Information Security Commons^™

Efficient Multiplicative-To-Additive Function From Joye-Libert Cryptosystem And Its Application To Threshold Ecdsa, Haiyang Xue, Ho Man Au, Mengling Liu, Yin Kwan Chan, Handong Cui, Xiang Xie, Hon Tsz Yuen, Chengru Zhang

Research Collection School Of Computing and Information Systems

Threshold ECDSA receives interest lately due to its widespread adoption in blockchain applications. A common building block of all leading constructions involves a secure conversion of multiplicative shares into additive ones, which is called the multiplicative-to-additive (MtA) function. MtA dominates the overall complexity of all existing threshold ECDSA constructions. Specifically, O(n2) invocations of MtA are required in the case of n active signers. Hence, improvement of MtA leads directly to significant improvements for all state-of-the-art threshold ECDSA schemes.In this paper, we design a novel MtA by revisiting the Joye-Libert (JL) cryptosystem. Specifically, we revisit JL encryption and propose a JL-based …

Wormhole Attack Mitigation In Wireless Network Using Propagation Delay, Harry May, Travis Atkison

Journal of Cybersecurity Education, Research and Practice

This paper presents a novel approach for mitigating wormhole attacks on wireless networks using propagation delay timing. The wormhole attack is a persistent security threat that threatens the integrity of network communications, potentially leading to data theft or other malicious activities. While various methods exist for combating wormhole attacks, our approach offers advantages that set it apart. Our approach involves a combination of proactive and reactive measures, harnessing box plot analysis and weighting factor techniques to identify and isolate outlier node links effectively. Unlike traditional methods, our solution not only detects outlier links but also defines dynamic weighting factors, providing …

Happy Hours, Not Office Hours: Socially Engaging Cybersecurity Students In A Large Online Graduate Course, James T. Mccafferty

Journal of Cybersecurity Education, Research and Practice

Engagement is a critical part of student learning and student success. This is especially true in online classes where students have less interaction with their classmates and instructors when compared to traditional face-to-face courses. Research on engagement has shown that when students are meaningfully engaged it can increase student satisfaction and it may also increase levels of academic achievement, including grades earned and degree progression (e.g. Wong et al., 2024). This paper focuses on social engagement in a graduate cybersecurity program that uses large, expandable online courses as described by Whitman and Mattord (2023). Large online graduate classes (i.e., more …

2024 Gateway Magazine, College Of Computing, Michigan Technological University

College of Computing Annual Magazines

Table of Contents

• 50 Years of Computer Science at Michigan Tech
• Data Science for a Changing Planet
• Healthcare Transformed
• Mechatronics Matters
• Powered by Michigan Tech Talent
• Esports: Bringing Everything Great about Sports to More People
• The Michigander Scholars Program: Electrifying Careers in Michigan
• College of Computing News

On The Lossiness Of 2k-Th Power And The Instantiability Of Rabin-Oaep, Haiyang Xue, Bao Li, Xianhui Lu, Kunpeng Wang, Yamin Liu

Research Collection School Of Computing and Information Systems

Seurin PKC 2014 proposed the 2-ï /4-hiding assumption which asserts the indistinguishability of Blum Numbers from pseudo Blum Numbers. In this paper, we investigate the lossiness of 2 k -th power based on the 2 k -ï /4-hiding assumption, which is an extension of the 2-ï /4-hiding assumption. And we prove that 2 k -th power function is a lossy trapdoor permutation over Quadratic Residuosity group. This new lossy trapdoor function has 2 k -bits lossiness for k -bits exponent, while the RSA lossy trapdoor function given by Kiltz et al. Crypto 2010 has k -bits lossiness for k -bits …

Resilient Tcp Variant Enabling Smooth Network Updates For Software-Defined Data Center Networks, Abdul Basit Dogar, Sami Ullah, Yiran Zhang, Hisham Alasmary, Muhammad Waqas, Sheng Chen

Research outputs 2022 to 2026

Network updates have become increasingly prevalent since the broad adoption of software-defined networks (SDNs) in data centers. Modern TCP designs, including cutting-edge TCP variants DCTCP, CUBIC, and BBR, however, are not resilient to network updates that provoke flow rerouting. In this paper, we first demonstrate that popular TCP implementations perform inadequately in the presence of frequent and inconsistent network updates, because inconsistent and frequent network updates result in out-of-order packets and packet drops induced via transitory congestion and lead to serious performance deterioration. We look into the causes and propose a network update-friendly TCP (NUFTCP), which is an extension of …

How State Universities Are Addressing The Shortage Of Cybersecurity Professionals In The United States, Gary Harris

Journal of Cybersecurity Education, Research and Practice

Cybersecurity threats have been a serious and growing problem for decades. In addition, a severe shortage of cybersecurity professionals has been proliferating for nearly as long. These problems exist in the United States and globally and are well documented in literature. This study examined what state universities are doing to help address the shortage of cybersecurity professionals since higher education institutions are a primary source to the workforce pipeline. It is suggested that the number of cybersecurity professionals entering the workforce is related to the number of available programs. Thus increasing the number of programs will increase the number of …

Leveraging Propagation Delay For Wormhole Detection In Wireless Networks, Harry May, Travis Atkison

Journal of Cybersecurity Education, Research and Practice

Detecting and mitigating wormhole attacks in wireless networks remains a critical challenge due to their deceptive nature and potential to compromise network integrity. This paper proposes a novel approach to wormhole detection by leveraging propagation delay analysis between network nodes. Unlike traditional methods that rely on signature-based detection or specialized hardware, our method focuses on analyzing propagation delay timings to identify anomalous behavior indicative of wormhole attacks. The proposed methodology involves collecting propagation delay data in both normal network scenarios and scenarios with inserted malicious wormhole nodes. By comparing these delay timings, our approach aims to differentiate between legitimate network …

Understanding The Use Of Artificial Intelligence In Cybercrime, Sinyong Choi, Thomas Dearden, Katalin Parti

International Journal of Cybersecurity Intelligence & Cybercrime

Artificial intelligence is one of the newest innovations that offenders also exploit to satisfy their criminal desires. Although understanding cybercrimes associated with this relatively new technology is essential in developing proper preventive measures, little has been done to examine this area. Therefore, this paper provides an overview of the articles featured in the special issue of the International Journal of Cybersecurity Intelligence and Cybercrime, ranging from deepfake in the metaverse to social engineering attacks. This issue includes articles that were presented by the winners of the student paper competition at the 2024 International White Hat Conference.

Cyber Victimization In The Healthcare Industry: Analyzing Offender Motivations And Target Characteristics Through Routine Activities Theory (Rat) And Cyber-Routine Activities Theory (Cyber-Rat), Yashna Praveen, Mijin Kim, Kyung-Shick Choi

International Journal of Cybersecurity Intelligence & Cybercrime

The integration of computer technology in healthcare has revolutionized patient care but has also introduced significant cyber risks. Despite the healthcare sector being a primary target for cyber-attacks, research on the dynamics of these threats and practical solutions remains limited. Understanding the complexities of cyberattacks in this sector is critical, as the impact extends beyond financial losses to directly affect patient care and the protection of sensitive information. This paper applies Routine Activities Theory (RAT) and Cyber Routine Activities Theory (C-RAT) to analyze high-tech cyber victimization case studies in healthcare. The analysis explores the motivations behind these attacks and identifies …

Investigating The Intersection Of Ai And Cybercrime: Risks, Trends, And Countermeasures, Sanaika Shetty, Kyung-Shick Choi, Insun Park

International Journal of Cybersecurity Intelligence & Cybercrime

No abstract provided.

Integrated Model Of Cybercrime Dynamics: A Comprehensive Framework For Understanding Offending And Victimization In The Digital Realm, Troy Smith Phd

International Journal of Cybersecurity Intelligence & Cybercrime

This article introduces the Integrated Model of Cybercrime Dynamics (IMCD), a novel theoretical framework for examining the complex interplay between individual characteristics, online behavior, environmental factors, and outcomes related to cybercrime offending and victimization. The model incorporates key concepts from existing theories, empirical evidence, and interdisciplinary perspectives to provide a comprehensive framework. In contrast to traditional criminological theories, the proposed model integrates concepts from multiple disciplines to offer a holistic framework that captures the complexity of cybercrime and specifically caters for the uniqueness of cyberspace. The article will provide a detailed overview of the conceptual model, its theoretical underpinnings drawing …

Cyberattack Detection And Handling For Neural Network-Approximated Economic Model Predictive Control, Jihan Abou Halloun, Helen E. Durand

Chemical Engineering and Materials Science Faculty Research Publications

Cyberattacks on control systems can create unprofitable and unsafe operating conditions. To enhance safety and attack resiliency of control systems, cyberattack detection strategies can be developed. Prior work in our group has sought to develop cyberattack detection strategies that are integrated with an advanced control formulation known as Lyapunov-based economic model predictive control (LEMPC), in the sense that the controller properties can be used to analyze closed-loop stability in the presence or absence of undetected attacks. In this work, we consider neural network-approximated control laws, concepts for mitigating cyberattacks on such control laws, and how these ideas elucidate concepts in …

Profit Considerations For Nonlinear Control-Integrated Cyberattack Detection On Process Actuators, Keshav Kasturi Rangan, Helen E. Durand

Chemical Engineering and Materials Science Faculty Research Publications

Prior research from our group developed a control-integrated active actuator cyberattack detection strategy. This strategy continuously probed for cyberattacks by updating target steady-states at every sampling time and then moving the process state toward these over the subsequent sampling period. Attacks were fagged if a Lyapunov function around the target steady-state did not decrease over a sampling period. This strategy had the benefit of ensuring safety of the process until an attack was detected. However, the continuous probing for attacks could decrease profit from the process compared to not probing for the attacks, which could limit the attractiveness of the …

Lyapunov-Based Cyberattack Detection For Distinguishing Between Sensor And Actuator Attacks, Dominic Messina, Helen E. Durand

Chemical Engineering and Materials Science Faculty Research Publications

Control-theoretic cyberattack detection strategies are control strategies where control theory can be used in the design of the detection policies and analysis of stability properties with and without cyberattacks. This work provides a step toward understanding how to diagnose cyberattacks using control-theoretic cyberattack detection mechanisms. Specifically, we analyze the conditions under which a control-theoretic cyberattack detection strategy developed in our prior work to handle detection of simultaneous actuator and sensor attacks can be extended to distinguish between whether attacks are occurring on sensors or actuators. We present and evaluate heuristic concepts for attempting to diagnose sensor attacks; these again demonstrate …

The Impact Of Managerial Myopia On Cybersecurity: Evidence From Data Breaches, Wen Chen, Xing Li, Haibin Wu, Liandong Zhang

Research Collection School Of Accountancy

Using a sample of U.S. firms for the period 2005–2017, we provide evidence that managerial myopic actions contribute to corporate cybersecurity risk. Specifically, we show that abnormal cuts in discretionary expenditures, our proxy for managerial myopia, are positively associated with the likelihood of data breaches. The association is largely driven by firms that appear to cut discretionary expenditures to meet short-term earnings targets. In addition, the association is stronger for firms with greater short-term equity incentives, higher earnings response coefficients, low levels of institutional block ownership, or large market shares. Finally, firms appear to increase discretionary expenditures upon the announcement …

Peep With A Mirror: Breaking The Integrity Of Android App Sandboxing Via Unprivileged Cache Side Channel, Yan Lin, Joshua Wong, Xiang Li, Haoyu Ma, Debin Gao

Research Collection School Of Computing and Information Systems

Application sandboxing is a well-established security principle employed in the Android platform to safeguard sensitive information. However, hardware resources, specifically the CPU caches, are beyond the protection of this software-based mechanism, leaving room for potential side-channel attacks. Existing attacks against this particular weakness of app sandboxing mainly target shared components among apps, hence can only observe system-level program dynamics (such as UI tracing). In this work, we advance cache side-channel attacks by demonstrating the viability of non-intrusive and fine-grained probing across different app sandboxes, which have the potential to uncover app-specific and private program behaviors, thereby highlighting the importance of …

An Llm-Assisted Easy-To-Trigger Poisoning Attack On Code Completion Models: Injecting Disguised Vulnerabilities Against Strong Detection, Shenao Yan, Shen Wang, Yue Duan, Hanbin Hong, Kiho Lee, Doowon Kim, Yuan Hong

Research Collection School Of Computing and Information Systems

Large Language Models (LLMs) have transformed code completion tasks, providing context-based suggestions to boost developer productivity in software engineering. As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs. To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models. Unlike recent attacks that embed malicious payloads in detectable or irrelevant sections of the code (e.g., comments), CODEBREAKER leverages LLMs (e.g., GPT-4) for sophisticated payload transformation (without affecting functionalities), ensuring that both the poisoned data for fine-tuning and generated code can evade strong …

Incorporating Ai-Assisted Sensing Into The Metaverse: Opportunities For Interactions, Esports, And Security Enhancement, Yi Wu

Doctoral Dissertations

With the rapid growth and development of Virtual Reality (VR) and Augmented Reality (AR), extensive research has been carried out in the domain of the Metaverse, including immersive gaming, human-computer interaction, eSports, and the associated security & privacy concerns.

My research explores the potential of incorporating Artificial Intelligence (AI)-assisted sensing technologies to facilitate a more immersive, convenient, authentic, and secure virtual experience. This dissertation mainly focus on the following topics: (1) how to perform facial expression tracking to improve the users' awareness in the Metaverse; (2) fitness tracking for immersive eCycling; (3) running gait analysis for immersive indoor running, and …

Anopas: Practical Anonymous Transit Pass From Group Signatures With Time-Bound Keys, Rui Shi, Yang Yang, Yingjiu Li, Huamin Feng, Hwee Hwa Pang, Robert H. Deng

Research Collection School Of Computing and Information Systems

An anonymous transit pass system allows passengers to access transport services within fixed time periods, with their privileges automatically deactivating upon time expiration. Although existing transit pass systems are deployable on powerful devices like PCs, their adaptation to more user-friendly devices, such as mobile phones with smart cards, is inefficient due to their reliance on heavy-weight operations like bilinear maps. In this paper, we introduce an innovative anonymous transit pass system, dubbed Anopas, optimized for deployment on mobile phones with smart cards, where the smart card is responsible for crucial lightweight operations and the mobile phone handles key-independent and time-consuming …