Open Access. Powered by Scholars. Published by Universities.®

Information Security Commons

Open Access. Powered by Scholars. Published by Universities.®

3,574 Full-Text Articles 4,796 Authors 2,175,320 Downloads 157 Institutions

All Articles in Information Security

Faceted Search

3,574 full-text articles. Page 1 of 149.

Are You Really Muted?: A Privacy Analysis Of Mute Buttons In Video Conferencing Apps, Yucheng Yang, Jack West, George K. Thiruvathukal, Neil Klingensmith, Kassem Fawaz 2022 University of Wisconsin - Madison

Are You Really Muted?: A Privacy Analysis Of Mute Buttons In Video Conferencing Apps, Yucheng Yang, Jack West, George K. Thiruvathukal, Neil Klingensmith, Kassem Fawaz

Computer Science: Faculty Publications and Other Works

In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the mute ...


Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha 2022 Umm Al-Qura University, Saudi Arabia

Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha

Journal of the Arab American University مجلة الجامعة العربية الامريكية للبحوث

In the digital age, internet users are exposed to privacy issues online. Few rarely know when someone else is eavesdropping or about to scam them. Companies, governments, and individual internet users are all vulnerable to security breaches due to the challenges of online privacy ranging from trust and hierarchical control to financial losses. As systems advance, people are optimistic that forensic science will provide long-term interventions that surpass the current solutions, including setting stronger passwords and firewall protection. The future of online privacy is changing, and more practical interventions, such as email, malware, mobile, and network forensics, must be integrated ...


Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs 2022 University of Nebraska at Omaha

Using Graph Theoretical Methods And Traceroute To Visually Represent Hidden Networks, Jordan M. Sahs

Student Research and Creative Activity Fair

Within the scope of a Wide Area Network (WAN), a large geographical communication network in which a collection of networking devices communicate data to each other, an example being the spanning communication network, known as the Internet, around continents. Within WANs exists a collection of Routers that transfer network packets to other devices. An issue pertinent to WANs is their immeasurable size and density, as we are not sure of the amount, or the scope, of all the devices that exists within the network. By tracing the routes and transits of data that traverses within the WAN, we can identify ...


Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche 2022 Dartmouth College

Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche

Dartmouth College Undergraduate Theses

When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to ...


A Study On Privacy Of Iot Devices Among A Sample Of Indians In The U.S- 2021, Sahana Prasad Dr, Sharanya Prasad Ms, Vijith Raghavendra, Srishma Sunku 2022 CHRIST

A Study On Privacy Of Iot Devices Among A Sample Of Indians In The U.S- 2021, Sahana Prasad Dr, Sharanya Prasad Ms, Vijith Raghavendra, Srishma Sunku

International Journal of Computer Science and Informatics

The Internet of Things (IoT) has gained immense popularity over the last decade with wide-ranging applications in domains of medicine, science, military as well as domestic use. Despite its tremendous growth, privacy concerns plague IoT applications and have the potential to hamper the benefits derived from its usage. This paper carries out a statistical analysis of empirical data collected from users of IoT to assess the level of awareness among users of IoT. The mode of study was through a questionnaire sent through Google forms to a selection of Indians living across the U.S. The place was chosen as ...


Information Provenance For Mobile Health Data, Taylor A. Hardin 2022 Dartmouth College

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained ...


Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa 2022 St. Mary's University School of Law

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the ...


Active Learning With Cybersecurity, Carole Shook 2022 University of Arkansas, Fayetteville

Active Learning With Cybersecurity, Carole Shook

Publications and Presentations

A global campus grant was obtained in Spring 2020 to develop modules for Cybersecurity. This presentation encompasses the use of Cyberciege and case studies that require active learning of students.


Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa McKee 2022 Dakota State University

Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa Mckee

Masters Theses & Doctoral Dissertations

Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be ...


