Physical Sciences and Mathematics Commons^™

Strides Towards Better Application Security, Sathyaraj Balasubramanian

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

Static analysis tools analyze source code for vulnerabilities. However, these types of tools suffer from various problems that limit their effectiveness. This thesis examines these static analysis tools and suggests techniques for making them more efficient at detecting different types of vulnerabilities.

The thesis further analyzes possible causes for these vulnerabilities by examining the source code written by programmers of various categories. Finally, this thesis discusses solutions and techniques to improve general security awareness as well as the importance of secure coding among the students and software developers.

Localizing Sensor Networks In Un-Friendly Environments, Sriram Chellappan, Vamsi Paruchuri, Dylan Mcdonald, Arjan Durresi

Computer Science Faculty Research & Creative Works

In this paper, we study the issue of defending against a wireless sensor network (WSN) that has been deployed by a malicious enemy agent in an area of interest to us. While there can be many approaches to defend against maliciously deployed WSNs, we propose the design of a localization centric approach. Specifically, the problem we address is: given an enemy deployed WSN in an area of interest to us, how can we determine locations of the sensors without co-operating with the sensors themselves during localization. In our approach, we employ a physically mobile agent called the localizer (e.g., a …

Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina

Dartmouth Scholarship

Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.

A Secure Group Communication Architecture For Autonomous Unmanned Aerial Vehicles, Adrian N. Phillips, Barry E. Mullins, Richard Raines, Rusty O. Baldwin

Faculty Publications

This paper investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MATLAB. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the …

Simple, Secure, Selective Delegation In Online Identify Systems, Bryant Gordon Cutler

Theses and Dissertations

The ability to delegate privileges to others is so important to users of online identity systems that users create ad hoc delegation systems by sharing authentication credentials if no other easy delegation mechanism is available. With the rise of internet-scale relationship-based single sign-on protocols like OpenID, the security risks of password sharing are unacceptable. We therefore propose SimpleAuth, a simple modification to relationship-based authentication protocols that gives users a secure way to selectively delegate subsets of their privileges, making identity systems more flexible and increasing user security. We also present a proof-of-concept implementation of the SimpleAuth pattern using the sSRP …

Slides: Threats To Biological Diversity: Global, Continental, Local, J. Michael Scott

Shifting Baselines and New Meridians: Water, Resources, Landscapes, and the Transformation of the American West (Summer Conference, June 4-6)

Presenter: J. Michael Scott, U.S. Geological Survey, Idaho Cooperative Fish and Wildlife Research Unit, University of Idaho

38 slides

Poster Abstract: Reliable People-Centric Sensing With Unreliable Voluntary Carriers, Cory Cornelius, Apu Kapadia, David Kotz, Dan Peebles, Minho Shin, Patrick Tsang

Dartmouth Scholarship

As sensor technology becomes increasingly easy to integrate into personal devices such as mobile phones, clothing, and athletic equipment, there will be new applications involving opportunistic, people-centric sensing. These applications, which gather information about human activities and personal social context, raise many security and privacy challenges. In particular, data integrity is important for many applications, whether using traffic data for city planning or medical data for diagnosis. Although our AnonySense system (presented at MobiSys) addresses privacy in people-centric sensing, protecting data integrity in people-centric sensing still remains a challenge. Some mechanisms to protect privacy provide anonymity, and thus provide limited …

National Security: The Social Implications Of The Politics Of Transparency, M G. Michael, Katina Michael

M. G. Michael

This special issue of Prometheus is dedicated to the theme of the Social Implications of National Security Measures on Citizens and Business. National security measures can be defined as those technical and non-technical measures that have been initiated as a means to curb breaches in national security, irrespective of whether these might occur by nationals or aliens in or from outside the sovereign state. National security includes such government priorities as maintaining border control, safeguarding against pandemic outbreaks, preventing acts of terror, and even discovering and eliminating identification fraud. Governments worldwide are beginning to implement information and communication security techniques …

Location-Based Services And The Privacy-Security Dichotomy, Katina Michael, L. Perusco, M G. Michael

