Information Security Commons^™

Investigating The Spatial Complexity Of Various Pke-Peks Schematics, Jacob Patterson

Rose-Hulman Undergraduate Research Publications

With the advent of cloud storage, people upload all sorts of information to third party servers. However, uploading plaintext does not seem like a good idea for users who wish to keep their data private. Current solutions to this problem in literature involves integrating Public Key Encryption and Public key encryption with keyword search techniques. The intent of this paper is to analyze the spatial complexities of various PKE-PEKS schemes at various levels of security and discuss potential avenues for improvement.

A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang

Faculty Research & Publications

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.

Iterated Random Oracle: A Universal Approach For Finding Loss In Security Reduction, Fuchun Guo, Willy Susilo, Yi Mu, Rongmao Chen, Jianchang Lai, Guomin Yang

Research Collection School Of Computing and Information Systems

The indistinguishability security of a public-key cryptosystem can be reduced to a computational hard assumption in the random oracle model, where the solution to a computational hard problem is hidden in one of the adversary’s queries to the random oracle. Usually, there is a finding loss in finding the correct solution from the query set, especially when the decisional variant of the computational problem is also hard. The problem of finding loss must be addressed towards tight(er) reductions under this type. In EUROCRYPT 2008, Cash, Kiltz and Shoup proposed a novel approach using a trapdoor test that can solve the …

Cryptographic Reverse Firewall Via Malleable Smooth Projective Hash Functions, Rongmao Chen, Guomin Yang, Guomin Yang, Willy Susilo, Fuchun Guo, Mingwu Zhang

Research Collection School Of Computing and Information Systems

Motivated by the revelations of Edward Snowden, postSnowden cryptography has become a prominent research direction in recent years. In Eurocrypt 2015, Mironov and Stephens-Davidowitz proposed a novel concept named cryptographic reverse firewall (CRF) which can resist exfiltration of secret information from an arbitrarily compromised machine. In this work, we continue this line of research and present generic CRF constructions for several widely used cryptographic protocols based on a new notion named malleable smooth projective hash function. Our contributions can be summarized as follows. – We introduce the notion of malleable smooth projective hash function, which is an extension of the …

An Interview With The Scorpion: Walter O’Brien, Walter O'Brien

The STEAM Journal

An interview with Walter O'Brien (hacker handle: "Scorpion"), known as a businessman, information technologist, executive producer, and media personality who is the founder and CEO of Scorpion Computer Services, Inc. O'Brien is also the inspiration for and executive producer of the CBS television series, Scorpion.

Who's In And Who's Out?: What's Important In The Cyber World?, Tony M. Kelly

HON499 projects

The aim of this paper is to offer an introduction to the exploding field of cybersecurity by asking what are the most important concepts or topics that a new member of the field of cybersecurity should know. This paper explores this question from three perspectives: from the realm of business and how the cyber world is intertwined with modern commerce, including common weaknesses and recommendations, from the academic arena examining how cybersecurity is taught and how it should be taught in a classroom or laboratory environment, and lastly, from the author’s personal experience with the cyber world. Included information includes …

M(2)-Abks: Attribute-Based Multi-Keyword Search Over Encrypted Personal Health Records In Multi-Owner Setting, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Fushan Wei, Zhiquan Liu, Xu An Wang

Research Collection School Of Computing and Information Systems

Online personal health record (PHR) is more inclined to shift data storage and search operations to cloud server so as to enjoy the elastic resources and lessen computational burden in cloud storage. As multiple patients' data is always stored in the cloud server simultaneously, it is a challenge to guarantee the confidentiality of PHR data and allow data users to search encrypted data in an efficient and privacy-preserving way. To this end, we design a secure cryptographic primitive called as attribute-based multi-keyword search over encrypted personal health records in multi-owner setting to support both fine-grained access control and multi-keyword search …

Improving Business Networking Through The Effective Utilisation Of Information Systems, Ylber Limani

UBT International Conference

This Research addresses topics concerned with the enterprise models and information systems. The research is divided into two parts, in the first part is conducted the examination of business information systems in general, while in the second part the main factors of business networking are investigated.