Establishing Trust In Vehicle-To-Vehicle Coordination: A Sensor Fusion Approach, Jakob Veselsky, Jack West, Isaac Ahlgren, George K. Thiruvathukal, Neil Klingensmith, Abhinav Goel, Wenxin Jiang, James C. Davis, Kyuin Lee, Younghyun Kim 2022 Loyola University Chicago

Establishing Trust In Vehicle-To-Vehicle Coordination: A Sensor Fusion Approach, Jakob Veselsky, Jack West, Isaac Ahlgren, George K. Thiruvathukal, Neil Klingensmith, Abhinav Goel, Wenxin Jiang, James C. Davis, Kyuin Lee, Younghyun Kim

Computer Science: Faculty Publications and Other Works

Autonomous vehicles (AVs) use diverse sensors to understand their surroundings as they continually make safety- critical decisions. However, establishing trust with other AVs is a key prerequisite because safety-critical decisions cannot be made based on data shared from untrusted sources. Existing protocols require an infrastructure network connection and a third-party root of trust to establish a secure channel, which are not always available.

In this paper, we propose a sensor-fusion approach for mobile trust establishment, which combines GPS and visual data. The combined data forms evidence that one vehicle is nearby another, which is a strong indication that it is ...


Protecting Systems From Exploits Using Language-Theoretic Security, Prashant Anantharaman 2022 Dartmouth College

Protecting Systems From Exploits Using Language-Theoretic Security, Prashant Anantharaman

Dartmouth College Ph.D Dissertations

Any computer program processing input from the user or network must validate the input. Input-handling vulnerabilities occur in programs when the software component responsible for filtering malicious input---the parser---does not perform validation adequately. Consequently, parsers are among the most targeted components since they defend the rest of the program from malicious input. This thesis adopts the Language-Theoretic Security (LangSec) principle to understand what tools and research are needed to prevent exploits that target parsers. LangSec proposes specifying the syntactic structure of the input format as a formal grammar. We then build a recognizer for this formal grammar to validate any ...


A Machine Learning Approach For Reconnaissance Detection To Enhance Network Security, Rachel Bakaletz 2022 East Tennessee State University

A Machine Learning Approach For Reconnaissance Detection To Enhance Network Security, Rachel Bakaletz

Electronic Theses and Dissertations

Before cyber-crime can happen, attackers must research the targeted organization to collect vital information about the target and pave the way for the subsequent attack phases. This cyber-attack phase is called reconnaissance or enumeration. This malicious phase allows attackers to discover information about a target to be leveraged and used in an exploit. Information such as the version of the operating system and installed applications, open ports can be detected using various tools during the reconnaissance phase. By knowing such information cyber attackers can exploit vulnerabilities that are often unique to a specific version.

In this work, we develop an ...


Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen 2022 University of Arkansas, Fayetteville

Demonstration Of Cyberattacks And Mitigation Of Vulnerabilities In A Webserver Interface For A Cybersecure Power Router, Benjamin Allen

Computer Science and Computer Engineering Undergraduate Honors Theses

Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization ...


A Dark Web Pharma Framework For A More Efficient Investigation Of Dark Web Covid-19 Vaccine Products., Francisca Afua Opoku-Boateng 2022 Dakota State University

A Dark Web Pharma Framework For A More Efficient Investigation Of Dark Web Covid-19 Vaccine Products., Francisca Afua Opoku-Boateng

Masters Theses & Doctoral Dissertations

Globally, as the COVID-19 pandemic persists, it has not just imposed a significant impact on the general well-being of individuals, exposing them to unprecedented financial hardships and online information deception. However, it has also forced consumers, buyers, and suppliers to look toward a darkened economic world – the Dark Web world – a sinister complement to the internet, driven by financial gains, where illegal goods and services are advertised sold. As the Dark Web gains an increase in recognition by normal web users during this pandemic, how to perform cybercrime investigations on the Dark Web becomes challenging for manufacturers, investigators, and law ...


