The Kentucky Cybersecurity & Forensics Conference (KCFC) is an annual cybersecurity event held every year by one of the National Centers of the Academic Excellence i.e. the CAE institutions within Kentucky. It is a cybersecurity conference that is hosted annually by one of Kentucky’s higher education institutions that has earned the CAE designation through NSA accreditation. This year, the KCFC 2024 will be hosted in person by ÎÞÂëÇ¿¼é (ÎÞÂëÇ¿¼é) in Griffin Hall, the home of the College of Informatics. This cybersecurity focused conference offers a great platform and opportunity for discussions, presentations, exchange of ideas, dissemination of research work via papers & posters, scholarly publications, workshops and networking with peers from academics, government and industry for advancing cybersecurity education, collaborations and innovations.
The ÎÞÂëÇ¿¼é College of Informatics is proud and honored to host this 2024 KCFC i.e. the annual Kentucky CAE Conference on Saturday, October 19. This conference will feature papers, posters, workshops, and presentations on a variety of cybersecurity topics.
Posters which have been accepted to KCFC 2024 can be found in this page. Here, you can view poster presenters, poster titles, and poster abstracts. These student posters will be on display and presented at KCFC 2024.
Poster Presenter: ÎÞÂëÇ¿¼é Graduate Student - Tyler Poe, Research Advisor/Mentor: Dr. Ankur Chatterjee
Title: Covert Eye Op App: An Offense Based Learning Approach Towards Developing Mobile Security Awareness and Interest In Cybersecurity
Abstract: This poster introduces a unique approach of teaching mobile security awareness at the high school level through a nifty offense-based learning strategy. Our approach involves creating an eye-opening experience for learners through our mobile app, which has been designed and developed strategically to request unnecessary permissions from users and secretly exploit them in the form of a covert offensive operation, that includes recording their audio plus tracking their location. When users notice this exploit activity orchestrated by our app and realize how their provided permissions have backfired on them, they get to learn first-hand about the ways in which a mobile app can misuse user permissions and covertly compromise user information. We have used this app to implement a hands-on experiential learning activity that is intended to teach users the importance of privacy and security in mobile devices by breaching them and making them self-discover issues with how users grant permissions to mobile apps. To our knowledge, there has been limited prior work that focuses on studying how offense-based user hacking techniques impact leaning of mobile security topics. In this work, we attempt to address this research gap. This poster describes our mobile app and offense-based lesson plan, which have been used in several workshop sessions as a hands-on learning activity for the high school community since 2019. It also includes our learner assessment study that involves analysis of the quantitative and qualitive data that we have collected in the form of survey responses from different users at the high school level. The results from our study indicate that our offense-based learning approach using our unique app was able to successfully engage users and create a positive learning experience for the high school community by developing user awareness of mobile security related issues, plus overall interest in cybersecurity topics.
Poster Presenter: ÎÞÂëÇ¿¼é Undergraduate Student - Nahom Beyene, Research Advisor/Mentor: Dr. Ankur Chatterjee
Title: A Survey Study of Psybersecurity: An Emerging Topic and Research Area
Abstract: When studying cybersecurity, the emphasis is generally given to the protection of personal information and safeguarding of technology on which the information is stored. Cybersecurity attacks, which can occur in multiple forms, can seriously affect the involved stakeholders mentally, and this grave impact aspect tends to be underestimated. With the human mind being a significant attack target, psybersecurity has begun gaining prominence as an important field of study. In this poster, we explore psybersecurity as an emerging interdisciplinary area within the human security domain of cybersecurity and conduct a detailed investigation of its causes plus effects. With psychiatric engineering gaining prominence as a new impactful attack vector, a psybersecurity attack (PSA) primarily targets the human mind. We study the relations between cybersecurity and cyberpsychology, as well as between psychiatric engineering (PE) and social engineering (SE) from an interdisciplinary perspective. We perform a unique analysis of both PE and SE as PSA, linking them to Cialdini's six principles and their associated elements, as causes for PSA. We then show how to connect these causal components of PSA to the eight cyberpsychology dimensions through a tabular map that we have developed. We also discuss the emergence of COVID driven PSA with a focus on the psybersecurity of online healthcare information (OHI) users, including potential ways to protect OHI users from rising psybersecurity threats. We conclude this study by looking at potential scope of future work in psybersecurity, including new research directions and open problems plus research questions.
