Information Security Commons^™

Secure Server-Aided Top-K Monitoring, Yujue Wang, Hwee Hwa Pang, Yanjiang Yang, Xuhua Ding

Research Collection School Of Computing and Information Systems

In a data streaming model, a data owner releases records or documents to a set of users with matching interests, in such a way that the match in interest can be calculated from the correlation between each pair of document and user query. For scalability and availability reasons, this calculation is delegated to third-party servers, which gives rise to the need to protect the integrity and privacy of the documents and user queries. In this paper, we propose a server-aided data stream monitoring scheme (DSM) to address the aforementioned integrity and privacy challenges, so that the users are able to …

Policy Analytics For Environmental Sustainability: Household Hazardous Waste And Water Impacts Of Carbon Pollution Standards, Kustini

Dissertations and Theses Collection (Open Access)

Policy analytics are essential in supporting more informed policy-making in environmental management. This dissertation employs a fusion of machine methods and explanatory empiricism that involves data analytics, math programming, optimization, econometrics, geospatial and spatiotemporal analysis, and other approaches for assessing and evaluating current and future environmental policies.
Essay 1 discusses household informedness and its impact on the collection and recycling of household hazardous waste (HHW). Household informedness is the degree to which households have the necessary information to make utility-maximizing decisions about the handling of their waste. Such informedness seems to be influenced by HHW public education and environmental quality …

Uncovering User-Triggered Privacy Leaks In Mobile Applications And Their Utility In Privacy Protection, Joo Keng Joseph Chan

Dissertations and Theses Collection

Mobile applications are increasingly popular, and help mobile users in many aspects of their lifestyle. Applications have access to a wealth of information about the user through powerful developer APIs. It is known that most applications, even popular and highly regarded ones, utilize and leak privacy data to the network. It is also common for applications to over-access privacy data that does not fit the functionality profile of the application. Although there are available privacy detection tools, they might not provide sufficient context to help users better understand the privacy behaviours of their applications. In this dissertation, I present the …

Self Service Business Intelligence: An Analysis Of Tourists Preferences In Kosovo, Ardian Hyseni

UBT International Conference

The purpose of this paper is to analyze the preferences of tourists in Kosovo through the data from TripAdvisor.com. Top things to do in Kosovo, will be analyzed through the comments of tourists in TripAdvisor.com. By analyzing the data with PowerBI, will be analyzed what are the most preferred things to do and what the tourists like the most in Kosovo. This paper will contribute on defining the preferences of tourists in Kosovo, it also can help tourism to invest and attract more tourists in specific areas or improve and invest in places less preferred by tourists.

Security Assessment Of Web Applications, Renelada Kushe

UBT International Conference

A web application is an application that is accessed by users over a network such as the internet or intranet. The term also refers an application that is coded in a browser-supported programming language and reliant on a common web browser to render the application executable. Web applications are vulnerable to varies exploits from those which manipulate the application via its graphical web interface (HTTP exploits), to tampering the Uniform Resource Identifier (URI) or tampering HTTPS elements not contained in the URI. Getting started from the accessibility and the variety of exploits, the security assessment is a necessity for providing …

Implications Of Eu-Gdpr In Low-Grade Social, Activist And Ngo Settings, Lars Magnusson, Sarfraz Iqbal

UBT International Conference

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) …

Web Scrapping And Self Service Business Intelligence: Analysis Of Preferences Of Tourists In Albania, Ardian Hyseni

UBT International Conference

The purpose of this paper is to analyze the preferences of tourists in Albania through the data web scrapped from TripAdvisor.com. Top things to do in Albania, will be analyzed through the comments of tourists in TripAdvisor.com. By using tools for web scrapping and analyzing of data with nVivo and PowerBI, will be analyzed what are the most preferred things to do and what the tourists like doing the most in Albania. This paper will contribute on defining the preferences of tourists in Albania, also can help tourism to invest and attract more tourists in specific areas or improve and …

Learning Management Systems In Higher Education, Romina Agaçi

UBT International Conference

Learning Management Systems (LMSs) are improving learning processes and are widely used in higher education institutions. There are available various types of LMSs used by pedagogues to manage eLearning and to deliver course materials to students. Nowadays, LMSs have become essential tools that affect the quality of learning and teaching in higher education. In this article, we introduce LMSs and we choose Moodle as a tool to presentaninformation system that is used in our university. Moodle is an online learning environment that supports classroom teaching. We will focus on the advantages of LMSs and why we choose Moodle as the …

