Open Access. Powered by Scholars. Published by Universities.®

Computer Engineering Commons

Open Access. Powered by Scholars. Published by Universities.®

Security

Discipline
Institution
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 121

Full-Text Articles in Computer Engineering

Compliance Of Open Source Ehr Applications With Hipaa And Onc Security And Privacy Requirements, Maryam Farhadi, Hisham Haddad, Hossain Shahriar May 2019

Compliance Of Open Source Ehr Applications With Hipaa And Onc Security And Privacy Requirements, Maryam Farhadi, Hisham Haddad, Hossain Shahriar

Master of Science in Computer Science Theses

Electronic Health Records (EHRs) are digital versions of paper-based patient's health information. EHR applications are increasingly being adopted in many countries. They have resulted in improved quality in healthcare, convenient access to histories of patient medication and clinic visits, easier follow up of patient treatment plans, and precise medical decision-making process. EHR applications are guided by measures of the Health Insurance Portability and Accountability Act (HIPAA) to ensure confidentiality, integrity, and availability. However, there have been reported breaches of Protected Health Identifier (PHI) data stored by EHR applications. In many reported breaches, improper use of EHRs has resulted in ...


Different Approaches To Blurring Digital Images And Their Effect On Facial Detection, Erich-Matthew Pulfer May 2019

Different Approaches To Blurring Digital Images And Their Effect On Facial Detection, Erich-Matthew Pulfer

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to analyze the usage of multiple image blurring techniques and determine their effectiveness in combatting facial detection algorithms. This type of analysis is anticipated to reveal potential flaws in the privacy expected from blurring images or, rather, portions of images. Three different blurring algorithms were designed and implemented: a box blurring method, a Gaussian blurring method, and a differential privacy-based pixilation method. Datasets of images were collected from multiple sources, including the AT&T Database of Faces. Each of these three methods were implemented via their own original method, but, because of how common ...


Feasibility And Security Analysis Of Wideband Ultrasonic Radio For Smart Home Applications, Qi Xia Apr 2019

Feasibility And Security Analysis Of Wideband Ultrasonic Radio For Smart Home Applications, Qi Xia

Computer Science and Engineering: Theses, Dissertations, and Student Research

Smart home Internet-of-Things (IoT) accompanied by smart home apps has witnessed tremendous growth in the past few years. Yet, the security and privacy of the smart home IoT devices and apps have raised serious concerns, as they are getting increasingly complicated each day, expected to store and exchange extremely sensitive personal data, always on and connected, and commonly exposed to any users in a sensitive environment. Nowadays wireless smart home IoT devices rely on electromagnetic wave-based radio-frequency (RF) technology to establish fast and reliable quality network connections. However, RF has its limitations that can negatively affect the smart home user ...


Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao Apr 2019

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Disssertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information ...


Project Insight: A Granular Approach To Enterprise Cybersecurity, Sunna Quazi, Adam Baca, Sam Darsche Jan 2019

Project Insight: A Granular Approach To Enterprise Cybersecurity, Sunna Quazi, Adam Baca, Sam Darsche

SMU Data Science Review

In this paper, we disambiguate risky activity corporate users are propagating with their software in real time by creating an enterprise security visualization solution for system administrators. The current problem in this domain is the lag in cyber intelligence that inhibits preventative security measure execution. This is partially due to the overemphasis of network activity, which is a nonfinite dataset and is difficult to comprehensively ingest with analytics. We address these concerns by elaborating on the beta of a software called "Insight" created by Felix Security. The overall solution leverages endpoint data along with preexisting whitelist/blacklist designations to unambiguously ...


Modeling Context-Adaptive Energy-Aware Security In Mobile Devices, Preeti Singh Jan 2019

Modeling Context-Adaptive Energy-Aware Security In Mobile Devices, Preeti Singh

UNF Graduate Theses and Dissertations

As increasing functionality in mobile devices leads to rapid battery drain, energy management has gained increasing importance. However, differences in user’s usage contexts and patterns can be leveraged for saving energy. On the other hand, the increasing sensitivity of users’ data, coupled with the need to ensure security in an energy-aware manner, demands careful analyses of trade-offs between energy and security. The research described in this thesis addresses this challenge by 1)modeling the problem of context-adaptive energy-aware security as a combinatorial optimization problem (Context-Sec); 2) proving that the decision version of this problem is NP-Complete, via a reduction ...


