Information Security Commons^™

Reducing Food Scarcity: The Benefits Of Urban Farming, S.A. Claudell, Emilio Mejia

Journal of Nonprofit Innovation

Urban farming can enhance the lives of communities and help reduce food scarcity. This paper presents a conceptual prototype of an efficient urban farming community that can be scaled for a single apartment building or an entire community across all global geoeconomics regions, including densely populated cities and rural, developing towns and communities. When deployed in coordination with smart crop choices, local farm support, and efficient transportation then the result isn’t just sustainability, but also increasing fresh produce accessibility, optimizing nutritional value, eliminating the use of ‘forever chemicals’, reducing transportation costs, and fostering global environmental benefits.

Imagine Doris, who is …

A Conceptual Decentralized Identity Solution For State Government, Martin Duclos

Theses and Dissertations

In recent years, state governments, exemplified by Mississippi, have significantly expanded their online service offerings to reduce costs and improve efficiency. However, this shift has led to challenges in managing digital identities effectively, with multiple fragmented solutions in use. This paper proposes a Self-Sovereign Identity (SSI) framework based on distributed ledger technology. SSI grants individuals control over their digital identities, enhancing privacy and security without relying on a centralized authority. The contributions of this research include increased efficiency, improved privacy and security, enhanced user satisfaction, and reduced costs in state government digital identity management. The paper provides background on digital …

A Review Of Threat Vectors To Dna Sequencing Pipelines, Tyler Rector

Cybersecurity Undergraduate Research Showcase

Bioinformatics is a steadily growing field that focuses on the intersection of biology with computer science. Tools and techniques developed within this field are quickly becoming fixtures in genomics, forensics, epidemiology, and bioengineering. The development and analysis of DNA sequencing and synthesis have enabled this significant rise in demand for bioinformatic tools. Notwithstanding, these bioinformatic tools have developed in a research context free of significant cybersecurity threats. With the significant growth of the field and the commercialization of genetic information, this is no longer the case. This paper examines the bioinformatic landscape through reviewing the biological and cybersecurity threats within …

From Asset Flow To Status, Action And Intention Discovery: Early Malice Detection In Cryptocurrency, Ling Cheng, Feida Zhu, Yong Wang, Ruicheng Liang, Huiwen Liu

Research Collection School Of Computing and Information Systems

Cryptocurrency has been subject to illicit activities probably more often than traditional financial assets due to the pseudo-anonymous nature of its transacting entities. An ideal detection model is expected to achieve all three critical properties of early detection, good interpretability, and versatility for various illicit activities. However, existing solutions cannot meet all these requirements, as most of them heavily rely on deep learning without interpretability and are only available for retrospective analysis of a specific illicit type. To tackle all these challenges, we propose Intention Monitor for early malice detection in Bitcoin, where the on-chain record data for a certain …

Ensuring Non-Repudiation In Long-Distance Constrained Devices, Ethan Blum

Honors Theses

Satellite communication is essential for the exploration and study of space. Satellites allow communications with many devices and systems residing in space and on the surface of celestial bodies from ground stations on Earth. However, with the rise of Ground Station as a Service (GsaaS), the ability to efficiently send action commands to distant satellites must ensure non-repudiation such that an attacker is unable to send malicious commands to distant satellites. Distant satellites are also constrained devices and rely on limited power, meaning security on these devices is minimal. Therefore, this study attempted to propose a novel algorithm to allow …

A Smart Chatbot System For Digitizing Service Management To Improve Business Continuity, Asraa Mohammed Albeshr

Theses

Chatbots, also called digital systems that require a natural language-based interface for user interaction, are increasingly being integrated into our daily lives. These chatbots respond intelligently to voice and text and function as sophisticated entities. Its functioning includes the recognition of multiple human languages through the application of Natural Language Processing (NLP) techniques. These chatbots find applications in various areas such as e-commerce services, medical assistance, recommendation systems, and educational purposes. This reflects the versatility and widespread adoption of this technology. AI chatbots play a crucial role in improving IT support in IT Service Management (ITSM) for better business continuity. …

