TASK Gloveby Zachary R. Trybus (Undergraduate), Macy E. Schieber (Undergraduate), Bailey M. Weiss (Undergraduate), and Max A. Ross (Undergraduate) The purpose of this project is to design a glove that can interact with many different surfaces as if they were touch screens. The finished product will be useful for a host of applications. In an academic context, it will allow professors to scroll and click on projector screens during lectures and presentations. Further applications include any context in which the use of a computer may be enhanced by touch screen capabilities. The glove includes: an Arduino Nano, three flex sensors, a pressure sensor, battery, and IR emitter. The flex sensors generate resistance data for hand gesture detection that is communicated via bluetooth low energy to a computer. A camera detects the IR emitter’s light to determine hand location. The camera capture undergoes a filtering process for this purpose. An application will provide a simple UI with calibration instructions. It will also translate and execute gesture commands. |
 |
Tapping into the Automotive Nervous Systemby Yuqing He (Undergraduate), Erin Elisabeth Eppich (Undergraduate), Joel Abhishek Ramireddy (Undergraduate), and Stephen Moses Impraim (Undergraduate), An Electronic Control Unit (ECU) is a crucial embedded system in automotive electronics that communicates via the Controller Area Network (CAN) buses in cars. These technologies have both continued to grow increasingly intricate and essential to every modern vehicle. Due to the increasingly integral role of ECUs and CAN buses, securing these entry points must become a top priority. By using Korlan, an OBDII to USB device, a physical communication portal can be successfully set up between a car and laptop. Using various python libraries and other open source programs, cybersecurity professionals can dig into the potential vulnerabilities that lie in automobiles. This poster will attempt to highlight some of the procedures involved in unearthing these vulnerabilities. |
 |
Cedarville CS/CY VM Projectby Samuel Copeland (Undergraduate), Zachary Young (Undergraduate), and Elijah Henderson (Undergraduate) It is common for students studying computer science to use their own computers for completing assignments. However, using individual student computers, with each having a unique configuration, can lead to difficulties. For example, the classroom curricula may require certain software tools which are not available across all of the operating systems that student machines use. Also, a student may encounter issues installing the required software for a particular course, causing either the student or instructor, or both, to spend time in environment setup rather than on the assignment itself. Finally, the capabilities of students’ computers may vary widely in storage capacity and processor speed and lead to differing degrees of student productivity. One possible solution to these problems is to create groups of pre-configured, cloud-hosted, Virtual Machine (VM) environments that students can remotely access from any computer with an internet connection. Investigating current cloud-based options and implementing and testing VMs using one of these options are the goals of our project. Other specific goals are to ensure existing cloud-hosting technologies provide mechanisms for configuring, provisioning and managing multiple groups of VMs so that professors create and administer machine groups easily. Additional considerations include: minimizing the cost of VM operating expenses, providing an ability to push out mass-updates to batches of VMs, and permitting instructor access to student work for review, grading, and assistance. Some benefits of the VM approach include: the ability for instructors to connect to student VMs to help debug code and for students to have 24/7 access to a preconfigured lab-like environment while still using their own computers. At present, we are able to automate mass-generation of VMs from a pre-configured machine image, automatically create student user accounts on those machines, and distribute student VM credentials via automated emails. Also as part of our project we are currently conducting an operational test with one of Cedarville’s C++ programming classes. The goals of this test are to gain insight on student acceptance of the technology and their perceptions regarding its practicality, ease-of-use, and appeal in comparison to their own equipment and/or physical lab computers. |
 |