Poster Presenter: ÎÞÂëÇ¿¼é Graduate Student - Jay Gieske
Title: Privacy Enhancing Technologies (PETs) and Techniques
Abstract: With digitalization being integrated into society in the current world, issues related to personal data protection have turned into critical issues. Privacy Enhancing Technologies (PETs) are an attempt at providing novel ways to deal with privacy issues in a world where information sharing occurs. This poster looks at the efforts made by PETs to reduce privacy threats while at the same time maintaining the usefulness of data in other legal activities. By using differential privacy, homomorphic encryption, and secure multiparty computation as leading technologies of interest, this work evaluates the potentials and challenges of these technologies in different fields, such as healthcare, finance, and social networks.
Poster Presenters: ÎÞÂëÇ¿¼é Undergrad Student - Riley Weber-Horowitz and ÎÞÂëÇ¿¼é Grad Student - Fatoumata Coulibaly
Project Advisor/Mentor: Dr. Ankur Chatterjee
Title: Empowering Students with GDPR Knowledge: A K-12 Classroom Exploration of Data Privacy
Abstract: The General Data Protection Regulation (GDPR) stands at the forefront of safeguarding individuals’ rights over their data. This set of regulations addresses a central fact of the modern world: personal data is more valuable than ever. Personal demographic information, medical records and sensitive data regarding gender, race, and economic status are more accessible than ever before. Understanding the role that personal data and privacy has on everyday human lives is essential for protecting the wellbeing, privacy and autonomy of entire populations. Introducing GDPR concepts to K-12 students is important for equipping them with the essential knowledge to navigate the digital world responsibly and safeguard their personal information. As student teaching assistants for the Center for Integrative Natural Science and Mathematics (CINSAM) cybersecurity summer academy, we aimed to educate the high school students about GDPR principles and various applications of the regulations. In particular, our provided case study discussions that explained the key principles of GDPR, types of data and data protection, GDPR principles and concepts and a GDPR scenario-based activity. To explore the real-world implications of GDPR principles, the students were tasked with identifying GDPR violations using a website resource (.) This database activity provides an overview of violations made by EU companies and their subsequent fines and penalties (if made public). Each entry in the database includes a country of origin, the date of decision, the accused company, the type of violation and the fine charged to the company in Euros (€). The students were asked to explore this database in groups of two and identify one (two if time permitted) violation case(s) they found particularly interesting. Each group then created short power points to share information about the selected violation. An analysis of these cases allowed the students to brainstorm preventive measures and see the importance of GDPR principles. Overall, the activity served as a connection point between what the students learned in the lecture and how GDPR affects real-world companies and personal data. We will be presenting this teaching activity and the high school students' learning experience in this poster.
Poster Presenter: ÎÞÂëÇ¿¼é Grad Student - Dalton Matheu
Title: Post Quantum Cryptography: A Review of Implementations and Privacy
Abstract: As quantum computing is drawing closer, there’s a need for privacy professionals to understand how the interdisciplinary technology will change the online privacy environment. There’s a lot of new technology being developed in quantum computing that enable more efficient privacy functionalities. However, current survey papers and research are limited in scope by industry or technology in the privacy perspective they provide. This poster reviews varied implementations of post-quantum cryptography to better understand how privacy is being affected at a more generalized scale. It highlights a need for further research in this area by studying current work and by surveying papers in the field. The reviewed literature is primarily focused on privacy-enhancing technologies as well as implementations for different modern compute systems such as blockchain or IoT. This study finds that while many technologies increase privacy over their classical counterparts, there’s future work to be done in implementation as well as resolving practical issues.
Poster Presenter: Mason High School Student - Abhishek Bhave, Research Advisor/Mentor: Dr. Ankur Chatterjee
Title: A Survey Study For Including Topics On The Intersection of Mental Health and Cybersecurity Into Cyber Educational Curricula
Abstract: The escalating complexity and frequency of cyber threats, coupled with the high-pressure environment inherent in cybersecurity roles, have precipitated significant mental health challenges within the industry. Despite the emergence of new interdisciplinary topics and focus areas, such as cyber psychological problems, psybersecurity, burnout, stress, anxiety, depression among cybersecurity workers, there remains a lack of awareness of these topics and a notable gap in studying or covering these topics as part of educational curriculum and organizational training initiatives. This novel work conducts a thorough and careful analysis of existing literature on the various mental health related risks faced by cybersecurity professionals, integrating cybersecurity concepts and comparing findings with high-stress professions, like healthcare and the military, which have established mental resilience training programs. By integrating detailed discussions and thematic tables throughout the analysis, this poster argues for the incorporation of mental health & cyber intersection topics and psyber-resilience training into modern cybersecurity educational curricula. This integration aims to increase awareness of the mental health & cyber intersection area topics for safeguarding the human mind from hacks, for reducing stress, burnout, and/or other anxiety issues related to the field, and for overall better professional development & training of the cyber workforce to enhance job satisfaction, and to improve the overall effectiveness of cybersecurity professionals in managing the psychological demands plus mental challenges involved in a rapidly evolving threat landscape.
Poster Presenter: Tennessee Tech University Student - Tanjila Mawla
Title: Activity-Centric Access Control (ACAC) Model for Smart and Connected Systems
Poster Presenter: ÎÞÂëÇ¿¼é Graduate Student - Tanmay Koley
Title: Privacy Challenges in Smart Cities: Balancing Innovation and Data Protection
Abstract: The emergence of smart cities signifies a transformative approach to urban development, leveraging technologies such as the Internet of Things (IoT), big data analytics, and artificial intelligence (AI) to enhance city infrastructure and services. These innovations promise significant improvements in efficiency, sustainability, and quality of life. However, the integration of these technologies also introduces complex privacy challenges. The extensive collection and processing of personal data raise concerns about data security and user privacy. This poster provides an analysis of the privacy challenges inherent in smart city technologies. It investigates how these technologies impact personal privacy, reviews existing data protection measures, and assesses their effectiveness in mitigating privacy risks. We will examine case studies to illustrate real-world privacy issues and evaluate the strengths and weaknesses of current data protection frameworks. This work will also propose a balanced approach to integrating privacy protection with technological innovation, offering recommendations for policymakers, technologists, and urban planners. By addressing these challenges, this work aims to contribute to the development of smart cities that respect individual privacy while advancing technological capabilities.
Poster Presenter: ÎÞÂëÇ¿¼é Graduate Student - Rebecca Ludlow
Title: Leveraging AI To Counteract Social Engineering
Abstract: Conventional network and system protection methods often neglect the most vulnerable link: the user. As social engineering tactics become increasingly sophisticated and targeted, achieving 100% prevention appears unlikely. While user behavior training is crucial, it may not be sufficient on its own. Email filters, firewall blocking, and blacklisting can mitigate some attacks, but these methods can fall short, especially when adversaries utilize AI and information from sources like social media. To counteract these threats, leveraging AI and machine learning (ML) is essential. This presentation will explore key training policies and elements necessary to address social engineering attempts effectively. We will examine current social engineering trends aimed at stealing information and money, and analyze a real-life case where AI successfully thwarted a complex domain hijacking and typo-squatting attack targeting Department of Defense members through a major U.S. payroll provider. The discussion will highlight attack vectors and strategies employed by malicious actors, and detail the multi-faceted approach used to prevent further attacks through a combination of AI and user behavior training. Attendees will learn how to integrate these strategies into their own organizations to enhance user awareness and harness the power of ML and AI.
Poster Presenter: ÎÞÂëÇ¿¼é Grad Student - Shelby Lillie
Title: Integrating Privacy Awareness into Cybersecurity Education: A Comprehensive Approach
Abstract: This poster examines the growing need to integrate privacy awareness into cybersecurity education, emphasizing the importance of addressing both technical vulnerabilities and human behaviors. Privacy risks have increased with the rise of digital technologies, and traditional cybersecurity training of-ten falls short in educating users about these risks. This poster explores existing educational programs, highlights gaps between knowledge and application, and proposes a comprehensive approach to integrating privacy awareness into cybersecurity curricula. By analyzing literature and case studies, this work offers recommendations for improving privacy education through engaging, scenario-based learning.
For any and all other information regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by ÎÞÂëÇ¿¼é, please refer to /academics/informatics/centers/cis/kcfc.html.
For any questions regarding the Kentucky Cybersecurity & Forensics Conference (KCFC) hosted by ÎÞÂëÇ¿¼é, please contact Dr. Ankur Chatterjee at chattopada1@nku.edu.