Computer Engineering Commons^™

An Analysis Of Modern Password Manager Security And Usage On Desktop And Mobile Devices, Timothy Oesch

Doctoral Dissertations

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior.

I begin my analysis by conducting the first security evaluation of the …

A Bibliometric Analysis Of Authentication Based Access Control In Cloud Using Blockchain, Yogesh Gajmal, Udayakumar R.

Library Philosophy and Practice (e-journal)

Access Control is mentioned to as the imprisonment of particular activities of an individual to carry out an action. Cloud storing similar to any other untrusted surroundings wants the capacity to protect the shared data. The one of the apparatus of access mechanism is ciphertext-policy attribute-based encryption system over and done with dynamic characteristics. With a blockchain based distributed ledger, the scheme offers immutable log of whole significant safety events, for example key generation, change or revocation, access policy assignment, access request etc. Number of different problems similar to single point of failure, security and privacy etc. were targeted through …

Bibliometric Survey On Zero-Knowledge Proof For Authentication, Adwait Pathak, Tejas Patil, Shubham Pawar, Piyush Raut, Smita Khairnar, Dr. Shilpa Gite

Library Philosophy and Practice (e-journal)

Background: Zero Knowledge Proof is a persuasive cryptographic protocol employed to provide data security by keeping the user's identity, using the services anonymously. Zero Knowledge Proof can be the preferred option to use in multiple circumstances. Instead of using the public key cryptographic protocols, the zero-knowledge proof usage does not expose or leak confidential data or information during the transmission. Zero Knowledge Proof protocols are comparatively lightweight; this results in making it efficient in terms of memory. Zero Knowledge Proof applications can reside in authentication, identity management, cryptocurrency transactions, and many more. Traditional authentication schemes are vulnerable to attacks …

Time Series Data Analysis Using Machine Learning-(Ml) Approach, Mvv Prasad Kantipudi Dr., Pradeep Kumar N.S Dr., S.Sreenath Kashyap Dr., Ss Anusha Vemuri Ms

Library Philosophy and Practice (e-journal)

Healthcare benefits related to continuous monitoring of human movement and physical activity can potentially reduce the risk of accidents associated with elderly living alone at home. Based on the literature review, it is found that many studies focus on human activity recognition and are still active towards achieving practical solutions to support the elderly care system. The proposed system has introduced a joint approach of machine learning and signal processing technology for the recognition of human's physical movements using signal data generated by accelerometer sensors. The framework adopts the concept of DSP to select very descriptive feature sets and uses …

Improved Secure And Low Computation Authentication Protocol For Wireless Body Area Network With Ecc And 2d Hash Chain, Soohyeon Choi

Electronic Theses and Dissertations

Since technologies have been developing rapidly, Wireless Body Area Network (WBAN) has emerged as a promising technique for healthcare systems. People can monitor patients’ body condition and collect data remotely and continuously by using WBAN with small and compact wearable sensors. These sensors can be located in, on, and around the patient’s body and measure the patient’s health condition. Afterwards sensor nodes send the data via short-range wireless communication techniques to an intermediate node. The WBANs deal with critical health data, therefore, secure communication within the WBAN is important. There are important criteria in designing a security protocol for a …

Covid-19 And Biocybersecurity's Increasing Role On Defending Forward, Xavier Palmer, Lucas N. Potter, Saltuk Karahan

Electrical & Computer Engineering Faculty Publications

The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation …

Mitigating Insider Threats In A Cooperative Adaptive Cruise Control System Using Local Intra-Vehicle Data, Alexander Francis Colon

Graduate Theses, Dissertations, and Problem Reports

With the rise of Connected-and-Automated-Vehicle (CAV) technologies on roadways, transportation networks have become increasingly connected through Vehicle-to-Everything (V2X) systems. With access to the additional data from V2X, modern cruise control systems like Adaptive Cruise Control (ACC) are further improved upon to develop systems like Cooperative ACC (CACC) which reduces traffic congestion and increases driver safety and energy efficiency. With that increased connectivity, previously closed vehicle systems are now vulnerable to new security threats which pose new technical challenges. Significant research has been done to strengthen the network against external threats such as denial-of-service attacks (DoS) or passive eavesdropping attacks using …

Dbknot: A Transparent And Seamless, Pluggable Tamper Evident Database, Islam Khalil

Theses and Dissertations

Database integrity is crucial to organizations that rely on databases of important data. They suffer from the vulnerability to internal fraud. Database tampering by internal malicious employees with high technical authorization to their infrastructure or even compromised by externals is one of the important attack vectors.

