Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Security

2011

Discipline
Institution
Publication
Publication Type

Articles 1 - 28 of 28

Full-Text Articles in Physical Sciences and Mathematics

Adapt-Lite: Privacy-Aware, Secure, And Efficient Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz Oct 2011

Adapt-Lite: Privacy-Aware, Secure, And Efficient Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Although some work on mHealth sensing has addressed security, achieving strong security and privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose Adapt-lite, a set of two techniques that can be applied to existing wireless ...


Hide-N-Sense: Privacy-Aware Secure Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz Sep 2011

Hide-N-Sense: Privacy-Aware Secure Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Furthermore, individuals can become better engaged in monitoring and managing their own health. Although some work on mHealth sensing has addressed security, achieving strong privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose an mHealth ...


Security Systems Based On Gaussian Integers : Analysis Of Basic Operations And Time Complexity Of Secret Transformations, Aleksey Koval Aug 2011

Security Systems Based On Gaussian Integers : Analysis Of Basic Operations And Time Complexity Of Secret Transformations, Aleksey Koval

Dissertations

Many security algorithms currently in use rely heavily on integer arithmetic modulo prime numbers. Gaussian integers can be used with most security algorithms that are formulated for real integers. The aim of this work is to study the benefits of common security protocols with Gaussian integers. Although the main contribution of this work is to analyze and improve the application of Gaussian integers for various public key (PK) algorithms, Gaussian integers were studied in the context of image watermarking as well.

The significant benefits of the application of Gaussian integers become apparent when they are used with Discrete Logarithm Problem ...


A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen Aug 2011

A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen

International Cyber Resilience conference

Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical ...


Heaven And Hell: Visions For Pervasive Adaptation, Ben Paechter, Jeremy Pitt, Nikola Serbedzijac, Katina Michael, Jennifer Willies, Ingi Helgason Jun 2011

Heaven And Hell: Visions For Pervasive Adaptation, Ben Paechter, Jeremy Pitt, Nikola Serbedzijac, Katina Michael, Jennifer Willies, Ingi Helgason

Professor Katina Michael

With everyday objects becoming increasingly smart and the “info-sphere” being enriched with nanosensors and networked to computationally-enabled devices and services, the way we interact with our environment has changed significantly, and will continue to change rapidly in the next few years. Being user-centric, novel systems will tune their behaviour to individuals, taking into account users’ personal characteristics and preferences. But having a pervasive adaptive environment that understands and supports us “behaving naturally” with all its tempting charm and usability, may also bring latent risks, as we seamlessly give up our privacy (and also personal control) to a pervasive world of ...


Recognizing Whether Sensors Are On The Same Body, Cory Cornelius, David Kotz Jun 2011

Recognizing Whether Sensors Are On The Same Body, Cory Cornelius, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

As personal health sensors become ubiquitous, we also expect them to become interoperable. That is, instead of closed, end-to-end personal health sensing systems, we envision standardized sensors wirelessly communicating their data to a device many people already carry today, the cellphone. In an open personal health sensing system, users will be able to seamlessly pair off-the-shelf sensors with their cellphone and expect the system to ıt just work. However, this ubiquity of sensors creates the potential for users to accidentally wear sensors that are not necessarily paired with their own cellphone. A husband, for example, might mistakenly wear a heart-rate ...


Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo Apr 2011

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

Faculty Scholarship at Penn Law

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital ...


Hardening Software Against Memory Errors And Attacks, Albert Eugene Novark Feb 2011

Hardening Software Against Memory Errors And Attacks, Albert Eugene Novark

Open Access Dissertations

Programs written in C and C++ are susceptible to a number of memory errors, including buffer overflows and dangling pointers. At best, these errors cause crashes or performance degradation. At worst, they enable security vulnerabilities, allowing denial-of-service or remote code execution. Existing runtime systems provide little protection against these errors. They allow minor errors to cause crashes and allow attackers to consistently exploit vulnerabilities. In this thesis, we introduce a series of runtime systems that protect deployed applications from memory errors. To guide the design of our systems, we analyze how errors interact with memory allocators to allow consistent exploitation ...


