Physical Sciences and Mathematics Commons^™

The Social Implications Of Covert Policing, Simon Bronitt, Clive Harfield, K. Michael

Clive Harfield

Police agencies have been accused of suffering from an acute form of technophilia. Rather than representing some dreadful disorder, this assessment reflects the strong imperative, both in police agencies and the wider community, that police must have access to the latest technologies of surveillance and crime detection.

The last decade has witnessed the proliferation of low-cost surveillance technologies, some developed specifically for law enforcement purposes. Technology once the preserve of the military or secret intelligence agencies is now within the reach of ordinary general duties police officers. The new generation of police recruits is highly adept at using new technologies. …

The Social Implications Of Covert Policing, Simon Bronitt, Clive Harfield, K. Michael

Professor Katina Michael

Police agencies have been accused of suffering from an acute form of technophilia. Rather than representing some dreadful disorder, this assessment reflects the strong imperative, both in police agencies and the wider community, that police must have access to the latest technologies of surveillance and crime detection.

The last decade has witnessed the proliferation of low-cost surveillance technologies, some developed specifically for law enforcement purposes. Technology once the preserve of the military or secret intelligence agencies is now within the reach of ordinary general duties police officers. The new generation of police recruits is highly adept at using new technologies. …

Trusted Mobile Overlays, Robert Scott Robertson

Theses and Dissertations

Sensitive information is increasingly moving online and as data moves further from the control of its owner, there are increased opportunities for it to fall into malicious hands. The Web is comprised of three untrusted components where there is a risk of information compromise: networks, service providers, and clients. This thesis presents Trusted Mobile Overlays: a system that leverages trusted mobile devices to protect users from these untrusted components of the Web, while minimizing deployment difficulties. It presents a high-level design of the system as well as a prototype that implements the design.

Threat Modelling With Stride And Uml, Michael N. Johnstone

Australian Information Security Management Conference

Threat modelling as part of risk analysis is seen as an essential part of secure systems development. Microsoft’s Security Development Lifecycle (SDL) is a well-known software development method that places security at the forefront of product initiation, design and implementation. As part of SDL, threat modelling produces data flow diagrams (DFDs) as key artefacts and uses those diagrams as mappings with STRIDE to identify threats. This paper uses a standard case study to illustrate the effects of using an alternative process model (UML activity diagrams) with STRIDE and suggests that using a more modern process diagram can generate a more …

Wikileaks: The Truth Or Not, Ian Rosewall, Matthew J. Warren

Australian Information Warfare and Security Conference

We live in the Information Age, an age where information is shared in a global context and in real time. The issue is whether all information should be disclosed. In the ‘Information Age’ do secrets still exist? Another major issue is whether groups of vigilantes are the ones who should be disclosing this information, should these vigilante groups be trusted? This paper will focus upon the impact of Wikileaks and the problem of Information disclosure especially when that information is confidential. It will identify cases for discussion. In the main these cases will be of a military flavour.

Information Security Disclosure: A Victorian Case Study, Ian Rosewall, Matthew Warren

Australian Information Security Management Conference

This paper will focus upon the impact of Generation Y and their attitudes to security. The paper will be based around discussing the findings of a recent report by the Office of Police Integrity (OPI) on “Information Security and the Victoria Police State Surveillance Unit”. Issues that will be discussed include the context of Generation Y and how they contribute to the case study, their attitudes, or their perceived attitudes to security of information. A discussion of the OPI report itself, and the issues that have arisen. A brief overview of the key findings within this report and the implications …

Micro-Blogging In The Workplace, Chia Yao Lee, Matthew Warren

Australian Information Security Management Conference

Micro-blogging services such as Twitter, Yammer, Plurk and Google Buzz have generated substantial interest among members of the business community in recent years. Many CEOs, managers and front-line employees have embraced micro-blogs as a tool for interacting with colleagues, employees, customers, suppliers and investors. Micro-blogs are considered a more informal channel than emails and official websites, and thus present a different set of challenges to businesses. As a positional paper, this paper uses a case study of a bogus Twitter account to emphasise security and ethical issues relating to (i) Trust, Accuracy and Authenticity of Information, (ii) Privacy and Confidentiality, …

The Economics Of Developing Security Embedded Software, Craig S. Wright, Tanveer A. Zia

