Computer Engineering Commons^™

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

A New Implementation Of Federated Learning For Privacy And Security Enhancement, Xiang Ma, Haijian Sun, Rose Qingyang Hu, Yi Qian

Department of Electrical and Computer Engineering: Faculty Publications

Motivated by the ever-increasing concerns on personal data privacy and the rapidly growing data volume at local clients, federated learning (FL) has emerged as a new machine learning setting. An FL system is comprised of a central parameter server and multiple local clients. It keeps data at local clients and learns a centralized model by sharing the model parameters learned locally. No local data needs to be shared, and privacy can be well protected. Nevertheless, since it is the model instead of the raw data that is shared, the system can be exposed to the poisoning model attacks launched by …

Privacy In Blockchain Systems, Murat Osmanoğlu, Ali̇ Aydin Selçuk

Turkish Journal of Electrical Engineering and Computer Sciences

Privacy of blockchains has been a matter of discussion since the inception of Bitcoin. Various techniques with a varying degree of privacy protection and complexity have been proposed over the past decade. In this survey, we present a systematic analysis of these proposals in four categories: (i) identity, (ii) transaction, (iii) consensus, and (iv) smart contract privacy. Each of these categories have privacy requirements of its own, and various solutions have been proposed to meet these requirements. Almost every technique in the literature of privacy enhancing technologies have been applied to blockchains: mix networks, zero-knowledge proofs, blind signatures, ring signatures, …

Permissioned Blockchain Based Remote Electronic Examination, Öznur Kalkar, İsa Sertkaya

Turkish Journal of Electrical Engineering and Computer Sciences

Recent coronavirus pandemic transformed almost all aspects of daily life including educational institutions and learning environments. As a result, this transformation brought remote electronic examination (shortly e-exam) concepts back into consideration. In this study, we revisit secure and privacy preserving e-exam protocol proposals and propose an e-exam protocol that utilizes decentralized identity-based verifiable credentials for proof of authentication and public-permissioned blockchain for immutably storing records. In regard to the previously proposed e-exam schemes, our scheme offers both privacy enhancement and better efficiency. More concretely, the proposed solution satisfies test answer authentication, examiner authentication, anonymous marking, anonymous examiner, question secrecy, question …

Estonian Internet Voting With Anonymous Credentials, İsa Sertkaya, Peter Roenne, Peter Y. A. Ryan

Turkish Journal of Electrical Engineering and Computer Sciences

The Estonian Internet voting (EIV) scheme is a unique example of a long-term nation-wide, legally binding electronic voting deployment. The EIV scheme is used in parallel with standard paper-based election day voting, of course invalidating an already cast i-vote. This necessarily requires careful authentication of the eligible voters and makes the Estonian identity card solution a crucial part of the scheme, however, note that Parsovs has recently drawn attention to the security flaws found in Estonian ID-cards. In this study, we propose an e-voting scheme EIV-AC that integrates the EIV scheme with anonymous credentials based on self-sovereign identity. In addition …

Book Review: This Is How They Tell Me The World Ends: The Cyberweapons Arms Race (2020) By Nicole Perlroth, Amy C. Gaudion

Dickinson Law Review (2017-Present)

No abstract provided.

Towards Secure Deep Neural Networks For Cyber-Physical Systems, Jiangnan Li

Doctoral Dissertations

In recent years, deep neural networks (DNNs) are increasingly investigated in the literature to be employed in cyber-physical systems (CPSs). DNNs own inherent advantages in complex pattern identifying and achieve state-of-the-art performances in many important CPS applications. However, DNN-based systems usually require large datasets for model training, which introduces new data management issues. Meanwhile, research in the computer vision domain demonstrated that the DNNs are highly vulnerable to adversarial examples. Therefore, the security risks of employing DNNs in CPSs applications are of concern.

In this dissertation, we study the security of employing DNNs in CPSs from both the data domain …

Privacy-Aware Security Applications In The Era Of Internet Of Things, Abbas Acar

FIU Electronic Theses and Dissertations

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA …

A New Grid Partitioning Technology For Location Privacy Protection, Yue Sun, Lei Zhang, Jing Li, Zhen Zhang

Turkish Journal of Electrical Engineering and Computer Sciences

Nowadays, the location-based service (LBS) has become an essential part of convenient service in people's daily life. However, the untrusted LBS servers can store lots of information about the user, such as the user's identity, location, and destination. Then the information can be used as background knowledge and combined with the query frequency of the user to launch the inference attack to obtain user's privacy. In most of the existing schemes, the author considers the algorithm of virtual location selection from the historical location of the user. However, the LBS server can infer the user's location information on the historical …

Privacy Issues In Post Dissemination On Facebook, Burcu Sayi̇n Günel, Serap Şahi̇n, Dimitris G. Kogias, Charalampos Z. Patrikakis

Turkish Journal of Electrical Engineering and Computer Sciences

With social networks (SNs) being populated by a still increasing numbers of people who take advantage of the communication and collaboration capabilities that they offer, the probability of the exposure of people's personal moments to a wider than expected audience is also increasing. By studying the functionalities and characteristics that modern SNs offer, along with the people's habits and common behaviors in them, it is easy to understand that several privacy risks may exist, many of which people may be unaware of. In this paper, we focus on users' interactions with posts in a social network (SN), using Facebook as …

Ears-Dm: Efficient Auto Correction Retrieval Scheme For Data Management In Edge Computing, Kai Fan, Jie Yin, Kuan Zhang, Hui Li, Yintang Wang

Department of Electrical and Computer Engineering: Faculty Publications

Edge computing is an extension of cloud computing that enables messages to be acquired and processed at low cost. Many terminal devices are being deployed in the edge network to sense and deal with the massive data. By migrating part of the computing tasks from the original cloud computing model to the edge device, the message is running on computing resources close to the data source. The edge computing model can effectively reduce the pressure on the cloud computing center and lower the network bandwidth consumption. However, the security and privacy issues in edge computing are worth noting. In this …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Department of Electrical and Computer Engineering: Faculty Publications

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding …

Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur

FIU Electronic Theses and Dissertations

Although smart meters are deployed in many countries, the data collection process from smart meters in Smart Grid (SG) still has some challenges related to consumer privacy that needs to be addressed. Referred to as Advanced Metering Infrastructure (AMI), the data collected and transmitted through the AMI can leak sensitive information about the consumers if it is sent as a plaintext.

While many solutions have been proposed in the past, the deployment of these solutions in real-life was not possible since the actual AMIs were not accessible to researchers. Therefore, a lot of solutions relied on simulations which may not …

A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following …

In-The-Wild Residual Data Research And Privacy, William B. Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Journal of Digital Forensics, Security and Law

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and …

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Cyber Black Box/Event Data Recorder: Legal And Ethical Perspectives And Challenges With Digital Forensics, Michael Losavio, Pavel Pastukov, Svetlana Polyakova

Journal of Digital Forensics, Security and Law

With ubiquitous computing and the growth of the Internet of Things, there is vast expansion in the deployment and use of event data recording systems in a variety of environments. From the ships’ logs of antiquity through the evolution of personal devices for recording personal and environmental activities, these devices offer rich forensic and evidentiary opportunities that smash against rights of privacy and personality. The technical configurations of these devices provide for greater scope of sensing, interconnection options for local, near, and cloud storage of data, and the possibility of powerful analytics. This creates the unique situation of near-total data …

Security Issues In Data Warehouse, Saiqa Aleem, Luiz Fernando Capretz, Faheem Ahmed Dr.

Electrical and Computer Engineering Publications

Data Warehouse (DWH) provides storage for huge amounts of historical data from heterogeneous operational sources in the form of multidimensional views, thus supplying sensitive and useful information which help decision-makers to improve the organization’s business processes. A data warehouse environment must ensure that data collected and stored in one big repository are not vulnerable. A review of security approaches specifically for data warehouse environment and issues concerning each type of security approach have been provided in this paper.

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

Efficient Anonymous Biometric Matching In Privacy-Aware Environments, Ying Luo

Theses and Dissertations--Electrical and Computer Engineering

Video surveillance is an important tool used in security and environmental monitoring, however, the widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. To identify these individuals for protection, the most reliable approach is to use biometric signals as they are immutable and highly discriminative. If misused, these characteristics of biometrics can seriously defeat the goal of privacy protection. In this dissertation, an Anonymous Biometric Access Control (ABAC) procedure is proposed based on biometric signals for privacy-aware video surveillance. …

Trajectory Privacy Preservation In Mobile Wireless Sensor Networks, Xinyu Jin

FIU Electronic Theses and Dissertations

In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". …

A Reputation-Based Privacy Management System For Social Networking Sites, Mehmet Erkan Yüksel, Asim Si̇nan Yüksel, Abdül Hali̇m Zai̇m

Turkish Journal of Electrical Engineering and Computer Sciences

Social networking sites form a special type of virtual community where we share our personal information with people and develop new relationships on the Internet. These sites allow the users to share just about everything, including photos, videos, favorite music, and games, and record all user interactions and retain them for potential use in social data mining. This storing and sharing of large amounts of information causes privacy problems for the users of these websites. In order to prevent these problems, we have to provide strict privacy policies, data protection mechanisms, and trusted and built-in applications that help to protect …

Privacy Protection Framework With Defined Policies For Service-Oriented Architecture, David S. Allison, Miriam Am Capretz, Hany F. Elyamany, Shuying Wang

Electrical and Computer Engineering Publications

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and integration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that outline what can …

Furthering The Growth Of Cloud Computing By Providing Privacy As A Service, David S. Allison, Miriam Am Capretz

Electrical and Computer Engineering Publications

The evolution of Cloud Computing as a viable business solution for providing hardware and software has created many security concerns. Among these security concerns, privacy is often overlooked. If Cloud Computing is to continue its growth, this privacy concern will need to be addressed. In this work we discuss the current growth of Cloud Computing and the impact the public sector and privacy can have in furthering this growth. To begin to provide privacy protection for Cloud Computing, we introduce privacy constraints that outline privacy preferences. We propose the expansion of Cloud Service Level Agreements (SLAs) to include these privacy …

P2p Collaborative Filtering With Privacy, Ci̇han Kaleli̇, Hüseyi̇n Polat

Turkish Journal of Electrical Engineering and Computer Sciences

With the evolution of the Internet and e-commerce, collaborative filtering (CF) and privacy-preserving collaborative filtering (PPCF) have become popular. The goal in CF is to generate predictions with decent accuracy, efficiently. The main issue in PPCF, however, is achieving such a goal while preserving users' privacy. Many implementations of CF and PPCF techniques proposed so far are centralized. In centralized systems, data is collected and stored by a central server for CF purposes. Centralized storage poses several hazards to users because the central server controls users' data. In this work, we investigate how to produce naïve Bayesian classifier (NBC)-based recommendations …

Securing Fuzzy Vault Schemes Through Biometric Hashing, Cengi̇z Örenci̇k, Thomas Brochmann Pedersen, Erkay Savaş, Mehmet Keski̇nöz

Turkish Journal of Electrical Engineering and Computer Sciences

The fuzzy vault scheme is a well-known technique to mitigate privacy, security, and usability related problems in biometric identification applications. The basic idea is to hide biometric data along with secret information amongst randomly selected chaff points during the enrollment process. Only the owner of the biometric data who presents correct biometrics can recover the secret and identify himself. Recent research, however, has shown that the scheme is vulnerable to certain types of attacks. The recently proposed ``correlation attack'', that allows linking two vaults of the same biometric, pose serious privacy risks that have not been sufficiently addressed. The primary …

The Changing Patterns Of Internet Usage, Christopher S. Yoo

All Faculty Scholarship

The Internet unquestionably represents one of the most important technological developments in recent history. It has revolutionized the way people communicate with one another and obtain information and created an unimaginable variety of commercial and leisure activities. Interestingly, many members of the engineering community often observe that the current network is ill-suited to handle the demands that end users are placing on it. Indeed, engineering researchers often describe the network as ossified and impervious to significant architectural change. As a result, both the U.S. and the European Commission are sponsoring “clean slate” projects to study how the Internet might be …