Physical Sciences and Mathematics Commons^™

A Secure On-Line Credit Card Transaction Method Based On Kerberos Authentication Protocol, Jung Eun Kim

UNLV Theses, Dissertations, Professional Papers, and Capstones

Nowadays, electronic payment system is an essential part of modern business. Credit cards or debit cards have been widely used for on-site or remote transactions, greatly reducing the need for inconvenient cash transactions. However, there have been a huge number of incidents of credit card frauds over the Internet due to the security weakness of electronic payment system. A number of solutions have been proposed in the past to prevent this problem, but most of them were inconvenient and did not satisfy the needs of cardholders and merchants at the same time.

In this thesis, we present a new secure …

Dsfs: Decentralized Security For Large Parallel File Systems, Zhongying Niu, Hong Jiang, Ke Zhou, Dan Feng, Tianming Yang, Dongliang Lei, Anli Chen

CSE Technical Reports

This paper describes DSFS, a decentralized security system for large parallel file system. DSFS stores global access control lists (ACLs) in a centralized decisionmaking server and pushes pre-authorization lists (PALs) into storage devices. Thus DSFS allows users to flexibly set any access control policy for the global ACL or even change the global ACL system without having to upgrade the security code in their storage devices. With pre-authorization lists, DSFS enables a networkattached storage device to immediately authorize I/O, instead of demanding a client to acquire an authorization from a centralized authorization server at a crucial time. The client needs …

A New Algorithm On Graphical User Authentication (Gua) Based On Multi-Line Grids, Abdullah Gani

Abdullah Gani

Today user authentication stands out as one of the most essential areas in information security which has several ways of being implemented. From time in memorial authentication schemes that apply strong text-based passwords have been typically expected to offer some assurance of security. But committing to memory such strong passwords can prove to be quite a daunting task thus forcing users to resort to writing them down on pieces of papers or even storing them onto a computer file. As a means of thwarting such habits, graphical authentication has been proposed as a replacement for text-based authentication. This has been …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Faculty of Informatics - Papers (Archive)

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

A Distributed And Cooperative User Authentication Framework, C.G. Hocking, Steven Furnell, Nathan Clarke, P L Reynolds

Research outputs pre 2011

As the requirement for companies and individuals to protect information and personal details comes more into focus, the implementation of security that goes beyond the ubiquitous password or Personal Identification Number (PIN) is paramount. With the ever growing number of us utilizing more than one device simultaneously, the problem and need is compounded. This paper proposes a novel approach to security that leverages the collective confidence of user identity held by the multiplicity of devices present at any given time. User identity confidence is reinforced by sharing established credentials between devices, enabling them to make informed judgments on their own …

Dealing With Misbehavior In Distributed Systems: A Game-Theoretic Approach, Nandan Garg

Wayne State University Dissertations

Most distributed systems comprise autonomous entities interacting with each other to achieve their objectives. These entities behave selfishly when making decisions. This behavior may result in strategical manipulation of the protocols thus jeopardizing the system wide goals. Micro-economics and game theory provides suitable tools to model such interactions. We use game theory to model and study three specific problems in distributed systems. We study the problem of sharing the cost of multicast transmissions and develop mechanisms to prevent cheating in such settings. We study the problem of antisocial behavior in a scheduling mechanism based on the second price sealed bid …

Privacy-Preserving Attribute-Based Access Control In A Grid, Sang Mork Park

Browse all Theses and Dissertations

A Grid community is composed of diverse stake holders, such as data resource providers, computing resource providers, service providers, and the users of the resources and services. In traditional security systems for Grids, most of the authentication and authorization mechanisms are based on the user's identity or the user's classification information. If the authorization mechanism is based on the user's identity, fine-grained access control policies can be implemented but the scalability of the security system would be limited. If the authorization mechanism is based on the user's classification, the scalability can be improved but the fine-grained access control policies may …

Security And Performance Analysis For Rfid Protocols, Bing Liang

Dissertations and Theses Collection (Open Access)

Radio Frequency Identification (RFID) is an advanced object identification technology that has already been applied in various industries. However, the insecure nature of the communication channel between readers and tags makes RFID systems vulnerable to various kinds of attacks. In recent years, many new methods have been proposed to improve the security of RFID systems, such as disabling tags, agent management and establishing cryptographic protocols. Among them, we focus on the last approach, which is more economic and convenient in certain cases. The first part of our work is to categorize typical existing RFID protocols according to their security levels. …

