Engineering Commons^™

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Electrical and Computer Engineering Faculty Publications

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding …

Airport Security Investment Model, Joshua Daniel Bolton

Graduate Theses and Dissertations

In an increasingly mobile and diverse world, it is difficult to quantify the risk, or danger, associated with traveling. Airports have suffered greatly for being unable to define potential risks and protect against them. Intelligent adversary risk is a complicated high-level issue for many airports. Airports are targeted because of the large amount of people in a confined space and the social, economic, and psychological impact of terrorist attacks on the American people. In the months following September 11th, 2001, the airline industry in the United States lost $1.1 billion in revenue. The American people stayed grounded, for fear of …

A Novel E-Voting System With Diverse Security Features, Haijun Pan

Dissertations

Internet-based E-voting systems can offer great benefits over traditional voting machines in areas, such as protecting voter and candidate privacy, providing accurate vote counting, preventing voter fraud, and shortening the time of vote counting. This dissertation introduces, establishes and improves Internet-based E-voting systems on various aspects of the voting procedure. In addition, our designs also enable voters to track their votes which is a very important element in any elections.

Our novel Internet-based E-voting system is based on the following realistic assumptions: (1) The election authorities are not 100% trustworthy; (2) The E-voting system itself is not 100% trustworthy; (3) …

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken …

Can A Strictly Defined Security Configuration For Iot Devices Mitigate The Risk Of Exploitation By Botnet Malware?, David Kennefick

Dissertations

The internet that we know and use every day is the internet of people, a collection of knowledge and data that can be accessed anywhere is the world anytime from many devices. The internet of the future is the Internet of Things. The Internet of Things is a collection of automated technology that is designed to be run autonomously, but on devices designed for humans to use. In 2016 the Mirai malware has shown there are underlying vulnerabilities in devices connected to the internet of things. Mirai is specifically designed to recognise and exploit IoT devices and it has been …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Security For 5g Mobile Wireless Networks, Dongfeng Fang, Yi Qian, Rose Qingyang Hu

Department of Electrical and Computer Engineering: Faculty Publications

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding …

Simulation Modeling Approach For Evaluating A Solution Designed To Alleviate The Congestion Of Passenger Flow At The Composure Area Of Security Checkpoints, Maria Luisa Janer Rubio

Graduate Theses and Dissertations

In a previous study, we found that replacing the exit roller of a security checkpoint lane for a continuously circulating conveyor could potentially increase the throughput of passengers by over 28% while maintaining the TSA security-waiting time limit (Janer and Rossetti 2016). This study intends to expand this previous effort by investigating the impact of this circulating conveyor on the secondary screening related processes. Leone and Liu (2011) found that imposing a limit on the x-ray screening time, and diverting any item exceeding this limit to secondary screening, could decrease the waiting time by 43%. Our objective is to verify …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

Capturing Cognitive Fingerprints From Keystroke Dynamics, J. Morris Chang, Chi-Chen Fang, Kuan-Hsing Ho, Norene Kelly, Pei-Yuan Wu, Yixiao Ding, Chris Chu, Stephen B. Gilbert, Amed E. Kamal, Sun-Yuan Kung

Morris Chang

Conventional authentication systems identify a user only at the entry point. Keystroke dynamics can continuously authenticate users by their typing rhythms without extra devices. This article presents a new feature called cognitive typing rhythm (CTR) to continuously verify the identities of computer users. Two machine techniques, SVM and KRR, have been developed for the system. The best results from experiments conducted with 1,977 users show a false-rejection rate of 0.7 percent and a false-acceptance rate of 5.5 percent. CTR therefore constitutes a cognitive fingerprint for continuous. Its effectiveness has been verified through a large-scale dataset. This article is part of …

Modeling Autonomous Vehicles Through Radio Controlled Cars, Eva S. Chen

Computer Engineering

Autonomous vehicles have a lot of potential in improving people’s everyday lives. They could reduce congestion, reduce collisions, enhance mobility, and more. But with these benefits come security and privacy risks. In order to research and test some of these risks, we are building a set of scale autonomous cars that can model autonomous and collaborative behaviors. One such behaviour would be platooning, where a group of vehicles can travel closely together at high speeds by following a lead car. We are doing this with various sensors and control algorithms to allow for future modularity.

