Information Security Commons^™

Revolution In Crime: How Cryptocurrencies Have Changed The Criminal Landscape, Igor Groysman

Student Theses

This thesis will examine the ways in which various cryptocurrencies have impacted certain traditional crimes. While crime is always evolving with technology, cryptocurrencies are a game changer in that they provide anonymous and decentralized payment systems which, while they can be tracked in a reactive sense via the blockchain, are seen by criminals as having better uses for them than traditional fiat currencies, such as the ability to send money relatively fast to another party without going through an intermediary, or the ability to obscure the origin of the money for money laundering purposes. Every week there are new cryptocurrencies …

Learning-Based Analysis On The Exploitability Of Security Vulnerabilities, Adam Bliss

Computer Science and Computer Engineering Undergraduate Honors Theses

The purpose of this thesis is to develop a tool that uses machine learning techniques to make predictions about whether or not a given vulnerability will be exploited. Such a tool could help organizations such as electric utilities to prioritize their security patching operations. Three different models, based on a deep neural network, a random forest, and a support vector machine respectively, are designed and implemented. Training data for these models is compiled from a variety of sources, including the National Vulnerability Database published by NIST and the Exploit Database published by Offensive Security. Extensive experiments are conducted, including testing …

Strong Mutation-Based Test Generation Of Xacml Policies, Roshan Shrestha

Boise State University Theses and Dissertations

There exist various testing methods for XACML policies which vary in their overall fault detection ability and none of them can detect all the (killable) injected faults except for the simple policies. Further, it is unclear that what is essential for the fault detection of XACML policies. To address these issues, we formalized the fault detection conditions in the well-studied fault model of XACML policies so that it becomes clear what is essential for the fault detection. We formalized fault detection conditions in the form of reachability, necessity and propagation constraint. We, then, exploit these constraints to generate a mutation-based …

Towards Enhanced Security For Automotive Operating Systems, Maksym Hryhorenko

Theses and Dissertations

Modern automotive infotainment systems are represented by highly complex components with broad functionality and network capabilities. As a result, they are becoming more exposed to the outer world, thus turning into potentially lucrative targets for remote cyber attacks. In the worst case scenario, an attacker could gain complete control over critical vehicle’s systems, for instance, steering, braking, engine, etc. This thesis proposes security hardening features based on ARM’s TrustZone technology for infotainment systems that ensures confidentiality and integrity of critical applications. In addition, we present a technique that allows to mitigate the impact of certain attacks on the car’s internal …

The Role Of Information Communication Technologies (Icts) In Shaping Identity Threats And Responses, Mary Macharia

Graduate Theses and Dissertations

With the rising use of social media, people are increasingly experiencing, and responding to, identity threats online. This sometimes leads to online backlash via “cybermobs” or the creation of online social movements that traverse offline. Prior information systems (IS) research on identity threats and responses largely focuses on information communication technology (ICT) implementations within organizations in an offline context. Therefore, we lack understanding of ICT-mediated identity threats and responses and ways to promote healthier and productive interactions online. This two-essay dissertation seeks to fill this gap. Essay 1 combines a review of ICT-mediated identity threats with a qualitative study (based …

Authorized Function Homomorphic Signature, Qingwen Guo, Qiong Huang, Guomin Yang

Research Collection School Of Computing and Information Systems

Homomorphic signature (HS) is a novel primitive that allows an agency to carry out arbitrary (polynomial time) computation f on the signed data (m) over right arrow and accordingly gain a signature sigma(h) for the computation result f ((m) over right arrow) with respect to f on behalf of the data owner (DO). However, since DO lacks control of the agency's behavior, receivers would believe that DO did authenticate the computation result even if the agency misbehaves and applies a function that the DO does not want. To address the problem above, in this paper we introduce a new primitive …

Typing-Proof: Usable, Secure And Low-Cost Two-Factor Authentication Based On Keystroke Timings, Ximming Liu, Yingjiu Li, Robert H. Deng

Research Collection School Of Computing and Information Systems

Two-factor authentication (2FA) systems provide another layer of protection to users' accounts beyond password. Traditional hardware token based 2FA and software token based 2FA are not burdenless to users since they require users to read, remember, and type a onetime code in the process, and incur high costs in deployments or operations. Recent 2FA mechanisms such as Sound-Proof, reduce or eliminate users' interactions for the proof of the second factor; however, they are not designed to be used in certain settings (e.g., quiet environments or PCs without built-in microphones), and they are not secure in the presence of certain attacks …

