Engineering Commons^™

An Overview Of The Usage Of Default Passwords, Brandon Knierem, Xiaolu Zhang, Philip Levine, Frank Breitinger, Ibrahim Baggili

Electrical & Computer Engineering and Computer Science Faculty Publications

The recent Mirai botnet attack demonstrated the danger of using default passwords and showed it is still a major problem. In this study we investigated several common applications and their password policies. Specifically, we analyzed if these applications: (1) have default passwords or (2) allow the user to set a weak password (i.e., they do not properly enforce a password policy). Our study shows that default passwords are still a significant problem: 61% of applications inspected initially used a default or blank password. When changing the password, 58% allowed a blank password, 35% allowed a weak password of 1 character.

Comparing The Effectiveness Of Different Classification Techniques In Predicting Dns Tunnels, Patrick Walsh

Dissertations

DNS is one of the most widely used protocols on the internet and is used in the translation of domain names into IP address in order to correctly route messages between computers. It presents an attractive attack vector for criminals as the service is not as closely monitored by security experts as other protocols such as HTTP or FTP. Its use as a covert means of communication has increased with the availability of tools that allow for the creation of DNS tunnels using the protocol. One of the primary motivations for using DNS tunnels is the illegal extraction of information …

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken …

Can A Strictly Defined Security Configuration For Iot Devices Mitigate The Risk Of Exploitation By Botnet Malware?, David Kennefick

Dissertations

The internet that we know and use every day is the internet of people, a collection of knowledge and data that can be accessed anywhere is the world anytime from many devices. The internet of the future is the Internet of Things. The Internet of Things is a collection of automated technology that is designed to be run autonomously, but on devices designed for humans to use. In 2016 the Mirai malware has shown there are underlying vulnerabilities in devices connected to the internet of things. Mirai is specifically designed to recognise and exploit IoT devices and it has been …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Department of Electrical and Computer Engineering: Faculty Publications

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding …

Who R U? Identity Theft And Unl Students, Marcia L. Dority Baker, Cheryl O'Dell

Information Technology Services: Publications

How can academic institutions help educate their students about the risks of identity theft? Or teach students to better understand how one’s online presence can hold so much joy and angst? For one campus, the University of Nebraska–Lincoln, the opportunity came from a middle school teacher engaging his students in a future problem-solving activity. UNL had the opportunity to create a 45-minute presentation on identity theft for local public school students who would be spending the day on campus researching this topic.

While preparing the presentation, we realized a top 10 list on identity theft for UNL students would be …

Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur

FIU Electronic Theses and Dissertations

Although smart meters are deployed in many countries, the data collection process from smart meters in Smart Grid (SG) still has some challenges related to consumer privacy that needs to be addressed. Referred to as Advanced Metering Infrastructure (AMI), the data collected and transmitted through the AMI can leak sensitive information about the consumers if it is sent as a plaintext.

While many solutions have been proposed in the past, the deployment of these solutions in real-life was not possible since the actual AMIs were not accessible to researchers. Therefore, a lot of solutions relied on simulations which may not …

Semeo: A Semantic Equivalence Analysis Framework For Obfuscated Android Applications, Zhen Hu

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Software repackaging is a common approach for creating malware. In this approach, malware authors inject malicious payloads into legitimate applications; then, to ren- der security analysis more difficult, they obfuscate most or all of the code. This forces analysts to spend a large amount of effort filtering out benign obfuscated methods in order to locate potentially malicious methods for further analysis. If an effective mechanism for filtering out benign obfuscated methods were available, the number of methods that must be analyzed could be reduced, allowing analysts to be more productive. In this thesis, we introduce SEMEO, a highly effective and …

A Security Analysis Of Cyber-Physical Systems Architecture For Healthcare, Darren Seifert, Hassan Reza

Computer Science Faculty Publications

This paper surveys the available system architectures for cyber-physical systems. Several candidate architectures are examined using a series of essential qualities for cyber-physical systems for healthcare. Next, diagrams detailing the expected functionality of infusion pumps in two of the architectures are analyzed. The STRIDE Threat Model is then used to decompose each to determine possible security issues and how they can be addressed. Finally, a comparison of the major security issues in each architecture is presented to help determine which is most adaptable to meet the security needs of cyber-physical systems in healthcare.

