Information Security Commons^™

Statistical Properties Of Pseudorandom Sequences, Ting Gu

Theses and Dissertations--Computer Science

Random numbers (in one sense or another) have applications in computer simulation, Monte Carlo integration, cryptography, randomized computation, radar ranging, and other areas. It is impractical to generate random numbers in real life, instead sequences of numbers (or of bits) that appear to be ``random" yet repeatable are used in real life applications. These sequences are called pseudorandom sequences. To determine the suitability of pseudorandom sequences for applications, we need to study their properties, in particular, their statistical properties. The simplest property is the minimal period of the sequence. That is, the shortest number of steps until the sequence repeats. …

An Analysis Of The Relationship Between Security Information Technology Enhancements And Computer Security Breaches And Incidents, Linda Betz

CCE Theses and Dissertations

Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside …

An Empirical Investigation Of Factors Affecting Resistance To Using Multi-Method Authentication Systems In Public-Access Environments, Joseph Marnell

CCE Theses and Dissertations

Over the course of history, different means of object and person identification as well as verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of verifiable authentication and protection of personal identifying information (PII), because previous misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of human identity-theft incidents due to breaches of PII within multiple public-access environments. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies for user authentication remains an issue. This study addressed the …

Leveraging Client Processing For Location Privacy In Mobile Local Search, Wisam Mohamed Eltarjaman

Electronic Theses and Dissertations

Usage of mobile services is growing rapidly. Most Internet-based services targeted for PC based browsers now have mobile counterparts. These mobile counterparts often are enhanced when they use user's location as one of the inputs. Even some PC-based services such as point of interest Search, Mapping, Airline tickets, and software download mirrors now use user's location in order to enhance their services. Location-based services are exactly these, that take the user's location as an input and enhance the experience based on that. With increased use of these services comes the increased risk to location privacy. The location is considered an …

Vulnerabililty Analysis Of Multi-Factor Authentication Protocols, Keith Garrett

UNF Graduate Theses and Dissertations

In this thesis, the author hypothesizes that the use of computationally intensive mathematical operations in password authentication protocols can lead to security vulnerabilities in those protocols. In order to test this hypothesis: 1. A generalized algorithm for cryptanalysis was formulated to perform a clogging attack (a formof denial of service) on protocols that use computationally intensive modular exponentiation to guarantee security. 2. This technique was then applied to cryptanalyze four recent password authentication protocols, to determine their susceptibility to the clogging attack. The protocols analyzed in this thesis differ in their usage of factors (smart cards, memory drives, etc.) or …

Empirical Analysis Of Socio-Cognitive Factors Affecting Security Behaviors And Practices Of Smartphone Users, Joseph P. Simpson

CCE Theses and Dissertations

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence …

An Empirical Assessment Of Employee Cyberslacking In The Public Sector, Wilnelia Hernández

CCE Theses and Dissertations

With the increasing use of the Internet, new challenges are presented to employees in the workplace. Employees spend time during work hours on non-work related activities including visiting e-commerce Websites, managing personal email accounts, and engaging in e-banking. These types of actions in the workplace are known as cyberslacking. Cyberslacking affects the employees’ productivity, presents legal concerns, and undermines the security of the organization’s network. This research study addressed the problem of cyberslacking in the public sector, by assessing the ethical severity of cyberslacking activities, as well as how employees perceived that the frequency of such activities occurred by their …

An Empirical Study Of Authentication Methods To Secure E-Learning System Activities Against Impersonation Fraud, Shauna Beaudin

CCE Theses and Dissertations

Studies have revealed that securing Information Systems (IS) from intentional misuse is a concern among organizations today. The use of Web-based systems has grown dramatically across industries including e-commerce, e-banking, e-government, and e learning to name a few. Web-based systems provide e-services through a number of diverse activities. The demand for e-learning systems in both academic and non-academic organizations has increased the need to improve security against impersonation fraud. Although there are a number of studies focused on securing Web-based systems from Information Systems (IS) misuse, research has recognized the importance of identifying suitable levels of authenticating strength for various …

An Experimental Study On The Role Of Password Strength And Cognitive Load On Employee Productivity, Stephen Mujeye

CCE Theses and Dissertations

The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

An Empirical Investigation Of The Willingness Of Us Intelligence Community Analysts To Contribute Knowledge To A Knowledge Management System (Kms) In A Highly Classified And Sensitive Environment, Robert Hambly

CCE Theses and Dissertations

Since September 11, 2001, the United States Government (USG) has possessed unparalleled capability in terms of dedicated intelligence and information collection assets supporting the analysts of the Intelligence Community (IC). The USG IC has sponsored, developed, and borne witness to extraordinary advances in technology, techniques, and procedures focused on knowledge harvesting, knowledge sharing, and collaboration. Knowledge, within successful (effective & productive) organizations, exists as a commodity; a commodity that can be created, captured, imparted, shared, and leveraged. The research problem that this study addressed is the challenge of maintaining strong organizational effectiveness and productivity through the use of an information …

New Secure Solutions For Privacy And Access Control In Health Information Exchange, Ahmed Fouad Shedeed Ibrahim

Theses and Dissertations--Computer Science

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing …

Topics On Register Synthesis Problems, Weihua Liu

Theses and Dissertations--Computer Science

Pseudo-random sequences are ubiquitous in modern electronics and information technology. High speed generators of such sequences play essential roles in various engineering applications, such as stream ciphers, radar systems, multiple access systems, and quasi-Monte-Carlo simulation. Given a short prefix of a sequence, it is undesirable to have an efficient algorithm that can synthesize a generator which can predict the whole sequence. Otherwise, a cryptanalytic attack can be launched against the system based on that given sequence.

Linear feedback shift registers (LFSRs) are the most widely studied pseudorandom sequence generators. The LFSR synthesis problem can be solved by the Berlekamp-Massey algorithm, …

Secure And Authenticated Message Dissemination In Vehicular Ad Hoc Networks And An Incentive-Based Architecture For Vehicular Cloud, Kiho Lim

Theses and Dissertations--Computer Science

Vehicular ad hoc Networks (VANETs) allow vehicles to form a self-organized network. VANETs are likely to be widely deployed in the future, given the interest shown by industry in self-driving cars and satisfying their customers various interests. Problems related to Mobile ad hoc Networks (MANETs) such as routing, security, etc.have been extensively studied. Even though VANETs are special type of MANETs, solutions proposed for MANETs cannot be directly applied to VANETs because all problems related to MANETs have been studied for small networks. Moreover, in MANETs, nodes can move randomly. On the other hand, movement of nodes in VANETs are …

Cloud Practical Exam Invigilation Control Systems With The Objective Of Enhancing Quality Control For Online Exams, Gordon O'Reilly

Theses

Online cloud computing courses are becoming more common place facilitating a student to study from home from anywhere in the world. Coupled with this trend is a need for educational institutions to facilitate students to take tests or exams online from home. It reduces the remote student’s time and cost of travel to an exam invigilation centre as well as reducing the educational institution’s test administration overhead. It does however introduce potential quality control concerns. A new industry called online proctoring has emerged that attempts to provide quality control in these online test scenarios.

This research provides an insight into …

Technetium: Productivity Tracking For Version Control Systems, David Leonard

Dissertations and Theses

In recent years, the City College of New York has seen its Computer Science program grow immensely, to the point of overcrowding. This has negative implications for both students and professors, particularly in introductory computer science courses in which constant feedback, iteration and collaboration with others is key to success. In this paper we propose various models for collaboration among students in all course levels using distributed version control systems and implement a secure and efficient tool for visualizing collaborative efforts by observing past work [5]. Lastly, we lay the foundation for future work around additional collaborative metrics, features and …

An Approach To Automatic Detection Of Suspicious Individuals In A Crowd, Satabdi Mukherjee

Dissertations and Theses

This paper describes an approach to identify individuals with suspicious objects in a crowd. It is based on a well-known image retrieval problem as applied to mobile visual search. In many cases, the process of building a hierarchical tree uses k-means clustering followed by geometric verification. However, the number of clusters is not known in advance, and sometimes it is randomly generated. This may lead to a congested clustering which can cause problems in grouping large real-time data. To overcome this problem we have applied the Indian Buffet stochastic process approach in this paper to the clustering problem. We present …

Maia And Mandos: Tools For Integrity Protection On Arbitrary Files, Paul J. Bonamy

Dissertations, Master's Theses and Master's Reports

We present the results of our dissertation research, which focuses on practical means of protecting system data integrity. In particular, we present Maia, a language for describing integrity constraints on arbitrary file types, and Mandos, a Linux Security Module which uses verify-on-close to enforce mandatory integrity guarantees. We also provide details of a Maia-based verifier generator, demonstrate that Maia and Mandos introduce minimal delay in performing their tasks, and include a selection of sample Maia specifications.

Information-Theoretic Secure Outsourced Computation In Distributed Systems, Zhaohong Wang

Theses and Dissertations--Electrical and Computer Engineering

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using …

Penetration Testing Frameworks And Methodologies: A Comparison And Evaluation, Aleatha Shanley

Theses : Honours

Cyber security is fast becoming a strategic priority across both governments and private organisations. With technology abundantly available, and the unbridled growth in the size and complexity of information systems, cyber criminals have a multitude of targets. Therefore, cyber security assessments are becoming common practice as concerns about information security grow. Penetration testing is one strategy used to mitigate the risk of cyber-attack. Penetration testers attempt to compromise systems using the same tools and techniques as malicious attackers thus, aim to identify vulnerabilities before an attack occurs. Penetration testing can be complex depending on the scope and domain area under …

Design Of An Intrusion Detection System (Ids) And An Intrusion Prevention System (Ips) For The Eiu Cybersecurity Laboratory, Adekunle Adeyemo

Masters Theses

Cyber Security will always be a subject of discussion for a long time to come. Research has shown that there is massive growth of cyber-crime and the currently available number of Cyber Security experts to counter this is limited. Although there are multiple resources discussing Cyber Security, but access to training in practical applications is limited. As an institution, Eastern Illinois University (EIU) is set to start Masters of Science in Cyber Security in Fall 2017. Then the challenge is how EIU will expose students to the practical reality of Cyber Security where they can learn different detection, prevention and …

The Corporate Security Stratum Of Work: Identifying Levels Of Work In The Domain, Codee Roy Ludbey

Theses : Honours

Corporate security is a practicing domain and developing academic discipline that provides for the protection of people, information and assets, as well as the self-protection of organisations. Fayol (1949) articulated such an activity within organisations to be a core business function of significant importance; embedding security operations within all aspects of organisational work. This embedded nature of security within organisations has led to difficulty in the literature delineating roles and responsibilities of security practitioners; consequently leading to a nebulous understanding of security as a whole. Therefore, an investigation of the corporate security stratum of work has been undertaken to address …

An Investigation Into Off-Link Ipv6 Host Enumeration Search Methods, Clinton Carpene

Theses: Doctorates and Masters

This research investigated search methods for enumerating networked devices on off-link 64 bit Internet Protocol version 6 (IPv6) subnetworks. IPv6 host enumeration is an emerging research area involving strategies to enable detection of networked devices on IPv6 networks. Host enumeration is an integral component in vulnerability assessments (VAs), and can be used to strengthen the security profile of a system. Recently, host enumeration has been applied to Internet-wide VAs in an effort to detect devices that are vulnerable to specific threats. These host enumeration exercises rely on the fact that the existing Internet Protocol version 4 (IPv4) can be exhaustively …