Computer Engineering Commons^™

Dp-Smote: Integrating Differential Privacy And Oversampling Technique To Preserve Privacy In Smart Homes, Amr Tarek Elsayed, Almohammady Sobhi Alsharkawy, Mohamed Sayed Farag, Shaban Ebrahim Abu Yusuf

Al-Azhar Bulletin of Science

Smart homes represent intelligent environments where interconnected devices gather information, enhancing users’ living experiences by ensuring comfort, safety, and efficient energy management. To enhance the quality of life, companies in the smart device industry collect user data, including activities, preferences, and power consumption. However, sharing such data necessitates privacy-preserving practices. This paper introduces a robust method for secure sharing of data to service providers, grounded in differential privacy (DP). This empowers smart home residents to contribute usage statistics while safeguarding their privacy. The approach incorporates the Synthetic Minority Oversampling technique (SMOTe) and seamlessly integrates Gaussian noise to generate synthetic data, …

Adversarial Deep Learning And Security With A Hardware Perspective, Joseph Clements

All Dissertations

Adversarial deep learning is the field of study which analyzes deep learning in the presence of adversarial entities. This entails understanding the capabilities, objectives, and attack scenarios available to the adversary to develop defensive mechanisms and avenues of robustness available to the benign parties. Understanding this facet of deep learning helps us improve the safety of the deep learning systems against external threats from adversaries. However, of equal importance, this perspective also helps the industry understand and respond to critical failures in the technology. The expectation of future success has driven significant interest in developing this technology broadly. Adversarial deep …

The Impact Of Cloud Computing On Academic Libraries, Sivankalai S

Library Philosophy and Practice (e-journal)

With the introduction of computers and other forms of communication technology, library services have undergone a significant transformation. Libraries have been automated, networked, and are currently being converted into virtual or paperless libraries. This article is dedicated to many aspects of cloud computing, including different kinds and applications. There is a discussion about the advantages and drawbacks of cloud computing in academic libraries. The article also includes recommendations for professional librarians and academic libraries across the globe on how to take advantage of cloud computing resources. This article may be of use in the development of cloud-based services for university …

Dependencyvis: Helping Developers Visualize Software Dependency Information, Nathan Lui

Master's Theses

The use of dependencies have been increasing in popularity over the past decade, especially as package managers such as JavaScript's npm has made getting these packages a simple command to run. However, while incidents such as the left-pad incident has increased awareness of how vulnerable relying on these packages are, there is still some work to be done when it comes to getting developers to take the extra research step to determine if a package is up to standards. Finding metrics of different packages and comparing them is always a difficult and time consuming task, especially since potential vulnerabilities are …

Towards Secure Deep Neural Networks For Cyber-Physical Systems, Jiangnan Li

Doctoral Dissertations

In recent years, deep neural networks (DNNs) are increasingly investigated in the literature to be employed in cyber-physical systems (CPSs). DNNs own inherent advantages in complex pattern identifying and achieve state-of-the-art performances in many important CPS applications. However, DNN-based systems usually require large datasets for model training, which introduces new data management issues. Meanwhile, research in the computer vision domain demonstrated that the DNNs are highly vulnerable to adversarial examples. Therefore, the security risks of employing DNNs in CPSs applications are of concern.

In this dissertation, we study the security of employing DNNs in CPSs from both the data domain …

An Analysis Of Modern Password Manager Security And Usage On Desktop And Mobile Devices, Timothy Oesch

Doctoral Dissertations

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior.

I begin my analysis by conducting the first security evaluation of the …

Time Series Data Analysis Using Machine Learning-(Ml) Approach, Mvv Prasad Kantipudi Dr., Pradeep Kumar N.S Dr., S.Sreenath Kashyap Dr., Ss Anusha Vemuri Ms

Library Philosophy and Practice (e-journal)

Healthcare benefits related to continuous monitoring of human movement and physical activity can potentially reduce the risk of accidents associated with elderly living alone at home. Based on the literature review, it is found that many studies focus on human activity recognition and are still active towards achieving practical solutions to support the elderly care system. The proposed system has introduced a joint approach of machine learning and signal processing technology for the recognition of human's physical movements using signal data generated by accelerometer sensors. The framework adopts the concept of DSP to select very descriptive feature sets and uses …

Mitigating Insider Threats In A Cooperative Adaptive Cruise Control System Using Local Intra-Vehicle Data, Alexander Francis Colon

Graduate Theses, Dissertations, and Problem Reports

With the rise of Connected-and-Automated-Vehicle (CAV) technologies on roadways, transportation networks have become increasingly connected through Vehicle-to-Everything (V2X) systems. With access to the additional data from V2X, modern cruise control systems like Adaptive Cruise Control (ACC) are further improved upon to develop systems like Cooperative ACC (CACC) which reduces traffic congestion and increases driver safety and energy efficiency. With that increased connectivity, previously closed vehicle systems are now vulnerable to new security threats which pose new technical challenges. Significant research has been done to strengthen the network against external threats such as denial-of-service attacks (DoS) or passive eavesdropping attacks using …

Privacy-Aware Security Applications In The Era Of Internet Of Things, Abbas Acar

FIU Electronic Theses and Dissertations

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA …

Different Approaches To Blurring Digital Images And Their Effect On Facial Detection, Erich-Matthew Pulfer

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to analyze the usage of multiple image blurring techniques and determine their effectiveness in combatting facial detection algorithms. This type of analysis is anticipated to reveal potential flaws in the privacy expected from blurring images or, rather, portions of images. Three different blurring algorithms were designed and implemented: a box blurring method, a Gaussian blurring method, and a differential privacy-based pixilation method. Datasets of images were collected from multiple sources, including the AT&T Database of Faces. Each of these three methods were implemented via their own original method, but, because of how common they …

