Information Security Commons^™

A Design Science Approach To Investigating Decentralized Identity Technology, Janelle Krupicka

Cybersecurity Undergraduate Research Showcase

The internet needs secure forms of identity authentication to function properly, but identity authentication is not a core part of the internet’s architecture. Instead, approaches to identity verification vary, often using centralized stores of identity information that are targets of cyber attacks. Decentralized identity is a secure way to manage identity online that puts users’ identities in their own hands and that has the potential to become a core part of cybersecurity. However, decentralized identity technology is new and continually evolving, which makes implementing this technology in an organizational setting challenging. This paper suggests that, in the future, decentralized identity …

A Case Study Of The Crashoverride Malware, Its Effects And Possible Countermeasures, Samuel Rector

Cybersecurity Undergraduate Research Showcase

CRASHOVERRIDE is a modular malware tailor-made for electric grid Industrial Control System (ICS) equipment and was deployed by a group named ELECTRUM in a Ukrainian substation. The malware would launch a protocol exploit to flip breakers and would then wipe the system of ICS files. Finally, it would execute a Denial Of Service (DOS) attack on protective relays. In effect, months of damage and thousands out of power. However, due to oversights the malware only caused a brief power outage. Though the implications of the malware are cause for researching and implementing countermeasures against others to come. The CISA recommends …

An Efficient Privacy-Preserving Framework For Video Analytics, Tian Zhou

Doctoral Dissertations

With the proliferation of video content from surveillance cameras, social media, and live streaming services, the need for efficient video analytics has grown immensely. In recent years, machine learning based computer vision algorithms have shown great success in various video analytic tasks. Specifically, neural network models have dominated in visual tasks such as image and video classification, object recognition, object detection, and object tracking. However, compared with classic computer vision algorithms, machine learning based methods are usually much more compute-intensive. Powerful servers are required by many state-of-the-art machine learning models. With the development of cloud computing infrastructures, people are able …

Designing High-Performance Identity-Based Quantum Signature Protocol With Strong Security, Sunil Prajapat, Pankaj Kumar, Sandeep Kumar, Ashok Kumar Das, Sachin Shetty, M. Shamim Hossain

VMASC Publications

Due to the rapid advancement of quantum computers, there has been a furious race for quantum technologies in academia and industry. Quantum cryptography is an important tool for achieving security services during quantum communication. Designated verifier signature, a variant of quantum cryptography, is very useful in applications like the Internet of Things (IoT) and auctions. An identity-based quantum-designated verifier signature (QDVS) scheme is suggested in this work. Our protocol features security attributes like eavesdropping, non-repudiation, designated verification, and hiding sources attacks. Additionally, it is protected from attacks on forgery, inter-resending, and impersonation. The proposed scheme benefits from the traditional designated …

Reducing Food Scarcity: The Benefits Of Urban Farming, S.A. Claudell, Emilio Mejia

Journal of Nonprofit Innovation

Urban farming can enhance the lives of communities and help reduce food scarcity. This paper presents a conceptual prototype of an efficient urban farming community that can be scaled for a single apartment building or an entire community across all global geoeconomics regions, including densely populated cities and rural, developing towns and communities. When deployed in coordination with smart crop choices, local farm support, and efficient transportation then the result isn’t just sustainability, but also increasing fresh produce accessibility, optimizing nutritional value, eliminating the use of ‘forever chemicals’, reducing transportation costs, and fostering global environmental benefits.

Imagine Doris, who is …

Passive Physical Layer Distinct Native Attribute Cyber Security Monitor, Christopher M. Rondeau, Michael A. Temple, Juan Lopez Jr, J. Addison Betances

AFIT Patents

A method for cyber security monitor includes monitoring a network interface that is input-only configured to surreptitiously and covertly receive bit-level, physical layer communication between networked control and sensor field devices. During a training mode, a baseline distinct native attribute (DNA) fingerprint is generated for each networked field device. During a protection mode, a current DNA fingerprint is generated for each networked field device. The current DNA fingerprint is compared to the baseline DNA fingerprint for each networked field device. In response to detect at least one of RAA and PAA based on a change in the current DNA fingerprint …

Turnstile File Transfer: A Unidirectional System For Medium-Security Isolated Clusters, Mark Monnin, Lori L. Sussman