Significant Permission Identification For Android Malware Detection, Lichao Sun

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

A recent report indicates that a newly developed malicious app for Android is introduced every 11 seconds. To combat this alarming rate of malware creation, we need a scalable malware detection approach that is effective and efficient. In this thesis, we introduce SigPID, a malware detection system based on permission analysis to cope with the rapid increase in the number of Android malware. Instead of analyzing all 135 Android permissions, our approach applies 3-level pruning by mining the permission data to identify only significant permissions that can be effective in distinguishing benign and malicious apps. Based on the identified significant …

Optical Fiber Sensors In Physical Intrusion Detection Systems: A Review, Gary Andrew Allwood, Graham Wild, Steven Hinkley

Research outputs 2014 to 2021

Fiber optic sensors have become a mainstream sensing technology within a large array of applications due to their inherent benefits. They are now used significantly in structural health monitoring, and are an essential solution for monitoring harsh environments. Since their first development over 30 years ago, they have also found promise in security applications. This paper reviews all of the optical fiber-based techniques used in physical intrusion detection systems. It details the different approaches used for sensing, interrogation, and networking, by research groups, attempting to secure both commercial and residential premises from physical security breaches. The advantages and the disadvantages …

A Survey Of Security And Privacy Challenges In Cloud Computing: Solutions And Future Directions, Yuhong Liu, Yan Lindsay Sun, Jungwoo Ryoo, Athanasios V. Vasilakos

Computer Science and Engineering

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

Modeling Security And Resource Allocation For Mobile Multi-Hop Wireless Neworks Using Game Theory, Laurent L. Y. Njilla

FIU Electronic Theses and Dissertations

This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of …

From Physical Security To Cybersecurity, Arunesh Sinha, Thanh H. Nguyen, Debarun Kar, Matthew Brown, Milind Tambe, Albert Xin Jiang

Research Collection School Of Computing and Information Systems

Security is a critical concern around the world. In many domains from cybersecurity to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of …

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Cumulonimbus Computing Concerns: Information Security In Public, Private, And Hybrid Cloud Computing, Daniel Adams

Senior Honors Theses

Companies of all sizes operating in all markets are moving toward cloud computing for greater flexibility, efficiency, and cost savings. The decision of how to adopt the cloud is a question of major security concern due to the fact that control is relinquished over certain portions of the IT ecosystem. This thesis presents the position that the main security decision in moving to cloud computing is choosing which type of cloud to employ for each portion of the network – the hybrid cloud approach. Vulnerabilities that exist on a public cloud will be explored, and recommendations on decision factors will …

Cloud Enabled Attack Vectors, Ryan Jasper

Purdue Polytechnic Directed Projects

The purpose of this directed project and related research was to demonstrate and catalog a new attack vector that utilizes cloud managed infrastructure. Cloud computing is a recent trend that is creating significant hype in the IT sector. Being that cloud computing is a new theme in the computing world, there are many security concerns that remain unknown and unexplored. The product of this directed project provides a documented taxonomy of the new attack vector and how to mitigate risk from this kind of attack.

The new attack vector creates efficiencies throughout the lifecycle of an attack and greatly reduces …

Remote Mobile Screen (Rms): An Approach For Secure Byod Environments, Santiago Manuel Gimenez Ocano

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Bring Your Own Device (BYOD) is a policy where employees use their own personal mobile devices to perform work-related tasks. Enterprises reduce their costs since they do not have to purchase and provide support for the mobile devices. BYOD increases job satisfaction and productivity in the employees, as they can choose which device to use and do not need to carry two or more devices.

