My main research area is communication security for embedded networks in commercial vehicles, supporting the
SAE J1939 standards. I have also worked and published technical papers in the domain of access control systems, cyber-security concept extraction using information extraction and cyber-security for home computer users.
YES!! Trucks are in need of strong in-vehicular communication security!!
Here is a small attempt that I made in 2016 to establish this fact, and
here is how it was validated later at the CyberTruck Challenge.
Security of passenger-cars has long been looked into. Researchers and security professionals have shown that it is not difficult to break into a car's internal network and manipulate or disrupt normal vehicular operations. What does it mean for their heavier counterparts? Are trucks, buses, semis, tractors susceptible to remote unauthenticated control? Turns out they are. But what is so different about trucks, semis, tractors etc.? Passenger cars mostly use proprietary higher level protocols for in-vehicle communications, whereas heavy vehicles stick to a common set of standards (SAE J1939). This allows equipment designed by different OEMs to communicate with each other with ease or without significant proprietary modifications. However, can those common set of standards be misused or circumvented to cause large-scale damage? What about defense strategies? Are there newer defense strategies (adapted to the SAE J1939 standards) specifically for heavy vehicles? Dive in, to know more about our research.
I have been the sole Graduate Research Assistant working on this project. So far, we have introduced the concepts of heavy vehicle security, build a publicly accessible testbed and also an exploitDB like framework on the testbed. In 2016, we showed that some SAE J1939 protocols can be misused to cause denial-of-service attacks on an in-vehicular network of a heavy vehicle. The attacks were later validated at the Cyber Truck Challenge, Warren Michigan. Very recently, we have introduced the first runtime intrusion detection system for heavy vehicles that use a couple of di-graph based features and time-series analysis to detect intrusions in J1939+CAN networks. The most interesting aspect of this system is that is built to avoid false alarms that might arise at the time of abnormal events like hard brakes or drive slips. Please refer to publications for manuscripts and/or relevant links.
This interdisciplinary project studies the nature of the risks inherent in normal activity on the Internet, the perception of those risks, the judgment about trade-offs in behavior and the design of a personalized agent that can alert users to risky behavior and help to protect them. The key insight is that adequate security and privacy protection requires the concerted efforts of both the computer and the user. The interdisciplinary research team combines expertise from psychology, computer security and artificial intelligence to propose MIPA (MIxed Initiative Protective Agent) - a semi-autonomous, intelligent and personalized agent approach that leverages psychological studies of what users want/need and what security and privacy risks are imminent. The techniques will be developed for and tested on a real problem that challenges the current state of the art in artificial intelligence, security and user models.
As it is becoming increasingly difficult for users to protect themselves and understand the risks they are taking on the Internet, this project has the potential to positively impact system design to effectively enhance user security. Focusing on home computer users (college students and senior citizens), the proposed research will investigate how they perceive, use and can best be served by Internet application software. Results could improve the experiences of these users as well as significantly advance techniques in intelligent agents and computer security. Additionally, because home users and machines tend to be the weak link in security, protecting them may better protect others.
The process of achieving the final goal was subdivided into various phases. I worked on using unsupervised information extraction techniques to generate an instance of the Personalized Attack Graph (PAG), an adaptation of the traditionally prevalent attack graph catered to the home computer user. This was work for my Master's thesis. We also designed a portable kiosk system for conducting security experiments on home computer users. Please refer to my publications for more info.
As a Bengali, I have been a proud football lover, Chelsea, and Mohun Bagan being my top priorities. Watch out for the Indian National Football team as it takes larger and larger strides towards the great glory!!
Being fairly close to the mountains, traveling and/or trekking has been a great source of pleasure. Some of my favorite destinations being the Himalayas, the western and eastern ghats of India. I would recommend every travel lover to visit Bhutan at least once in their lifetime. Sorry, Colorado, I have seen better :)