Journal of Cybersecurity Education, Research and Practice

Data transfer between isolated clusters is imperative for cybersecurity education, research, and testing. Such techniques facilitate hands-on cybersecurity learning in isolated clusters, allow cybersecurity students to practice with various hacking tools, and develop professional cybersecurity technical skills. Educators often use these remote learning environments for research as well. Researchers and students use these isolated environments to test sophisticated hardware, software, and procedures using full-fledged operating systems, networks, and applications. Virus and malware researchers may wish to release suspected malicious software in a controlled environment to observe their behavior better or gain the information needed to assist their reverse engineering processes. …

The Transformative Integration Of Artificial Intelligence With Cmmc And Nist 800-171 For Advanced Risk Management And Compliance, Mia Lunati

Cybersecurity Undergraduate Research Showcase

This paper explores the transformative potential of integrating Artificial Intelligence (AI) with established cybersecurity frameworks such as the Cybersecurity Maturity Model Certification (CMMC) and the National Institute of Standards and Technology (NIST) Special Publication 800-171. The thesis argues that the relationship between AI and these frameworks has the capacity to transform risk management in cybersecurity, where it could serve as a critical element in threat mitigation. In addition to addressing AI’s capabilities, this paper acknowledges the risks and limitations of these systems, highlighting the need for extensive research and monitoring when relying on AI. One must understand boundaries when integrating …

Potential Security Vulnerabilities In Raspberry Pi Devices With Mitigation Strategies, Briana Tolleson

Cybersecurity Undergraduate Research Showcase

For this research project I used a Raspberry Pi device and conducted online research to investigate potential security vulnerabilities along with mitigation strategies. I configured the Raspberry Pi by using the proper peripherals such as an HDMI cord, a microUSB adapter that provided 5V and at least 700mA of current, a TV monitor, PiSwitch, SD Card, keyboard, and mouse. I installed the Rasbian operating system (OS). The process to install the Rasbian took about 10 minutes to boot starting at 21:08 on 10/27/2023 and ending at 21:18. 1,513 megabytes (MB) was written to the SD card running at (2.5 MB/sec). …

Ensuring Non-Repudiation In Long-Distance Constrained Devices, Ethan Blum

Undergraduate Honors Theses

Satellite communication is essential for the exploration and study of space. Satellites allow communications with many devices and systems residing in space and on the surface of celestial bodies from ground stations on Earth. However, with the rise of Ground Station as a Service (GsaaS), the ability to efficiently send action commands to distant satellites must ensure non-repudiation such that an attacker is unable to send malicious commands to distant satellites. Distant satellites are also constrained devices and rely on limited power, meaning security on these devices is minimal. Therefore, this study attempted to propose a novel algorithm to allow …

Closing The Gap: Leveraging Aes-Ni To Balance Adversarial Advantage And Honest User Performance In Argon2i, Nicholas Harrell, Nathaniel Krakauer

CERIAS Technical Reports

The challenge of providing data privacy and integrity while maintaining efficient performance for honest users is a persistent concern in cryptography. Attackers exploit advances in parallel hardware and custom circuit hardware to gain an advantage over regular users. One such method is the use of Application-Specific Integrated Circuits (ASICs) to optimize key derivation function (KDF) algorithms, giving adversaries a significant advantage in password guessing and recovery attacks. Other examples include using graphical processing units (GPUs) and field programmable gate arrays (FPGAs). We propose a focused approach to close the gap between adversarial advantage and honest user performance by leveraging the …

Cyberattacks And Security Of Cloud Computing: A Complete Guideline, Muhammad Dawood, Shanshan Tu, Chuangbai Xiao, Hisham Alasmary, Muhammad Waqas, Sadaqat Ur Rehman

Research outputs 2022 to 2026

Cloud computing is an innovative technique that offers shared resources for stock cache and server management. Cloud computing saves time and monitoring costs for any organization and turns technological solutions for large-scale systems into server-to-service frameworks. However, just like any other technology, cloud computing opens up many forms of security threats and problems. In this work, we focus on discussing different cloud models and cloud services, respectively. Next, we discuss the security trends in the cloud models. Taking these security trends into account, we move to security problems, including data breaches, data confidentiality, data access controllability, authentication, inadequate diligence, phishing, …

Executive Order On The Safe, Secure, And Trustworthy Development And Use Of Artificial Intelligence, Joseph R. Biden

Copyright, Fair Use, Scholarly Communication, etc.