The existing operational business practices and Information Technology infrastructure are not sufficiently used of efficiently sustain the effective business networking. A methodical analysis of the operational systems is performed in order to cover the main elements of the Information Systems and their utilisation for business needs. The implementation of a most important information business …

The Role Of Knowledge Management In The Information System, Sejdi Xhemaili

UBT International Conference

We are living in a world in which the knowledge is a precious commodity. The fast pace of the development of the companies both for trade and service require management of the acquired knowledge in the best possible way.

This paper would show the influence of the knowledge management in the information system that is what is achieved when knowledge management itself is applied to the information system. The accumulated knowledge in terms of innovation, management of the staff and its training, competitiveness on the wide market and improvement of the level of the business processes and performance tend to …

The Implementation Of Information Systems In Network Administration: The Improvement Of Intranet Utilization In Higher Education Institutions, Besnik Skenderi, Murat Retkoceri, Rina Sadriu

UBT International Conference

Management Information systems or MIS broadly refers to a Computer system of Information that provides manager the tool to organize, Asses and manage efficiently departments within an organization.

Information System Management serves to assist in the more effective and efficient management of information. These systems make possible the production and preservation.

Nowadays the business, institutions and organization use MIS to certain functions or the entire organization. Some of the most important applicants are in dimensions or functions such as human resources, finance, marketing, manufacturing, asset management etc.

The primary definition shows that the primary task of management information system (MIS. …

The Importance Of Big Data Analytics, Eljona Proko

UBT International Conference

Identified as the tendency of IT, Big Data gained global attention. Advances in data analytics are changing the way businesses compete, enabling them to make faster and better decisions based on real-time analysis. Big Data introduces a new set of challenges. Three characteristics define Big Data: volume, variety, and velocity. Big Data requires tools and methods that can be applied to analyze and extract patterns from large-scale data. Companies generate enormous volumes of poly-structured data from Web, social network posts, sensors, mobile devices, emails, and many other sources. Companies need a cost-effective, massively scalable solution for capturing, storing, and analyzing …

Traditional Mathematics And New Methods Of Teaching Through Programming Together With Students, Robert Kosova, Teuta Thanasi, Lindita Mukli, Loreta Nakuçi Pëllumbi

UBT International Conference

We are used to the traditional methods of teaching mathematics. The textbook, the blackboard and a chalk have been for centuries a wonderful part of teaching. And, they always will be. Traditional teaching methods of mathematics are a wonderful legacy of our educational system that have educated generations of teachers, engineers, administrators, managers, leaders, and economists. American universities websites, the video- lectures of the best professors of well-known disciplines such as statistics, operational research, number theory, algebra, game theory, show impressing large blackboards, all over the auditor's walls. We always will need and admire traditional mathematics. But, beyond the lessons, …

Cloud Computing And Enterprise Data Reliability, Luan Gashi

UBT International Conference

Cloud services offer many benefits from information and communication technology that to be credible must first be secured. To use the potential of cloud computing, data is transferred, processed and stored in the infrastructures of these service providers. This indicates that the owners of data, particularly enterprises, have puzzled when storing their data is done outside the scope of their control.

Research conducted on this topic show how this should be addressed unequivocally. The provided information on the organization of cloud computing models, services and standards, with a focus on security aspects in protecting enterprise data where emphasis shows how …

Some Propositions About Inverse Semigroups, Osman Hysa, Arben Reka

UBT International Conference

The inverse semigroups are semigroups studied by many algebraists. In this paper we will formulate and prove some other propositions on these semigroups. So we will prove two propositions concerning the closure of a subsemigroup of a given inverse semigroup S, within the meaning introduced by Schein in 1962, two propositions on the group congruence on a normal subsemigroup of the inverse semigroup S, and a proposition about closed subsemigroup assertion of an inverse semigroup S.

