Information Security Commons^™

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …

The Propagation And Execution Of Malware In Images, Piper Hall

Cybersecurity Undergraduate Research Showcase

Malware has become increasingly prolific and severe in its consequences as information systems mature and users become more reliant on computing in their daily lives. As cybercrime becomes more complex in its strategies, an often-overlooked manner of propagation is through images. In recent years, several high-profile vulnerabilities in image libraries have opened the door for threat actors to steal money and information from unsuspecting users. This paper will explore the mechanisms by which these exploits function and how they can be avoided.

Testsgd: Interpretable Testing Of Neural Networks Against Subtle Group Discrimination, Mengdi Zhang, Jun Sun, Jingyi Wang, Bing Sun

Research Collection School Of Computing and Information Systems

Discrimination has been shown in many machine learning applications, which calls for sufficient fairness testing before their deployment in ethic-relevant domains. One widely concerning type of discrimination, testing against group discrimination, mostly hidden, is much less studied, compared with identifying individual discrimination. In this work, we propose TestSGD, an interpretable testing approach which systematically identifies and measures hidden (which we call ‘subtle’) group discrimination of a neural network characterized by conditions over combinations of the sensitive attributes. Specifically, given a neural network, TestSGD first automatically generates an interpretable rule set which categorizes the input space into two groups. Alongside, TestSGD …

Pam(3)S: Progressive Two-Stage Auction-Based Multi-Platform Multi-User Mutual Selection Scheme In Mcs, Bin Luo, Xinghua Li, Yinbin Miao, Man Zhang, Ximeng Liu, Yanbing Ren, Xizhao Luo, Deng, Robert H.

Research Collection School Of Computing and Information Systems

Mobile crowdsensing (MCS) has been applied in various fields to realize data sharing, where multiple platforms and multiple Mobile Users () have appeared recently. However, aiming at mutual selection, the existing works ignore making ' utilities with the limited resources and platforms' utilities while achieving the desired sensing data quality maximum as far as possible. Thus, they cannot motivate both and platforms to participate. To address this problem, standing on both sides of and platforms with conflicting interests, we propose a Progressive two-stage Auction-based Multi-platform Multi-user Mutual Selection scheme (). Specifically, in, we treat mutual selection as a two-stage auction …

Chatgpt As Metamorphosis Designer For The Future Of Artificial Intelligence (Ai): A Conceptual Investigation, Amarjit Kumar Singh (Library Assistant), Dr. Pankaj Mathur (Deputy Librarian)

Library Philosophy and Practice (e-journal)

Abstract

Purpose: The purpose of this research paper is to explore ChatGPT’s potential as an innovative designer tool for the future development of artificial intelligence. Specifically, this conceptual investigation aims to analyze ChatGPT’s capabilities as a tool for designing and developing near about human intelligent systems for futuristic used and developed in the field of Artificial Intelligence (AI). Also with the helps of this paper, researchers are analyzed the strengths and weaknesses of ChatGPT as a tool, and identify possible areas for improvement in its development and implementation. This investigation focused on the various features and functions of ChatGPT that …

Crowdfa: A Privacy-Preserving Mobile Crowdsensing Paradigm Via Federated Analytics, Bowen Zhao, Xiaoguo Li, Ximeng Liu, Qingqi Pei, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

Mobile crowdsensing (MCS) systems typically struggle to address the challenge of data aggregation, incentive design, and privacy protection, simultaneously. However, existing solutions usually focus on one or, at most, two of these issues. To this end, this paper presents CROWD FA, a novel paradigm for privacy-preserving MCS through federated analytics (FA), which aims to achieve a well-rounded solution encompassing data aggregation, incentive design, and privacy protection. Specifically, inspired by FA, CROWD FA initiates an MCS computing paradigm that enables data aggregation and incentive design. Participants can perform aggregation operations on their local data, facilitated by CROWD FA, which supports various …

Predictive Taxonomy Analytics (Lasso): Predicting Outcome Types Of Cyber Breach, Jing Rong Goh, Shaun S. Wang, Yaniv Harel, Gabriel Toh