Anonysense: A System For Anonymous Opportunistic Sensing, Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos Feb 2011

Anonysense: A System For Anonymous Opportunistic Sensing, Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emphtasks\/ to be distributed across participating mobile devices, later receiving verified, yet anonymized, sensor data \emphreports\/ back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our security goals, threat model, and the architecture and protocols of AnonySense. We also describe how AnonySense can support extended security features that can be useful for different applications. We evaluate the security and feasibility of AnonySense through security analysis and prototype ...


Nuclear Reprocessing: A Crucial Part Of Our Future, Brendan M. Casey Jan 2011

Nuclear Reprocessing: A Crucial Part Of Our Future, Brendan M. Casey

Theses and Dissertations

No abstract provided.


A Preliminary Investigation Of Distributed And Cooperative User Authentication, C G. Hocking, S M. Furnell, N L. Clarke, P L. Reynolds Jan 2011

A Preliminary Investigation Of Distributed And Cooperative User Authentication, C G. Hocking, S M. Furnell, N L. Clarke, P L. Reynolds

Australian Information Security Management Conference

Smartphones and other highly mobile yet sophisticated technologies are rapidly spreading through society and increasingly finding their way into pockets and handbags. As reliance upon these intensifies and familiarity grows, human nature dictates that more and more personal details and information is now to be found upon such devices. The need to secure and protect this valuable and desirable information is becoming ever more prevalent. Building upon previous work which proposed a novel approach to user authentication, an Authentication Aura, this paper investigates the latent security potential contained in surrounding devices in everyday life. An experiment has been undertaken to ...


Using Checklists To Make Better Best, Craig S. Wright, Tanveer A. Zia Jan 2011

Using Checklists To Make Better Best, Craig S. Wright, Tanveer A. Zia

Australian Information Security Management Conference

The more routine a task is we see the greater the need for a checklist. Even the smartest of us can forget where we parked our cars on returning from a long flight. So, the question is, why not create a straightforward checklist that will improve system management and security? In Information Technology operations, the vast majority of skilled people have re-built servers, but in an incident response situation, it can be unforgivable to overlook a serious security configuration simply because in the stress of the environment causes one to lose track of which stage they were on while being ...


An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia Jan 2011

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia

Australian Information Security Management Conference

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with ...


Cloud Computing Concerns In Developing Economies, Mathias Mujinga, Baldreck Chipangura Jan 2011

Cloud Computing Concerns In Developing Economies, Mathias Mujinga, Baldreck Chipangura

Australian Information Security Management Conference

Cloud computing promises to bring substantial benefits to how organizations conduct their businesses and the way their services reach out to potential consumers. Cloud computing is a welcome initiative for small businesses that cannot afford to invest in ICT infrastructure but need to benefit from the rewards of conducting business online. In developing economies, there are challenges that face cloud services providers and their consumers. Broadband network access was identified as the main essential service for a successful cloud computing offering. The objective of this paper is to give background information on the security issues in cloud computing, and highlight ...


Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone Jan 2011

Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone

Australian Information Security Management Conference

Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.


Programmable Logic Controller Based Fibre Bragg Grating In-Ground Intrusion Detection System, Gary Allwood, Graham Wild, Steven Hinckley Jan 2011

Programmable Logic Controller Based Fibre Bragg Grating In-Ground Intrusion Detection System, Gary Allwood, Graham Wild, Steven Hinckley

Australian Security and Intelligence Conference

In this paper we present an in-ground intrusion detection system for security applications. Here, an optical fibre pressure switch is directly connected to a standard digital input of a programmable logic controller (PLC). This is achieved using an intensiometric detection system, where a laser diode and Fibre Bragg Grating (FBG) are optically mismatched, resulting in a static dc offset from the transmitted and reflected optical power signals. Pressure applied to the FBG, as the intruder stepped on it, induced a wavelength shift in the FBG. The wavelength shift was then converted into an intensity change as the wavelength of the ...