M. G. Michael

Location-based services (LBS) rely on knowledge of a user’s location to provide tailored services or information by means of a wireless device. LBS applications have wide-ranging implications for society, particularly in the context of tracking and monitoring groups of individuals such as children, invalids, and parolees. Despite a great deal of attention paid to technical and commercial aspects of LBS technologies, consideration of the legal, ethical, social and technology momentum issues involved has been wanting. This paper examines some of the more pressing issues that are expected to arise from the widespread use of LBS. The outcome of this paper …

National Security: The Social Implications Of The Politics Of Transparency, M G. Michael, Katina Michael

Professor Katina Michael

This special issue of Prometheus is dedicated to the theme of the Social Implications of National Security Measures on Citizens and Business. National security measures can be defined as those technical and non-technical measures that have been initiated as a means to curb breaches in national security, irrespective of whether these might occur by nationals or aliens in or from outside the sovereign state. National security includes such government priorities as maintaining border control, safeguarding against pandemic outbreaks, preventing acts of terror, and even discovering and eliminating identification fraud. Governments worldwide are beginning to implement information and communication security techniques …

The Importance Of Scenarios In Evaluating The Socio-Ethical Implications Of Location-Based Services, L. Perusco, Katina Michael

Professor Katina Michael

Location-based services (LBS) are those applications that utilize the position of an end-user, animal or thing based on a given device (handheld, wearable, interwoven into fabric or implanted), executed for a particular purpose. LBS applications range from those that are mission-critical to those that are used for convenience, from those that are mandatory to those that are voluntary, from those that are targeted at the mass market to those that cater for the needs of a niche market. Location services can be implemented using a variety of access mediums including global positioning systems and radio-frequency identification, rendering approximate or precise …

Location-Based Services And The Privacy-Security Dichotomy, Katina Michael, L. Perusco, M G. Michael

Professor Katina Michael

Location-based services (LBS) rely on knowledge of a user’s location to provide tailored services or information by means of a wireless device. LBS applications have wide-ranging implications for society, particularly in the context of tracking and monitoring groups of individuals such as children, invalids, and parolees. Despite a great deal of attention paid to technical and commercial aspects of LBS technologies, consideration of the legal, ethical, social and technology momentum issues involved has been wanting. This paper examines some of the more pressing issues that are expected to arise from the widespread use of LBS. The outcome of this paper …

Anonysense: Opportunistic And Privacy-Preserving Context Collection, Apu Kapadia, Nikos Triandopoulos, Cory Cornelius, Dan Peebles, David Kotz

Dartmouth Scholarship

Opportunistic sensing allows applications to “task” mobile devices to measure context in a target region. For example, one could leverage sensor-equipped vehicles to measure traffic or pollution levels on a particular street, or users' mobile phones to locate (Bluetooth-enabled) objects in their neighborhood. In most proposed applications, context reports include the time and location of the event, putting the privacy of users at increased risk—even if a report has been anonymized, the accompanying time and location can reveal sufficient information to deanonymize the user whose device sent the report. \par We propose AnonySense, a general-purpose architecture for leveraging users' mobile …

Detecting 802.11 Mac Layer Spoofing Using Received Signal Strength, Yong Sheng, Keren Tan, Guanling Chen, David Kotz, Andrew T. Campbell

Dartmouth Scholarship

MAC addresses can be easily spoofed in 802.11 wireless LANs. An adversary can exploit this vulnerability to launch a large number of attacks. For example, an attacker may masquerade as a legitimate access point to disrupt network services or to advertise false services, tricking nearby wireless stations. On the other hand, the received signal strength (RSS) is a measurement that is hard to forge arbitrarily and it is highly correlated to the transmitter's location. Assuming the attacker and the victim are separated by a reasonable distance, RSS can be used to differentiate them to detect MAC spoofing, as recently proposed …

Refocusing In 802.11 Wireless Measurement, Udayan Deshpande, Chris Mcdonald, David Kotz

