Information Security Commons^™

Rationality, Parapsychology, And Artificial Intelligence In Military And Intelligence Research By The United States Government In The Cold War, Guy M. Lomeo

Theses and Dissertations

A study analyzing the roles of rationality, parapsychology, and artificial intelligence in military and intelligence research by the United States Government in the Cold War. An examination of the methodology behind the decisions to pursue research in two fields that were initially considered irrational.

Cryptanalysis Of Homophonic Substitution Cipher Using Hidden Markov Models, Guannan Zhong

Master's Projects

We investigate the effectiveness of a Hidden Markov Model (HMM) with random restarts as a mean of breaking a homophonic substitution cipher. Based on extensive experiments, we find that such an HMM-based attack outperforms a previously de- veloped nested hill climb approach, particularly when the ciphertext message is short. We then consider a combination cipher, consisting of a homophonic substitution and a column transposition. We develop and analyze an attack on such a cipher. This attack employs an HMM (with random restarts), together with a hill climb to recover the column permutation. We show that this attack can succeed on …

The Paradox Of Social Media Security: A Study Of It Students’ Perceptions Versus Behavior On Using Facebook, Zahra Y. Alqubaiti

Master of Science in Information Technology Theses

Social media plays an essential role in the modern society, enabling people to be better connected to each other and creating new opportunities for businesses. At the same time, social networking sites have become major targets for cyber-security attacks due to their massive user base. Many studies investigated the security vulnerabilities and privacy issues of social networking sites and made recommendations on how to mitigate security risks. Users are an integral part of any security mix. In this thesis, we explore the relationship between users’ security perceptions and their actual behavior on social networking sites. Protection motivation theory (PMT), initially …

Context-Sensitive Auto-Sanitization For Php, Jared M. Smith, Richard J. Connor, David P. Cunningham, Kyle G. Bashour, Walter T. Work

Chancellor’s Honors Program Projects

No abstract provided.

Ransomware In High-Risk Environments, Shallaw M. Aziz

Information Technology Capstone Research Project Reports

In today’s modern world, cybercrime is skyrocketing globally, which impacts a variety of organizations and endpoint users. Hackers are using a multitude of approaches and tools, including ransomware threats, to take over targeted systems. These acts of cybercrime lead to huge damages in areas of business, healthcare systems, industry sectors, and other fields. Ransomware is considered as a high risk threat, which is designed to hijack the data. This paper is demonstrating the ransomware types, and how they are evolved from the malware and trojan codes, which is used to attack previous incidents, and explains the most common encryption algorithms …

The Transition Experiences Of International Graduate Students In Clark University School Of Professional Studies, Xuesong Huang, Mingyang Lian, Dang Trung, Jay Sheth, Yuwei Yang, Irina Klimenko

School of Professional Studies

In the last decade, the School of Professional Studies at Clark University has witnessed a sharp increase in international students. More and more international students in the millennial generation have entered the School of Professional Studies pursuing one of the two-year graduate programs: Master of Science in Professional Studies, Master of Science in Public Administration, and Master of Science in Information Technology. In the past, working adult student dominant the program. These students already had a career outside the classrooms before them came to study. The millennial international students have generated new adjustment problems. Some of the transition issues of …

Cross-Spectral Biometric Performance Analysis On High-Resolution Face Images, Praveen Kumar Pandian Shanmuganathan

Theses and Dissertations

Biometrics is increasingly being used to authenticate the identity of individuals in critical use case devices like smart phones, laptops, and several other access-control systems in our day-to-day lives. Additionally, biometrics is also used in forensic and security sensitive areas to detect and identify suspects involved in bombings, robberies, and several police investigations. In each of these critical scenarios, the high-quality full-frontal face images of the subjects are not accurately captured as those subjects do not intend to register their identity to the Closed-Circuit Cameras. Hence in such cases, identification of the suspects becomes difficult even though we have the …

Developing An Abac-Based Grant Proposal Workflow Management System, Milson Munakami

Boise State University Theses and Dissertations

In the advent of the digital transformation, online business processes need to be automated and modeled as workflows. A workflow typically involves a sequence of coordinated tasks and shared data that need to be secured and protected from unauthorized access. In other words, a workflow can be described simply as the movement of documents and activities through a business process among different users. Such connected flow of information among various users with different permission level offers many benefits along with new challenges. Cyber threats are becoming more sophisticated as skilled and motivated attackers both insiders and outsiders are equipped with …

Security Testing With Misuse Case Modeling, Samer Yousef Khamaiseh

Boise State University Theses and Dissertations

Having a comprehensive model of security requirements is a crucial step towards developing a reliable software system. An effective model of security requirements which describes the possible scenarios that may affect the security aspects of the system under development can be an effective approach for subsequent use in generating security test cases.

Misuse case was first proposed by Sinder and Opdahl as an approach to extract the security requirements of the system under development [1]. A misuse case is a use case representing scenarios that might be followed by a system adversary in order to compromise the system; that is …

A Certificateless One-Way Group Key Agreement Protocol For Point-To-Point Email Encryption, Srisarguru Sridhar

Boise State University Theses and Dissertations

Over the years, email has evolved and grown to one of the most widely used form of communication between individuals and organizations. Nonetheless, the current information technology standards do not value the significance of email security in today's technologically advanced world. Not until recently, email services such as Yahoo and Google started to encrypt emails for privacy protection. Despite that, the encrypted emails will be decrypted and stored in the email service provider's servers as backup. If the server is hacked or compromised, it can lead to leakage and modification of one's email. Therefore, there is a strong need for …

Soteria: A Persuasive Esecurity Assistant, Punica Bhardwaj

Theses and Dissertations

“…security is only as good as the weakest link, and people are the weakest link in the chain.” – B Schneier, 2002 Humans are often referred to as the “weakest link” in the security chain because of the poor security decisions taken by them. There can be many reasons for these decisions, such as lack of understandability of the software, lack of education, and lack of relevant information required to do that particular action. In this Thesis, we focus on the lack of relevant information required at the time of performing the action. In order to provide the user with …

Who's In And Who's Out?: What's Important In The Cyber World?, Tony M. Kelly

HON499 projects

The aim of this paper is to offer an introduction to the exploding field of cybersecurity by asking what are the most important concepts or topics that a new member of the field of cybersecurity should know. This paper explores this question from three perspectives: from the realm of business and how the cyber world is intertwined with modern commerce, including common weaknesses and recommendations, from the academic arena examining how cybersecurity is taught and how it should be taught in a classroom or laboratory environment, and lastly, from the author’s personal experience with the cyber world. Included information includes …

Personal Privacy: A Study To Determine Views On Privacy As It Relates To Technology Acceptance, Keith A. Wuotinen

Master's Theses and Doctoral Dissertations

This descriptive correlation study sought to learn the relationships, if any, between a person’s concern for privacy and their acceptance of technology, in conjunction with the control factors of the Big Five personality factors. The study employed a modified Concern for Information Privacy (CFIP) scale and a modified Technology Acceptance Model (TAM) approach in conjunction with the Big Five personality factors using a 51-question survey.

The study surveyed students at Eastern Michigan University in Ypsilanti, Michigan, who were enrolled in the College of Technology. The results indicated that there was a significant positive relationship between the CFIP and the TAM. …

Intrinsic Functions For Securing Cmos Computation: Variability, Modeling And Noise Sensitivity, Xiaolin Xu

Doctoral Dissertations

A basic premise behind modern secure computation is the demand for lightweight cryptographic primitives, like identifier or key generator. From a circuit perspective, the development of cryptographic modules has also been driven by the aggressive scalability of complementary metal-oxide-semiconductor (CMOS) technology. While advancing into nano-meter regime, one significant characteristic of today's CMOS design is the random nature of process variability, which limits the nominal circuit design. With the continuous scaling of CMOS technology, instead of mitigating the physical variability, leveraging such properties becomes a promising way. One of the famous products adhering to this double-edged sword philosophy is the Physically …

Early Packet Rejection Using Dynamic Binary Decision Diagram, Vasiqullah Molvizadah

Theses

A firewall is a hardware or software device that performs inspection on a given incoming/outgoing packets and decide whether to allow/deny the packet from entering/leaving the system. Firewall filters the packets by using a set of rules called firewall policies. The policies define what type of packets should be allowed or discarded. These policies describe the field values that the packet header must contain in order to match a policy in the firewall. The decision for any given packet is made by finding the first matching firewall policy, if any.

In a traditional firewall, the packet filter goes through each …

A Framework For Hybrid Intrusion Detection Systems, Robert N. Bronte

Master of Science in Information Technology Theses

Web application security is a definite threat to the world’s information technology infrastructure. The Open Web Application Security Project (OWASP), generally defines web application security violations as unauthorized or unintentional exposure, disclosure, or loss of personal information. These breaches occur without the company’s knowledge and it often takes a while before the web application attack is revealed to the public, specifically because the security violations are fixed. Due to the need to protect their reputation, organizations have begun researching solutions to these problems. The most widely accepted solution is the use of an Intrusion Detection System (IDS). Such systems currently …

Physical Layer Defenses Against Primary User Emulation Attacks, Joan A. Betances

Theses and Dissertations

Cognitive Radio (CR) is a promising technology that works by detecting unused parts of the spectrum and automatically reconfiguring the communication system's parameters in order to operate in the available communication channels while minimizing interference. CR enables efficient use of the Radio Frequency (RF) spectrum by generating waveforms that can coexist with existing users in licensed spectrum bands. Spectrum sensing is one of the most important components of CR systems because it provides awareness of its operating environment, as well as detecting the presence of primary (licensed) users of the spectrum.

A Study Of Information Security Awareness Program Effectiveness In Predicting End-User Security Behavior, James Michael Banfield

Master's Theses and Doctoral Dissertations

As accessibility to data increases, so does the need to increase security. For organizations of all sizes, information security (IS) has become paramount due to the increased use of the Internet. Corporate data are transmitted ubiquitously over wireless networks and have increased exponentially with cloud computing and growing end-user demand. Both technological and human strategies must be employed in the development of an information security awareness (ISA) program. By creating a positive culture that promotes desired security behavior through appropriate technology, security policies, and an understanding of human motivations, ISA programs have been the norm for organizational end-user risk mitigation …

Practical Application Of Fast Disk Analysis For Selective Data Acquisition, Sergey Gorbov

University of New Orleans Theses and Dissertations

Using a forensic imager to produce a copy of the storage is a common practice. Due to the large volumes of the modern disks, the imaging may impose severe time overhead which ultimately delays the investigation process. We proposed automated disk analysis techniques that precisely identify regions on the disk that contain data. We also developed a high performance imager that produces AFFv3 images at rates exceeding 300MB/s. Using multiple disk analysis strategies we can analyze a disk within a few minutes and yet reduce the imaging time of by many hours. Partial AFFv3 images produced by our imager can …

Knowledge Modeling Of Phishing Emails, Courtney Falk

Open Access Dissertations

This dissertation investigates whether or not malicious phishing emails are detected better when a meaningful representation of the email bodies is available. The natural language processing theory of Ontological Semantics Technology is used for its ability to model the knowledge representation present in the email messages. Known good and phishing emails were analyzed and their meaning representations fed into machine learning binary classifiers. Unigram language models of the same emails were used as a baseline for comparing the performance of the meaningful data. The end results show how a binary classifier trained on meaningful data is better at detecting phishing …

Pdroid, Joe Larry Allen

Masters Theses

When an end user attempts to download an app on the Google Play Store they receive two related items that can be used to assess the potential threats of an application, the list of permissions used by the application and the textual description of the application. However, this raises several concerns. First, applications tend to use more permissions than they need and end users are not tech-savvy enough to fully understand the security risks. Therefore, it is challenging to assess the threats of an application fully by only seeing the permissions. On the other hand, most textual descriptions do not …

VigenèRe Score For Malware Detection, Suchita Deshmukh

Master's Projects

Previous research has applied classic cryptanalytic techniques to the malware detection problem. Speci cally, scores based on simple substitution cipher cryptanal- ysis and various generalizations have been considered. In this research, we analyze two new malware scoring techniques based on classic cryptanalysis. Our rst ap- proach relies on the Index of Coincidence, which is used, for example, to determine the length of the keyword in a Vigenère ciphertext. We also consider a score based on a more complete cryptanalysis of a Vigenère cipher. We nd that the Vigenère score is competitive with previous statistical-based malware scores.

Image Spam Analysis, Annapurna Sowmya Annadatha

Master's Projects

Image spam is unsolicited bulk email, where the message is embedded in an image. This technique is used to evade text-based spam lters. In this research, we analyze and compare two novel approaches for detecting spam images. Our rst approach focuses on the extraction of a broad set of image features and selection of an optimal subset using a Support Vector Machine (SVM). Our second approach is based on Principal Component Analysis (PCA), where we determine eigenvectors for a set of spam images and compute scores by projecting images onto the resulting eigenspace. Both approaches provide high accuracy with low …

Static And Dynamic Analysis For Android Malware Detection, Ankita Kapratwar

Master's Projects

Static analysis relies on features extracted without executing code, while dynamic analysis extracts features based on code execution (or emulation). In general, static analysis is more e cient, while static analysis is often more informative, particularly in cases of highly obfuscated code. Static analysis of an Android application can rely on features extracted from the manifest le or the Java bytecode, while dynamic analysis of Android applications can deal with features involving dynamic code loading and system calls that are collected while the application is running. In this research, we analyzed the e ectiveness of combining static and dynamic features …

Defeating N-Gram Scores For Http Attack Detection, Samyuktha Sridharan

Master's Projects

Web applications that generate malicious HTTP requests provide a platform that attackers use to exploit vulnerable machines. Such malicious traffic should be identified by network intrusion detection systems, based on traffic analysis. Previous research has shown that n-gram techniques can be successfully applied to detect HTTP attacks. In this research, we analyze the robustness of these n-gram techniques. We show that n-gram scores are surprisingly robust, but can be defeated using certain obfuscation strategies. We also consider the need for a more costlier HMM-based intrusion detection system.

Cayley Graphs Of Semigroups And Applications To Hashing, Bianca Sosnovski

Dissertations, Theses, and Capstone Projects

In 1994, Tillich and Zemor proposed a scheme for a family of hash functions that uses products of matrices in groups of the form $SL_2(F_{2^n})$. In 2009, Grassl et al. developed an attack to obtain collisions for palindromic bit strings by exploring a connection between the Tillich-Zemor functions and maximal length chains in the Euclidean algorithm for polynomials over $F_2$.

In this work, we present a new proposal for hash functions based on Cayley graphs of semigroups. In our proposed hash function, the noncommutative semigroup of linear functions under composition is considered as platform for the scheme. We will also …

Raspberry Pi Vpn Travel Router, Daniel S. Pierson

Computer Science and Software Engineering

Consumers are increasingly relying on public wireless hotspots to access the internet from a growing number of devices. Usage of these hotspots has expanded from just laptops to everything from iPhones to tablets, which are expected to be internet-connected for full functionality. It has become common for one to check if there’s an open wireless hotspot connection available at places like coffee shops, hotels, restaurants, or even a doctor’s waiting room. The issue that arises is that these public connections present an inherent security risk, as anyone can connect and gain access to the network. For increased security, the use …

Categorizing Blog Spam, Brandon Bevans

Master's Theses

The internet has matured into the focal point of our era. Its ecosystem is vast, complex, and in many regards unaccounted for. One of the most prevalent aspects of the internet is spam. Similar to the rest of the internet, spam has evolved from simply meaning ‘unwanted emails’ to a blanket term that encompasses any unsolicited or illegitimate content that appears in the wide range of media that exists on the internet.

Many forms of spam permeate the internet, and spam architects continue to develop tools and methods to avoid detection. On the other side, cyber security engineers continue to …

Packet Filter Approach To Detect Denial Of Service Attacks, Essa Yahya M Muharish

Electronic Theses, Projects, and Dissertations

Denial of service attacks (DoS) are a common threat to many online services. These attacks aim to overcome the availability of an online service with massive traffic from multiple sources. By spoofing legitimate users, an attacker floods a target system with a high quantity of packets or connections to crash its network resources, bandwidth, equipment, or servers. Packet filtering methods are the most known way to prevent these attacks via identifying and blocking the spoofed attack from reaching its target. In this project, the extent of the DoS attacks problem and attempts to prevent it are explored. The attacks categories …

Library Writers Reward Project, Saravana Kumar Gajendran

Master's Projects

Open-source library development exploits the distributed intelligence of participants in Internet communities. Nowadays, contribution to the open-source community is fading [16] (Stackalytics, 2016) as there is not much recognition for library writers. They can start exploring ways to generate revenue as they actively contribute to the open-source community.

This project helps library writers to generate revenue in the form of bitcoins for their contribution. Our solution to generate revenue for library writers is to integrate bitcoin mining with existing JavaScript libraries, such as jQuery. More use of the library leads to more revenue for the library writers. It uses the …