Computer Engineering Commons^™

Domain Specific Analysis Of Privacy Practices And Concerns In The Mobile Application Market, Fahimeh Ebrahimi Meymand

LSU Doctoral Dissertations

Mobile applications (apps) constantly demand access to sensitive user information in exchange for more personalized services. These-mostly unjustified-data collection tactics have raised major privacy concerns among mobile app users. Existing research on mobile app privacy aims to identify these concerns, expose apps with malicious data collection practices, assess the quality of apps' privacy policies, and propose automated solutions for privacy leak detection and prevention. However, existing solutions are generic, frequently missing the contextual characteristics of different application domains. To address these limitations, in this dissertation, we study privacy in the app store at a domain level. Our objective is to …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Splicecube Architecture: An Extensible Wi-Fi Monitoring Architecture For Smart-Home Networks, Namya Malik

Dartmouth College Master’s Theses

The vision of smart homes is rapidly becoming a reality, as the Internet of Things and other smart devices are deployed widely. Although smart devices offer convenience, they also create a significant management problem for home residents. With a large number and variety of devices in the home, residents may find it difficult to monitor, or even locate, devices. A central controller that brings all the home’s smart devices under secure management and a unified interface would help homeowners and residents track and manage their devices.

We envision a solution called the SPLICEcube whose goal is to detect smart devices, …

Efficient Yet Robust Privacy For Video Streaming, Luke Cranfill, Junggab Son

Master of Science in Computer Science Theses

MPEG-DASH is a video streaming standard that outlines protocols for sending audio and video content from a server to a client over HTTP. The standard has been widely utilized by the video streaming industry. However, it creates an opportunity for an adversary to invade users’ privacy. While a user is watching a video, information is leaked in the form of meta-data, the size and time that the server sent data to the user. This information is not protected by encryption and can be used to create a fingerprint for a video. Once the fingerprint is created, the adversary can use …

Towards Secure Deep Neural Networks For Cyber-Physical Systems, Jiangnan Li

Doctoral Dissertations

In recent years, deep neural networks (DNNs) are increasingly investigated in the literature to be employed in cyber-physical systems (CPSs). DNNs own inherent advantages in complex pattern identifying and achieve state-of-the-art performances in many important CPS applications. However, DNN-based systems usually require large datasets for model training, which introduces new data management issues. Meanwhile, research in the computer vision domain demonstrated that the DNNs are highly vulnerable to adversarial examples. Therefore, the security risks of employing DNNs in CPSs applications are of concern.

In this dissertation, we study the security of employing DNNs in CPSs from both the data domain …

Towards A Federated Identity And Access Management Across Universities, Jameel Alsulami

Doctoral Dissertations and Master's Theses

Many research projects are too complex to yield the efforts of a single investigator and require a coordinated effort from interdisciplinary research teams across universities and industries. The research data, documents, experimental testbeds, high-end computing equipment, etc. is a critical component of any large-scale project and hence the cooperation and resource sharing across universities become very important for timely and budget-friendly execution of these projects. However, it is extremely challenging to frequently and effectively access data and other resources across universities without creating new identities for the users. In this thesis, we propose Federated Identity Management (FIM) approach for facilitating …

Traffic Privacy Study On Internet Of Things – Smart Home Applications, Ayan Patel

Master's Theses

Internet of Things (IoT) devices have been widely adopted in many different applications in recent years, such as smart home applications. An adversary can capture the network traffic of IoT devices and analyze it to reveal user activities even if the traffic is encrypted. Therefore, traffic privacy is a major concern, especially in smart home applications. Traffic shaping can be used to obfuscate the traffic so that no meaningful predictions can be drawn through traffic analysis. Current traffic shaping methods have many tunable variables that are difficult to optimize to balance bandwidth overheads and latencies. In this thesis, we study …

Unicorn Framework: A User-Centric Approach Toward Formal Verification Of Privacy Norms, Rezvan Joshaghani

Boise State University Theses and Dissertations

In the development of complex systems, such as user-centric privacy management systems with multiple components and attributes, it is important to formalize the process and develop mathematical models that can be utilized to automatically make decisions on the information sharing actions of users. While valuable, the current state-of-the-art models are mostly based on enterprise/organizational privacy perspectives and leave the main actor, i.e., the user, uninvolved or with limited ability to control information sharing actions. These approaches cannot be applied to a user-centric environment since user privacy policies are dynamic because they change based on the information sharing context and environment. …

Different Approaches To Blurring Digital Images And Their Effect On Facial Detection, Erich-Matthew Pulfer

