Open Access. Powered by Scholars. Published by Universities.®

Physical Sciences and Mathematics Commons

Open Access. Powered by Scholars. Published by Universities.®

Security

Discipline
Institution
Publication Year
Publication
Publication Type
File Type

Articles 31 - 60 of 519

Full-Text Articles in Physical Sciences and Mathematics

Information Systems Security Leadership: An Empirical Study Of Behavioral Influences Of Leaders On Employees’ Security Compliance, Marcus Alan Winkfield Jan 2019

Information Systems Security Leadership: An Empirical Study Of Behavioral Influences Of Leaders On Employees’ Security Compliance, Marcus Alan Winkfield

CCE Theses and Dissertations

This empirical study examined the behavioral influences of leaders on employees’ security compliance. Organizations can use leadership concepts in the field of Information Systems (IS) security. Despite the adoption of technical and managerial approaches, organizations still face issues motivating employee IS security compliance. This dissertation argued that organizations need strong leadership to encourage employees. Using the expectancy theory, this paper created a theoretical model to help understand the influence of task and relationship-oriented leadership behaviors on nontechnical controls IS security compliance. The conceptual underpinnings translated into perceived security effort, perceived security performance, and expected security outcomes. The theoretical model was ...


"Anon What What?": Children's Understanding Of The Language Of Privacy, Stacy Black, Rezvan Joshaghani, Dhanush Kumar Ratakonda, Hoda Mehrpouyan, Jerry Alan Fails Jan 2019

"Anon What What?": Children's Understanding Of The Language Of Privacy, Stacy Black, Rezvan Joshaghani, Dhanush Kumar Ratakonda, Hoda Mehrpouyan, Jerry Alan Fails

Computer Science Faculty Publications and Presentations

Internet usage continues to increase among children ages 12 and younger. Because their digital interactions can be persistently stored, there is a need for building an understanding and foundational knowledge of privacy. We describe initial investigations into children’s understanding of privacy from a Contextual Integrity (CI) perspective by conducting semi-structured interviews. We share results – that echo what others have shown – that indicate children have limited knowledge and understanding of CI principles. We also share an initial exploration of utilizing participatory design theater as a possible educational mechanism to help children develop a stronger understanding of important privacy principles.


The Security Layer, Mark Thomas O'Neill Jan 2019

The Security Layer, Mark Thomas O'Neill

Theses and Dissertations

Transport Layer Security (TLS) is a vital component to the security ecosystem and the most popular security protocol used on the Internet today. Despite the strengths of the protocol, numerous vulnerabilities result from its improper use in practice. Some of these vulnerabilities arise from weaknesses in authentication, from the rigidity of the trusted authority system to the complexities of client certificates. Others result from the misuse of TLS by developers, who misuse complicated TLS libraries, improperly validate server certificates, employ outdated cipher suites, or deploy other features insecurely. To make matters worse, system administrators and users are powerless to fix ...


Cloud Migration Of Rpat Tool, Tanmay Gore Jan 2019

Cloud Migration Of Rpat Tool, Tanmay Gore

Creative Components

Machine learning has recently gained popularity in many engineering, science, medical and other domains outside computer science. Therefore, many researchers, scientist, students and developers are developing machine learning based applications for various purposes. However, due to a large number of technologies and application deployment platforms, these professionals spend more time learning technologies than on developing and optimizing the core logic for their applications. This paper describes the design and implementation of a new cloud-based deployment platform suitable to deploy machine learning based applications across multiple platforms. This platform focuses heavily on security, privacy, and ease of deployment for developers. It ...


Security And Accuracy Of Fingerprint-Based Biometrics: A Review, Wencheng Yang, Song Wang, Jiankun Hu, Guanglou Zhang, Craig Valli Jan 2019

Security And Accuracy Of Fingerprint-Based Biometrics: A Review, Wencheng Yang, Song Wang, Jiankun Hu, Guanglou Zhang, Craig Valli

ECU Publications Post 2013

Biometric systems are increasingly replacing traditional password- and token-based authentication systems. Security and recognition accuracy are the two most important aspects to consider in designing a biometric system. In this paper, a comprehensive review is presented to shed light on the latest developments in the study of fingerprint-based biometrics covering these two aspects with a view to improving system security and recognition accuracy. Based on a thorough analysis and discussion, limitations of existing research work are outlined and suggestions for future work are provided. It is shown in the paper that researchers continue to face challenges in tackling the two ...


Understanding The Ntru Cryptosystem, Benjamin Clark Jan 2019

Understanding The Ntru Cryptosystem, Benjamin Clark

Williams Honors College, Honors Research Projects

In this paper, we will examine the NTRU Public Key Cryptosystem. The NTRU cryptosystem was created by Joseph Silverman, Jeffery Hoffstein, and Jill Pipher in 1996. This system uses truncated polynomial rings to encrypt and decrypt data. It was recently released into the public domain in 2013. This paper will describe how this cryptosystem works and give a basic understanding on how to encrypt and decrypt using this system.


Analyzing Small Businesses' Adoption Of Big Data Security Analytics, Henry Mathias Jan 2019

Analyzing Small Businesses' Adoption Of Big Data Security Analytics, Henry Mathias

Walden Dissertations and Doctoral Studies

Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be ...


Using Case Studies To Teach Cybersecurity Courses, Yu Cai Dec 2018

Using Case Studies To Teach Cybersecurity Courses, Yu Cai

Journal of Cybersecurity Education, Research and Practice

This paper introduces a holistic and case-analysis teaching model by integrating case studies into cybersecurity courses. The proposed model starts by analyzing real-world cyber breaches. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is driven by case studies. The proposed model is great for teaching cybersecurity. First, the ...


User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson Dec 2018

User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson

Undergraduate Honors Theses

Simple password-based authentication provides insufficient protection against increasingly common incidents of online identity theft and data loss. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of Brigham Young University (BYU) to measure user sentiment about DUO Security, the 2FA system adopted by BYU in 2017. We find that most users consider DUO to be annoying, and about half of those surveyed expressed a preference for authentication without using a second-factor. About half of all participants reported at least one instance of ...


Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng Dec 2018

Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng

Research Collection School Of Information Systems

With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information ...


Healthcare Monitoring System Security Platform Using Software Defined Networking Paradigm, Mohamad Issam Khayat Nov 2018

Healthcare Monitoring System Security Platform Using Software Defined Networking Paradigm, Mohamad Issam Khayat

Information Security Theses

This thesis studies the security and privacy concerns of Healthcare Monitoring System (HMS) and proposes a state-of-the-art Security Platform for HMS using the newly emerging Software Defined Network (SDN) paradigm. In this thesis, we investigate the existing HMS architecture and the relevant solutions proposed for both security and privacy concerns in the literature today. Moreover, we develop a new HMS Security Integration Framework, in the form of a security platform for securing HMS. Finally, we perform a comparison among existing architectures and our proposed framework to highlight the added value of our proposed architecture. Our proposed integration framework eliminates the ...


Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu Oct 2018

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu

UBT International Conference

Complexity of information systems are increasing day by day. The security of information systems that are connected to public networks can be compromised by unauthorized, and usually anonymous, attempts to access them. By using public networks businesses and other institutions are exposed to numerous risks. This leads to more and more vulnerabilities in Information Systems. This situation calls for test methods that are devised from the attacker’s perspective to ensure that test conditions are as realistic as possible. In this paper we will describe complete stages of Vulnerability Assessment and Penetration Testing on some systems in UBT and proactive ...


Information Security Concepts And Administration (Ksu), Meng Han, Lei Li, Zhigang Li, Svetana Peltsverger, Ming Yang, Guangzhi Zheng Oct 2018

Information Security Concepts And Administration (Ksu), Meng Han, Lei Li, Zhigang Li, Svetana Peltsverger, Ming Yang, Guangzhi Zheng

Computer Science and Information Technology Grants Collections

This Grants Collection for Information Security Concepts and Administration was created under a Round Ten ALG Textbook Transformation Grant.

Affordable Learning Georgia Grants Collections are intended to provide faculty with the frameworks to quickly implement or revise the same materials as a Textbook Transformation Grants team, along with the aims and lessons learned from project teams during the implementation process.

Documents are in .pdf format, with a separate .docx (Word) version available for download. Each collection contains the following materials:

  • Linked Syllabus
  • Initial Proposal
  • Final Report


Database Security And Auditing (Ksu), Lei Li, Rebecca H. Rutherfoord, Svetana Peltsverger, Richard Halstead-Nussloch, Jack Zheng, Zhigang Li Oct 2018

Database Security And Auditing (Ksu), Lei Li, Rebecca H. Rutherfoord, Svetana Peltsverger, Richard Halstead-Nussloch, Jack Zheng, Zhigang Li

Computer Science and Information Technology Grants Collections

This Grants Collection for Database Security and Auditing was created under a Round Eleven ALG Textbook Transformation Grant.

Affordable Learning Georgia Grants Collections are intended to provide faculty with the frameworks to quickly implement or revise the same materials as a Textbook Transformation Grants team, along with the aims and lessons learned from project teams during the implementation process.

Documents are in .pdf format, with a separate .docx (Word) version available for download. Each collection contains the following materials:

  • Linked Syllabus
  • Initial Proposal
  • Final Report


Malware Analysis On Android Using Supervised Machine Learning Techniques, Md Shohel Rana, Andrew H. Sung Oct 2018

Malware Analysis On Android Using Supervised Machine Learning Techniques, Md Shohel Rana, Andrew H. Sung

Faculty Publications

In recent years, a widespread research is conducted with the growth of malware resulted in the domain of malware analysis and detection in Android devices. Android, a mobile-based operating system currently having more than one billion active users with a high market impact that have inspired the expansion of malware by cyber criminals. Android implements a different architecture and security controls to solve the problems caused by malware, such as unique user ID (UID) for each application, system permissions, and its distribution platform Google Play. There are numerous ways to violate that fortification, and how the complexity of creating a ...


Saw: Wristband-Based Authentication For Desktop Computers, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz Sep 2018

Saw: Wristband-Based Authentication For Desktop Computers, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

Token-based proximity authentication methods that authenticate users based on physical proximity are effortless, but lack explicit user intentionality, which may result in accidental logins. For example, a user may get logged in when she is near a computer or just passing by, even if she does not intend to use that computer. Lack of user intentionality in proximity-based methods makes them less suitable for multi-user shared computer environments, despite their desired usability benefits over passwords. \par We present an authentication method for desktops called Seamless Authentication using Wristbands (SAW), which addresses the lack of intentionality limitation of proximity-based methods. SAW ...


Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz Jul 2018

Voice Hacking: Using Smartphones To Spread Ransomware To Traditional Pcs, Bryson R. Payne, Leonardo I. Mazuran, Tamirat Abegaz

Journal of Cybersecurity Education, Research and Practice

This paper presents a voice hacking proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue ...


Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally Jul 2018

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources ...


Application Memory Isolation On Ultra-Low-Power Mcus, Taylor Hardin, Ryan Scott, Patrick Proctor, Josiah Hester, Jacob Sorber, David Kotz Jul 2018

Application Memory Isolation On Ultra-Low-Power Mcus, Taylor Hardin, Ryan Scott, Patrick Proctor, Josiah Hester, Jacob Sorber, David Kotz

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

The proliferation of applications that handle sensitive user data on wearable platforms generates a critical need for embedded systems that offer strong security without sacrificing flexibility and long battery life. To secure sensitive information, such as health data, ultra-low-power wearables must isolate applications from each other and protect the underlying system from errant or malicious application code. These platforms typically use microcontrollers that lack sophisticated Memory Management Units (MMU). Some include a Memory Protection Unit (MPU), but current MPUs are inadequate to the task, leading platform developers to software-based memory-protection solutions. In this paper, we present our memory isolation technique ...


Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen Jul 2018

Security Risk Tolerance In Mobile Payment: A Trade-Off Framework, Yong Chen

Information Technology & Decision Sciences Theses & Dissertations

Security is identified as a major barrier for consumers in adopting mobile payment. Although existing literature has incorporated security into the Technology Acceptance Model (TAM), the Unified Theory of Acceptance, and the Use of Technology (UTAUT) and it has investigated the way in which security affects consumers’ acceptance of mobile payment, security is a factor only in diverse research models. Studies of mobile payment that focus on security are not available. Additionally, previous studies of mobile payment are based on Direct Carrier Billing- (DCB)-based mobile payment or Near Field Communication- (NFC)-based mobile payment. The results regarding security might ...


A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt Jun 2018

A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt

FIU Electronic Theses and Dissertations

The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages ...


Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle Jun 2018

Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle

Interdisciplinary Informatics Faculty Publications

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users' perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security ...


Workshop On Emerging Technology And Data Analytics For Behavioral Health, David Kotz, Sarah E. Lord, A. James O'Malley, Luke Stark, Lisa Marsch Jun 2018

Workshop On Emerging Technology And Data Analytics For Behavioral Health, David Kotz, Sarah E. Lord, A. James O'Malley, Luke Stark, Lisa Marsch

Open Dartmouth: Peer-reviewed articles by Dartmouth faculty

Wearable and portable digital devices can support self-monitoring for patients with chronic medical conditions, individuals seeking to reduce stress, and people seeking to modify health-related behaviors such as substance use or overeating. The resulting data may be used directly by a consumer, or shared with a clinician for treatment, a caregiver for assistance, or a health coach for support. The data can also be used by researchers to develop and evaluate just-in-time interventions that leverage mobile technology to help individuals manage their symptoms and behavior in real time and as needed. Such wearable systems have huge potential for promoting delivery ...


Advanced Malware Detection For Android Platform, Ke Xu Jun 2018

Advanced Malware Detection For Android Platform, Ke Xu

Dissertations and Theses Collection (Open Access)

In the first quarter of 2018, 75.66% of smartphones sales were devices running An- droid. Due to its popularity, cyber-criminals have increasingly targeted this ecosys- tem. Malware running on Android severely violates end users security and privacy, allowing many attacks such as defeating two factor authentication of mobile bank- ing applications, capturing real-time voice calls and leaking sensitive information. In this dissertation, I describe the pieces of work that I have done to effectively de- tect malware on Android platform, i.e., ICC-based malware detection system (IC- CDetector), multi-layer malware detection system (DeepRefiner), and self-evolving and scalable malware detection ...


