Physical Sciences and Mathematics Commons^™

Security Issues In Data Warehouse, Saiqa Aleem, Luiz Fernando Capretz, Faheem Ahmed Dr.

Electrical and Computer Engineering Publications

Data Warehouse (DWH) provides storage for huge amounts of historical data from heterogeneous operational sources in the form of multidimensional views, thus supplying sensitive and useful information which help decision-makers to improve the organization’s business processes. A data warehouse environment must ensure that data collected and stored in one big repository are not vulnerable. A review of security approaches specifically for data warehouse environment and issues concerning each type of security approach have been provided in this paper.

Data Preparation For Social Network Mining And Analysis, Yazhe Wang

Dissertations and Theses Collection (Open Access)

This dissertation studies the problem of preparing good-quality social network data for data analysis and mining. Modern online social networks such as Twitter, Facebook, and LinkedIn have rapidly grown in popularity. The consequent availability of a wealth of social network data provides an unprecedented opportunity for data analysis and mining researchers to determine useful and actionable information in a wide variety of fields such as social sciences, marketing, management, and security. However, raw social network data are vast, noisy, distributed, and sensitive in nature, which challenge data mining and analysis tasks in storage, efficiency, accuracy, etc. Many mining algorithms cannot …

Privacy-Preserving Sanitization In Data Sharing, Wentian Lu

Doctoral Dissertations

In the era of big data, the prospect of analyzing, monitoring and investigating all sources of data starts to stand out in every aspect of our life. The benefit of such practices becomes concrete only when analysts or investigators have the information shared from data owners. However, privacy is one of the main barriers that disrupt the sharing behavior, due to the fear of disclosing sensitive information. This dissertation describes data sanitization methods that disguise the sensitive information before sharing a dataset and our criteria are always protecting privacy while preserving utility as much as possible. In particular, we provide …

An Approach To Identity Management In Clouds Without Trusted Third Parties, Akram Y. Sarhan, Leszek T. Lilien

Akram YM Sarhan

The management of sensitive data, including identity management (IDM), is an important problem in cloud computing, fundamental for authentication and fine-grained service access control. Our goal is creating an efficient and robust IDM solution that addresses critical issues in cloud computing. The proposed IDM scheme does not rely on trusted third parties (TTPs) or trusted dealers. The scheme is a multiparty interactive solution that combines RSA distributed key generation and attribute-based encryption. We believe that it will be a robust IDM privacy-preserving solution in cloud computing, because it has the following features: (i) protects sensitive data on untrusted hosts using …

Measuring Privacy Disclosures In Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

Publicly posted URLs may contain a wealth of information about the identities and activities of the users who share them. URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. While often benign and necessary to render the web page, query strings sometimes contain tracking mechanisms, user names, email addresses, and other information that users may not wish to publicly reveal. In isolation this is not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web …

Amulet: A Secure Architecture For Mhealth Applications For Low-Power Wearable Devices, Andrés Molina-Markham, Ronald Peterson, Joseph Skinner, Tianlong Yun, Bhargav Golla, Kevin Freeman, Travis Peters, Jacob Sorber, Ryan Halter, David Kotz

Dartmouth Scholarship

Interest in using mobile technologies for health-related applications (mHealth) has increased. However, none of the available mobile platforms provide the essential properties that are needed by these applications. An mHealth platform must be (i) secure; (ii) provide high availability; and (iii) allow for the deployment of multiple third-party mHealth applications that share access to an individual's devices and data. Smartphones may not be able to provide property (ii) because there are activities and situations in which an individual may not be able to carry them (e.g., while in a contact sport). A low-power wearable device can provide higher availability, remaining …

A Privacy Risk Scoring Framework For Mobile, Jedidiah Spencer Montgomery

Theses and Dissertations

Protecting personal privacy has become an increasingly important issue as computers become a more integral part of everyday life. As people begin to trust more personal information to be contained in computers they will question if that information is safe from unwanted intrusion and access. With the rise of mobile devices (e.g., smartphones, tablets, wearable technology) users have enjoyed the convenience and availability of stored personal information in mobile devices, both in the operating system and within applications.For a mobile application to function correctly it needs permission or privileges to access and control various resources and controls on the mobile …

Uncovering Embarrassing Moments In In-Situ Exposure Of Incoming Mobile Messages, Chulhong Min, Saumay Pushp, Seungchul Lee, Inseok Hwang, Youngki Lee, Seungwoo Kang, Junehwa Song

