Information Security Commons^™

Strongly Leakage Resilient Authenticated Key Exchange, Revisited, Guomin Yang, Rongmao Chen, Yi Mu, Willy Susilo, Guo Fuchun, Jie Li

Research Collection School Of Computing and Information Systems

Authenticated Key Exchange (AKE) protocols allow two (or multiple) parties to authenticate each other and agree on a common secret key, which is essential for establishing a secure communication channel over a public network. AKE protocols form a central component in many network security standards such as IPSec, TLS/SSL, and SSH. However, it has been demonstrated that many standardized AKE protocols are vulnerable to side-channel and key leakage attacks. In order to defend against such attacks, leakage resilient (LR-) AKE protocols have been proposed in the literature. Nevertheless, most of the existing LR-AKE protocols only focused on the resistance to …

Trajectory Privacy Preservation And Lightweight Blockchain Techniques For Mobility-Centric Iot, Abdur Bin Shahid

FIU Electronic Theses and Dissertations

Various research efforts have been undertaken to solve the problem of trajectory privacy preservation in the Internet of Things (IoT) of resource-constrained mobile devices. Most attempts at resolving the problem have focused on the centralized model of IoT, which either impose high delay or fail against a privacy-invading attack with long-term trajectory observation. These proposed solutions also fail to guarantee location privacy for trajectories with both geo-tagged and non-geo-tagged data, since they are designed for geo-tagged trajectories only. While a few blockchain-based techniques have been suggested for preserving trajectory privacy in decentralized model of IoT, they require large storage capacity …

Lightweight Fine-Grained Search Over Encrypted Data In Fog Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Jian Weng, Hongwei Li, Hui Li

Research Collection School Of Computing and Information Systems

Fog computing, as an extension of cloud computing, outsources the encrypted sensitive data to multiple fog nodes on the edge of Internet of Things (IoT) to decrease latency and network congestion. However, the existing ciphertext retrieval schemes rarely focus on the fog computing environment and most of them still impose high computational and storage overhead on resource-limited end users. In this paper, we first present a Lightweight Fine-Grained ciphertexts Search (LFGS) system in fog computing by extending Ciphertext-Policy Attribute-Based Encryption (CP-ABE) and Searchable Encryption (SE) technologies, which can achieve fine-grained access control and keyword search simultaneously. The LFGS can shift …

An Architecture For Blockchain-Based Collaborative Signature-Based Intrusion Detection System, Daniel Laufenberg

Master of Science in Information Technology Theses

Collaborative intrusion detection system (CIDS), where IDS hosts work with each other and share resources, have been proposed to cope with the increasingly sophisticated cyberattacks. Despite the promising benefits such as expanded signature databases and alert data from multiple sites, trust management and consensus building remain as challenges for a CIDS to work effectively. The blockchain technology with built-in immutability and consensus building capability provides a viable solution to the issues of CIDS. In this paper, we introduce an architecture for a blockchain-enabled signature-based collaborative IDS, discuss the implementation strategy of the proposed architecture and developed a prototype using Hyperledger …

Securing Messaging Services Through Efficient Signcryption With Designated Equality Test, Yujue Wang, Hwee Hwa Pang, Robert H. Deng, Yong Ding, Qianhong Wu, Bo Qin

Research Collection School Of Computing and Information Systems

To address security and privacy issues in messaging services, we present a public key signcryption scheme with designated equality test on ciphertexts (PKS-DET) in this paper. The scheme enables a sender to simultaneously encrypt and sign (signcrypt) messages, and to designate a tester to perform equality test on ciphertexts, i.e., to determine whether two ciphertexts signcrypt the same underlying plaintext message. We introduce the PKS-DET framework, present a concrete construction and formally prove its security against three types of adversaries, representing two security requirements on message confidentiality against outsiders and the designated tester, respectively, and a requirement on message unforgeability …

A Scalable Approach To Joint Cyber Insurance And Security-As-A-Service Provisioning In Cloud Computing, Jonathan David Chase, Dusit Niyato, Ping Wang, Sivadon Chaisiri, Ryan K. L. Ko

Research Collection School Of Computing and Information Systems

As computing services are increasingly cloud-based, corporations are investing in cloud-based security measures. The Security-as-a-Service (SECaaS) paradigm allows customers to outsource security to the cloud, through the payment of a subscription fee. However, no security system is bulletproof, and even one successful attack can result in the loss of data and revenue worth millions of dollars. To guard against this eventuality, customers may also purchase cyber insurance to receive recompense in the case of loss. To achieve cost effectiveness, it is necessary to balance provisioning of security and insurance, even when future costs and risks are uncertain. To this end, …

Intrusion-Tolerant Order-Preserving Encryption, John Huson

Masters Theses, 2010-2019

Traditional encryption schemes such as AES and RSA aim to achieve the highest level of security, often indistinguishable security under the adaptive chosen-ciphertext attack. Ciphertexts generated by such encryption schemes do not leak useful information. As a result, such ciphertexts do not support efficient searchability nor range queries.

