Dr. Sachin Shetty

CSICS Executive Director

757 686 6233 | sshetty@odu.edu

SHORT BIOGRAPHY

Dr. Shetty is an associate director at the Virginia Modeling, Analysis and Simulation Center. He holds a joint appointment with the Department of Modeling, Simulation and Visualization Engineering and Center for Cybersecurity Education and Research. He received his Ph.D. in Modeling and Simulation from Old Dominion University in 2007. Prior to joining Old Dominion University, he was an Associate Professor with the Electrical and Computer Engineering Department at Tennessee State University. He also holds a dual appointment as an Engineer (Secret Clearance) at the Naval Surface Warfare Center, Crane Indiana. He has published over 125 research articles in journals and conference proceedings and two books. He has received over $10 million in funding from Air Office of Scientific Research, Air Force Research Lab, Boeing, Department of Homeland Security, Department of Energy, National Science Foundation, and Office of Naval Research.

Dr. Shetty's expertise lies in modeling and analysis of threats to protect next generation Internet, cloud, mobile systems and critical infrastructures. His cyber security research journey started with developing stochastic models to detect unauthorized base stations and malicious unlicensed users in cognitive radio networks. With the advent of cloud computing environment, he developed cloud auditing models to quantify security risk of outsourced data and several moving target defense techniques to protect virtual machines. He also developed data provenance models using blockchain which provides chain-of-custody and transparency. He is currently developing cyber risk and resilience metrics which will provide a quantitative insight into cyber security posture for IT/OT organizations and provides a systematic methodology to manage cyber risk and resilience in IT/OT sectors.

EDUCATION

Ph.D. in Modeling and Simulation, 2007
Old Dominion University (ODU), Norfolk, VA

M.S. in Computer Science, 2002
University of Toledo (UT), Toledo, OH

B.E. in Computer Engineering, 1998
University of Mumbai (MU), Mumbai, India

PROFESSIONAL EXPERIENCE

VMASC, Associate Director
Suffolk, VA
2019 - Present

Old Dominion University; Computational, Modeling and Simulation Engineering Department, Associate Professor
Norfolk, VA
2016 - Present

VMASC, Associate Research Professor
Suffolk, VA
2016 - 2019

Tennessee State University; Electrical and Computer Engineering Department, Associate Professor
Nashville, TN
2015 - 2016

Tennessee State University; Electrical and Computer Engineering Department, Assistant Professor
Nashville, TN
2009 - 2015

Rowan University; Electrical and Computer Engineering Department, Assistant Professor
Glassboro, NJ
2008 - 2009

Old Dominion University; Electrical and Computer Engineering Department, Adjunct Professor
Norfolk, VA
2007 - 2008

BLOCKCHAIN FOR DISTRIBUTED SYSTEMS SECURITY

Through support from Air Force Research Lab, we have conducted basic research on data provenance architecture for cloud using block chain, surveyed the vulnerabilities in block chain, in-depth analysis of the block discarding attack, developed a Proof-of-Stake consensus protocol for cloud based blockchain, architecture for secure BattlefieldIoT, cyber supply chain provenance, integration of software guard extensions on distributed ledgers for increased privacy. The team has published 14 articles in conference proceedings, three articles in journals, one magazine article and upcoming book published by IEEE-Press entitled, “Blockchain for Distributed Systems Security". Since 2017, one research article, entitled “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment has garnered over 350 citations as of to date.

In addition to research articles, the team has developed three prototype tools. The Provchain tool provides Blockchain based data provenance capability in the cloud that allows cloud users to track the operations conducted on shared resources. A tool for Blockchain based information exchange provides an anonymous and privacy preserving mechanism to exchange cyber threat information. Finally, the tool for Blockchain based networked identity management provides the ability to detect rogue devices and unauthorized communication among authorized devices. We have disseminated the results of the project to Navy Research Lab, CERDEC, US Transcom, MITRE and Air Force Space Command. We also organized a symposium on Blockchain for Information sharing for NATO and shared the research results with the NATO community.

CYBER RESILIENCE FOR CRITICAL INFRASTRUCTURE

With support from the Department of Energy’s Cyber Resilient Energy Delivery consortium, I have ongoing research projects in developing cyber risk and resilience techniques. Specifically, the research objectives included: (a) Achieve balance between reducing security risk and cost of countermeasures in EDS, (b) Development of cyber defense remediation solution for EDS that takes into account operational resilience, (c) Develop metrics that characterizes attacker opportunity, capability and intent, (d) Autonomous attack containment during False Data Injection (FDI) attack. The work has resulted in over 20 publications in top tier conferences and journals. A software tool based on the research work is now being used by over 200 power utilities across 13 U.S. states on the East Coast.

