Engineering Commons^™

An Optimized And Scalable Blockchain-Based Distributed Learning Platform For Consumer Iot, Zhaocheng Wang, Xueying Liu, Xinming Shao, Abdullah Alghamdi, Md. Shirajum Munir, Sujit Biswas

School of Cybersecurity Faculty Publications

Consumer Internet of Things (CIoT) manufacturers seek customer feedback to enhance their products and services, creating a smart ecosystem, like a smart home. Due to security and privacy concerns, blockchain-based federated learning (BCFL) ecosystems can let CIoT manufacturers update their machine learning (ML) models using end-user data. Federated learning (FL) uses privacy-preserving ML techniques to forecast customers' needs and consumption habits, and blockchain replaces the centralized aggregator to safeguard the ecosystem. However, blockchain technology (BCT) struggles with scalability and quick ledger expansion. In BCFL, local model generation and secure aggregation are other issues. This research introduces a novel architecture, emphasizing …

A New Implementation Of Federated Learning For Privacy And Security Enhancement, Xiang Ma, Haijian Sun, Rose Qingyang Hu, Yi Qian

Department of Electrical and Computer Engineering: Faculty Publications

Motivated by the ever-increasing concerns on personal data privacy and the rapidly growing data volume at local clients, federated learning (FL) has emerged as a new machine learning setting. An FL system is comprised of a central parameter server and multiple local clients. It keeps data at local clients and learns a centralized model by sharing the model parameters learned locally. No local data needs to be shared, and privacy can be well protected. Nevertheless, since it is the model instead of the raw data that is shared, the system can be exposed to the poisoning model attacks launched by …

Designing Respectful Tech: What Is Your Relationship With Technology?, Noreen Y. Whysel

Publications and Research

According to research at the Me2B Alliance, people feel they have a relationship with technology. It’s emotional. It’s embodied. And it’s very personal. We are studying digital relationships to answer questions like “Do people have a relationship with technology?” “What does that relationship feel like?” And “Do people understand the commitments that they are making when they explore, enter into and dissolve these relationships?” There are parallels between messy human relationships and the kinds of relationships that people develop with technology. As with human relationships, we move through states of discovery, commitment and breakup with digital applications as well. Technology …

Dismantling The “Black Opticon”: Privacy, Race Equity, And Online Data-Protection Reform, Anita L. Allen

All Faculty Scholarship

African Americans online face three distinguishable but related categories of vulnerability to bias and discrimination that I dub the “Black Opticon”: discriminatory oversurveillance, discriminatory exclusion, and discriminatory predation. Escaping the Black Opticon is unlikely without acknowledgement of privacy’s unequal distribution and privacy law’s outmoded and unduly race-neutral façade. African Americans could benefit from race-conscious efforts to shape a more equitable digital public sphere through improved laws and legal institutions. This Essay critically elaborates the Black Opticon triad and considers whether the Virginia Consumer Data Protection Act (2021), the federal Data Protection Act (2021), and new resources for the Federal Trade …

A Bibliometric Analysis Of Authentication Based Access Control In Cloud Using Blockchain, Yogesh Gajmal, Udayakumar R.

Library Philosophy and Practice (e-journal)

Access Control is mentioned to as the imprisonment of particular activities of an individual to carry out an action. Cloud storing similar to any other untrusted surroundings wants the capacity to protect the shared data. The one of the apparatus of access mechanism is ciphertext-policy attribute-based encryption system over and done with dynamic characteristics. With a blockchain based distributed ledger, the scheme offers immutable log of whole significant safety events, for example key generation, change or revocation, access policy assignment, access request etc. Number of different problems similar to single point of failure, security and privacy etc. were targeted through …

Fedoram: A Federated Oblivious Ram Scheme, Alexandre Pujol, Liam Murphy, Christina Thorpe

Articles

Instant messaging (IM) applications, even with end-to-end encryption enabled, pose privacy issues due to metadata and pattern leakage. Our goal is to develop a model for a privacy preserving IM application, by designing an IM application that focuses on hiding metadata and discussion patterns. To solve the issue of privacy preservation through the obfuscation of metadata, cryptographic constructions like Oblivious Random Access Machines (ORAM) have been proposed in recent years. However, although they completely hide the user access patterns, they incur high computational costs, often resulting in excessively slow performance in practice. We propose a new federated model, FedORAM, which …

The First Amendment, Common Carriers, And Public Accommodations: Net Neutrality, Digital Platforms, And Privacy, Christopher S. Yoo

All Faculty Scholarship

Recent prominent judicial opinions have assumed that common carriers have few to no First Amendment rights and that calling an actor a common carrier or public accommodation could justify limiting its right to exclude and mandating that it provide nondiscriminatory access. A review of the history reveals that the underlying law is richer than these simple statements would suggest. The principles for determining what constitutes a common carrier or a public accommodation and the level of First Amendment protection both turn on whether the actor holds itself out as serving all members of the public or whether it asserts editorial …

The Law Of Black Mirror - Syllabus, Yafit Lev-Aretz, Nizan Packin

Open Educational Resources

Using episodes from the show Black Mirror as a study tool - a show that features tales that explore techno-paranoia - the course analyzes legal and policy considerations of futuristic or hypothetical case studies. The case studies tap into the collective unease about the modern world and bring up a variety of fascinating key philosophical, legal, and economic-based questions.

Privacy-Aware Security Applications In The Era Of Internet Of Things, Abbas Acar

FIU Electronic Theses and Dissertations

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA …

Deepmag+ : Sniffing Mobile Apps In Magnetic Field Through Deep Learning, Rui Ning, Cong Wang, Chunsheng Xin, Jiang Li, Hongyi Wu

Electrical & Computer Engineering Faculty Publications

This paper reports a new side-channel attack to smartphones using the unrestricted magnetic sensor data. We demonstrate that attackers can effectively infer the Apps being used on a smartphone with an accuracy of over 80%, through training a deep Convolutional Neural Networks (CNN). Various signal processing strategies have been studied for feature extractions, including a tempogram based scheme. Moreover, by further exploiting the unrestricted motion sensor to cluster magnetometer data, the sniffing accuracy can increase to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only …

Bibliometric Survey Of Privacy Of Social Media Network Data Publishing, Rupali Gangarde Ass. Prof., Amit Sharma Dr., Ambika Pawar Dr.

Library Philosophy and Practice (e-journal)

We are witness to see exponential growth of the social media network since the year 2002. Leading social media networking sites used by people are Twitter, Snapchats, Facebook, Google, and Instagram, etc. The latest global digital report (Chaffey and Ellis-Chadwick 2019) states that there exist more than 800 million current online social media users, and the number is still exploding day by day. Users share their day to day activities such as their photos and locations etc. on social media platforms. This information gets consumed by third party users, like marketing companies, researchers, and government firms. Depending upon the purpose, …

Ears-Dm: Efficient Auto Correction Retrieval Scheme For Data Management In Edge Computing, Kai Fan, Jie Yin, Kuan Zhang, Hui Li, Yintang Wang

Department of Electrical and Computer Engineering: Faculty Publications

Edge computing is an extension of cloud computing that enables messages to be acquired and processed at low cost. Many terminal devices are being deployed in the edge network to sense and deal with the massive data. By migrating part of the computing tasks from the original cloud computing model to the edge device, the message is running on computing resources close to the data source. The edge computing model can effectively reduce the pressure on the cloud computing center and lower the network bandwidth consumption. However, the security and privacy issues in edge computing are worth noting. In this …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Department of Electrical and Computer Engineering: Faculty Publications

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding …

Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur

FIU Electronic Theses and Dissertations

Although smart meters are deployed in many countries, the data collection process from smart meters in Smart Grid (SG) still has some challenges related to consumer privacy that needs to be addressed. Referred to as Advanced Metering Infrastructure (AMI), the data collected and transmitted through the AMI can leak sensitive information about the consumers if it is sent as a plaintext.

While many solutions have been proposed in the past, the deployment of these solutions in real-life was not possible since the actual AMIs were not accessible to researchers. Therefore, a lot of solutions relied on simulations which may not …

Lightweight Three-Factor Authentication And Key Agreement Protocol For Internet-Integrated Wireless Sensor Networks, Qi Jiang, Sherali Zeadally, Jianfeng Ma, Debiao He

Information Science Faculty Publications

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their …

A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following …

A Survey Of Security And Privacy Challenges In Cloud Computing: Solutions And Future Directions, Yuhong Liu, Yan Lindsay Sun, Jungwoo Ryoo, Athanasios V. Vasilakos

Computer Science and Engineering

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Security Issues In Data Warehouse, Saiqa Aleem, Luiz Fernando Capretz, Faheem Ahmed Dr.

Electrical and Computer Engineering Publications

Data Warehouse (DWH) provides storage for huge amounts of historical data from heterogeneous operational sources in the form of multidimensional views, thus supplying sensitive and useful information which help decision-makers to improve the organization’s business processes. A data warehouse environment must ensure that data collected and stored in one big repository are not vulnerable. A review of security approaches specifically for data warehouse environment and issues concerning each type of security approach have been provided in this paper.

Trajectory Privacy Preservation In Mobile Wireless Sensor Networks, Xinyu Jin

FIU Electronic Theses and Dissertations

In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". …

When Antitrust Met Facebook, Christopher S. Yoo

All Faculty Scholarship

Social networks are among the hottest phenomena on the Internet. Facebook eclipsed Google as the most visited website in both 2010 and 2011. Moreover, according to Nielsen estimates, as of the end of 2011 the average American spent nearly seven hours per month on Facebook, which is more time than they spent on Google, Yahoo!, YouTube, Microsoft, and Wikipedia combined. LinkedIn’s May 19, 2011 initial public offering (“IPO”) surpassed expectations, placing the value of the company at nearly $9 billion, and approximately a year later, its stock price had risen another 20 percent. Facebook followed suit a year later with …

Provable De-Anonymization Of Large Datasets With Sparse Dimensions, Anupam Datta, Divya Sharma, Arunesh Sinha

Research Collection School Of Computing and Information Systems

There is a significant body of empirical work on statistical de-anonymization attacks against databases containing micro-dataabout individuals, e.g., their preferences, movie ratings, or transactiondata. Our goal is to analytically explain why such attacks work. Specifically, we analyze a variant of the Narayanan-Shmatikov algorithm thatwas used to effectively de-anonymize the Netflix database of movie ratings. We prove theorems characterizing mathematical properties of thedatabase and the auxiliary information available to the adversary thatenable two classes of privacy attacks. In the first attack, the adversarysuccessfully identifies the individual about whom she possesses auxiliaryinformation (an isolation attack). In the second attack, the adversarylearns additional …

Privacy Protection Framework With Defined Policies For Service-Oriented Architecture, David S. Allison, Miriam Am Capretz, Hany F. Elyamany, Shuying Wang

Electrical and Computer Engineering Publications

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and integration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that outline what can …

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

All Faculty Scholarship

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital expenditures …

Furthering The Growth Of Cloud Computing By Providing Privacy As A Service, David S. Allison, Miriam Am Capretz

Electrical and Computer Engineering Publications

The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy …

On The Applications Of Deterministic Chaos For Encrypting Data On The Cloud, Jonathan Blackledge, Nikolai Ptitsyn

Conference papers

Cloud computing is expected to grow considerably in the future because it has so many advantages with regard to sale and cost, change management, next generation architectures, choice and agility. However, one of the principal concerns for users of the Cloud is lack of control and above all, data security. This paper considers an approach to encrypting information before it is ‘placed’ on the Cloud where each user has access to their own encryption algorithm, an algorithm that is based on a set of iterated function systems that outputs a chaotic number stream, designed to produce a cryptographically secure cipher. …

The Changing Patterns Of Internet Usage, Christopher S. Yoo

All Faculty Scholarship

The Internet unquestionably represents one of the most important technological developments in recent history. It has revolutionized the way people communicate with one another and obtain information and created an unimaginable variety of commercial and leisure activities. Interestingly, many members of the engineering community often observe that the current network is ill-suited to handle the demands that end users are placing on it. Indeed, engineering researchers often describe the network as ossified and impervious to significant architectural change. As a result, both the U.S. and the European Commission are sponsoring “clean slate” projects to study how the Internet might be …

Analysis Of Information Remaining On Hand Held Devices For Sale On The Second Hand Market, Andrew Jones, Craig Valli, Iain Sutherland

Research outputs pre 2011

The ownership and use of mobile phones, Personal Digital Assistants and other hand held devices is now ubiquitous both for home and business use. The majority of these devices have a high initial cost, a relatively short period before they become obsolescent and a relatively low second hand value. As a result of this, when the devices are replaced, there are indications that they tend to be discarded. As technology has continued to develop, it has led to an increasing diversity in the number and type of devices that are available, and the processing power and the storage capacity of …

Knowledge Sharing: Using Searchable Email Databases, Frank Wedgeworth

Dissertations

In today’s knowledge driven economy, a company’s intellectual capital is increasingly becoming its most important asset. The knowledge of how to create value defines a company’s success. Through knowledge management the value of knowledge within a company can be increased. One way of increasing the value of knowledge is by making it more accessible. The accessibility of knowledge can be facilitated by integrating the search for knowledge into the user’s workflow. Another way to increase the value of knowledge is through the capture of undocumented, tacit knowledge and converting it into explicit, documented knowledge. Email has been identified as the …