Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Security

Discipline
Institution
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 492

Full-Text Articles in Physical Sciences and Mathematics

Preventing Browser Fingerprinting By Randomizing Canvas, Rianna Quiogue Jun 2019

Preventing Browser Fingerprinting By Randomizing Canvas, Rianna Quiogue

Honors Theses

Whether users know it or not, their online behaviors are being tracked and stored by many of the websites they visit regularly through a technique called browser fingerprinting. Just like a person's physical fingerprint can identify them, users' browser fingerprints can identify them on the Internet. This thesis outlines the techniques used in browser fingerprinting and explains how although it can be used for good, it can also be a major threat to people's online privacy and security. Since browser fingerprinting has gained popularity among many websites and advertising companies, researchers have been developing ways to counteract its ...


The Performance Cost Of Security, Lucy R. Bowen Jun 2019

The Performance Cost Of Security, Lucy R. Bowen

Master's Theses and Project Reports

Historically, performance has been the most important feature when optimizing computer hardware. Modern processors are so highly optimized that every cycle of computation time matters. However, this practice of optimizing for performance at all costs has been called into question by new microarchitectural attacks, e.g. Meltdown and Spectre. Microarchitectural attacks exploit the effects of microarchitectural components or optimizations in order to leak data to an attacker. These attacks have caused processor manufacturers to introduce performance impacting mitigations in both software and silicon.

To investigate the performance impact of the various mitigations, a test suite of forty-seven different tests was ...


Hacking The Extended Mind: The Security Implications Of The New Metaphysics, Robin L. Zebrowski May 2019

Hacking The Extended Mind: The Security Implications Of The New Metaphysics, Robin L. Zebrowski

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Computer security expert Paul Syverson has argued that there is a computer security equivalent of gaslighting: where a clever adversary could convince some system that some component that is not really a part of the system is in fact a part of the system. If non-biological items from our environments (or even pieces of our environments themselves) can be part of our minds (the standard Extended Mind hypothesis, EM), they are therefore part of our selves, and therefore subject to Syverson’s worry about boundary in a way that has not been explored before. If some version of EM holds ...


Securing Our Future Homes: Smart Home Security Issues And Solutions, Nicholas Romano Apr 2019

Securing Our Future Homes: Smart Home Security Issues And Solutions, Nicholas Romano

Senior Honors Theses

The Internet of Things, commonly known as IoT, is a new technology transforming businesses, individuals’ daily lives and the operation of entire countries. With more and more devices becoming equipped with IoT technology, smart homes are becoming increasingly popular. The components that make up a smart home are at risk for different types of attacks; therefore, security engineers are developing solutions to current problems and are predicting future types of attacks. This paper will analyze IoT smart home components, explain current security risks, and suggest possible solutions. According to “What is a Smart Home” (n.d.), a smart home is ...


Scalable Containerized Security Training Environment, Robert Sauer Apr 2019

Scalable Containerized Security Training Environment, Robert Sauer

Honors College Capstone Experience/Thesis Projects

The purpose of this project is to develop a portable application which is hosted on a server that provides an environment to safely conduct security training procedures and protocols. The project will be scalable to handle from a few to a multitude of users concurrently using a single server. For many users to perform security training simultaneously, each user must be directed to a sandbox environment, a container, where one user’s actions do not affect the website or database of other users. Furthermore, such an application should be readily deployable into any environment to provide the widest range of ...


Feasibility And Security Analysis Of Wideband Ultrasonic Radio For Smart Home Applications, Qi Xia Apr 2019

Feasibility And Security Analysis Of Wideband Ultrasonic Radio For Smart Home Applications, Qi Xia

Computer Science and Engineering: Theses, Dissertations, and Student Research

Smart home Internet-of-Things (IoT) accompanied by smart home apps has witnessed tremendous growth in the past few years. Yet, the security and privacy of the smart home IoT devices and apps have raised serious concerns, as they are getting increasingly complicated each day, expected to store and exchange extremely sensitive personal data, always on and connected, and commonly exposed to any users in a sensitive environment. Nowadays wireless smart home IoT devices rely on electromagnetic wave-based radio-frequency (RF) technology to establish fast and reliable quality network connections. However, RF has its limitations that can negatively affect the smart home user ...


Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao Apr 2019

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Disssertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information ...


Social Engineering In Call Centers And Ways To Reduce It, Maureen York Jan 2019

Social Engineering In Call Centers And Ways To Reduce It, Maureen York

Economic Crime Forensics Capstones

Social engineering is the use of trickery, deception, persuasion, emotional manipulation, impersonation, and abuse of trust to gain information or access through the use of a human interface (Thompson, 2006). Social engineering relies on the human behavior in order to gain information or access. The technique of social engineering can be performed in numerous ways and has been proven to be an effective way for perpetrators to obtain valuable information.

This capstone project, I will focus on social engineering of call centers and the steps organizations can take to reduce it. For most organizations, the call centers or customer support ...


Understanding The Ntru Cryptosystem, Benjamin Clark Jan 2019

Understanding The Ntru Cryptosystem, Benjamin Clark

Williams Honors College, Honors Research Projects

In this paper, we will examine the NTRU Public Key Cryptosystem. The NTRU cryptosystem was created by Joseph Silverman, Jeffery Hoffstein, and Jill Pipher in 1996. This system uses truncated polynomial rings to encrypt and decrypt data. It was recently released into the public domain in 2013. This paper will describe how this cryptosystem works and give a basic understanding on how to encrypt and decrypt using this system.


Security And Accuracy Of Fingerprint-Based Biometrics: A Review, Wencheng Yang, Song Wang, Jiankun Hu, Guanglou Zhang, Craig Valli Jan 2019

Security And Accuracy Of Fingerprint-Based Biometrics: A Review, Wencheng Yang, Song Wang, Jiankun Hu, Guanglou Zhang, Craig Valli

ECU Publications Post 2013

Biometric systems are increasingly replacing traditional password- and token-based authentication systems. Security and recognition accuracy are the two most important aspects to consider in designing a biometric system. In this paper, a comprehensive review is presented to shed light on the latest developments in the study of fingerprint-based biometrics covering these two aspects with a view to improving system security and recognition accuracy. Based on a thorough analysis and discussion, limitations of existing research work are outlined and suggestions for future work are provided. It is shown in the paper that researchers continue to face challenges in tackling the two ...


Analyzing Small Businesses' Adoption Of Big Data Security Analytics, Henry Mathias Jan 2019

Analyzing Small Businesses' Adoption Of Big Data Security Analytics, Henry Mathias

Walden Dissertations and Doctoral Studies

Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be ...


Using Case Studies To Teach Cybersecurity Courses, Yu Cai Dec 2018

Using Case Studies To Teach Cybersecurity Courses, Yu Cai

Journal of Cybersecurity Education, Research and Practice

This paper introduces a holistic and case-analysis teaching model by integrating case studies into cybersecurity courses. The proposed model starts by analyzing real-world cyber breaches. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is driven by case studies. The proposed model is great for teaching cybersecurity. First, the ...


User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson Dec 2018

User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson

Undergraduate Honors Theses

Simple password-based authentication provides insufficient protection against increasingly common incidents of online identity theft and data loss. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of Brigham Young University (BYU) to measure user sentiment about DUO Security, the 2FA system adopted by BYU in 2017. We find that most users consider DUO to be annoying, and about half of those surveyed expressed a preference for authentication without using a second-factor. About half of all participants reported at least one instance of ...


Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng Dec 2018

Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng

Research Collection School Of Information Systems

With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information ...


Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee Dec 2018

Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee

Research Collection School Of Information Systems

Providing secure access to smart devices such as mobiles, wearables and various other IoT devices is becoming increasinglyimportant, especially as these devices store a range of sensitive personal information. Breathing acoustics-based authentication offers a highly usable and possibly a secondary authentication mechanism for such authorized access, especially as it canbe readily applied to small form-factor devices. Executing sophisticated machine learning pipelines for such authenticationon such devices remains an open problem, given their resource limitations in terms of storage, memory and computational power. To investigate this possibility, we compare the performance of an end-to-end system for both user identification anduser verification ...


Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu Oct 2018

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu

UBT International Conference

Complexity of information systems are increasing day by day. The security of information systems that are connected to public networks can be compromised by unauthorized, and usually anonymous, attempts to access them. By using public networks businesses and other institutions are exposed to numerous risks. This leads to more and more vulnerabilities in Information Systems. This situation calls for test methods that are devised from the attacker’s perspective to ensure that test conditions are as realistic as possible. In this paper we will describe complete stages of Vulnerability Assessment and Penetration Testing on some systems in UBT and proactive ...


Information Security Concepts And Administration (Ksu), Meng Han, Lei Li, Zhigang Li, Svetana Peltsverger, Ming Yang, Guangzhi Zheng Oct 2018

Information Security Concepts And Administration (Ksu), Meng Han, Lei Li, Zhigang Li, Svetana Peltsverger, Ming Yang, Guangzhi Zheng

Computer Science and Information Technology Grants Collections

This Grants Collection for Information Security Concepts and Administration was created under a Round Ten ALG Textbook Transformation Grant.

Affordable Learning Georgia Grants Collections are intended to provide faculty with the frameworks to quickly implement or revise the same materials as a Textbook Transformation Grants team, along with the aims and lessons learned from project teams during the implementation process.

Documents are in .pdf format, with a separate .docx (Word) version available for download. Each collection contains the following materials:

  • Linked Syllabus
  • Initial Proposal
  • Final Report


Database Security And Auditing (Ksu), Lei Li, Rebecca H. Rutherfoord, Svetana Peltsverger, Richard Halstead-Nussloch, Jack Zheng, Zhigang Li Oct 2018

Database Security And Auditing (Ksu), Lei Li, Rebecca H. Rutherfoord, Svetana Peltsverger, Richard Halstead-Nussloch, Jack Zheng, Zhigang Li

Computer Science and Information Technology Grants Collections

This Grants Collection for Database Security and Auditing was created under a Round Eleven ALG Textbook Transformation Grant.

Affordable Learning Georgia Grants Collections are intended to provide faculty with the frameworks to quickly implement or revise the same materials as a Textbook Transformation Grants team, along with the aims and lessons learned from project teams during the implementation process.

Documents are in .pdf format, with a separate .docx (Word) version available for download. Each collection contains the following materials:

  • Linked Syllabus
  • Initial Proposal
  • Final Report


Malware Analysis On Android Using Supervised Machine Learning Techniques, Md Shohel Rana, Andrew H. Sung Oct 2018

Malware Analysis On Android Using Supervised Machine Learning Techniques, Md Shohel Rana, Andrew H. Sung

Faculty Publications

In recent years, a widespread research is conducted with the growth of malware resulted in the domain of malware analysis and detection in Android devices. Android, a mobile-based operating system currently having more than one billion active users with a high market impact that have inspired the expansion of malware by cyber criminals. Android implements a different architecture and security controls to solve the problems caused by malware, such as unique user ID (UID) for each application, system permissions, and its distribution platform Google Play. There are numerous ways to violate that fortification, and how the complexity of creating a ...


Saw: Wristband-Based Authentication For Desktop Computers, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz Sep 2018

Saw: Wristband-Based Authentication For Desktop Computers, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz

Open Dartmouth: Faculty Open Access Scholarship

Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords. \par We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW ...


Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz Jul 2018

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue ...


Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally Jul 2018

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources ...


