Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

Discipline
Institution
Keyword
Publication Year
Publication
Publication Type
File Type

Articles 1 - 30 of 4188

Full-Text Articles in Information Security

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng Aug 2024

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …


Development Of Cyber Security Platform For Experiential Learning, Abhishek Vaish, Ravindra Kumar, Samo Bobek, Simona Sternad Jun 2024

Development Of Cyber Security Platform For Experiential Learning, Abhishek Vaish, Ravindra Kumar, Samo Bobek, Simona Sternad

Journal of Cybersecurity Education, Research and Practice

The cyber security education market has grown-up exponentially, with a CAGR of 13.9 % as reported by Data Intelo. The report published by the World Economic Fo- rum 2023 indicates a shortfall of 2.27 million cyber security experts in 2021 across different roles and hence manifest that Skill-based cyber security education is the need of the hour. Cybersecurity as a field has evolved as a multi-discipline, multi-stakeholder and multi-role discipline. Therefore, the need to address formal education with an outcome-based philosophy is imperative to address for a wider audience with varied past training in their formal education. With the Internet …


Federated Learning Based Autoencoder Ensemble System For Malware Detection On Internet Of Things Devices, Steven Edward Arroyo Jun 2024

Federated Learning Based Autoencoder Ensemble System For Malware Detection On Internet Of Things Devices, Steven Edward Arroyo

Theses and Dissertations

New technologies are being introduced at a rate faster than ever before and smaller in size. Due to the size of these devices, security is often difficult to implement. The existing solution is a firewall-segmented “IoT Network” that only limits the effect of these infected devices on other parts of the network. We propose a lightweight unsupervised hybrid-cloud ensemble anomaly detection system for malware detection. We perform transfer learning using a generalized model trained on multiple IoT device sources to learn network traffic on new devices with minimal computational resources. We further extend our proposed system to utilize federated learning …


An Alternative Approach To Data Carving Portable Document Format (Pdf) Files, Kevin Hughes, Michael Black Jun 2024

An Alternative Approach To Data Carving Portable Document Format (Pdf) Files, Kevin Hughes, Michael Black

Journal of Cybersecurity Education, Research and Practice

Traditional data carving relies on the successful identification of headers and trailers, unique hexadecimal signatures which are exclusive to specific file types. This can present a challenge for digital forensics examiners when pitted against modern anti-forensics techniques. The interest of this study is file signature obfuscation, a technique which alters headers and trailers. This research will focus on the development of a new, proof-of-concept algorithm that analyzes content in segments based on unique elements found within the body of a file. The file type being targeted is the Portable Document Format (PDF) and this research is built upon previously successful …


Singleadv: Single-Class Target-Specific Attack Against Interpretable Deep Learning Systems, Eldor Abdukhamidov, Mohammed Abuhamad, George K. Thiruvathukal, Hyoungshick Kim, Tamer Abuhmed May 2024

Singleadv: Single-Class Target-Specific Attack Against Interpretable Deep Learning Systems, Eldor Abdukhamidov, Mohammed Abuhamad, George K. Thiruvathukal, Hyoungshick Kim, Tamer Abuhmed

Computer Science: Faculty Publications and Other Works

In this paper, we present a novel Single-class target-specific Adversarial attack called SingleADV. The goal of SingleADV is to generate a universal perturbation that deceives the target model into confusing a specific category of objects with a target category while ensuring highly relevant and accurate interpretations. The universal perturbation is stochastically and iteratively optimized by minimizing the adversarial loss that is designed to consider both the classifier and interpreter costs in targeted and non-targeted categories. In this optimization framework, ruled by the first- and second-moment estimations, the desired loss surface promotes high confidence and interpretation score of adversarial samples. By …


Supporting South Korea’S Aging Population: How Ai And Iot Acceptance Connects The Young And Old, Bobby Im May 2024

Supporting South Korea’S Aging Population: How Ai And Iot Acceptance Connects The Young And Old, Bobby Im

Master's Projects and Capstones

In 2024, South Korea surpassed every other nation by becoming the country with the lowest fertility rate (below 0.7%). Population decline will hinder future ability to care for their aging population and although the government and private corporations are investing millions of dollars on developing Artificial Intelligence-Internet of Things (AI-IoT) devices to support the aging, the acceptance levels and the amount of family support required is undervalued. By examining AI-IoT’s current use and role in South Korea’s public health system this paper shows how intergenerational support helps optimize existing procedures and equipment, increases the level of acceptance and use, and …


Securing The Internet Of Things At Scale, Steven L. Willoughby May 2024

Securing The Internet Of Things At Scale, Steven L. Willoughby

Student Research Symposium

The world of the connected “Internet of Things” (IoT), including the "Industrial Internet of Things" (IIoT) is expanding to include more devices which observe and influence our daily lives, routines, locations, and even our state of health. But have the underlying protocols by which they communicate this data kept pace with the need to protect our privacy and security?

