Information Security Commons^™

Enabling Dapps Data Exchange With Hardware-Assisted Secure Oracle Network, Yue Li

Theses and Dissertations--Computer Science

Decentralized applications (dApps), enabled by the blockchain and smart contract technology, are known for allowing distrustful parties to execute business logic without relying on a central authority. Compared to regular applications, dApps offer a wide range of benefits, including security by design, trustless transactions, and resistance to censorship. However, dApps need to access real-world data to achieve their full potential, relying on the data oracles. Oracles act as bridges between blockchains and the outside world, providing essential data to the smart contracts that power dApps. A significant challenge in integrating oracles into the dApp ecosystem is the Oracle Problem …

A Secure And Distributed Architecture For Vehicular Cloud And Protocols For Privacy-Preserving Message Dissemination In Vehicular Ad Hoc Networks, Hassan Mistareehi

Theses and Dissertations--Computer Science

Given the enormous interest in self-driving cars, Vehicular Ad hoc NETworks (VANETs) are likely to be widely deployed in the near future. Cloud computing is also gaining widespread deployment. Marriage between cloud computing and VANETs would help solve many of the needs of drivers, law enforcement agencies, traffic management, etc. The contributions of this dissertation are summarized as follows: A Secure and Distributed Architecture for Vehicular Cloud: Ensuring security and privacy is an important issue in the vehicular cloud; if information exchanged between entities is modified by a malicious vehicle, serious consequences such as traffic congestion and accidents can …

Procure-To-Pay Software In The Digital Age: An Exploration And Analysis Of Efficiency Gains And Cybersecurity Risks In Modern Procurement Systems, Drew Lane

MPA/MPP/MPFM Capstone Projects

Procure-to-Pay (P2P) softwares are an integral part of the payment and procurement processing functions at large-scale governmental institutions. These softwares house all of the financial functions related to procurement, accounts payable, and often human resources, helping to facilitate and automate the process from initiation of a payment or purchase, to the actual disbursal of funds. Often, these softwares contain budgeting and financial reporting tools as part of the offering. As such an integral part of the financial process, these softwares obviously come at an immense cost from a set of reputable vendors. In the case of government, these vendors mainly …

Facepet: Enhancing Bystanders' Facial Privacy With Smart Wearables/Internet Of Things, Alfredo J. Perez, Sherali Zeadally, Luis Y. Matos Garcia, Jaouad A. Mouloud, Scott Griffith

Information Science Faculty Publications

Given the availability of cameras in mobile phones, drones and Internet-connected devices, facial privacy has become an area of major interest in the last few years, especially when photos are captured and can be used to identify bystanders’ faces who may have not given consent for these photos to be taken and be identified. Some solutions to protect facial privacy in photos currently exist. However, many of these solutions do not give a choice to bystanders because they rely on algorithms that de-identify photos or protocols to deactivate devices and systems not controlled by bystanders, thereby being dependent on the …

Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally

Information Science Faculty Publications

One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources (i.e., storage, …

Determinants Of Personal Information Protection Activities In South Korea, Pilku Kang

MPA/MPP/MPFM Capstone Projects

The purpose of this paper is to investigate how people’s awareness and ways to obtain relevant materials of personal information have influenced individual’s information privacy protection activities. This study uses the data of a 2016 survey on information security published by Korea Information and Security Agency.

The dependent variables of this study are preventive measures for the security of a Personal Computer (PC) and preventive measures against personal information breach. I classify independent variables into four types. They are internet users’ perception about information privacy, such as awareness of the importance of protecting one’s personal information, and awareness of information …

Lightweight Data Aggregation Scheme Against Internal Attackers In Smart Grid Using Elliptic Curve Cryptography, Debiao He, Sherali Zeadally, Huaqun Wang, Qin Liu

Information Science Faculty Publications

Recent advances of Internet and microelectronics technologies have led to the concept of smart grid which has been a widespread concern for industry, governments, and academia. The openness of communications in the smart grid environment makes the system vulnerable to different types of attacks. The implementation of secure communication and the protection of consumers’ privacy have become challenging issues. The data aggregation scheme is an important technique for preserving consumers’ privacy because it can stop the leakage of a specific consumer’s data. To satisfy the security requirements of practical applications, a lot of data aggregation schemes were presented over the …

Ten Simple Rules For Responsible Big Data Research, Matthew Zook, Solon Barocas, Danah Boyd, Kate Crawford, Emily Keller, Seeta Peña Gangadharan, Alyssa Goodman, Rachelle Hollander, Barbara A. Koenig, Jacob Metcalf, Arvind Narayanan, Alondra Nelson, Frank Pasquale

Geography Faculty Publications

No abstract provided.

Lightweight Three-Factor Authentication And Key Agreement Protocol For Internet-Integrated Wireless Sensor Networks, Qi Jiang, Sherali Zeadally, Jianfeng Ma, Debiao He

Information Science Faculty Publications

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their …

Statistical Properties Of Pseudorandom Sequences, Ting Gu

Theses and Dissertations--Computer Science

Random numbers (in one sense or another) have applications in computer simulation, Monte Carlo integration, cryptography, randomized computation, radar ranging, and other areas. It is impractical to generate random numbers in real life, instead sequences of numbers (or of bits) that appear to be ``random" yet repeatable are used in real life applications. These sequences are called pseudorandom sequences. To determine the suitability of pseudorandom sequences for applications, we need to study their properties, in particular, their statistical properties. The simplest property is the minimal period of the sequence. That is, the shortest number of steps until the sequence repeats. …

Information-Theoretic Secure Outsourced Computation In Distributed Systems, Zhaohong Wang

Theses and Dissertations--Electrical and Computer Engineering

Secure multi-party computation (secure MPC) has been established as the de facto paradigm for protecting privacy in distributed computation. One of the earliest secure MPC primitives is the Shamir's secret sharing (SSS) scheme. SSS has many advantages over other popular secure MPC primitives like garbled circuits (GC) -- it provides information-theoretic security guarantee, requires no complex long-integer operations, and often leads to more efficient protocols. Nonetheless, SSS receives less attention in the signal processing community because SSS requires a larger number of honest participants, making it prone to collusion attacks. In this dissertation, I propose an agent-based computing framework using …

New Secure Solutions For Privacy And Access Control In Health Information Exchange, Ahmed Fouad Shedeed Ibrahim

Theses and Dissertations--Computer Science

In the current digital age, almost every healthcare organization (HCO) has moved from storing patient health records on paper to storing them electronically. Health Information Exchange (HIE) is the ability to share (or transfer) patients’ health information between different HCOs while maintaining national security standards like the Health Insurance Portability and Accountability Act (HIPAA) of 1996. Over the past few years, research has been conducted to develop privacy and access control frameworks for HIE systems. The goal of this dissertation is to address the privacy and access control concerns by building practical and efficient HIE frameworks to secure the sharing …

Topics On Register Synthesis Problems, Weihua Liu

Theses and Dissertations--Computer Science

Pseudo-random sequences are ubiquitous in modern electronics and information technology. High speed generators of such sequences play essential roles in various engineering applications, such as stream ciphers, radar systems, multiple access systems, and quasi-Monte-Carlo simulation. Given a short prefix of a sequence, it is undesirable to have an efficient algorithm that can synthesize a generator which can predict the whole sequence. Otherwise, a cryptanalytic attack can be launched against the system based on that given sequence.

Linear feedback shift registers (LFSRs) are the most widely studied pseudorandom sequence generators. The LFSR synthesis problem can be solved by the Berlekamp-Massey algorithm, …

Secure And Authenticated Message Dissemination In Vehicular Ad Hoc Networks And An Incentive-Based Architecture For Vehicular Cloud, Kiho Lim

Theses and Dissertations--Computer Science

Vehicular ad hoc Networks (VANETs) allow vehicles to form a self-organized network. VANETs are likely to be widely deployed in the future, given the interest shown by industry in self-driving cars and satisfying their customers various interests. Problems related to Mobile ad hoc Networks (MANETs) such as routing, security, etc.have been extensively studied. Even though VANETs are special type of MANETs, solutions proposed for MANETs cannot be directly applied to VANETs because all problems related to MANETs have been studied for small networks. Moreover, in MANETs, nodes can move randomly. On the other hand, movement of nodes in VANETs are …

Teaching Cybersecurity Using The Cloud, Khaled Salah, Mohammad Hammoud, Sherali Zeadally

Information Science Faculty Publications

Cloud computing platforms can be highly attractive to conduct course assignments and empower students with valuable and indispensable hands-on experience. In particular, the cloud can offer teaching staff and students (whether local or remote) on-demand, elastic, dedicated, isolated, (virtually) unlimited, and easily configurable virtual machines. As such, employing cloud-based laboratories can have clear advantages over using classical ones, which impose major hindrances against fulfilling pedagogical objectives and do not scale well when the number of students and distant university campuses grows up. We show how the cloud paradigm can be leveraged to teach a cybersecurity course. Specifically, we share our …

Data Privacy Preservation In Collaborative Filtering Based Recommender Systems, Xiwei Wang

Theses and Dissertations--Computer Science

This dissertation studies data privacy preservation in collaborative filtering based recommender systems and proposes several collaborative filtering models that aim at preserving user privacy from different perspectives.

The empirical study on multiple classical recommendation algorithms presents the basic idea of the models and explores their performance on real world datasets. The algorithms that are investigated in this study include a popularity based model, an item similarity based model, a singular value decomposition based model, and a bipartite graph model. Top-N recommendations are evaluated to examine the prediction accuracy.

It is apparent that with more customers' preference data, recommender systems …

Privacy Preserving Data Mining For Numerical Matrices, Social Networks, And Big Data, Lian Liu

Theses and Dissertations--Computer Science

Motivated by increasing public awareness of possible abuse of confidential information, which is considered as a significant hindrance to the development of e-society, medical and financial markets, a privacy preserving data mining framework is presented so that data owners can carefully process data in order to preserve confidential information and guarantee information functionality within an acceptable boundary.

First, among many privacy-preserving methodologies, as a group of popular techniques for achieving a balance between data utility and information privacy, a class of data perturbation methods add a noise signal, following a statistical distribution, to an original numerical matrix. With the help …

Is Security Sustainable?, Jeremy W. Crampton

Geography Faculty Publications

No abstract provided.