Privacy-Preserving Bloom Filter-Based Keyword Search Over Large Encrypted Cloud Data, Yanrong Liang, Jianfeng Ma, Yinbin Miao, Da Kuang, Xiangdong Meng, Robert H. Deng

Research Collection School Of Computing and Information Systems

To achieve the search over encrypted data in cloud server, Searchable Encryption (SE) has attracted extensive attention from both academic and industrial fields. The existing Bloom filter-based SE schemes can achieve similarity search, but will generally incur high false positive rates, and even leak the privacy of values in Bloom filters (BF). To solve the above problems, we first propose a basic Privacy-preserving Bloom filter-based Keyword Search scheme using the Circular Shift and Coalesce-Bloom Filter (CSC-BF) and Symmetric-key Hidden Vector Encryption (SHVE) technology (namely PBKS), which can achieve effective search while protecting the values in BFs. Then, we design a …

Link Tank

DePaul Magazine

A new JD certificate program in information technology, cybersecurity and data privacy provides DePaul University students with proficiency in both law and tech.

Integrating Human Expert Knowledge With Openai And Chatgpt: A Secure And Privacy-Enabled Knowledge Acquisition Approach, Ben Phillips

College of Engineering Summer Undergraduate Research Program

Advanced Large Language Models (LLMs) struggle to produce accurate results and preserve user privacy for use cases involving domain-specific knowledge. A privacy-preserving approach for leveraging LLM capabilities on domain-specific knowledge could greatly expand the use cases of LLMs in a variety of disciplines and industries. This project explores a method for acquiring domain-specific knowledge for use with GPT3 while protecting sensitive user information with ML-based text-sanitization.

Toward Intention Discovery For Early Malice Detection In Cryptocurrency, Ling Cheng, Feida Zhu, Yong Wang, Ruicheng Liang, Huiwen Liu

Research Collection School Of Computing and Information Systems

Cryptocurrency’s pseudo-anonymous nature makes it vulnerable to malicious activities. However, existing deep learning solutions lack interpretability and only support retrospective analysis of specific malice types. To address these challenges, we propose Intention-Monitor for early malice detection in Bitcoin. Our model, utilizing Decision-Tree based feature Selection and Complement (DT-SC), builds different feature sets for different malice types. The Status Proposal Module (SPM) and hierarchical self-attention predictor provide real-time global status and address label predictions. A survival module determines the stopping point and proposes the status sequence (intention). Our model detects various malicious activities with strong interpretability, outperforming state-of-the-art methods in extensive …

Threshold Attribute-Based Credentials With Redactable Signature, Rui Shi, Huamin Feng, Yang Yang, Feng Yuan, Yingjiu Li, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Threshold attribute-based credentials are suitable for decentralized systems such as blockchains as such systems generally assume that authenticity, confidentiality, and availability can still be guaranteed in the presence of a threshold number of dishonest or faulty nodes. Coconut (NDSS'19) was the first selective disclosure attribute-based credentials scheme supporting threshold issuance. However, it does not support threshold tracing of user identities and threshold revocation of user credentials, which is desired for internal governance such as identity management, data auditing, and accountability. The communication and computation complexities of Coconut for verifying credentials are linear in the number of each user's attributes and …

Cybersecurity Safeguards: What Cybersecurity Safeguards Could Have Prevented The Intelligence/Data Breach By A Member Of The Air National Guard, Christopher Curtis Royal

Cyber Operations and Resilience Program Graduate Projects

Jack Teixeira, a 21-year-old IT specialist Air National Guard found himself on the wrong side of the US law after sharing what is considered classified and extremely sensitive information about USA's operations and role in Ukraine and Russia war. Like other previous cases of leakage of classified intelligence, the case of Teixeira raises concerns about the weaknesses and vulnerability of federal agencies' IT systems and security protocols governing accessibility to classified documents. Internal leakages of such classified documents hurt national security and can harm the country, especially when such secretive intelligence finds its way into the hands of enemies. Unauthorized …

Balancing Privacy And Flexibility Of Cloud-Based Personal Health Records Sharing System, Yudi Zhang, Fuchun Guo, Willy Susilo, Guomin Yang

Research Collection School Of Computing and Information Systems

The Internet of Things and cloud services have been widely adopted in many applications, and personal health records (PHR) can provide tailored medical care. The PHR data is usually stored on cloud servers for sharing. Weighted attribute-based encryption (ABE) is a practical and flexible technique to protect PHR data. Under a weighted ABE policy, the data user's attributes will be “scored”, if and only if the score reaches the threshold value, he/she can access the data. However, while this approach offers a flexible access policy, the data owners have difficulty controlling their privacy, especially sharing PHR data in collaborative e-health …

Multi-Target Backdoor Attacks For Code Pre-Trained Models, Yanzhou Li, Shangqing Liu, Kangjie Chen, Xiaofei Xie, Tianwei Zhang, Yang Liu

Research Collection School Of Computing and Information Systems

Backdoor attacks for neural code models have gained considerable attention due to the advancement of code intelligence. However, most existing works insert triggers into task-specific data for code-related downstream tasks, thereby limiting the scope of attacks. Moreover, the majority of attacks for pre-trained models are designed for understanding tasks. In this paper, we propose task-agnostic backdoor attacks for code pre-trained models. Our backdoored model is pre-trained with two learning strategies (i.e., Poisoned Seq2Seq learning and token representation learning) to support the multi-target attack of downstream code understanding and generation tasks. During the deployment phase, the implanted backdoors in the victim …

Mitigating Adversarial Attacks On Data-Driven Invariant Checkers For Cyber-Physical Systems, Rajib Ranjan Maiti, Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt

Research Collection School Of Computing and Information Systems

The use of invariants in developing security mechanisms has become an attractive research area because of their potential to both prevent attacks and detect attacks in Cyber-Physical Systems (CPS). In general, an invariant is a property that is expressed using design parameters along with Boolean operators and which always holds in normal operation of a system, in particular, a CPS. Invariants can be derived by analysing operational data of various design parameters in a running CPS, or by analysing the system's requirements/design documents, with both of the approaches demonstrating significant potential to detect and prevent cyber-attacks on a CPS. While …

Digital Transformation In Local Governments: A Case Study Of Abu Dhabi Municipality Transport Department, Alia Sahmi Al Ahbabi

Theses

The new generation is rapidly adapting to the digital era, where government and private services are being transformed into electronic services, commonly known as Eservices. Cities are leveraging digitalization to streamline their business processes and business services. This digitalization has improved service delivery time and quality for individuals. With digitalization, business processes align with technology, enhancing performance and customer satisfaction. However, there are challenges associated with digitalization, particularly people working in various municipality departments who find it challenging to adapt to digitization. Employees may take time to adjust to the new techniques and technologies, which may hamper the actions of …

An Efficient Strategy For Deploying Deception Technology, Noora Abdulla Alhosani

Theses

Implementations of deception technology is crucial in discovering attacks by creating a controlled and monitored environment for detecting malicious activity. This technology involves the deployment of decoys, traps, and honeypots that mimic natural systems and network assets to attract and identify attackers. The use of deception technology provides an early warning system for detecting cyber-attacks, allowing organizations to respond quickly and mitigate damage. This article proposed a framework that focuses on maximizing the efficiency of deception technology in detecting sophisticated attacks. The framework employs multi-layered deception techniques at various levels of the network, system, and application to provide comprehensive coverage …

An Analysis And Examination Of Consensus Attacks In Blockchain Networks, Thomas R. Clark

