Information Security Commons^™

Joint Pricing And Matching For City-Scale Ride Pooling, Sanket Shah, Meghna Lowalekar, Pradeep Varakantham

Research Collection School Of Computing and Information Systems

Central to efficient ride-pooling are two challenges: (1) how to `price' customers' requests for rides, and (2) if the customer agrees to that price, how to best `match' these requests to drivers. While both of them are interdependent, each challenge's individual complexity has meant that, historically, they have been decoupled and studied individually. This paper creates a framework for batched pricing and matching in which pricing is seen as a meta-level optimisation over different possible matching decisions. Our key contributions are in developing a variant of the revenue-maximizing auction corresponding to the meta-level optimization problem, and then providing a scalable …

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …

A Study On Privacy Of Iot Devices Among A Sample Of Indians In The U.S- 2021, Sahana Prasad Dr, Sharanya Prasad Ms, Vijith Raghavendra, Srishma Sunku

International Journal of Computer Science and Informatics

The Internet of Things (IoT) has gained immense popularity over the last decade with wide-ranging applications in domains of medicine, science, military as well as domestic use. Despite its tremendous growth, privacy concerns plague IoT applications and have the potential to hamper the benefits derived from its usage. This paper carries out a statistical analysis of empirical data collected from users of IoT to assess the level of awareness among users of IoT. The mode of study was through a questionnaire sent through Google forms to a selection of Indians living across the U.S. The place was chosen as some …

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially …

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …

Active Learning With Cybersecurity, Carole Shook

Publications and Presentations

A global campus grant was obtained in Spring 2020 to develop modules for Cybersecurity. This presentation encompasses the use of Cyberciege and case studies that require active learning of students.

Privacy Assessment Breakthrough: A Design Science Approach To Creating A Unified Methodology, Lisa Mckee

Masters Theses & Doctoral Dissertations

Recent changes have increased the need for and awareness of privacy assessments. Organizations focus primarily on Privacy Impact Assessments (PIA) and Data Protection Impact Assessments (DPIA) but rarely take a comprehensive approach to assessments or integrate the results into a privacy risk program. There are numerous industry standards and regulations for privacy assessments, but the industry lacks a simple unified methodology with steps to perform privacy assessments. The objectives of this research project are to create a new privacy assessment methodology model using the design science methodology, update industry standards and present training for conducting privacy assessments that can be …

Protecting Systems From Exploits Using Language-Theoretic Security, Prashant Anantharaman

Dartmouth College Ph.D Dissertations

Any computer program processing input from the user or network must validate the input. Input-handling vulnerabilities occur in programs when the software component responsible for filtering malicious input---the parser---does not perform validation adequately. Consequently, parsers are among the most targeted components since they defend the rest of the program from malicious input. This thesis adopts the Language-Theoretic Security (LangSec) principle to understand what tools and research are needed to prevent exploits that target parsers. LangSec proposes specifying the syntactic structure of the input format as a formal grammar. We then build a recognizer for this formal grammar to validate any …

Establishing Trust In Vehicle-To-Vehicle Coordination: A Sensor Fusion Approach, Jakob Veselsky, Jack West, Isaac Ahlgren, George K. Thiruvathukal, Neil Klingensmith, Abhinav Goel, Wenxin Jiang, James C. Davis, Kyuin Lee, Younghyun Kim

Computer Science: Faculty Publications and Other Works

Autonomous vehicles (AVs) use diverse sensors to understand their surroundings as they continually make safety- critical decisions. However, establishing trust with other AVs is a key prerequisite because safety-critical decisions cannot be made based on data shared from untrusted sources. Existing protocols require an infrastructure network connection and a third-party root of trust to establish a secure channel, which are not always available.

In this paper, we propose a sensor-fusion approach for mobile trust establishment, which combines GPS and visual data. The combined data forms evidence that one vehicle is nearby another, which is a strong indication that it is …

A Dark Web Pharma Framework For A More Efficient Investigation Of Dark Web Covid-19 Vaccine Products., Francisca Afua Opoku-Boateng

Masters Theses & Doctoral Dissertations

Globally, as the COVID-19 pandemic persists, it has not just imposed a significant impact on the general well-being of individuals, exposing them to unprecedented financial hardships and online information deception. However, it has also forced consumers, buyers, and suppliers to look toward a darkened economic world – the Dark Web world – a sinister complement to the internet, driven by financial gains, where illegal goods and services are advertised sold. As the Dark Web gains an increase in recognition by normal web users during this pandemic, how to perform cybercrime investigations on the Dark Web becomes challenging for manufacturers, investigators, …

Hypergaming For Cyber: Strategy For Gaming A Wicked Problem, Joshua A. Sipper

Military Cyber Affairs

Cyber as a domain and battlespace coincides with the defined attributes of a “wicked problem” with complexity and inter-domain interactions to spare. Since its elevation to domain status, cyber has continued to defy many attempts to explain its reach, importance, and fundamental definition. Corresponding to these intricacies, cyber also presents many interlaced attributes with other information related capabilities (IRCs), namely electromagnetic warfare (EW), information operations (IO), and intelligence, surveillance, and reconnaissance (ISR), within an information warfare (IW) construct that serves to add to its multifaceted nature. In this cyber analysis, the concept of hypergaming will be defined and discussed in …

Adversarial Machine Learning For The Protection Of Legitimate Software, Colby Parker

