Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

1658 Full-Text Articles 2004 Authors 521693 Downloads 95 Institutions

All Articles in Information Security

Faceted Search

1658 full-text articles. Page 1 of 64.

Vkse-Mo: Verifiable Keyword Search Over Encrypted Data In Multi-Owner Settings, Yinbin MIAO, Jianfeng MA, Ximeng LIU, Junwei ZHANG, Zhiquan LIU 2017 Xidian University

Vkse-Mo: Verifiable Keyword Search Over Encrypted Data In Multi-Owner Settings, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Junwei Zhang, Zhiquan Liu

Research Collection School Of Information Systems

Searchable encryption (SE) techniques allow cloud clients to easily store data and search encrypted data in a privacy-preserving manner, where most of SE schemes treat the cloud server as honest-but-curious. However, in practice, the cloud server is a semi-honest-but-curious third-party, which only executes a fraction of search operations and returns a fraction of false search results to save its computational and bandwidth resources. Thus, it is important to provide a results verification method to guarantee the correctness of the search results. Existing SE schemes allow multiple data owners to upload different records to the cloud server, but these schemes have ...


Secure Server-Aided Top-K Monitoring, Yujue WANG, Hwee Hwa PANG, Yanjiang YANG, Xuhua DING 2017 Singapore Management University

Secure Server-Aided Top-K Monitoring, Yujue Wang, Hwee Hwa Pang, Yanjiang Yang, Xuhua Ding

Research Collection School Of Information Systems

In a data streaming model, a data owner releases records or documents to a set of users with matching interests, in such a way that the match in interest can be calculated from the correlation between each pair of document and user query. For scalability and availability reasons, this calculation is delegated to third-party servers, which gives rise to the need to protect the integrity and privacy of the documents and user queries. In this paper, we propose a server-aided data stream monitoring scheme (DSM) to address the aforementioned integrity and privacy challenges, so that the users are able to ...


Security Of The Internet Of Things (Iot), Tyler Williams, Jordan Frantsvog, Saeed Almalki 2017 Murray State University

Security Of The Internet Of Things (Iot), Tyler Williams, Jordan Frantsvog, Saeed Almalki

Posters-at-the-Capitol

The rapidly adopted idea of everyday devices being interconnected and being controllable from across the globe has come to be known as the Internet of Things (IoT). In every home or business there are now connected devices such as lights, locks, thermostats, and even medical devices which have created a much larger attack surface for every network and could increase the possibility of serious damage if they are compromised. Connected devices are even found in hospitals, power plants, and other secure facilities. Safety and security of networks are imperative not only for secure military installations or infrastructure sites, but also ...


Uncovering User-Triggered Privacy Leaks In Mobile Applications And Their Utility In Privacy Protection, Joo Keng Joseph CHAN 2017 Singapore Management University

Uncovering User-Triggered Privacy Leaks In Mobile Applications And Their Utility In Privacy Protection, Joo Keng Joseph Chan

Dissertations and Theses Collection

Mobile applications are increasingly popular, and help mobile users in many aspects of their lifestyle. Applications have access to a wealth of information about the user through powerful developer APIs. It is known that most applications, even popular and highly regarded ones, utilize and leak privacy data to the network. It is also common for applications to over-access privacy data that does not fit the functionality profile of the application. Although there are available privacy detection tools, they might not provide sufficient context to help users better understand the privacy behaviours of their applications. In this dissertation, I present the ...


Towards A Development Of A Social Engineering Exposure Index (Sexi) Using Publicly Available Personal Information, W. Shawn Wilkerson, Yair Levy, James Richard Kiper, Martha Snyder 2017 College of Engineering and Computing, Nova Southeastern University

Towards A Development Of A Social Engineering Exposure Index (Sexi) Using Publicly Available Personal Information, W. Shawn Wilkerson, Yair Levy, James Richard Kiper, Martha Snyder

KSU Proceedings on Cybersecurity Education, Research and Practice

Millions of people willingly expose their lives via Internet technologies every day, and even those who stay off the Internet find themselves exposed through data breaches. Trillions of private information records flow through the Internet. Marketers gather personal preferences to coerce shopping behavior, while providers gather personal information to provide enhanced services. Few users have considered where their information is going or who has access to it. Even fewer are aware of how decisions made in their own lives expose significant pieces of information, which can be used to harm the very organizations they are affiliated with by cyber attackers ...