This thesis addresses such challenge in a class of problems where data is appended only and is immutable. Examples of operations where data does not change is a) financial institutions (banks, accounting systems, stock market, etc., b) registries and notary systems where important data is kept but is never subject to change, and c) …

Traffic Privacy Study On Internet Of Things – Smart Home Applications, Ayan Patel

Master's Theses

Internet of Things (IoT) devices have been widely adopted in many different applications in recent years, such as smart home applications. An adversary can capture the network traffic of IoT devices and analyze it to reveal user activities even if the traffic is encrypted. Therefore, traffic privacy is a major concern, especially in smart home applications. Traffic shaping can be used to obfuscate the traffic so that no meaningful predictions can be drawn through traffic analysis. Current traffic shaping methods have many tunable variables that are difficult to optimize to balance bandwidth overheads and latencies. In this thesis, we study …

Secure Mobile Computing By Using Convolutional And Capsule Deep Neural Networks, Rui Ning

Electrical & Computer Engineering Theses & Dissertations

Mobile devices are becoming smarter to satisfy modern user's increasing needs better, which is achieved by equipping divers of sensors and integrating the most cutting-edge Deep Learning (DL) techniques. As a sophisticated system, it is often vulnerable to multiple attacks (side-channel attacks, neural backdoor, etc.). This dissertation proposes solutions to maintain the cyber-hygiene of the DL-Based smartphone system by exploring possible vulnerabilities and developing countermeasures.

First, I actively explore possible vulnerabilities on the DL-Based smartphone system to develop proactive defense mechanisms. I discover a new side-channel attack on smartphones using the unrestricted magnetic sensor data. I demonstrate that attackers can …

Design And Implementation Of Path Finding And Verification In The Internet, Hao Cai

Doctoral Dissertations

In the Internet, network traffic between endpoints typically follows one path that is determined by the control plane. Endpoints have little control over the choice of which path their network traffic takes and little ability to verify if the traffic indeed follows a specific path. With the emergence of software-defined networking (SDN), more control over connections can be exercised, and thus the opportunity for novel solutions exists. However, there remain concerns about the attack surface exposed by fine-grained control, which may allow attackers to inject and redirect traffic. To address these opportunities and concerns, we consider two specific challenges: (1) …

Identification Of Users Via Ssh Timing Attack, Thomas J. Flucke

Master's Theses

Secure Shell, a tool to securely access and run programs on a remote machine, is an important tool for both system administrators and developers alike. The technology landscape is becoming increasingly distributed and reliant on tools such as Secure Shell to protect information as a user works on a system remotely. While Secure Shell accounts for the abuses the security of older tools such as telnet overlook, it still has fundamental vulnerabilities which leak information about both the user and their activities through timing attacks. The OpenSSH client, the implementation included in all Linux, Mac, and Windows computers, sends each …

Two Image Watermarkingmethodsbased On Compressive Sensing, Yidi Miao, Lü Ju, Xiumei Li

Journal of System Simulation

Abstract: As an emerging sample theory, compressive sensing attracts wide attention because it breaks through the Nyquist sampling theorem. , Two different methods of watermark embedding and extraction are presented by measuring the carrier image and watermark image respectively based on compressive sensing. Moreover, the attack tests, such as the Gaussian noise, pepper and salt noise, filtering, compression, and cropping, are implemented to watermarked images. Experiment results show that although the two different methods for image watermarking have different processing procedure, both can guarantee the robustness and security of embedded digital watermark.

Secure Network-On-Chip Against Black Hole And Tampering Attacks, Luka Daoud

Boise State University Theses and Dissertations

The Network-on-Chip (NoC) has become the communication heart of Multiprocessors-System-on-Chip (MPSoC). Therefore, it has been subject to a plethora of security threats to degrade the system performance or steal sensitive information. Due to the globalization of the modern semiconductor industry, many different parties take part in the hardware design of the system. As a result, the NoC could be infected with a malicious circuit, known as a Hardware Trojan (HT), to leave a back door for security breach purposes. HTs are smartly designed to be too small to be uncovered by offline circuit-level testing, so the system requires an online …

Service Provisioning And Security Design In Software Defined Networks, Mohamed Rahouti

