Physical Sciences and Mathematics Commons^™

Ggnb: Graph-Based Gaussian Naive Bayes Intrusion Detection System For Can Bus, Riadul Islam, Maloy K. Devnath, Manar D. Samad, Syed Md Jaffrey Al Kadry

Computer Science Faculty Research

The national highway traffic safety administration (NHTSA) identified cybersecurity of the automobile systems are more critical than the security of other information systems. Researchers already demonstrated remote attacks on critical vehicular electronic control units (ECUs) using controller area network (CAN). Besides, existing intrusion detection systems (IDSs) often propose to tackle a specific type of attack, which may leave a system vulnerable to numerous other types of attacks. A generalizable IDS that can identify a wide range of attacks within the shortest possible time has more practical value than attack-specific IDSs, which is not a trivial task to accomplish. In this …

Sofi: Reflection-Augmented Fuzzing For Javascript Engines, Xiaoyu He, Xiaofei Xie, Yuekang Li, Jianwen Sun, Feng Li, Wei Zou, Yang Liu, Lei Yu, Jianhua Zhou, Wenchang Shi, Wei Huo

Research Collection School Of Computing and Information Systems

JavaScript engines have been shown prone to security vulnerabilities, which can lead to serious consequences due to their popularity. Fuzzing is an effective testing technique to discover vulnerabilities. The main challenge of fuzzing JavaScript engines is to generate syntactically and semantically valid inputs such that deep functionalities can be explored. However, due to the dynamic nature of JavaScript and the special features of different engines, it is quite challenging to generate semantically meaningful test inputs.We observed that state-of-the-art semantic-aware JavaScript fuzzers usually require manually written rules to analyze the semantics for a JavaScript engine, which is labor-intensive, incomplete and engine-specific. …

Importance Of Cryptography In The Government, Gazmend Krasniqi, Agnesa Pefqeli

UBT International Conference

This paper first of all reflects the need for encryption and then the importance it has managed to accumulate over thousands of years of use. Various factors, mainly of a purpose; being powerful, have influenced the rapid development and stressed the importance of encryption in governing bodies.

Depending on in which part of the world it is used and for what reasons it is developed, the importance of cryptography in different governments has shifted to the more powerful states.

Governments have encountered conflicts due to the popularization of encryption, where users of encryption belonging to the non-governmental communities have declined …

Review Of Cybersecurity Hardware Devices, Eriselda Malaj, Galia Marinova

UBT International Conference

In the modern world, cybersecurity is an important issue in the field of technology. The main security problem is the security of the data we receive on the server side after being sent by the client or by the sensors. Nowadays cybersecurity is seen as an area where software is more important than hardware and this led to an increase in the number of securities at the software level. By increasing security at the hardware level cyber security takes another dimension. Network infrastructure devices serve for the realization of communication of applications, data, services and multi-media. These devices include firewalls, …

Study On P-Wave Velocity And Mechanical Response Characteristic Of Rock In Coal Seam Roof With Supercritical Co2 Injection, Chen Chen, He Xingyi, Niu Qinghe, Yu Hongxu, Xie Xiangyu

Coal Geology & Exploration

Deep coal seam CO₂ geological sequestration and enhanced CH₄ recovery(CO₂-ECBM) can both increase CBM recovery and achieve carbon emission reduction, possessing dual benefits of energy and environment. The geochemical reactions between supercritical CO₂(ScCO₂), water and coal seam roof can change its physical-mechanical properties and increase the risk of CO₂ leakage. In this paper, taking the roof rock of No.3 coal seam in Hudi Mine from Qinshui Basin as the research area, the ScCO₂-water-rock geochemical reaction simulation experiment was carried out to explore the geochemical reaction process of ScCO_{2 …}

Recent Advances In Wearable Sensing Technologies, Alfredo J. Perez, Sherali Zeadally

Information Science Faculty Publications

Wearable sensing technologies are having a worldwide impact on the creation of novel business opportunities and application services that are benefiting the common citizen. By using these technologies, people have transformed the way they live, interact with each other and their surroundings, their daily routines, and how they monitor their health conditions. We review recent advances in the area of wearable sensing technologies, focusing on aspects such as sensor technologies, communication infrastructures, service infrastructures, security, and privacy. We also review the use of consumer wearables during the coronavirus disease 19 (COVID-19) pandemic caused by the severe acute respiratory syndrome coronavirus …

Recent Advances In Wearable Sensing Technologies, Alfredo J. Perez, Sherali Zeadally

Computer Science Faculty Publications

Wearable sensing technologies are having a worldwide impact on the creation of novel business opportunities and application services that are benefiting the common citizen. By using these technologies, people have transformed the way they live, interact with each other and their surroundings, their daily routines, and how they monitor their health conditions. We review recent advances in the area of wearable sensing technologies, focusing on aspects such as sensor technologies, communication infrastructures, service infrastructures, security, and privacy. We also review the use of consumer wearables during the coronavirus disease 19 (COVID-19) pandemic caused by the severe acute respiratory syndrome coronavirus …

Correct Web Service Transactions In The Presence Of Malicious And Misbehaving Transactions, John Thomas Ravan Iii

Theses and Dissertations

Concurrent database transactions within a web service environment can cause a variety of problems without the proper concurrency control mechanisms in place. A few of these problems involve data integrity issues, deadlock, and efficiency issues. Even with today’s industry standard solutions to these problems, they have taken a reactive approach rather than proactively preventing these problems from happening. We deliver a solution, based on prediction-based scheduling to ensure consistency while keeping execution time the same or faster than current industry solutions. The first part of this solution involves prototyping and formally proving a prediction-based scheduler.

The prediction-based scheduler leverages a …

An Exploratory Study Of Social Support Systems To Help Older Adults In Managing Mobile Safety, Tamir Mendel, Debin Gao, David Lo, Eran Toch

Research Collection School Of Computing and Information Systems

Older adults face increased safety challenges, such as targeted online fraud and phishing, contributing to the growing technological divide between them and younger adults. Social support from family and friends is often the primary way older adults receive help, but it may also lead to reliance on others. We have conducted an exploratory study to investigate older adults' attitudes and experiences related to mobile social support technologies for mobile safety. We interviewed 18 older adults about their existing support and used the think-aloud method to gather data about a prototype for providing social support during mobile safety challenges. Our findings …

Secure Self-Checkout Kiosks Using Alma Api With Two-Factor Authentication, Ron Bulaon

Research Collection Library

Self-checkout kiosks have become a staple feature of many modern and digitized libraries. These devices are used by library patrons for self-service item loans. Most implementations are not new, in fact many of these systems are simple, straight forward and work as intended. But behind this useful technology, there is a security concern on authentication that has to be addressed.

In my proposed presentation, I will discuss the risk factors of self-checkout kiosks and propose a solution using Alma APIs. I will address the technical shortcomings of the current implementations, compared to the proposed solution, and where the weakest link …

Lightweight Mutual Authentication And Privacy Preservation Schemes For Iot Systems., Samah Mansour

Electronic Theses and Dissertations

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation …

Modeling And Analyzing Users' Privacy Disclosure Behavior To Generate Personalized Privacy Policies, A.K.M. Nuhil Mehdy

Boise State University Theses and Dissertations

Privacy and its importance to society have been studied for centuries. While our understanding and continued theory building to hypothesize how users make privacy disclosure decisions has increased over time, the struggle to find a one-size solution that satisfies the requirements of each individual remains unsolved. Depending on culture, gender, age, and other situational factors, the concept of privacy and users' expectations of how their privacy should be protected varies from person to person. The goal of this dissertation is to design and develop tools and algorithms to support personal privacy management for end-users. The foundation of this research is …

Automated Privacy Protection For Mobile Device Users And Bystanders In Public Spaces, David Darling

Graduate Theses and Dissertations

As smartphones have gained popularity over recent years, they have provided usersconvenient access to services and integrated sensors that were previously only available through larger, stationary computing devices. This trend of ubiquitous, mobile devices provides unparalleled convenience and productivity for users who wish to perform everyday actions such as taking photos, participating in social media, reading emails, or checking online banking transactions. However, the increasing use of mobile devices in public spaces by users has negative implications for their own privacy and, in some cases, that of bystanders around them.

Specifically, digital photography trends in public have negative implications for …

Who Uses Multi-Factor Authentication?, Leah Roberts

Undergraduate Honors Theses

A sample of 47 BYU students were recruited to participate in this study to determine who was using Multi-factor Authentication (MFA) on their online accounts. This study determined that there were many different factors that separated those who used MFA and those who did not. Some of those factors included: time spent on the internet each day, gender, the website itself, and personal privacy behaviors.

Federated Learning For Secure Sensor Cloud, Viraaji Mothukuri

Master of Science in Software Engineering Theses

Intelligent sensing solutions bridge the gap between the physical world and the cyber world by digitizing the sensor data collected from sensor devices. Sensor cloud networks provide resources to physical and virtual sensing devices and enable uninterrupted intelligent solutions to end-users. Thanks to advancements in machine learning algorithms and big data, the automation of mundane tasks with artificial intelligence is becoming a more reliable smart option. However, existing approaches based on centralized Machine Learning (ML) on sensor cloud networks fail to ensure data privacy. Moreover, centralized ML works with the pre-requisite to have the entire training dataset from end-devices transferred …

An Analysis Of Modern Password Manager Security And Usage On Desktop And Mobile Devices, Timothy Oesch

Doctoral Dissertations

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior.

I begin my analysis by conducting the first security evaluation of the …

Smart Contract Security: A Practitioners' Perspective, Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang

Research Collection School Of Computing and Information Systems

Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners' perceptions and practices on smart contract security. Our study uncovers practitioners' motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms …

Trust Models And Risk In The Internet Of Things, Jeffrey Hemmes

Regis University Faculty Publications

The Internet of Things (IoT) is envisaged to be a large-scale, massively heterogeneous ecosystem of devices with varying purposes and capabilities. While architectures and frameworks have focused on functionality and performance, security is a critical aspect that must be integrated into system design. This work proposes a method of risk assessment of devices using both trust models and static capability profiles to determine the level of risk each device poses. By combining the concepts of trust and secure device fingerprinting, security mechanisms can be more efficiently allocated across networked IoT devices. Simultaneously, devices can be allowed a greater degree of …

Concentration Inequalities In The Wild: Case Studies In Blockchain & Reinforcement Learning, A. Pinar Ozisik

Doctoral Dissertations

Concentration inequalities (CIs) are a powerful tool that provide probability bounds on how a random variable deviates from its expectation. In this dissertation, first I describe a blockchain protocol that I have developed, called Graphene, which uses CIs to provide probabilistic guarantees on performance. Second, I analyze the extent to which CIs are robust when the assumptions they require are violated, using Reinforcement Learning (RL) as the domain. Graphene is a method for interactive set reconciliation among peers in blockchains and related distributed systems. Through the novel combination of a Bloom filter and an Invertible Bloom Lookup Table, Graphene uses …

Using Grids As Password Entry Devices, Karol Lejmbach

Master's Theses (2009 -)

The classic text-based password has been around for a very long time. A lot of security research has been conducted on it. A set of best practices has been available for many years stressing the use of longer and more complex passwords. The issue with this approach is that humans have a hard time recalling long complex sequences of characters. Worse, the more complex the string of characters the more prone it is to being written down which is the most detrimental security threat. The goal of this paper is to introduce and provide an introductory analysis of a grid-based …

Out Of Sight, Out Of Mind? How Vulnerable Dependencies Affect Open-Source Projects, Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E. Santosa, Asankhaya Sharma, David Lo

Research Collection School Of Computing and Information Systems

Context: Software developers often use open-source libraries in their project to improve development speed. However, such libraries may contain security vulnerabilities, and this has resulted in several high-profile incidents in re- cent years. As usage of open-source libraries grows, understanding of these dependency vulnerabilities becomes increasingly important. Objective: In this work, we analyze vulnerabilities in open-source libraries used by 450 software projects written in Java, Python, and Ruby. Our goal is to examine types, distribution, severity, and persistence of the vulnerabili- ties, along with relationships between their prevalence and project as well as commit attributes. Method: Our data is obtained …

Privacy-Preserving Non-Participatory Surveillance System For Covid-19-Like Pandemics, Mahmoud Nabil, Ahmed Sherif, Mohamed Mahmoud, Waleed Alsmary, Maazen Alsabaan

Faculty Publications

COVID-19 pandemic has revealed a pressing need for an effective surveillance system to control the spread of infection. However, the existing systems are run by the people’s smartphones and without a strong participation from the people, the systems become ineffective. Moreover, these systems can be misused to spy on people and breach their privacy. Due to recent privacy breaches, people became anxious about their privacy, and without privacy reassurance, the people may not accept the systems. In this paper, we propose a non-participatory privacy-preserving surveillance system for COVID-19-like pandemics. The system aims to control the spread of COVID-19 infection without …

Quality Of Sql Code Security On Stackoverflow And Methods Of Prevention, Robert Klock

Honors Papers

This paper explores the frequency at which SQL/PHP posts on the website Stackoverflow.com contain code susceptible to SQL Injection, a common database vulnerability. Specifically, we analyze whether other users give notice of the vulnerability or provide an answer that is secure. The majority of questions analyzed were vulnerable to SQL Injection and were not corrected in their answers or brought to the attention of the original poster. To mitigate this, we present a machine learning bot which analyzes the poster’s code and alerts them of potential injection vulnerabilities, if necessary.

Improved Secure And Low Computation Authentication Protocol For Wireless Body Area Network With Ecc And 2d Hash Chain, Soohyeon Choi

Electronic Theses and Dissertations

Since technologies have been developing rapidly, Wireless Body Area Network (WBAN) has emerged as a promising technique for healthcare systems. People can monitor patients’ body condition and collect data remotely and continuously by using WBAN with small and compact wearable sensors. These sensors can be located in, on, and around the patient’s body and measure the patient’s health condition. Afterwards sensor nodes send the data via short-range wireless communication techniques to an intermediate node. The WBANs deal with critical health data, therefore, secure communication within the WBAN is important. There are important criteria in designing a security protocol for a …

Lightweight Encryption Based Security Package For Wireless Body Area Network, Sangwon Shin

Electronic Theses and Dissertations

As the demand of individual health monitoring rose, Wireless Body Area Networks (WBAN) are becoming highly distinctive within health applications. Nowadays, WBAN is much easier to access then what it used to be. However, due to WBAN’s limitation, properly sophisticated security protocols do not exist. As WBAN devices deal with sensitive data and could be used as a threat to the owner of the data or their family, securing individual devices is highly important. Despite the importance in securing data, existing WBAN security methods are focused on providing light weight security methods. This led to most security methods for WBAN …

Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi

Research outputs 2014 to 2021

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. …

Biometrics For Internet‐Of‐Things Security: A Review, Wencheng Yang, Song Wang, Nor Masri Sahri, Nickson M. Karie, Mohiuddin Ahmed, Craig Valli

Research outputs 2014 to 2021

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric …

Covid-19 And Biocybersecurity's Increasing Role On Defending Forward, Xavier Palmer, Lucas N. Potter, Saltuk Karahan

Electrical & Computer Engineering Faculty Publications

The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation …

A Review Of Security Standards And Frameworks For Iot-Based Smart Environments, Nickson M. Karie, Nor Masri Sahri, Wencheng Yang, Craig Valli, Victor R. Kebande

Research outputs 2014 to 2021

Assessing the security of IoT-based smart environments such as smart homes and smart cities is becoming fundamentally essential to implementing the correct control measures and effectively reducing security threats and risks brought about by deploying IoT-based smart technologies. The problem, however, is in finding security standards and assessment frameworks that best meets the security requirements as well as comprehensively assesses and exposes the security posture of IoT-based smart environments. To explore this gap, this paper presents a review of existing security standards and assessment frameworks which also includes several NIST special publications on security techniques highlighting their primary areas of …

Security Against Data Falsification Attacks In Smart City Applications, Venkata Praveen Kumar Madhavarapu

Doctoral Dissertations

Smart city applications like smart grid, smart transportation, healthcare deal with very important data collected from IoT devices. False reporting of data consumption from device failures or by organized adversaries may have drastic consequences on the quality of operations. To deal with this, we propose a coarse grained and a fine grained anomaly based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to detect different attacks. We also built a trust scoring metric to filter out the malicious devices. Another challenging problem is injection of …