CAN System and Car Hackingby Jacob David Pennell (Undergraduate), Nate D. Kinser (Undergraduate), and David-Bryne A. Adedeji (Undergraduate) The CAN (Controller Area Network) bus is a communication network that is found in every car manufactured since 1986. It allows the internal components of the car, known as Electronic Control Units (ECUs), to communicate with each other. The CAN bus consists of two wires only, high and low, and modern vehicles can contain more than 100 ECUs. Our goal is to find vulnerabilities in a parking assist ECU we obtained from Bosch and exploit them to make the ECU exhibit unintended behavior. In order to do this, first we needed to understand CAN system protocols. Then, we needed to figure out how to send and receive CAN messages from the ECU. This required the use of both hardware and software to identify how the ECU interacts with the CAN system. Currently, we are communicating with the ECU to try to find unintended behavior. In 2016, Charlie Miller and Chris Valasek managed to remotely hack into a 2014 Jeep Cherokee. They performed this through telnetting into the car’s entertainment system. Using this connection, they flashed an update to the car’s operating system, giving them access to the CAN bus. This allowed them to directly send messages and control the car, leading to a recall of over 1.4 million vehicles by Chrysler. Today, cars have a larger attack surface with more electronics that can be exploited. If an attacker were to gain control over a parking assist unit, they could potentially steer the car, operate the brakes, and change the speed, presenting a serious threat to safety. That is why we have undertaken this project, to uncover any vulnerabilities and address the risks they pose. |
 |
Measurement Method for Dynamic Flow Characteristics of Hydraulic Bushing Featuresby Luke Thomas Fredette (Faculty Advisor), Michael Stuart Kennedy (Undergraduate), and Kenneth Britton DeGarmo (Undergraduate) Hydraulic bushings are soft mechanical joint components which provide excellent vibration damping for a low-frequency band. These properties emerge from a tuned dynamic interaction between several features which either store or dissipate energy when the joint is flexed. In order to design and predict the dynamic properties of a hydraulic bushing, an understanding of the underlying physics governing each feature is needed. Typical feature models are based on many assumptions which are unlikely to be physically realistic under in situ loadings, so this study seeks to investigate the dynamic properties of hydraulic bushings’ flow passages under unsteady flow conditions. In this project, a new measurement method is developed to subject flow passages to dynamic flow conditions, such as sinusoidal or transient flows, and measure the resulting characteristics. The apparatus is configured to test both controlled flow restrictions and isolated passages from production bushings. Analysis of the experimental results should facilitate improved modeling of hydraulic mounts and bushings. Some sample results are given, and future work is proposed. |
 |
Homework Muffinby Eric Knoerr (Faculty Advisor), Joshua Walden (Undergraduate), Yingke Liu (Undergraduate), Elijah Bautista (Undergraduate), and David Kollmar (Undergraduate) Homework Muffin is a web application designed by a team of students to simplify the tedious task of assignment organization. Utilizing the powerful capabilities of AWS web services and Amplify, Homework Muffin integrates API calls from Google Tasks and Canvas to gather, process, and organize a student's assignments seamlessly. All organized tasks are then displayed on a user-friendly dashboard for easy verification. The front-end design is powered by the React library with a strong emphasis on mobile-friendliness to cater to the student market. To ensure the safety of sensitive data, Homework Muffin relies on Chargebee for payment and subscription management. |
 |
Design and Fabrication of Quasi-Zero Stiffness Mount Prototypesby Luke Thomas Fredette (Faculty Advisor), Paul M. Gusmano (Undergraduate), and Jonathan L. Viaud-Murat (Undergraduate) In the mounting of mechanical systems, vibration isolation may be helpful to enhance the durability and/or comfort of nearby people. Isolation results from low-stiffness mounting, which may have the undesirable byproduct of large-amplitude motion. This project proposes physical prototyping of a nonlinear mount concept which obtains excellent vibration isolation through quasi-zero stiffness (QZS) mounts while maintaining resistance to large motion. The operating principle of these mounts involves large deflections, so candidate 3D printable rubber-like elastomers were selected. Material characterization tests were conducted to provide nonlinear material properties to the finite element (FE) models used in mount design and analysis which predict the desired multi-regime stiffness profile. Physical mount prototypes were then printed and subjected to static and dynamic stiffness testing. Design success criteria include relatively high stiffness under no preload, very low stiffness under a specified preload value, and a smooth force-deflection behavior. Additional features such as an overload stopper were also considered. The prototype mount performance successfully achieved the desired stiffness profile, and additional issues were uncovered related to the effects of damping. More advanced designs and a more thorough investigation of damping are suggested for future work. |