Injecting Control Commands Through Sensory Channel: Attack And Defense, Farhad Rasapour

Boise State University Theses and Dissertations

Industrial Control System (ICS) is responsible for controlling and managing critical infrastructures like nuclear plants and power plants. ICS is equipped with various devices like communication media, Programmable Logic Controller (PLC), actuators, and sensors. Sensors are used to measure a physical phenomenon and send these measurements through the sensory channel to the control devices so they can make decisions on the movements of the actuators in the systems. While tampering with the sensor measurements has been the focus of many studies, there is some research that has concentrated on misusing a sensor and sensory channel as an axillary attack device …

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages. …

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken …

Improving The Security Of Wireless Sensor Networks, Mauricio Tellez Nava

Masters Theses, 2010-2019

With the rapid technological advancements of sensors, Wireless Sensor Networks (WSNs) have become the main technology for the Internet of Things (IoT). We investigated the security of WSNs in an environmental monitoring system with the goal to improve the overall security. We implemented a Secure Temperature Monitoring System (STMS), which served as our investigational environment. Our results revealed a security flaw found in the bootstrap loader (BSL) password used to protect firmware in the MSP430 MCU chips. We demonstrated how the BSL password could be brute forced in a matter of days. Furthermore, we illustrate how an attacker can reverse …

Determining Unique Agents By Evaluating Web Form Interaction, Ben Cooley

Electronic Theses and Dissertations

Because of the inherent risks in today’s online activities, it becomes imperative to identify a malicious user masquerading as someone else. Incorporating biometric analysis enhances the confidence of authenticating valid users over the Internet while providing additional layers of security with no hindrance to the end user. Through the analysis of traffic patterns and HTTP Header analysis, the detection and early refusal of robot agents plays a great role in reducing fraudulent login attempts.

Toward The Systematization Of Active Authentication Research, Daniel Fleming Gerrity

Master's Theses

Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted …

Cloud Enabled Attack Vectors, Ryan Jasper

Purdue Polytechnic Directed Projects

The purpose of this directed project and related research was to demonstrate and catalog a new attack vector that utilizes cloud managed infrastructure. Cloud computing is a recent trend that is creating significant hype in the IT sector. Being that cloud computing is a new theme in the computing world, there are many security concerns that remain unknown and unexplored. The product of this directed project provides a documented taxonomy of the new attack vector and how to mitigate risk from this kind of attack.

The new attack vector creates efficiencies throughout the lifecycle of an attack and greatly reduces …

Improved Forensic Medical Device Security Through Eating Detection, Nathan Lee Henry

Masters Theses

Patients are increasingly reliant on implantable medical device systems today. For patients with diabetes, an implantable insulin pump system or artificial pancreas can greatly improve quality of life. As with any device, these devices can and do suffer from software and hardware issues, often reported as a safety event. For a forensic investigator, a safety event is indistinguishable from a potential security event. In this thesis, we show a new sensor system that can be transparently integrated into existing and future electronic diabetes therapy systems while providing additional forensic data to help distinguish between safety and security events. We demonstrate …

Detection And Control Of Small Civilian Uavs, Matthew Peacock

Theses : Honours

With the increasing proliferation of small civilian Unmanned Aerial Vehicles (UAVs), the threat to critical infrastructure (CI) security and privacy is now widely recognised and must be addressed. These devices are easily available at a low cost, with their usage largely unrestricted allowing users to have no accountability. Further, current implementations of UAVs have little to no security measures applied to their control interfaces. To combat the threat raised by small UAVs, being aware of their presence is required, a task that can be challenging and often requires customised hardware.

This thesis aimed to address the threats posed by the …

Forensic Analysis Of Whatsapp On Android Smartphones, Neha S. Thakur

University of New Orleans Theses and Dissertations

Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a …

Paris: A Parallel Rsa-Prime Inspection Tool, Joseph R. White

Master's Theses

Modern-day computer security relies heavily on cryptography as a means to protect the data that we have become increasingly reliant on. As the Internet becomes more ubiquitous, methods of security must be better than ever. Validation tools can be leveraged to help increase our confidence and accountability for methods we employ to secure our systems.

Security validation, however, can be difficult and time-consuming. As our computational ability increases, calculations that were once considered “hard” due to length of computation, can now be done in minutes. We are constantly increasing the size of our keys and attempting to make computations harder …

Categorization Of Security Design Patterns, Jeremiah Y. Dangler

Electronic Theses and Dissertations

Strategies for software development often slight security-related considerations, due to the difficulty of developing realizable requirements, identifying and applying appropriate techniques, and teaching secure design. This work describes a three-part strategy for addressing these concerns. Part 1 provides detailed questions, derived from a two-level characterization of system security based on work by Chung et. al., to elicit precise requirements. Part 2 uses a novel framework for relating this characterization to previously published strategies, or patterns, for secure software development. Included case studies suggest the framework's effectiveness, involving the application of three patterns for secure design (Limited View, Role-Based Access Control, …

Jess – A Java Security Scanner For Eclipse, Russell Spitler

Honors Theses

Secure software is the responsibility of every developer. In order to help a developer with this responsibility there are many automated source code security auditors. These tools perform a variety of functions, from finding calls to insecure functions to poorly generated random numbers. These programs have existed for years and perform the security audit with varying degrees of success.

Largely missing in the world of programming is such a security auditor for the Java programming language. Currently, Fortify Software produces the only Java source code security auditor; this is a commercially available package.

This void is what inspired JeSS, Java …