Section 1. Purpose. Artificial intelligence (AI) holds extraordinary potential for both promise and peril. Responsible AI use has the potential to help solve urgent challenges while making our world more prosperous, productive, innovative, and secure. At the same time, irresponsible use could exacerbate societal harms such as fraud, discrimination, bias, and disinformation; displace and disempower workers; stifle competition; and pose risks to national security. Harnessing AI for good and realizing its myriad benefits requires mitigating its substantial risks. This endeavor demands a society-wide effort that includes government, the private sector, academia, and civil society.

My Administration places the highest urgency …

Leveraging Vr/Ar/Mr/Xr Technologies To Improve Cybersecurity Education, Training, And Operations, Paul Wagner, Dalal Alharthi

Journal of Cybersecurity Education, Research and Practice

The United States faces persistent threats conducting malicious cyber campaigns that threaten critical infrastructure, companies and their intellectual property, and the privacy of its citizens. Additionally, there are millions of unfilled cybersecurity positions, and the cybersecurity skills gap continues to widen. Most companies believe that this problem has not improved and nearly 44% believe it has gotten worse over the past 10 years. Threat actors are continuing to evolve their tactics, techniques, and procedures for conducting attacks on public and private targets. Education institutions and companies must adopt emerging technologies to develop security professionals and to increase cybersecurity awareness holistically. …

Integrating Nist And Iso Cybersecurity Audit And Risk Assessment Frameworks Into Cameroonian Law, Bernard Ngalim

Journal of Cybersecurity Education, Research and Practice

This paper reviews cybersecurity laws and regulations in Cameroon, focusing on cybersecurity and information security audits and risk assessments. The importance of cybersecurity risk assessment and the implementation of security controls to cure deficiencies noted during risk assessments or audits is a critical step in developing cybersecurity resilience. Cameroon's cybersecurity legal framework provides for audits but does not explicitly enumerate controls. Consequently, integrating relevant controls from the NIST frameworks and ISO Standards can improve the cybersecurity posture in Cameroon while waiting for a comprehensive revision of the legal framework. NIST and ISO are internationally recognized as best practices in information …

Owner-Free Distributed Symmetric Searchable Encryption Supporting Conjunctive Queries, Qiuyun Tong, Xinghua Li, Yinbin Miao, Yunwei Wang, Ximeng Liu, Robert H. Deng

Research Collection School Of Computing and Information Systems

Symmetric Searchable Encryption (SSE), as an ideal primitive, can ensure data privacy while supporting retrieval over encrypted data. However, existing multi-user SSE schemes require the data owner to share the secret key with all query users or always be online to generate search tokens. While there are some solutions to this problem, they have at least one weakness, such as non-supporting conjunctive query, result decryption assistance of the data owner, and unauthorized access. To solve the above issues, we propose an Owner-free Distributed Symmetric searchable encryption supporting Conjunctive query (ODiSC). Specifically, we first evaluate the Learning-Parity-with-Noise weak Pseudorandom Function (LPN-wPRF) …

Static Malware Family Clustering Via Structural And Functional Characteristics, David George, Andre Mauldin, Josh Mitchell, Sufiyan Mohammed, Robert Slater

SMU Data Science Review

Static and dynamic analyses are the two primary approaches to analyzing malicious applications. The primary distinction between the two is that the application is analyzed without execution in static analysis, whereas the dynamic approach executes the malware and records the behavior exhibited during execution. Although each approach has advantages and disadvantages, dynamic analysis has been more widely accepted and utilized by the research community whereas static analysis has not seen the same attention. This study aims to apply advancements in static analysis techniques to demonstrate the identification of fine-grained functionality, and show, through clustering, how malicious applications may be grouped …

Reinforcing Digital Trust For Cloud Manufacturing Through Data Provenance Using Ethereum Smart Contracts, Trupti Narayan Rane

Engineering Management & Systems Engineering Theses & Dissertations

Cloud Manufacturing(CMfg) is an advanced manufacturing model that caters to fast-paced agile requirements (Putnik, 2012). For manufacturing complex products that require extensive resources, manufacturers explore advanced manufacturing techniques like CMfg as it becomes infeasible to achieve high standards through complete ownership of manufacturing artifacts (Kuan et al., 2011). CMfg, with other names such as Manufacturing as a Service (MaaS) and Cyber Manufacturing (NSF, 2020), addresses the shortcoming of traditional manufacturing by building a virtual cyber enterprise of geographically distributed entities that manufacture custom products through collaboration.