Inception: Virtual Space In Memory Space In Real Space, Peter Casey, Rebecca Lindsay-Decusati, Ibrahim Baggili, Frank Breitinger Jan 2019

Inception: Virtual Space In Memory Space In Real Space, Peter Casey, Rebecca Lindsay-Decusati, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

Virtual Reality (VR) has become a reality. With the technology's increased use cases, comes its misuse. Malware affecting the Virtual Environment (VE) may prevent an investigator from ascertaining virtual information from a physical scene, or from traditional “dead” analysis. Following the trend of antiforensics, evidence of an attack may only be found in memory, along with many other volatile data points. Our work provides the primary account for the memory forensics of Immersive VR systems, and in specific the HTC Vive. Our approach is capable of reconstituting artifacts from memory that are relevant to the VE, and is also ...


Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally Jul 2018

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources ...


A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt Jun 2018

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages ...


Security Analysis Of The Uconn Husky One Card, Trevor Phillips May 2018

Security Analysis Of The Uconn Husky One Card, Trevor Phillips

Honors Scholar Theses

The “Husky One Card” is the name given to student IDs at the University of Connecticut. It can identify students, faculty, and staff in a variety of situations. The One Card is used for meal plans, Husky Bucks (an equivalent of money, but valid only in the Storrs area), residence hall/ university facility access, and student health services. The current Husky One Card consists of a picture identification on the front and a standard 1-dimensional barcode and 3-track magnetic strip on the back.

The goal of this thesis is to investigate the feasibility of cloning Husky One Cards, the ease ...


Enabling User Space Secure Hardware, Aimee Mikaela Coughlin Apr 2018

Enabling User Space Secure Hardware, Aimee Mikaela Coughlin

Electrical, Computer & Energy Engineering Graduate Theses & Dissertations

User space software allows developers to customize applications beyond the limits of the privileged operating system. In this dissertation, we extend this concept to the hardware in the system, providing applications with the ability to define secure hardware; effectively enabling hardware to be treated as a user space resource. This addresses a significant challenge facing industry today, which has an increasing need for secure hardware. With the ever increasing leaks of private data, increasing use of a variety of computing platforms controlled by third parties, and increasing sophistication of attacks, secure hardware, now more than ever, is needed to provide ...


An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili Jan 2018

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 ...


Securing Soft Ips Against Hardware Trojan Insertion, Thao Phuong Le Jan 2018

Securing Soft Ips Against Hardware Trojan Insertion, Thao Phuong Le

Theses and Dissertations

Due to the increasing complexity of hardware designs, third-party hardware Intellectual Property (IP) blocks are often incorporated in order to alleviate the burden on hardware designers. However, the prevalence use of third-party IPs has raised security concerns such as Trojans inserted by attackers. Hardware Trojans in these soft IPs are extremely difficult to detect through functional testing and no single detection methodology has been able to completely address this issue. Based on a Register-Transfer Level (RTL) and gate-level soft IP analysis method named Structural Checking, this dissertation presents a hardware Trojan detection methodology and tool by detailing the implementation of ...


Towards Designing Energy Efficient Symmetric Key Protocols, Sai Raghu Talluri Jan 2018

Towards Designing Energy Efficient Symmetric Key Protocols, Sai Raghu Talluri

UNF Graduate Theses and Dissertations

Energy consumption by various modern symmetric key encryption protocols (DES,

3-DES, AES and, Blowfish) is studied from an algorithmic perspective. The work

is directed towards redesigning or modifying the underlying algorithms for these

protocols to make them consume less energy than they currently do. This research

takes the approach of reducing energy consumption by parallelizing the

consecutive memory accesses of symmetric key encryption algorithms. To achieve

parallelization, an existing energy complexity model is applied to symmetric key

encryption algorithms. Inspired by the popular DDR3 architecture, the model assumes

that main memory is divided into multiple banks, each of which can ...


Scalable And Modular Implementation Of Scenario-Based Cyber Attacks And Defense Methodologies On Cps Security Scada Testbed, Subramanian Arunachalam Jan 2018

Scalable And Modular Implementation Of Scenario-Based Cyber Attacks And Defense Methodologies On Cps Security Scada Testbed, Subramanian Arunachalam

Creative Components

The electric power grids in the United States are slowly being converted into Smart Grids, which deploy digital technology that facilitates two-way communication between utilities and the customers, detect and react to local changes in usage. This conversion opens up many vulnerabilities and security pitfalls that never existed before.A recent example of an attack that had major impacts on the Power Grid is the cyber attack on the Ukrainian power grid. To combat these kinds of cyber attacks on critical infrastructures, we present a realistic moderate-cost modular test bed and evaluate using two case studies: Black Energy attack (2015 ...


