Information Security Commons^™

Understanding The Challenges Of Cryptography-Related Cybercrime And Its Investigation, Sinyong Choi, Katalin Parti

International Journal of Cybersecurity Intelligence & Cybercrime

Cryptography has been applied to a range of modern technologies which criminals also exploit to gain criminal rewards while hiding their identity. Although understanding of cybercrime involving this technique is necessary in devising effective preventive measures, little has been done to examine this area. Therefore, this paper provides an overview of the two articles, featured in the special issue of the International Journal of Cybersecurity Intelligence and Cybercrime, that will enhance our understanding of cryptography-related crime, ranging from cryptocurrency and darknet market to password-cracking. The articles were presented by the winners of the student paper competition at the 2022 International …

A Qualitative Look Into Repair Practices, Jumana Labib

Undergraduate Student Research Internships Conference

This research poster is based on a working research paper which moves beyond the traditional scope of repair and examines the Right to Repair movement from a smaller, more personal lens by detailing the 6 categorical impediments as dubbed by Dr. Alissa Centivany (design, law, economic/business strategy, material asymmetry, informational asymmetry, and social impediments) have continuously inhibited repair and affected repair practices, which has consequently had larger implications (environmental, economic, social, etc.) on ourselves, our objects, and our world. The poster builds upon my research from last year (see "The Right to Repair: (Re)building a better future"), this time pulling …

Effective Knowledge Graph Aggregation For Malware-Related Cybersecurity Text, Phillip Ryan Boudreau

Graduate Theses and Dissertations

With the rate at which malware spreads in the modern age, it is extremely important that cyber security analysts are able to extract relevant information pertaining to new and active threats in a timely and effective manner. Having to manually read through articles and blog posts on the internet is time consuming and usually involves sifting through much repeated information. Knowledge graphs, a structured representation of relationship information, are an effective way to visually condense information presented in large amounts of unstructured text for human readers. Thusly, they are useful for sifting through the abundance of cyber security information that …

Identification Of Clear Text Data Obfuscated Within Active File Slack, Claire V. Wills

Theses and Dissertations

Obfuscating text on a hard drive can be done by utilizing the slack space of files. Text can be inserted into the area between the end of the file data and the New Technology File System (NTFS) cluster (the smallest drive space allocated to a file) that in which the file is stored, the data is hidden from traditional methods of viewing. If the hard drive is large, how does a digital forensics expert know where to look to find text that has been obfuscated? Searching through a large hard drive could take up a substantial amount of time that …

Efficient Resource Allocation With Fairness Constraints In Restless Multi-Armed Bandits, Dexun Li, Pradeep Varakantham

Research Collection School Of Computing and Information Systems

Restless Multi-Armed Bandits (RMAB) is an apt model to represent decision-making problems in public health interventions (e.g., tuberculosis, maternal, and child care), anti-poaching planning, sensor monitoring, personalized recommendations and many more. Existing research in RMAB has contributed mechanisms and theoretical results to a wide variety of settings, where the focus is on maximizing expected value. In this paper, we are interested in ensuring that RMAB decision making is also fair to different arms while maximizing expected value. In the context of public health settings, this would ensure that different people and/or communities are fairly represented while making public health intervention …

Verifying Neural Networks Against Backdoor Attacks, Pham Hong Long, Jun Sun

Research Collection School Of Computing and Information Systems

Neural networks have achieved state-of-the-art performance in solving many problems, including many applications in safety/security-critical systems. Researchers also discovered multiple security issues associated with neural networks. One of them is backdoor attacks, i.e., a neural network may be embedded with a backdoor such that a target output is almost always generated in the presence of a trigger. Existing defense approaches mostly focus on detecting whether a neural network is ‘backdoored’ based on heuristics, e.g., activation patterns. To the best of our knowledge, the only line of work which certifies the absence of backdoor is based on randomized smoothing, which is …