BLOCKCHAIN FOR MEDICAL DEVICE SECURITY

Networking devices in healthcare facilities significantly aid the efficiency of day to day operations. As device numbers continue to rise, network congestion increases, impacting the quality of service for authorized devices and significantly increasing security risks and associated cost for healthcare facilities. To address the issue of operational efficiency and to mitigate security risks for connected devices, Sentara Healthcare and Old Dominion University have collaborated to create Bloxure (www.bloxure.com), a Blockchain powered device identity management platform to highlight the presence of rogue devices in Sentara Healthcare's infrastructure. Bloxure serves to reduce network stress due to over-segmentation, to circumvent adversarial attacks that modify data and test results, gives access to real-time device monitoring, and automates response to attacks within a millisecond.

CYBER RISK SCORING AND MITIGATION

There is a need for tools to understand and quantify the security risk from cyber attacks within the critical infrastructure. Organizations need help in effective security risk assessment and management. The Cyber Risk Scoring and Mitigation (CRISM) tool employs advanced threat assessment techniques to assess risk posed by security vulnerabilities of an organization’s IT infrastructure. The tool provides a visual representation of the organization’s cybersecurity posture and provides recommendations for mitigating risks, allowing you to focus and prioritize your protective measures. The benefits of the tool will include: (a) Distilling the complex threat analysis processes into a single numerical risk score, (b) Ensures stakeholders comply with NIST cyber security requirements, (c) Provides organizations insights into risk posed by attacks originating at the perimeter vs. insider, (d) Provides a detailed, prioritized mitigation plan, (e) Employs an easy-to-use interface and advanced visualization techniques to ensure information synthesis.

RADIO FREQUENCY CLASSIFICATION FOR DRONE DETECTION

Through a CRADA with Naval Surface Warfare Center, Crane Indiana, we have developed machine learning based techniques to detect presence of drones based on classification of radio frequency signals. The technique has been implemented in a Software Defined Radio platform and has been tested at couple of drone ranges. We plan to extend this platform to explore additional security issues in next generation communication environments.

EDITED BOOKS

Charles Kamhoua, Alexander Kott, Laurent Njilla, Sachin Shetty, “Modeling and Design of Secure Internet of Things”, John Wiley &Sons, 1 edition, 2020, ISBN 978-1-119-59336- 2

Sachin Shetty, Charles Kamhoua, Laurent Njilla, “Blockchain for Distributed Systems Security”, Wiley-IEEE Computer Scoeity, 1 edition, 2019, ISBN 978-1-119-51960-7

REFEREED JOURNAL PAPERS

Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, Charles Kamhoua, Sachin Shetty, DaeHun Nyang, and David Mohaisen, "Exploring the Attack Surface of Blockchain: A Comprehensive Survey", IEEE Communications Surveys & Tutorials, 2020 (Impact Factor 23.7)

Mohammad Wazid, P. Bagga, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, and Yongho Park. "AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment," in IEEE Internet of Things Journal, 2019 (Impact Factor 9.515)

J. Rodriguez, N. H. Tran, T. Q. Duong, T. Le-Ngoc, M. Elkashlan, and Sachin Shetty, "Physical Layer Security in Wireless Cooperative Relay Networks: State-Of-The-Art and Beyond," IEEE Commun. Magazine, vol. 53, pp.32-39, December 2015. (Impact Factor – 10.356)

CONFERENCE PUBLICATIONS

Xueping Liang, Sachin Shetty,Deepak Tosh, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability”, The 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017. (Top 50 Blockchain Paper) Over 350 citations

Deepak Tosh Sachin Shetty, Xueping Liang, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “Security Implications of Blockchain Cloud with Analysis of Block Withholding Attack”, 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017. (Top 50 Blockchain Paper) Over 100 citations

Xueping Liang, Juan Zhao, Sachin Shetty, Jihong Liu, Danyi Li, “Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications,” IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, 08-13 October 2017, Montreal, QC, Canada. Over 170 citations.