Order-preserving encryption is a relatively new encryption paradigm that allows for efficient queries on ciphertexts. In order-preserving encryption, the data-encrypting key is a long-term symmetric key that needs to stay online for insertion, query and deletion operations, making it an attractive target for attacks.

In this thesis, an intrusion-tolerant order-preserving encryption system …

Querying Over Encrypted Databases In A Cloud Environment, Jake Douglas

Boise State University Theses and Dissertations

The adoption of cloud computing has created a huge shift in where data is processed and stored. Increasingly, organizations opt to store their data outside of their own network to gain the benefits offered by shared cloud resources. With these benefits also come risks; namely, another organization has access to all of the data. A malicious insider at the cloud services provider could steal any personal information contained on the cloud or could use the data for the cloud service provider's business advantage. By encrypting the data, some of these risks can be mitigated. Unfortunately, encrypting the data also means …

The Golden Ticket: How Blockchain Technology Can Be Implemented Into Event Ticketing, Jack Singer

Honors Capstone Projects - All

When the group/individual named Satoshi Nakamoto first conceptualized blockchain in 2008, it served as the underlying foundation to the cryptocurrency Bitcoin. In the years following, cryptocurrencies alike experiences massive gains in profitability; however, after the bubble had burst organizations began to look at the technology from a more academic standpoint. It was quickly found out that there is a massive application for blockchain in almost all sectors of industry from bulk stores (Walmart) to banking (IBM). This paper will explore how blockchain technology can be implemented into event ticketing, more specifically concerts. The current landscape of the industry is under …

Building Consumer Trust In The Cloud: An Experimental Analysis Of The Cloud Trust Label Approach, Lisa Van Der Werff, Grace Fox, Ieva Masevic, Vincent C. Emeakaroha, John P. Morrison, Theo Lynn

Department of Computer Science Publications

The lack of transparency surrounding cloud service provision makes it difficult for consumers to make knowledge based purchasing decisions. As a result, consumer trust has become a major impediment to cloud computing adoption. Cloud Trust Labels represent a means of communicating relevant service and security information to potential customers on the cloud service provided, thereby facilitating informed decision making. This research investigates the potential of a Cloud Trust Label system to overcome the trust barrier. Specifically, it examines the impact of a Cloud Trust Label on consumer perceptions of a service and cloud service provider trustworthiness and trust in the …

Evaluating Machine Learning Techniques For Smart Home Device Classification, Angelito E. Aragon Jr.

Theses and Dissertations

Smart devices in the Internet of Things (IoT) have transformed the management of personal and industrial spaces. Leveraging inexpensive computing, smart devices enable remote sensing and automated control over a diverse range of processes. Even as IoT devices provide numerous benefits, it is vital that their emerging security implications are studied. IoT device design typically focuses on cost efficiency and time to market, leading to limited built-in encryption, questionable supply chains, and poor data security. In a 2017 report, the United States Government Accountability Office recommended that the Department of Defense investigate the risks IoT devices pose to operations security, …

Testing The Fault Tolerance Of A Wide Area Backup Protection System Using Spin, Kenneth James

Theses and Dissertations

Cyber-physical systems are increasingly prevalent in daily life. Smart grids in particular are becoming more interconnected and autonomously operated. Despite the advantages, new challenges arise in the form of defending these assets. Recent studies reveal that small-scale, coordinated cyber-attacks on only a few substations across the U.S. could result in cascading failures affecting the entire nation. In support of defending critical infrastructure, this thesis tests the fault tolerance of a backup protection system. Each transmission line in the system incorporates autonomous agents which monitor the status of the line and make decisions regarding the safety of the grid. Various malfunctions …

Mirai Bot Scanner Summation Prototype, Charles V. Frank Jr.

Masters Theses & Doctoral Dissertations

The Mirai botnet deploys a distributed mechanism with each Bot continually scanning for a potential new Bot Victim. A Bot continually generates a random IP address to scan the network for discovering a potential new Bot Victim. The Bot establishes a connection with the potential new Bot Victim with a Transmission Control Protocol (TCP) handshake. The Mirai botnet has recruited hundreds of thousands of Bots. With 100,000 Bots, Mirai Distributed Denial of Service (DDoS) attacks on service provider Dyn in October 2016 triggered the inaccessibility to hundreds of websites in Europe and North America (Sinanović & Mrdovic, 2017). A month …

Flashlight In A Dark Room: A Grounded Theory Study On Information Security Management At Small Healthcare Provider Organizations, Gerald Auger