Application Memory Isolation On Ultra-Low-Power Mcus, Taylor Hardin, Ryan Scott, Patrick Proctor, Josiah Hester, Jacob Sorber, David Kotz Jul 2018

Application Memory Isolation On Ultra-Low-Power Mcus, Taylor Hardin, Ryan Scott, Patrick Proctor, Josiah Hester, Jacob Sorber, David Kotz

Open Dartmouth: Faculty Open Access Scholarship

The proliferation of applications that handle sensitive user data on wearable platforms generates a critical need for embedded systems that offer strong security without sacrificing flexibility and long battery life. To secure sensitive information, such as health data, ultra-low-power wearables must isolate applications from each other and protect the underlying system from errant or malicious application code. These platforms typically use microcontrollers that lack sophisticated Memory Management Units (MMU). Some include a Memory Protection Unit (MPU), but current MPUs are inadequate to the task, leading platform developers to software-based memory-protection solutions. In this paper, we present our memory isolation technique ...


Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen Jul 2018

Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen

Information Technology & Decision Sciences Theses & Dissertations

Security is identified as a major barrier for consumers in adopting mobile payment. Although existing literature has incorporated security into the Technology Acceptance Model (TAM), the Unified Theory of Acceptance, and the Use of Technology (UTAUT) and it has investigated the way in which security affects consumers’ acceptance of mobile payment, security is a factor only in diverse research models. Studies of mobile payment that focus on security are not available. Additionally, previous studies of mobile payment are based on Direct Carrier Billing- (DCB)-based mobile payment or Near Field Communication- (NFC)-based mobile payment. The results regarding security might ...


A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt Jun 2018

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages ...


Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle Jun 2018

Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle

Interdisciplinary Informatics Faculty Publications

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users' perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security ...


Advanced Malware Detection For Android Platform, Ke Xu Jun 2018

Advanced Malware Detection For Android Platform, Ke Xu

Dissertations and Theses Collection (Open Access)

In the first quarter of 2018, 75.66% of smartphones sales were devices running An- droid. Due to its popularity, cyber-criminals have increasingly targeted this ecosys- tem. Malware running on Android severely violates end users security and privacy, allowing many attacks such as defeating two factor authentication of mobile bank- ing applications, capturing real-time voice calls and leaking sensitive information. In this dissertation, I describe the pieces of work that I have done to effectively de- tect malware on Android platform, i.e., ICC-based malware detection system (IC- CDetector), multi-layer malware detection system (DeepRefiner), and self-evolving and scalable malware detection ...


Workshop On Emerging Technology And Data Analytics For Behavioral Health, David Kotz, Sarah E. Lord, A. James O'Malley, Luke Stark, Lisa Marsch Jun 2018

Workshop On Emerging Technology And Data Analytics For Behavioral Health, David Kotz, Sarah E. Lord, A. James O'Malley, Luke Stark, Lisa Marsch

Open Dartmouth: Faculty Open Access Scholarship

Wearable and portable digital devices can support self-monitoring for patients with chronic medical conditions, individuals seeking to reduce stress, and people seeking to modify health-related behaviors such as substance use or overeating. The resulting data may be used directly by a consumer, or shared with a clinician for treatment, a caregiver for assistance, or a health coach for support. The data can also be used by researchers to develop and evaluate just-in-time interventions that leverage mobile technology to help individuals manage their symptoms and behavior in real time and as needed. Such wearable systems have huge potential for promoting delivery ...


An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook May 2018

An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook

Dr. David M Cook

Care needs to be taken to reduce the number of people who are fearful and mistrustful of using ICT where that usage is forced upon them without choice or alternative. The growing incidence of mandatory and imposed online systems can result in confusion, misuse, fear, and rejection by people with only rudimentary ICT skills. A cohort where a high percentage of such people occur is older people, defined in this study as people over the age of 60 Examples of compulsory ICT interactions include some banks limiting bank statement access through online rather than paper-based options. Other examples include the ...


An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh Apr 2018

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

  • Discussion and Dialogue

  • Research

  • Confidence Building Measures

  • Incident Response

  • Crime ...