Some Issues In The Testing Of Computer Simulation Models, David J. Murray-Smith

UBT International Conference

The testing of simulation models has much in common with testing processes in other types of application involving software development. However, there are also important differences associated with the fact that simulation model testing involves two distinct aspects, which are known as verification and validation. Model validation is concerned with investigation of modelling errors and model limitations while verification involves checking that the simulation program is an accurate representation of the mathematical and logical structure of the underlying model. Success in model validation depends upon the availability of detailed information about all aspects of the system being modelled. It also …

Active Snort Rules And The Needs For Computing Resources: Computing Resources Needed To Activate Different Numbers Of Snort Rules, Chad A. Arney, Xinli Wang

School of Technology Publications

This project was designed to discover the relationship between the number of enabled rules maintained by Snort and the amount of computing resources necessary to operate this intrusion detection system (IDS) as a sensor. A physical environment was set up to loosely simulate a network and an IDS sensor monitoring it.

The experiment was conducted in five trials. A different number of Snort rules was enabled in each trial and the corresponding utilization of computing resources was measured. Remarkable variation and a clear trend of CPU usage were observed in the experiment.

Mabic: Mobile Application Builder For Interactive Communication, Huy Manh Nguyen

Masters Theses & Specialist Projects

Nowadays, the web services and mobile technology advance to a whole new level. These technologies make the modern communication faster and more convenient than the traditional way. People can also easily share data, picture, image and video instantly. It also saves time and money. For example: sending an email or text message is cheaper and faster than a letter. Interactive communication allows the instant exchange of feedback and enables two-way communication between people and people, or people and computer. It increases the engagement of sender and receiver in communication.

Although many systems such as REDCap and Taverna are built for …

Library Writers Reward Project, Saravana Kumar Gajendran

Master's Projects

Open-source library development exploits the distributed intelligence of participants in Internet communities. Nowadays, contribution to the open-source community is fading [16] (Stackalytics, 2016) as there is not much recognition for library writers. They can start exploring ways to generate revenue as they actively contribute to the open-source community.

This project helps library writers to generate revenue in the form of bitcoins for their contribution. Our solution to generate revenue for library writers is to integrate bitcoin mining with existing JavaScript libraries, such as jQuery. More use of the library leads to more revenue for the library writers. It uses the …

Analyzing Proactive Fraud Detection Software Tools And The Push For Quicker Solutions, Kerri Aiken

Economic Crime Forensics Capstones

This paper focuses on proactive fraud detection software tools and how these tools can help detect and prevent possible fraudulent schemes. In addition to relying on routine audits, companies are designing proactive methods that involve the inclusion of software tools to detect and deter instances of fraud and abuse. This paper discusses examples of companies using ACL and SAS software programs and how the software tools have positively changed their auditing systems.

Novelis Inc., an aluminum and recycling company, implemented ACL into their internal audit software system. Competitive Health Analytics (Division of Humana) implemented SAS in order to improve their …

Efficient Verifiable Computation Of Linear And Quadratic Functions Over Encrypted Data, Ngoc Hieu Tran, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

In data outsourcing, a client stores a large amount of data on an untrusted server; subsequently, the client can request the server to compute a function on any subset of the data. This setting naturally leads to two security requirements: confidentiality of input data, and authenticity of computations. Existing approaches that satisfy both requirements simultaneously are built on fully homomorphic encryption, which involves expensive computation on the server and client and hence is impractical. In this paper, we propose two verifiable homomorphic encryption schemes that do not rely on fully homomorphic encryption. The first is a simple and efficient scheme …

A Key-Insulated Cp-Abe With Key Exposure Accountability For Secure Data Sharing In The Cloud, Hanshu Hong, Zhixin Sun, Ximeng Liu

Research Collection School Of Computing and Information Systems

ABE has become an effective tool for data protection in cloud computing. However, since users possessing the same attributes share the same private keys, there exist some malicious users exposing their private keys deliberately for illegal data sharing without being detected, which will threaten the security of the cloud system. Such issues remain in many current ABE schemes since the private keys are rarely associated with any user specific identifiers. In order to achieve user accountability as well as provide key exposure protection, in this paper, we propose a key-insulated ciphertext policy attribute based encryption with key exposure accountability (KI-CPABE-KEA). …

User Interface Design, Moritz Stefaner, Sebastien Ferre, Saverio Perugini, Jonathan Koren, Yi Zhang

Saverio Perugini

As detailed in Chap. 1, system implementations for dynamic taxonomies and faceted search allow a wide range of query possibilities on the data. Only when these are made accessible by appropriate user interfaces, the resulting applications can support a variety of search, browsing and analysis tasks. User interface design in this area is confronted with specific challenges. This chapter presents an overview of both established and novel principles and solutions.

Program Transformations For Information Personalization, Saverio Perugini, Naren Ramakrishnan

Saverio Perugini

Personalization constitutes the mechanisms necessary to automatically customize information content, structure, and presentation to the end user to reduce information overload. Unlike traditional approaches to personalization, the central theme of our approach is to model a website as a program and conduct website transformation for personalization by program transformation (e.g., partial evaluation, program slicing). The goal of this paper is study personalization through a program transformation lens and develop a formal model, based on program transformations, for personalized interaction with hierarchical hypermedia. The specific research issues addressed involve identifying and developing program representations and transformations suitable for classes of hierarchical …

An Immersive Telepresence System Using Rgb-D Sensors And Head-Mounted Display, Xinzhong Lu, Ju Shen, Saverio Perugini, Jianjun Yang

Saverio Perugini

We present a tele-immersive system that enables people to interact with each other in a virtual world using body gestures in addition to verbal communication. Beyond the obvious applications, including general online conversations and gaming, we hypothesize that our proposed system would be particularly beneficial to education by offering rich visual contents and interactivity. One distinct feature is the integration of egocentric pose recognition that allows participants to use their gestures to demonstrate and manipulate virtual objects simultaneously. This functionality enables the instructor to effectively and efficiently explain and illustrate complex concepts or sophisticated problems in an intuitive manner. The …

Empirical Analysis Of Socio-Cognitive Factors Affecting Security Behaviors And Practices Of Smartphone Users, Joseph P. Simpson

CCE Theses and Dissertations

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence …

An Experimental Study On The Role Of Password Strength And Cognitive Load On Employee Productivity, Stephen Mujeye

CCE Theses and Dissertations

The proliferation of information systems (IS) over the past decades has increased the demand for system authentication. While the majority of system authentications are password-based, it is well documented that passwords have significant limitations. To address this issue, companies have been placing increased requirements on the user to ensure their passwords are more complex and consequently stronger. In addition to meeting a certain complexity threshold, the password must also be changed on a regular basis. As the cognitive load increases on the employees using complex passwords and changing them often, they may have difficulty recalling their passwords. As such, the …

An Empirical Study Of Authentication Methods To Secure E-Learning System Activities Against Impersonation Fraud, Shauna Beaudin

CCE Theses and Dissertations

Studies have revealed that securing Information Systems (IS) from intentional misuse is a concern among organizations today. The use of Web-based systems has grown dramatically across industries including e-commerce, e-banking, e-government, and e learning to name a few. Web-based systems provide e-services through a number of diverse activities. The demand for e-learning systems in both academic and non-academic organizations has increased the need to improve security against impersonation fraud. Although there are a number of studies focused on securing Web-based systems from Information Systems (IS) misuse, research has recognized the importance of identifying suitable levels of authenticating strength for various …

An Analysis Of The Relationship Between Security Information Technology Enhancements And Computer Security Breaches And Incidents, Linda Betz

CCE Theses and Dissertations

Financial services institutions maintain large amounts of data that include both intellectual property and personally identifiable information for employees and customers. Due to the potential damage to individuals, government regulators hold institutions accountable for ensuring that personal data are protected and require reporting of data security breaches. No company wants a data breach, but finding a security incident or breach early in the attack cycle may decrease the damage or data loss a company experiences. In multiple high profile data breaches reported in major news stories over the past few years, there is a pattern of the adversary being inside …

An Empirical Investigation Of Factors Affecting Resistance To Using Multi-Method Authentication Systems In Public-Access Environments, Joseph Marnell

CCE Theses and Dissertations

Over the course of history, different means of object and person identification as well as verification have evolved for user authentication. In recent years, a new concern has emerged regarding the accuracy of verifiable authentication and protection of personal identifying information (PII), because previous misuses have resulted in significant financial loss. Such losses have escalated more noticeably because of human identity-theft incidents due to breaches of PII within multiple public-access environments. Although the use of various biometric and radio frequency identification (RFID) technologies is expanding, resistance to using these technologies for user authentication remains an issue. This study addressed the …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …