Information Security Commons^™

From The Editors, Carole L. Hollingsworth, Michael E. Whitman, Herbert J. Mattord

Journal of Cybersecurity Education, Research and Practice

Welcome to the Fall 2018 issue of the Journal of Cybersecurity Education, Research, and Practice (JCERP). On behalf of the editorial team, we thank you for taking the time to read this issue and strongly encourage you to submit an article for consideration in an upcoming edition.

Forensic Analysis Of A Crash-Damaged Cheerson Cx-20 Auto Pathfinder Drone, Ian N. Mcateer, Peter Hannay, Muhammad I. Malik, Zubair Baig

Journal of Digital Forensics, Security and Law

Long gone are the days when Unmanned Aerial Vehicles (UAVs) and drones (multirotor UAVs) were the exclusive domain of the military for surveillance or tactical strike purposes. For relatively little money mainly due to high-tech progression in microprocessor design, anyone can now purchase a drone with GNSS-tracking capabilities and can support a live high-resolution video feed to its flight controller. The global population of drones has sky- rocketed in recent years as this new technology has been embraced for both its recreational and commercial applications. However, the more nefarious members of society have also recognized the potential for using drones …

Masthead

Journal of Digital Forensics, Security and Law

No abstract provided.

Cover

Journal of Digital Forensics, Security and Law

No abstract provided.

Front Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Back Matter

Journal of Digital Forensics, Security and Law

No abstract provided.

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Russia Today, Cyberterrorists Tomorrow: U.S. Failure To Prepare Democracy For Cyberspace, Jonathan F. Lancelot

Journal of Digital Forensics, Security and Law

This paper is designed to expose vulnerabilities within the US electoral system, the use of cyberspace to exploit weaknesses within the information assurance strategies of the democratic and republican party organizations, and deficiencies within the social media communications and voting machine exploits. A brief history of discriminatory practices in voting rights and voting access will be set as the foundation for the argument that the system is vulnerable in the cyber age, and the need for reform at the local, state and national levels will be emphasized. The possibility of a foreign nation-state influencing the outcome of an election by …

Using A Game To Improve Phishing Awareness, Patrickson Weanquoi, Jaris Johnson, Jinghua Zhang

Journal of Cybersecurity Education, Research and Practice

Cybersecurity education has become increasingly critical as we spend more of our everyday lives online. Research shows that college students are mostly unaware of the many online dangers. To teach students about cybersecurity using their preferred medium, gaming, we developed an educational 2D game called “Bird’s Life” that aims to teach college students, as well as general interest individuals, about phishing. Players will come to understand phishing attacks and how to avoid them in real-world scenarios through a fun gaming context. The game can be deployed to multiple platforms such as PC, web, and mobile devices. To measure the effect …

Using Case Studies To Teach Cybersecurity Courses, Yu Cai

Journal of Cybersecurity Education, Research and Practice

This paper introduces a holistic and case-analysis teaching model by integrating case studies into cybersecurity courses. The proposed model starts by analyzing real-world cyber breaches. Students look into the details of these attacks and learn how these attacks took place from the beginning to the end. During the process of case analysis, a list of security topics reflecting different aspects of these breaches is introduced. Through guided in-class discussion and hands-on lab assignments, student learning in lecture will be reinforced. Overall, the entire cybersecurity course is driven by case studies. The proposed model is great for teaching cybersecurity. First, the …

An Examination Of Cybersecurity Knowledge Transfer: Teaching, Research, And Website Security At U.S. Colleges And Universities, Aditya Gupta, James R. Wolf

Journal of Cybersecurity Education, Research and Practice

This work seeks to answer the question: Does faculty cybersecurity knowledge gained from teaching and research transfer to other IT units in the university? Specifically, do colleges and universities that excel in cybersecurity teaching and research have more secure websites? This work explores a unique setting where the knowledge of the source and recipient are both directly related and observable without outside intervention. Our study employed data from 591 U.S. colleges and universities, the National Centers of Academic Excellence (CAE) program, accepted paper data from the ACM Conference on Computer and Communications Security (CCS) and the IEEE Symposium on Security …

Assessment Of Two Pedagogical Tools For Cybersecurity Education, Pranita Deshpande

University of New Orleans Theses and Dissertations

Cybersecurity is an important strategic areas of computer science, and a difficult discipline to teach effectively. To enhance and provide effective teaching and meaningful learning, we develop and assess two pedagogical tools: Peer instruction, and Concept Maps. Peer instruction teaching methodology has shown promising results in core computer science courses by reducing failure rates and improving student retention in computer science major. Concept maps are well-known technique for improving student-learning experience in class. This thesis document presents the results of implementing and evaluating the peer instruction in a semester-long cybersecurity course, i.e., introduction to computer security. Development and evaluation of …

Leveraging Relocations In Elf-Binaries For Linux Kernel Version Identification, Manish Bhatt

University of New Orleans Theses and Dissertations

In this paper, we present a working research prototype codeid-elf for ELF binaries based on its Windows counterpart codeid, which can identify kernels through relocation entries extracted from the binaries. We show that relocation-based signatures are unique and distinct and thus, can be used to accurately determine Linux kernel versions and derandomize the base address of the kernel in memory (when kernel Address Space Layout Randomization is enabled). We evaluate the effectiveness of codeid-elf on a subset of Linux kernels and find that the relocations in kernel code have nearly 100\% code coverage and low similarity (uniqueness) across various kernels. …

Table Of Contents

Journal of Digital Forensics, Security and Law

No abstract provided.

Secured Data Masking Framework And Technique For Preserving Privacy In A Business Intelligence Analytics Platform, Osama Ali

Electronic Thesis and Dissertation Repository

The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, …

Intra-Exchange Cryptocurrency Arbitrage Bot, Eric Han

Master's Projects

Cryptocurrencies are defined as a digital currency in which encryption techniques are utilized to regulate generation of units of currency and verify the transfer of funds, independent of a central governing body such as a bank. Due to the large number of cryptocurrencies currently available, there inherently exists many price discrepancies due to market inefficiencies. Market inefficiencies occur when the price of assets do not reflect their true value. In fact, these types of pricing discrepancies exist in other financial markets, including fiat currency exchanges and stock exchanges. However, these discrepancies are more significant in the cryptocurrency domain due to …

Black Networks In Smart Cities, Shaibal Chakrabarty

Computer Science and Engineering Theses and Dissertations

In this dissertation, we present the Black Networks solution to protect both the data and the metadata for mobile ad-hoc Internet of Things (IoT) networks in Smart Cities. IoT networks are gaining popularity with billions of deployed nodes, and increasingly carrying mission-critical data, whose compromise can lead to catastrophic consequences. IoT nodes are resource-constrained and often exist within insecure environments, making them vulnerable to a broad range of active and passive attacks. Black IoT networks are designed to mitigate multiple communication-based attacks by encrypting the data and the metadata, within a communication frame or packet, while remaining compatible with the …

Gradubique: An Academic Transcript Database Using Blockchain Architecture, Thinh Nguyen

Master's Projects

Blockchain has been widely adopted in the last few years even though it is in its infancy. The first well-known application built on blockchain technology was Bitcoin, which is a decentralized and distributed ledger to record crypto-currency transactions. All of the transactions in Bitcoin are anonymously transferred and validated by participants in the network. Bitcoin protocol and its operations are so reliable that technologists have been inspired to enhance blockchain technologies and deploy it outside of the crypto-currency world. The demand for private and non-crypto-currency solutions have surged among consortiums because of the security and fault tolerant features of blockchain. …

Paul Baran, Network Theory, And The Past, Present, And Future Of Internet, Christopher S. Yoo

All Faculty Scholarship

Paul Baran’s seminal 1964 article “On Distributed Communications Networks” that first proposed packet switching also advanced an underappreciated vision of network architecture: a lattice-like, distributed network, in which each node of the Internet would be homogeneous and equal in status to all other nodes. Scholars who have subsequently embraced the concept of a lattice-like network approach have largely overlooked the extent to which it is both inconsistent with network theory (associated with the work of Duncan Watts and Albert-László Barabási), which emphasizes the importance of short cuts and hubs in enabling networks to scale, and the actual way, the Internet …

Evaluating An Educational Cybersecurity Playable Case Study, Tanner West Johnson

Theses and Dissertations

The realities of cyberattacks have become more and more prevalent in the world today. Due to the growing number of these attacks, the need for highly trained individuals has also increased. Because of a shortage of qualified candidates for these positions, there is an increasing need for cybersecurity education within high schools and universities. In this thesis, I discuss the development and evaluation of Cybermatics, an educational simulation, or playable case study, designed to help students learn and develop skills within the cybersecurity discipline.

This playable case study was designed to allow students to gain an understanding of the field …

Designing Cybersecurity Competitions In The Cloud: A Framework And Feasibility Study, Chandler Ryan Newby

Theses and Dissertations

Cybersecurity is an ever-expanding field. In order to stay current, training, development, and constant learning are necessary. One of these training methods has historically been competitions. Cybersecurity competitions provide a method for competitors to experience firsthand cybersecurity concepts and situations. These experiences can help build interest in, and improve skills in, cybersecurity.

