Engineering Commons^™

Internet Applications Development Issues And Strategic Considerations, Róisín Faherty

The ITB Journal

This paper examines the development issues and strategic considerations involved in Internet Applications Development. The prevalent development environments are discussed highlighting their advantages and disadvantages. Issues regarding the development of Internet applications are viewed under the headings of human resource, organizational, technological, investment and Legal Issues. Lastly the paper gives an overview of the strategic implications for an organization considering the development of Internet Applications. These include security, quality and the look & feel of the application. This paper is not intended as a definitive resource on the area of Internet Applications Development, its aim is to highlight the areas …

On Enhancements Of Physical Layer Secret Key Generation And Its Application In Wireless Communication Systems, Kang Liu

Electronic Thesis and Dissertation Repository

As an alternative and appealing approach to providing information security in wireless communication systems, secret key generation at physical layer has demonstrated its potential in terms of efficiency and reliability over traditional cryptographic methods. Without the necessity of a management centre for key distribution or reliance on computational complexity, physical layer key generation protocols enable two wireless entities to extract identical and dynamic keys from the randomness of the wireless channels associated with them.

In this thesis, the reliability of secret key generation at the physical layer is examined in practical wireless channels with imperfect channel state information (CSI). Theoretical …

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

Cloud Computing Data Breaches: A Socio-Technical Review Of Literature, David Kolevski, Katina Michael

Professor Katina Michael

As more and more personal, enterprise and government data, services and infrastructure moves to the cloud for storage and processing, the potential for data breaches increases. Already major corporations that have outsourced some of their IT requirements to the cloud have become victims of cyber attacks. Who is responsible and how to respond to these data breaches are just two pertinent questions facing cloud computing stakeholders who have entered an agreement on cloud services. This paper reviews literature in the domain of cloud computing data breaches using a socio-technical approach. Socio-technical theory encapsulates three major dimensions- the social, the technical, …

Best Practices For The Implementation Of The Real Id Act, Jennifer R. Walton, Candice Y. Wallace, Andrew Martin

Kentucky Transportation Center Research Report

The REAL ID Act specifies the minimum standards that must be used to produce and issue driver’s license and identification cards that are REAL ID compliant. Beginning in 2020, if a person does not possess a form of identification that meets REAL ID standards they will not be able to board an aircraft that is regulated by the Federal Aviation Administration. Currently, of the 56 states and jurisdictions required to implement the REAL ID Act, only 23 are in compliance. Although the Commonwealth of Kentucky has not yet implemented the REAL ID Act, an extension allowing Federal agencies to accept …

A Survey Of Security And Privacy Challenges In Cloud Computing: Solutions And Future Directions, Yuhong Liu, Yan Lindsay Sun, Jungwoo Ryoo, Athanasios V. Vasilakos

Computer Science and Engineering

While cloud computing is gaining popularity, diverse security and privacy issues are emerging that hinder the rapid adoption of this new computing paradigm. And the development of defensive solutions is lagging behind. To ensure a secure and trustworthy cloud environment it is essential to identify the limitations of existing solutions and envision directions for future research. In this paper, we have surveyed critical security and privacy challenges in cloud computing, categorized diverse existing solutions, compared their strengths and limitations, and envisioned future research directions.

Modeling Security And Resource Allocation For Mobile Multi-Hop Wireless Neworks Using Game Theory, Laurent L. Y. Njilla

FIU Electronic Theses and Dissertations

This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of …

From Physical Security To Cybersecurity, Arunesh Sinha, Thanh H. Nguyen, Debarun Kar, Matthew Brown, Milind Tambe, Albert Xin Jiang

Research Collection School Of Computing and Information Systems

Security is a critical concern around the world. In many domains from cybersecurity to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of …

Evaluating The Security Of Smart Home Hubs, Steven A. Christiaens

Theses and Dissertations

The goal of this research is to improve the security of smart home hubs by developing a standard against which hubs can be evaluated. This was done by first reviewing existing standards, guides, and collections of best practices. I determined that adapting or extending an existing standard was the best way to proceed. Potential candidates were selected, and after thorough comparison, I chose to extend the OWASP Application Security Verification Standard (ASVS). Extensions were composed of additional security requirements to address smart home hub functionality not covered by the existing requirements of the ASVS. These additional requirements were developed based …

The Nuclear Security Science And Policy Institute At Texas A&M University, Claudio A. Gariazzo, Kelley H. Ragusa, David R. Boyle, William S. Charlton, Sunil S. Chirayath, Craig M. Marianno, Paul Nelson Jr.

International Journal of Nuclear Security

The Nuclear Security Science and Policy Institute (NSSPI) is a multidisciplinary organization at Texas A&M University and was the first U.S. academic institution focused on technical graduate education, research, and service related to the safeguarding of nuclear materials and the reduction of nuclear threats. NSSPI employs science, engineering, and policy expertise to: (1) conduct research and development to help detect, prevent, and reverse nuclear and radiological proliferation and guard against nuclear terrorism; (2) educate the next generation of nuclear security and nuclear nonproliferation leaders; (3) analyze the interrelationships between policy and technology in the field of nuclear security; and (4) …

Intrusion Detection System Of Industrial Control Networks Using Network Telemetry, Stanislav Ponomarev

Doctoral Dissertations

Industrial Control Systems (ICSs) are designed, implemented, and deployed in most major spheres of production, business, and entertainment. ICSs are commonly split into two subsystems - Programmable Logic Controllers (PLCs) and Supervisory Control And Data Acquisition (SCADA) systems - to achieve high safety, allow engineers to observe states of an ICS, and perform various configuration updates. Before wide adoption of the Internet, ICSs used "air-gap" security measures, where the ICS network was isolated from other networks, including the Internet, by a physical disconnect [1]. This level of security allowed ICS protocol designers to concentrate on the availability and safety of …

Slides: Ag Water Sharing: Legal Challenges And Considerations, Peter D. Nichols

Innovations in Managing Western Water: New Approaches for Balancing Environmental, Social and Economic Outcomes (Martz Summer Conference, June 11-12)

Presenter: Peter D. Nichols, Esq., Partner, Berg, Hill, Greenleaf and Ruscitti, Boulder, CO

25 slides

Toward The Systematization Of Active Authentication Research, Daniel Fleming Gerrity

Master's Theses

Authentication is the vital link between your real self and your digital self. As our digital selves become ever more powerful, the price of failing authentication grows. The most common authentication protocols are static data and employed only once at login. This allows for authentication to be spoofed just once to gain access to an entire user session. Behaviometric protocols continuously consume a user’s behavior as a token of authentication and can be applied throughout a session, thereby eliminating a fixed token to spoof. Research into these protocols as viable forms of authentication is relatively recent and is being conducted …

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Measuring The Effectiveness Of Photoresponsive Nanocomposite Coatings On Aircraft Windshields To Mitigate Laser Intensity, Ryan S. Phillips, Hubert K. Bilan, Zachary X. Widel, Randal J. Demik, Samantha J. Brain, Matthew Moy, Charles Crowder, Stanley L. Harriman, James T. O'Malley Iii, Joseph E. Burlas, Steven F. Emmert, Jason J. Keleher

Journal of Aviation Technology and Engineering

In 2004, pilots reported 46 laser illumination events to the Federal Aviation Administration (FAA), with the number increasing to approximately 3,600 in 2011. Since that time, the number of reported laser incidents has ranged from 3,500 to 4,000. Previous studies indicate the potential for flight crewmember distraction from bright laser light being introduced to the cockpit. Compositional variations of the photoresponsive nanocomposite coatings were applied to an aircraft windscreen using a modified liquid dispersion/heating curing process. The attenuating effects of the deposited films on laser light intensity were evaluated using an optical power meter and the resultant laser intensity data …

Runtime Detection Of A Bandwidth Denial Attack From A Rogue Network-On-Chip, Rajesh Jayashankarashridevi

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

Chips with high computational power are the crux of today’s pervasive complex digital systems. Microprocessor circuits are evolving towards many core designs with the integration of hundreds of processing cores, memory elements and other devices on a single chip to sustain high performance computing while maintaining low design costs. Two decisive paradigm shifts in the semiconductor industry have made this evolution possible: (a) architectural and (b) organizational.

At the heart of the architectural innovation is a scalable high speed data communication structure, the network-on-chip (NoC). NoC is an interconnect network for the glueless integration of on-chip components in the …

Data Integrity Verification In Cloud Computing, Katanosh Morovat

Graduate Theses and Dissertations

Cloud computing is an architecture model which provides computing and storage capacity as a service over the internet. Cloud computing should provide secure services for users and owners of data as well. Cloud computing services are a completely internet-based technology where data are stored and maintained in the data center of a cloud provider. Lack of appropriate control over the data might incur several security issues. As a result, some data stored in the cloud must be protected at all times. These types of data are called sensitive data. Sensitive data is defined as data that must be protected against …

Evaluation Of Security Vulnerabilities Of Popular Computer And Server Operating Systems Under Cyber Attacks, Rodolfo Baez Jr.

Theses and Dissertations - UTB/UTPA

Nowadays many operating systems are including security features in order to prevent network attacks, and since one of the roles of the OS is to manage the resources as efficient as possible. It is imperative to investigate the protection that is provided. Therefore, the scientific significance of this thesis was to evaluate, what type of built-in defense mechanisms that different OS’s had in place in order to mitigate these network attacks. In this thesis, we considered the security of the following globally deployed computer OS’s: Microsoft’s Windows 7, Apple’s OS X Lion, and Ubuntu 13.10. Furthermore, we also tested four …

Cumulonimbus Computing Concerns: Information Security In Public, Private, And Hybrid Cloud Computing, Daniel Adams

Senior Honors Theses

Companies of all sizes operating in all markets are moving toward cloud computing for greater flexibility, efficiency, and cost savings. The decision of how to adopt the cloud is a question of major security concern due to the fact that control is relinquished over certain portions of the IT ecosystem. This thesis presents the position that the main security decision in moving to cloud computing is choosing which type of cloud to employ for each portion of the network – the hybrid cloud approach. Vulnerabilities that exist on a public cloud will be explored, and recommendations on decision factors will …

Cloud Enabled Attack Vectors, Ryan Jasper

Purdue Polytechnic Directed Projects

The purpose of this directed project and related research was to demonstrate and catalog a new attack vector that utilizes cloud managed infrastructure. Cloud computing is a recent trend that is creating significant hype in the IT sector. Being that cloud computing is a new theme in the computing world, there are many security concerns that remain unknown and unexplored. The product of this directed project provides a documented taxonomy of the new attack vector and how to mitigate risk from this kind of attack.

The new attack vector creates efficiencies throughout the lifecycle of an attack and greatly reduces …

Remote Mobile Screen (Rms): An Approach For Secure Byod Environments, Santiago Manuel Gimenez Ocano

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Bring Your Own Device (BYOD) is a policy where employees use their own personal mobile devices to perform work-related tasks. Enterprises reduce their costs since they do not have to purchase and provide support for the mobile devices. BYOD increases job satisfaction and productivity in the employees, as they can choose which device to use and do not need to carry two or more devices.

However, BYOD policies create an insecure environment, as the corporate network is extended and it becomes harder to protect it from attacks. In this scenario, the corporate information can be leaked, personal and corporate spaces …

The Value Of Professional Security Industry Certifications, Daniel Benny Ph.D

Aviation / Aeronautics / Aerospace International Research Conference

In the security and aviation community there are many professional security certifications that can be achieved in all disciplines of security. Those pertinent to aviation will be explored.

Innovative Self-Organization Wireless Sensor Networks For Electrical Power Systems, Hiu Fai Chan, Heiko Rudolph

Staff Publications

Wireless Sensor Networks (WSNs) gather information for electrical power systems and help to manage demand Response and demand side strategies. Optimization of WSNs depends on their physical deployment, and it will bring to the fore a very focused number of parameters to be optimized. Selforganization of WSNs is an important issue to be considered, and it requires the nodes to form a network by collaboration with each other without using manual intervention. Moreover, the WSNs implemented in electrical power systems should be secured and energy efficient in order to provide highly reliable data for monitoring and control.

In this paper, …

A Human-Centered Credit-Banking System For Convenient, Fair And Secure Carpooling Among Members Of An Association, H.-S. Jacob Tsao, Magdalini Eirinaki

Faculty Publications

This paper proposes an unconventional carpool-matching system concept that is different from existing systems with four innovative operational features: (F1) The proposed matching system will be used by members of an association and sponsored by the association, e.g., the employees of a company, members of a homeowner association, employees of a shopping center. This expands the scope beyond commute trips. Such associations can also voluntarily form alliances to increase the number of possible carpool partners and geographical reach. (F2) Service provided by a driver or received by a rider incurs credit or debt to a bank centrally and fairly managed …

Recent Advances In Security And Privacy In Big Data, Yong Yu, Yi Mu, Giuseppe Ateniese

Faculty of Engineering and Information Sciences - Papers: Part A

Big data has become an important topic in science, engineering, medicine, healthcare, finance, business and ultimately society itself. Big data refers to the massive amount of digital information stored or transmitted in computer systems. Approximately, 2.5 quintillion bytes of data are created every day. Almost 90% of data in the world today are created in the last two years alone. Security and privacy issues becomes more critical due to large volumes and variety, due to data hosted in large-scale cloud infrastructures, diversity of data sources and formats, streaming nature of data acquisition and high volume inter-cloud migration. In large-scale cloud …

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer

Electrical & Computer Engineering and Computer Science Faculty Publications

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and …

Privacy Protection On Cloud Computing, Min Li

Theses and Dissertations

Cloud is becoming the most popular computing infrastructure because it can attract more and more traditional companies due to flexibility and cost-effectiveness. However, privacy concern is the major issue that prevents users from deploying on public clouds. My research focuses on protecting user's privacy in cloud computing. I will present a hardware-based and a migration-based approach to protect user's privacy. The root cause of the privacy problem is current cloud privilege design gives too much power to cloud providers. Once the control virtual machine (installed by cloud providers) is compromised, external adversaries will breach users’ privacy. Malicious cloud administrators are …

Blind Area Target Aiming System And Preference Selection Training System Design, Zhine Kang

Dissertations, Master's Theses and Master's Reports

A cyber-physical system (CPS) is a system of leveraging computational elements controlling physical entities that is widely applied in our daily life for all kinds of purpose. It helps us build smart devices and make life become much easier. In this report, two projects were designed to show the idea that how cyber-physical system works in human daily life. The first project is designed for personal security, especially for one of the most dangerous job: security service. It helps user defend his back while he/she is in a tough situation while he or she is alone. First there will be …

Harbor Security System, Timothy Jonathan Brown, Matthew Birkebak

Honors Theses and Capstones

Harbors and ports provide the infrastructure for commercial trade and naval facilities. It is vital to ensure the safety of these locations. The Harbor Security System provides an optical ‘gate’ using underwater lasers and photodetectors. This system allows monitoring of both surface and submarine vessels traveling into and out of the harbor. Also, the system provides real time alerts when unauthorized vessels enter the harbor. This project provides a proof of concept for a Harbor Security System to be implemented in Portsmouth Harbor. A scaled model of the detection system was constructed and tested. This detection system is capable of …

A New Bio-Cryptosystem-Oriented Security Analysis Framework And Implementation Of Multibiometric Cryptosystems Based On Decision Level Fusion, Cai Li, Jiankun Hu, Josef Pieprzyk, Willy Susilo

Faculty of Engineering and Information Sciences - Papers: Part A

Biometric cryptosystems provide an innovative solution for cryptographic key generation, encryption as well as biometric template protection. Besides high authentication accuracy, a good biometric cryptosystem is expected to protect biometric templates effectively, which requires that helper data does not reveal significant information about the templates. Previous works predominantly follow an appropriate entropy definition to measure the security of biometric cryptosystems. In this paper, we point out limitations of entropy-based security analysis and propose a new security analysis framework that combines information-theoretic approach with computational security. In addition, we construct a fingerprint-based multibiometric cryptosystem using decision level fusion. Hash functions are …