Information Security Commons^™

An Immersive Telepresence System Using Rgb-D Sensors And Head-Mounted Display, Xinzhong Lu, Ju Shen, Saverio Perugini, Jianjun Yang

Saverio Perugini

We present a tele-immersive system that enables people to interact with each other in a virtual world using body gestures in addition to verbal communication. Beyond the obvious applications, including general online conversations and gaming, we hypothesize that our proposed system would be particularly beneficial to education by offering rich visual contents and interactivity. One distinct feature is the integration of egocentric pose recognition that allows participants to use their gestures to demonstrate and manipulate virtual objects simultaneously. This functionality enables the instructor to effectively and efficiently explain and illustrate complex concepts or sophisticated problems in an intuitive manner. The …

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Metalogic Notes, Saverio Perugini

Saverio Perugini

A collection of notes, formulas, theorems, postulates and terminology in symbolic logic, syntactic notions, semantic notions, linkages between syntax and semantics, soundness and completeness, quantified logic, first-order theories, Goedel's First Incompleteness Theorem and more.

Statistics Notes, Saverio Perugini

Saverio Perugini

A collection of terms, definitions, formulas and explanations about statistics.

Exchanging Demands: Weaknesses In Ssl Implemenations For Mobile Platforms, Peter Hannay, Clinton Carpene, Craig Valli, Andrew Woodward, Mike Johnstone

Clinton Carpene

The ActiveSync protocol’s implementation on some embedded devices leaves clients vulnerable to unauthorised remote policy enforcement. This paper discusses a proof of concept attack against the implementation of ActiveSync in common Smart phones including Android devices and iOS devices. A two‐phase approach to exploiting the ActiveSync protocol is introduced. Phase 1 details the usage of a man‐in‐the‐middle attack to gain a vantage point over the client device, whilst Phase 2 involves spoofing the server‐side ActiveSync responses to initiate the unauthorised policy enforcement. These vulnerabilities are demonstrated by experiment, highlighting how the system can be exploited to perform a remote factory …

Modeling Heterogeneous User Churn And Local Resilience Of Unstructured P2p Networks, Zhongmei Yao, Derek Leonard, Dmitri Loguinov, Xiaoming Wang

Zhongmei Yao

Previous analytical results on the resilience of unstructured P2P systems have not explicitly modeled heterogeneity of user churn (i.e., difference in online behavior) or the impact of in-degree on system resilience. To overcome these limitations, we introduce a generic model of heterogeneous user churn, derive the distribution of the various metrics observed in prior experimental studies (e.g., lifetime distribution of joining users, joint distribution of session time of alive peers, and residual lifetime of a randomly selected user), derive several closed-form results on the transient behavior of in-degree, and eventually obtain the joint in/out degree isolation probability as a simple …

Robust Lifetime Measurement In Large-Scale P2p Systems With Non-Stationary Arrivals, Xiaoming Wang, Zhongmei Yao, Yueping Zhang, Dmitri Loguinov

Zhongmei Yao

Characterizing user churn has become an important topic in studying P2P networks, both in theoretical analysis and system design. Recent work has shown that direct sampling of user lifetimes may lead to certain bias (arising from missed peers and round-off inconsistencies) and proposed a technique that estimates lifetimes based on sampled residuals. In this paper, however, we show that under non-stationary arrivals, which are often present in real systems, residual-based sampling does not correctly reconstruct user lifetimes and suffers a varying degree of bias, which in some cases makes estimation completely impossible. We overcome this problem using two contributions: a …

Stochastic Analysis Of Horizontal Ip Scanning, Derek Leonard, Zhongmei Yao, Xiaoming Wang, Dmitri Loguinov

Zhongmei Yao

Intrusion Detection Systems (IDS) have become ubiquitous in the defense against virus outbreaks, malicious exploits of OS vulnerabilities, and botnet proliferation. As attackers frequently rely on host scanning for reconnaissance leading to penetration, IDS is often tasked with detecting scans and preventing them. However, it is currently unknown how likely an IDS is to detect a given Internet-wide scan pattern and whether there exist sufficiently fast scan techniques that can remain virtually undetectable at large-scale. To address these questions, we propose a simple analytical model for the window-expiration rules of popular IDS tools (i.e., Snort and Bro) and utilize a …

