Physical Sciences and Mathematics Commons^™

The Paradox Of Social Media Security: A Study Of It Students’ Perceptions Versus Behavior On Using Facebook, Zahra Y. Alqubaiti

Master of Science in Information Technology Theses

Social media plays an essential role in the modern society, enabling people to be better connected to each other and creating new opportunities for businesses. At the same time, social networking sites have become major targets for cyber-security attacks due to their massive user base. Many studies investigated the security vulnerabilities and privacy issues of social networking sites and made recommendations on how to mitigate security risks. Users are an integral part of any security mix. In this thesis, we explore the relationship between users’ security perceptions and their actual behavior on social networking sites. Protection motivation theory (PMT), initially …

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

Vulnerability Analysis And Security Framework For Zigbee Communication In Iot, Charbel Azzi

UNLV Theses, Dissertations, Professional Papers, and Capstones

Securing IoT (Internet of Things) systems in general, regardless of the communication technology used, has been the concern of many researchers and private companies. As for ZigBee security concerns, much research and many experiments have been conducted to better predict the nature of potential security threats. In this research we are addressing several ZigBee vulnerabilities by performing first hand experiments and attack simulations on ZigBee protocol. This will allow us to better understand the security issues surveyed and find ways to mitigate them. Based on the attack simulations performed and the survey conducted, we have developed a ZigBee IoT framework …

Improvement Of Security In Uas Communication And Navigation Using Ads-B, Vedadatta Gouripeddi

UNLV Theses, Dissertations, Professional Papers, and Capstones

In this thesis, we congregate the security threats on UAS and suggest solutions using ADS-B device. UAS ground and intercommunication is prone to availability, confidentiality and integrity attacks. UAS communication has three layered wireless Ad-Hock network which comprises of Complex group key exchange. Loss of one layer in the Ad-hock network leads to a complete loss of communication in the network. Current UAS navigation methods include complete reliance on on-board sensors, radars and GPS. This research proposes solutions for UAS communication, navigation and collision avoidance using ADS-B. ADS-B acts as a back-up when there is a loss in any one …

Convicted By Memory: Automatically Recovering Spatial-Temporal Evidence From Memory Images, Brendan D. Saltaformaggio

Open Access Dissertations

Memory forensics can reveal “up to the minute” evidence of a device’s usage, often without requiring a suspect’s password to unlock the device, and it is oblivious to any persistent storage encryption schemes, e.g., whole disk encryption. Prior to my work, researchers and investigators alike considered data-structure recovery the ultimate goal of memory image forensics. This, however, was far from sufficient, as investigators were still largely unable to understand the content of the recovered evidence, and hence efficiently locating and accurately analyzing such evidence locked in memory images remained an open research challenge.

In this dissertation, I propose breaking from …

Integration Of Lightweight & Energy Efficient Cipher In Wireless Body Area Network Fore-Health Monitoring, Azza Zayed Sultan Ai Shamsi

Theses

There is an increase in the diseases of the circulatory system in United Arab Emirates, which makes it the first leading cause of death. This led to a high demand for a continuous care that can be achieved by adopting an emerging technology of e- Health monitoring system using Wireless Body Area Network (WBAN) that can collect patient’s data. Since patient’s data is private, securing the communication within WBAN becomes highly essential. In this research thesis, we propose an architecture to secure the data transmission within the Wireless Body Area Network (WBAN) in e-Health monitoring. More specifically, our proposed architecture …

Techniques For Identifying Mobile Platform Vulnerabilities And Detecting Policy-Violating Applications, Mon Kywe Su

Dissertations and Theses Collection

Mobile systems are generally composed of three layers of software: application layer where third-party applications are installed, framework layer where Application Programming Interfaces (APIs) are exposed, and kernel layer where low-level system operations are executed. In this dissertation, we focus on security and vulnerability analysis of framework and application layers. Security mechanisms, such as Android’s sandbox and permission systems, exist in framework layer, while malware scanners protects application layer. However, there are rooms for improvement in both mechanisms. For instance, Android’s permission system is known to be implemented in ad-hoc manner and not well-tested for vulnerabilities. Application layer also focuses …

The State Of Man-In-The-Middle Tls Proxies: Prevalence And User Attitudes, Mark Thomas Oneill