With manufacturing venturing into cyberspace, Digital Trust issues concerning product quality, data, and intellectual …

An Ml Based Digital Forensics Software For Triage Analysis Through Face Recognition, Gaurav Gogia, Parag H. Rughani

Journal of Digital Forensics, Security and Law

Since the past few years, the complexity and heterogeneity of digital crimes has increased exponentially, which has made the digital evidence & digital forensics paramount for both criminal investigation and civil litigation cases. Some of the routine digital forensic analysis tasks are cumbersome and can increase the number of pending cases especially when there is a shortage of domain experts. While the work is not very complex, the sheer scale can be taxing. With the current scenarios and future predictions, crimes are only going to become more complex and the precedent of collecting and examining digital evidence is only going …

Framework For Assessing Information System Security Posture Risks, Syed Waqas Hamdani

Electronic Thesis and Dissertation Repository

In today’s data-driven world, Information Systems, particularly the ones operating in regulated industries, require comprehensive security frameworks to protect against loss of confidentiality, integrity, or availability of data, whether due to malice, accident or otherwise. Once such a security framework is in place, an organization must constantly monitor and assess the overall compliance of its systems to detect and rectify any issues found. This thesis presents a technique and a supporting toolkit to first model dependencies between security policies (referred to as controls) and, second, devise models that associate risk with policy violations. Third, devise algorithms that propagate risk when …

Du Undergraduate Showcase: Research, Scholarship, And Creative Works, Caitlyn Aldersea, Justin Bravo, Sam Allen, Anna Block, Connor Block, Emma Buechler, Maria De Los Angeles Bustillos, Arianna Carlson, William Christensen, Olivia Kachulis, Noah Craver, Kate Dillon, Muskan Fatima, Angel Fernandes, Emma Finch, Colleen Cassidy, Amy Fishman, Andrea Francis, Stacia Fritz, Simran Gill, Emma Gries, Rylie Hansen, Shannon Powers, Jacqueline Martinez, Zachary Harker, Ashley Hasty, Mykaela Tanino-Springsteen, Kathleen Hopps, Adelaide Kerenick, Colin Kleckner, Ci Koehring, Elijah Kruger, Braden Krumholz, Maddie Leake, Lyneé Alves, Seraphina Loukas, Yatzari Lozano Vazquez, Haley Maki, Emily Martinez, Sierra Mckinney, Mykaela Tanino-Springsteen, Audrey Mitchell, Kipling Newman, Audrey Ng, Megan Lucyshyn, Andrew Nguyen, Stevie Ostman, Casandra Pearson, Alexandra Penney, Julia Gielczynski, Tyler Ball, Anna Rini, Christina Rorres, Simon Ruland, Helayna Schafer, Emma Sellers, Sarah Schuller, Claire Shaver, Kevin Summers, Isabella Shaw, Madison Sinar, Claudia Pena, Apshara Siwakoti, Carter Sorensen, Madi Sousa, Anna Sparling, Alexandra Revier, Brandon Thierry, Dylan Tyree, Maggie Williams, Lauren Wols

DU Undergraduate Research Journal Archive

DU Undergraduate Showcase: Research, Scholarship, and Creative Works

Blockchain Security: Double-Spending Attack And Prevention, William Henry Scott Iii

Electronic Theses and Dissertations

This thesis shows that distributed consensus systems based on proof of work are vulnerable to hashrate-based double-spending attacks due to abuse of majority rule. Through building a private fork of Litecoin and executing a double-spending attack this thesis examines the mechanics and principles behind the attack. This thesis also conducts a survey of preventative measures used to deter double-spending attacks, concluding that a decentralized peer-to-peer network using proof of work is best protected by the addition of an observer system whether internal or external.

What Senior U.S. Leaders Say We Should Know About Cyber, Dr. Joseph H. Schafer

Military Cyber Affairs

On April 6, 2023, the Atlantic Council’s Cyber Statecraft Initiative hosted a panel discussion on the new National Cybersecurity Strategy. The panel featured four senior officials from the Office of the National Cyber Director (ONCD), the Department of State (DoS), the Department of Justice (DoJ), and the Department of Homeland Security (DHS). The author attended and asked each official to identify the most important elements that policymakers and strategists must understand about cyber. This article highlights historical and recent struggles to express cyber policy, the responses from these officials, and the author’s ongoing research to improve national security cyber policy.