Privacy-Preserving Remote User Authentication With K-Times Untraceability, Yangguang Tian, Yingjiu Li, Binanda Sengupta, Robert H. Deng, Albert Ching, Weiwei Liu

Research Collection School Of Computing and Information Systems

Remote user authentication has found numerous real-world applications, especially in a user-server model. In this work, we introduce the notion of anonymous remote user authentication with k-times untraceability (k-RUA) for a given parameter k, where authorized users authenticate themselves to an authority (typically a server) in an anonymous and k-times untraceable manner. We define the formal security models for a generic k-RUA construction that guarantees user authenticity, anonymity and user privacy. We provide a concrete instantiation of k-RUA having the following properties: (1) a third party cannot impersonate an authorized user by producing valid transcripts for the user while conversing …

Sybmatch: Sybil Detection For Privacy-Preserving Task Matching In Crowdsourcing, Jiangang Shu, Ximeng Liu, Kan Yang, Yinghui Zhang, Xiaohua Jia, Robert H. Deng

Research Collection School Of Computing and Information Systems

The past decade has witnessed the rise of crowdsourcing, and privacy in crowdsourcing has also gained rising concern in the meantime. In this paper, we focus on the privacy leaks and sybil attacks during the task matching, and propose a privacy-preserving task matching scheme, called SybMatch. The SybMatch scheme can simultaneously protect the privacy of publishers and subscribers against semi-honest crowdsourcing service provider, and meanwhile support the sybil detection against greedy subscribers and efficient user revocation. Detailed security analysis and thorough performance evaluation show that the SybMatch scheme is secure and efficient.

Making A Good Thing Better: Enhancing Password/Pin-Based User Authentication With Smartwatch, Bing Chang, Yingjiu Li, Qiongxiao Wang, Wen-Tao Zhu, Robert H. Deng

Research Collection School Of Computing and Information Systems

Wearing smartwatches becomes increasingly popular in people’s lives. This paper shows that a smartwatch can help its bearer authenticate to a login system effectively and securely even if the bearer’s password has already been revealed. This idea is motivated by our observation that a sensor-rich smartwatch is capable of tracking the wrist motions of its bearer typing a password or PIN, which can be used as an authentication factor. The major challenge in this research is that a sophisticated attacker may imitate a user’s typing behavior as shown in previous research on keystroke dynamics based user authentication. We address this …

Secure Smart Health With Privacy-Aware Aggregate Authentication And Access Control In Internet Of Things, Yinghui Zhang, Robert H. Deng, Gang Han, Dong Zheng

Research Collection School Of Computing and Information Systems

With the rapid technological advancements in the Internet of Things (IoT), wireless communication and cloud computing, smart health is expected to enable comprehensive and qualified healthcare services. It is important to ensure security and efficiency in smart health. However, existing smart health systems still have challenging issues, such as aggregate authentication, fine-grained access control and privacy protection. In this paper, we address these issues by introducing SSH, a Secure Smart Health system with privacy-aware aggregate authentication and access control in IoT. In SSH, privacy-aware aggregate authentication is enabled by an anonymous certificateless aggregate signature scheme, in which users' identity information …

Pribioauth: Privacy-Preserving Biometric-Based Remote User Authentication, Yangguang Tian, Yingjiu Li, Ximeng Liu, Robert H. Deng, Binanda Sengupta

Research Collection School Of Computing and Information Systems

Biometric-based remote user authentication (BRUA) is a useful primitive that allows an authorized user to remotely authenticate to a cloud server using biometrics. However, the existing BRUA solutions in the client-server setting lack certain privacy considerations. For example, authorized user's multiple sessions should not be linked while his identity remains anonymous to cloud server. In this work, we introduce an identity-concealed and unlinkable biometric-based remote user authentication framework, such that authorized users authenticate to an honest-but-curious server in an anonymous and unlinkable manner. In particular, we employ two non-colluding cloud servers to perform the complex biometrics matching. We formalize two …

Older Adults And The Authenticity Of Emails.Docx, Premankit Sannd, David M. Cook

Dr. David M Cook

Static Analysis Of Android Secure Application Development Process With Findsecuritybugs, Xianyong Meng

Master of Science in Computer Science Theses

Mobile devices have been growing more and more powerful in recent decades, evolving from a simple device for SMS messages and phone calls to a smart device that can install third party apps. People are becoming more heavily reliant on their mobile devices. Due to this increase in usage, security threats to mobile applications are also growing explosively. Mobile app flaws and security defects can provide opportunities for hackers to break into them and access sensitive information. Defensive coding needs to be an integral part of coding practices to improve the security of our code.

We need to consider data …

Sequence Pattern Mining With Variables, James S. Okolica, Gilbert L. Peterson, Robert F. Mills, Michael R. Grimaila

Faculty Publications

Sequence pattern mining (SPM) seeks to find multiple items that commonly occur together in a specific order. One common assumption is that all of the relevant differences between items are captured through creating distinct items, e.g., if color matters then the same item in two different colors would have two items created, one for each color. In some domains, that is unrealistic. This paper makes two contributions. The first extends SPM algorithms to allow item differentiation through attribute variables for domains with large numbers of items, e.g, by having one item with a variable with a color attribute rather than …

Cloud Security, Isabella Roth, Jose Salazar, Yi Hu

Posters-at-the-Capitol

Isabella Roth

Jose Salazar

Professor Yi Hu

Computer Information Technology

Cloud Security: AWS Abstract

With enterprises moving their IT infrastructure to the cloud using providers like Amazon Web Services (AWS), security problems have not been reduced. In fact, cloud computing brings new security challenges. Our research investigated better solutions to the security problems that come with using the cloud to store a companies data.

The cloud is a general term for using the internet to receive some sort of data vs connecting directly to a server. This makes it easier to do things such as connecting to an online app …

Performance Indicators Analysis Inside A Call Center Using A Simulation Program, Ditila Ekmekçiu, Markela Muça, Adrian Naço

International Journal of Business and Technology

This paper deals with and shows the results of different performance indicators analyses made utilizing the help of Simulation and concentrated on dimensioning problems of handling calls capacity in a call center. The goal is to measure the reactivity of the call center’s performance to potential changes of critical variables. The literature related to the employment of this kind of instrument in call centers is reviewed, and the method that this problem is treated momentarily is precisely described. The technique used to obtain this paper’s goal implicated a simulation model using Arena Contact Center software that worked as a key …

Modelling Business And Management Systems Using Fuzzy Cognitive Maps: A Critical Overview, Peter P. Groumpos

International Journal of Business and Technology

A critical overview of modelling Business and Management (B&M) Systems using Fuzzy Cognitive Maps is presented. A limited but illustrative number of specific applications of Fuzzy Cognitive Maps in diverse B&M systems, such as e business, performance assessment, decision making, human resources management, planning and investment decision making processes is provided and briefly analyzed. The limited survey is given in a table with statics of using FCMs in B&M systems during the last 15 years. The limited survey shows that the applications of Fuzzy Cognitive Maps to today’s Business and Management studies has been steadily increased especially during the last …

Healthcare Monitoring System Security Platform Using Software Defined Networking Paradigm, Mohamad Issam Khayat

Information Security Theses

This thesis studies the security and privacy concerns of Healthcare Monitoring System (HMS) and proposes a state-of-the-art Security Platform for HMS using the newly emerging Software Defined Network (SDN) paradigm. In this thesis, we investigate the existing HMS architecture and the relevant solutions proposed for both security and privacy concerns in the literature today. Moreover, we develop a new HMS Security Integration Framework, in the form of a security platform for securing HMS. Finally, we perform a comparison among existing architectures and our proposed framework to highlight the added value of our proposed architecture. Our proposed integration framework eliminates the …

Gender Differences In Identity-Based Social Influence: An Experimental Examination Of Software Piracy Behavior, Noura Eisa Jaber Al Khyeli

Information Security Theses

Software piracy is the unauthorized copying, sharing, or using the software. It can be a profitable endeavor for individuals and a tremendous loss for the industry. According to Gulf News, Software piracy losses in the Arabian Gulf states in 2015 was 897$ million (AED 3.29 billion). Therefore, it is critical to understand as much as possible about the phenomenon and investigate the factors that influence subjects’ piracy behavior. Driven by gaps in previously published literature, the study presented here is an experimental investigation into the gender differences in identity-based social influence. In essence, the study examined if males or females …