Research Collection School Of Economics

Cyber breaches are costly for the global economy and extensive efforts have gone into improving the cybersecurity infrastructure. There are numerous types of cyber breaches that vary greatly in terms of cause and impact, resulting in an extensive literature for individual cyber breach type. Our paper seeks to provide a general framework that can be easily applied to analyze different types of cyber breaches. Our framework is inspired by the taxonomy approach in the cybersecurity literature, where it was proposed that an effective set of taxonomy can provide a direction on supporting improved decision-making in cyber risk management and selecting …

Detecting Selfish Mining Attacks Against A Blockchain Using Machine Learing, Matthew A. Peterson

<strong> Theses and Dissertations </strong>

Selfish mining is an attack against a blockchain where miners hide newly discovered blocks instead of publishing them to the rest of the network. Selfish mining has been a potential issue for blockchains since it was first discovered by Eyal and Sirer. It can be used by malicious miners to earn a disproportionate share of the mining rewards or in conjunction with other attacks to steal money from network users. Several of these attacks were launched in 2018, 2019, and 2020 with the attackers stealing as much as $18 Million. Developers made several different attempts to fix this issue, but …

Side-Channel Analysis On Post-Quantum Cryptography Algorithms, Tristen Teague

Computer Science and Computer Engineering Undergraduate Honors Theses

The advancements of quantum computers brings us closer to the threat of our current asymmetric cryptography algorithms being broken by Shor's Algorithm. NIST proposed a standardization effort in creating a new class of asymmetric cryptography named Post-Quantum Cryptography (PQC). These new algorithms will be resistant against both classical computers and sufficiently powerful quantum computers. Although the new algorithms seem mathematically secure, they can possibly be broken by a class of attacks known as side-channels attacks (SCA). Side-channel attacks involve exploiting the hardware that the algorithm runs on to figure out secret values that could break the security of the system. …

Design And Development Of Techniques To Ensure Integrity In Fog Computing Based Databases, Abdulwahab Fahad S. Alazeb

Graduate Theses and Dissertations

The advancement of information technology in coming years will bring significant changes to the way sensitive data is processed. But the volume of generated data is rapidly growing worldwide. Technologies such as cloud computing, fog computing, and the Internet of things (IoT) will offer business service providers and consumers opportunities to obtain effective and efficient services as well as enhance their experiences and services; increased availability and higher-quality services via real-time data processing augment the potential for technology to add value to everyday experiences. This improves human life quality and easiness. As promising as these technological innovations, they are prone …

Achieving Differential Privacy And Fairness In Machine Learning, Depeng Xu

Graduate Theses and Dissertations

Machine learning algorithms are used to make decisions in various applications, such as recruiting, lending and policing. These algorithms rely on large amounts of sensitive individual information to work properly. Hence, there are sociological concerns about machine learning algorithms on matters like privacy and fairness. Currently, many studies only focus on protecting individual privacy or ensuring fairness of algorithms separately without taking consideration of their connection. However, there are new challenges arising in privacy preserving and fairness-aware machine learning. On one hand, there is fairness within the private model, i.e., how to meet both privacy and fairness requirements simultaneously in …

A Framework To Detect The Susceptibility Of Employees To Social Engineering Attacks, Hashim H. Alneami

Doctoral Dissertations and Master's Theses

Social engineering attacks (SE-attacks) in enterprises are hastily growing and are becoming increasingly sophisticated. Generally, SE-attacks involve the psychological manipulation of employees into revealing confidential and valuable company data to cybercriminals. The ramifications could bring devastating financial and irreparable reputation loss to the companies. Because SE-attacks involve a human element, preventing these attacks can be tricky and challenging and has become a topic of interest for many researchers and security experts. While methods exist for detecting SE-attacks, our literature review of existing methods identified many crucial factors such as the national cultural, organizational, and personality traits of employees that enable …

Privacy-Preserving Federated Deep Learning With Irregular Users, Guowen Xu, Hongwei Li, Yun Zhang, Shengmin Xu, Jianting Ning, Robert H. Deng

