The Kentucky Cybersecurity & Forensics Conference (KCFC) is an annual cybersecurity event held every year by one of the National Centers of the Academic Excellence i.e. the CAE institutions within Kentucky. It is a cybersecurity conference that is hosted annually by one of Kentucky’s higher education institutions that has earned the CAE designation through NSA accreditation. This year, the KCFC 2024 will be hosted in person by 鶹ý (NKU) in Griffin Hall, the home of the College of Informatics. This cybersecurity focused conference offers a great platform and opportunity for discussions, presentations, exchange of ideas, dissemination of research work via papers & posters, scholarly publications, workshops and networking with peers from academics, government and industry for advancing cybersecurity education, collaborations and innovations.
The NKU College of Informatics is proud and honored to host this 2024 KCFC i.e. the annual Kentucky CAE Conference on Saturday, October 19. This conference will feature papers, posters, workshops, and presentations on a variety of cybersecurity topics.
Papers, short and full, which have been accepted to KCFC 2024 can be found in this page. Here, you can view paper presenters, paper titles, and paper abstracts. These papers will be published to Springer Nature and presented at KCFC 2024.
Title: Studying "Reflectacles" As An Anti-Surveillance Wearable Device: Adversarial Testing Plus Performance Analysis Using Three Facial Recognition Tools
Authors: Ryan Jackson (Undergrad Student, University of Wisconsin at Green Bay), Ankur Chatterjee (Faculty, 鶹ý) and Bikash Acharya (Undergrad Student, 鶹ý)
Abstract: While technological advances in public video surveillance technologies have helped in law enforcement, smart video surveillance technologies have led to human privacy invasion of law-abiding citizens. Sophisticated visual recognition techniques and tools are being used worldwide to monitor public places and analyze data from captured camera footage. Current state-of-the-art human facial recognition-based biometric tools are extensively used in public video surveillance as well as in consumer electronic products for user-authentication purposes. In an effort to counter the critical issue of human privacy invasion by surveillance applications, several “soft privacy” enhancing remedial solutions have been proposed by researchers, including the use of enhanced design of camera footage capturing techniques in surveillance cameras, such as post-processing of the camera images and videos. However, very few of these prior works have attempted to explore a “hard privacy” option, where surveilled subjects can utilize “anti-surveillance” technology in the form of specialized glasses or wearables to protect themselves from intrusive surveillance cameras. In this research paper, we study the capabilities of a wearable glasses product - “Reflectacles” as a potential “anti-surveillance” wearable device for individuals to explore a “hard privacy” offering option by resisting human facial recognition technologies amidst to-day’s widespread privacy-invading public surveillance systems. As part of our research, we discuss and explore the potential “anti-surveilling” effect of Reflectacles by pitting this device against three (3) current state of the art visual recognition tools - IBM Watson Visual Analytics, Microsoft Azure Facial Recognition, and AWS Amazon Rekognition. Our experimental study shows that Reflectacles can successfully resist and reduce the human facial recognition performance in these tools. We also demonstrate how an anti-surveillance wearable device, like Reflectacles, can be prospectively utilized as a potential means for adversarial testing plus performance analysis of facial recognition tools to critically evaluate these tools and compare their performances against surveillance-resisting wearable devices. Our proposed approach of adversarial assessment and performance testing of facial recognition technologies using Reflectacles as a "hard privacy" offering anti-surveillance wearable device, is a fresh, non-traditional initiative. To the best of our knowledge, our work is the first ever research study involving the Reflectacles device as wearable glasses.
Title: User Awareness of Cybersecurity Risks with ChatGPT's New “Memory" Feature: A Knowledge-Attitude-Behavior Analysis
Authors: Nicholas Caporusso (Faculty, 鶹ý), Nazmus Sadat (Faculty, 鶹ý) and My Doan (Undergrad Student, 鶹ý)
Abstract: Recently, OpenAI introduced a new feature called "memory''. This functionality enables ChatGPT to automatically extract and store relevant user information from conversations, to generate more personalized and relevant responses. However, several dynamics of this new functionality raise numerous concerns about potential cybersecurity risks for the user. This paper reports the results of a study that investigated users' familiarity with how ChatGPT’s new "memory'' feature functions, their attitudes toward its privacy implications, and their subsequent behavior in response to perceived risks. To this end, the Knowledge-Attitude-Behavior (KAB) model was utilized to design a questionnaire that was primarily distributed to Computer Science students. Findings from 119 responses reveal that while some users are aware of the feature, many are either unaware or uncertain of its operation, particularly regarding its data extraction, storage, and management policies. This research highlights the need for increased transparency and user control over memory features in ChatGPT and Large Language Models, emphasizing privacy and security concerns.