Theses and Dissertations

Obfuscation is the transforming a given program into one that is syntactically different but semantically equivalent. This new obfuscated program now has its code and/or data changed so that they are hidden and difficult for attackers to understand. Obfuscation is an important security tool and used to defend against reverse engineering. When applied to a program, different transformations can be observed to exhibit differing degrees of complexity and changes to the program. Recent work has shown, by studying these side effects, one can associate patterns with different transformations. By taking this into account and attempting to profile these unique side …

Circuit-Variant Moving Target Defense For Side-Channel Attacks On Reconfigurable Hardware, Tristen H. Mullins

Theses and Dissertations

With the emergence of side-channel analysis (SCA) attacks, bits of a secret key may be derived by correlating key values with physical properties of cryptographic process execution. Power and Electromagnetic (EM) analysis attacks are based on the principle that current flow within a cryptographic device is key-dependent and therefore, the resulting power consumption and EM emanations during encryption and/or decryption can be correlated to secret key values. These side-channel attacks require several measurements of the target process in order to amplify the signal of interest, filter out noise, and derive the secret key through statistical analysis methods. Differential power and …

An Application Of Machine Learning To Analysis Of Packed Mac Malware, Kimo Bumanglag

Masters Theses & Doctoral Dissertations

The macOS operating system is increasingly targeted by malware. Software written for macOS, both benign and malicious, is in the Mach-O executable format. Malware authors may frustrate analysts through obfuscation methods such as packing. The field of malware research on Windows is well-established but is less so on the macOS platform. Thus far, no research has been identified that studies how machine learning can be used to detected packed Mach-O malware. This research applies supervised machine learning techniques to the classification of packed Mach-O malware. This research will answer three research questions. First, whether machine learning can classify packed Mach-O …

Dataset Evaluation For Data Trading Using Expected Loss And Homomorphic Encryption, Minsung Joo

Senior Honors Papers / Undergraduate Theses

Supervised machine learning suffers from the ``garbage-in garbage-out" phenomenon where the performance of a model is limited by the quality of the data. While a myriad of data is collected every second, there is no general rigorous method of evaluating the quality of a given dataset. This hinders fair pricing of data in scenarios where a buyer may look to buy data for use with machine learning. In this work, I propose using the expected loss corresponding to a dataset as a measure of its quality, relying on Bayesian methods for uncertainty quantification. Furthermore, I present a secure multi-party computation …

Effective Cybersecurity Risk Management In Projects, Steven Scott Presley

Theses and Dissertations

Project meta-phases describe the life stages in which project and sponsoring organizations are exposed to cybersecurity risk. Three hypotheses were formulated to examine whether cybersecurity risk was evident in each of three project meta-phases. Project assets for a typical information systems project were identified and associated with each project meta-phase. Whitman’s Threat, Vulnerability and Asset (TVA) risk management process was used to create project threat scenarios, which formed the basis of a risk assessment questionnaire. An online tool was used to administer the survey to 66 project and/or cybersecurity professionals. Participants were asked to rate each scenario’s probability of occurrence …

Framework Of Hardware Trojan Detection Leveraging Structural Checking Tool, Rafael Dacanay Del Carmen

Graduate Theses and Dissertations

Since there is a significant demand for obtaining third-party soft Intellectual Property (IP) by first-party integrated circuit (IC) vendors, it is becoming easier for adversaries to insert malicious logic known as hardware Trojans into designs. Due to this, vendors need to find ways to screen the third-party IPs for possible security threats and then mitigate them. The development of the Structural Checking (SC) tool provides a solution to this issue. This tool analyzes the structure of an unknown soft IP design and creates a network of all the signals within the design and how they are connected to each other. …

Enhancing System Security Using Dynamic Hardware, Sydney L. Davis

Theses and Dissertations

Within the ever-advancing field of computing, there is significant research into the many facets of cyber security. However, there is very little research to support the concept of using a Field Programmable Gate Array (FPGA) to increase the security of a system. While its most common use is to provide efficiency and speedup of processes, this research considers the use of an FPGA to mitigate vulnerabilities in both software and hardware. This paper proposes circuit variance within an FPGA as a method of Moving Target Defense (MTD) and investigates its effect on side-channels. We hypothesize that although the functionality of …

Ransomware And Malware Sandboxing, Byron Denham

Computer Science and Computer Engineering Undergraduate Honors Theses

The threat of ransomware that encrypts data on a device and asks for payment to decrypt the data affects individual users, businesses, and vital systems including healthcare. This threat has become increasingly more prevalent in the past few years. To understand ransomware through malware analysis, care must be taken to sandbox the ransomware in an environment that allows for a detailed and comprehensive analysis while also preventing it from being able to further spread. Modern malware often takes measures to detect whether it has been placed into an analysis environment to prevent examination. In this work, several notable pieces of …

Side-Channel Analysis On Post-Quantum Cryptography Algorithms, Tristen Teague

Computer Science and Computer Engineering Undergraduate Honors Theses

The advancements of quantum computers brings us closer to the threat of our current asymmetric cryptography algorithms being broken by Shor's Algorithm. NIST proposed a standardization effort in creating a new class of asymmetric cryptography named Post-Quantum Cryptography (PQC). These new algorithms will be resistant against both classical computers and sufficiently powerful quantum computers. Although the new algorithms seem mathematically secure, they can possibly be broken by a class of attacks known as side-channels attacks (SCA). Side-channel attacks involve exploiting the hardware that the algorithm runs on to figure out secret values that could break the security of the system. …