A Comparison Of Personal Social Media Risk Perceptions Between Undergraduate Students And Human Resource Professionals, Julio C. Rivera, Jack Howard, Samuel Goh, James Worrell, Paul Di Gangi 2017 University of Alabama, Birmingham

A Comparison Of Personal Social Media Risk Perceptions Between Undergraduate Students And Human Resource Professionals, Julio C. Rivera, Jack Howard, Samuel Goh, James Worrell, Paul Di Gangi

KSU Proceedings on Cybersecurity Education, Research and Practice

This study contrasts the social media risk perceptions of undergraduate students, versus those of certified Human Resource professionals. Social media is widely used by most segments of the population, and particularly among the age group that includes most undergraduate students. Organizations hiring employees are increasingly examining job applicant's social media postings as part of the applicant screening process. In this study we examine how these groups differ in their perceptions of the risks inherent in using social media, and what these differences may mean for students seeking employment. Recommendations are made for raising undergraduate student awareness of these risks.


Experiments With Applying Artificial Immune System In Network Attack Detection, Alexis Cooper 2017 North Carolina A & T State University

Experiments With Applying Artificial Immune System In Network Attack Detection, Alexis Cooper

KSU Proceedings on Cybersecurity Education, Research and Practice

The assurance of security within a network is difficult due to the variations of attacks. This research conducts various experiments to implement an Artificial Immune System based Intrusion Detection System to identify intrusions using the Negative Selection Algorithm. This research explores the implementation of an Artificial Immune System opposed to the industry standard of machine learning. Various experiments were conducted to identify a method to separate data to avoid false-positive results. The use of an Artificial Immune System requires a self and nonself classification to determine if an intrusion is present within the network. The results of an Artificial Immune ...


Reducing Human Error In Cyber Security Using The Human Factors Analysis Classification System (Hfacs)., Tommy Pollock 2017 Kennesaw State University

Reducing Human Error In Cyber Security Using The Human Factors Analysis Classification System (Hfacs)., Tommy Pollock

KSU Proceedings on Cybersecurity Education, Research and Practice

For several decades, researchers have stated that human error is a significant cause of information security breaches, yet it still remains to be a major issue today. Quantifying the effects of security incidents is often a difficult task because studies often understate or overstate the costs involved. Human error has always been a cause of failure in many industries and professions that is overlooked or ignored as an inevitability. The problem with human error is further exacerbated by the fact that the systems that are set up to keep networks secure are managed by humans. There are several causes of ...


A Developmental Study On Assessing The Cybersecurity Competency Of Organizational Information System Users, Richard Nilsen, Yair Levy, Steven Terrell, Dawn Beyer 2017 Nova Southeastern University

A Developmental Study On Assessing The Cybersecurity Competency Of Organizational Information System Users, Richard Nilsen, Yair Levy, Steven Terrell, Dawn Beyer

KSU Proceedings on Cybersecurity Education, Research and Practice

Organizational information system users (OISUs) that are open to cyber threats vectors are contributing to major financial and information losses for individuals, businesses, and governments. Moreover, technical cybersecurity controls may be rendered useless due to a lack of cybersecurity competency of OISUs. The main goal of this research study was to propose and validate, using subject matter experts (SMEs), a reliable hands-on assessment prototype tool for measuring the knowledge, skills, and abilities (KSAs) that comprise the cybersecurity competency of an OISU. Primarily using the Delphi methodology, this study implemented four phases of data collection using cybersecurity SMEs for proposing and ...