Automatically Discovering The Number Of Clusters In Web Page Datasets, Zhongmei Yao

Zhongmei Yao

Clustering is well-suited for Web mining by automatically organizing Web pages into categories, each of which contains Web pages having similar contents. However, one problem in clustering is the lack of general methods to automatically determine the number of categories or clusters. For the Web domain in particular, currently there is no such method suitable for Web page clustering. In an attempt to address this problem, we discover a constant factor that characterizes the Web domain, based on which we propose a new method for automatically determining the number of clusters in Web page data sets. We discover that the …

Legal Issues: Security And Privacy With Mobile Devices, Brian Leonard, Maurice Dawson

Maurice Dawson

Privacy and security are two items being woven into the fabric of American law concerning mobile devices. This chapter will review and analyze the associated laws and policies that are currently in place or have been proposed to ensure proper execution of security measures for mobile and other devices while still protecting individual privacy. This chapter will address the fact that as the American society significantly uses mobile devices, it is imperative to understand the legal actions surrounding these technologies to include their associated uses. This chapter will also address the fact that with 9/11 in the not so distant …

Recommender Systems Research: A Connection-Centric Survey, Saverio Perugini, Marcos André Gonçalves, Edward A. Fox

Saverio Perugini

Recommender systems attempt to reduce information overload and retain customers by selecting a subset of items from a universal set based on user preferences. While research in recommender systems grew out of information retrieval and filtering, the topic has steadily advanced into a legitimate and challenging research area of its own. Recommender systems have traditionally been studied from a content-based filtering vs. collaborative design perspective. Recommendations, however, are not delivered within a vacuum, but rather cast within an informal community of users and social context. Therefore, ultimately all recommender systems make connections among people and thus should be surveyed from …

Information Assurance Through Binary Vulnerability Auditing, William B. Kimball, Saverio Perugini

Saverio Perugini

The goal of this research is to develop improved methods of discovering vulnerabilities in software. A large volume of software, from the most frequently used programs on a desktop computer, such as web browsers, e-mail programs, and word processing applications, to mission-critical services for the space shuttle, is unintentionally vulnerable to attacks and thus insecure. By seeking to improve the identification of vulnerabilities in software, the security community can save the time and money necessary to restore compromised computer systems. In addition, this research is imperative to activities of national security such as counterterrorism. The current approach involves a systematic …

Personalization By Website Transformation: Theory And Practice, Saverio Perugini

Saverio Perugini

We present an analysis of a progressive series of out-of-turn transformations on a hierarchical website to personalize a user’s interaction with the site. We formalize the transformation in graph-theoretic terms and describe a toolkit we built that enumerates all of the traversals enabled by every possible complete series of these transformations in any site and computes a variety of metrics while simulating each traversal therein to qualify the relationship between a site’s structure and the cumulative effect of support for the transformation in a site. We employed this toolkit in two websites. The results indicate that the transformation enables users …

Staging Transformations For Multimodal Web Interaction Management, Michael Narayan, Christopher Williams, Saverio Perugini, Naren Ramakrishnan

Saverio Perugini

Multimodal interfaces are becoming increasingly ubiquitous with the advent of mobile devices, accessibility considerations, and novel software technologies that combine diverse interaction media. In addition to improving access and delivery capabilities, such interfaces enable flexible and personalized dialogs with websites, much like a conversation between humans. In this paper, we present a software framework for multimodal web interaction management that supports mixed-initiative dialogs between users and websites. A mixed-initiative dialog is one where the user and the website take turns changing the flow of interaction. The framework supports the functional specification and realization of such dialogs using staging transformations – …

Mapping The Consensual Knowledge Of Security Risk Management Experts, David J. Brooks

David J Brooks Dr.

The security industry comprises of diverse and multidisciplined practitioners, originating from many disciplines. It has been suggested that the industry has an undefined knowledge structure, although security experts contain a rich knowledge structure. There has also been limited research mapping security expert knowledge structure, reducing the ability of tertiary educators to provide industry focused teaching and learning. The study utilized multidimensional scaling (MDS) and expert interviews to map the consensual knowledge structure of security experts in their understanding of security risk. Security risk concepts were extracted and critiqued from West Australian university courses. Linguistic analysis categorised the more utilized security …

Corporate Security: Using Knowledge Construction To Define A Practising Body Of Knowledge, David Brooks

David J Brooks Dr.

Security is a multidimensional concept, with many meanings, practising domains, and heterogeneous occupations. Therefore, it is difficult to define security as a singular concept, although understanding may be achieved by its applied context in presenting a domicile body of knowledge. There have been studies that have presented a number of corporate security bodies of knowledge; however, there is still restricted consensus. From these past body of knowledge studies, and supported by multidimensional scaling knowledge mapping, a body of knowledge framework is put forward, integrating core and allied knowledge categories. The core knowledge categories include practise areas such as risk management, …

Security Risk Assessment: Group Approach To A Consensual Outcome, Ben Beard, David J. Brooks

David J Brooks Dr.

AS/NZS4360:2004 suggests that the risk assessment process should not be conducted or information gathered in isolation. This insular method of data collection may lead to inaccurate risk assessment, as stakeholders with vested interests may emphasise their own risks or game the risk assessment process. The study demonstrated how a consensual risk assessment approach may result in a more acceptable risk assessment outcome when compared to individual assessments. The participants were senior managers at a West Australian motel located on the West Coast Highway, Scarborough. The motel consists of four three storey blocks of units, resulting in a total of 75 …

Darwin: A Ground Truth Agnostic Captcha Generator Using Evolutionary Algorithm, Eric Y. Chen, Lin-Shung Huang, Ole J. Mengshoel, Jason D. Lohn

Ole J Mengshoel

Architecture-Based Self-Protection: Composing And Reasoning About Denial-Of-Service Mitigations, Bradley Schmerl, Javier Camara, Jeffrey Gennari, David Garlan, Paulo Casanova, Gabriel A. Moreno, Thomas J. Glazierr, Jeffrey M. Barnes

Gabriel A. Moreno

Security features are often hardwired into software applications, making it difficult to adapt security responses to reflect changes in runtime context and new attacks. In prior work, we proposed the idea of architecture-based self-protection as a way of separating adaptation logic from application logic and providing a global per- spective for reasoning about security adaptations in the context of other business goals. In this paper, we present an approach, based on this idea, for combating denial-of-service (DoS) attacks. Our approach allows DoS-related tactics to be composed into more so- phisticated mitigation strategies that encapsulate possible responses to a security problem. …

Seniors Language Paradigms: 21st Century Jargon And The Impact On Computer Security And Financial Transactions For Senior Citizens, David M. Cook, Patryck Szewczyk, Krishnun Sansurooah

Dr. David M Cook

Senior Citizens represent a unique cohort of computer users insomuch as they have come to the field of computer usage later in life, as novices compared to other users. As a group they exhibit a resentment, mistrust and ignorance towards cyber related technology that is born out of their educational and social experiences prior to widespread information technology. The shift from analogue to digital proficiency has been understated for a generation of citizens who were educated before computer usage and internet ubiquity. This paper examines the language difficulties encountered by senior citizens in attempting to engage in banking and communications …

Mitigating Cyber-Threats Through Public-Private Partnerships: Low Cost Governance With High-Impact Returns , David M. Cook

Dr. David M Cook

The realization that cyber threats can cause the same devastation to a country as physical security risks has taken the long route towards acceptance. Governments and businesses have thrown the glove of responsibility back and forth on numerous occasions, with government agencies citing the need for private enterprise to take up the mantle, and Business returning the gesture by proposing a ‘national’ perspective on cyber security. Ambit claims such as these drain a range of security resources when both sides should work in concert by directing all available energy towards resolving cyber-threats. This paper compares the public-private arrangements through Australasia …

Securing The Elderly: A Developmental Approach To Hypermedia Based Online Information Security For Senior Novice Computer Users, David M. Cook, Patryck Szewczyk, Krishnun Sansurooah

Dr. David M Cook

Whilst security threats to the general public continue to evolve, elderly computer users with limited skill and knowledge are left playing catch-up in an ever-widening gap in fundamental cyber-related comprehension. As a definable cohort, the elderly generally lack awareness of current security threats, and remain under-educated in terms of applying appropriate controls and safeguards to their computers and networking devices. This paper identifies that web-based computer security information sources do not adequately provide helpful information to senior citizen end-users in terms of both design and content. It subsequently demonstrates a solution designed with the elderly, yet novice, end-user in mind. …

Birds Of A Feather Deceive Together: The Chicanery Of Multiplied Metadata, David M. Cook

Dr. David M Cook

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Michael Crowley

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Technology Enhanced Learning With Open Source Software For Scientists And Engineers, Maurice Dawson, Imad Al Saeed, Jorja Wright, Mrwan Omar

Maurice Dawson

This paper represents the evaluation and integration of Open Source Software (OSS) technologies to enhance the learning of engineers and scientists within the university. The utilization of OSS is essential as costs around the world continue to rise for education, institutions must become innovative in the ways they teach and grow Science, Technology, Engineering, & Mathematics (STEM) majors. To do this effectively professors and administrative staff should push toward the utilization of OSS and other available tools to enhance or supplement currently available tools with minimal integration costs. The OSS applications would allow students the ability to learn critical technological …

Dod Cyber Technology Policies To Secure Automated Information Systems, Maurice E. Dawson Jr., Miguel Crespo, Stephen Brewster

Maurice Dawson

Availability, integrity, and confidentiality (AIC) is a key theme everywhere as cyber security has become more than an emerging topic. The Department of Defense (DoD) has implemented multiple processes such as the Department of Defense information assurance certification and accreditation process (DIACAP), common criteria (CC), and created proven baselines to include information assurance (IA) controls to protect information system (IS) resources. The aim of this research study shall provide insight to the applicable processes, IA controls, and standards to include providing a method for selecting necessary government models and for system development.

Security Analysis Of Two Signcryption Schemes, Guilin Wang, Robert H. Deng, Dongjin Kwak, Sangjae Moon

Dr Guilin Wang

Signcryption is a new cryptographic primitive that performs signing and encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we present a security analysis of two such schemes: the Huang-Chang convertible signcryption scheme, and the Kwak-Moon group signcryption scheme. Our results show that both schemes are insecure. Specifically, the Huang-Chang scheme fails to provide confidentiality, while the Kwak-Moon scheme does not satisfy the properties of unforgeability, coalition-resistance, and traceability.

Comments On "A Practical (T, N) Threshold Proxy Signature Scheme Based On The Rsa Cryptosystem", Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng

Dr Guilin Wang

In a (t, n) threshold proxy signature scheme based on RSA, any t or more proxy signers can cooperatively generate a proxy signature while t-1 or fewer of them can't do it. The threshold proxy signature scheme uses the RSA cryptosystem to generate the private and the public key of the signers. In this article, we discuss the implementation and comparison of some threshold proxy signature schemes that are based on the RSA cryptosystem. Comparison is done on the basis of time complexity, space complexity and communication overhead. We compare the performance of four schemes: Hwang et al., Wen et …

Proxy Signature Scheme With Multiple Original Signers For Wireless E-Commerce Applications, Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng

Dr Guilin Wang

In a proxy signature scheme, a user delegates his/her signing capability to another user in such a way that the latter can sign messages on behalf of the former. We propose an efficient and secure proxy signature scheme with multiple original signers. Our scheme is suitable for wireless electronic commerce applications, since the overheads of computation and communication are low. As an example, we present an electronic air ticket booking scheme for wireless customers.

Human: Creating Memorable Fingerprints Of Mobile Users, Gupta Payas, Kiat Wee Tan, Narayanasamy Ramasubbu, David Lo, Debin Gao, Rajesh Krishna Balan

David LO

In this paper, we present a new way of generating behavioral (not biometric) fingerprints from the cellphone usage data. In particular, we explore if the generated behavioral fingerprints are memorable enough to be remembered by end users. We built a system, called HuMan, that generates fingerprints from cellphone data. To test HuMan, we conducted an extensive user study that involved collecting about one month of continuous usage data (including calls, SMSes, application usage patterns etc.) from 44 Symbian and Android smartphone users. We evaluated the memorable fingerprints generated from this rich multi-context data by asking each user to answer various …