Title: A Survey Study Of Cloud Security and Privacy With A Focus On GDPR-Compliant SPICE Solutions
Authors: Nika Asatiani (Graduate Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Abstract: Since cloud computing allows information to be stored remotely, it has significantly transformed the way people store and access data. Due to cloud computing internet users can store, quickly download, and interact with their applications or documents over the internet. Cloud infrastructure also allows people to access their data without worrying about having access to storage devices. However, when data is archived in the cloud, it introduces various security and privacy challenges. This survey study investigates security solutions to tackle this issue. It mainly focuses on the following solution - the Simple Privacy-preserving Identity-management for the cloud environment (SPICE). This paper reviews existing literature and identifies four critical cybersecurity domains (P-IM-DI-AC), or four focus areas related to security and privacy issues in cloud computing, that include privacy (P), identity management (IM), data integrity (DI), and access control (AC). Threats, such as data loss and identity theft, highlight the importance of privacy. As part of this survey study, we explore solutions to these issues such as BlindIDM, Cisco Secure Data Center Framework, and SPICE, and we find that SPICE is superior in privacy, identity management, and access control compared to other solutions. As cloud security advances, it is important to implement privacy measures for fostering trust and service adoption. For these reasons, it is essential to integrate powerful and reliable solutions, which are compliant with General Data Protection Regulation (GDPR) in the growing cloud computing environment in order to ensure responsible and lawful data protection practices in cloud computing. GDPR compliant solutions in this context ensure accountability, transparency, and protection of individual rights through responsible and privacy-preserving data handling. In this paper, we also review existing literature on GDPR compliant SPICE based cloud security solutions, and identify three distinct theme elements namely - security & privacy issues (like P-IM-DI-AC), corresponding solutions, and GDPR compliance. We organize and map the surveyed literature using these three identified theme elements. To our knowledge, this survey study is unique because of its focus on GDPR compliant SPICE based cloud security solutions. According to the best of our knowledge, this survey study is a first of its kind effort to analyze the SPICE system's alignment with GDPR requirements. Additionally, this paper presents a list of future directions, including a set of open research questions related to the advancement of cloud security research, as part of the concluding summary.
Title: Protecting Data-At-Rest In The Cloud: A Data Privacy Centered Evaluation Study
Authors: Olivia Long (Graduate Student, 鶹ý), Brianna DeAmicis (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Abstract: As more businesses move to the cloud, it is imperative that proper controls are in place to protect user data. Cloud vendors offer an assortment of capabilities to protect data-at-rest. Given the number of cloud data breaches in re-cent years typically due to misconfigurations, the effectiveness of these con-trols is an important research focus area. Existing literature indicates that there have been survey studies on cloud based data security issues plus their solutions. However, to our knowledge, there have been limited data privacy focused evaluations of the available tech solutions in this context, and very few research studies on the efficacy of Amazon Web Services (AWS) and Microsoft Azure tools in this context. In this paper, we perform a unique study that examines the native AWS and Azure capabilities, and that analyzes their effectiveness. We evaluate the performances of Azure Purview and AWS Macie, as well compare our findings to determine which solution is more effective with respect to data privacy.
Title: A Survey Study Of Data Privacy & Security In IoT Systems Driven By Voice Controlled Devices
Authors: Param Adhikari (Graduate Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: ETBR - A Unique Unplugged CTF: A Case Study
Authors: Benjamin Acuff (Undergrad Student, 鶹ý), Meghyn Winslow (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: Analyzing Cybersecurity Vulnerabilities in K-12 School Districts: A Study of Targeted Attacks and Contributing Factors
Author: John Gates (Graduate Student, 鶹ý)
Abstract: Cyberattacks on K-12 schools have surged, compromising sensitive data and disrupting operations. This study examines factors contributing to the vulnerability of K-12 schools to cyberattacks, focusing on location, enrollment, and wealth. Using data from 10,349 U.S. unified school districts and 198 reported cyber incidents (2020–2023), logistic regression and correlation analyses identified urbanization as the strongest predictor of cyberattacks. Urban districts face significantly higher risks, with the likelihood of attack doubling at each level of increased urbanization. These findings emphasize the need for targeted cybersecurity measures in urban districts and call for improved reporting mechanisms to accurately assess cyber threats in education.