Voice Hacking Proof Of Concept: Using Smartphones To Spread Ransomware To Traditional Pcs, Leonardo I. Mazuran, Bryson R. Payne, Tamirat T. Abegaz 2017 University of North Georgia

Voice Hacking Proof Of Concept: Using Smartphones To Spread Ransomware To Traditional Pcs, Leonardo I. Mazuran, Bryson R. Payne, Tamirat T. Abegaz

KSU Proceedings on Cybersecurity Education, Research and Practice

This paper presents a working proof of concept that demonstrates the ability to deploy a sequence of hacks, triggered by speaking a smartphone command, to launch ransomware and other destructive attacks against vulnerable Windows computers on any wireless network the phone connects to after the voice command is issued. Specifically, a spoken, broadcast, or pre-recorded voice command directs vulnerable Android smartphones or tablets to a malicious download page that compromises the Android device and uses it as a proxy to run software designed to scan the Android device’s local area network for Windows computers vulnerable to the EternalBlue exploit ...


Security Device Roles, Vabrice Wilder 2017 Kennesaw State University

Security Device Roles, Vabrice Wilder

KSU Proceedings on Cybersecurity Education, Research and Practice

“An abstract of this article was published in the proceedings of the Conference on Cybersecurity Education, Research & Practice, 2017”. Communication has evolved since the beginning of mankind from smoke signals to drones to now the internet. In a world filled with technology the security of one’s device is not to be taken for granted. A series of research was done in order to gather details about network devices that can aid in the protection of one’s information while being transferred through the internet. The findings included but not limited to, switches, the seven layers of OSI, routers, firewalls ...


"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Secuity Awareness Campaign, Rachael Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky Jenkins 2017 Eastern Michigan University

"Think Before You Click. Post. Type." Lessons Learned From Our University Cyber Secuity Awareness Campaign, Rachael Innocenzi, Kaylee Brown, Peggy Liggit, Samir Tout, Andrea Tanner, Theodore Coutilish, Rocky Jenkins

KSU Proceedings on Cybersecurity Education, Research and Practice

This article discusses the lessons learned after implementing a successful university-wide cyber security campaign. The Cyber Security Awareness Committee (CyberSAC), a group comprised of diverse units across campus, collaborated together on resources, talent, people, equipment, technology, and assessment practices to meet strategic goals for cyber safety and education. The project involves assessing student learning and behavior changes after participating in a Cyber Security Password Awareness event that was run as a year-long campaign targeting undergraduate students. The results have implications for planning and implementing university-wide initiatives in the field of cyber security, and more broadly, higher education at large.


Ssetgami: Secure Software Education Through Gamification, Hector Suarez, Hooper Kincannon, Li Yang 2017 University of Tennessee at Chattanooga

Ssetgami: Secure Software Education Through Gamification, Hector Suarez, Hooper Kincannon, Li Yang

KSU Proceedings on Cybersecurity Education, Research and Practice

Since web browsers have become essential to accomplishing everyday tasks, developing secure web applications has become a priority in order to protect user data, corporate databases and critical infrastructure against cyber-crimes . This research presents a game-like (gamification) approach to teach key concepts and skills on how to develop secure web applications. Gamification draws on motivational models, one of psychological theories. Gamification design has great potential over traditional education where we often find students demotivated and lecturers failing to engage them in learning activities. This research created game-like learning modules to teach top vulnerabilities and countermeasures for these top vulnerabilities in ...


An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili 2017 University of New Haven

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 ...


Efficient Privacy-Preserving Outsourced Computation Over Public Data, Ximeng LIU, Baodong QIN, Robert H. DENG, Yingjiu LI 2017 Singapore Management University

Efficient Privacy-Preserving Outsourced Computation Over Public Data, Ximeng Liu, Baodong Qin, Robert H. Deng, Yingjiu Li

Research Collection School Of Information Systems

In this paper, we propose a new efficient privacy preserving outsourced computation framework over public data, called EPOC. EPOC allows a user to outsource the computation of a function over multi-dimensional public data to the cloud while protecting the privacy of the function and its output. Specifically, we introduce three types of EPOC in order to tradeoff different levels of privacy protection and performance. We present a new cryptosystem called Switchable Homomorphic Encryption with Partial Decryption (SHED) as the core cryptographic primitive for EPOC.We introduce two coding techniques, called message pre-coding and message extending and coding respectively, for messages ...


Personal Data Protection Act 2012: Understanding The Consent Obligation, Man YIP 2017 Singapore Management University

Personal Data Protection Act 2012: Understanding The Consent Obligation, Man Yip

Research Collection School Of Law

The Personal Data Protection Act 20121 (“PDPA”) provides the baseline standards of protection of personal data and works in tandem with existing law to provide comprehensive protection. The birth of the legislation clearly signals Singapore’s commitment to protect the collection, use and disclosure of personal data in the age of big data and its awareness of the importance of such protection in strengthening Singapore’s position as a leading commercial hub. Significantly, the PDPA protection model balances “both the rights of individuals to protect their personal data” against “the needs of organisations to collect, use or disclose personal data ...


Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno 2017 RMIT University

Investigation Into The Formation Of Information Security Influence: Network Analysis Of An Emerging Organisation, Duy Dang-Pham, Siddhi Pittayachawan, Vince Bruno

Siddhi Pittayachawan

While prior research has been examining information security behaviours in mature environments with formal policies and practices, there is less attention paid to new or transforming environments that lack security controls. It is crucial to understand what factors affect the formation of an emerging information security environment, so that security managers can make use of the forming mechanisms to improve the security environment without relying too much on enforcement. This research adopts exponential random graph modeling to predict the occurrence of information security influence among 114 employees in a recently established construction organisation. Our empirical findings show that physically co-locating ...


Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger 2017 University of New Haven

Forensic State Acquisition From Internet Of Things (Fsaiot): A General Framework And Practical Approach For Iot Forensics Through Iot Device State Acquisition, Christopher S. Meffert, Devon R. Clark, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

IoT device forensics is a difficult problem given that manufactured IoT devices are not standardized, many store little to no historical data, and are always connected; making them extremely volatile. The goal of this paper was to address these challenges by presenting a primary account for a general framework and practical approach we term Forensic State Acquisition from Internet of Things (FSAIoT). We argue that by leveraging the acquisition of the state of IoT devices (e.g. if an IoT lock is open or locked), it becomes possible to paint a clear picture of events that have occurred. To this ...


Secure Integer Comparisons Using The Homomorphic Properties Of Prime Power Subgroups, Rhys A. Carlton 2017 The University of Western Ontario

Secure Integer Comparisons Using The Homomorphic Properties Of Prime Power Subgroups, Rhys A. Carlton

Electronic Thesis and Dissertation Repository

Secure multi party computation allows two or more parties to jointly compute a function under encryption without leaking information about their private inputs. These secure computations are vital in many fields including law enforcement, secure voting and bioinformatics because the privacy of the information is of paramount importance.

One common reference problem for secure multi party computation is the Millionaires' problem which was first introduced by Turing Award winner Yao in his paper "Protocols for secure computation". The Millionaires' problem considers two millionaires who want to know who is richer without disclosing their actual worth.

There are public-key cryptosystems that ...


Information Theoretic Study Of Gaussian Graphical Models And Their Applications, Ali Moharrer 2017 Louisiana State University and Agricultural and Mechanical College

Information Theoretic Study Of Gaussian Graphical Models And Their Applications, Ali Moharrer

LSU Doctoral Dissertations

In many problems we are dealing with characterizing a behavior of a complex stochastic system or its response to a set of particular inputs. Such problems span over several topics such as machine learning, complex networks, e.g., social or communication networks; biology, etc. Probabilistic graphical models (PGMs) are powerful tools that offer a compact modeling of complex systems. They are designed to capture the random behavior, i.e., the joint distribution of the system to the best possible accuracy. Our goal is to study certain algebraic and topological properties of a special class of graphical models, known as Gaussian ...


Digital Commons powered by bepress