Prox-Rbac: A Proximity-Based Spatially Aware Rbac, Michael Kirkpatrick, Maria Luisa Damiani, Elisa Bertino Jan 2011

Prox-Rbac: A Proximity-Based Spatially Aware Rbac, Michael Kirkpatrick, Maria Luisa Damiani, Elisa Bertino

Cyber Center Publications

As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints. In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of ...


Privacy-Preserving Assessment Of Location Data Trustworthiness, Chenyun Dai, Fang-Yu Rao, Gabriel Ghinita, Elisa Bertino Jan 2011

Privacy-Preserving Assessment Of Location Data Trustworthiness, Chenyun Dai, Fang-Yu Rao, Gabriel Ghinita, Elisa Bertino

Cyber Center Publications

Assessing the trustworthiness of location data corresponding to individuals is essential in several applications, such as forensic science and epidemic control. To obtain accurate and trustworthy location data, analysts must often gather and correlate information from several independent sources, e.g., physical observation, witness testimony, surveillance footage, etc. However, such information may be fraudulent, its accuracy may be low, and its vol-
ume may be insufficient to ensure highly trustworthy data. On the other hand, recent advancements in mobile computing and positioning systems, e.g., GPS-enabled cell phones, highway sensors, etc., bring new and effective technological means to track the ...


An Analysis Of Remote Biometric Authentication With Windows, Brandy Marie Eyers Jan 2011

An Analysis Of Remote Biometric Authentication With Windows, Brandy Marie Eyers

Graduate Theses and Dissertations

One thing that everyone seems to be worried about when it comes to his or her computer is security. If your computer is not secure then private information could be stolen. Many people now use passwords to protect themselves though they are discovering that using multi-factor authentication is much more secure. It allows you to use multiple different proofs of who you are. Biometrics is one of the ways to prove identity. Using it, you could log into a system with just a fingerprint, which is something that is very difficult to steal. We present a suite of software tools ...


Grouper: A Packet Classification Algorithm Allowing Time-Space Tradeoffs, Joshua Adam Kuhn Jan 2011

Grouper: A Packet Classification Algorithm Allowing Time-Space Tradeoffs, Joshua Adam Kuhn

Graduate Theses and Dissertations

This thesis presents an algorithm for classifying packets according to arbitrary

(including noncontiguous) bitmask rules. As its principal novelty, the algorithm

is parameterized by the amount of memory available and can customize its data

structures to optimize classification time without exceeding the given memory

bound. The algorithm thus automatically trades time for space efficiency as

needed. The two extremes of this time-space tradeoff (linear search through the

rules versus a single table that maps every possible packet to its class number)

are special cases of the general algorithm we present. Additional features of

the algorithm include its simplicity, its open-source ...


Zero Knowledge Protocols, Caitlin Bonnar Jan 2011

Zero Knowledge Protocols, Caitlin Bonnar

Undergraduate Honors Theses

In this day and age, it is commonplace to spend part of our day on the Internet. Whether to check e-mail, purchase goods, manage a bank account, or merely browse interesting sites, we rely on certain security measures to keep personal information safe from unwanted outsiders. Within the field of cryptography there are many techniques and algorithms that have provided top-notch security for our methods of communication today, yet as technology advances and as loopholes are found, we are constantly looking for novel ways to protect our information. Introduced approximately 25 years ago by Goldwasser, Micali, and Rackoff, zero knowledge ...