Research Collection School Of Computing and Information Systems

Federated deep learning has been widely used in various fields. To protect data privacy, many privacy-preserving approaches have also been designed and implemented in various scenarios. However, existing works rarely consider a fundamental issue that the data shared by certain users (called irregular users) may be of low quality. Obviously, in a federated training process, data shared by many irregular users may impair the training accuracy, or worse, lead to the uselessness of the final model. In this paper, we propose PPFDL, a Privacy-Preserving Federated Deep Learning framework with irregular users. In specific, we design a novel solution to reduce …

Espade: An Efficient And Semantically Secure Shortest Path Discovery For Outsourced Location-Based Services, Bharath K. Samanthula, Divyadharshini Karthikeyan, Boxiang Dong, K. Anitha Kumari

Department of Computer Science Faculty Scholarship and Creative Works

With the rapid growth of smart devices and technological advancements in tracking geospatial data, the demand for Location-Based Services (LBS) is facing a constant rise in several domains, including military, healthcare and transportation. It is a natural step to migrate LBS to a cloud environment to achieve on-demand scalability and increased resiliency. Nonetheless, outsourcing sensitive location data to a third-party cloud provider raises a host of privacy concerns as the data owners have reduced visibility and control over the outsourced data. In this paper, we consider outsourced LBS where users want to retrieve map directions without disclosing their location information. …

Knot Flow Classification And Its Applications In Vehicular Ad-Hoc Networks (Vanet), David Schmidt

Electronic Theses and Dissertations

Intrusion detection systems (IDSs) play a crucial role in the identification and mitigation for attacks on host systems. Of these systems, vehicular ad hoc networks (VANETs) are difficult to protect due to the dynamic nature of their clients and their necessity for constant interaction with their respective cyber-physical systems. Currently, there is a need for a VANET-specific IDS that meets this criterion. To this end, a spline-based intrusion detection system has been pioneered as a solution. By combining clustering with spline-based general linear model classification, this knot flow classification method (KFC) allows for robust intrusion detection to occur. Due its …

Storage Management Strategy In Mobile Phones For Photo Crowdsensing, En Wang, Zhengdao Qu, Xinyao Liang, Xiangyu Meng, Yongjian Yang, Dawei Li, Weibin Meng

Department of Computer Science Faculty Scholarship and Creative Works

In mobile crowdsensing, some users jointly finish a sensing task through the sensors equipped in their intelligent terminals. In particular, the photo crowdsensing based on Mobile Edge Computing (MEC) collects pictures for some specific targets or events and uploads them to nearby edge servers, which leads to richer data content and more efficient data storage compared with the common mobile crowdsensing; hence, it has attracted an important amount of attention recently. However, the mobile users prefer uploading the photos through Wifi APs (PoIs) rather than cellular networks. Therefore, photos stored in mobile phones are exchanged among users, in order to …

Longitudinal Analysis With Modes Of Operation For Aes, Dana Geislinger, Cory Thigpen, Daniel W. Engels

SMU Data Science Review

In this paper, we present an empirical evaluation of the randomness of the ciphertext blocks generated by the Advanced Encryption Standard (AES) cipher in Counter (CTR) mode and in Cipher Block Chaining (CBC) mode. Vulnerabilities have been found in the AES cipher that may lead to a reduction in the randomness of the generated ciphertext blocks that can result in a practical attack on the cipher. We evaluate the randomness of the AES ciphertext using the standard key length and NIST randomness tests. We evaluate the randomness through a longitudinal analysis on 200 billion ciphertext blocks using logistic regression and …

Lightweight Privacy-Preserving Ensemble Classification For Face Recognition, Zhuo Ma, Yang Liu, Ximeng Liu, Jianfeng Ma, Kui Ren

Research Collection School Of Computing and Information Systems

The development of machine learning technology and visual sensors is promoting the wider applications of face recognition into our daily life. However, if the face features in the servers are abused by the adversary, our privacy and wealth can be faced with great threat. Many security experts have pointed out that, by 3-D-printing technology, the adversary can utilize the leaked face feature data to masquerade others and break the E-bank accounts. Therefore, in this paper, we propose a lightweight privacy-preserving adaptive boosting (AdaBoost) classification framework for face recognition (POR) based on the additive secret sharing and edge computing. First, we …

