Physical Sciences and Mathematics Commons^™

User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson

Undergraduate Honors Theses

Simple password-based authentication provides insufficient protection against increasingly common incidents of online identity theft and data loss. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of Brigham Young University (BYU) to measure user sentiment about DUO Security, the 2FA system adopted by BYU in 2017. We find that most users consider DUO to be annoying, and about half of those surveyed expressed a preference for authentication without using a second-factor. About half of all participants reported at least one instance of …

Usable Security And Privacy For Secure Messaging Applications, Elham Vaziripour

Theses and Dissertations

The threat of government and corporate surveillance around the world, as well as the publicity surrounding major cybersecurity attacks, have increased interest in secure and private end-to-end communications. In response to this demand, numerous secure messaging applications have been developed in recent years. These applications have been welcomed and publically used not just by political activists and journalists but by everyday users as well. Most of these popular secure messaging applications are usable because they hide many of the details of how encryption is provided. The strength of the security properties of these applications relies on the authentication ceremony, wherein …

Healthcare Monitoring System Security Platform Using Software Defined Networking Paradigm, Mohamad Issam Khayat

Information Security Theses

This thesis studies the security and privacy concerns of Healthcare Monitoring System (HMS) and proposes a state-of-the-art Security Platform for HMS using the newly emerging Software Defined Network (SDN) paradigm. In this thesis, we investigate the existing HMS architecture and the relevant solutions proposed for both security and privacy concerns in the literature today. Moreover, we develop a new HMS Security Integration Framework, in the form of a security platform for securing HMS. Finally, we perform a comparison among existing architectures and our proposed framework to highlight the added value of our proposed architecture. Our proposed integration framework eliminates the …

Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen

Information Technology & Decision Sciences Theses & Dissertations

Security is identified as a major barrier for consumers in adopting mobile payment. Although existing literature has incorporated security into the Technology Acceptance Model (TAM), the Unified Theory of Acceptance, and the Use of Technology (UTAUT) and it has investigated the way in which security affects consumers’ acceptance of mobile payment, security is a factor only in diverse research models. Studies of mobile payment that focus on security are not available. Additionally, previous studies of mobile payment are based on Direct Carrier Billing- (DCB)-based mobile payment or Near Field Communication- (NFC)-based mobile payment. The results regarding security might not be …

Advanced Malware Detection For Android Platform, Ke Xu

Dissertations and Theses Collection (Open Access)

In the first quarter of 2018, 75.66% of smartphones sales were devices running An- droid. Due to its popularity, cyber-criminals have increasingly targeted this ecosys- tem. Malware running on Android severely violates end users security and privacy, allowing many attacks such as defeating two factor authentication of mobile bank- ing applications, capturing real-time voice calls and leaking sensitive information. In this dissertation, I describe the pieces of work that I have done to effectively de- tect malware on Android platform, i.e., ICC-based malware detection system (IC- CDetector), multi-layer malware detection system (DeepRefiner), and self-evolving and scalable malware detection system (DroidEvolver) …

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

• Discussion and Dialogue

• Research

• Confidence Building Measures

• Incident Response

• Crime …

  ---

  Go to article

Exploring The Use Of Hierarchal Statistical Analysis And Deep Neural Networks To Detect And Mitigate Covert Timing Channels, Omar Darwish

Dissertations

Covert timing channels provide a mechanism to transmit unauthorized information across different processes. It utilizes the inter-arrival times between the transmitted packets to hide the communicated data. It can be exploited in a variety of malevolent scenarios such as leaking military secrets, trade secrets, and other forms of Intellectual Property (IP). They can be also used as a vehicle to attack existing computing systems to disseminate software viruses or worms while bypassing firewalls, intrusion detection and protection systems, and application filters. Therefore, the detection and mitigation of covert channels is a key issue in modern Information Technology (IT) infrastructure. Many …

Securing Critical Infrastructure: A Ransomware Study, Blaine M. Jeffries

Theses and Dissertations

This thesis reviews traditional ransomware attack trends in order to present a taxonomy for ransomware targeting industrial control systems. After reviewing a critical infrastructure ransomware attack methodology, a corresponding response and recovery plan is described. The plan emphasizes security through redundancy, specifically the incorporation of standby programmable logic controllers. This thesis goes on to describe a set of experiments conducted to test the viability of defending against a specialized ransomware attack with a redundant controller network. Results support that specific redundancy schemes are effective in recovering from a successful attack. Further experimentation is conducted to test the feasibility of industrial …

Smartphone User Privacy Preserving Through Crowdsourcing, Bahman Rashidi

Theses and Dissertations

In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer …

Strategies Used By Cloud Security Managers To Implement Secure Access Methods, Eric Harmon

Walden Dissertations and Doctoral Studies

Cloud computing can be used as a way to access services and resources for many organizations; however, hackers have created security concerns for users that incorporate cloud computing in their everyday functions. The purpose of this qualitative multiple case study was to explore strategies used by cloud security managers to implement secure access methods to protect data on the cloud infrastructure. The population for this study was cloud security managers employed by 2 medium size businesses in the Atlanta, Georgia metropolitan area and that have strategies to implement secure access methods to protect data on the cloud infrastructure. The technology …

Comparing Training Methodologies On Employee’S Cybersecurity Countermeasures Awareness And Skills In Traditional Vs. Socio-Technical Programs, Jodi Goode

CCE Theses and Dissertations

Organizations, which have established an effective technical layer of security, continue to experience difficulties triggered by cyber threats. Ultimately, the cybersecurity posture of an organization depends on appropriate actions taken by employees whose naive cybersecurity practices have been found to represent 72% to 95% of cybersecurity threats and vulnerabilities to organizations. However, employees cannot be held responsible for cybersecurity practices if they are not provided the education and training to acquire skills, which allow for identification of security threats along with the proper course of action to mitigate such threats. In addition, awareness of the importance of cybersecurity, the responsibility …

An Approach For Formal Analysis Of The Security Of A Water Treatment Testbed, Sai Sidharth Patlolla

Masters Theses

"This thesis focuses on securing critical infrastructures such as chemical plants, manufacturing units, and power generating plants against attacks that disrupt the information flow from one component to another. Such systems are controlled by an Industrial Control System (ICS) that includes controllers communicating with each other, and with physical sensors and actuators, using a communications network.

Traditional security models partition the security universe into two worlds, secure and insecure, but in the real world the partitions often overlap and information is leaked even through the physical observation which makes it much harder to analyze a Cyber physical system (CPS). To …

Examining The Influence Of Technology Acceptance, Self-Efficacy, And Locus Of Control On Information Security Behavior Of Social Media Users, Abdullah Almuqrin

Master's Theses and Doctoral Dissertations

Due to recent advances in online communication technology, social networks have become a vital avenue for human interaction. At the same time, they have been exploited as a target for viruses, attacks, and security threats. The first line of defense against such attacks and threats— as well as their primary cause—are social media users themselves. This study investigated the relationship between certain personality factors among social media users—i.e., technology acceptance of security protection technologies, self-efficacy of information security, and locus of control—and their information security behavior. Quantitative methods were used to examine this relationship. The population consisted of all students …

Construction Of A Custom Network Security Appliance, Jacob Rickerd

Senior Honors Theses and Projects

Over the last three semesters, I worked toward my final goal to develop a custom network security appliance. I first began by completing a comparison analysis of network intrusion detection systems which are devices that read traffic from the network and determine if network packets should go through or be dropped. Second, I conducted a feasibility study of a custom framework to profile attackers in a network; this yielded positive results. Finally, I worked on creating a custom network security appliance; it uses the profiles I created in my framework to more efficiently block malicious attackers in comparison to other …

Multiple Security Domain Non Deducibility In The Freedm Smart Grid Infrastructure, Manish Jaisinghani

Masters Theses

"The building block of today's world are not materials, but, computers and algorithms with communication networks between physical entities. A cyber physical system (CPS) is a system in which the cyber and physical entities of the system work together towards a common goal, for example a water treatment facility or an electricity distribution system. These cyber physical infrastructures affect day to day lives of people and hence become target point for the attackers to disrupt normal daily life. Owing to the complexity of a cyber physical system, the attacks have themselves become sophisticated and harder to detect. These sophisticated attacks …

An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook

Theses: Doctorates and Masters

Care needs to be taken to reduce the number of people who are fearful and mistrustful of using ICT where that usage is forced upon them without choice or alternative. The growing incidence of mandatory and imposed online systems can result in confusion, misuse, fear, and rejection by people with only rudimentary ICT skills. A cohort where a high percentage of such people occur is older people, defined in this study as people over the age of 60 Examples of compulsory ICT interactions include some banks limiting bank statement access through online rather than paper-based options. Other examples include the …