Information Security Commons^™

Data: The Good, The Bad And The Ethical, John D. Kelleher, Filipe Cabral Pinto, Luis M. Cortesao

Articles

It is often the case with new technologies that it is very hard to predict their long-term impacts and as a result, although new technology may be beneficial in the short term, it can still cause problems in the longer term. This is what happened with oil by-products in different areas: the use of plastic as a disposable material did not take into account the hundreds of years necessary for its decomposition and its related long-term environmental damage. Data is said to be the new oil. The message to be conveyed is associated with its intrinsic value. But as in …

Differential Privacy Protection Over Deep Learning: An Investigation Of Its Impacted Factors, Ying Lin, Ling-Yan Bao, Ze-Minghui Li, Shu-Sheng Si, Chao-Hsien Chu

Research Collection School Of Computing and Information Systems

Deep learning (DL) has been widely applied to achieve promising results in many fields, but it still exists various privacy concerns and issues. Applying differential privacy (DP) to DL models is an effective way to ensure privacy-preserving training and classification. In this paper, we revisit the DP stochastic gradient descent (DP-SGD) method, which has been used by several algorithms and systems and achieved good privacy protection. However, several factors, such as the sequence of adding noise, the models used etc., may impact its performance with various degrees. We empirically show that adding noise first and clipping second will not only …

An Analysis Of Technological Components In Relation To Privacy In A Smart City, Kayla Rutherford, Ben Lands, A. J. Stiles

James Madison Undergraduate Research Journal (JMURJ)

A smart city is an interconnection of technological components that store, process, and wirelessly transmit information to enhance the efficiency of applications and the individuals who use those applications. Over the course of the 21st century, it is expected that an overwhelming majority of the world’s population will live in urban areas and that the number of wireless devices will increase. The resulting increase in wireless data transmission means that the privacy of data will be increasingly at risk. This paper uses a holistic problem-solving approach to evaluate the security challenges posed by the technological components that make up a …

A Framework For Identifying Host-Based Artifacts In Dark Web Investigations, Arica Kulm

Masters Theses & Doctoral Dissertations

The dark web is the hidden part of the internet that is not indexed by search engines and is only accessible with a specific browser like The Onion Router (Tor). Tor was originally developed as a means of secure communications and is still used worldwide for individuals seeking privacy or those wanting to circumvent restrictive regimes. The dark web has become synonymous with nefarious and illicit content which manifests itself in underground marketplaces containing illegal goods such as drugs, stolen credit cards, stolen user credentials, child pornography, and more (Kohen, 2017). Dark web marketplaces contribute both to illegal drug usage …

Espade: An Efficient And Semantically Secure Shortest Path Discovery For Outsourced Location-Based Services, Bharath K. Samanthula, Divyadharshini Karthikeyan, Boxiang Dong, K. Anitha Kumari

Department of Computer Science Faculty Scholarship and Creative Works

With the rapid growth of smart devices and technological advancements in tracking geospatial data, the demand for Location-Based Services (LBS) is facing a constant rise in several domains, including military, healthcare and transportation. It is a natural step to migrate LBS to a cloud environment to achieve on-demand scalability and increased resiliency. Nonetheless, outsourcing sensitive location data to a third-party cloud provider raises a host of privacy concerns as the data owners have reduced visibility and control over the outsourced data. In this paper, we consider outsourced LBS where users want to retrieve map directions without disclosing their location information. …

Maia And Admonita: Mandatory Integrity Control Language And Dynamic Trust Framework For Arbitrary Structured Data, Wassnaa Al-Mawee

Dissertations

The expansion of attacks against information systems of companies that operate nuclear power stations and other energy facilities in the United States and other countries, are noticeable with potential catastrophic real-world implications. Data integrity is a fundamental component of information security. It refers to the accuracy and the trustworthiness of data or resources. Data integrity within information systems becomes an important factor of security protection as the data becomes more integrated and crucial to decision-making. The security threats brought by human errors whether, malicious or unintentional, such as viruses, hacking, and many other cybersecurity threats, are dangerous and require mandatory …