Senior Honors Projects, 2020-current

This paper examines consensus attacks as they relate to blockchain networks. Consensus attacks are a significant threat to the security and integrity of blockchain networks, and understanding these attacks is crucial for developers and stakeholders. The primary contribution of the paper is to present blockchain and consensus attacks in a clear and accessible manner, with the aim of making these complex concepts easily understandable for a general audience. Using literature review, the paper identifies various methods to prevent consensus attacks, including multi-chain networks, proof-of-work consensus algorithms, and network auditing and monitoring. An analysis revealed that these methods for preventing consensus …

Blockchain Security: Double-Spending Attack And Prevention, William Henry Scott Iii

Electronic Theses and Dissertations

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external.

Digital Dna: The Ethical Implications Of Big Data As The World’S New-Age Commodity, Clark H. Dotson

Honors Theses

In the emerging digital world that we find ourselves in, it becomes apparent that data collection has become a staple of daily life, whether we like it or not. This research discussion aims to bring light to just how much one’s own digital identity is valued in the technologically-infused world of today, with distinct research and local examples to bring awareness to the ethical implications of your online presence. The paper in question examines anecdotal and research evidence of the collection of data, both through true and unjust means, as well as ethical implications of what this information truly represents. …

Rattus Norvegicus As A Biological Detector Of Clandestine Remains And The Use Of Ultrasonic Vocalizations As A Locating Mechanism, Gabrielle M. Johnston

Master's Theses

In investigations, locating missing persons and clandestine remains are imperative. One way that first responder and police agencies can search for the remains is by using cadaver dogs as biological detectors. Cadaver dogs are typically used due to their olfactory sensitivity and ability to detect low concentrations of volatile organic compounds produced by biological remains. Cadaver dogs are typically chosen for their stamina, agility, and olfactory sensitivity. However, what is not taken into account often is the size of the animal and the expense of maintaining and training the animal. Cadaver dogs are typically large breeds that cannot fit in …

Trace Dna Detection Using Diamond Dye: A Recovery Technique To Yield More Dna, Leah Davis

Master's Theses

This study aspires to find a new screening approach to trace DNA recovery techniques to yield a higher quantity of trace DNA from larger items of evidence. It takes the path of visualizing trace DNA on items of evidence with potential DNA so analysts can swab a more localized area rather than attempting to recover trace DNA through the general swabbing technique currently used for trace DNA recovery. The first and second parts consisted of observing trace DNA interaction with Diamond Dye on porous and non-porous surfaces.

The third part involved applying the Diamond Dye solution by spraying it onto …

Rbac Attack Exposure Auditor. Tracking User Risk Exposure Per Role-Based Access Control Permissions, Adelaide Damrau

Undergraduate Honors Theses

Access control models and implementation guidelines for determining, provisioning, and de-provisioning user permissions are challenging due to the differing approaches, unique for each organization, the lack of information provided by case studies concerning the organization’s security policies, and no standard means of implementation procedures or best practices. Although there are multiple access control models, one stands out, role-based access control (RBAC). RBAC simplifies maintenance by enabling administrators to group users with similar permissions. This approach to managing user permissions supports the principle of least privilege and separation of duties, which are needed to ensure an organization maintains acceptable user access …

Colefunda: Explainable Silent Vulnerability Fix Identification, Jiayuan Zhou, Michael Pacheco, Jinfu Chen, Xing Hu, Xin Xia, David Lo, Ahmed E. Hassan

Research Collection School Of Computing and Information Systems

It is common practice for OSS users to leverage and monitor security advisories to discover newly disclosed OSS vulnerabilities and their corresponding patches for vulnerability remediation. It is common for vulnerability fixes to be publicly available one week earlier than their disclosure. This gap in time provides an opportunity for attackers to exploit the vulnerability. Hence, OSS users need to sense the fix as early as possible so that the vulnerability can be remediated before it is exploited. However, it is common for OSS to adopt a vulnerability disclosure policy which causes the majority of vulnerabilities to be fixed silently, …

Premium Wireless, Dakota Burkhart, Andrew Clark, Garrett Kenney, Brandon Monroe

ATU Research Symposium

Our work implements an inventory system and appointment system for the Premium Wireless phone company. It includes separate views for employees to manage inventory and view appointments for the day and the near future and allows customers to view all current inventory and set an appointment.

