Subhojeet Mukherjee

CSU

PhD. Candidate, Department of Computer Science, Colorado State University

About Me

MeSELF

I am a Ph.D. candidate at Colorado State University currently working under Dr. Indrajit Ray and Dr. Indrakshi Ray and in external collaboration with Dr.Jeremy Daily from the University of Tulsa. I received my bachelor's degree in Electronics and Telecommunication engineering from Heritage Institute of Technology, Kolkata, India. I completed my Master's in Computer Science at Colorado State University under the guidance of Dr. Indrajit Ray and Dr. Adele Howe

My main research area is communication security for embedded networks in commercial vehicles, supporting the SAE J1939 standards. I have also worked and published technical papers in the domain of access control systems, cyber-security concept extraction using information extraction and cyber-security for home computer users. 

YES!! Trucks are in need of strong in-vehicular communication security!! Here is a small attempt that I made in 2016 to establish this fact, and here is how it was validated later at the CyberTruck Challenge.

My most recent CV can be found here.

Latest Updates

Projects

Commerical Vehicle Security NSF

2015 - Present [Ph.D. Program]

Truck

Security of passenger-cars has long been looked into. Researchers and security professionals have shown that it is not difficult to break into a car's internal network and manipulate or disrupt normal vehicular operations. What does it mean for their heavier counterparts? Are trucks, buses, semis, tractors susceptible to remote unauthenticated control? Turns out they are. But what is so different about trucks, semis, tractors etc.? Passenger cars mostly use proprietary higher level protocols for in-vehicle communications, whereas heavy vehicles stick to a common set of standards (SAE J1939). This allows equipment designed by different OEMs to communicate with each other with ease or without significant proprietary modifications. However, can those common set of standards be misused or circumvented to cause large-scale damage? What about defense strategies? Are there newer defense strategies (adapted to the SAE J1939 standards) specifically for heavy vehicles? Dive in, to know more about our research.

I have been the sole Graduate Research Assistant working on this project. So far, we have introduced the concepts of heavy vehicle security, build a publicly accessible testbed and also an exploitDB like framework on the testbed. In 2016, we showed that some SAE J1939 protocols can be misused to cause denial-of-service attacks on an in-vehicular network of a heavy vehicle. The attacks were later validated at the Cyber Truck Challenge, Warren Michigan. Very recently, we have introduced the first runtime intrusion detection system for heavy vehicles that use a couple of di-graph based features and time-series analysis to detect intrusions in J1939+CAN networks. The most interesting aspect of this system is that is built to avoid false alarms that might arise at the time of abnormal events like hard brakes or drive slips. Please refer to publications for manuscripts and/or relevant links.

Personalization of SecurityNSF

2013 - 2015 [Master's Program]

Psysec

This interdisciplinary project studies the nature of the risks inherent in normal activity on the Internet, the perception of those risks, the judgment about trade-offs in behavior and the design of a personalized agent that can alert users to risky behavior and help to protect them. The key insight is that adequate security and privacy protection requires the concerted efforts of both the computer and the user. The interdisciplinary research team combines expertise from psychology, computer security and artificial intelligence to propose MIPA (MIxed Initiative Protective Agent) - a semi-autonomous, intelligent and personalized agent approach that leverages psychological studies of what users want/need and what security and privacy risks are imminent. The techniques will be developed for and tested on a real problem that challenges the current state of the art in artificial intelligence, security and user models. As it is becoming increasingly difficult for users to protect themselves and understand the risks they are taking on the Internet, this project has the potential to positively impact system design to effectively enhance user security. Focusing on home computer users (college students and senior citizens), the proposed research will investigate how they perceive, use and can best be served by Internet application software. Results could improve the experiences of these users as well as significantly advance techniques in intelligent agents and computer security. Additionally, because home users and machines tend to be the weak link in security, protecting them may better protect others.

The process of achieving the final goal was subdivided into various phases. I worked on using unsupervised information extraction techniques to generate an instance of the Personalized Attack Graph (PAG), an adaptation of the traditionally prevalent attack graph catered to the home computer user. This was work for my Master's thesis. We also designed a portable kiosk system for conducting security experiments on home computer users. Please refer to my publications for more info.

Publications

Teaching and Work Experience

Position Organization TimeLine Description

Graduate Teaching Assistant

Colorado State University

January 2015 - Present

  • Computer Security (CS 356)
  • Computer Security (CS 556)
  • Database Systems (CS 430)
  • Database Management Systems (CS 533)
  • Computer Networks and the Internet (CS 457)
  • Assistant Teacher

    Colorado State University

    January 2015 - Present

    I have occasionally taught computer security, database and computer networking classes on behalf of my advisor(s).

    Systems Engineer

    Tata Consultancy Services

    November 2010 - December 2012

    I was working with the Brittish Telecom production support team maintaining ETL modules for Oracle's data warehousing technology.

    Academic Portfolio

    Conference Assosiations

    Reviewer/Subreviewer

    Year Conference Acronym Reviewed Count

    2017

    ISC

    1

    2017

    ESORICS

    2

    2017

    CPSS

    3

    2017

    IFIPSEC

    2

    2017

    ABAC

    3

    2017

    CODASPY

    3

    2016

    IFIPSEC

    1

    2015

    ISC

    1

    2015

    CODASPY

    1

    2014

    DBSEC

    1

    2014

    SEC

    2

    Program Committee Member

    Year Conference Acronym Reviewed Count

    2016

    ICISS

    10

    Event Participations and Presentations

    Year Event Topic

    2017

    1st Cyber-Truck Challenge, Warren, Michigan

    Learning, addressing and demonstrating cyber-security critical aspects of commercial vehicles.

    2016

    12th International Conference on Information System Security, Jaipur, India

    Practical DoS Attacks on Embedded Networks in Commercial Vehicles

    2016

    HL7 FHIR Codathon, Washington, DC

    Attribute Based Access Control for Healthcare Resources

    2015

    22nd ACM Conference on Computer and Communications Security, Denver, Colorado

    PsychoRithm: A Framework for Studying How Human Traits Affect User Response to Security Situations

    Notable Mentions

    • Co-authored one of the selected technical papers from the SAE Commercial Vehicle Engineering Congress
    • Current/past member of the following societies: Upsilon Pi Epsilon Honor Society for Computing Sciences, Association for Computing Machinery (ACM)

    Up, Close and Personal

    Timeline Group Genre Role

    2004-2008

    UNIQX

    Hard Rock, Punk Rock

    Drums and Percussions

    2008-2009

    D'n'M

    World-Music, Electro, Techno

    Drums and Percussions, Keyboards

    2009-2011

    Wrong Kid

    World-Music/Popular Music

    Drums and Percussions, Keyboards

    2015-2017

    Colorado Songwala

    Folk

    Drums and Percussions

    Born on May, 15 1987 to Sanjoy Sankar Mukherjee and Soma Mukherjee in Kolkata, West Bengal India.
    Married to Antara Chakraborty, since 2013.

    As a Bengali, I have been a proud football lover, Chelsea, and Mohun Bagan being my top priorities. Watch out for the Indian National Football team as it takes larger and larger strides towards the great glory!!

    Being fairly close to the mountains, traveling and/or trekking has been a great source of pleasure. Some of my favorite destinations being the Himalayas, the western and eastern ghats of India. I would recommend every travel lover to visit Bhutan at least once in their lifetime. Sorry, Colorado, I have seen better :)