Australian Information Security Management Conference

Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. In this paper we argue that the market models proposed are flawed and not the concept of a market itself. A well-defined software risk derivative market would improve the information exchange for both the software user and vendor removing the often touted imperfect information state that is said to believe the software industry. In this way, users could have a rational means of accurately judging software risks and costs and as such the vendor could optimally apply …

The Kerf Toolkit For Intrusion Analysis, Javed A. Aslam, Sergey Bratus, David Kotz, Ron Peterson, Brett Tofel, Daniela Rus

Javed A. Aslam

To aid system administrators with post-attack intrusion analysis, the Kerf toolkit provides an integrated front end and powerful correlation and data-representation tools, all in one package.

A Study Of Wireless Network Security, Ningwei Sun

All Capstone Projects

I intend to make a survey in wireless data security since wireless networks are very common, both for organizations and individuals. Many laptop computers have wireless cards pre-installed. The ability to enter a wireless network has great benefits. However, wireless networking has many security issues. Hackers have found wireless networks relatively easy to break into, and even use wireless technology to crack into wired network. As a result, it's very important that enterprises define effective wireless security policies that guard against unauthorized access to important resources.

My survey research may involve these following aspects: wireless network architecture, data security in …

Cloud Computing:Strategies For Cloud Computing Adoption, Faith Shimba

Dissertations

The advent of cloud computing in recent years has sparked an interest from different organisations, institutions and users to take advantage of web applications. This is a result of the new economic model for the Information Technology (IT) department that cloud computing promises. The model promises a shift from an organisation required to invest heavily for limited IT resources that are internally managed, to a model where the organisation can buy or rent resources that are managed by a cloud provider, and pay per use. Cloud computing also promises scalability of resources and on-demand availability of resources.

Although, the adoption …

Event Study Method For Validating Agent-Based Trading Simulations, Shih-Fen Cheng

Research Collection School Of Computing and Information Systems

In this paper, we introduce how one can validate an event-centric trading simulation platform that is built with multi-agent technology. The issue of validation is extremely important for agent-based simulations, but unfortunately, so far there is no one universal method that would work in all domains. The primary contribution of this paper is a novel combination of event-centric simulation design and event study approach for market dynamics generation and validation. In our event-centric design, the simulation is progressed by announcing news events that affect market prices. Upon receiving these events, event-aware software agents would adjust their views on the market …

Protecting Privacy And Ensuring Security Of Rfid Systems Using Private Authentication Protocols, Md. Endadul Hoque

Master's Theses (2009 -)

Radio Frequency IDentification (RFID) systems have been studied as an emerging technology for automatic identification of objects and assets in various applications ranging from inventory tracking to point of sale applications and from healthcare applications to e-passport. The expansion of RFID technology, however, gives rise to severe security and privacy concerns. To ensure the widespread deployment of this technology, the security and privacy threats must be addressed. However, providing solutions to the security and privacy threats has been a challenge due to extremely inadequate resources of typical RFID tags. Authentication protocols can be a possible solution to secure RFID communications. …

A Formal Context Specific Trust Model (Ftm) For Multimedia And Ubiquitous Computing Environment, Sheikh Iqbal Ahamed, Munirul M. Haque, Nilothpal Talukder

Mathematics, Statistics and Computer Science Faculty Research and Publications

In order to ensure secure sharing of resources in an ad-hoc network of handheld devices in a multimedia and ubiquitous computing environment, mutual collaboration is essential. However, the limitations, such as poor storage and computational capability of these multimedia and ubiquitous devices stand as the bottleneck for effective sharing of resources. As a result of this drawback, the adversaries are obtaining access to the new doors for security breaches. Mutual Trust is the weapon used to combat security violations by restricting malicious devices from participating in any interaction in such an open and dynamic environment. In this paper, we present …

Is Bluetooth The Right Technology For Mhealth?, Shrirang Mare, David Kotz

Dartmouth Scholarship

Many people believe mobile healthcare (mHealth) would help alleviate the rising cost of healthcare and improve the quality of service. Bluetooth, which is the most popular wireless technology for personal medical devices, is used for most of the mHealth sensing applications. In this paper we raise the question – Is Bluetooth the right technology for mHealth? To instigate the discussion we discuss some shortcomings of Bluetooth and also point out an alternative solution.

On Usable Authentication For Wireless Body Area Networks, Cory Cornelius, David Kotz

Dartmouth Scholarship

We examine a specific security problem in wireless body area networks (WBANs), what we call the ıt one body authentication problem. That is, how can we ensure that the wireless sensors in a WBAN are collecting data about one individual and not several individuals. We explore existing solutions to this problem and provide some analysis why these solutions are inadequate. Finally, we provide some direction towards a promising solution to the problem and how it can be used to create a usably secure WBAN.

Can I Access Your Data? Privacy Management In Mhealth, Aarathi Prasad, David Kotz

Dartmouth Scholarship

Mobile health (mHealth) has become important in the field of healthcare information technology, as patients begin to use mobile medical sensors to record their daily activities and vital signs. Since their medical data is collected by their sensors, the patients may wish to control data collection and distribution, so as to protect their data and share it only when the need arises. It must be possible for patients to grant or deny access to the data on the storage unit (mobile phones or personal health records (PHR)). Thus, an efficient framework is required for managing patient consent electronically, i.e.to allow …

Environmental Obfuscation Of A Cyber Physical System - Vehicle Example, Jason Madden, Bruce M. Mcmillin, Anik Sinha

Computer Science Faculty Research & Creative Works

Cyber-Physical Systems (CPSs) are deeply embedded infrastructures that have significant cyber and physical components that interact with each other in complex ways. These interactions can violate a system's security policy, leading to unintended information flow. The physical portion of such systems is inherently observable, and, as such, many methods of preserving confidentiality are not applicable. This fundamental property of CPSs presents new security challenges. To illustrate this, a vehicle composed of an embedded computer system, its operator, and its environment show how information is disclosed to an observer that is watching from the outside. The example is made of up …

Social-Technical Issues Facing The Humancentric Rfid Implantee Sub-Culture Through The Eyes Of Amal Graafstra, Amal Graafstra, K. Michael, M.G. Michael

Associate Professor Katina Michael

Radio-frequency identification (RFID) tags and transponders have traditionally been used to identify domesticated animals so that they can be reunited with their owners in the event that they stray. In the late 1990s, industry started to investigate the benefits of using RFID to identifying non-living things throughout the supply chain toward new efficiencies in business operations. Not long after, people began to consider the possibilities of getting RFID tag or transponder implants for themselves. Mr Amal Graafstra of the United States is one of the first, and probably most well-known ‘do it yourselfer’ (DIY) implantees, who enjoys building customized projects …

Social-Technical Issues Facing The Humancentric Rfid Implantee Sub-Culture Through The Eyes Of Amal Graafstra, Amal Graafstra, K. Michael, M.G. Michael

M. G. Michael

Radio-frequency identification (RFID) tags and transponders have traditionally been used to identify domesticated animals so that they can be reunited with their owners in the event that they stray. In the late 1990s, industry started to investigate the benefits of using RFID to identifying non-living things throughout the supply chain toward new efficiencies in business operations. Not long after, people began to consider the possibilities of getting RFID tag or transponder implants for themselves. Mr Amal Graafstra of the United States is one of the first, and probably most well-known ‘do it yourselfer’ (DIY) implantees, who enjoys building customized projects …

Social-Technical Issues Facing The Humancentric Rfid Implantee Sub-Culture Through The Eyes Of Amal Graafstra, Amal Graafstra, K. Michael, M.G. Michael

Professor Katina Michael

Radio-frequency identification (RFID) tags and transponders have traditionally been used to identify domesticated animals so that they can be reunited with their owners in the event that they stray. In the late 1990s, industry started to investigate the benefits of using RFID to identifying non-living things throughout the supply chain toward new efficiencies in business operations. Not long after, people began to consider the possibilities of getting RFID tag or transponder implants for themselves. Mr Amal Graafstra of the United States is one of the first, and probably most well-known ‘do it yourselfer’ (DIY) implantees, who enjoys building customized projects …

Revisiting Unpredictability-Based Rfid Privacy Models, Junzuo Lai, Robert Huijie Deng, Yingjiu Li

Research Collection School Of Computing and Information Systems

Recently, there have been several attempts in establishing formal RFID privacy models in the literature. These models mainly fall into two categories: one based on the notion of indistinguishability of two RFID tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp-privacy. Very recently, at CCS’09, Ma et al. proposed a modified unp-privacy model, referred to as unp ^′-privacy. In this paper, we first revisit the existing RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as …

Applying Information Visualization To Computer Security Applications, Robert Bruce Whitaker

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

This thesis presents two phases of research in applying visualization to network security challenges. The first phase included discovering the most useful and powerful features in existing computer security visualizations and incorporating them into the AdviseAid visualization platform, an existing software package. The incorporation of such a complete feature set required novel resolution of software engineering, human factors, and computer graphics issues. We also designed additional novel features, such as plugin interfaces, allowing for rapid prototyping and experimentation with novel visualization features and capabilities. The second phase of the research focused on the development of novel visualization techniques themselves. These …

A Secure On-Line Credit Card Transaction Method Based On Kerberos Authentication Protocol, Jung Eun Kim

UNLV Theses, Dissertations, Professional Papers, and Capstones

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.

In this thesis, we present a new secure …

Dsfs: Decentralized Security For Large Parallel File Systems, Zhongying Niu, Hong Jiang, Ke Zhou, Dan Feng, Tianming Yang, Dongliang Lei, Anli Chen

CSE Technical Reports

This paper describes DSFS, a decentralized security system for large parallel file system. DSFS stores global access control lists (ACLs) in a centralized decisionmaking server and pushes pre-authorization lists (PALs) into storage devices. Thus DSFS allows users to flexibly set any access control policy for the global ACL or even change the global ACL system without having to upgrade the security code in their storage devices. With pre-authorization lists, DSFS enables a networkattached storage device to immediately authorize I/O, instead of demanding a client to acquire an authorization from a centralized authorization server at a crucial time. The client needs …

A New Algorithm On Graphical User Authentication (Gua) Based On Multi-Line Grids, Abdullah Gani

Abdullah Gani

Today user authentication stands out as one of the most essential areas in information security which has several ways of being implemented. From time in memorial authentication schemes that apply strong text-based passwords have been typically expected to offer some assurance of security. But committing to memory such strong passwords can prove to be quite a daunting task thus forcing users to resort to writing them down on pieces of papers or even storing them onto a computer file. As a means of thwarting such habits, graphical authentication has been proposed as a replacement for text-based authentication. This has been …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Faculty of Informatics - Papers (Archive)

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

Security And Performance Analysis For Rfid Protocols, Bing Liang

Dissertations and Theses Collection (Open Access)

Radio Frequency Identification (RFID) is an advanced object identification technology that has already been applied in various industries. However, the insecure nature of the communication channel between readers and tags makes RFID systems vulnerable to various kinds of attacks. In recent years, many new methods have been proposed to improve the security of RFID systems, such as disabling tags, agent management and establishing cryptographic protocols. Among them, we focus on the last approach, which is more economic and convenient in certain cases. The first part of our work is to categorize typical existing RFID protocols according to their security levels. …

A Distributed And Cooperative User Authentication Framework, C.G. Hocking, Steven Furnell, Nathan Clarke, P L Reynolds

Research outputs pre 2011

As the requirement for companies and individuals to protect information and personal details comes more into focus, the implementation of security that goes beyond the ubiquitous password or Personal Identification Number (PIN) is paramount. With the ever growing number of us utilizing more than one device simultaneously, the problem and need is compounded. This paper proposes a novel approach to security that leverages the collective confidence of user identity held by the multiplicity of devices present at any given time. User identity confidence is reinforced by sharing established credentials between devices, enabling them to make informed judgments on their own …

Dealing With Misbehavior In Distributed Systems: A Game-Theoretic Approach, Nandan Garg

Wayne State University Dissertations

Most distributed systems comprise autonomous entities interacting with each other to achieve their objectives. These entities behave selfishly when making decisions. This behavior may result in strategical manipulation of the protocols thus jeopardizing the system wide goals. Micro-economics and game theory provides suitable tools to model such interactions. We use game theory to model and study three specific problems in distributed systems. We study the problem of sharing the cost of multicast transmissions and develop mechanisms to prevent cheating in such settings. We study the problem of antisocial behavior in a scheduling mechanism based on the second price sealed bid …