of privacy. As part of this survey study, we explore solutions to these issues such as BlindIDM, Cisco Secure Data Center Framework, and SPICE, and we find that SPICE is superior in privacy, identity management, and access control compared to other solutions. As cloud security advances, it is important to implement privacy measures for fostering trust and service adoption. For these reasons, it is essential to integrate powerful and reliable solutions, which are compliant with General Data Protection Regulation (GDPR) in the growing cloud computing environment in order to ensure responsible and lawful data protection practices in cloud computing. GDPR compliant solutions in this context ensure accountability, transparency, and protection of individual rights through responsible and privacy-preserving data handling. In this paper, we also review existing literature on GDPR compliant SPICE based cloud security solutions, and identify three distinct theme elements namely - security & privacy issues (like P-IM-DI-AC), corresponding solutions, and GDPR compliance. We organize and map the surveyed literature using these three identified theme elements. To our knowledge, this survey study is unique because of its focus on GDPR compliant SPICE based cloud security solutions. According to the best of our knowledge, this survey study is a first of its kind effort to analyze the SPICE system's alignment with GDPR requirements. Additionally, this paper presents a list of future directions, including a set of open research questions related to the advancement of cloud security research, as part of the concluding summary.
Title: Protecting Data-At-Rest In The Cloud: A Data Privacy Centered Evaluation Study
Authors: Olivia Long (Graduate Student, 开心鬼传媒), Brianna DeAmicis (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Abstract: As more businesses move to the cloud, it is imperative that proper controls are in place to protect user data. Cloud vendors offer an assortment of capabilities to protect data-at-rest. Given the number of cloud data breaches in re-cent years typically due to misconfigurations, the effectiveness of these con-trols is an important research focus area. Existing literature indicates that there have been survey studies on cloud based data security issues plus their solutions. However, to our knowledge, there have been limited data privacy focused evaluations of the available tech solutions in this context, and very few research studies on the efficacy of Amazon Web Services (AWS) and Microsoft Azure tools in this context. In this paper, we perform a unique study that examines the native AWS and Azure capabilities, and that analyzes their effectiveness. We evaluate the performances of Azure Purview and AWS Macie, as well compare our findings to determine which solution is more effective with respect to data privacy.
Title: A Survey Study Of Data Privacy & Security In IoT Systems Driven By Voice Controlled Devices
Authors: Param Adhikari (Graduate Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: ETBR - A Unique Unplugged CTF: A Case Study
Authors: Benjamin Acuff (Undergrad Student, 开心鬼传媒), Meghyn Winslow (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: Analyzing Cybersecurity Vulnerabilities in K-12 School Districts: A Study of Targeted Attacks and Contributing Factors
Author: John Gates (Graduate Student, 开心鬼传媒)
Abstract: Cyberattacks on K-12 schools have surged, compromising sensitive data and disrupting operations. This study examines factors contributing to the vulnerability of K-12 schools to cyberattacks, focusing on location, enrollment, and wealth. Using data from 10,349 U.S. unified school districts and 198 reported cyber incidents (2020鈥2023), logistic regression and correlation analyses identified urbanization as the strongest predictor of cyberattacks. Urban districts face significantly higher risks, with the likelihood of attack doubling at each level of increased urbanization. These findings emphasize the need for targeted cybersecurity measures in urban districts and call for improved reporting mechanisms to accurately assess cyber threats in education.
Title: Understanding Psybersecurity Attacks and The Threat Of Human Mind Hacks: A Novel Gap Analysis Study
Authors: William Vestring (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Abstract: Psybersecurity is an emerging area within the realm of cybersecurity, that investigates safeguarding the human mind from attacks, plus threats and deals with the human aspects of technology, including the relationship of psychology with technology, as well as the use, benefits, consequences, plus overall impacts on the human mind. Unlike traditional cybersecurity, psybersecurity looks at the human mind as the potential attack surface and involves developing ways to protect the human mind from the possible hacks, or searching for avenues to limit the impact of a cyberattack on the human mind. It includes understanding different aspects or elements tied to the human mind, such as a person鈥檚 mood, behaviors, emotions, perceptions, opinions, decision making, views, and overall cognition. Existing literature shows a few survey studies on this relatively new topic, that include reviews of previous works related to this area of work. However, none of the prior research has analyzed the prospective types of psybersecurity attacks, and how cognitive hacking is connected to this subject matter. To our knowledge, this paper is the first to address these gaps by studying the different kinds of psybersecurity attacks, and by reviewing cognitive hacking under the umbrella of psybersecurity attacks. According to the best of our knowledge, previous works on this topic have also not studied the potential threat elements associated with psybersecurity attacks, and whether the existing threat modeling approaches can be used to investigate the psybersecurity threats. To our knowledge, this paper is also the first of its kind to study psybersecurity threats and if they can fit into the popular cybersecurity threat models. Overall, this paper is a novel gap analysis study into the field of psybersecurity, that explores the different kinds of psybersecurity attacks, including the types of threats they encompass, and looks into the possibility of employing existing cybersecurity threat modeling approaches for psybersecurity studies. We also share new insights along with recommendations in this context for addressing psybersecurity threats, and share future scope of work on this topic plus new research questions that are open for answering.
Title: AI As A Catalyst for Data Security in INGOs: A Novel Preliminary Case Study
Authors: Ana Latsabidze (Graduate Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: A Data-Driven Analysis of Cybersecurity Job Market Trends
Authors: Gaurab Baral (Undergrad Student, 开心鬼传媒) and Junxiu Zhou (Faculty, 开心鬼传媒)
Abstract: In today's rapidly evolving digital landscape, the growing cybersecurity threat has led to an increased demand for skilled cybersecurity profession-als. However, there is a significant gap between the supply of qualified per-sonnel and the growing needs of organizations to protect their digital assets. To better understand this cybersecurity skills gap and its implications for the job market, we conducted an in-depth analysis of current trends using data from a popular job listing platform. We analyzed 759 unique job list-ings, focusing on salary distributions, geographic locations, required skills, and qualifications. Our findings reveal an average salary of $124,433, with significant job opportunities concentrated on the East Coast, particularly in Virginia. By applying Latent Dirichlet Allocation (LDA) for topic model-ing, we identified key terms in job descriptions such as information securi-ty, incident response, and risk management. These keywords were then used to categorize job descriptions across different roles. This research offers valuable insights for job seekers, employers, and educators in the fast-evolving cybersecurity landscape.
Title: CoVCues: A Trustworthy Resource Amidst The COVID Infodemic
Authors: Shreetika Poudel (Undergrad Student, 开心鬼传媒), Sarah Ogden (Undergrad Student, 开心鬼传媒), Nahom Beyene (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: TAI In Cyber Education: A Preliminary Survey Study Of Hands-On Learning Approaches and A Gap Analysis
Authors: Rohan Karki (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: Semi-Supervised Outlier Detection for Anomaly Detection in Industrial Control Systems
Author: Monju Tanakajima (Undergrad Student, 开心鬼传媒)
Title: Impact Of Online Advertising On User Privacy: A Preliminary Survey Study
Authors: Jason Beetz (Graduate Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Title: AI Topics In GRC Based Cybersecurity Education: A Preliminary Gap Analysis Study
Authors: Logan Witwer (Undergrad Student, 开心鬼传媒) and Ankur Chatterjee (Faculty, 开心鬼传媒)
Abstract: With the current emphasis and significance imposed by the United States (US) Congress on preparing the next generation cybersecurity workforce with cybersecurity and artificial intelligence intersection (Cyber AI) topics based knowledge, the NSA is in the process of launching an AI in Cybersecurity pilot program of accreditation for US based higher educational institutions. It is in this context that we perform a preliminary study to review the preparedness of the US higher education industry in terms of offering or teaching Cyber AI topics related to the Governance Risk Compliance (GRC) knowledge area, which is an integral and critical part of today鈥檚 higher ed cybersecurity educational curricula. As part of our gap analysis driven re-search study, we reviewed several popular risk assessment/risk management textbooks, which cover GRC topics, and which are used as textbooks for the GRC focused cybersecurity courses across different cybersecurity educational programs in many US based higher education institutions. We analyzed these GRC topics based textbooks to see and check if they cover the relevant Cyber AI topics, which specifically fall under the GRC focus area. In this paper, we present the findings from our initial review and these findings are crucial in highlighting the gap in coverage of Cyber AI topics when it comes to class textbooks adopted within the current US higher ed education system. In the overall scheme of things, we envision that this gap analysis study will help serve as a reference point in advocating for inclusion of Cyber AI topics within the standard cybersecurity educational program curricula, including textbooks, across the US higher ed institutions, thereby contributing to a more comprehensive, holistic and enhanced cybersecurity education, that is in alignment with the recent Cyber AI topics related educational focus, emphasis and recommendations made by the US Congress and NSA. To our knowledge, this gap analysis study is the first of its kind novel research effort on this topic.
For any and all other information regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by 开心鬼传媒, please refer to /academics/informatics/centers/cis/kcfc.html.
For any questions regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by 开心鬼传媒, please contact Dr. Ankur Chatterjee at chattopada1@nku.edu.