Theses and Dissertations

We measure the prevalence and uses of Man-in-the-Middle TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 15.2 million certificate tests across two large-scale measurement studies and find that 1 in 250 TLS connections are intercepted by proxies. The majority of these proxies appear to be benevolent, however we identify over 3,600 cases where eight malware products are using this technology nefariously. We also find thousands of instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a …

A Study Of Security Issues Of Mobile Apps In The Android Platform Using Machine Learning Approaches, Lei Cen

Open Access Dissertations

Mobile app poses both traditional and new potential threats to system security and user privacy. There are malicious apps that may do harm to the system, and there are mis-behaviors of apps, which are reasonable and legal when not abused, yet may lead to real threats otherwise. Moreover, due to the nature of mobile apps, a running app in mobile devices may be only part of the software, and the server side behavior is usually not covered by analysis. Therefore, direct analysis on the app itself may be incomplete and additional sources of information are needed. In this dissertation, we …

Knowledge Modeling Of Phishing Emails, Courtney Falk

Open Access Dissertations

This dissertation investigates whether or not malicious phishing emails are detected better when a meaningful representation of the email bodies is available. The natural language processing theory of Ontological Semantics Technology is used for its ability to model the knowledge representation present in the email messages. Known good and phishing emails were analyzed and their meaning representations fed into machine learning binary classifiers. Unigram language models of the same emails were used as a baseline for comparing the performance of the meaningful data. The end results show how a binary classifier trained on meaningful data is better at detecting phishing …

Usable, Secure Content-Based Encryption On The Web, Scott Ruoti

Theses and Dissertations

Users share private information on the web through a variety of applications, such as email, instant messaging, social media, and document sharing. Unfortunately, recent revelations have shown that not only is users' data at risk from hackers and malicious insiders, but also from government surveillance. This state of affairs motivates the need for users to be able to encrypt their online data.In this dissertation, we explore how to help users encrypt their online data, with a special focus on securing email. First, we explore the design principles that are necessary to create usable, secure email. As part of this exploration, …

Secure Communication Scheme In Smart Home Environment, Hari Krishna Jonnalagadda

USF Tampa Graduate Theses and Dissertations

Internet of Things, has started to mark its existence from past few years. Right from its inception with a coke machine at Carnegie Mellon University, it has come a long way, connecting billions of devices to internet. This journey is well supported by the advancements in networking, hardware miniaturization and sensing capabilities. Diverse nature of applications of Internet of Things, has cut the communication barriers between the varieties of fields ranging from manufacturing industry to health-care industry. Smart Home is one such application of Internet of Things. Connectivity of home appliances, to achieve automation in living, defines Smart Home. Out …

Enterprise Network Design And Implementation For Airports, Ashraf H. Ali

Information Technology Master Theses

The aim of this project was airports network design and implementation and the introduction of a suitable network for most airports around the world. The following project focused on three main parts: security, quality, and safety. The project has been provided with different utilities to introduce a network with a high security level for the airport. These utilities are hardware firewalls, an IP access control list, Mac address port security, a domain server and s proxy server. All of these utilities have been configured to provide a secure environment for the entire network and to prevent hackers from entering sensitive …

Identifying Terrorist Affiliations Through Social Network Analysis Using Data Mining Techniques, Govand A. Ali

Information Technology Master Theses

In a technologically enabled world, local ideologically inspired warfare becomes global all too quickly, specifically terrorist groups like Al Quaeda and ISIS (Daesh) have successfully used modern computing technology and social networking environments to broadcast their message, recruit new members, and plot attacks. This is especially true for such platforms as Twitter and encrypted mobile apps like Telegram or the clandestine Alrawi. As early detection of such activity is crucial to attack prevention data mining techniques have become increasingly important in the fight against the spread of global terrorist activity. This study employs data mining tools to mine Twitter for …

End-To-End Security In Service-Oriented Architecture, Mehdi Azarmi

Open Access Dissertations

A service-oriented architecture (SOA)-based application is composed of a number of distributed and loosely-coupled web services, which are orchestrated to accomplish a more complex functionality. Any of these web services is able to invoke other web services to offload part of its functionality. The main security challenge in SOA is that we cannot trust the participating web services in a service composition to behave as expected all the time. In addition, the chain of services involved in an end-to-end service invocation may not be visible to the clients. As a result, any violation of client’s policies could remain undetected. To …

Bridging Statistical Learning And Formal Reasoning For Cyber Attack Detection, Kexin Pei

Open Access Theses

Current cyber-infrastructures are facing increasingly stealthy attacks that implant malicious payloads under the cover of benign programs. Current attack detection approaches based on statistical learning methods may generate misleading decision boundaries when processing noisy data with such a mixture of benign and malicious behaviors. On the other hand, attack detection based on formal program analysis may lack completeness or adaptivity when modeling attack behaviors. In light of these limitations, we have developed LEAPS, an attack detection system based on supervised statistical learning to classify benign and malicious system events. Furthermore, we leverage control flow graphs inferred from the system event …

Ultrasonic Data Steganography, Alexander Orosz Edwards

KSU Journey Honors College Capstones and Theses

What started off as a question on the possibly of data transmission via sound above the level of human hearing evolved into a project exploring the possibility of ultrasonic data infiltration and exfiltration in an information security context. It is well known that sound can be used to transmit data as this can be seen in many old technologies, most notably and simply DTMF tones for phone networks. But what if the sound used to transmit signals was in in the ultrasonic range? It would go generally unnoticed to anyone not looking for it with tools such as a spectrum …

Product Authentication Using Hash Chains And Printed Qr Codes, Harshith R. Keni

Electronic Theses and Dissertations

This thesis explores the usage of simple printed tags for authenticating products. Printed tags are a cheap alternative to RFID and other tag based systems and do not require specialized equipment. Due to the simplistic nature of such printed codes, many security issues like tag impersonation, server impersonation, reader impersonation, replay attacks and denial of service present in RFID based solutions need to be handled differently. An algorithm that utilizes hash chains to secure such simple tags while still keeping cost low is discussed. The security characteristics of this scheme as well as other product authentication schemes that use RFID …

Empirical Analysis Of Socio-Cognitive Factors Affecting Security Behaviors And Practices Of Smartphone Users, Joseph P. Simpson

CCE Theses and Dissertations

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence …

An Empirical Assessment Of Employee Cyberslacking In The Public Sector, Wilnelia Hernández

CCE Theses and Dissertations

With the increasing use of the Internet, new challenges are presented to employees in the workplace. Employees spend time during work hours on non-work related activities including visiting e-commerce Websites, managing personal email accounts, and engaging in e-banking. These types of actions in the workplace are known as cyberslacking. Cyberslacking affects the employees’ productivity, presents legal concerns, and undermines the security of the organization’s network. This research study addressed the problem of cyberslacking in the public sector, by assessing the ethical severity of cyberslacking activities, as well as how employees perceived that the frequency of such activities occurred by their …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

New Secure Solutions For Privacy And Access Control In Health Information Exchange, Ahmed Fouad Shedeed Ibrahim

Theses and Dissertations--Computer Science

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing …

Technetium: Productivity Tracking For Version Control Systems, David Leonard

Dissertations and Theses

In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has negative implications for both students and professors, particularly in introductory computer science courses in which constant feedback, iteration and collaboration with others is key to success. In this paper we propose various models for collaboration among students in all course levels using distributed version control systems and implement a secure and efficient tool for visualizing collaborative efforts by observing past work [5]. Lastly, we lay the foundation for future work around additional collaborative metrics, features and …

Applying Deep Learning Techniques To The Analysis Of Android Apks, Robin Andrew Nix

LSU Master's Theses

Malware targeting mobile devices is a pervasive problem in modern life and as such tools to detect and classify malware are of great value. This paper seeks to demonstrate the effectiveness of Deep Learning Techniques, specifically Convolutional Neural Networks, in detecting and classifying malware targeting the Android operating system. Unlike many current detection techniques, which require the use of relatively rigid features to aid in detection, deep neural networks are capable of automatically learning flexible features which may be more resilient to obfuscation. We present a parsing for extracting sequences of API calls which can be used to describe a …

The Corporate Security Stratum Of Work: Identifying Levels Of Work In The Domain, Codee Roy Ludbey

Theses : Honours

Corporate security is a practicing domain and developing academic discipline that provides for the protection of people, information and assets, as well as the self-protection of organisations. Fayol (1949) articulated such an activity within organisations to be a core business function of significant importance; embedding security operations within all aspects of organisational work. This embedded nature of security within organisations has led to difficulty in the literature delineating roles and responsibilities of security practitioners; consequently leading to a nebulous understanding of security as a whole. Therefore, an investigation of the corporate security stratum of work has been undertaken to address …