Masters Theses & Doctoral Dissertations

Healthcare providers have a responsibility to protect patient’s privacy and a business motivation to properly secure their assets. These providers encounter barriers to achieving these objectives and limited academic research has been conducted to examine the causes and strategies to overcome them. A subset of this demographic, businesses with less than 10 providers, compose a majority 57% of provider organizations in the United States. This grounded theory study provides exploratory findings, discovering these small healthcare provider organizations (SHPO) have limited knowledge on information technology (IT) and information security that results in assumptions and misappropriations of information security implementation, who is …

Advanced Code-Reuse Attacks: A Novel Framework For Jop, Bramwell J. Brizendine

Masters Theses & Doctoral Dissertations

Return-oriented programming is the predominant code-reuse attack, where short gadgets or borrowed chunks of code ending in a RET instruction can be discovered in binaries. A chain of ROP gadgets placed on the stack can permit control flow to be subverted, allowing for arbitrary computation. Jump-oriented programming is a class of code-reuse attack where instead of using RET instructions, indirect jumps and indirect calls are utilized to subvert the control flow. JOP is important because can allow for important mitigations and protections against ROP to be bypassed, and some protections against JOP are imperfect. This dissertation presents a design science …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

International Journal of Business and Technology

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Implications Of Eu-Gdpr In Low-Grade Social, Activist And Ngo Settings, Lars Magnusson, Sarfraz Iqbal

International Journal of Business and Technology

Social support services are becoming popular among the citizens of every country and every age. Though, social support services easily accessible on mobile phones are used in different contexts, ranging from extending your presence and connectivity to friends, family and colleagues to using social media services for being a social activist seeking to help individuals confined in miserable situations such as homeless community, drug addicts or even revolutionists fighting against dictatorships etc. However, a very recent development in the European Parliament’s law (2016/679) on the processing and free movement of personal data in terms of EU-GDPR (General data protection rules) …

An Approach To Information Security For Smes Based On The Resource-Based View Theory, Blerton Abazi

International Journal of Business and Technology

The main focus of this proposal is to analyze implementation challenges, benefits and requirements in implementation of Information Systems and managing information security in small and medium size companies in Western Balkans countries. In relation to the study, the proposal will focus in the following questions to investigate: What are the benefits that companies mostly find after the implementation of Information Systems has been implemented, efficiency, how to they manage security of the information’s, competitive advantage, return of investments etc. The study should give a clear approach to Information Systems implementation, information security, maintenance, measurable benefits, challenges companies have gone …

Some Issues In The Testing Of Computer Simulation Models, David J. Murray-Smith

International Journal of Business and Technology

The testing of simulation models has much in common with testing processes in other types of application involving software development. However, there are also important differences associated with the fact that simulation model testing involves two distinct aspects, which are known as verification and validation. Model validation is concerned with investigation of modelling errors and model limitations while verification involves checking that the simulation program is an accurate representation of the mathematical and logical structure of the underlying model. Success in model validation depends upon the availability of detailed information about all aspects of the system being modelled. It also …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Information Systems For Business And Beyond, David T. Bourgeois, James L. Smith, Shouhong Wang, Joseph Mortati

Open Textbooks

This book is written as an introductory text, meant for those with little or no experience with computers or information systems. While sometimes the descriptions can get a bit technical, every effort has been made to convey the information essential to understanding a topic while not getting overly focused in detailed terminology.

The text is organized around thirteen chapters divided into three major parts, as follows:

• Part 1: What Is an Information System?

◦ Chapter 1: What Is an Information System? – This chapter provides an overview of information systems, including the history of how information systems got to …

Probabilistic Record Linkage With Elliptic Curve Operations, Shreya Dhiren Patel

Electronic Theses and Dissertations

Federated query processing for an electronic health record infrastructure enables large epidemiology studies using data integrated from geographically dispersed medical institutions. However, government imposed privacy regulations prohibit disclosure of patient's health record outside the context of clinical care, thereby making it difficult to determine which records correspond to the same entity in the process of query aggregation.

Privacy-preserving record linkage is an actively pursued research area to facilitate the linkage of database records under the constraints of regulations that do not allow the linkage agents to learn sensitive identities of record owners. In earlier works, scalability has been shown to …

Agent-Based Iot Coordination For Smart Cities Considering Security And Privacy, Iván García-Magariño, Geraldine Gray, Rajarajan Muttukrishnan, Waqar Asif

Conference papers

The interest in Internet of Things (IoT) is increasing steeply, and the use of their smart objects and their composite services may become widespread in the next few years increasing the number of smart cities. This technology can benefit from scalable solutions that integrate composite services of multiple-purpose smart objects for the upcoming large-scale use of integrated services in IoT. This work proposes an agent-based approach for supporting large-scale use of IoT for providing complex integrated services. Its novelty relies in the use of distributed blackboards for implicit communications, decentralizing the storage and management of the blackboard information in the …