Measuring The Robustness Of Forensic Tools' Ability To Detect Data Hiding Techniques, Samuel Isaiah Moses

Theses and Dissertations

The goal of this research is to create a methodology that measures the robustness and effectiveness of forensic tools' ability to detect data hiding. First, an extensive search for any existing guidelines testing against data hiding was performed. After finding none, existing guidelines and frameworks in cybersecurity and cyber forensics were reviewed. Next, I created the methodology in this thesis. This methodology includes a set of steps that a user should take to evaluate a forensic tool. The methodology has been designed to be flexible and scalable so as new anti-forensic data hiding methods are discovered and developed, they can …

Security Measures Against A Rogue Network-On-Chip, Rajesh Jayashankarashridevi, Dean Michael Ancajas, Koushik Chakraborty, Sanghamitra Roy

Electrical and Computer Engineering Faculty Publications

Network-on-chip facilitates glueless interconnection of various on-chip components in the forthcoming system-on-chips. As in the case of any new technology, security is a major concern in network-on-chip (NoC) design too. In this work, we explore a covert threat model for multiprocessor system-on-chips (MPSoCs) stemming from the use of malicious third-party network-on-chips (NoCs). We illustrate that a rogue NoC (rNoC) can selectively disrupt the perceived availability of on-chip resources, thereby causing large performance bottlenecks for the applications running on the MPSoC platform. Further, to counter the threat posed by rNoC, we propose a runtime latency auditor that enables an MPSoC integrator …

Creating And Operating The Nuclear Urban Kinetics Effects Simulator, Jerrad Phillip Auxier

Doctoral Dissertations

The ability to create an accurate method for determining the composition of post-detonation debris in an urban environment is an essential component of a proper nuclear forensics program. The methods necessary to create a high fidelity computer for modeling urban debris matrix creation is addressed. These methods include detonations varying in location in the lower 48 continental states and the yield of the weapon.

The ultimate goal of the research conducted in this area is to provide the nuclear forensics community with an effects modeling code that generates accurate urban surrogate recipes to be analyzed in laboratories. This code can …

Platform Development And Path Following Controller Design For Full-Sized Vehicle Automation, Austin D. Costley

All Graduate Theses and Dissertations, Spring 1920 to Summer 2023

The purpose of this thesis is to discuss the design and development of a platform used to automate a stock 2013 Ford Focus EV. The platform is low-cost and open-source to encourage collaboration and provide a starting point for fellow researchers to advance the work in the field of automated vehicle control. This thesis starts by discussing the process of obtaining control of the vehicle by taking advantage of internal communication protocols. The controller design process is detailed and a description of the components and software used to control the vehicle is provided. The automated system is tested and the …

Rules Based Analysis Engine For Application Layer Ids, David Scrobonia

Master's Theses

Web application attack volume, complexity, and costs have risen as people, companies, and entire industries move online. Solutions implemented to defend web applications against malicious activity have traditionally been implemented at the network or host layer. While this is helpful for detecting some attacks, it does not provide the gran- ularity to see malicious behavior occurring at the application layer. The AppSensor project, an application level intrusion detection system (IDS), is an example of a tool that operates in this layer. AppSensor monitors users within the application by observing activity in suspicious areas not able to be seen by traditional …

Who R U? Identity Theft And Unl Students, Marcia L. Dority Baker, Cheryl O'Dell

Information Technology Services: Publications

How can academic institutions help educate their students about the risks of identity theft? Or teach students to better understand how one’s online presence can hold so much joy and angst? For one campus, the University of Nebraska–Lincoln, the opportunity came from a middle school teacher engaging his students in a future problem-solving activity. UNL had the opportunity to create a 45-minute presentation on identity theft for local public school students who would be spending the day on campus researching this topic.