Rattus Norvegicus As A Biological Detector Of Clandestine Remains And The Use Of Ultrasonic Vocalizations As A Locating Mechanism, Gabrielle M. Johnston

Master's Theses

In investigations, locating missing persons and clandestine remains are imperative. One way that first responder and police agencies can search for the remains is by using cadaver dogs as biological detectors. Cadaver dogs are typically used due to their olfactory sensitivity and ability to detect low concentrations of volatile organic compounds produced by biological remains. Cadaver dogs are typically chosen for their stamina, agility, and olfactory sensitivity. However, what is not taken into account often is the size of the animal and the expense of maintaining and training the animal. Cadaver dogs are typically large breeds that cannot fit in …

Iot Health Devices: Exploring Security Risks In The Connected Landscape, Abasi-Amefon Obot Affia, Hilary Finch, Woosub Jung, Issah Abubakari Samori, Lucas Potter, Xavier-Lewis Palmer

School of Cybersecurity Faculty Publications

The concept of the Internet of Things (IoT) spans decades, and the same can be said for its inclusion in healthcare. The IoT is an attractive target in medicine; it offers considerable potential in expanding care. However, the application of the IoT in healthcare is fraught with an array of challenges, and also, through it, numerous vulnerabilities that translate to wider attack surfaces and deeper degrees of damage possible to both consumers and their confidence within health systems, as a result of patient-specific data being available to access. Further, when IoT health devices (IoTHDs) are developed, a diverse range of …

Trace Dna Detection Using Diamond Dye: A Recovery Technique To Yield More Dna, Leah Davis

Master's Theses

This study aspires to find a new screening approach to trace DNA recovery techniques to yield a higher quantity of trace DNA from larger items of evidence. It takes the path of visualizing trace DNA on items of evidence with potential DNA so analysts can swab a more localized area rather than attempting to recover trace DNA through the general swabbing technique currently used for trace DNA recovery. The first and second parts consisted of observing trace DNA interaction with Diamond Dye on porous and non-porous surfaces.

The third part involved applying the Diamond Dye solution by spraying it onto …

Critical Infrastructure Workforce Development Pods For Teaching Cybersecurity Using Netlab+, Gideon Sutterfield

Computer Science and Computer Engineering Undergraduate Honors Theses

As digital automation for Industrial Control Systems has grown, so has its
vulnerability to cyberattacks. The world of industry has responded effectively to this, but the world of academia is still lagging as its emphasis is still almost entirely on information technology. Considering this, we created a workforce development pod that serves as a hands-on learning module for teaching students key cybersecurity ideas surrounding operational technology using the NETLAB+ platform. A pod serves as the virtual environment where the learning exercise takes place. This project’s implementation involved the creation of a segmented network within the pod where a student starts …

Role Of Ai In Threat Detection And Zero-Day Attacks, Kelly Morgan

Cybersecurity Undergraduate Research Showcase

Cybercrime and attack methods have been steadily increasing since the 2019 pandemic. In the years following 2019, the number of victims and attacks per hour rapidly increased as businesses and organizations transitioned to digital environments for business continuity amidst lockdowns. In most scenarios cybercriminals continued to use conventional attack methods and known vulnerabilities that would cause minimal damage to an organization with a robust cyber security posture. However, zero-day exploits have skyrocketed across all industries with an increasingly growing technological landscape encompassing internet of things (IoT), cloud hosting, and more advanced mobile technologies. Reports by Mandiant Threat Intelligence (2022) concluded …

Leveraging Artificial Intelligence And Machine Learning For Enhanced Cybersecurity: A Proposal To Defeat Malware, Emmanuel Boateng

Cybersecurity Undergraduate Research Showcase

Cybersecurity is very crucial in the digital age in order to safeguard the availability, confidentiality, and integrity of data and systems. Mitigation techniques used in the industry include Multi-factor Authentication (MFA), Incident Response Planning (IRP), Security Information and Event Management (SIEM), and Signature-based and Heuristic Detection.

MFA is employed as an additional layer of protection in several sectors to help prevent unauthorized access to sensitive data. IRP is a plan in place to address cybersecurity problems efficiently and expeditiously. SIEM offers real-time analysis and alerts the system of threats and vulnerabilities. Heuristic-based detection relies on detecting anomalies when it comes …

Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn

SMU Data Science Review

Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …