Computer Engineering Commons^™

Wispernet: Anti-Jamming For Wireless Sensor Networks, Miroslav Pajic, Rahul Mangharam

Rahul Mangharam

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns …

Anti-Jamming For Embedded Wireless Networks, Miroslav Pajic, Rahul Mangharam

Rahul Mangharam

Resilience to electromagnetic jamming and its avoidance are difficult problems. It is often both hard to distinguish malicious jamming from congestion in the broadcast regime and a challenge to conceal the activity patterns of the legitimate communication protocol from the jammer. In the context of energy-constrained wireless sensor networks, nodes are scheduled to maximize the common sleep duration and coordinate communication to extend their battery life. This results in well-defined communication patterns with possibly predictable intervals of activity that are easily detected and jammed by a statistical jammer. We present an anti-jamming protocol for sensor networks which eliminates spatio-temporal patterns …

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

All Faculty Scholarship

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital expenditures …

On The Applications Of Deterministic Chaos For Encrypting Data On The Cloud, Jonathan Blackledge, Nikolai Ptitsyn

Conference papers

Cloud computing is expected to grow considerably in the future because it has so many advantages with regard to sale and cost, change management, next generation architectures, choice and agility. However, one of the principal concerns for users of the Cloud is lack of control and above all, data security. This paper considers an approach to encrypting information before it is ‘placed’ on the Cloud where each user has access to their own encryption algorithm, an algorithm that is based on a set of iterated function systems that outputs a chaotic number stream, designed to produce a cryptographically secure cipher. …

The Kerf Toolkit For Intrusion Analysis, Javed A. Aslam, Sergey Bratus, David Kotz, Ron Peterson, Brett Tofel, Daniela Rus

Javed A. Aslam

To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package.

Cloud Computing:Strategies For Cloud Computing Adoption, Faith Shimba

Dissertations

The advent of cloud computing in recent years has sparked an interest from different organisations, institutions and users to take advantage of web applications. This is a result of the new economic model for the Information Technology (IT) department that cloud computing promises. The model promises a shift from an organisation required to invest heavily for limited IT resources that are internally managed, to a model where the organisation can buy or rent resources that are managed by a cloud provider, and pay per use. Cloud computing also promises scalability of resources and on-demand availability of resources.

Although, the adoption …

A Secure On-Line Credit Card Transaction Method Based On Kerberos Authentication Protocol, Jung Eun Kim

UNLV Theses, Dissertations, Professional Papers, and Capstones

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.

In this thesis, we present a new secure …

Dsfs: Decentralized Security For Large Parallel File Systems, Zhongying Niu, Hong Jiang, Ke Zhou, Dan Feng, Tianming Yang, Dongliang Lei, Anli Chen

CSE Technical Reports

This paper describes DSFS, a decentralized security system for large parallel file system. DSFS stores global access control lists (ACLs) in a centralized decisionmaking server and pushes pre-authorization lists (PALs) into storage devices. Thus DSFS allows users to flexibly set any access control policy for the global ACL or even change the global ACL system without having to upgrade the security code in their storage devices. With pre-authorization lists, DSFS enables a networkattached storage device to immediately authorize I/O, instead of demanding a client to acquire an authorization from a centralized authorization server at a crucial time. The client needs …

Privacy-Preserving Attribute-Based Access Control In A Grid, Sang Mork Park

Browse all Theses and Dissertations

A Grid community is composed of diverse stake holders, such as data resource providers, computing resource providers, service providers, and the users of the resources and services. In traditional security systems for Grids, most of the authentication and authorization mechanisms are based on the user's identity or the user's classification information. If the authorization mechanism is based on the user's identity, fine-grained access control policies can be implemented but the scalability of the security system would be limited. If the authorization mechanism is based on the user's classification, the scalability can be improved but the fine-grained access control policies may …

Data Security Measures In The It Service Industry: A Balance Between Knowledge & Action, N. Mlitwa, Y. Kachala

Journal of Digital Forensics, Security and Law

That “knowledge is power” is fast becoming a cliché within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even …

Alphaco: A Teaching Case On Information Technology Audit And Security, Hüseyin Tanriverdi, Joshua Bertsch, Jonathan Harrison, Po-Ling Hsiao, Ketan S. Mesuria, David Hendrawirawan

Journal of Digital Forensics, Security and Law

Recent regulations in the United States (U.S.) such as the Sarbanes-Oxley Act of 2002 require top management of a public firm to provide reasonable assurance that they institute internal controls that minimize risks over the firm’s operations and financial reporting. External auditors are required to attest to the management’s assertions over the effectiveness of those internal controls. As firms rely more on information technology (IT) in conducting business, they also become more vulnerable to IT related risks. IT is critical for initiating, recording, processing, summarizing and reporting accurate financial and non-financial data. Thus, understanding IT related risks and instituting internal …

Jess – A Java Security Scanner For Eclipse, Russell Spitler

Honors Theses

Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.

Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.

This void is what inspired JeSS, Java …