Research Collection School Of Computing and Information Systems

Mobile instant messengers serve as major interaction media for everyday chats. Contrary to the belief that a message is seen only by a designated receiver, it can be accidentally exposed to someone nearby and could result in embarrassing moments, for example, when the receiver is viewing pictures together with his friend upon the message arrival. To understand the significance of the problem and core factors that cause such embarrassments, we collected 961 in-situ responses from 14 participants upon the actual message arrival and analyzed them from the perspective of the receiver's situation. The results showed that 29% of message arrivals …

A Wearable System That Knows Who Wears It, Cory Cornelius, Ronald Peterson, Joseph Skinner, Ryan Halter, David Kotz

Dartmouth Scholarship

Body-area networks of pervasive wearable devices are increasingly used for health monitoring, personal assistance, entertainment, and home automation. In an ideal world, a user would simply wear their desired set of devices with no configuration necessary: the devices would discover each other, recognize that they are on the same person, construct a secure communications channel, and recognize the user to which they are attached. In this paper we address a portion of this vision by offering a wearable system that unobtrusively recognizes the person wearing it. Because it can recognize the user, our system can properly label sensor data or …

Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson Higashino, Alexandra L'Heureux, David Allison, Miriam Capretz

Wilson A Higashino

In the Big Data community, MapReduce has been seen as one of the key enabling approaches for meeting continuously increasing demands on computing resources imposed by massive data sets. The reason for this is the high scalability of the MapReduce paradigm which allows for massively parallel and distributed execution over a large number of computing nodes. This paper identifies MapReduce issues and challenges in handling Big Data with the objective of providing an overview of the field, facilitating better planning and management of Big Data projects, and identifying opportunities for future research in this field. The identified challenges are grouped …

On The Privacy Concerns Of Url Query Strings, Andrew G. West, Adam J. Aviv

Andrew G. West

URLs often utilize query strings (i.e., key-value pairs appended to the URL path) as a means to pass session parameters and form data. Often times these arguments are not privacy sensitive but are necessary to render the web page. However, query strings may also contain tracking mechanisms, user names, email addresses, and other information that users may not wish to reveal. In isolation such URLs are not particularly problematic, but the growth of Web 2.0 platforms such as social networks and micro-blogging means URLs (often copy-pasted from web browsers) are increasingly being publicly broadcast.

This position paper argues that the …

Mobile Banking Security Using Gps And Ldpc Codes, Matthew Francis Moccaro

Graduate Theses and Dissertations

Mobile Banking is becoming a major part of our world's financial system. Being able to manage one's finances on a mobile device can provide services that can make users more productive. It can also serve as a means of financial freedom to those who are unable to access physical banking facilities due to distance, or other problems. However, with such freedom also comes the need for security. A person's financial information is one of the most targeted groups of information by attackers. To secure these mobile freedoms, this paper presents a system to secure mobile banking procedures using global positioning …

Towards Semantically Secure Outsourcing Of Association Rule Mining On Categorical Data, Junzuo Lai, Yingjiu Li, Robert H. Deng, Jian Weng, Chaowen Guan, Qiang Yan

Research Collection School Of Computing and Information Systems

When outsourcing association rule mining to cloud, it is critical for data owners to protect both sensitive raw data and valuable mining results from being snooped at cloud servers. Previous solutions addressing this concern add random noise to the raw data and/or encrypt the raw data with a substitution mapping. However, these solutions do not provide semantic security; partial information about raw data or mining results can be potentially discovered by an adversary at cloud servers under a reasonable assumption that the adversary knows some plaintext–ciphertext pairs. In this paper, we propose the first semantically secure solution for outsourcing association …

A Light-Weight Real-Time Privacy Protection Scheme For Video Surveillance By Unmanned Aircraft Systems, Surendra Shrestha

UNLV Theses, Dissertations, Professional Papers, and Capstones

Unmanned Aircraft Systems (UAS)have raised a great concern on privacy recently. A practical method to protect privacy is needed for adopting UAS in civilian airspace. This thesis examines the privacy policies, filtering strategies, existing techniques, then proposes a new method based on encrypted video stream and cloud-based privacy servers. In this scheme, all video surveillance images are initially encrypted, then delivered to a privacy server. The privacy server decrypts the video using the shared key with the camera, and filters the image according to the privacy policy specified for the surveyed region. The sanitized video is delivered to the surveillance …

Predicting Human Behavior, Tamara Kneese

Media Studies

Countless highly accurate predictions can be made from trace data, with varying degrees of personal or societal consequence (e.g., search engines predict hospital admission, gaming companies can predict compulsive gambling problems, government agencies predict criminal activity). Predicting human behavior can be both hugely beneficial and deeply problematic depending on the context. What kinds of predictive privacy harms are emerging? And what are the implications for systems of oversight and due process protections? For example, what are the implications for employment, health care and policing when predictive models are involved? How should varied organizations address what they can predict?