Cyber Deception For Critical Infrastructure Resiliency, Md Ali Reza Al Amin

Computational Modeling & Simulation Engineering Theses & Dissertations

The high connectivity of modern cyber networks and devices has brought many improvements to the functionality and efficiency of networked systems. Unfortunately, these benefits have come with many new entry points for attackers, making systems much more vulnerable to intrusions. Thus, it is critically important to protect cyber infrastructure against cyber attacks. The static nature of cyber infrastructure leads to adversaries performing reconnaissance activities and identifying potential threats. Threats related to software vulnerabilities can be mitigated upon discovering a vulnerability and-, developing and releasing a patch to remove the vulnerability. Unfortunately, the period between discovering a vulnerability and applying a …

Predictors Of Email Response: Determinants Of The Intention Of Not Following Security Recommendations, Miguel Angel Toro-Jarrin

Engineering Management & Systems Engineering Theses & Dissertations

Organizations and government leaders are concerned about cyber incidents. For some time, researchers have studied what motivates people to act in ways that put the confidentiality, integrity, and availability of information in organizations at risk. Still, several areas remained unexplored, including the role of employees’ evaluation of the organizational systems and the role of value orientation at work as precursors of secure and insecure actions in relation to information technologies (information security [IS] action). The objective of this research project was to examine how the evaluations of formal and informal security norms are associated with the intention to follow them …

Code Cyber: A Curated Collection Of Cybersecurity Career Learning And Preparation Resources, Kazi Tasin, Ethan Pruzhansky, Jason Lin, Tanvir Rahman, Patrick J. Slattery

Publications and Research

Since we are living in a digital age, the need to protect ourselves and those who are vulnerable to cyber-attacks is paramount to prevent cyber attacks that steal information such as banking accounts and important sensitive information.

Our research team extensively investigated the five aspects of cybersecurity such as identity, protection, detection, and response. By conducting various interviews with cybersecurity professionals, we gathered information about these five aspects for example security intelligence or security operations and response, (thread hunting, response orchestration) identity access management, (identity management, and data protection), and risks (risk perspective). Our main goal is to look into …

Formal Verification Applications For The Treekem Continuous Group Key Agreement Protocol, Alexander J. Washburn

Theses and Dissertations

The features of Secure Group Messaging, the security guarantees of Message Layer Security, and the TreeKEM protocol designed to satisfy these guarantees and features are explored. A motivation and methodology for verification via explicit model checking is presented. Subsequently, a translation of the TreeKEM protocol into a Promela reference model is described, examining the nuances explicit model checking brings. Finally the results of the formal verification methods are discussed.

Cybersecurity Educational Resources For K-12, Debra Bowen, James Jaurez, Nancy Jones, William Reid, Christopher Simpson

Journal of Cybersecurity Education, Research and Practice

There are many resources to guide successful K-12 cybersecurity education. The objective of these resources is to prepare skilled and ethical cybersecurity students at the earliest level to meet the demands of higher-level programs. The goal of this article is to provide, as a starting point, a list of as many currently popular K-12 educational resources as possible. The resources provided are broken into five categories: 1) Career Information, 2) Curriculum, 3) Competitions, 4) CyberCamps, and 5) Labs and Gaming. Each resource listed has a link, the K-12 levels that are supported, whether the resource is free or has a …

Digital Contact Tracing And Privacy, Mahdi Nasereddin, Edward J. Glantz, Galen A. Grimes, Joanne Peca, Michelle Gordon, Mike Bartolacci

Journal of Cybersecurity Education, Research and Practice

Digital contact tracing tools were developed to decrease the spread of COVID-19 by supplementing traditional manual methods. Although these tools have great potential, they were developed rather quickly resulting in tools with varying levels of success. The main issues with these tools are over privacy and who might have access to the information gathered. In general, their effectiveness varied globally, where users expressed privacy concerns associated with sharing identity, illness, and location information. This paper reviews these issues in deployments across Asia, Europe, and the United States. The goal is to begin a discussion that improves the design and development …

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Assessing The Practical Cybersecurity Skills Gained Through Criminal Justice Academic Programs To Benefit Security Operations Centers (Socs), Lucy Tsado, Jung Seob "Scott" Kim

Journal of Cybersecurity Education, Research and Practice

Private-sector and public-sector organizations have increasingly built specific business units for securing company assets, reputation, and lives, known as security operations centers (SOCs). Depending on the organization, these centers may also be referred to as global security operations centers, cybersecurity operations centers, fusion centers, and corporate command centers, among many other names. The concept of centralized function within an organization to improve an organization’s security posture has attracted both the government and the private sectors to either build their own SOCs or hire third-party SOC companies.