CV/RESUME

Dr. Sachin Shetty

CSICS Executive Director

757 686 6233 | sshetty@odu.edu

Shetty

RESEARCH FIELD OF EXPERTISE & RESEARCH INTERESTS


Cybersecurity, Cyber Resilience, Cyber Risk Assessment, Blockchain, AI Assurance, 5G Security

SHORT BIOGRAPHY

Dr. Shetty is an associate director at the Virginia Modeling, Analysis and Simulation Center. He holds a joint appointment with the Department of Modeling, Simulation and Visualization Engineering and Center for Cybersecurity Education and Research. He received his Ph.D. in Modeling and Simulation from Old Dominion University in 2007. Prior to joining Old Dominion University, he was an Associate Professor with the Electrical and Computer Engineering Department at Tennessee State University. He also holds a dual appointment as an Engineer (Secret Clearance) at the Naval Surface Warfare Center, Crane Indiana. He has published over 125 research articles in journals and conference proceedings and two books. He has received over $10 million in funding from Air Office of Scientific Research, Air Force Research Lab, Boeing, Department of Homeland Security, Department of Energy, National Science Foundation, and Office of Naval Research.

Dr. Shetty's expertise lies in modeling and analysis of threats to protect next generation Internet, cloud, mobile systems and critical infrastructures. His cyber security research journey started with developing stochastic models to detect unauthorized base stations and malicious unlicensed users in cognitive radio networks. With the advent of cloud computing environment, he developed cloud auditing models to quantify security risk of outsourced data and several moving target defense techniques to protect virtual machines. He also developed data provenance models using blockchain which provides chain-of-custody and transparency. He is currently developing cyber risk and resilience metrics which will provide a quantitative insight into cyber security posture for IT/OT organizations and provides a systematic methodology to manage cyber risk and resilience in IT/OT sectors.

EDUCATION

Ph.D. in Modeling and Simulation, 2007
Old Dominion University (ODU), Norfolk, VA

M.S. in Computer Science, 2002
University of Toledo (UT), Toledo, OH

B.E. in Computer Engineering, 1998
University of Mumbai (MU), Mumbai, India

PROFESSIONAL EXPERIENCE

VMASC, Associate Director
Suffolk, VA
2019 - Present

Old Dominion University; Computational, Modeling and Simulation Engineering Department, Associate Professor
Norfolk, VA
2016 - Present

VMASC, Associate Research Professor
Suffolk, VA
2016 - 2019

Tennessee State University; Electrical and Computer Engineering Department, Associate Professor
Nashville, TN
2015 - 2016

Tennessee State University; Electrical and Computer Engineering Department, Assistant Professor
Nashville, TN
2009 - 2015

Rowan University; Electrical and Computer Engineering Department, Assistant Professor
Glassboro, NJ
2008 - 2009

Old Dominion University; Electrical and Computer Engineering Department, Adjunct Professor
Norfolk, VA
2007 - 2008

BLOCKCHAIN FOR DISTRIBUTED SYSTEMS SECURITY

Through support from Air Force Research Lab, we have conducted basic research on data provenance architecture for cloud using block chain, surveyed the vulnerabilities in block chain, in-depth analysis of the block discarding attack, developed a Proof-of-Stake consensus protocol for cloud based blockchain, architecture for secure BattlefieldIoT, cyber supply chain provenance, integration of software guard extensions on distributed ledgers for increased privacy. The team has published 14 articles in conference proceedings, three articles in journals, one magazine article and upcoming book published by IEEE-Press entitled, “Blockchain for Distributed Systems Security". Since 2017, one research article, entitled “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment has garnered over 350 citations as of to date.

In addition to research articles, the team has developed three prototype tools. The Provchain tool provides Blockchain based data provenance capability in the cloud that allows cloud users to track the operations conducted on shared resources. A tool for Blockchain based information exchange provides an anonymous and privacy preserving mechanism to exchange cyber threat information. Finally, the tool for Blockchain based networked identity management provides the ability to detect rogue devices and unauthorized communication among authorized devices. We have disseminated the results of the project to Navy Research Lab, CERDEC, US Transcom, MITRE and Air Force Space Command. We also organized a symposium on Blockchain for Information sharing for NATO and shared the research results with the NATO community.

CYBER RESILIENCE FOR CRITICAL INFRASTRUCTURE

With support from the Department of Energy’s Cyber Resilient Energy Delivery consortium, I have ongoing research projects in developing cyber risk and resilience techniques. Specifically, the research objectives included: (a) Achieve balance between reducing security risk and cost of countermeasures in EDS, (b) Development of cyber defense remediation solution for EDS that takes into account operational resilience, (c) Develop metrics that characterizes attacker opportunity, capability and intent, (d) Autonomous attack containment during False Data Injection (FDI) attack. The work has resulted in over 20 publications in top tier conferences and journals. A software tool based on the research work is now being used by over 200 power utilities across 13 U.S. states on the East Coast.