Continuous User Authentication Via Random Forest, Ting-Wei Chang Jan 2018

Continuous User Authentication Via Random Forest, Ting-Wei Chang

Creative Components

Random forest is an important technique in modern machine learning. It was first proposed in 1995, and with the increasing of the compute power, it became a popular method in this decade. In this paper, we present the background knowledge of random forest and also have comparison with other machine learning methods. We also have some discussion of data preprocessing and feature extraction. Then we study the application of random forest to a real world problem - an authentication system which for continuous user authentication approach for web services based on the user’s behavior. The dataset we used for evaluate ...


Implementing Cis Cybersecurity Controls For The Department Of Residence, Iowa State University, Vishwas Kaup Vijayananda Jan 2018

Implementing Cis Cybersecurity Controls For The Department Of Residence, Iowa State University, Vishwas Kaup Vijayananda

Creative Components

The Department of Residence (DoR) at Iowa State University houses over 13,000 students, and employs over 300 staff members. Department of Residence’s IT team is in charge of taking care of Information systems assets (data, servers, systems, IP Phones, networking devices, VMs and printers) that are used by the students and the staff members. It is imperative for the DoR to reduce total IT spending, and also to secure the infrastructure to keep hackers and cyber criminals at bay. Various cybersecurity solutions were discussed, and we finally decided to implement CIS-Security Framework. It was one of the most ...


On The Security And Quality Of Wireless Communications In Outdoor Mobile Environment, Sharaf J. Malebary Jan 2018

On The Security And Quality Of Wireless Communications In Outdoor Mobile Environment, Sharaf J. Malebary

Theses and Dissertations

The rapid advancement in wireless technology along with their low cost and ease of deployment have been attracting researchers academically and commercially. Researchers from private and public sectors are investing into enhancing the reliability, robustness, and security of radio frequency (RF) communications to accommodate the demand and enhance lifestyle. RF base communications -by nature- are slower and more exposed to attacks than a wired base (LAN). Deploying such networks in various cutting-edge mobile platforms (e.g. VANET, IoT, Autonomous robots) adds new challenges that impact the quality directly. Moreover, adopting such networks in public outdoor areas make them vulnerable to ...


Towards Privacy-Aware Mobile-Based Continuous Authentication Systems, Mohammad Al-Rubaie Jan 2018

Towards Privacy-Aware Mobile-Based Continuous Authentication Systems, Mohammad Al-Rubaie

Graduate Theses and Dissertations

User authentication is used to verify the identify of individuals attempting to gain access to a certain system. It traditionally refers to the initial authentication using knowledge factors (e.g. passwords), or ownership factors (e.g. smart cards). However, initial authentication cannot protect the computer (or smartphone), if left unattended, after the initial login. Thus, continuous authentication was proposed to complement initial authentication by transparently and continuously testing the users' behavior against the stored profile (machine learning model).

Since continuous authentication utilizes users' behavioral data to build machine learning models, certain privacy and security concerns have to be addressed before ...


Comparing The Effectiveness Of Different Classification Techniques In Predicting Dns Tunnels, Patrick Walsh Jan 2018

Comparing The Effectiveness Of Different Classification Techniques In Predicting Dns Tunnels, Patrick Walsh

Dissertations

DNS is one of the most widely used protocols on the internet and is used in the translation of domain names into IP address in order to correctly route messages between computers. It presents an attractive attack vector for criminals as the service is not as closely monitored by security experts as other protocols such as HTTP or FTP. Its use as a covert means of communication has increased with the availability of tools that allow for the creation of DNS tunnels using the protocol. One of the primary motivations for using DNS tunnels is the illegal extraction of information ...


Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna Oct 2017

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken ...


Can A Strictly Defined Security Configuration For Iot Devices Mitigate The Risk Of Exploitation By Botnet Malware?, David Kennefick Sep 2017

Can A Strictly Defined Security Configuration For Iot Devices Mitigate The Risk Of Exploitation By Botnet Malware?, David Kennefick

Dissertations

The internet that we know and use every day is the internet of people, a collection of knowledge and data that can be accessed anywhere is the world anytime from many devices. The internet of the future is the Internet of Things. The Internet of Things is a collection of automated technology that is designed to be run autonomously, but on devices designed for humans to use. In 2016 the Mirai malware has shown there are underlying vulnerabilities in devices connected to the internet of things. Mirai is specifically designed to recognise and exploit IoT devices and it has been ...


Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger Aug 2017

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts ...


Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu Aug 2017

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Faculty Publications from the Department of Electrical and Computer Engineering

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding ...