An Approach To Information Security For Smes Based On The Resource-Based View Theory, Blerton Abazi

UBT International Conference

The main focus of this proposal is to analyze implementation challenges, benefits and requirements in implementation of Information Systems and managing information security in small and medium size companies in Western Balkans countries. In relation to the study, the proposal will focus in the following questions to investigate: What are the benefits that companies mostly find after the implementation of Information Systems has been implemented, efficiency, how to they manage security of the information’s, competitive advantage, return of investments etc. The study should give a clear approach to Information Systems implementation, information security, maintenance, measurable benefits, challenges companies have gone …

E-Commerce Implementation In Kosovo, Besnik Skenderi, Diamanta Skenderi

UBT International Conference

In this paper, author had analyzed journal articles that were published by Alemayehu & Heeks, (2007) and Hwang, Jung, & Selvendy (2006). Both articles are about e-commerce and in first article (Alemayehu & Heeks, 2007) authors had analyzed impact of cultural differences, telecomunication infrastructure and local market. In addition, authors of this research paper were focused on consumers that are purchasing through e-commerce companies.

Second analyzed article (Hwang, Jung, & Selvendy, 2006) is about exploring e-commerce benefits in developing countries and developing countries are home to more than 80% of the world’s population, and are the site for growing use …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

UBT International Conference

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Every Step You Take, I’Ll Be Watching You: Practical Stepauth-Entication Of Rfid Paths, Kai Bu, Yingjiu Li

Research Collection School Of Computing and Information Systems

Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict …

Every Step You Take, I’Ll Be Watching You: Practical Stepauth-Entication Of Rfid Paths, Kai Bu, Yingjiu Li

Research Collection School Of Computing and Information Systems

Path authentication thwarts counterfeits in RFID-based supply chains. Its motivation is that tagged products taking invalid paths are likely faked and injected by adversaries at certain supply chain partners/steps. Existing solutions are path-grained in that they simply regard a product as genuine if it takes any valid path. Furthermore, they enforce distributed authentication by offloading the sets of valid paths to some or all steps from a centralized issuer. This not only imposes network and storage overhead but also leaks transaction privacy. We present StepAuth, the first step-grained path authentication protocol that is practically efficient for authenticating products with strict …

Vurle: Automatic Vulnerability Detection And Repair By Learning From Examples, Ma Siqi, Ferdian Thung, David Lo, Cong Sun, Robert H. Deng

Research Collection School Of Computing and Information Systems

Vulnerability becomes a major threat to the security of many systems. Attackers can steal private information and perform harmful actions by exploiting unpatched vulnerabilities. Vulnerabilities often remain undetected for a long time as they may not affect typical systems’ functionalities. Furthermore, it is often difficult for a developer to fix a vulnerability correctly if he/she is not a security expert. To assist developers to deal with multiple types of vulnerabilities, we propose a new tool, called VuRLE, for automatic detection and repair of vulnerabilities. VuRLE (1) learns transformative edits and their contexts (i.e., code characterizing edit locations) from examples of …

Vcksm: Verifiable Conjunctive Keyword Search Over Mobile E-Health Cloud In Shared Multi-Owner Settings, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Qi Jiang, Junwei Zhang, Limin Shen, Zhiquan Liu

Research Collection School Of Computing and Information Systems

Searchable encryption (SE) is a promising technique which enables cloud users to conduct search over encrypted cloud data in a privacy-preserving way, especially for the electronic health record (EHR) system that contains plenty of medical history, diagnosis, radiology images, etc. In this paper, we focus on a more practical scenario, also named as the shared multi-owner settings, where each e-health record is co-owned by a fixed number of parties. Although the existing SE schemes under the unshared multi-owner settings can be adapted to this shared scenario, these schemes have to build multiple indexes,which definitely incur higher computational overhead. To save …

Ancr—An Adaptive Network Coding Routing Scheme For Wsns With Different-Success-Rate Links †, Xiang Ji, Anwen Wang, Chunyu Li, Chun Ma, Yao Peng, Dajin Wang, Qingyi Hua, Feng Chen, Dingyi Fang

Department of Computer Science Faculty Scholarship and Creative Works

As the underlying infrastructure of the Internet of Things (IoT), wireless sensor networks (WSNs) have been widely used in many applications. Network coding is a technique in WSNs to combine multiple channels of data in one transmission, wherever possible, to save node’s energy as well as increase the network throughput. So far most works on network coding are based on two assumptions to determine coding opportunities: (1) All the links in the network have the same transmission success rate; (2) Each link is bidirectional, and has the same transmission success rate on both ways. However, these assumptions may not be …

Secure Encrypted Data Deduplication With Ownership Proof And User Revocation, Wenxiu Ding, Zheng Yan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cloud storage as one of the most important cloud services enables cloud users to save more data without enlarging its own storage. In order to eliminate repeated data and improve the utilization of storage, deduplication is employed to cloud storage. Due to the concern about data security and user privacy, encryption is introduced, but incurs new challenge to cloud data deduplication. Existing work cannot achieve flexible access control and user revocation. Moreover, few of them can support efficient ownership proof, especially public verifiability of ownership. In this paper, we propose a secure encrypted data deduplication scheme with effective ownership proof …

Dynamic Adversarial Mining - Effectively Applying Machine Learning In Adversarial Non-Stationary Environments., Tegjyot Singh Sethi

Electronic Theses and Dissertations

While understanding of machine learning and data mining is still in its budding stages, the engineering applications of the same has found immense acceptance and success. Cybersecurity applications such as intrusion detection systems, spam filtering, and CAPTCHA authentication, have all begun adopting machine learning as a viable technique to deal with large scale adversarial activity. However, the naive usage of machine learning in an adversarial setting is prone to reverse engineering and evasion attacks, as most of these techniques were designed primarily for a static setting. The security domain is a dynamic landscape, with an ongoing never ending arms race …

Data Insertion In Bitcoin's Blockchain, Andrew Sward, Vecna Op_0, Forrest Stonedahl

Computer Science: Faculty Scholarship & Creative Works

This paper provides the first comprehensive survey of methods for inserting arbitrary data into Bitcoin's blockchain. Historical methods of data insertion are described, along with lesser-known techniques that are optimized for efficiency. Insertion methods are compared on the basis of efficiency, cost, convenience of data reconstruction, permanence, and potentially negative impact on the Bitcoin ecosystem.

Tlel: A Two-Layer Ensemble Learning Approach For Just-In-Time Defect Prediction, Xinli Yang, David Lo, Xin Xia, Jianling Sun

Research Collection School Of Computing and Information Systems

Context: Defect prediction is a very meaningful topic, particularly at change-level. Change-level defect prediction, which is also referred as just-in-time defect prediction, could not only ensure software quality in the development process, but also make the developers check and fix the defects in time [1].Objective: Ensemble learning becomes a hot topic in recent years. There have been several studies about applying ensemble learning to defect prediction [2–5]. Traditional ensemble learning approaches only have one layer, i.e., they use ensemble learning once. There are few studies that leverages ensemble learning twice or more. To bridge this research gap, we try to …

Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee

Research Collection School Of Computing and Information Systems

We propose BreathPrint, a new behavioural biometric signature based on audio features derived from an individual's commonplace breathing gestures. Specifically, BreathPrint uses the audio signatures associated with the three individual gestures: sniff, normal, and deep breathing, which are sufficiently different across individuals. Using these three breathing gestures, we develop the processing pipeline that identifies users via the microphone sensor on smartphones and wearable devices. In BreathPrint, a user performs breathing gestures while holding the device very close to their nose. Using off-the-shelf hardware, we experimentally evaluate the BreathPrint prototype with 10 users, observed over seven days. We show that users …

Adding Differential Privacy In An Open Board Discussion Board System, Pragya Rana

Master's Projects

This project implements a privacy system for statistics generated by the Yioop search and discussion board system. Statistical data for such a system consists of various counts, sums, and averages that might be displayed for groups, threads, etc. When statistical data is made publicly available, there is no guarantee of preserving the privacy of an individual. Ideally, any data extracted should not reveal any sensitive information about an individual. In order to help achieve this, we implemented a Differential Privacy mechanism for Yioop. Differential privacy preserves privacy up to some controllable parameters of the number of items or individuals being …

Lightweight Data Aggregation Scheme Against Internal Attackers In Smart Grid Using Elliptic Curve Cryptography, Debiao He, Sherali Zeadally, Huaqun Wang, Qin Liu

Information Science Faculty Publications

Recent advances of Internet and microelectronics technologies have led to the concept of smart grid which has been a widespread concern for industry, governments, and academia. The openness of communications in the smart grid environment makes the system vulnerable to different types of attacks. The implementation of secure communication and the protection of consumers’ privacy have become challenging issues. The data aggregation scheme is an important technique for preserving consumers’ privacy because it can stop the leakage of a specific consumer’s data. To satisfy the security requirements of practical applications, a lot of data aggregation schemes were presented over the …