A Generalised Bound For The Wiener Attack On Rsa, Willy Susilo, Joseph Tonien, Guomin Yang

Research Collection School Of Computing and Information Systems

Since Wiener pointed out that the RSA can be broken if the private exponent d is relatively small compared to the modulus N, it has been a general belief that the Wiener attack works for d

Secure Server-Aided Data Sharing Clique With Attestation, Yujue Wang, Hwee Hwa Pang, Robert H. Deng, Yong Ding, Qianhong Wu, Bo Qin, Kefeng Fan

Research Collection School Of Computing and Information Systems

In this paper, we consider the security issues in data sharing cliques via remote server. We present a public key re-encryption scheme with delegated equality test on ciphertexts (PRE-DET). The scheme allows users to share outsourced data on the server without performing decryption-then-encryption procedures, allows new users to dynamically join the clique, allows clique users to attest the message underlying a ciphertext, and enables the server to partition outsourced user data without any further help of users after being delegated. We introduce the PRE-DET framework, propose a concrete construction and formally prove its security against five types of adversaries regarding …

The Use Of Digital Millenium Copyright Act To Stifle Speech Through Non-Copyright Related Takedowns, Miller Freeman

Seattle Journal of Technology, Environmental & Innovation Law

In 1998, Congress passed the Digital Millennium Copyright Act. This law provided new methods of protecting copyright in online media. These protections shift the normal judicial process that would stop the publication of infringing materials to private actors: the online platforms. As a result, online platforms receive notices of infringement and issue takedowns of allegedly copyrighted works without the judicial process which normally considers the purpose of the original notice of infringement. In at least one case, discussed in detail below, this has resulted in a notice and takedown against an individual for reasons not related to the purpose of …

Secure And Efficient Models For Retrieving Data From Encrypted Databases In Cloud, Sultan Ahmed A Almakdi

Graduate Theses and Dissertations

Recently, database users have begun to use cloud database services to outsource their databases. The reason for this is the high computation speed and the huge storage capacity that cloud owners provide at low prices. However, despite the attractiveness of the cloud computing environment to database users, privacy issues remain a cause for concern for database owners since data access is out of their control. Encryption is the only way of assuaging users’ fears surrounding data privacy, but executing Structured Query Language (SQL) queries over encrypted data is a challenging task, especially if the data are encrypted by a randomized …

Data Breach Consequences And Responses: A Multi-Method Investigation Of Stakeholders, Hamid Reza Nikkhah

Graduate Theses and Dissertations

The role of information in today’s economy is essential as organizations that can effectively store and leverage information about their stakeholders can gain an advantage in their markets. The extensive digitization of business information can make organizations vulnerable to data breaches. A data breach is the unauthorized access to sensitive, protected, or confidential data resulting in the compromise of information security. Data breaches affect not only the breached organization but also various related stakeholders. After a data breach, stakeholders of the breached organizations show negative behaviors, which causes the breached organizations to face financial and non-financial costs. As such, the …

Dynamic Fraud Detection Via Sequential Modeling, Panpan Zheng

Graduate Theses and Dissertations

The impacts of information revolution are omnipresent from life to work. The web services have signicantly changed our living styles in daily life, such as Facebook for communication and Wikipedia for knowledge acquirement. Besides, varieties of information systems, such as data management system and management information system, make us work more eciently. However, it is usually a double-edged sword. With the popularity of web services, relevant security issues are arising, such as fake news on Facebook and vandalism on Wikipedia, which denitely impose severe security threats to OSNs and their legitimate participants. Likewise, oce automation incurs another challenging security issue, …

Vzwam Web-Based Lookup, Ruben Claudio

Masters Theses & Doctoral Dissertations

This web-based lookup will allow V employees to find territory sales rep much faster. It will simplify the process and eliminate manual processes.

At the moment, a combination of multiple manual processes is needed to find territory sales reps. The company’s CRM does not allow to find rep sales quickly. When an in-house sales representative is talking to a prospect, this sales rep has to go through a few series of steps to find an outside or territory sales rep --which is usually needed to schedule in-person meetings, that results in delays while doing transactions with the prospects. Besides, because …

The Future Of Work Now: Cyber Threat Attribution At Fireeye, Thomas H. Davenport, Steven M. Miller

Research Collection School Of Computing and Information Systems

One of the most frequently-used phrases at business events these days is “the future of work.” It’s increasingly clear that artificial intelligence and other new technologies will bring substantial changes in work tasks and business processes. But while these changes are predicted for the future, they’re already present in many organizations for many different jobs. The job and incumbent described below is an example of this phenomenon. It’s a clear example of an existing job that’s been transformed by AI and related tools.

Storage Management Strategy In Mobile Phones For Photo Crowdsensing, En Wang, Zhengdao Qu, Xinyao Liang, Xiangyu Meng, Yongjian Yang, Dawei Li, Weibin Meng

Department of Computer Science Faculty Scholarship and Creative Works

In mobile crowdsensing, some users jointly finish a sensing task through the sensors equipped in their intelligent terminals. In particular, the photo crowdsensing based on Mobile Edge Computing (MEC) collects pictures for some specific targets or events and uploads them to nearby edge servers, which leads to richer data content and more efficient data storage compared with the common mobile crowdsensing; hence, it has attracted an important amount of attention recently. However, the mobile users prefer uploading the photos through Wifi APs (PoIs) rather than cellular networks. Therefore, photos stored in mobile phones are exchanged among users, in order to …

Hierarchical Group And Attribute-Based Access Control: Incorporating Hierarchical Groups And Delegation Into Attribute-Based Access Control, Daniel Servos

Electronic Thesis and Dissertation Repository

Attribute-Based Access Control (ABAC) is a promising alternative to traditional models of access control (i.e. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access control (RBAC)) that has drawn attention in both recent academic literature and industry application. However, formalization of a foundational model of ABAC and large-scale adoption is still in its infancy. The relatively recent popularity of ABAC still leaves a number of problems unexplored. Issues like delegation, administration, auditability, scalability, hierarchical representations, etc. have been largely ignored or left to future work. This thesis seeks to aid in the adoption of ABAC by filling in …

Network Traffic Analysis Framework For Cyber Threat Detection, Meshesha K. Cherie

Masters Theses & Doctoral Dissertations

The growing sophistication of attacks and newly emerging cyber threats requires advanced cyber threat detection systems. Although there are several cyber threat detection tools in use, cyber threats and data breaches continue to rise. This research is intended to improve the cyber threat detection approach by developing a cyber threat detection framework using two complementary technologies, search engine and machine learning, combining artificial intelligence and classical technologies.

In this design science research, several artifacts such as a custom search engine library, a machine learning-based engine and different algorithms have been developed to build a new cyber threat detection framework based …

Privacy-Preserving Data Processing With Flexible Access Control, Wenxiu Ding, Zheng Yan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cloud computing provides an efficient and convenient platform for cloud users to store, process and control their data. Cloud overcomes the bottlenecks of resource-constrained user devices and greatly releases their storage and computing burdens. However, due to the lack of full trust in cloud service providers, the cloud users generally prefer to outsource their sensitive data in an encrypted form, which, however, seriously complicates data processing, analysis, as well as access control. Homomorphic encryption (HE) as a single key system cannot flexibly control data sharing and access after encrypted data processing. How to realize various computations over encrypted data in …

Mind The Gap: Understanding Stakeholder Reactions To Different Types Of Data Security, Audra Diers-Lawson, Amelia Symons

International Crisis and Risk Communication Conference

Data security breaches are an increasingly common problem for organizations, yet there are critical gaps in our understanding of how different stakeholders understand and evaluate organizations that have experienced these kinds of security breaches. While organizations have developed relatively standard approaches to responding to security breaches that: (1) acknowledge the situation; (2) highlight how much they value their stakeholders’ privacy and private information; and (3) focus on correcting and preventing the problem in the future, the effectiveness of this response strategy and factors influencing it have not been adequately explored. This experiment focuses on a 2 (type of organization) x …