Rules Based Analysis Engine For Application Layer Ids, David Scrobonia May 2017

Rules Based Analysis Engine For Application Layer Ids, David Scrobonia

Master's Theses and Project Reports

Web application attack volume, complexity, and costs have risen as people, companies, and entire industries move online. Solutions implemented to defend web applications against malicious activity have traditionally been implemented at the network or host layer. While this is helpful for detecting some attacks, it does not provide the gran- ularity to see malicious behavior occurring at the application layer. The AppSensor project, an application level intrusion detection system (IDS), is an example of a tool that operates in this layer. AppSensor monitors users within the application by observing activity in suspicious areas not able to be seen by traditional ...


Who R U? Identity Theft And Unl Students, Marcia L. Dority Baker, Cheryl O'Dell Apr 2017

Who R U? Identity Theft And Unl Students, Marcia L. Dority Baker, Cheryl O'Dell

Publications from Information Technology Services

How can academic institutions help educate their students about the risks of identity theft? Or teach students to better understand how one’s online presence can hold so much joy and angst? For one campus, the University of Nebraska–Lincoln, the opportunity came from a middle school teacher engaging his students in a future problem-solving activity. UNL had the opportunity to create a 45-minute presentation on identity theft for local public school students who would be spending the day on campus researching this topic.

While preparing the presentation, we realized a top 10 list on identity theft for UNL students ...


Design And Implementation Of Attack-Resilient Cyber-Physical Systems, Miroslav Pajic, James Weimer, Nicola Bezzo, Oleg Sokolsky, George Pappas, Insup Lee Apr 2017

Design And Implementation Of Attack-Resilient Cyber-Physical Systems, Miroslav Pajic, James Weimer, Nicola Bezzo, Oleg Sokolsky, George Pappas, Insup Lee

Departmental Papers (CIS)

Recent years have witnessed a significant increase in the number of security-related incidents in control systems. These include high-profile attacks in a wide range of application domains, from attacks on critical infrastructure, as in the case of the Maroochy Water breach [1], and industrial systems (such as the StuxNet virus attack on an industrial supervisory control and data acquisition system [2], [3] and the German Steel Mill cyberattack [4], [5]), to attacks on modern vehicles [6]-[8]. Even high-assurance military systems were shown to be vulnerable to attacks, as illustrated in the highly publicized downing of the RQ-170 Sentinel U ...


Timing And Latency Characteristics In Disaggregated Systems, Anurag Dubey Apr 2017

Timing And Latency Characteristics In Disaggregated Systems, Anurag Dubey

Electrical, Computer & Energy Engineering Graduate Theses & Dissertations

In this dissertation, we evaluated two disaggregated systems - Software Defined Networks (SDNs) and Network Function Virtualization (NFVs) and explored the effects of disaggregation. The disaggregation in SDNs leads to timing side-channel information leaks, the result of which exposes the network configuration and flow information to the adversary. We evaluated this attack on real hardware and developed a countermeasure proxy which normalizes the network response time thereby plugging this side channel. Disaggregation in NFVs on the other hand leads to a very flexible and scalable architecture. The only caveat in the new design of NFVs is introduction of extra latency which ...


Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur Mar 2017

Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur

FIU Electronic Theses and Dissertations

Although smart meters are deployed in many countries, the data collection process from smart meters in Smart Grid (SG) still has some challenges related to consumer privacy that needs to be addressed. Referred to as Advanced Metering Infrastructure (AMI), the data collected and transmitted through the AMI can leak sensitive information about the consumers if it is sent as a plaintext.

While many solutions have been proposed in the past, the deployment of these solutions in real-life was not possible since the actual AMIs were not accessible to researchers. Therefore, a lot of solutions relied on simulations which may not ...


Fine-Grained Access Control With Attribute Based Cache Coherency For Iot With Application To Healthcare, Piranava Tamilselvan Jan 2017

Fine-Grained Access Control With Attribute Based Cache Coherency For Iot With Application To Healthcare, Piranava Tamilselvan

Graduate Theses and Dissertations

The Internet of Things (IoT) is getting popular everyday around the world. Given the endless opportunities it promises to provide, IoT is adopted by various organizations belonging to diverse domains. However, IoT’s “access by anybody from anywhere” concept makes it prone to numerous security challenges. Although data security is studied at various levels of IoT architecture, breach of data security due to internal parties has not received as much attention as that caused by external parties. When an organization with people spread across multiple levels of hierarchies with multiple roles adopts IoT, it is not fair to provide uniform ...