USF Tampa Graduate Theses and Dissertations

Information and Communications Technology (ICT) infrastructures and systems are being widely deployed to support a broad range of users and application scenarios. A key trend here is the emergence of many different "smart" technology paradigms along with an increasingly diverse array of networked sensors, e.g., for smart homes and buildings, intelligent transportation and autonomous systems, emergency response, remote health monitoring and telehealth, etc. As billions of these devices come online, ICT networks are being tasked with transferring increasing volumes of data to support intelligent real-time decision making and management. Indeed, many applications and services will have very stringent Quality of …

Privacy-Aware Security Applications In The Era Of Internet Of Things, Abbas Acar

FIU Electronic Theses and Dissertations

In this dissertation, we introduce several novel privacy-aware security applications. We split these contributions into three main categories: First, to strengthen the current authentication mechanisms, we designed two novel privacy-aware alternative complementary authentication mechanisms, Continuous Authentication (CA) and Multi-factor Authentication (MFA). Our first system is Wearable-assisted Continuous Authentication (WACA), where we used the sensor data collected from a wrist-worn device to authenticate users continuously. Then, we improved WACA by integrating a noise-tolerant template matching technique called NTT-Sec to make it privacy-aware as the collected data can be sensitive. We also designed a novel, lightweight, Privacy-aware Continuous Authentication (PACA) protocol. PACA …

Keyless Anti-Jamming Communication Via Randomized Dsss, Ahmad Alagil

USF Tampa Graduate Theses and Dissertations

Nowadays, wireless networking is ubiquitous. In wireless communication systems, multiple nodes exchange data during the transmission time. Due to the natural use of the communication channel, it is crucial to protect the physical layer to make wireless channels between nodes more reliable. Jamming attacks consider one of the most significant threats on wireless communication. Spread spectrum techniques have been widely used to mitigate the effects of the jammer. Traditional anti-jamming approaches like Frequency Hopping Spread Spectrum (FHSS) and Direct Sequence Spread Spectrum (DSSS) require a sender and a receiver to share a secret key prior to their communication. If this …

Trustworthy Systems And Protocols For The Internet Of Things, Arman Pouraghily

Doctoral Dissertations

Processor-based embedded systems are integrated into many aspects of everyday life such as industrial control, automotive systems, healthcare, the Internet of Things, etc. As Moore’s law progresses, these embedded systems have moved from simple microcontrollers to full-scale embedded computing systems with multiple processor cores and operating systems support. At the same time, the security of these devices has also become a key concern. Our main focus in this work is the security and privacy of the embedded systems used in IoT systems. In the first part of this work, we take a look at the security of embedded systems from …

Composition Of Atomic-Obligation Security Policies, Yan Cao Albright

USF Tampa Graduate Theses and Dissertations

Existing security-policy specification languages allow users to specify obligations, but open challenges remain in the composition of complex obligations, including effective approaches for resolving conflicts between policies and obligations and allowing policies to react to the obligations of other policies.

An atomic obligation requires that either all or none of the included actions are executed. Atomicity can be extended to include the decision to permit or deny an event after the obligation executes. For many practical policies, obligation atomicity is necessary for correctness. Executing only the parts of such an obligation violates its atomicity which can lead to an undesirable …

Does The Age Of An It Executive Impact Adoption Levels Of Cloud Computing Services?, Marcus L. Smith

Faculty Publications

This author researched previously the personal decision factors considered by information technology (IT) executives when making the cloud computing services adoptionchoice. The conclusions in that work (Smith, Jr., 2016) supported four hypotheses, namely, (a) advancement, recognition and satisfaction from accomplishments, (b) top management support, (c) diminishment of personal image, and (d) a pattern of technology readiness have a positive influence on business intentions to adopt cloud computing services. Interestingly, a fifth hypothesis, diminishment of personal image, was found to have a negative influence on business intentions. The relationship between age of the survey respondents and adoption levels was highlighted in …

Algorithms For Achieving Fault-Tolerance And Ensuring Security In Cloud Computing Systems, Md. Tariqul Islam

Theses and Dissertations--Computer Science

Security and fault tolerance are the two major areas in cloud computing systems that need careful attention for its widespread deployment. Unlike supercomputers, cloud clusters are mostly built on low cost, unreliable, commodity hardware. Therefore, large-scale cloud systems often suffer from performance degradation, service outages, and sometimes node and application failures. On the other hand, the multi-tenant shared architecture, dynamism, heterogeneity, and openness of cloud computing make it susceptible to various security threats and vulnerabilities. In this dissertation, we analyze these problems and propose algorithms for achieving fault tolerance and ensuring security in cloud computing systems.

