Open Access. Powered by Scholars. Published by Universities.®
- Discipline
- Institution
Articles 1 - 9 of 9
Full-Text Articles in Information Security
Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng
Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng
Research Collection School Of Computing and Information Systems
With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information …
Forensic Analysis Of Immersive Virtual Reality Social Applications: A Primary Account, Ananya Yarramreddy, Peter Gromkowski, Ibrahim Baggili
Forensic Analysis Of Immersive Virtual Reality Social Applications: A Primary Account, Ananya Yarramreddy, Peter Gromkowski, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
Our work presents the primary account for exploring the forensics of immersive Virtual Reality (VR) systems and their social applications. The Social VR applications studied in this work include Bigscreen, Altspace VR, Rec Room and Facebook Spaces. We explored the two most widely adopted consumer VR systems: the HTC Vive and the Oculus Rift. Our tests examined the efficacy of reconstructing evidence from network traffic as well as the systems themselves. The results showed that a significant amount of forensically relevant data such as user names, user profile pictures, events, and system details may be recovered. We anticipate that this …
Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally
Compact Hardware Implementation Of A Sha-3 Core For Wireless Body Sensor Networks, Yi Yang, Debiao He, Neeraj Kumar, Sherali Zeadally
Information Science Faculty Publications
One of the most important Internet of Things applications is the wireless body sensor network (WBSN), which can provide universal health care, disease prevention, and control. Due to large deployments of small scale smart sensors in WBSNs, security, and privacy guarantees (e.g., security and safety-critical data, sensitive private information) are becoming a challenging issue because these sensor nodes communicate using an open channel, i.e., Internet. We implement data integrity (to resist against malicious tampering) using the secure hash algorithm 3 (SHA-3) when smart sensors in WBSNs communicate with each other using the Internet. Due to the limited resources (i.e., storage, …
A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt
A Simplified Secure Programming Platform For Internet Of Things Devices, Halim Burak Yesilyurt
FIU Electronic Theses and Dissertations
The emerging Internet of Things (IoT) revolution has introduced many useful applications that are utilized in our daily lives. Users can program these devices in order to develop their own IoT applications; however, the platforms and languages that are used during development are abounding, complicated, and time-consuming. The software solution provided in this thesis, PROVIZ+, is a secure sensor application development software suite that helps users create sophisticated and secure IoT applications with little software and hardware experience. Moreover, a simple and efficient domain-specific programming language, namely Panther language, was designed for IoT application development to unify existing programming languages. …
An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili
An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili
Electrical & Computer Engineering and Computer Science Faculty Publications
The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.
How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan
How Much Should We Spend To Protect Privacy?: Data Breaches And The Need For Information We Do Not Have, Richard Warner, Robert Sloan
All Faculty Scholarship
A cost/benefit approach to privacy confronts two tradeoff issues. One is making appropriate tradeoffs between privacy and many goals served by the collection, distribution, and use of information. The other is making tradeoffs between investments in preventing unauthorized access to information and the variety of other goals that also make money, time, and effort demands. Much has been written about the first tradeoff. We focus on the second. The issue is critical. Data breaches occur at the rate of over three a day, and the aggregate social cost is extremely high. The puzzle is that security experts have long explained …
Vulnerability Analysis: Protecting Information In The Iot, Brian Cusack, Feiqiu Zhuang
Vulnerability Analysis: Protecting Information In The Iot, Brian Cusack, Feiqiu Zhuang
Australian Information Security Management Conference
The research was designed to study IoT security vulnerabilities and how to better protect IoT communications. By researching the system a Fitbit uses for communications, this research analyzes and reveals security defects in the IoT architecture. The research first uses a man-in the middle (MITM) attack to intercept and analyze the Fitbit system traffic to identify security weakness. Then uses a replay attack to further validate these flaws. Finally, countermeasures against these security threats are proposed. The research findings show the Fitbit’s IoT communication architecture has serious information security risks. Firstly, the Fitbit tested does not encrypt the raw data …
Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim
Bringing Defensive Artificial Intelligence Capabilities To Mobile Devices, Kevin Chong, Ahmed Ibrahim
Australian Information Security Management Conference
Traditional firewalls are losing their effectiveness against new and evolving threats today. Artificial intelligence (AI) driven firewalls are gaining popularity due to their ability to defend against threats that are not fully known. However, a firewall can only protect devices in the same network it is deployed in, leaving mobile devices unprotected once they leave the network. To comprehensively protect a mobile device, capabilities of an AI-driven firewall can enhance the defensive capabilities of the device. This paper proposes porting AI technologies to mobile devices for defence against today’s ever-evolving threats. A defensive AI technique providing firewall-like capability is being …
Mitigating Man-In-The-Middle Attacks On Mobile Devices By Blocking Insecure Http Traffic Without Using Vpn, Kevin Chong, Muhammad Imran Malik, Peter Hannay
Mitigating Man-In-The-Middle Attacks On Mobile Devices By Blocking Insecure Http Traffic Without Using Vpn, Kevin Chong, Muhammad Imran Malik, Peter Hannay
Australian Information Security Management Conference
Mobile devices are constantly connected to the Internet, making countless connections with remote services. Unfortunately, many of these connections are in cleartext, visible to third-parties while in transit. This is insecure and opens up the possibility for man-in-the-middle attacks. While there is little control over what kind of connection running apps can make, this paper presents a solution in blocking insecure HTTP packets from leaving the device. Specifically, the proposed solution works on the device, without the need to tunnel packets to a remote VPN server, and without special privileges such as root access. Speed tests were performed to quantify …