Security Risk Management: A Psychometric Map Of Expert Knowledge Structure, David Brooks Jan 2011

Security Risk Management: A Psychometric Map Of Expert Knowledge Structure, David Brooks

ECU Publications 2011

The security industry operates within a diverse and multi-disciplined knowledge base, with risk management as a fundamental knowledge domain within security to mitigate its risks. Nevertheless, there has been limited research in understanding and mapping security expert knowledge structures within security risk management to consider if parts of security risk management are unique from more general risk management. This interpretive study applied a technique of multidimensional scaling (MDS) to develop and present a psychometric map within the knowledge domain of security risk management, validated with expert interviews. The psychometric MDS security risk management concept map presented the expert knowledge structure ...


Modularizing Crosscutting Concerns In Software, Nalin Saigal Jan 2011

Modularizing Crosscutting Concerns In Software, Nalin Saigal

Graduate Theses and Dissertations

Code modularization provides benefits throughout the software life cycle; however, the presence of crosscutting concerns (CCCs) in software hinders its complete modularization. Traditional modularization techniques work well under the assumption that code being modularized is functionally orthogonal to the rest of the code; as a result, software engineers try to separate code segments that are orthogonal in their functionality into distinct modules. However, in practice, software does not decompose neatly into modules with distinct, orthogonal functionality. In this thesis, we investigate the modularization of CCCs in software using two different techniques.

Firstly, we discuss IVCon, a GUI-based tool that provides ...


Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler Jan 2011

Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler

Information Systems and Quantitative Analysis Faculty Proceedings & Presentations

Deception in computer-mediated communication is a widespread phenomenon. Cyber criminals are exploiting technological mediums to communicate with potential targets as these channels reduce both the deception cues and the risk of detection itself. A prevalent deception-based attack in computer-mediated communication is phishing. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying and rejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as ...


Improving Security Of Q-Sdh Based Digital Signatures, Fuchun Guo, Yi Mu, Willy Susilo Jan 2011

Improving Security Of Q-Sdh Based Digital Signatures, Fuchun Guo, Yi Mu, Willy Susilo

Faculty of Informatics - Papers (Archive)

In Eurocrypt 2009, Hohenberger and Waters pointed out that a complexity assumption, which restricts the adversary to a single correct response, seems inherently more reliable than their flexible counterparts. The q-SDH assumption is less reliable than standard assumptions because its solution allows exponential answers. On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof. In this paper, we propose a variant of the q-SDH assumption, so that its correct answers are polynomial and no longer exponentially many. The new assumption is much more reliable and weaker than the original q-SDH assumption. We propose ...


On The Applications Of Deterministic Chaos For Encrypting Data On The Cloud, Jonathan Blackledge, Nikolai Ptitsyn Jan 2011

On The Applications Of Deterministic Chaos For Encrypting Data On The Cloud, Jonathan Blackledge, Nikolai Ptitsyn

Conference papers

Cloud computing is expected to grow considerably in the future because it has so many advantages with regard to sale and cost, change management, next generation architectures, choice and agility. However, one of the principal concerns for users of the Cloud is lack of control and above all, data security. This paper considers an approach to encrypting information before it is ‘placed’ on the Cloud where each user has access to their own encryption algorithm, an algorithm that is based on a set of iterated function systems that outputs a chaotic number stream, designed to produce a cryptographically secure cipher ...


A Threat Taxonomy For Mhealth Privacy, David Kotz Jan 2011

A Threat Taxonomy For Mhealth Privacy, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

Networked mobile devices have great potential to enable individuals (and their physicians) to better monitor their health and to manage medical conditions. In this paper, we examine the privacy-related threats to these so-called \emphmHealth\/ technologies. We develop a taxonomy of the privacy-related threats, and discuss some of the technologies that could support privacy-sensitive mHealth systems. We conclude with a brief summary of research challenges.


Exploring Identity Management At Community Colleges In Texas With Open Access To College Computer Networks, Michael John Callahan Jan 2011

Exploring Identity Management At Community Colleges In Texas With Open Access To College Computer Networks, Michael John Callahan

Walden Dissertations and Doctoral Studies

The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state's mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron's internal security management model with the external trust models of the Liberty Alliance and Microsoft ...