BLOCKCHAIN FOR MEDICAL DEVICE SECURITY

Networking devices in healthcare facilities significantly aid the efficiency of day to day operations. As device numbers continue to rise, network congestion increases, impacting the quality of service for authorized devices and significantly increasing security risks and associated cost for healthcare facilities. To address the issue of operational efficiency and to mitigate security risks for connected devices, Sentara Healthcare and Old Dominion University have collaborated to create Bloxure (www.bloxure.com), a Blockchain powered device identity management platform to highlight the presence of rogue devices in Sentara Healthcare's infrastructure. Bloxure serves to reduce network stress due to over-segmentation, to circumvent adversarial attacks that modify data and test results, gives access to real-time device monitoring, and automates response to attacks within a millisecond.

CYBER RISK SCORING AND MITIGATION

There is a need for tools to understand and quantify the security risk from cyber attacks within the critical infrastructure. Organizations need help in effective security risk assessment and management. The Cyber Risk Scoring and Mitigation (CRISM) tool employs advanced threat assessment techniques to assess risk posed by security vulnerabilities of an organization’s IT infrastructure. The tool provides a visual representation of the organization’s cybersecurity posture and provides recommendations for mitigating risks, allowing you to focus and prioritize your protective measures. The benefits of the tool will include: (a) Distilling the complex threat analysis processes into a single numerical risk score, (b) Ensures stakeholders comply with NIST cyber security requirements, (c) Provides organizations insights into risk posed by attacks originating at the perimeter vs. insider, (d) Provides a detailed, prioritized mitigation plan, (e) Employs an easy-to-use interface and advanced visualization techniques to ensure information synthesis.

RADIO FREQUENCY CLASSIFICATION FOR DRONE DETECTION

Through a CRADA with Naval Surface Warfare Center, Crane Indiana, we have developed machine learning based techniques to detect presence of drones based on classification of radio frequency signals. The technique has been implemented in a Software Defined Radio platform and has been tested at couple of drone ranges. We plan to extend this platform to explore additional security issues in next generation communication environments.

EDITED BOOKS

Charles Kamhoua, Alexander Kott, Laurent Njilla, Sachin Shetty, “Modeling and Design of Secure Internet of Things”, John Wiley &Sons, 1 edition, 2020, ISBN 978-1-119-59336- 2

Sachin Shetty, Charles Kamhoua, Laurent Njilla, “Blockchain for Distributed Systems Security”, Wiley-IEEE Computer Scoeity, 1 edition, 2019, ISBN 978-1-119-51960-7

REFEREED JOURNAL PAPERS

Muhammad Saad, Jeffrey Spaulding, Laurent Njilla, Charles Kamhoua, Sachin Shetty, DaeHun Nyang, and David Mohaisen, "Exploring the Attack Surface of Blockchain: A Comprehensive Survey", IEEE Communications Surveys & Tutorials, 2020 (Impact Factor 23.7)

Mohammad Wazid, P. Bagga, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, and Yongho Park. "AKM-IoV: Authenticated Key Management Protocol in Fog Computing-Based Internet of Vehicles Deployment," in IEEE Internet of Things Journal, 2019 (Impact Factor 9.515)

J. Rodriguez, N. H. Tran, T. Q. Duong, T. Le-Ngoc, M. Elkashlan, and Sachin Shetty, "Physical Layer Security in Wireless Cooperative Relay Networks: State-Of-The-Art and Beyond," IEEE Commun. Magazine, vol. 53, pp.32-39, December 2015. (Impact Factor – 10.356)

CONFERENCE PUBLICATIONS

Xueping Liang, Sachin Shetty,Deepak Tosh, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “ProvChain: A Blockchain-based Data Provenance Architecture in Cloud Environment with Enhanced Privacy and Availability”, The 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017. (Top 50 Blockchain Paper) Over 350 citations

Deepak Tosh Sachin Shetty, Xueping Liang, Charles Kamhoua, Kevin Kwiat, Laurent Njilla, “Security Implications of Blockchain Cloud with Analysis of Block Withholding Attack”, 17th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (CCGRID), May 14-17 2017. (Top 50 Blockchain Paper) Over 100 citations

Xueping Liang, Juan Zhao, Sachin Shetty, Jihong Liu, Danyi Li, “Integrating Blockchain for Data Sharing and Collaboration in Mobile Healthcare Applications,” IEEE International Symposium on Personal, Indoor and Mobile Radio Communications, 08-13 October 2017, Montreal, QC, Canada. Over 170 citations.

CV/RESUME