An Analysis Of Successful Sqlia For Future Evolutionary Prediction, Andrew Pechin

Senior Honors Theses

Web applications are a fundamental component of the internet, many interact with backend databases. Securing web applications and their databases from hackers should be a top priority for cybersecurity researchers. Structured Query Language (SQL) injection attacks (SQLIA) constitute a significant threat to web applications. They can hijack the backend databases to steal personally identifiable information (PII), initiate scams, or launch more sophisticated cyberattacks. SQLIA has evolved since its conception in the early 2000s and will continue to do so in the coming years. This paper analyzes past literature and successful SQLIA from specific time periods to identify themes and methods …

Chatgpt As Metamorphosis Designer For The Future Of Artificial Intelligence (Ai): A Conceptual Investigation, Amarjit Kumar Singh (Library Assistant), Dr. Pankaj Mathur (Deputy Librarian)

Library Philosophy and Practice (e-journal)

Abstract

Purpose: The purpose of this research paper is to explore ChatGPT’s potential as an innovative designer tool for the future development of artificial intelligence. Specifically, this conceptual investigation aims to analyze ChatGPT’s capabilities as a tool for designing and developing near about human intelligent systems for futuristic used and developed in the field of Artificial Intelligence (AI). Also with the helps of this paper, researchers are analyzed the strengths and weaknesses of ChatGPT as a tool, and identify possible areas for improvement in its development and implementation. This investigation focused on the various features and functions of ChatGPT that …

Data Poisoning: A New Threat To Artificial Intelligence, Nary Simms

Mathematics and Computer Science Capstones

Artificial Intelligence (AI) adoption is rapidly being deployed in a number of fields, from banking and finance to healthcare, robotics, transportation, military, e-commerce and social networks. Grand View Research estimates that the global AI market was worth 93.5 billion in 2021 and that it will increase at a compound annual growth rate (CAGR) of 38.1% from 2022 to 2030. According to a 2020 MIT Sloan Management survey, 87% of multinational corporations believe that AI technology will provide a competitive edge. Artificial Intelligence relies heavily on datasets to train its models. The more data, the better it learns and predicts. However, …

An Empirical Assessment Of The Use Of Password Workarounds And The Cybersecurity Risk Of Data Breaches, Michael Joseph Rooney

CCE Theses and Dissertations

Passwords have been used for a long time to grant controlled access to classified spaces, electronics, networks, and more. However, the dramatic increase in user accounts over the past few decades has exposed the realization that technological measures alone cannot ensure a high level of IS security; this leaves the end-users holding a critical role in protecting their organization and personal information. The increased use of IS as a working tool for employees increases the number of accounts and passwords required. Despite being more aware of password entropy, users still often participate in deviant password behaviors, known as ‘password workarounds’ …

Campus Safety Data Gathering, Classification, And Ranking Based On Clery-Act Reports, Walaa F. Abo Elenin

Electronic Theses and Dissertations

Most existing campus safety rankings are based on criminal incident history with minimal or no consideration of campus security conditions and standard safety measures. Campus safety information published by universities/colleges is usually conceptual/qualitative and not quantitative and are based-on criminal records of these campuses. Thus, no explicit and trusted ranking method for these campuses considers the level of compliance with the standard safety measures. A quantitative safety measure is important to compare different campuses easily and to learn about specific campus safety conditions.

In this thesis, we utilize Clery-Act reports of campuses to automatically analyze their safety conditions and generate …