 |
Exploiting the Vulnerabilities of a Cellular Network Routerby Gabriel Hingst (Undergraduate), Todd Landis (Undergraduate), Nishant Nedungadi (Undergraduate), and Brandon Reiheld (Undergraduate) Over the course of this year, the purpose of our senior design team has been to reverse engineer a cellular router. The device we were given by Caesar Creek Software, our project sponsor, was an InHand IR302 Industrial Router, which was manufactured by the China-based company InHand Networks. We have researched several areas of this router, such as publicly disclosed vulnerabilities for specific versions of firmware, attack vectors from the WAN side of the cellular-connected router, and remote access methods. However, in order to begin work and further research on these areas, we had to research different methods of tackling these projects. This included programs such as Ghidra and binwalk. For the public vulnerabilities, we researched and replicated a variety of those exploits, although our main focus was on command injection and web server exploits. For the WAN vulnerabilities, we investigated what services were exposed and if any of the local vulnerabilities would transfer over to the WAN. We developed several python scripts to exploit these vulnerabilities, including a password decryption script, command-line injection script, and a web server command injection script. Finally, for remote access we researched the feasibility of installing different types of scripts on the router, different methods of installation, and the difficulty of obtaining various levels of access. |
 |
Assassins Appby Corrissa Smith (Undergraduate), Hannah Oaisa (Undergraduate), Dilean Munoz (Undergraduate), and Henry Anderson (Undergraduate) The Assassins app is a tool created to facilitate the popular campus game of Assassins, common to Cedarville University and other youth communities. In a game of assassins, players are assigned targets in a single, randomly ordered loop, and “assassinate” each other with a designated “weapon” (potentially a plastic spoon, nerf gun, or water gun). Once a player assassinates his target, he is assigned his former target’s target, and assassinations continue until only the winner remains. Assassins games can vary widely in duration, ranging from half an hour to several weeks. Traditional tools for managing game information and distributing target lists include spreadsheets, emails, and group messaging. As a result, creating and distributing the target list can be time-consuming, and short-duration assassins games are comparatively more work to organize and are therefore less common. To address the hassle in organizing games of assassins, the Assassins app keeps all game information on one platform and allows users to create, join, play, and moderate games of assassins. The app is designed using Flutter, a cross-platform language, to enable release to both Apple and Android platforms. It is backed by a Google Firestore database, and the back-end code is designed with modularity in mind to make it easier to maintain and update. By streamlining and enhancing the management of Assassins games, this app will simplify the game-playing experience and make Assassins more accessible—and more fun—for players. |
 |
Automatic Audio Transcriptionby Danielle Fredette (Faculty Advisor), Spencer P. Wyman (Undergraduate), Phillip C. Keating (Undergraduate), Stephen C. Chow (Undergraduate), Audrey S. Martin (Undergraduate) The Assassins app is a tool created to facilitate the popular campus game of Assassins, common to Cedarville University and other youth communities. In a game of assassins, players are assigned targets in a single, randomly ordered loop, and “assassinate” each other with a designated “weapon” (potentially a plastic spoon, nerf gun, or water gun). Once a player assassinates his target, he is assigned his former target’s target, and assassinations continue until only the winner remains. Assassins games can vary widely in duration, ranging from half an hour to several weeks. Traditional tools for managing game information and distributing target lists include spreadsheets, emails, and group messaging. As a result, creating and distributing the target list can be time-consuming, and short-duration assassins games are comparatively more work to organize and are therefore less common. To address the hassle in organizing games of assassins, the Assassins app keeps all game information on one platform and allows users to create, join, play, and moderate games of assassins. The app is designed using Flutter, a cross-platform language, to enable release to both Apple and Android platforms. It is backed by a Google Firestore database, and the back-end code is designed with modularity in mind to make it easier to maintain and update. By streamlining and enhancing the management of Assassins games, this app will simplify the game-playing experience and make Assassins more accessible—and more fun—for players. |
 |
ACCIDENT with CodeQLby Benjamin Smid (Undergraduate), Nathan Johnson (Undergraduate), Christopher Bellanti (Undergraduate), and Caleb Collins (Undergraduate) Cryptography is an important tool in the security of our software systems. However, mistakes are often made by developers who do not implement cryptography correctly in their projects. As JavaScript becomes more popular as a language for full-stack development, vulnerabilities in JavaScript due to misuses of the cryptographic APIs and incorrect practices have increased as well. Our project focuses on the use of GitHub’s default code scanning tool, CodeQL. We are contributing to GitHub’s CodeQL repository with improvements that broaden the scope of vulnerabilities that its queries detect. Since CodeQL is widely used by developers and companies who use GitHub to host their projects, our contributions will have an immediate and direct impact on a large community of programmers and help them find cryptographic errors in their code bases. |
 |
MathAcrosticby David Stirn (Undergraduate), Zachary Brubaker (Undergraduate), and Matthew Wright (Undergraduate) MathAcrostic is a web application that helps intermediate and secondary school teachers make inspiring worksheets for their students. Unlike traditional plug and chug worksheets, MathAcrostic offers acrostic-style word problem worksheets. Answers correspond to letters of a fun expression or quotation at the top of the worksheet. Teachers interact with this tool by choosing their problems for the worksheet, then downloading the worksheet as a pdf to be printed. The goal of this project is to provide teachers with an easy-to-use process for creating and managing their worksheets in a subscription - based product accessible from the internet. From a technical perspective, this application is hosted using Amazon Web Services. This project leverages AWS Amplify for hosting and simplified backend configuration, AWS Cognito for user authentication and management, AWS DynamoDB for a database, AWS AppSync for communicating between frontend and backend, and AWS Lambda for event-driven functions. The frontend of this web app is designed using React and utilizes the MaterialUI component library. MathAcrostic is a subscription-based tool with payments processed using Braintree. Currently, MathAcrostic makes worksheets for Algebra 1 topics. In the future, the team will strive to make more features including support for other educational topics like Algebra 2, Geometry, Pre-Calc, SAT prep, ACT prep and more. |
 |
How Often Do Radioisotope Dating Methods Agree? A Statistical Study of 29,000 Radioisotope Ages in the USGS National Geochronological Databaseby Micah D. Beachy (Undergraduate) and Benjamin R. Kinard (Undergraduate) and Paul Garner (Biblical Creation Trust) Radioisotope dating is the cornerstone of the modern geological synthesis, connecting rock layers to concrete numerical ages. However, the numbers sometimes conflict with each other. How often do they conflict? Are there patterns? Several other creationists have performed case studies to answer these questions, but this is the first large-scale statistical study to test whether the patterns they identified hold true across large numbers of rock samples. We studied the USGS National Geochronological Database, which contains over 29,000 ages from 18,575 rock samples. To perform this analysis, we defined concordance using the error margins in the database. We then adopted two primary strategies: (1) comparing ages that are theoretically equivalent from two different radioisotope methods, and (2) creating a quantitative concordance metric which assigns each sample a score from 0 to 1 by looking at each pair of unique ages from that record. Using this metric, we found the internal concordance of each rock sample and of each radioisotope method. Our results show a surprisingly small number of ages calculated per rock unit. The majority of samples (74%) were only dated once, and only 34 records had ages from three or more methods. The average concordance score within each method ranged from 0.564 to 0.837. The concordance when comparing two methods was much lower, ranging from 0.000 to 0.794. We observed a general “pecking order” of which methods tend to yield the oldest ages. Our results support what other creationists have found, extending the scope of young-earth radioisotope research to many more rock units. |
   |