In this article, the need for a multidisciplinary approach to cybersecurity education at colleges …

Assessment Of 3d Mesh Watermarking Techniques, Neha Sharma, Jeebananda Panda

Journal of Digital Forensics, Security and Law

With the increasing usage of three-dimensional meshes in Computer-Aided Design (CAD), medical imaging, and entertainment fields like virtual reality, etc., the authentication problems and awareness of intellectual property protection have risen since the last decade. Numerous watermarking schemes have been suggested to protect ownership and prevent the threat of data piracy. This paper begins with the potential difficulties that arose when dealing with three-dimension entities in comparison to two-dimensional entities and also lists possible algorithms suggested hitherto and their comprehensive analysis. Attacks, also play a crucial role in deciding a watermarking algorithm so an attack based analysis is also presented …

To License Or Not To License Reexamined: An Updated Report On Licensing Of Digital Examiners Under State Private Investigator Statutes, Thomas Lonardo, Alan Rea, Doug White

Journal of Digital Forensics, Security and Law

In this update to the 2015 study, the authors examine US state statutes and regulations relating to licensing and enforcement of Digital Examiner functions under each state’s private investigator/detective statute. As with the prior studies, the authors find that very few state statutes explicitly distinguish between Private Investigators (PI) and Digital Examiners (DE), and when they do, they either explicitly require a license or exempt them from the licensing statute. As noted in the previous 2015 study there is a minor trend in which some states are moving to exempt DE from PI licensing requirements. We examine this trend as …

Ransomware 2.0: An Emerging Threat To National Security, Mohiuddin Ahmed, Sascha Dominik Dov Bachmann, Abu Barkat Ullah, Shaun Barnett

Research outputs 2022 to 2026

The global Covid-19 pandemic has seen the rapid evolution of our traditional working environment; more people are working from home and the number of online meetings has increased. This trend has also affected the security sector. Consequently, the evolution of ransomware to what is now being described as ‘Ransomware 2.0’ has governments, businesses and individuals alike rushing to secure their data.

Using Blockchain To Improve Security Of The Internet Of Things, Joshua W. Quist

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

The Internet of Things has increased in popularity in recent years, with daily life now being surrounded by “smart devices.” This network of smart devices, such as thermostats, refrigerators, and even stationary bikes affords us convenience, but at a cost. Security measures are typically inferior on these devices; considering that they collect our data around the clock, this is a big reason for concern. Recent research shows that blockchain technology may be one way to address these security concerns. This paper discusses the Internet of Things and the current issues with how security is handled, discusses how blockchain can shore …

Are You Really Muted?: A Privacy Analysis Of Mute Buttons In Video Conferencing Apps, Yucheng Yang, Jack West, George K. Thiruvathukal, Neil Klingensmith, Kassem Fawaz

Computer Science: Faculty Publications and Other Works

In the post-pandemic era, video conferencing apps (VCAs) have converted previously private spaces — bedrooms, living rooms, and kitchens — into semi-public extensions of the office. And for the most part, users have accepted these apps in their personal space, without much thought about the permission models that govern the use of their personal data during meetings. While access to a device’s video camera is carefully controlled, little has been done to ensure the same level of privacy for accessing the microphone. In this work, we ask the question: what happens to the microphone data when a user clicks the …

Strategic Signaling For Utility Control In Audit Games, Jianan Chen, Qin Hu, Honglu Jiang

Informatics and Engineering Systems Faculty Publications and Presentations

As an effective method to protect the daily access to sensitive data against malicious attacks, the audit mechanism has been widely deployed in various practical fields. In order to examine security vulnerabilities and prevent the leakage of sensitive data in a timely manner, the database logging system usually employs an online signaling scheme to issue an alert when suspicious access is detected. Defenders can audit alerts to reduce potential damage. This interaction process between a defender and an attacker can be modeled as an audit game. In previous studies, it was found that sending real-time signals in the audit …