Information Security Commons^™

Decentralized Multimedia Data Sharing In Iov: A Learning-Based Equilibrium Of Supply And Demand, Jiani Fan, Minrui Xu, Jiale Guo, Lwin Khin Shar, Jiawen Kang, Dusit Niyato, Kwok-Yan Lam

Research Collection School Of Computing and Information Systems

The Internet of Vehicles (IoV) has great potential to transform transportation systems by enhancing road safety, reducing traffic congestion, and improving user experience through onboard infotainment applications. Decentralized data sharing can improve security, privacy, reliability, and facilitate infotainment data sharing in IoVs. However, decentralized data sharing may not achieve the expected efficiency if there are IoV users who only want to consume the shared data but are not willing to contribute their own data to the community, resulting in incomplete information observed by other vehicles and infrastructure, which can introduce additional transmission latency. Therefore, in this paper, by modeling the …

Secure Self-Checkout Kiosks Using Alma Api With Two-Factor Authentication, Ron Bulaon

Research Collection Library

Self-checkout kiosks have become a staple feature of many modern and digitized libraries. These devices are used by library patrons for self-service item loans. Most implementations are not new, in fact many of these systems are simple, straight forward and work as intended. But behind this useful technology, there is a security concern on authentication that has to be addressed.

In my proposed presentation, I will discuss the risk factors of self-checkout kiosks and propose a solution using Alma APIs. I will address the technical shortcomings of the current implementations, compared to the proposed solution, and where the weakest link …

Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi

Research outputs 2014 to 2021

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. …

Biocybersecurity: A Converging Threat As An Auxiliary To War, Lucas Potter, Orlando Ayala, Xavier-Lewis Palmer

Engineering Technology Faculty Publications

Biodefense is the discipline of ensuring biosecurity with respect to select groups of organisms and limiting their spread. This field has increasingly been challenged by novel threats from nature that have been weaponized such as SARS, Anthrax, and similar pathogens, but has emerged victorious through collaboration of national and world health groups. However, it may come under additional stress in the 21st century as the field intersects with the cyberworld-- a world where governments have already been struggling to keep up with cyber attacks from small to state-level actors as cyberthreats have been relied on to level the playing field …

Thaw Publications, Carl Landwehr, David Kotz

Computer Science Technical Reports

In 2013, the National Science Foundation's Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project's bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials …

Is The Transit Industry Prepared For The Cyber Revolution? Policy Recommendations To Enhance Surface Transit Cyber Preparedness, Scott Belcher, Terri Belcher, Eric Greenwald, Brandon Thomas

Mineta Transportation Institute

The intent of this study is to assess the readiness, resourcing, and structure of public transit agencies to identify, protect from, detect, respond to, and recover from cybersecurity vulnerabilities and threats. Given the multitude of connected devices already in use by the transit industry and the vast amount of data generated (with more coming online soon), the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats. This study reviews the state of best cybersecurity practices in public surface transit; outlines U.S. public surface transit operators’ cybersecurity operations; assesses U.S. policy on cybersecurity in public surface transportation; and provides …

Frameup: An Incriminatory Attack On Storj: A Peer To Peer Blockchain Enabled Distributed Storage System, Xiaolu Zhang, Justin Grannis, Ibrahim Baggili, Nicole Lang Beebe

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent victim. Our work employs Storj as an example technology, due to its popularity and market size. Storj is a blockchain enabled system that allows people to rent out their hard drive space …

Inception: Virtual Space In Memory Space In Real Space, Peter Casey, Rebecca Lindsay-Decusati, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

Virtual Reality (VR) has become a reality. With the technology's increased use cases, comes its misuse. Malware affecting the Virtual Environment (VE) may prevent an investigator from ascertaining virtual information from a physical scene, or from traditional “dead” analysis. Following the trend of antiforensics, evidence of an attack may only be found in memory, along with many other volatile data points. Our work provides the primary account for the memory forensics of Immersive VR systems, and in specific the HTC Vive. Our approach is capable of reconstituting artifacts from memory that are relevant to the VE, and is also capable …

Forensic Analysis Of Immersive Virtual Reality Social Applications: A Primary Account, Ananya Yarramreddy, Peter Gromkowski, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