While preparing the presentation, we realized a top 10 list on identity theft for UNL students would be …

Development Of A Remotely Accessible Wireless Testbed For Performance Evaluation Of Ami Related Protocols, Utku Ozgur

FIU Electronic Theses and Dissertations

Although smart meters are deployed in many countries, the data collection process from smart meters in Smart Grid (SG) still has some challenges related to consumer privacy that needs to be addressed. Referred to as Advanced Metering Infrastructure (AMI), the data collected and transmitted through the AMI can leak sensitive information about the consumers if it is sent as a plaintext.

While many solutions have been proposed in the past, the deployment of these solutions in real-life was not possible since the actual AMIs were not accessible to researchers. Therefore, a lot of solutions relied on simulations which may not …

A Security Evaluation Methodology For Container Images, Brendan Michael Abbott

Theses and Dissertations

The goal of this research is to create a methodology that evaluates the security posture of container images and helps improve container security. This was done by first searching for any guidelines or standards that focus on container images and security. After finding none, I decided to create an evaluative methodology. The methodology is composed of actions that users should take to evaluate the security of a container image. The methodology was created through in-depth research on container images and the build instructions used to create them and is referred to as the Security Evaluation Methodology for Container Images. The …

Cradg: A Chaotic Radg Security System, Salah Albermany, Maryam Nathim, Zahir Hussain

Research outputs 2014 to 2021

A high-performance ciphering algorithm is presented. The proposed method combines old school ciphering (Reaction Automata Direct Graph (RADG)) with chaotic systems to obtain higher level of security. Chaotic sequences are highly sensitive to any changes in their parameters, adding a higher level of security to the proposed approach, called CRADG.

Emergent Ai, Social Robots And The Law: Security, Privacy And Policy Issues, Ramesh Subramanian

Journal of International Technology and Information Management

The rapid growth of AI systems has implications on a wide variety of fields. It can prove to be a boon to disparate fields such as healthcare, education, global logistics and transportation, to name a few. However, these systems will also bring forth far-reaching changes in employment, economy and security. As AI systems gain acceptance and become more commonplace, certain critical questions arise: What are the legal and security ramifications of the use of these new technologies? Who can use them, and under what circumstances? What is the safety of these systems? Should their commercialization be regulated? What are the …

A Particle Swarm Optimization And Block-Svd-Based Watermarking For Digital Images, Falgun Thakkar, Vinay Kumar Srivastava

Turkish Journal of Electrical Engineering and Computer Sciences

The major issues in most watermarking schemes are security, reliability, and robustness against attacks. To achieve these objectives in a watermarking algorithm, the selection of a scale factor to embed the watermark into the host image is a challenging problem. In this paper, a block singular value decomposition (SVD)-based reliable, robust, secure, and fast watermarking scheme is proposed that uses particle swarm optimization (PSO) in the selection of the scale factor. SVD is applied here on the nonoverlapping blocks of LL wavelet subbands. Selected singular values of these blocks are modified with the pixel values of the watermark image. Selected …

Proposing A New Clustering Method To Detect Phishing Websites, Morteza Arab, Mohammad Karim Sohrabi

Turkish Journal of Electrical Engineering and Computer Sciences

Phishing websites are fake ones that are developed by ill-intentioned people to imitate real and legal websites. Most of these types of web pages have high visual similarities to hustle the victims. The victims of phishing websites may give their bank accounts, passwords, credit card numbers, and other important information to the designers and owners of phishing websites. The increasing number of phishing websites has become a great challenge in e-business in general and in electronic banking specifically. In the present study, a novel framework based on model-based clustering is introduced to fight against phishing websites. First, a model is …

Cyber Security Incidents On Critical Infrastructure And Industrial Networks, Robert Ighodaro Ogie

SMART Infrastructure Facility - Papers

National critical infrastructure and industrial processes are heavily reliant on automation, monitoring and control technologies, including the widely used Supervisory Control and Data Acquisition (SCADA) systems. The growing interconnection of these systems with corporate networks exposes them to cyber attacks, with several security incidents reported over the last few decades. This study provides a classification scheme for categorising security incidents related to critical infrastructure and industrial control systems. The classification scheme is applied to analyse 242 security incidents on critical infrastructure and industrial control networks, which were reported between 1982 and 2014. The results show interesting patterns, with key points …