An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook May 2018

An Investigation Into Trust And Security In The Mandatory And Imposed Use Of Financial Icts Upon Older People, David Michael Cook

Dr. David M Cook

Care needs to be taken to reduce the number of people who are fearful and mistrustful of using ICT where that usage is forced upon them without choice or alternative. The growing incidence of mandatory and imposed online systems can result in confusion, misuse, fear, and rejection by people with only rudimentary ICT skills. A cohort where a high percentage of such people occur is older people, defined in this study as people over the age of 60 Examples of compulsory ICT interactions include some banks limiting bank statement access through online rather than paper-based options. Other examples include the ...


An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh Apr 2018

An Analysis Of International Agreements Over Cybersecurity, Lucas Ashbaugh

Electronic Theses and Dissertations

Research into the international agreements that increase cooperation over cybersecurity challenges is severely lacking. This is a necessary next step for bridging diplomatic challenges over cybersecurity. This work aspires to be push the bounds of research into these agreements and offer a tool that future researchers can rely on. For this research I created, and made publicly available, the International Cybersecurity Cooperation Dataset (ICCD), which contains over 350 international cybersecurity agreements and pertinent metadata. Each agreement is marked per which subtopics within cybersecurity related agreements it covers. These typologies are:

  • Discussion and Dialogue

  • Research

  • Confidence Building Measures

  • Incident Response

  • Crime ...


Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee Apr 2018

Performance Characterization Of Deep Learning Models For Breathing-Based Authentication On Resource-Constrained Devices, Jagmohan Chauhan, Jathusan Rajasegaran, Surang Seneviratne, Archan Misra, Aruan Seneviratne, Youngki Lee

Research Collection School Of Information Systems

Providing secure access to smart devices such as mobiles, wearables and various other IoT devices is becoming increasinglyimportant, especially as these devices store a range of sensitive personal information. Breathing acoustics-based authentication offers a highly usable and possibly a secondary authentication mechanism for such authorized access, especially as it canbe readily applied to small form-factor devices. Executing sophisticated machine learning pipelines for such authenticationon such devices remains an open problem, given their resource limitations in terms of storage, memory and computational power. To investigate this possibility, we compare the performance of an end-to-end system for both user identification anduser verification ...


Malware For Macintosh, Nathan C. Shinabarger, Josiah E. Bills, Richard W. Lively, Noah S. Shinabarger Apr 2018

Malware For Macintosh, Nathan C. Shinabarger, Josiah E. Bills, Richard W. Lively, Noah S. Shinabarger

The Research and Scholarship Symposium (2013-2019)

Technology is a cornerstone of modern society. Unfortunately, it seems that every new piece of technology is accompanied by five computer-security breaches elsewhere. Most people associate hacks with Windows computers. This is a problem because Apple computers, and other non-Windows systems, are also extremely vulnerable to attacks and risk being compromised. Dolos is a piece of malware we developed intended to exploit the macOS Sierra operating system. It provides a framework for running exploits and comes built in with certain control and data exfiltration capabilities. Dolos also helps destroy the misconception of "the impenetrable Macintosh computer" by showing that Apple ...


Simulations And Queueing Theory: The Effects Of Randomly Bypassing Security, Emily Ortmann Apr 2018

Simulations And Queueing Theory: The Effects Of Randomly Bypassing Security, Emily Ortmann

Masters Theses & Doctoral Dissertations

We discuss queueing theory in the setting of airport security and customs. By developing queueing simulations based on mathematical models, we explore a variety of questions related to optimal queue design with respect to efficiency, feasibility, priority, and other prescribed/variable constraints.


Exploring The Use Of Hierarchal Statistical Analysis And Deep Neural Networks To Detect And Mitigate Covert Timing Channels, Omar Darwish Apr 2018

Exploring The Use Of Hierarchal Statistical Analysis And Deep Neural Networks To Detect And Mitigate Covert Timing Channels, Omar Darwish

Dissertations

Covert timing channels provide a mechanism to transmit unauthorized information across different processes. It utilizes the inter-arrival times between the transmitted packets to hide the communicated data. It can be exploited in a variety of malevolent scenarios such as leaking military secrets, trade secrets, and other forms of Intellectual Property (IP). They can be also used as a vehicle to attack existing computing systems to disseminate software viruses or worms while bypassing firewalls, intrusion detection and protection systems, and application filters. Therefore, the detection and mitigation of covert channels is a key issue in modern Information Technology (IT) infrastructure. Many ...