Dartmouth Scholarship

The edge of the Internet is increasingly wireless. To understand the Internet, one must understand the edge, and yet the measurement of wireless networks poses many new challenges. IEEE 802.11 networks support multiple wireless channels and any monitoring technique involves capturing traffic on each of these channels to gather a representative sample of frames from the network. We call this procedure \emphchannel sampling, in which each sniffer visits each channel periodically, resulting in a sample of the traffic on each of the channels. \par This sampling approach may be sufficient, for example, for a system administrator or anomaly detection module …

Issues Common To Australian Critical Infrastructure Providers Scada Networks Discovered Through Computer And Network Vulnerability Analysis, Craig Valli

Australian Digital Forensics Conference

This paper reports on generic issues discovered as a result of conducting computer and network vulnerability assessments (CNVA) on Australian critical infrastructure providers. Generic issues discovered included policy, governance, IT specific such as segregation, patching and updating. Physical security was also lacking in some cases. Another issue was that previous security audits had failed to identify any of these issues. Of major concern is that despite education and awareness programs, and a body of knowledge referring to these issues, they are still occurring. It may be necessary for the federal government to force organisations to undergo computer and network vulnerability …

Virtual Environments Support Insider Security Violations, Iain Swanson, Patricia A.H. Williams

Australian Digital Forensics Conference

This paper describes an investigation into how an employee using a virtual environment can circumvent any or all of the security, policies and procedures within an organization. The paper discusses the fundamental issues that organizations must address to be able to detect such an attack. Attacks of this nature may be malicious with intent to cause disruption by flooding the network or disabling specific equipment, or non-malicious by quietly gathering critical information such as user names and passwords or a colleague’s internet banking details. Identification of potential residual evidence following an attack is presented. Such evidence may be used to …

Active Behavioral Fingerprinting Of Wireless Devices, Sergey Bratus, Cory Cornelius, David Kotz, Dan Peebles

Dartmouth Scholarship

We propose a simple active method for discovering facts about the chipset, the firmware or the driver of an 802.11 wireless device by observing its responses (or lack thereof) to a series of crafted non-standard or malformed 802.11 frames. We demonstrate that such responses can differ significantly enough to distinguish between a number of popular chipsets and drivers. We expect to significantly expand the number of recognized device types through community contributions of signature data for the proposed open fingerprinting framework. Our method complements known fingerprinting approaches, and can be used to interrogate and spot devices that may be spoofing …

Enhanced Security For Preventing Man-In-The-Middle Attacks In Authentication, Dataentry And Transaction Verification, Jason Wells, Damien Hutchinson, Justin Pierce

Australian Information Security Management Conference

There is increasing coverage in the literature highlighting threats to online financial systems. Attacks range from the prevalent reverse social engineering technique known as phishing; where spam emails are sent to customers with links to fake websites, to Trojans that monitor a customer’s account log on process that captures authentication details that are later replayed for financial gain. This ultimately results in loss of monetary funds for affected victims. As technological advances continue to influence the way society makes payment for goods and services, the requirement for more advanced security approaches for transaction verification in the online environment increases. This …

Evaluating The Usability Impacts Of Security Interface Adjustments In Word 2007, M Helala, S M. Furnell, M Papadaki

Australian Information Security Management Conference

Prior research has suggested that integrating security features with user goals and increasing their visibility would improve the usability of the associated functionalities. This paper investigates how these approaches affect the efficiency of use and the level of user satisfaction. The user interface of Word 2007 was modified according to these principles, with usability tests being conducted with both the original and the modified user interfaces. The results suggest that integrating security features with user goals improves the efficiency of use, but the impacts upon user satisfaction cannot be clearly identified based on the collected data. No indications of any …

Data Security Measures In The It Service Industry: A Balance Between Knowledge & Action, N. Mlitwa, Y. Kachala

Journal of Digital Forensics, Security and Law

That “knowledge is power” is fast becoming a cliché within the intelligentsia. Such power however, depends largely on how knowledge itself is exchanged and used, which says a lot about the tools of its transmission, exchange, and storage. Information and communication technology (ICT) plays a significant role in this respect. As a networked tool, it enables efficient exchanges of video, audio and text data beyond geographical and time constraints. Since this data is exchanged over the worldwide web (www), it can be accessible by anyone in the world using the internet. The risk of unauthorised access, interception, modification, or even …

Mitigating Dos Attacks Against Broadcast Authentication In Wireless Sensor Networks, Peng Ning, An Liu, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Broadcast authentication is a critical security service in wireless sensor networks. There are two general approaches for broadcast authentication in wireless sensor networks: digital signatures and µTESLA-based techniques. However, both signature-based and µTESLA-based broadcast authentication are vulnerable to Denial of Services (DoS) attacks: An attacker can inject bogus broadcast packets to force sensor nodes to perform expensive signature verifications (in case of signature-based broadcast authentication) or packet forwarding (in case of µTESLA-based broadcast authentication), thus exhausting their limited battery power. This paper presents an efficient mechanism called message specific puzzle to mitigate such DoS attacks. In addition to signature-based or …

Privacy-Maxent: Integrating Background Knowledge In Privacy Quantification, Wenliang Du, Zhouxuan Teng, Zutao Zhu

Electrical Engineering and Computer Science - All Scholarship

Privacy-Preserving Data Publishing (PPDP) deals with the publication of microdata while preserving people’s private information in the data. To measure how much private information can be preserved, privacy metrics is needed. An essential element for privacy metrics is the measure of how much adversaries can know about an individual’s sensitive attributes (SA) if they know the individual’s quasi-identifiers (QI), i.e., we need to measure P(SA | QI). Such a measure is hard to derive when adversaries’ background knowledge has to be considered. We propose a systematic approach, Privacy-MaxEnt, to integrate background knowledge in privacy quantification. Our approach is based on …

The Social Impact Of National Security Technologies: Epassports, E911 And Mobile Alerts, Holly Tootell

Faculty of Informatics - Papers (Archive)

This paper explores the adoption of emerging technologies for the purposes of national security. The three technologies chosen were ePassports, E911 and mobile alerts. The study uses a content analysis methodology drawing on popular media documentation to extract the major social and technological impacts of the technologies on citizens as they were reported. The find i ngs of the study indicate that reactions to the three technologies differed. ePassports were considered vastly different to E911 and mobile alerting predominantly because they were seen to be a controlling technology, whereas E911 and mobile alerting were viewed to be about safety and …

National Security And The Misology-Misanthropy Paradox Of Technology, George M. Mickhail

Faculty of Informatics - Papers (Archive)

The evolution of computing did not only result in the disengagement of thepopulace from its technological complexity, but also their submission to thedivine ability of 'scientists', who understand the mathematical complexityof information technologies. Socrates argued that both 'misanthropy' and'misology' stem from 'faith' placed in unreliable people and unsoundarguments. Such misplaced faith in surveillance technologies and theirprotractors, for example, often results in disengagement from debate, whichto Socrates was the antithesis to truth and wisdom. This paper explores howsociety is opting out of debate through the machinations of a neoconservativecredo that purports reason. Under the guise of freedom and democracy, suchdogma often …

Anti-Phishing Models: Main Challenges, Edina Hatunic-Webster

Conference papers

Phishing is a form of online identity theft in which the attacker attempts to fraudulently retrieve a legitimate user's account information, logon credentials or identity information in general. The compromised information is then used for withdrawing money online, taking out cash advances, or making purchases of goods and services on the accounts. Various solutions have been proposed and developed in response to phishing. As phishing is a business problem, the solutions target both non-technical and technical areas. This paper investigates the current anti-phishing solutions and critically reviews their usage, security weaknesses and their effectiveness. The analysis of these models points …

Modeling And Design Of Low Cost Customizable Household Robot, Bharat Narahari

LSU Master's Theses

Just as the growth of Personal computer, Mobile phones and Automobiles took place in last 3 decades, the personal robotics industry still in its nascent stage, is heading in the same direction. This thesis explores the concept of customizable household robots (CHR) in the robotics community. An attempt has been made to design a customizable robot by extending the 2 wheel differential drive kinematic model to 4 wheel independent differential drive kinematic model. A framework for CHR is developed which will be able to do various household repetitive tasks. Just as we can assemble a PC by buying its individual …