Security Requirements Engineering-The Reluctant Oxymoron, Michael N. Johnstone

Australian Information Security Management Conference

Security is a focus in many systems that are developed today, yet this aspect of systems development is often relegated when the shipping date for a software product looms. This leads to problems post-implementation in terms of patches required to fix security defects or vulnerabilities. A simplistic answer is that if the code was correct in the first instance, then vulnerabilities would not exist. The reality of a complex software artefact is however, driven by other concerns. Rather than probing programs for coding errors that lead to vulnerabilities, it is perhaps more beneficial to look at the root causes of …

Assessment Of Internationalised Domain Name Homograph Attack Mitigation, Peter Hannay, Christopher Bolan

Australian Information Security Management Conference

With the advent of internationalised domains the threat posed by non-english character sets has eventuated. Whilst this phenomenon remains well known in the development and internet industry the actual implementations of popular applications have been tested to determine their resilience to homograph based attack. The research found that most provided features that overcome such attacks, but there remain a few notable exceptions. Should an attacker take advantage of such oversights a victim would likely not be able to spot a fraudulent site or email and thus provide a perfect platform for subsequent attack.

Information Security Disclosure: A Case Study, I Rosewall, M J. Warren

Australian Information Security Management Conference

New social networking systems such as Facebook are an ever evolving and developing means of social interaction, which is not only being used to disseminate information to family, friends and colleagues but as a way of meeting and interacting with "strangers" through the advent of a large number of social applications. This paper will focus upon the impact of Generation F - the Facebook Generation and their attitudes to security. The paper will be based around discussing the findings of a major UK case study and the implications that this has. The case study identifies 51 recommendations to improve the …

Covert Botnet Design And Defense Analysis, Brandon Lyle Shirley

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

Intrusion defense system (IDS) development has been largely reactionary in nature. This is especially troubling given that botnets are capable of compromising and controlling thousands of computers before security professionals develop a mitigation technique. As new exploits are created, new mitigation techniques are developed to detect infections and, where possible, remove them. This thesis breaks from this tradition of reacting to malware. Instead, it looks at possible malicious software models through analyzing existing defense systems for exploitable weaknesses.

First, this thesis presents a new specialized botnet that circumvents current network intrusion detection mechanisms. The proposed botnet coordinates external communication among …

A Privacy Framework For Mobile Health And Home-Care Systems, David Kotz, Sasikanth Avancha, Amit Baxi

Dartmouth Scholarship

In this paper, we consider the challenge of preserving patient privacy in the context of mobile healthcare and home-care systems, that is, the use of mobile computing and communications technologies in the delivery of healthcare or the provision of at-home medical care and assisted living. This paper makes three primary contributions. First, we compare existing privacy frameworks, identifying key differences and shortcomings. Second, we identify a privacy framework for mobile healthcare and home-care systems. Third, we extract a set of privacy properties intended for use by those who design systems and applications for mobile healthcare and home-care systems, linking them …

Why It Managers Don't Go For Cyber-Insurance Products, Tridib Bandyopadhyay, Vijay S. Mookerjee, Ram C. Rao

Faculty and Research Publications

Despite positive expectations, cyber-insurance products have failed to take center stage in the management of IT security risk. Market inexperience, leading to conservatism in pricing cyber-insurance instruments, is often cited as the primary reason for the limited growth of the cyber-insurance market. In contrast, here we provide a demand-side explanation for why cyber-insurance products have not lived up to their initial expectations. We highlight the presence of information asymmetry between customers and providers, showing how it leads to overpricing cyber-insurance contracts and helps explain why cyber insurance might have failed to deliver its promise as a cornerstone of IT security-management …

A Study Of Content Authentication In Proxy-Enabled Multimedia Delivery Systems: Model, Techniques, And Applications, Robert H. Deng, Yanjiang Yang

Research Collection School Of Computing and Information Systems

Compared with the direct server-user approach, the server-proxy-user architecture for multimedia delivery promises significantly improved system scalability. The introduction of the intermediary transcoding proxies between content servers and end users in this architecture, however, brings unprecedented challenges to content security. In this article, we present a systematic study on the end-to-end content authentication problem in the server-proxy-user context, where intermediary proxies transcode multimedia content dynamically. We present a formal model for the authentication problem, propose a concrete construction for authenticating generic data modality and formally prove its security. We then apply the generic construction to authenticating specific multimedia formats, for …

Kiwivault: Encryption Software For Portable Storage Devices, Trevor Bradshaw Florence

Theses and Dissertations

While many people use USB flash drives, most do not protect their stored documents. Solutions for protecting flash drives exist but inherently limit functionality found in unprotected drives such as portability, usability, and the ability to share documents between multiple people. In addition, other drawbacks are introduced such as the possibility of losing access to protected documents if a password is lost. Assuming protecting portable documents is important, in order for people to be willing to protect their documents they should be required to make as few sacrifices in functionality as possible. We introduce KiwiVault, a USB flash drive encryption …

