A New Efficient Optimistic Fair Exchange Protocol Without Random Oracles, 2012 Singapore Management University
A New Efficient Optimistic Fair Exchange Protocol Without Random Oracles, Qiong Huang, Guomin Yang, Duncan S. Wong, Willy Susilo
Research Collection School Of Computing and Information Systems
Optimistic fair exchange (OFE) is a kind of protocols to solve the problem of fair exchange between two parties. Most of the previous work on this topic are provably secure in the random oracle model. In this work, we propose a new construction of OFE from another cryptographic primitive, called time capsule signature. The construction is efficient and brings almost no overhead other than the primitive itself. The security of our new construction is based on that of the underlying primitive without relying on the random oracle heuristic. Applying our generic construction to the time capsule signature scheme recently proposed …
Crisis Response Information Networks, 2012 Singapore Management University
Crisis Response Information Networks, Shan L. Pan, Gary Pan, Dorothy Leidner
Research Collection School Of Accountancy
In the past two decades, organizational scholars have focused significant attention on how organizations manage crises. While most of these studies concentrate on crisis prevention, there is a growing emphasis on crisis response. Because information that is critical to crisis response may become outdated as crisis conditions change, crisis response research recognizes that the management of information flows and networks is critical to crisis response. Yet despite its importance, little is known about the various types of crisis information networks and the role of IT in enabling these information networks. Employing concepts from information flow and social network theories, this …
Cyber Security And Mobile Threats: The Need For Antivirus Applications For Smart Phones, 2011 University of Missouri - St Louis
Cyber Security And Mobile Threats: The Need For Antivirus Applications For Smart Phones, Jorja Wright, Maurice E. Dawson Jr., Marwan Omar
Maurice Dawson
Smartphones are becoming a vehicle to provide an efficient and convenient way toaccess, find and share information; however, the availability of this information hascaused an increase in cyber attacks. Currently, cyber threats range from Trojans andviruses to botnets and toolkits. Presently, 96% of smartphones do not have pre-installedsecurity software. This lack in security is an opportunity for malicious cyber attackers to hackinto the various devices that are popular (i.e. Android, iPhone and Blackberry). Traditionalsecurity software found in personal computers (PCs), such as firewalls, antivirus, andencryption, is not currently available in smartphones. Moreover, smartphones are even morevulnerable than personal computers because …
Front Matter, 2011 Embry-Riddle Aeronautical University
Masthead, 2011 Embry-Riddle Aeronautical University
Back Matter, 2011 Embry-Riddle Aeronautical University
Understanding And Protecting Privacy: Formal Semantics And Principled Audit Mechanisms, 2011 Singapore Management University
Understanding And Protecting Privacy: Formal Semantics And Principled Audit Mechanisms, Anupam Datta, Jeremiah Blocki, Nicolas Christin, Henry Deyoung, Deepak Garg, Limin Jia, Dilsun Kaynar, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Privacy has become a significant concern in modern society as personal information about individuals is increasingly collected, used, and shared, often using digital technologies, by a wide range of organizations. Certain information handling practices of organizations that monitor individuals’ activities on the Web, data aggregation companies that compile massive databases of personal information, cell phone companies that collect and use location data about individuals, online social networks and search engines—while enabling useful services—have aroused much indignation and protest in the name of privacy. Similarly, as healthcare organizations are embracing electronic health record systems and patient portals to enable patients, employees, …
On Two Rfid Privacy Notions And Their Relations, 2011 Singapore Management University
On Two Rfid Privacy Notions And Their Relations, Yingjiu Li, Robert H. Deng, Junzuo Lai, Changshe Ma
Research Collection School Of Computing and Information Systems
Privacy of RFID systems is receiving increasing attention in the RFID community. Basically, there are two kinds of RFID privacy notions in the literature: one based on the indistinguishability of two tags, denoted as ind-privacy, and the other based on the unpredictability of the output of an RFID protocol, denoted as unp*-privacy. In this article, we first revisit the existing unpredictability-based RFID privacy models and point out their limitations. We then propose a new RFID privacy model, denoted as unp*-privacy, based on the indistinguishability of a real tag and a virtual tag. We formally clarify its relationship with the ind-privacy …
Automated Removal Of Cross Site Scripting Vulnerabilities In Web Applications, 2011 Singapore Management University
Automated Removal Of Cross Site Scripting Vulnerabilities In Web Applications, Lwin Khin Shar, Hee Beng Kuan Tan
Research Collection School Of Computing and Information Systems
Context: Cross site scripting (XSS) vulnerability is among the top web application vulnerabilities according to recent surveys. This vulnerability occurs when a web application uses inputs received from users in web pages without properly checking them. This allows an attacker to inject malicious scripts in web pages via such inputs such that the scripts perform malicious actions when a client visits the exploited web pages. Such an attack may cause serious security violations such as account hijacking and cookie theft. Current approaches to mitigate this problem mainly focus on effective detection of XSS vulnerabilities in the programs or prevention of …
Launching Return-Oriented Programming Attacks Against Randomized Relocatable Executables, 2011 Singapore Management University
Launching Return-Oriented Programming Attacks Against Randomized Relocatable Executables, Limin Liu, Jin Han, Debin Gao, Jiwu Jing, Daren Zha
Research Collection School Of Computing and Information Systems
Since the day it was proposed, return-oriented programming has shown to be an effective and powerful attack technique against the write or execute only (W ⊕ X) protection. However, a general belief in the previous research is, systems deployed with address space randomization where the executables are also randomized at run-time are able to defend against return-oriented programming, as the addresses of all instructions are randomized. In this paper, we show that due to the weakness of current address space randomization technique, there are still ways of launching return-oriented programming attacks against those well-protected systems efficiently. We demonstrate and evaluate …
Applying Time-Bound Hierarchical Key Assignment In Wireless Sensor Networks, 2011 Chinese Academy of Sciences
Applying Time-Bound Hierarchical Key Assignment In Wireless Sensor Networks, Wentao Zhu, Robert H. Deng, Jianying Zhou, Feng Bao
Research Collection School Of Computing and Information Systems
Access privileges in distributed systems can be effectively organized as a partial-order hierarchy that consists of distinct security classes, and are often designated with certain temporal restrictions. The time-bound hierarchical key assignment problem is to assign distinct cryptographic keys to distinct security classes according to their privileges so that users from a higher class can use their class key to derive the keys of lower classes, and these keys are time-variant with respect to sequentially allocated temporal units called time slots. In this paper, we explore applications of time-bound hierarchical key assignment in a wireless sensor network environment where there …
Profit-Maximizing Firm Investments In Customer Information Security, 2011 Arizona State University
Profit-Maximizing Firm Investments In Customer Information Security, Yong Yick Lee, Robert J. Kauffman, Ryan Sougstad
Research Collection School Of Computing and Information Systems
When a customer interacts with a firm, extensive personal information often is gathered without the individual's knowledge. Significant risks are associated with handling this kind of information. Providing protection may reduce the risk of the loss and misuse of private information, but it imposes some costs on both the firm and its customers. Nevertheless, customer information security breaches still may occur. They have several distinguishing characteristics: (1) typically it is hard to quantify monetary damages related to them; (2) customer information security breaches may be caused by intentional attacks, as well as through unintentional organizational and customer behaviors; and (3) …
Privacy In "The Cloud": Applying Nissenbaum's Theory Of Contextual Integrity, 2011 Sacred Heart University
Privacy In "The Cloud": Applying Nissenbaum's Theory Of Contextual Integrity, Frances Grodzinsky, Herman T. Tavani
School of Computer Science & Engineering Faculty Publications
The present essay is organized into five main sections. We begin with a few preliminary remarks about "cloud computing," which are developed more fully in a later section. This is followed by a brief overview of the evolution of Helen Nissenbaum's framework of "privacy as contextual integrity." In particular, we examine Nissenbaum's "Decision Heuristic" model, described in her most recent work on privacy (Nissenabum 2010), to see how it enables the contextual-integrity framework to respond to privacy challenges posed by new and emerging technologies. We then apply that heuristic device to questions surrounding one aspect of cloud computing -- viz., …
General Construction Of Chameleon All-But-One Trapdoor Functions, 2011 Shanghai Jiaotong University
General Construction Of Chameleon All-But-One Trapdoor Functions, Shengli Liu, Junzuo Lai, Robert H. Deng
Research Collection School Of Computing and Information Systems
Lossy trapdoor functions enable black-box construction of public key encryption (PKE) schemes secure against chosen-ciphertext attack [18]. Recently, a more efficient black-box construction of public key encryption was given in [12] with the help of chameleon all-but-one trapdoor functions (ABO-TDFs).In this paper, we propose a black-box construction for transforming any ABO-TDFs into chameleon ABO-TDFs with the help of chameleon hash functions. Instantiating the proposed general black-box construction of chameleon ABO-TDFs, we can obtain the first chameleon ABO-TDFs based on the Decisional Diffie-Hellman (DDH) assumption.
Adaptive Collision Resolution For Efficient Rfid Tag Identification, 2011 National Taiwan University of Science and Technology
Adaptive Collision Resolution For Efficient Rfid Tag Identification, Yung-Chun Chen, Kuo-Hui Yeh, Nai-Wei Lo, Yingjiu Li, Enrico Winata
Research Collection School Of Computing and Information Systems
In large-scale RFID systems, all of the communications between readers and tags are via a shared wireless channel. When a reader intends to collect all IDs from numerous existing tags, a tag identification process is invoked by the reader to collect the tags' IDs. This phenomenon results in tag-to-reader signal collisions which may suppress the system performance greatly. To solve this problem, we design an efficient tag identification protocol in which a significant gain is obtained in terms of both identification delay and communication overhead. A k-ary tree-based abstract is adopted in our proposed tag identification protocol as underlying architecture …
Masthead, 2011 Embry-Riddle Aeronautical University
Front Matter, 2011 Embry-Riddle Aeronautical University
Back Matter, 2011 Embry-Riddle Aeronautical University
Packed, Printable, And Polymorphic Return-Oriented Programming, 2011 Singapore Management University
Packed, Printable, And Polymorphic Return-Oriented Programming, Kangjie Lu, Dabi Zou, Weiping Wen, Debin Gao
Research Collection School Of Computing and Information Systems
Return-oriented programming (ROP) is an attack that has been shown to be able to circumvent W ⊕ X protection. However, it was not clear if ROP can be made as powerful as non-ROP malicious code in other aspects, e.g., be packed to make static analysis difficult, be printable to evade non-ASCII filtering, be polymorphic to evade signature-based detection, etc. Research in these potential advances in ROP is important in designing counter-measures. In this paper, we show that ROP code could be packed, printable, and polymorphic. We demonstrate this by proposing a packer that produces printable and polymorphic ROP code. It …
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, 2011 Air Force Institute of Technology
A Novel Malware Target Recognition Architecture For Enhanced Cyberspace Situation Awareness, Thomas E. Dube
Theses and Dissertations
The rapid transition of critical business processes to computer networks potentially exposes organizations to digital theft or corruption by advanced competitors. One tool used for these tasks is malware, because it circumvents legitimate authentication mechanisms. Malware is an epidemic problem for organizations of all types. This research proposes and evaluates a novel Malware Target Recognition (MaTR) architecture for malware detection and identification of propagation methods and payloads to enhance situation awareness in tactical scenarios using non-instruction-based, static heuristic features. MaTR achieves a 99.92% detection accuracy on known malware with false positive and false negative rates of 8.73e-4 and 8.03e-4 respectively. …