My talk will introduce my research into an approach to better secure this information flow using appropriate access controls without sacrificing performance. I will assess the historical challenges and simple access controls applied to IoT networking protocols and how they can …


A Novel Caching Algorithm For Efficient Fine-Grained Access Control In Database Management Systems, Anadi Shakya May 2024

A Novel Caching Algorithm For Efficient Fine-Grained Access Control In Database Management Systems, Anadi Shakya

Student Research Symposium

Fine-grained access Control (FGAC) in DBMS is vital for restricting user access to authorized data and enhancing security. FGAC policies govern how users are granted access to specific resources based on detailed criteria, ensuring security and privacy measures. Traditional methods struggle with scaling policies to thousands, causing delays in query responses. This paper introduces a novel caching algorithm designed to address this challenge by accelerating query processing and ensuring compliance with FGAC policies. In our approach, we create a circular hashmap and employ different replacement techniques to efficiently manage the cache, prioritizing entries that are visited more frequently. To evaluate …


Improving Tattle-Tale K-Deniability, Nicholas G.E. Morales May 2024

Improving Tattle-Tale K-Deniability, Nicholas G.E. Morales

Student Research Symposium

Ensuring privacy for databases is an ongoing struggle. While the majority of work has focused on using access control lists to protect sensitive data these methods are vulnerable to inference attacks. A set of algorithms, referred to as Tattle-Tale, was developed that could protect sensitive data from being inferred however its runtime performance wasn’t suitable for production code. This set of algorithms contained two main subsets, Full Deniability and K-Deniability. My research focused on improving the runtime or utility of the K-Deniability algorithms. I investigated the runtime of the K-Deniability algorithms to identify what was slowing the process down. Aside …


Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin May 2024

Generative Machine Learning For Cyber Security, James Halvorsen, Dr. Assefaw Gebremedhin

Military Cyber Affairs

Automated approaches to cyber security based on machine learning will be necessary to combat the next generation of cyber-attacks. Current machine learning tools, however, are difficult to develop and deploy due to issues such as data availability and high false positive rates. Generative models can help solve data-related issues by creating high quality synthetic data for training and testing. Furthermore, some generative architectures are multipurpose, and when used for tasks such as intrusion detection, can outperform existing classifier models. This paper demonstrates how the future of cyber security stands to benefit from continued research on generative models.


Examining Outcomes Of Privacy Risk And Brand Trust On The Adoption Of Consumer Smart Devices, Marianne C. Loes May 2024

Examining Outcomes Of Privacy Risk And Brand Trust On The Adoption Of Consumer Smart Devices, Marianne C. Loes

<strong> Theses and Dissertations </strong>

With more connected devices on earth than there are people, Internet of Things (IoT) is arguably just as innovative as the original introduction of the Internet. Though much of the research on technology acceptance and adoption has been conducted in organizational settings, the consumer use of IoT technologies, such as smart devices, is becoming a fertile field of research. The merger of these research streams is especially relevant from a societal perspective as smart devices become more embedded in consumer’s daily lives, particularly with the introduction of the “meta verse.” While original technology acceptance research is limited to two system-specific …


Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen May 2024

Cmd: Co-Analyzed Iot Malware Detection And Forensics Via Network And Hardware Domains, Ziming Zhao, Zhaoxuan Li, Jiongchi Yu, Fan Zhang, Xiaofei Xie, Haitao Xu, Binbin Chen

Research Collection School Of Computing and Information Systems

With the widespread use of Internet of Things (IoT) devices, malware detection has become a hot spot for both academic and industrial communities. Existing approaches can be roughly categorized into network-side and host-side. However, existing network-side methods are difficult to capture contextual semantics from cross-source traffic, and previous host-side methods could be adversary-perceived and expose risks for tampering. More importantly, a single perspective cannot comprehensively track the multi-stage lifecycle of IoT malware. In this paper, we present CMD, a co-analyzed IoT malware detection and forensics system by combining hardware and network domains. For the network part, CMD proposes a tailored …


Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas May 2024

Multi-Script Handwriting Identification By Fragmenting Strokes, Joshua Jude Thomas