The Economics Of The Right To Be Forgotten, Byung-Cheol Kim, Jin Yeub Kim

Department of Economics: Faculty Publications

Scholars and practitioners debate whether to expand the scope of the right to be forgotten—the right to have certain links removed from search results—to encompass global search results. The debate centers on the assumption that the expansion will increase the incidence of link removal, which reinforces privacy while hampering free speech. We develop a game-theoretic model to show that the expansion of the right to be forgotten can reduce the incidence of link removal. We also show that the expansion does not necessarily enhance the welfare of individuals who request removal and that it can either improve or reduce societal …

Provably Secure Attribute Based Signcryption With Delegated Computation And Efficient Key Updating, Hanshu Hong, Yunhao Xia, Zhixin Sun, Ximeng Liu

Research Collection School Of Computing and Information Systems

Equipped with the advantages of flexible access control and fine-grained authentication, attribute based signcryption is diffusely designed for security preservation in many scenarios. However, realizing efficient key evolution and reducing the calculation costs are two challenges which should be given full consideration in attribute based cryptosystem. In this paper, we present a key-policy attribute based signcryption scheme (KP-ABSC) with delegated computation and efficient key updating. In our scheme, an access structure is embedded into user’s private key, while ciphertexts corresponds a target attribute set. Only the two are matched can a user decrypt and verify the ciphertexts. When the access …

Dpweka: Achieving Differential Privacy In Weka, Srinidhi Katla

Graduate Theses and Dissertations

Organizations belonging to the government, commercial, and non-profit industries collect and store large amounts of sensitive data, which include medical, financial, and personal information. They use data mining methods to formulate business strategies that yield high long-term and short-term financial benefits. While analyzing such data, the private information of the individuals present in the data must be protected for moral and legal reasons. Current practices such as redacting sensitive attributes, releasing only the aggregate values, and query auditing do not provide sufficient protection against an adversary armed with auxiliary information. In the presence of additional background information, the privacy protection …

Encrypted Data Processing With Homomorphic Re-Encryption, Wenxiu Ding, Zheng Yan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cloud computing offers various services to users by re-arranging storage and computing resources. In order to preserve data privacy, cloud users may choose to upload encrypted data rather than raw data to the cloud. However, processing and analyzing encrypted data are challenging problems, which have received increasing attention in recent years. Homomorphic Encryption (HE) was proposed to support computation on encrypted data and ensure data confidentiality simultaneously. However, a limitation of HE is it is a single user system, which means it only allows the party that owns a homomorphic decryption key to decrypt processed ciphertexts. Original HE cannot support …

On The Effectiveness Of Virtualization Based Memory Isolation On Multicore Platforms, Siqi Zhao, Xuhua Ding

Research Collection School Of Computing and Information Systems

Virtualization based memory isolation has beenwidely used as a security primitive in many security systems.This paper firstly provides an in-depth analysis of itseffectiveness in the multicore setting; a first in the literature.Our study reveals that memory isolation by itself is inadequatefor security. Due to the fundamental design choices inhardware, it faces several challenging issues including pagetable maintenance, address mapping validation and threadidentification. As demonstrated by our attacks implementedon XMHF and BitVisor, these issues undermine the security ofmemory isolation. Next, we propose a new isolation approachthat is immune to the aforementioned problems. In our design,the hypervisor constructs a fully isolated micro …

Ten Simple Rules For Responsible Big Data Research, Matthew Zook, Solon Barocas, Danah Boyd, Kate Crawford, Emily Keller, Seeta Peña Gangadharan, Alyssa Goodman, Rachelle Hollander, Barbara A. Koenig, Jacob Metcalf, Arvind Narayanan, Alondra Nelson, Frank Pasquale

Geography Faculty Publications

No abstract provided.

Probabilistic Public Key Encryption For Controlled Equijoin In Relational Databases, Yujue Wang, Hwee Hwa Pang

Research Collection School Of Computing and Information Systems

We present a public key encryption scheme for relational databases (PKDE) that allows the owner to control the execution of cross-relation joins on an outsourced server. The scheme allows anyone to deposit encrypted records in a database on the server. Thereafter, the database owner may authorize the server to join any two relations to identify matching records across them, while preventing self-joins that would reveal information on records that are unmatched in the join. The security of our construction is formally proved in the random oracle model based on the computational bilinear Diffie-Hellman assumption. Specifically, before a relation is joined, …