Title: Understanding Psybersecurity Attacks and The Threat Of Human Mind Hacks: A Novel Gap Analysis Study
Authors: William Vestring (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Abstract: Psybersecurity is an emerging area within the realm of cybersecurity, that investigates safeguarding the human mind from attacks, plus threats and deals with the human aspects of technology, including the relationship of psychology with technology, as well as the use, benefits, consequences, plus overall impacts on the human mind. Unlike traditional cybersecurity, psybersecurity looks at the human mind as the potential attack surface and involves developing ways to protect the human mind from the possible hacks, or searching for avenues to limit the impact of a cyberattack on the human mind. It includes understanding different aspects or elements tied to the human mind, such as a person’s mood, behaviors, emotions, perceptions, opinions, decision making, views, and overall cognition. Existing literature shows a few survey studies on this relatively new topic, that include reviews of previous works related to this area of work. However, none of the prior research has analyzed the prospective types of psybersecurity attacks, and how cognitive hacking is connected to this subject matter. To our knowledge, this paper is the first to address these gaps by studying the different kinds of psybersecurity attacks, and by reviewing cognitive hacking under the umbrella of psybersecurity attacks. According to the best of our knowledge, previous works on this topic have also not studied the potential threat elements associated with psybersecurity attacks, and whether the existing threat modeling approaches can be used to investigate the psybersecurity threats. To our knowledge, this paper is also the first of its kind to study psybersecurity threats and if they can fit into the popular cybersecurity threat models. Overall, this paper is a novel gap analysis study into the field of psybersecurity, that explores the different kinds of psybersecurity attacks, including the types of threats they encompass, and looks into the possibility of employing existing cybersecurity threat modeling approaches for psybersecurity studies. We also share new insights along with recommendations in this context for addressing psybersecurity threats, and share future scope of work on this topic plus new research questions that are open for answering.
Title: AI As A Catalyst for Data Security in INGOs: A Novel Preliminary Case Study
Authors: Ana Latsabidze (Graduate Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: A Data-Driven Analysis of Cybersecurity Job Market Trends
Authors: Gaurab Baral (Undergrad Student, 鶹ý) and Junxiu Zhou (Faculty, 鶹ý)
Abstract: In today's rapidly evolving digital landscape, the growing cybersecurity threat has led to an increased demand for skilled cybersecurity profession-als. However, there is a significant gap between the supply of qualified per-sonnel and the growing needs of organizations to protect their digital assets. To better understand this cybersecurity skills gap and its implications for the job market, we conducted an in-depth analysis of current trends using data from a popular job listing platform. We analyzed 759 unique job list-ings, focusing on salary distributions, geographic locations, required skills, and qualifications. Our findings reveal an average salary of $124,433, with significant job opportunities concentrated on the East Coast, particularly in Virginia. By applying Latent Dirichlet Allocation (LDA) for topic model-ing, we identified key terms in job descriptions such as information securi-ty, incident response, and risk management. These keywords were then used to categorize job descriptions across different roles. This research offers valuable insights for job seekers, employers, and educators in the fast-evolving cybersecurity landscape.
Title: CoVCues: A Trustworthy Resource Amidst The COVID Infodemic
Authors: Shreetika Poudel (Undergrad Student, 鶹ý), Sarah Ogden (Undergrad Student, 鶹ý), Nahom Beyene (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: TAI In Cyber Education: A Preliminary Survey Study Of Hands-On Learning Approaches and A Gap Analysis
Authors: Rohan Karki (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: Semi-Supervised Outlier Detection for Anomaly Detection in Industrial Control Systems
Author: Monju Tanakajima (Undergrad Student, 鶹ý)
Title: Impact Of Online Advertising On User Privacy: A Preliminary Survey Study
Authors: Jason Beetz (Graduate Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Title: AI Topics In GRC Based Cybersecurity Education: A Preliminary Gap Analysis Study
Authors: Logan Witwer (Undergrad Student, 鶹ý) and Ankur Chatterjee (Faculty, 鶹ý)
Abstract: With the current emphasis and significance imposed by the United States (US) Congress on preparing the next generation cybersecurity workforce with cybersecurity and artificial intelligence intersection (Cyber AI) topics based knowledge, the NSA is in the process of launching an AI in Cybersecurity pilot program of accreditation for US based higher educational institutions. It is in this context that we perform a preliminary study to review the preparedness of the US higher education industry in terms of offering or teaching Cyber AI topics related to the Governance Risk Compliance (GRC) knowledge area, which is an integral and critical part of today’s higher ed cybersecurity educational curricula. As part of our gap analysis driven re-search study, we reviewed several popular risk assessment/risk management textbooks, which cover GRC topics, and which are used as textbooks for the GRC focused cybersecurity courses across different cybersecurity educational programs in many US based higher education institutions. We analyzed these GRC topics based textbooks to see and check if they cover the relevant Cyber AI topics, which specifically fall under the GRC focus area. In this paper, we present the findings from our initial review and these findings are crucial in highlighting the gap in coverage of Cyber AI topics when it comes to class textbooks adopted within the current US higher ed education system. In the overall scheme of things, we envision that this gap analysis study will help serve as a reference point in advocating for inclusion of Cyber AI topics within the standard cybersecurity educational program curricula, including textbooks, across the US higher ed institutions, thereby contributing to a more comprehensive, holistic and enhanced cybersecurity education, that is in alignment with the recent Cyber AI topics related educational focus, emphasis and recommendations made by the US Congress and NSA. To our knowledge, this gap analysis study is the first of its kind novel research effort on this topic.
For any and all other information regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by 鶹ý, please refer to /academics/informatics/centers/cis/kcfc.html.
For any questions regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by 鶹ý, please contact Dr. Ankur Chatterjee at chattopada1@nku.edu.