Location Privacy Under Dire Threat As 'Uberveillance' Stalks The Streets, Katina Michael, Roger Clarke

Professor Katina Michael

Citizen consent and issues surrounding location-based people-tracking - location-tracking - smart phones - covert tracking - CCTV cameras - mobile phones - warrantless tracking - Australian Mobile Telecommunications Association (AMTA) new industry guidelines - compliance with privacy legislation - need for a location privacy protection act or GPS act.

Forum Proceedings From “Uavs: Pros Vs Cons Symposium” In Toronto, Canada, June 2013, Katina Michael

Associate Professor Katina Michael

Unmanned Aerial Systems (UAS), widely referred to as drones, are becoming increasingly relevant in civilian as well as military applications. UAS have been used by emergency services to help respond to and map environmental crises, to find missing people, to fight fires, and respond to traffic accidents. Their use in policing and border patrol functions is being trialled in many Western countries. Like other recent technologies (mobile phones etc), as they become cheaper and easier to use, they are likely to become much more prevalent in civilian life across a range of applications.

This conference will examine the current state …

Vehicle Re-Routing Strategies For Congestion Avoidance, Juan Pan

Dissertations

Traffic congestion causes driver frustration and costs billions of dollars annually in lost time and fuel consumption. This dissertation introduces a cost-effective and easily deployable vehicular re-routing system that reduces the effects of traffic congestion. The system collects real-time traffic data from vehicles and road-side sensors, and computes proactive, individually tailored re-routing guidance, which is pushed to vehicles when signs of congestion are observed on their routes. Subsequently, this dissertation proposes and evaluates two classes of re-routing strategies designed to be incorporated into this system, namely, Single Shortest Path strategies and Multiple Shortest Paths Strategies.

These strategies are firstly implemented …

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

I Remember Richelieu: Is Anything Secure Anymore?, Michael G. Crowley, Michael N. Johnstone

Australian Security and Intelligence Conference

Petraeus-gate, hacked nude celebrity photos in the cloud and the recent use of a search and seizure warrant in the United States of America to seek production of customer email contents on an extraterritorial server raises important issues for the supposably safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This paper explores the legal and technical issues raised by the these matters with emphasis on the courts decision “In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and …

Privacy And Trustworthiness Management In Moving Object Environments, Sashi Gurung

Doctoral Dissertations

"The use of location-based services (LBS) (e.g., Intel's Thing Finder) is expanding. Besides the traditional centralized location-based services, distributed ones are also emerging due to the development of Vehicular Ad-hoc Networks (VANETs), a dynamic network which allows vehicles to communicate with one another. Due to the nature of the need of tracking users' locations, LBS have raised increasing concerns on users' location privacy. Although many research has been carried out for users to submit their locations anonymously, the collected anonymous location data may still be mapped to individuals when the adversary has related background knowledge.

To improve location privacy, in …

Surveillance At The Source, David Thaw

Articles

Contemporary discussion concerning surveillance focuses predominantly on government activity. These discussions are important for a variety of reasons, but generally ignore a critical aspect of the surveillance-harm calculus – the source from which government entities derive the information they use. The source of surveillance data is the information "gathering" activity itself, which is where harms like "chilling" of speech and behavior begin.

Unlike the days where satellite imaging, communications intercepts, and other forms of information gathering were limited to advanced law enforcement, military, and intelligence activities, private corporations now play a dominant role in the collection of information about individuals' …

Mining Privacy Settings To Find Optimal Privacy-Utility Tradeoffs For Social Network Services, Shumin Guo

Browse all Theses and Dissertations

Privacy has been a big concern for users of social network services (SNS). On recent criticism about privacy protection, most SNS now provide fine privacy controls, allowing users to set visibility levels for almost every profile item. However, this also creates a number of difficulties for users. First, SNS providers often set most items by default to the highest visibility to improve the utility of social network, which may conflict with users' intention. It is often formidable for a user to fine-tune tens of privacy settings towards the user desired settings. Second, tuning privacy settings involves an intricate tradeoff between …

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

Challenges For Mapreduce In Big Data, Katarina Grolinger, Michael Hayes, Wilson A. Higashino, Alexandra L'Heureux, David S. Allison, Miriam A.M. Capretz

Electrical and Computer Engineering Publications

In the Big Data community, MapReduce has been seen as one of the key enabling approaches for meeting continuously increasing demands on computing resources imposed by massive data sets. The reason for this is the high scalability of the MapReduce paradigm which allows for massively parallel and distributed execution over a large number of computing nodes. This paper identifies MapReduce issues and challenges in handling Big Data with the objective of providing an overview of the field, facilitating better planning and management of Big Data projects, and identifying opportunities for future research in this field. The identified challenges are grouped …