However, BYOD policies create an insecure environment, as the corporate network is extended and it becomes harder to protect it from attacks. In this scenario, the corporate information can be leaked, personal and corporate spaces …

A Human-Centered Credit-Banking System For Convenient, Fair And Secure Carpooling Among Members Of An Association, H.-S. Jacob Tsao, Magdalini Eirinaki

Faculty Publications

This paper proposes an unconventional carpool-matching system concept that is different from existing systems with four innovative operational features: (F1) The proposed matching system will be used by members of an association and sponsored by the association, e.g., the employees of a company, members of a homeowner association, employees of a shopping center. This expands the scope beyond commute trips. Such associations can also voluntarily form alliances to increase the number of possible carpool partners and geographical reach. (F2) Service provided by a driver or received by a rider incurs credit or debt to a bank centrally and fairly managed …

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer

Electrical & Computer Engineering and Computer Science Faculty Publications

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and …

Cloud-Based Storage Applications For Smart Phones: Forensic Investigation Of Cloud Storage Applications, Radoslaw Ochrymowicz

Dissertations

The proliferation of smart phones across the globe, development of 4G network standards and its progressing implementation along with shift towards cloud computing bring risks to smart phone users who avail of these service. Security of cloud storage mobile applications should be essential to smart phone users. Enterprises’ move to huge data centres and availing of their infrastructure, platform and service is an advantage but poses a risk. Users use corporate resources managed and administered with security in mind of policy makers but it is still possible to use unsecure, designed for users services without business being aware of it. …

Keeping The Skies Safe, Massood Towhidnejad, Andrew J. Kornecki

Department of Electrical Engineering and Computer Science - Daytona Beach

Professors Massood Towhidnejad and Andrew Kornecki shine a light on how their lab is helping government and the aviation industry to enhance the safety and security of software-intensive systems.

A Study On Countermeasures Against Steganography: An Active Warden Approach, Qilin Qi

Computer and Electronics Engineering: Dissertations, Theses, and Student Research

Digital steganography is a method used for hiding information in digital images. It can be used for secure communication. There have been many robust digital steganography methods invented in recent decades. The steganographic message can be inserted in multimedia cover signal such as audio, image and video. However, this technique also may be used by malicious users to transmit dangerous information through the Internet beyond the control of security agencies. How to detect and/or block potentially dangerous information transmission on the Internet through billions of multimedia files while not affecting innocent multimedia communications becomes a challenging problem. Existing steganalysis methods …

Trajectory Privacy Preservation In Mobile Wireless Sensor Networks, Xinyu Jin

FIU Electronic Theses and Dissertations

In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". …

Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson

Research Collection School Of Computing and Information Systems

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense …

Assurance Of Energy Efficiency And Data Security For Ecg Transmission In Basns, Tao Ma, Pradhumna Shrestha, Michael Hempel, Dongming Peng, Hamid Sharif, Hsiao-Hwa Chen

Department of Electrical and Computer Engineering: Faculty Publications (to 2015)

With the technological advancement in body area sensor networks (BASNs), low cost high quality electrocardiographic (ECG) diagnosis systems have become important equipment for healthcare service providers. However, energy consumption and data security with ECG systems in BASNs are still two major challenges to tackle. In this study, we investigate the properties of compressed ECG data for energy saving as an effort to devise a selective encryption mechanism and a two-rate unequal error protection (UEP) scheme. The proposed selective encryption mechanism provides a simple and yet effective security solution for an ECG sensor-based communication platform, where only one percent of data …

Techniques For Detection Of Malicious Packet Drops In Networks, Vikram R. Desai

Masters Theses 1911 - February 2014

The introduction of programmability and dynamic protocol deployment in routers, there would be an increase in the potential vulnerabilities and attacks . The next- generation Internet promises to provide a fundamental shift in the underlying architecture to support dynamic deployment of network protocols. In this thesis, we consider the problem of detecting malicious packet drops in routers. Specifically, we focus on an attack scenario, where a router selectively drops packets destined for another node. Detecting such an attack is challenging since it requires differentiating malicious packet drops from congestion-based packet losses. We propose a controller- based malicious packet detection technique …

A Web Application For Financial Trading Simulation, Li-Chiou Chen, Lixin Tao, Padma Kadiyala

Cornerstone 3 Reports : Interdisciplinary Informatics

No abstract provided.

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

All Faculty Scholarship

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital expenditures …