Our work presents the primary account for exploring the forensics of immersive Virtual Reality (VR) systems and their social applications. The Social VR applications studied in this work include Bigscreen, Altspace VR, Rec Room and Facebook Spaces. We explored the two most widely adopted consumer VR systems: the HTC Vive and the Oculus Rift. Our tests examined the efficacy of reconstructing evidence from network traffic as well as the systems themselves. The results showed that a significant amount of forensically relevant data such as user names, user profile pictures, events, and system details may be recovered. We anticipate that this …

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources (i.e., storage, …

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

A Survey Of Social Media Users Privacy Settings & Information Disclosure, Mashael Aljohani, Alastair Nisbet, Kelly Blincoe

Australian Information Security Management Conference

This research utilises a comprehensive survey to ascertain the level of social networking site personal information disclosure by members at the time of joining the membership and their subsequent postings to the sites. Areas examined are the type of information they reveal, their level of knowledge and awareness regarding how their information is protected by SNSs and the awareness of risks that over-sharing may pose. Additionally, this research studies the effect of gender, age, education, and level of privacy concern on the amount and kind of personal information disclosure and privacy settings applied. A social experiment was then run for …

Using Graphic Methods To Challenge Cryptographic Performance, Brian Cusack, Erin Chapman

Australian Information Security Management Conference

Block and stream ciphers have formed the traditional basis for the standardisation of commercial ciphers in the DES, AES, RC4, and so on. More recently alternative graphic methods such as Elliptic Curve Cryptography (ECC) have been adopted for performance gains. In this research we reviewed a range of graphic and non-graphic methods and then designed our own cipher system based on several graphic methods, including Visual Cryptography (VC). We then tested our cipher against RC4 and the AES algorithms for performance and security. The results showed that a graphics based construct may deliver comparable or improved security and performance in …

Establishing Effective And Economical Traffic Surveillance In Tonga, Brian Cusack, George Maeakafa

Australian Digital Forensics Conference

The Pacific Islands are seriously challenged by the growth in wealth and the expansion of international material possessions. On the roads traffic has grown dramatically and the types of vehicles now using Island roads has greatly changed. With the importation of cheap second hand vehicles designed for freeway speeds serious safety issues have grown proportionally with the increasing numbers. In this research we consider the prohibitive costs of traditional traffic controls to economy and propose a light weight highly mobile aerial surveillance system that integrates with ground policing capability. Our research question was: How can road safety and security be …

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer

Electrical & Computer Engineering and Computer Science Faculty Publications

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and …

How Many Credit Card Frauds Must We Endure Before Security Improves?, Maritza Martinez

UCF Forum

Yes, it can happen to you…

The Bad Guys Are Using It, Are You?, Hong-Eng Koh

Australian Security and Intelligence Conference

From Occupy Wall Street to 2011 England riots to Arab Spring to Mumbai 26/11 to the ethnic cleansing rumors in India and increasingly used by pedophiles, social media is a very powerful tool for pedophiles, troublemakers, criminals and even terrorists to target individuals and even to go against the establishment. On the other hand, social media can save lives in a disaster, and its a natural extension of community policing or engagement. Community engagement is a must-have strategy for any public safety and security agency. However, this strategy requires the removal of stovepipe processes and systems within an agency, allowing …

I Remember Richelieu: Is Anything Secure Anymore?, Michael G. Crowley, Michael N. Johnstone

Australian Security and Intelligence Conference

Petraeus-gate, hacked nude celebrity photos in the cloud and the recent use of a search and seizure warrant in the United States of America to seek production of customer email contents on an extraterritorial server raises important issues for the supposably safe storage of data on the World Wide Web. Not only may there be nowhere to hide in cyberspace but nothing in cyberspace may be private. This paper explores the legal and technical issues raised by the these matters with emphasis on the courts decision “In the Matter of a Warrant to Search a Certain E-Mail Account Controlled and …

7th Australian Security And Intelligence Conference, 2014, Edith Cowan University: Conference Details, Security Research Institute, Edith Cowan University, Security Research Institute, Edith Cowan University

Australian Security and Intelligence Conference

No abstract provided.

Is Security Sustainable?, Jeremy W. Crampton

Geography Faculty Publications

No abstract provided.