Analysis Of Gpu Memory Vulnerabilities, Jarrett Hoover 2022 University of Arkansas, Fayetteville

Analysis Of Gpu Memory Vulnerabilities, Jarrett Hoover

Computer Science and Computer Engineering Undergraduate Honors Theses

Graphics processing units (GPUs) have become a widely used technology for various purposes. While their intended use is accelerating graphics rendering, their parallel computing capabilities have expanded their use into other areas. They are used in computer gaming, deep learning for artificial intelligence and mining cryptocurrencies. Their rise in popularity led to research involving several security aspects, including this paper’s focus, memory vulnerabilities. Research documented many vulnerabilities, including GPUs not implementing address space layout randomization, not zeroing out memory after deallocation, and not initializing newly allocated memory. These vulnerabilities can lead to a victim’s sensitive data being leaked ...


Ransomware And Malware Sandboxing, Byron Denham 2022 University of Arkansas, Fayetteville

Ransomware And Malware Sandboxing, Byron Denham

Computer Science and Computer Engineering Undergraduate Honors Theses

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of ...


“Lasso The Moon? Is It Possible? What About Hack The Moon? Today’S International Framework For Activities On The Moon”, Diane M. Janosek, Armando Seay, Josa P. Natera 2022 Military Cyber Professional Association

“Lasso The Moon? Is It Possible? What About Hack The Moon? Today’S International Framework For Activities On The Moon”, Diane M. Janosek, Armando Seay, Josa P. Natera

Military Cyber Affairs

The global interest in the moon and outer space continues to skyrocket. The current U.S. commercial investment in space is $350 billion annually, and it is expected to grow to $1 Trillion or more by 2040. The U.S. military investment in space defense and research likewise continues to grow, with the total investment amount remaining classified. With the frequent activity in space, as well as concerns about attacks to US space assets to and from space, the U.S, created the United States Space Command and its Space Force. With private space travel, nanosatellites, lunar exploration, and the ...


Hypergaming For Cyber: Strategy For Gaming A Wicked Problem, Joshua A. Sipper 2022 Air University

Hypergaming For Cyber: Strategy For Gaming A Wicked Problem, Joshua A. Sipper

Military Cyber Affairs

Cyber as a domain and battlespace coincides with the defined attributes of a “wicked problem” with complexity and inter-domain interactions to spare. Since its elevation to domain status, cyber has continued to defy many attempts to explain its reach, importance, and fundamental definition. Corresponding to these intricacies, cyber also presents many interlaced attributes with other information related capabilities (IRCs), namely electromagnetic warfare (EW), information operations (IO), and intelligence, surveillance, and reconnaissance (ISR), within an information warfare (IW) construct that serves to add to its multifaceted nature. In this cyber analysis, the concept of hypergaming will be defined and discussed in ...


Side-Channel Analysis On Post-Quantum Cryptography Algorithms, Tristen Teague 2022 University of Arkansas, Fayetteville

Side-Channel Analysis On Post-Quantum Cryptography Algorithms, Tristen Teague

Computer Science and Computer Engineering Undergraduate Honors Theses

The advancements of quantum computers brings us closer to the threat of our current asymmetric cryptography algorithms being broken by Shor's Algorithm. NIST proposed a standardization effort in creating a new class of asymmetric cryptography named Post-Quantum Cryptography (PQC). These new algorithms will be resistant against both classical computers and sufficiently powerful quantum computers. Although the new algorithms seem mathematically secure, they can possibly be broken by a class of attacks known as side-channels attacks (SCA). Side-channel attacks involve exploiting the hardware that the algorithm runs on to figure out secret values that could break the security of the ...


Comparative Study Of Snort 3 And Suricata Intrusion Detection Systems, Cole Hoover 2022 University of Arkansas, Fayetteville

Comparative Study Of Snort 3 And Suricata Intrusion Detection Systems, Cole Hoover

Computer Science and Computer Engineering Undergraduate Honors Theses

Network Intrusion Detection Systems (NIDS) are one layer of defense that can be used to protect a network from cyber-attacks. They monitor a network for any malicious activity and send alerts if suspicious traffic is detected. Two of the most common open-source NIDS are Snort and Suricata. Snort was first released in 1999 and became the industry standard. The one major drawback of Snort has been its single-threaded architecture. Because of this, Suricata was released in 2009 and uses a multithreaded architecture. Snort released Snort 3 last year with major improvements from earlier versions, including implementing a new multithreaded architecture ...


Digital Commons powered by bepress