While there are diverse types of cybersecurity competitions, most are run with on-premise hardware, often centralized at a specific location, and are usually limited in scope by available hardware. This research focuses on the possibility of running cybersecurity competitions, specifically CCDC style competitions, in a public cloud environment. …

User Attitudes About Duo Two-Factor Authentication At Byu, Jonathan Dutson

Undergraduate Honors Theses

Simple password-based authentication provides insufficient protection against increasingly common incidents of online identity theft and data loss. Although two-factor authentication (2FA) provides users with increased protection against attackers, users have mixed feelings about the usability of 2FA. We surveyed the students, faculty, and staff of Brigham Young University (BYU) to measure user sentiment about DUO Security, the 2FA system adopted by BYU in 2017. We find that most users consider DUO to be annoying, and about half of those surveyed expressed a preference for authentication without using a second-factor. About half of all participants reported at least one instance of …

Facepet: Enhancing Bystanders' Facial Privacy With Smart Wearables/Internet Of Things, Alfredo J. Perez, Sherali Zeadally, Luis Y. Matos Garcia, Jaouad A. Mouloud, Scott Griffith

Information Science Faculty Publications

Given the availability of cameras in mobile phones, drones and Internet-connected devices, facial privacy has become an area of major interest in the last few years, especially when photos are captured and can be used to identify bystanders’ faces who may have not given consent for these photos to be taken and be identified. Some solutions to protect facial privacy in photos currently exist. However, many of these solutions do not give a choice to bystanders because they rely on algorithms that de-identify photos or protocols to deactivate devices and systems not controlled by bystanders, thereby being dependent on the …

Project Renew Worcester, Danni Yue, Amy Zhang, Jing Han, Omid Ashrafi, Yiming Xu

School of Professional Studies

n The client for this capstone project is RENEW Worcester which is a fledgling solar power project whose main goals are to bring renewable energy in the form of solar power into local, primarily low-income communities and are committed to the mission of making the transition off of fossil fuels to clean, renewable power. Based in Worcester, Massachusetts, they are a local chapter of Co-op Power which is a consumer-owned sustainable energy cooperative (co-op) made up of numerous different local chapters all over the New England area as well as the state of New York. The problem that we will …

Revolution In Crime: How Cryptocurrencies Have Changed The Criminal Landscape, Igor Groysman

Student Theses

This thesis will examine the ways in which various cryptocurrencies have impacted certain traditional crimes. While crime is always evolving with technology, cryptocurrencies are a game changer in that they provide anonymous and decentralized payment systems which, while they can be tracked in a reactive sense via the blockchain, are seen by criminals as having better uses for them than traditional fiat currencies, such as the ability to send money relatively fast to another party without going through an intermediary, or the ability to obscure the origin of the money for money laundering purposes. Every week there are new cryptocurrencies …

Learning-Based Analysis On The Exploitability Of Security Vulnerabilities, Adam Bliss

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to develop a tool that uses machine learning techniques to make predictions about whether or not a given vulnerability will be exploited. Such a tool could help organizations such as electric utilities to prioritize their security patching operations. Three different models, based on a deep neural network, a random forest, and a support vector machine respectively, are designed and implemented. Training data for these models is compiled from a variety of sources, including the National Vulnerability Database published by NIST and the Exploit Database published by Offensive Security. Extensive experiments are conducted, including testing …

Strong Mutation-Based Test Generation Of Xacml Policies, Roshan Shrestha

Boise State University Theses and Dissertations

There exist various testing methods for XACML policies which vary in their overall fault detection ability and none of them can detect all the (killable) injected faults except for the simple policies. Further, it is unclear that what is essential for the fault detection of XACML policies. To address these issues, we formalized the fault detection conditions in the well-studied fault model of XACML policies so that it becomes clear what is essential for the fault detection. We formalized fault detection conditions in the form of reachability, necessity and propagation constraint. We, then, exploit these constraints to generate a mutation-based …

Towards Enhanced Security For Automotive Operating Systems, Maksym Hryhorenko

Theses and Dissertations

Modern automotive infotainment systems are represented by highly complex components with broad functionality and network capabilities. As a result, they are becoming more exposed to the outer world, thus turning into potentially lucrative targets for remote cyber attacks. In the worst case scenario, an attacker could gain complete control over critical vehicle’s systems, for instance, steering, braking, engine, etc. This thesis proposes security hardening features based on ARM’s TrustZone technology for infotainment systems that ensures confidentiality and integrity of critical applications. In addition, we present a technique that allows to mitigate the impact of certain attacks on the car’s internal …

The Role Of Information Communication Technologies (Icts) In Shaping Identity Threats And Responses, Mary Macharia

Graduate Theses and Dissertations

With the rising use of social media, people are increasingly experiencing, and responding to, identity threats online. This sometimes leads to online backlash via “cybermobs” or the creation of online social movements that traverse offline. Prior information systems (IS) research on identity threats and responses largely focuses on information communication technology (ICT) implementations within organizations in an offline context. Therefore, we lack understanding of ICT-mediated identity threats and responses and ways to promote healthier and productive interactions online. This two-essay dissertation seeks to fill this gap. Essay 1 combines a review of ICT-mediated identity threats with a qualitative study (based …

Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang

Research Collection School Of Computing and Information Systems

Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive …