Open Access. Powered by Scholars. Published by Universities.®

Computer Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

Information Security

Institution
Keyword
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 556

Full-Text Articles in Computer Engineering

On The Responsibility For Uses Of Downstream Software, Marty J. Wolf, Keith W. Miller, Frances S. Grodzinsky May 2019

On The Responsibility For Uses Of Downstream Software, Marty J. Wolf, Keith W. Miller, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper we explore an issue that is different from whether developers are responsible for the direct impact of the software they write. We examine, instead, in what ways, and to what degree, developers are responsible for the way their software is used “downstream.” We review some key scholarship analyzing responsibility in computing ethics, including some recent work by Floridi. We use an adaptation of a mechanism developed by Floridi to argue that there are features of software that can be used as guides to better distinguish situations where a software developer might share in responsibility for the software ...


Hardware Ip Classification Through Weighted Characteristics, Brendan Mcgeehan May 2019

Hardware Ip Classification Through Weighted Characteristics, Brendan Mcgeehan

Theses and Dissertations

Today’s business model for hardware designs frequently incorporates third-party Intellectual Property (IP) due to the many benefits it can bring to a company. For instance, outsourcing certain components of an overall design can reduce time-to-market by allowing each party to specialize and perfect a specific part of the overall design. However, allowing third-party involvement also increases the possibility of malicious attacks, such as hardware Trojan insertion. Trojan insertion is a particularly dangerous security threat because testing the functionality of an IP can often leave the Trojan undetected. Therefore, this thesis work provides an improvement on a Trojan detection method ...


On Efficiency Of Artifact Lookup Strategies In Digital Forensics, Lorenz Liebler, Patrick Schmitt, Harald Baier, Frank Breitinger Apr 2019

On Efficiency Of Artifact Lookup Strategies In Digital Forensics, Lorenz Liebler, Patrick Schmitt, Harald Baier, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In recent years different strategies have been proposed to handle the problem of ever-growing digital forensic databases. One concept to deal with this data overload is data reduction, which essentially means to separate the wheat from the chaff, e.g., to filter in forensically relevant data. A prominent technique in the context of data reduction are hash-based solutions. Data reduction is achieved because hash values (of possibly large data input) are much smaller than the original input. Today's approaches of storing hash-based data fragments reach from large scale multithreaded databases to simple Bloom filter representations. One main focus was ...


Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao Apr 2019

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Disssertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information ...


Process And System For Establishing A Moving Target Connection For Secure Communications In Client/Server Systems, Chris Morrell, Reese A. Moore, Joseph G. Tront, Randolph C. Marchany Mar 2019

Process And System For Establishing A Moving Target Connection For Secure Communications In Client/Server Systems, Chris Morrell, Reese A. Moore, Joseph G. Tront, Randolph C. Marchany

West Point Patents

A system and method performs a moving target blind rendezvous by exchanging data through a distributed hash table. The system allows users to securely send small pieces of information over a network while only requiring an exchange of public keys ahead of time. The system relies on the size and resilience of the BitTorrent Distributed Hash Table and the security properties of cryptographic constructions such as Elliptic Curve Diffie-Hellman key exchange and secure one-way hash functions.


Chip-Off Success Rate Analysis Comparing Temperature And Chip Type, Choli Ence, Joan Runs Through, Gary D. Cantrell Feb 2019

Chip-Off Success Rate Analysis Comparing Temperature And Chip Type, Choli Ence, Joan Runs Through, Gary D. Cantrell

Journal of Digital Forensics, Security and Law

Throughout the digital forensic community, chip-off analysis provides examiners with a technique to obtain a physical acquisition from locked or damaged digital device. Thermal based chip-analysis relies upon the application of heat to remove the flash memory chip from the circuit board. Occasionally, a flash memory chip fails to successfully read despite following similar protocols as other flash memory chips. Previous research found the application of high temperatures increased the number of bit errors present in the flash memory chip. The purpose of this study is to analyze data collected from chip-off analyses to determine if a statistical difference exists ...


Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick Jan 2019

Lowering Legal Barriers To Rpki Adoption, Christopher S. Yoo, David A. Wishnick

Faculty Scholarship at Penn Law

Across the Internet, mistaken and malicious routing announcements impose significant costs on users and network operators. To make routing announcements more reliable and secure, Internet coordination bodies have encouraged network operators to adopt the Resource Public Key Infrastructure (“RPKI”) framework. Despite this encouragement, RPKI’s adoption rates are low, especially in North America.

This report presents the results of a year-long investigation into the hypothesis—widespread within the network operator community—that legal issues pose barriers to RPKI adoption and are one cause of the disparities between North America and other regions of the world. On the basis of interviews ...


Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane Jan 2019

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly ...


Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali Dec 2018

Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali

Electronic Thesis and Dissertation Repository

The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify ...


Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo Dec 2018

Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo

Faculty Scholarship at Penn Law

Paul Baran’s seminal 1964 article “On Distributed Communications Networks” that first proposed packet switching also advanced an underappreciated vision of network architecture: a lattice-like, distributed network, in which each node of the Internet would be homogeneous and equal in status to all other nodes. Scholars who have subsequently embraced the concept of a lattice-like network approach have largely overlooked the extent to which it is both inconsistent with network theory (associated with the work of Duncan Watts and Albert-László Barabási), which emphasizes the importance of short cuts and hubs in enabling networks to scale, and the actual way, the ...


Facepet: Enhancing Bystanders' Facial Privacy With Smart Wearables/Internet Of Things, Alfredo J. Perez, Sherali Zeadally, Luis Y. Matos Garcia, Jaouad A. Mouloud, Scott Griffith Dec 2018

Facepet: Enhancing Bystanders' Facial Privacy With Smart Wearables/Internet Of Things, Alfredo J. Perez, Sherali Zeadally, Luis Y. Matos Garcia, Jaouad A. Mouloud, Scott Griffith

Information Science Faculty Publications

Given the availability of cameras in mobile phones, drones and Internet-connected devices, facial privacy has become an area of major interest in the last few years, especially when photos are captured and can be used to identify bystanders’ faces who may have not given consent for these photos to be taken and be identified. Some solutions to protect facial privacy in photos currently exist. However, many of these solutions do not give a choice to bystanders because they rely on algorithms that de-identify photos or protocols to deactivate devices and systems not controlled by bystanders, thereby being dependent on the ...


Bipartite Quantum Interactions: Entangling And Information Processing Abilities, Siddhartha Das Oct 2018

Bipartite Quantum Interactions: Entangling And Information Processing Abilities, Siddhartha Das

LSU Doctoral Dissertations

The aim of this thesis is to advance the theory behind quantum information processing tasks, by deriving fundamental limits on bipartite quantum interactions and dynamics. A bipartite quantum interaction corresponds to an underlying Hamiltonian that governs the physical transformation of a two-body open quantum system. Under such an interaction, the physical transformation of a bipartite quantum system is considered in the presence of a bath, which may be inaccessible to an observer. The goal is to determine entangling abilities of such arbitrary bipartite quantum interactions. Doing so provides fundamental limitations on information processing tasks, including entanglement distillation and secret key ...


A New Framework For Securing, Extracting And Analyzing Big Forensic Data, Hitesh Sachdev, Hayden Wimmer, Lei Chen, Carl Rebman Oct 2018

A New Framework For Securing, Extracting And Analyzing Big Forensic Data, Hitesh Sachdev, Hayden Wimmer, Lei Chen, Carl Rebman

Journal of Digital Forensics, Security and Law

Finding new methods to investigate criminal activities, behaviors, and responsibilities has always been a challenge for forensic research. Advances in big data, technology, and increased capabilities of smartphones has contributed to the demand for modern techniques of examination. Smartphones are ubiquitous, transformative, and have become a goldmine for forensics research. Given the right tools and research methods investigating agencies can help crack almost any illegal activity using smartphones. This paper focuses on conducting forensic analysis in exposing a terrorist or criminal network and introduces a new Big Forensic Data Framework model where different technologies of Hadoop and EnCase software are ...


Implementation Of Secure Dnp3 Architecture Of Scada System For Smart Grids, Uday Bhaskar Boyanapalli Oct 2018

Implementation Of Secure Dnp3 Architecture Of Scada System For Smart Grids, Uday Bhaskar Boyanapalli

Master of Science in Computer Science Theses

With the recent advances in the power grid system connecting to the internet, data sharing, and networking enables space for hackers to maliciously attack them based on their vulnerabilities. Vital stations in the smart grid are the generation, transmission, distribution, and customer substations are connected and controlled remotely by the network. Every substation is controlled by a Supervisory Control and Data Acquisition (SCADA) system which communicates on DNP3 protocol on Internet/IP which has many security vulnerabilities. This research will focus on Distributed Network Protocol (DNP3) communication which is used in the smart grid to communicate between the controller devices ...


Phasorsec: Protocol Security Filters For Wide Area Measurement Systems, Prashant Anantharaman, Kartik Palani, Rafael Brantley, Sergey Bratus, Sean W. Smith Oct 2018

Phasorsec: Protocol Security Filters For Wide Area Measurement Systems, Prashant Anantharaman, Kartik Palani, Rafael Brantley, Sergey Bratus, Sean W. Smith

Open Dartmouth: Faculty Open Access Scholarship

The addition of synchrophasors to the power grid to improve observability comes at the cost of an increased attack surface: the wide area measurement system. A common source of zero-days, that can be used to exploit the system, is improper input validation. The strict availability and timing requirements of the grid make it critical that input validation be done right and in a timely fashion. PhasorSec is a hardened security filter for the synchrophasor communication protocol, C37.118. PhasorSec is built using language theoretic principles which treat all input as a language with a specific grammar that defines what input ...


Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng Sep 2018

Blockchain Based Efficient And Robust Fair Payment For Outsourcing Services In Cloud Computing, Yinghui Zhang, Robert H. Deng, Ximeng Liu, Dong Zheng

Research Collection School Of Information Systems

As an attractive business model of cloud computing, outsourcing services usually involve online payment and security issues. The mutual distrust between users and outsourcing service providers may severely impede the wide adoption of cloud computing. Nevertheless, most existing payment solutions only consider a specific type of outsourcing service and rely on a trusted third-party to realize fairness. In this paper, in order to realize secure and fair payment of outsourcing services in general without relying on any third-party, trusted or not, we introduce BCPay, a blockchain based fair payment framework for outsourcing services in cloud computing. We first present the ...


I Know What You Did Last Summer: Your Smart Home Internet Of Things And Your Iphone Forensically Ratting You Out, Gokila Dorai, Shiva Houshmand, Ibrahim Baggili Aug 2018

I Know What You Did Last Summer: Your Smart Home Internet Of Things And Your Iphone Forensically Ratting You Out, Gokila Dorai, Shiva Houshmand, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The adoption of smart home Internet of Things (IoT) devices continues to grow. What if your devices can snitch on you and let us know where you are at any given point in time? In this work we examined the forensic artifacts produced by Nest devices, and in specific, we examined the logical backup structure of an iPhone used to control a Nest thermostat, Nest Indoor Camera and a Nest Outdoor Camera. We also integrated the Google Home Mini as another method of controlling the studied Smart Home devices. Our work is the primary account for the examination of Nest ...


Digital Forensics In The Next Five Years, Laoise Luciano, Ibrahim Baggili, Mateusz Topor, Peter Casey, Frank Breitinger Aug 2018

Digital Forensics In The Next Five Years, Laoise Luciano, Ibrahim Baggili, Mateusz Topor, Peter Casey, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyber forensics has encountered major obstacles over the last decade and is at a crossroads. This paper presents data that was obtained during the National Workshop on Redefining Cyber Forensics (NWRCF) on May 23-24, 2017 supported by the National Science Foundation and organized by the University of New Haven. Qualitative and quantitative data were analyzed from twenty-four cyber forensics expert panel members. This work identified important themes that need to be addressed by the community, focusing on (1) where the domain currently is; (2) where it needs to go and; (3) steps needed to improve it. Furthermore, based on the ...


Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally Jul 2018

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources ...


Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili Jul 2018

Survey Results On Adults And Cybersecurity Education, Frank Breitinger, Joseph Ricci, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Cyberattacks and identity theft are common problems nowadays where researchers often say that humans are the weakest link in the security chain. Therefore, this survey focused on analyzing the interest for adults for ‘cyber threat education seminars’, e.g., how to project themselves and their loved ones. Specifically, we asked questions to understand a possible audience, willingness for paying / time commitment, or fields of interest as well as background and previous training experience. The survey was conducted in late 2016 and taken by 233 participants. The results show that many are worried about cyber threats and about their children exploring ...


Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung Jul 2018

Privacy-Preserving Mining Of Association Rule On Outsourced Cloud Data From Multiple Parties, Lin Liu, Jinshu Su, Rongmao Chen, Ximeng Liu, Xiaofeng Wang, Shuhui Chen, Ho-Fung Fung Leung

Research Collection School Of Information Systems

It has been widely recognized as a challenge to carry out data analysis and meanwhile preserve its privacy in the cloud. In this work, we mainly focus on a well-known data analysis approach namely association rule mining. We found that the data privacy in this mining approach have not been well considered so far. To address this problem, we propose a scheme for privacy-preserving association rule mining on outsourced cloud data which are uploaded from multiple parties in a twin-cloud architecture. In particular, we mainly consider the scenario where the data owners and miners have different encryption keys that are ...


Experience Constructing The Artifact Genome Project (Agp): Managing The Domain's Knowledge One Artifact At A Time, Cinthya Grajeda, Laura Sanchez, Ibrahim Baggili, Devon R. Clark, Frank Breitinger Jul 2018

Experience Constructing The Artifact Genome Project (Agp): Managing The Domain's Knowledge One Artifact At A Time, Cinthya Grajeda, Laura Sanchez, Ibrahim Baggili, Devon R. Clark, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

While various tools have been created to assist the digital forensics community with acquiring, processing, and organizing evidence and indicating the existence of artifacts, very few attempts have been made to establish a centralized system for archiving artifacts. The Artifact Genome Project (AGP) has aimed to create the largest vetted and freely available digital forensics repository for Curated Forensic Artifacts (CuFAs). This paper details the experience of building, implementing, and maintaining such a system by sharing design decisions, lessons learned, and future work. We also discuss the impact of AGP in both the professional and academic realms of digital forensics ...


A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt Jun 2018

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages ...


Precognition: Automated Digital Forensic Readiness System For Mobile Computing Devices In Enterprises, Jayaprakash Govindaraj, Robin Verma, Gaurav Gupta May 2018

Precognition: Automated Digital Forensic Readiness System For Mobile Computing Devices In Enterprises, Jayaprakash Govindaraj, Robin Verma, Gaurav Gupta

Annual ADFSL Conference on Digital Forensics, Security and Law

Enterprises are facing an unprecedented risk of security incidents due to the influx of emerging technologies, like smartphones and wearables. Most of the current Mobile security systems are not maturing in pace with technological advances. They lack the ability to learn and adapt from the past knowledge base. In the case of a security incident, enterprises find themselves underprepared for the lack of evidence and data. The systems are not designed to be forensic ready. There is a need for automated security analysis and forensically ready solution, which can learn and continuously adapt to new challenges, improve efficiency and productivity ...


Comparative Study Of Deep Learning Models For Network Intrusion Detection, Brian Lee, Sandhya Amaresh, Clifford Green, Daniel Engels Apr 2018

Comparative Study Of Deep Learning Models For Network Intrusion Detection, Brian Lee, Sandhya Amaresh, Clifford Green, Daniel Engels

SMU Data Science Review

In this paper, we present a comparative evaluation of deep learning approaches to network intrusion detection. A Network Intrusion Detection System (NIDS) is a critical component of every Internet connected system due to likely attacks from both external and internal sources. A NIDS is used to detect network born attacks such as Denial of Service (DoS) attacks, malware replication, and intruders that are operating within the system. Multiple deep learning approaches have been proposed for intrusion detection systems. We evaluate three models, a vanilla deep neural net (DNN), self-taught learning (STL) approach, and Recurrent Neural Network (RNN) based Long Short ...


User-Centric Privacy Preservation In Mobile And Location-Aware Applications, Mingming Guo Apr 2018

User-Centric Privacy Preservation In Mobile And Location-Aware Applications, Mingming Guo

FIU Electronic Theses and Dissertations

The mobile and wireless community has brought a significant growth of location-aware devices including smart phones, connected vehicles and IoT devices. The combination of location-aware sensing, data processing and wireless communication in these devices leads to the rapid development of mobile and location-aware applications. Meanwhile, user privacy is becoming an indispensable concern. These mobile and location-aware applications, which collect data from mobile sensors carried by users or vehicles, return valuable data collection services (e.g., health condition monitoring, traffic monitoring, and natural disaster forecasting) in real time. The sequential spatial-temporal data queries sent by users provide their location trajectory information ...


Application Of Huffman Data Compression Algorithm In Hashing Computation, Lakshmi Narasimha Devulapalli Venkata, Apr 2018

Application Of Huffman Data Compression Algorithm In Hashing Computation, Lakshmi Narasimha Devulapalli Venkata,

Masters Theses & Specialist Projects

Cryptography is the art of protecting information by encrypting the original message into an unreadable format. A cryptographic hash function is a hash function which takes an arbitrary length of the text message as input and converts that text into a fixed length of encrypted characters which is infeasible to invert. The values returned by the hash function are called as the message digest or simply hash values. Because of its versatility, hash functions are used in many applications such as message authentication, digital signatures, and password hashing [Thomsen and Knudsen, 2005].

The purpose of this study is to apply ...


Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý Mar 2018

Automated Man-In-The-Middle Attack Against Wi‑Fi Networks, Martin Vondráček, Jan Pluskal, Ondřej Ryšavý

Journal of Digital Forensics, Security and Law

Currently used wireless communication technologies suffer security weaknesses that can be exploited allowing to eavesdrop or to spoof network communication. In this paper, we present a practical tool that can automate the attack on wireless security. The developed package called wifimitm provides functionality for the automation of MitM attacks in the wireless environment. The package combines several existing tools and attack strategies to bypass the wireless security mechanisms, such as WEP, WPA, and WPS. The presented tool can be integrated into a solution for automated penetration testing. Also, a popularization of the fact that such attacks can be easily automated ...


Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman Mar 2018

Estimating Defensive Cyber Operator Decision Confidence, Markus M. Borneman

Theses and Dissertations

As technology continues to advance the domain of cyber defense, signature and heuristic detection mechanisms continue to require human operators to make judgements about the correctness of machine decisions. Human cyber defense operators rely on their experience, expertise, and understanding of network security, when conducting cyber-based investigations, in order to detect and respond to cyber alerts. Ever growing quantities of cyber alerts and network traffic, coupled with systemic manpower issues, mean no one has the time to review or change decisions made by operators. Since these cyber alert decisions ultimately do not get reviewed again, an inaccurate decision could cause ...


Assured Android Execution Environments, Brandon P. Froberg Mar 2018

Assured Android Execution Environments, Brandon P. Froberg

Theses and Dissertations

Current cybersecurity best practices, techniques, tactics and procedures are insufficient to ensure the protection of Android systems. Software tools leveraging formal methods use mathematical means to assure both a design and implementation for a system and these methods can be used to provide security assurances. The goal of this research is to determine methods of assuring isolation when executing Android software in a contained environment. Specifically, this research demonstrates security properties relevant to Android software containers can be formally captured and validated, and that an implementation can be formally verified to satisfy a corresponding specification. A three-stage methodology called "The ...