<strong> Theses and Dissertations </strong>

This study tests the effectiveness of Multi-Script Handwriting Identification after simplifying character strokes, by segmenting them into sub-parts. Character simplification is performed through splitting the character by branching-points and end-points, a process called stroke fragmentation in this study. The resulting sub-parts of the character are called stroke fragments and are evaluated individually to identify the writer. This process shares similarities with the concept of stroke decomposition in Optical Character Recognition which attempts to recognize characters through the writing strokes that make them up. The main idea of this study is that the characters of different writing‑scripts (English, Chinese, etc.) may …


Guardians Of The Data: Government Use Of Ai And Iot In The Digital Age, Jannat Saeed May 2024

Guardians Of The Data: Government Use Of Ai And Iot In The Digital Age, Jannat Saeed

Honors Theses

The exponential growth of technology, epitomized by Moore's Law – “the observation that the number of transistors on an integrated circuit will double every two years”– has propelled the swift evolution of Artificial Intelligence (AI) and Internet of Things (IoT) technologies. This phenomenon has revolutionized various facets of daily life, from smart home devices to autonomous vehicles, reshaping how individuals interact with the world around them. However, as governments worldwide increasingly harness these innovations to monitor and collect personal data, profound privacy concerns have arisen among the general populace. Despite the ubiquity of AI and IoT in modern society, formal …


Exploring Decentralized Computing Using Solid And Ipfs For Social Media Applications, Pranav Balasubramanian Natarajan May 2024

Exploring Decentralized Computing Using Solid And Ipfs For Social Media Applications, Pranav Balasubramanian Natarajan

Computer Science and Computer Engineering Undergraduate Honors Theses

As traditional centralized social media platforms face growing concerns over data privacy, censorship, and lack of user control, there has been an increasing interest in decentralized alternatives. This thesis explores the design and implementation of a decentralized social media application by integrating two key technologies: Solid and the InterPlanetary File System (IPFS). Solid, led by Sir Tim Berners-Lee, enables users to store and manage their personal data in decentralized "Pods," giving them ownership over their digital identities. IPFS, a peer-to-peer hypermedia protocol, facilitates decentralized file storage and sharing, ensuring content availability and resilience against censorship. By leveraging these technologies, the …


Security And Interpretability In Large Language Models, Lydia Danas May 2024

Security And Interpretability In Large Language Models, Lydia Danas

Undergraduate Honors Theses

Large Language Models (LLMs) have the capability to model long-term dependencies in sequences of tokens, and are consequently often utilized to generate text through language modeling. These capabilities are increasingly being used for code generation tasks; however, LLM-powered code generation tools such as GitHub's Copilot have been generating insecure code and thus pose a cybersecurity risk. To generate secure code we must first understand why LLMs are generating insecure code. This non-trivial task can be realized through interpretability methods, which investigate the hidden state of a neural network to explain model outputs. A new interpretability method is rationales, which obtains …


Detection Of Jamming Attacks In Vanets, Thomas Justice May 2024

Detection Of Jamming Attacks In Vanets, Thomas Justice

Undergraduate Honors Theses

A vehicular network is a type of communication network that enables vehicles to communicate with each other and the roadside infrastructure. The roadside infrastructure consists of fixed nodes such as roadside units (RSUs), traffic lights, road signs, toll booths, and so on. RSUs are devices equipped with communication capabilities that allow vehicles to obtain and share real-time information about traffic conditions, weather, road hazards, and other relevant information. These infrastructures assist in traffic management, emergency response, smart parking, autonomous driving, and public transportation to improve roadside safety, reduce traffic congestion, and enhance the overall driving experience. However, communication between the …


An In-Network Approach For Pmu Missing Data Recovery With Data Plane Programmability, Jack Norris May 2024

An In-Network Approach For Pmu Missing Data Recovery With Data Plane Programmability, Jack Norris

Computer Science and Computer Engineering Undergraduate Honors Theses

Phasor measurement unit (PMU) systems often experience unavoidable missing and erroneous measurements, which undermine power system observability and operational effectiveness. Traditional solutions for recovering missing PMU data employ a centralized approach at the control center, resulting in lengthy recovery times due to data transmission and aggregation. In this work, we leverage P4-based programmable networks to expedite missing data recovery. Our approach utilizes the data plane programmability offered by P4 to present an in-network solution for PMU data recovery. We establish a data-plane pipeline on P4 switches, featuring a customized PMU protocol parser, a missing data detection module, and an auto-regressive …


Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark May 2024

Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark

Honors Theses

Cyberattacks are increasing in size and scope yearly, and the most effective and common means of attack is through malicious software executed on target devices of interest. Malware threats vary widely in terms of behavior and impact and, thus, effective methods of detection are constantly being sought from the academic research community to offset both volume and complexity. Rootkits are malware that represent a highly feared threat because they can change operating system integrity and alter otherwise normally functioning software. Although normal methods of detection that are based on signatures of known malware code are the standard line of defense, …