On-The-Fly Android Static Analysis With Applications In Vulnerability Discovery, Daoyuan Wu

Dissertations and Theses Collection (Open Access)

Static analysis is a common program analysis technique extensively used in the software security field. Widely-used static analysis tools for Android, e.g., Amandroid and FlowDroid, perform the whole-app analysis which is comprehensive yet at the cost of huge overheads. In this dissertation, we make a first attempt to explore a novel on-demand analysis that creatively leverages bytecode search to guide inter-procedural analysis on the fly or just in time, and develop such on-the-fly analysis into a tool, called BackDroid, for Android apps. We further explore how the core technique of on-the-fly static analysis in BackDroid can enable different vulnerability studies …

Pptds: A Privacy-Preserving Truth Discovery Scheme In Crowd Sensing Systems, Chuan Zhang, Liehuang Zhu, Chang Xu, Kashif Sharif, Ximeng Liu

Research Collection School Of Computing and Information Systems

Benefiting from the fast development of human-carried mobile devices, crowd sensing has become an emerging paradigm to sense and collect data. However, reliability of sensory data provided by participating users is still a major concern. To address this reliability challenge, truth discovery is an effective technology to improve data accuracy, and has garnered significant attention. Nevertheless, many of state of art works in truth discovery, either failed to address the protection of participants' privacy or incurred tremendous overhead on the user side. In this paper, we first propose a privacy-preserving truth discovery scheme, named PPTDS-I, which is implemented on two …

Cloud Workload Allocation Approaches For Quality Of Service Guarantee And Cybersecurity Risk Management, Soamar Homsi

FIU Electronic Theses and Dissertations

It has become a dominant trend in industry to adopt cloud computing --thanks to its unique advantages in flexibility, scalability, elasticity and cost efficiency -- for providing online cloud services over the Internet using large-scale data centers. In the meantime, the relentless increase in demand for affordable and high-quality cloud-based services, for individuals and businesses, has led to tremendously high power consumption and operating expense and thus has posed pressing challenges on cloud service providers in finding efficient resource allocation policies.

Allowing several services or Virtual Machines (VMs) to commonly share the cloud's infrastructure enables cloud providers to optimize resource …

Game-Theoretic And Machine-Learning Techniques For Cyber-Physical Security And Resilience In Smart Grid, Longfei Wei

FIU Electronic Theses and Dissertations

The smart grid is the next-generation electrical infrastructure utilizing Information and Communication Technologies (ICTs), whose architecture is evolving from a utility-centric structure to a distributed Cyber-Physical System (CPS) integrated with a large-scale of renewable energy resources. However, meeting reliability objectives in the smart grid becomes increasingly challenging owing to the high penetration of renewable resources and changing weather conditions. Moreover, the cyber-physical attack targeted at the smart grid has become a major threat because millions of electronic devices interconnected via communication networks expose unprecedented vulnerabilities, thereby increasing the potential attack surface. This dissertation is aimed at developing novel game-theoretic and …

Understanding Natural Keyboard Typing Using Convolutional Neural Networks On Mobile Sensor Data, Travis Siems

Computer Science and Engineering Theses and Dissertations

Mobile phones and other devices with embedded sensors are becoming increasingly ubiquitous. Audio and motion sensor data may be able to detect information that we did not think possible. Some researchers have created models that can predict computer keyboard typing from a nearby mobile device; however, certain limitations to their experiment setup and methods compelled us to be skeptical of the models’ realistic prediction capability. We investigate the possibility of understanding natural keyboard typing from mobile phones by performing a well-designed data collection experiment that encourages natural typing and interactions. This data collection helps capture realistic vulnerabilities of the security …

A Study Of High Performance Multiple Precision Arithmetic On Graphics Processing Units, Niall Emmart

Doctoral Dissertations

Multiple precision (MP) arithmetic is a core building block of a wide variety of algorithms in computational mathematics and computer science. In mathematics MP is used in computational number theory, geometric computation, experimental mathematics, and in some random matrix problems. In computer science, MP arithmetic is primarily used in cryptographic algorithms: securing communications, digital signatures, and code breaking. In most of these application areas, the factor that limits performance is the MP arithmetic. The focus of our research is to build and analyze highly optimized libraries that allow the MP operations to be offloaded from the CPU to the GPU. …

Mining Sandboxes: Are We There Yet?, Lingfeng Bao, Tien Duy B. Le, David Lo

Research Collection School Of Computing and Information Systems

The popularity of Android platform on mobile devices has attracted much attention from many developers and researchers, as well as malware writers. Recently, Jamrozik et al. proposed a technique to secure Android applications referred to as mining sandboxes. They used an automated test case generation technique to explore the behavior of the app under test and then extracted a set of sensitive APIs that were called. Based on the extracted sensitive APIs, they built a sandbox that can block access to APIs not used during testing. However, they only evaluated the proposed technique with benign apps but not investigated whether …

Big Networks: Analysis And Optimal Control, Hung The Nguyen

Theses and Dissertations

The study of networks has seen a tremendous breed of researches due to the explosive spectrum of practical problems that involve networks as the access point. Those problems widely range from detecting functionally correlated proteins in biology to finding people to give discounts and gain maximum popularity of a product in economics. Thus, understanding and further being able to manipulate/control the development and evolution of the networks become critical tasks for network scientists. Despite the vast research effort putting towards these studies, the present state-of-the-arts largely either lack of high quality solutions or require excessive amount of time in real-world …

Developing A Cyberterrorism Policy: Incorporating Individual Values, Osama Bassam J. Rabie

Theses and Dissertations

Preventing cyberterrorism is becoming a necessity for individuals, organizations, and governments. However, current policies focus on technical and managerial aspects without asking for experts and non-experts values and preferences for preventing cyberterrorism. This study employs value focused thinking and public value forum to bare strategic measures and alternatives for complex policy decisions for preventing cyberterrorism. The strategic measures and alternatives are per socio-technical process.

Ancr—An Adaptive Network Coding Routing Scheme For Wsns With Different-Success-Rate Links †, Xiang Ji, Anwen Wang, Chunyu Li, Chun Ma, Yao Peng, Dajin Wang, Qingyi Hua, Feng Chen, Dingyi Fang

Department of Computer Science Faculty Scholarship and Creative Works

As the underlying infrastructure of the Internet of Things (IoT), wireless sensor networks (WSNs) have been widely used in many applications. Network coding is a technique in WSNs to combine multiple channels of data in one transmission, wherever possible, to save node’s energy as well as increase the network throughput. So far most works on network coding are based on two assumptions to determine coding opportunities: (1) All the links in the network have the same transmission success rate; (2) Each link is bidirectional, and has the same transmission success rate on both ways. However, these assumptions may not be …

Characterizing Malicious Android Apps By Mining Topic-Specific Data Flow Signatures, Xinli Yang, David Lo, Li Li, Xin Xia, Tegawendé F. Bissyande, Jacques Klein

Research Collection School Of Computing and Information Systems

Context: State-of-the-art works on automated detection of Android malware have leveraged app descriptions to spot anomalies w.r.t the functionality implemented, or have used data flow information as a feature to discriminate malicious from benign apps. Although these works have yielded promising performance,we hypothesize that these performances can be improved by a better understanding of malicious behavior. Objective: To characterize malicious apps, we take into account both information on app descriptions,which are indicative of apps’ topics, and information on sensitive data flow, which can be relevant todiscriminate malware from benign apps. Method: In this paper, we propose a topic-specific approach to …

Ten Simple Rules For Responsible Big Data Research, Matthew Zook, Solon Barocas, Danah Boyd, Kate Crawford, Emily Keller, Seeta Peña Gangadharan, Alyssa Goodman, Rachelle Hollander, Barbara A. Koenig, Jacob Metcalf, Arvind Narayanan, Alondra Nelson, Frank Pasquale

Geography Faculty Publications

No abstract provided.