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to analyze the usage of multiple image blurring techniques and determine their effectiveness in combatting facial detection algorithms. This type of analysis is anticipated to reveal potential flaws in the privacy expected from blurring images or, rather, portions of images. Three different blurring algorithms were designed and implemented: a box blurring method, a Gaussian blurring method, and a differential privacy-based pixilation method. Datasets of images were collected from multiple sources, including the AT&T Database of Faces. Each of these three methods were implemented via their own original method, but, because of how common they …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …

Exploring Photo Privacy Protection On Smartphones, David Darling

Computer Science and Computer Engineering Undergraduate Honors Theses

The proliferation of modern smartphone camera use in the past decade has resulted in unprecedented numbers of personal photos being taken and stored on popular devices. However, it has also caused privacy concerns. These photos sometimes contain potentially harmful information if they were to be leaked such as the personally identifiable information found on ID cards or in legal documents. With current security measures on iOS and Android phones, it is possible for 3rd party apps downloaded from official app stores or other locations to access the photo libraries on these devices without user knowledge or consent. Additionally, the prevalence …

Assessing The Competing Characteristics Of Privacy And Safety Within Vehicular Ad Hoc Networks, Jacob W. Connors

Theses and Dissertations

The introduction of Vehicle-to-Vehicle (V2V) communication has the promise of decreasing vehicle collisions, congestion, and emissions. However, this technology places safety and privacy at odds; an increase of safety applications will likely result in the decrease of consumer privacy. The National Highway Traffic Safety Administration (NHTSA) has proposed the Security Credential Management System (SCMS) as the back end infrastructure for maintaining, distributing, and revoking vehicle certificates attached to every Basic Safety Message (BSM). This Public Key Infrastructure (PKI) scheme is designed around the philosophy of maintaining user privacy through the separation of functions to prevent any one subcomponent from identifying …

Modeling Adversarial Insider Vehicles In Mix Zones, Nicholas Plewtong

Master's Theses

Security is a necessity when dealing with new forms of technology that may not have been analyzed from a security perspective. One of the latest growing technological advances are Vehicular Ad-Hoc Networks (VANETs). VANETs allow vehicles to communicate information to each other wirelessly which allows for an increase in safety and efficiency for vehicles. However, with this new type of computerized system comes the need to maintain security on top of it.

In order to try to protect location privacy of the vehicles in the system, vehicles change pseudonyms or identifiers at areas known as mix zones. This thesis implements …

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

Data-Driven Network-Centric Threat Assessment, Dae Wook Kim

Browse all Theses and Dissertations

As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in …

Video Annotation By Crowd Workers With Privacy-Preserving Local Disclosure, Apeksha Dipak Kumavat

Open Access Theses

Advancements in computer vision are still not reliable enough for detecting video content including humans and their actions. Microtask crowdsourcing on task markets such as Amazon Mechnical Turk and Upwork can bring humans into the loop. However, engaging crowd workers to annotate non-public video footage risks revealing the identities of people in the video who may have a right to anonymity.

This thesis demonstrates how we can engage untrusted crowd workers to detect behaviors and objects, while robustly concealing the identities of all faces. We developed a web-based system that presents obfuscated videos to crowd workers, and provides them with …

De-Anonymization Attack Anatomy And Analysis Of Ohio Nursing Workforce Data Anonymization, Jacob M. Miracle

Browse all Theses and Dissertations

Data generalization (anonymization) is a widely misunderstood technique for preserving individual privacy in non-interactive data publishing. Easily avoidable anonymization failures are still occurring 14 years after the discovery of basic techniques to protect against them. Identities of individuals in anonymized datasets are at risk of being disclosed by cyber attackers who exploit these failures. To demonstrate the importance of proper data anonymization we present three perspectives on data anonymization. First, we examine several de-anonymization attacks to formalize the anatomy used to conduct attacks on anonymous data. Second, we examine the vulnerabilities of an anonymous nursing workforce survey to convey how …

Privacy In Cooperative Distributed Systems: Modeling And Protection Framework, Afshan Samani

Electronic Thesis and Dissertation Repository

A new form of computation is emerging rapidly with cloud computing, mobile computing, wearable computing and the Internet-of-Things. All can be characterized as a class of “Cooperative Distributed Systems” (CDS) in open environment. A major driver of the growth is the exponential adoption by people and organizations within all aspects of their day-to-day matters. In this context, users’ requirements for privacy protection are becoming essential and complex beyond the traditional approaches. This requires a formal treatment of “privacy” as a fundamental computation concept in CDS paradigm.

The objective is to develop a comprehensive formal model for “privacy” as base …

An Innovative Approach Towards Applying Chaum Mixing To Sms, Matthew Patrick Rothmeyer

Graduate Theses and Dissertations

Currently there are few user-friendly applications for anonymous communication across multiple platforms, leaving data that is often both personal and private vulnerable to malicious activity. Mobile devices such as smartphones are prime candidates for such an application as they are pervasive and have standardized communication protocols. Through the application of mixing techniques, these devices can provide anonymity for groups of individuals numbering 30 to 40 members. In this work, a Chaum mix inspired, smartphone based network that uses the Short Message Service (SMS) is described first in theory and then in implementation. This system leverages both techniques used by current …

Efficient Anonymous Biometric Matching In Privacy-Aware Environments, Ying Luo

Theses and Dissertations--Electrical and Computer Engineering

Video surveillance is an important tool used in security and environmental monitoring, however, the widespread deployment of surveillance cameras has raised serious privacy concerns. Many privacy-enhancing schemes have been recently proposed to automatically redact images of selected individuals in the surveillance video for protection. To identify these individuals for protection, the most reliable approach is to use biometric signals as they are immutable and highly discriminative. If misused, these characteristics of biometrics can seriously defeat the goal of privacy protection. In this dissertation, an Anonymous Biometric Access Control (ABAC) procedure is proposed based on biometric signals for privacy-aware video surveillance. …

A Privacy-Aware Distributed Storage And Replication Middleware For Heterogeneous Computing Platform, Jilong Liao

Masters Theses

Cloud computing is an emerging research area that has drawn considerable interest in recent years. However, the current infrastructure raises significant concerns about how to protect users' privacy, in part due to that users are storing their data in the cloud vendors' servers. In this paper, we address this challenge by proposing and implementing a novel middleware, called Uno, which separates the storage of physical data and their associated metadata. In our design, users' physical data are stored locally on those devices under a user's full control, while their metadata can be uploaded to the commercial cloud. To ensure the …

A Novel Defense Mechanism Against Web Crawler Intrusion, Alireza Aghamohammadi

Master's Theses and Doctoral Dissertations

Web robots also known as crawlers or spiders are used by search engines, hackers and spammers to gather information about web pages. Timely detection and prevention of unwanted crawlers increases privacy and security of websites. In this research, a novel method to identify web crawlers is proposed to prevent unwanted crawler to access websites. The proposed method suggests a five-factor identification process to detect unwanted crawlers. This study provides the pretest and posttest results along with a systematic evaluation of web pages with the proposed identification technique versus web pages without the proposed identification process. An experiment was performed with …

Traffic Analysis Of Anonymity Systems, Ryan Craven

All Theses

This research applies statistical methods in pattern recognition to test the privacy capabilities of a very popular anonymity tool used on the Internet known as Tor.
Using a recently developed algorithm known as Causal State Splitting and Reconstruction (CSSR), we can create hidden Markov models of network processes proxied through Tor. In contrast to other techniques, our CSSR extensions create a minimum entropy model without any prior knowledge of the underlying state structure. The inter-packet time delays of the network process, preserved by Tor, can be symbolized into ranges and used to construct the models.
After the construction of training …

Privacy-Preserving Attribute-Based Access Control In A Grid, Sang Mork Park

Browse all Theses and Dissertations

A Grid community is composed of diverse stake holders, such as data resource providers, computing resource providers, service providers, and the users of the resources and services. In traditional security systems for Grids, most of the authentication and authorization mechanisms are based on the user's identity or the user's classification information. If the authorization mechanism is based on the user's identity, fine-grained access control policies can be implemented but the scalability of the security system would be limited. If the authorization mechanism is based on the user's classification, the scalability can be improved but the fine-grained access control policies may …

A Taxonomy For And Analysis Of Anonymous Communications Networks, Douglas J. Kelly

Theses and Dissertations

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity …

Matrix Decomposition For Data Disclosure Control And Data Mining Applications, Jie Wang

University of Kentucky Doctoral Dissertations

Access to huge amounts of various data with private information brings out a dual demand for preservation of data privacy and correctness of knowledge discovery, which are two apparently contradictory tasks. Low-rank approximations generated by matrix decompositions are a fundamental element in this dissertation for the privacy preserving data mining (PPDM) applications. Two categories of PPDM are studied: data value hiding (DVH) and data pattern hiding (DPH). A matrix-decomposition-based framework is designed to incorporate matrix decomposition techniques into data preprocessing to distort original data sets. With respect to the challenge in the DVH, how to protect sensitive/confidential attribute values without …