First, we perform a …

Revisiting Lightweight Encryption For Iot Applications: Error Performance And Throughput In Wireless Fading Channels With And Without Coding, Yazid M. Khattabi, Mustafa M. Matalgah, Mohammed M. Olama

Faculty and Student Publications

© 2013 IEEE. Employing heavy conventional encryption algorithms in communications suffers from added overhead and processing time delay; and in wireless communications, in particular, suffers from severe performance deterioration (avalanche effect) due to fading. Consequently, a tremendous reduction in data throughput and increase in complexity and time delay may occur especially when information traverse resource-limited devices as in Internet-of-Things (IoT) applications. To overcome these drawbacks, efficient lightweight encryption algorithms have been recently proposed in literature. One of those, that is of particular interest, requires using conventional encryption only for the first block of data in a given frame being transmitted. …

A Novel Grouping Proof Authentication Protocol For Lightweight Devices:Gpapxr+, Ömer Aydin, Gökhan Dalkiliç, Cem Kösemen

Turkish Journal of Electrical Engineering and Computer Sciences

Radio frequency identification (RFID) tags that meet EPC Gen2 standards are used in many fields such as supply chain operations. The number of the RFID tags, smart cards, wireless sensor nodes, and Internet of things devices is increasing day by day and the areas where they are used are expanding. These devices are very limited in terms of the resources they have. For this reason, many security mechanisms developed for existing computer systems cannot be used for these devices. In order to ensure secure communication, it is necessary to provide authentication process between these lightweight devices and the devices they …

Analysis Of Biometric Data Using Watermarking Techniques, Foday Jorh, Bariş Özyer, Claude Fachkha

Turkish Journal of Electrical Engineering and Computer Sciences

This paper evaluates and analyses the discrete wavelet transform (DWT) frequency bands for embedding and extracting of the biometric data using DWT single level and multilevel watermarking approach with and without the use of alpha blending approach. In addition, singular value decomposition (SVD) combined with DWT is used to embed and extract the watermark image. The performance of compression and decompression approaches has been analyzed to examine the robustness and to check whether the compression function does destroy the integrity of the watermarked image. We investigate the proposed approach to understand how robust the watermarked on different sub-band is against …

Image Subset Communication For Resource-Constrained Applications In Wirelesssensor Networks, Sajid Nazir, Omar Alzubi, Mohammad Kaleem, Hassan Hamdoun

Turkish Journal of Electrical Engineering and Computer Sciences

JPEG is the most widely used image compression standard for sensing, medical, and security applications. JPEG provides a high degree of compression but field devices relying on battery power must further economize on data transmissions to prolong deployment duration with particular use cases in wireless sensor networks. Transmitting a subset of image data could potentially enhance the battery life of power-constrained devices and also meet the application requirements to identify the objects within an image. Depending on an application's needs, after the first selected subset is received at the base station, further transmissions of the image data for successive refinements …

Proactive Content Caching In Future Generation Communication Networks: Energy And Security Considerations, Muhammad Ishtiaque Aziz Zahed

Theses: Doctorates and Masters

The proliferation of hand-held devices and Internet of Things (IoT) applications has heightened demand for popular content download. A high volume of content streaming/downloading services during peak hours can cause network congestion. Proactive content caching has emerged as a prospective solution to tackle this congestion problem. In proactive content caching, data storage units are used to store popular content in helper nodes at the network edge. This contributes to a reduction of peak traffic load and network congestion.

However, data storage units require additional energy, which offers a challenge to researchers that intend to reduce energy consumption up to 90% …

Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.

This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the …

Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park

VMASC Publications

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …

Iomt Malware Detection Approaches: Analysis And Research Challenges, Mohammad Wazid, Ashok Kumar Das, Joel J.P.C. Rodrigues, Sachin Shetty, Youngho Park

VMASC Publications

The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, …

Different Approaches To Blurring Digital Images And Their Effect On Facial Detection, Erich-Matthew Pulfer

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to analyze the usage of multiple image blurring techniques and determine their effectiveness in combatting facial detection algorithms. This type of analysis is anticipated to reveal potential flaws in the privacy expected from blurring images or, rather, portions of images. Three different blurring algorithms were designed and implemented: a box blurring method, a Gaussian blurring method, and a differential privacy-based pixilation method. Datasets of images were collected from multiple sources, including the AT&T Database of Faces. Each of these three methods were implemented via their own original method, but, because of how common they …