Investigating User Awareness Of Privacy And Security Concerns In The Iot Era, Jack Ruffner May 2024

Investigating User Awareness Of Privacy And Security Concerns In The Iot Era, Jack Ruffner

ALL - Honors Theses

The Internet of Things (IoT) has had a significant impact on the way we view and interact with technology. This is especially prevalent in the areas of smart homes, smart tech, and mobile devices. However, despite the advantageous functions of IoT devices, they are accompanied by numerous security concerns that enable several severe privacy concerns. Many studies and informative articles present ideas that explain and prove the presence of the various risks associated with IoT devices and the need to address them. This thesis paper aims to explore the relationship between IoT device usage and security and privacy risks as …


Monero: Powering Anonymous Digital Currency Transactions, Jake Braddy May 2024

Monero: Powering Anonymous Digital Currency Transactions, Jake Braddy

Theses/Capstones/Creative Projects

Cryptocurrencies rely on a distributed public ledger (record of transactions) in order to perform their intended functions. However, the public’s ability to audit the network is both its greatest strength and greatest weakness: Anyone can see what address sent currency, and to whom the currency was sent. If cryptocurrency is ever going to take some of the responsibility of fiat currency, then there needs to be a certain level of confidentiality. Thus far, Monero has come out on top as the preferred currency for embodying the ideas of privacy and confidentiality. Through numerous cryptographic procedures, Monero is able to obfuscate …


Agriculture 4.0 And Beyond: Evaluating Cyber Threat Intelligence Sources And Techniques In Smart Farming Ecosystems, Hang T. Bui, Hamed Aboutorab, Arash Mahboubi, Yansong Gao, Nazatul H. Sultan, Aufeef Chauhan, Mohammad Z. Parvez, Michael Bewong, Rafiqul Islam, Zahid Islam, Seyit A. Camtepe, Praveen Gauravaram, Dineshkumar Singh, M. A. Babar, Shihao Yan May 2024

Agriculture 4.0 And Beyond: Evaluating Cyber Threat Intelligence Sources And Techniques In Smart Farming Ecosystems, Hang T. Bui, Hamed Aboutorab, Arash Mahboubi, Yansong Gao, Nazatul H. Sultan, Aufeef Chauhan, Mohammad Z. Parvez, Michael Bewong, Rafiqul Islam, Zahid Islam, Seyit A. Camtepe, Praveen Gauravaram, Dineshkumar Singh, M. A. Babar, Shihao Yan

Research outputs 2022 to 2026

The digitisation of agriculture, integral to Agriculture 4.0, has brought significant benefits while simultaneously escalating cybersecurity risks. With the rapid adoption of smart farming technologies and infrastructure, the agricultural sector has become an attractive target for cyberattacks. This paper presents a systematic literature review that assesses the applicability of existing cyber threat intelligence (CTI) techniques within smart farming infrastructures (SFIs). We develop a comprehensive taxonomy of CTI techniques and sources, specifically tailored to the SFI context, addressing the unique cyber threat challenges in this domain. A crucial finding of our review is the identified need for a virtual Chief Information …


Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark May 2024

Side Channel Detection Of Pc Rootkits Using Nonlinear Phase Space, Rebecca Clark

Poster Presentations

Cyberattacks are increasing in size and scope yearly, and the most effective and common means of attack is through malicious software executed on target devices of interest. Malware threats vary widely in terms of behavior and impact and, thus, effective methods of detection are constantly being sought from the academic research community to offset both volume and complexity. Rootkits are malware that represent a highly feared threat because they can change operating system integrity and alter otherwise normally functioning software. Although normal methods of detection that are based on signatures of known malware code are the standard line of defense, …


Understanding Student Experiences With Tls Client Authentication, Clay A. Shubert May 2024

Understanding Student Experiences With Tls Client Authentication, Clay A. Shubert

Masters Theses

This thesis presents a comprehensive investigation into student experiences with TLS client authentication, highlighting the usability challenges and learning curves associated with this long term key managament system. We designed a study that required future innovators in technology and security to use modern-day implementations of this certificate-based authentication system. From this study, we analyzed server logs, project reports, and survey responses from students enrolled in the applied cryptography course. We revealed significant hurdles in the initial setup and long-term key management of credentials used in TLS client authentication, emphasizing the gap between theoretical knowledge and practical implementation skills. Through quantitative …


Enhancing Security And Usability In Password-Based Web Systems Through Standardized Authentication Interactions, Anuj Gautam May 2024

Enhancing Security And Usability In Password-Based Web Systems Through Standardized Authentication Interactions, Anuj Gautam

Doctoral Dissertations

Password-based authentication is the predominant method for securing access on the web, yet it is fraught with challenges due to the web’s lack of inherent design for authentication. Password managers have emerged as auxiliary tools to assist users in generating, storing, and inputting passwords more securely and efficiently. But both the browser and the server are oblivious of the password manager’s presence, leading to usability and security issues. However, because the web wasn’t originally built to accommodate password-based authentication, password managers serve as a temporary fix and encounter several usability and security problems that limit their widespread use. This dissertation …


A Design Science Approach To Investigating Decentralized Identity Technology, Janelle Krupicka Apr 2024

A Design Science Approach To Investigating Decentralized Identity Technology, Janelle Krupicka

Cybersecurity Undergraduate Research Showcase

The internet needs secure forms of identity authentication to function properly, but identity authentication is not a core part of the internet’s architecture. Instead, approaches to identity verification vary, often using centralized stores of identity information that are targets of cyber attacks. Decentralized identity is a secure way to manage identity online that puts users’ identities in their own hands and that has the potential to become a core part of cybersecurity. However, decentralized identity technology is new and continually evolving, which makes implementing this technology in an organizational setting challenging. This paper suggests that, in the future, decentralized identity …


Binder, Tyler A. Peaster, Lindsey M. Davenport, Madelyn Little, Alex Bales Apr 2024

Binder, Tyler A. Peaster, Lindsey M. Davenport, Madelyn Little, Alex Bales

ATU Research Symposium

Binder is a mobile application that aims to introduce readers to a book recommendation service that appeals to devoted and casual readers. The main goal of Binder is to enrich book selection and reading experience. This project was created in response to deficiencies in the mobile space for book suggestions, library management, and reading personalization. The tools we used to create the project include Visual Studio, .Net Maui Framework, C#, XAML, CSS, MongoDB, NoSQL, Git, GitHub, and Figma. The project’s selection of books were sourced from the Google Books repository. Binder aims to provide an intuitive interface that allows users …


Techniques To Detect Fake Profiles On Social Media Using The New Age Algorithms – A Survey, A K M Rubaiyat Reza Habib, Edidiong Elijah Akpan Apr 2024

Techniques To Detect Fake Profiles On Social Media Using The New Age Algorithms – A Survey, A K M Rubaiyat Reza Habib, Edidiong Elijah Akpan

ATU Research Symposium

This research explores the growing issue of fake accounts in Online Social Networks [OSNs]. While platforms like Twitter, Instagram, and Facebook foster connections, their lax authentication measures have attracted many scammers and cybercriminals. Fake profiles conduct malicious activities, such as phishing, spreading misinformation, and inciting social discord. The consequences range from cyberbullying to deceptive commercial practices. Detecting fake profiles manually is often challenging and causes considerable stress and trust issues for the users. Typically, a social media user scrutinizes various elements like the profile picture, bio, and shared posts to identify fake profiles. These evaluations sometimes lead users to conclude …


Data Profits Vs. Privacy Rights: Ethical Concerns In Data Commerce, Amiah Armstrong Apr 2024

Data Profits Vs. Privacy Rights: Ethical Concerns In Data Commerce, Amiah Armstrong

Cybersecurity Undergraduate Research Showcase

In today’s digital age, the collection and sale of customer data for advertising is gaining a growing number of ethical concerns. The act of amassing extensive datasets encompassing customer preferences, behaviors, and personal information raises questions of its true purpose. It is widely acknowledged that companies track and store their customer’s digital activities under the pretext of benefiting the customer, but at what cost? Are users aware of how much of their data is being collected? Do they understand the trade-off between personalized services and the potential invasion of their privacy? This paper aims to show the advantages and disadvantages …


A Case Study Of The Crashoverride Malware, Its Effects And Possible Countermeasures, Samuel Rector Apr 2024

A Case Study Of The Crashoverride Malware, Its Effects And Possible Countermeasures, Samuel Rector

Cybersecurity Undergraduate Research Showcase

CRASHOVERRIDE is a modular malware tailor-made for electric grid Industrial Control System (ICS) equipment and was deployed by a group named ELECTRUM in a Ukrainian substation. The malware would launch a protocol exploit to flip breakers and would then wipe the system of ICS files. Finally, it would execute a Denial Of Service (DOS) attack on protective relays. In effect, months of damage and thousands out of power. However, due to oversights the malware only caused a brief power outage. Though the implications of the malware are cause for researching and implementing countermeasures against others to come. The CISA recommends …