Wireless Networks: Improved Secure Network Authentication Protocol (Isnap) For Ieee 802.16, Raheel M. Hashmi, Arooj M. Siddiqui, M. Jabeen, K. Shehzad, A. Zubair, K. S. Alimgeer

International Conference on Information and Communication Technologies

Security is amongst one of the major issues in broadband wireless access (BWA) networks. After the launch of the IEEE 802.16 standard (WiMAX), a number of security issues were reported in several articles. Ever since the beginning, work has been in progress for the neutralization of these identified threats. In this paper, the analysis of the authentication protocols implemented in WiMAX has been presented along with the description of the threats posed to them. The paper also describes security sub-layer and limitations of the existing architecture. An approach has also been presented for the prevention of these threats like the …

Dartmouth Internet Security Testbed (Dist): Building A Campus-Wide Wireless Testbed, Sergey Bratus, David Kotz, Keren Tan, William Taylor, Anna Shubina, Bennet Vance, Michael E. Locasto

Dartmouth Scholarship

We describe our experiences in deploying a campus-wide wireless security testbed. The testbed gives us the capability to monitor security-related aspects of the 802.11 MAC layer in over 200 diverse campus locations. We describe both the technical and the social challenges of designing, building, and deploying such a system, which, to the best of our knowledge, is the largest such testbed in academia (with the UCSD's Jigsaw infrastructure a close competitor). In this paper we focus on the \em testbed setup, rather than on the experimental data and results.

Data For Cybersecurity Research: Process And ‘Wish List’, Jean Camp, Lorrie Cranor, Nick Feamster, Joan Feigenbaum, Stephanie Forrest, David Kotz, Wenke Lee, Patrick Lincoln, Vern Paxson, Mike Reiter, Ron Rivest, William Sanders, Stefan Savage, Sean Smith, Eugene Spafford, Sal Stolfo

Other Faculty Materials

This document identifies data needs of the security research community. This document is in response to a request for a “data wish list”. Because specific data needs will evolve in conjunction with evolving threats and research problems, we augment the wish list with commentary about some of the broader issues for data usage.

Routing In The Dark: Pitch Black, Nathan S. Evans

Electronic Theses and Dissertations

In many networks, such as mobile ad-hoc networks and friend-to-friend overlay networks, direct communication between nodes is limited to specific neighbors. Friendto-friend “darknet” networks have been shown to commonly have a small-world topology; while short paths exist between any pair of nodes in small-world networks, it is non-trivial to determine such paths with a distributed algorithm. Recently, Clarke and Sandberg proposed the first decentralized routing algorithm that achieves efficient routing in such small-world networks.

Herein this thesis we discuss the first independent security analysis of Clarke and Sandberg’s routing algorithm. We show that a relatively weak participating adversary can render …

State Of Secure Application Development For 802.15.4, Janell Armstrong

Theses and Dissertations

A wireless sensor network consists of small, limited-resource embedded systems exchanging environment data and activating controls. These networks can be deployed in hostile environments to monitor wildlife habitats, implemented in factories to locate mobile equipment, and installed in home environments to optimize the use of utilities. Each of these scenarios requires network security to protect the network data. The IEEE 802.15.4 standard is designed for WSN communication, yet the standard states that it is not responsible for defining the initialization, distribution, updating, or management of network public keys. Individuals seeking to research security topics will find that there are many …

Beyond Output Voting: Detecting Compromised Replicas Using Hmm-Based Behavioral Distance, Debin Gao, Michael K. Reiter, Dawn Song

Research Collection School Of Computing and Information Systems

Many host-based anomaly detection techniques have been proposed to detect code-injection attacks on servers. The vast majority, however, are susceptible to "mimicry" attacks in which the injected code masquerades as the original server software, including returning the correct service responses, while conducting its attack. "Behavioral distance," by which two diverse replicas processing the same inputs are continually monitored to detect divergence in their low-level (system-call) behaviors and hence potentially the compromise of one of them, has been proposed for detecting mimicry attacks. In this paper, we present a novel approach to behavioral distance measurement using a new type of hidden …

The Not So Smart, Smart Grid: Potential Security Risks Associated With Thedeployment Of Smart Grid Technologies, Craig Valli

Australian Digital Forensics Conference

The electricity grid has been up until now a relatively stable artifice of modern industrialized nations. The power grids are the most widespread wired networks in the world. They are heavily regulated and standardized to protect the integrity, stability and reliability of supply. The grids have been essentially closed systems, this is now rapidly changing with the introduction of the network enabled smart meter. These meters are “web” accessible, connect and interact directly with electrical appliances in domiciles and businesses. This move now brings a range of extreme risks and complexities into these stable networks. This paper explores the security …

Generalized Neuron Based Secure Media Access Control Protocol For Wireless Sensor Networks, Raghavendra V. Kulkarni, Ganesh K. Venayagamoorthy, Abhishek V. Thakur, Sanjay Kumar Madria

Electrical and Computer Engineering Faculty Research & Creative Works

Security plays a pivotal role in most applications of wireless sensor networks. It is common to find inadequately secure networks confined only to controlled environments. The issue of security in wireless sensor networks is a hot research topic for over a decade. This paper presents a compact generalized neuron (GN) based medium access protocol that renders a CSMA/CD network secure against denial-of-service attacks launched by adversaries. The GN enhances the security by constantly monitoring multiple parameters that reflect the possibility that an attack is launched by an adversary. Particle swarm optimization, a popular bio-inspired evolutionary-like optimization algorithm is used for …

Security Decay: An Entropic Approach To Definition And Understanding, Michael Coole, David J. Brooks

Australian Security and Intelligence Conference

This article discusses the affect decay has within a systems approach used when implementing security strategies, in particular, the theory of defence in depth. Defence in depth is implemented within a risk management framework to reduce an organisation’s identified risks, which could lead to undesirable and unacceptable consequences. Defence in depth aims to link layered security elements into a system to ensure a holistic and functional security system, underpinned by the functions of; deter, detect, delay, response and recovery. For such a system to be commissioned and maintain its commissioning effectiveness, these functions must be performed in their sequential order …

Opportunistic Sensing: Security Challenges For The New Paradigm, Apu Kapadia, David Kotz, Nikos Triandopoulos

Dartmouth Scholarship

We study the security challenges that arise in Opportunistic people-centric sensing, a new sensing paradigm leveraging humans as part of the sensing infrastructure. Most prior sensor-network research has focused on collecting and processing environmental data using a static topology and an application-aware infrastructure, whereas opportunistic sensing involves collecting, storing, processing and fusing large volumes of data related to everyday human activities. This highly dynamic and mobile setting, where humans are the central focus, presents new challenges for information security, because data originates from sensors carried by people— not tiny sensors thrown in the forest or attached to animals. In this …

Beyond K-Anonymity: A Decision Theoretic Framework For Assessing Privacy Risk, Guy Lebanon, Monica Scannapieco, Mohamed Fouad, Elisa Bertino

Cyber Center Publications

An important issue any organization or individual has to face when managing data containing sensitive information, is the risk that can be incurred when releasing such data. Even though data may be sanitized before being released, it is still possible for an adversary to reconstruct the original data using additional information thus resulting in privacy violations. To date, however, a systematic approach to quantify such risks is not available. In this paper we develop a framework, based on statistical decision theory, that assesses the relationship between the disclosed data and the resulting privacy risk. We model the problem of deciding …

Strides Towards Better Application Security, Sathyaraj Balasubramanian

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

Static analysis tools analyze source code for vulnerabilities. However, these types of tools suffer from various problems that limit their effectiveness. This thesis examines these static analysis tools and suggests techniques for making them more efficient at detecting different types of vulnerabilities.

The thesis further analyzes possible causes for these vulnerabilities by examining the source code written by programmers of various categories. Finally, this thesis discusses solutions and techniques to improve general security awareness as well as the importance of secure coding among the students and software developers.

Localizing Sensor Networks In Un-Friendly Environments, Sriram Chellappan, Vamsi Paruchuri, Dylan Mcdonald, Arjan Durresi

Computer Science Faculty Research & Creative Works

In this paper, we study the issue of defending against a wireless sensor network (WSN) that has been deployed by a malicious enemy agent in an area of interest to us. While there can be many approaches to defend against maliciously deployed WSNs, we propose the design of a localization centric approach. Specifically, the problem we address is: given an enemy deployed WSN in an area of interest to us, how can we determine locations of the sensors without co-operating with the sensors themselves during localization. In our approach, we employ a physically mobile agent called the localizer (e.g., a …

Streaming Estimation Of Information-Theoretic Metrics For Anomaly Detection (Extended Abstract), Sergey Bratus, Joshua Brody, David Kotz, Anna Shubina

Dartmouth Scholarship

Information-theoretic metrics hold great promise for modeling traffic and detecting anomalies if only they could be computed in an efficient, scalable ways. Recent advances in streaming estimation algorithms give hope that such computations can be made practical. We describe our work in progress that aims to use streaming algorithms on 802.11a/b/g link layer (and above) features and feature pairs to detect anomalies.