Physical Sciences and Mathematics Commons^™

Domain Specific Analysis Of Privacy Practices And Concerns In The Mobile Application Market, Fahimeh Ebrahimi Meymand

LSU Doctoral Dissertations

Mobile applications (apps) constantly demand access to sensitive user information in exchange for more personalized services. These-mostly unjustified-data collection tactics have raised major privacy concerns among mobile app users. Existing research on mobile app privacy aims to identify these concerns, expose apps with malicious data collection practices, assess the quality of apps' privacy policies, and propose automated solutions for privacy leak detection and prevention. However, existing solutions are generic, frequently missing the contextual characteristics of different application domains. To address these limitations, in this dissertation, we study privacy in the app store at a domain level. Our objective is to …

An Optimized And Scalable Blockchain-Based Distributed Learning Platform For Consumer Iot, Zhaocheng Wang, Xueying Liu, Xinming Shao, Abdullah Alghamdi, Md. Shirajum Munir, Sujit Biswas

School of Cybersecurity Faculty Publications

Consumer Internet of Things (CIoT) manufacturers seek customer feedback to enhance their products and services, creating a smart ecosystem, like a smart home. Due to security and privacy concerns, blockchain-based federated learning (BCFL) ecosystems can let CIoT manufacturers update their machine learning (ML) models using end-user data. Federated learning (FL) uses privacy-preserving ML techniques to forecast customers' needs and consumption habits, and blockchain replaces the centralized aggregator to safeguard the ecosystem. However, blockchain technology (BCT) struggles with scalability and quick ledger expansion. In BCFL, local model generation and secure aggregation are other issues. This research introduces a novel architecture, emphasizing …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

Designing Respectful Tech: What Is Your Relationship With Technology?, Noreen Y. Whysel

Publications and Research

According to research at the Me2B Alliance, people feel they have a relationship with technology. It’s emotional. It’s embodied. And it’s very personal. We are studying digital relationships to answer questions like “Do people have a relationship with technology?” “What does that relationship feel like?” And “Do people understand the commitments that they are making when they explore, enter into and dissolve these relationships?” There are parallels between messy human relationships and the kinds of relationships that people develop with technology. As with human relationships, we move through states of discovery, commitment and breakup with digital applications as well. Technology …

Privacy In Blockchain Systems, Murat Osmanoğlu, Ali̇ Aydin Selçuk

Turkish Journal of Electrical Engineering and Computer Sciences

Privacy of blockchains has been a matter of discussion since the inception of Bitcoin. Various techniques with a varying degree of privacy protection and complexity have been proposed over the past decade. In this survey, we present a systematic analysis of these proposals in four categories: (i) identity, (ii) transaction, (iii) consensus, and (iv) smart contract privacy. Each of these categories have privacy requirements of its own, and various solutions have been proposed to meet these requirements. Almost every technique in the literature of privacy enhancing technologies have been applied to blockchains: mix networks, zero-knowledge proofs, blind signatures, ring signatures, …

Permissioned Blockchain Based Remote Electronic Examination, Öznur Kalkar, İsa Sertkaya

Turkish Journal of Electrical Engineering and Computer Sciences

Recent coronavirus pandemic transformed almost all aspects of daily life including educational institutions and learning environments. As a result, this transformation brought remote electronic examination (shortly e-exam) concepts back into consideration. In this study, we revisit secure and privacy preserving e-exam protocol proposals and propose an e-exam protocol that utilizes decentralized identity-based verifiable credentials for proof of authentication and public-permissioned blockchain for immutably storing records. In regard to the previously proposed e-exam schemes, our scheme offers both privacy enhancement and better efficiency. More concretely, the proposed solution satisfies test answer authentication, examiner authentication, anonymous marking, anonymous examiner, question secrecy, question …

Estonian Internet Voting With Anonymous Credentials, İsa Sertkaya, Peter Roenne, Peter Y. A. Ryan

Turkish Journal of Electrical Engineering and Computer Sciences

The Estonian Internet voting (EIV) scheme is a unique example of a long-term nation-wide, legally binding electronic voting deployment. The EIV scheme is used in parallel with standard paper-based election day voting, of course invalidating an already cast i-vote. This necessarily requires careful authentication of the eligible voters and makes the Estonian identity card solution a crucial part of the scheme, however, note that Parsovs has recently drawn attention to the security flaws found in Estonian ID-cards. In this study, we propose an e-voting scheme EIV-AC that integrates the EIV scheme with anonymous credentials based on self-sovereign identity. In addition …

Private Face Detection Based On Random Sub-Images In Cloud, Yuan Peng, Jin Xin, Xiaodong Li, Zhao Geng, Yaming Wu, Mingxin Ma, Yulu Tian, Yingya Chen

Journal of System Simulation

Abstract: In order to detect faces of terminal face image in the cloud at the same time protect both privacy of data,a method of face images privacy detection based on random sub-Images representation was proposed. Terminal divided original image into 2 value sub-images weighted sum based on random sub-images generation algorithm and randomly arranges weights of sub-images. Terminal sent sub-images according to the weights of random sequence to the cloud server. Cloud server detected sub-images with its face detection algorithm. Terminal merges test results based on random sub were exploded. Two random vectors were leveraged to protect the parameters …

Deepmag+ : Sniffing Mobile Apps In Magnetic Field Through Deep Learning, Rui Ning, Cong Wang, Chunsheng Xin, Jiang Li, Hongyi Wu

Electrical & Computer Engineering Faculty Publications

This paper reports a new side-channel attack to smartphones using the unrestricted magnetic sensor data. We demonstrate that attackers can effectively infer the Apps being used on a smartphone with an accuracy of over 80%, through training a deep Convolutional Neural Networks (CNN). Various signal processing strategies have been studied for feature extractions, including a tempogram based scheme. Moreover, by further exploiting the unrestricted motion sensor to cluster magnetometer data, the sniffing accuracy can increase to as high as 98%. To mitigate such attacks, we propose a noise injection scheme that can effectively reduce the App sniffing accuracy to only …

A New Grid Partitioning Technology For Location Privacy Protection, Yue Sun, Lei Zhang, Jing Li, Zhen Zhang

Turkish Journal of Electrical Engineering and Computer Sciences

Nowadays, the location-based service (LBS) has become an essential part of convenient service in people's daily life. However, the untrusted LBS servers can store lots of information about the user, such as the user's identity, location, and destination. Then the information can be used as background knowledge and combined with the query frequency of the user to launch the inference attack to obtain user's privacy. In most of the existing schemes, the author considers the algorithm of virtual location selection from the historical location of the user. However, the LBS server can infer the user's location information on the historical …

Permission-Based Privacy Analysis For Android Applications, Erza Gashi, Zhilbert Tafa

International Journal of Business and Technology

While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …

Privacy Issues In Post Dissemination On Facebook, Burcu Sayi̇n Günel, Serap Şahi̇n, Dimitris G. Kogias, Charalampos Z. Patrikakis

Turkish Journal of Electrical Engineering and Computer Sciences

With social networks (SNs) being populated by a still increasing numbers of people who take advantage of the communication and collaboration capabilities that they offer, the probability of the exposure of people's personal moments to a wider than expected audience is also increasing. By studying the functionalities and characteristics that modern SNs offer, along with the people's habits and common behaviors in them, it is easy to understand that several privacy risks may exist, many of which people may be unaware of. In this paper, we focus on users' interactions with posts in a social network (SN), using Facebook as …

Breadcrumbs: Privacy As A Privilege, Prachi Bhardwaj

Capstones

Breadcrumbs: Privacy as a Privilege Abstract

By: Prachi Bhardwaj

In 2017, the world saw more data breaches than in any year prior. The count was more than the all-time high record in 2016, which was 40 percent more than the year before that.

That’s because consumer data is incredibly valuable today. In the last three decades, data storage has gone from being stored physically to being stored almost entirely digitally, which means consumer data is more accessible and applicable to business strategies. As a result, companies are gathering data in ways previously unknown to the average consumer, and hackers are …

Permission-Based Privacy Analysis For Android Applications, Erza Gashi, Zhilbert Tafa

UBT International Conference

While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

Lightweight Three-Factor Authentication And Key Agreement Protocol For Internet-Integrated Wireless Sensor Networks, Qi Jiang, Sherali Zeadally, Jianfeng Ma, Debiao He

Information Science Faculty Publications

Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their …

Data-Driven Network-Centric Threat Assessment, Dae Wook Kim

Browse all Theses and Dissertations

As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in …

Video Annotation By Crowd Workers With Privacy-Preserving Local Disclosure, Apeksha Dipak Kumavat

Open Access Theses

Advancements in computer vision are still not reliable enough for detecting video content including humans and their actions. Microtask crowdsourcing on task markets such as Amazon Mechnical Turk and Upwork can bring humans into the loop. However, engaging crowd workers to annotate non-public video footage risks revealing the identities of people in the video who may have a right to anonymity.

This thesis demonstrates how we can engage untrusted crowd workers to detect behaviors and objects, while robustly concealing the identities of all faces. We developed a web-based system that presents obfuscated videos to crowd workers, and provides them with …

Human-Robot Versus Human-Human Relationship Impact On Comfort Levels Regarding In Home Privacy, Keith R. Macarthur, Thomas G. Macgillivray, Eva L. Parkhurst, Peter A. Hancock

Keith Reid MacArthur

A Cyber Forensics Needs Analysis Survey: Revisiting The Domain's Needs A Decade Later, Vikram S. Harichandran, Frank Breitinger, Ibrahim Baggili, Andrew Marrington

Electrical & Computer Engineering and Computer Science Faculty Publications

The number of successful cyber attacks continues to increase, threatening financial and personal security worldwide. Cyber/digital forensics is undergoing a paradigm shift in which evidence is frequently massive in size, demands live acquisition, and may be insufficient to convict a criminal residing in another legal jurisdiction. This paper presents the findings of the first broad needs analysis survey in cyber forensics in nearly a decade, aimed at obtaining an updated consensus of professional attitudes in order to optimize resource allocation and to prioritize problems and possible solutions more efficiently. Results from the 99 respondents gave compelling testimony that the following …

In-The-Wild Residual Data Research And Privacy, William B. Glisson, Tim Storer, Andrew Blyth, George Grispos, Matt Campbell

Journal of Digital Forensics, Security and Law

As the world becomes increasingly dependent on technology, researchers in both industry and academia endeavor to understand how technology is used, the impact it has on everyday life, the artifact life-cycle and overall integrations of digital information. In doing so, researchers are increasingly gathering 'real-world' or 'in-the-wild' residual data, obtained from a variety of sources, without the explicit consent of the original owners. This data gathering raises significant concerns regarding privacy, ethics and legislation, as well as practical considerations concerning investigator training, data storage, overall security and data disposal. This research surveys recent studies of residual data gathered in-the-wild and …

De-Anonymization Attack Anatomy And Analysis Of Ohio Nursing Workforce Data Anonymization, Jacob M. Miracle

Browse all Theses and Dissertations

Data generalization (anonymization) is a widely misunderstood technique for preserving individual privacy in non-interactive data publishing. Easily avoidable anonymization failures are still occurring 14 years after the discovery of basic techniques to protect against them. Identities of individuals in anonymized datasets are at risk of being disclosed by cyber attackers who exploit these failures. To demonstrate the importance of proper data anonymization we present three perspectives on data anonymization. First, we examine several de-anonymization attacks to formalize the anatomy used to conduct attacks on anonymous data. Second, we examine the vulnerabilities of an anonymous nursing workforce survey to convey how …

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Cyber Black Box/Event Data Recorder: Legal And Ethical Perspectives And Challenges With Digital Forensics, Michael Losavio, Pavel Pastukov, Svetlana Polyakova

Journal of Digital Forensics, Security and Law

With ubiquitous computing and the growth of the Internet of Things, there is vast expansion in the deployment and use of event data recording systems in a variety of environments. From the ships’ logs of antiquity through the evolution of personal devices for recording personal and environmental activities, these devices offer rich forensic and evidentiary opportunities that smash against rights of privacy and personality. The technical configurations of these devices provide for greater scope of sensing, interconnection options for local, near, and cloud storage of data, and the possibility of powerful analytics. This creates the unique situation of near-total data …

Security Issues In Data Warehouse, Saiqa Aleem, Luiz Fernando Capretz, Faheem Ahmed Dr.

Electrical and Computer Engineering Publications

Data Warehouse (DWH) provides storage for huge amounts of historical data from heterogeneous operational sources in the form of multidimensional views, thus supplying sensitive and useful information which help decision-makers to improve the organization’s business processes. A data warehouse environment must ensure that data collected and stored in one big repository are not vulnerable. A review of security approaches specifically for data warehouse environment and issues concerning each type of security approach have been provided in this paper.

Evidentiary Power And Propriety Of Digital Identifiers And The Impact On Privacy Rights In The United States, Michael Losavio, Deborah Keeling

Journal of Digital Forensics, Security and Law

Media and network systems capture and store data about electronic activity in new, sometimes unprecedented ways; computational systems make for new means of analysis and knowledge development. These new forms offer new, powerful tactical tools for investigations of electronic malfeasance under traditional legal regulation of state power, particular that of Fourth Amendment limitations on police searches and seizures under the U.S. Constitution. But autonomy, identity and authenticity concerns with electronic data raise issues of public policy, privacy and proper police oversight of civil society. We examine those issues and their implications for digital and computational forensics

Effects Of The Factory Reset On Mobile Devices, Riqui Schwamm, Neil C. Rowe

Journal of Digital Forensics, Security and Law

Mobile devices usually provide a “factory-reset” tool to erase user-specific data from the main secondary storage. 9 Apple iPhones, 10 Android devices, and 2 BlackBerry devices were tested in the first systematic evaluation of the effectiveness of factory resets. Tests used the Cellebrite UME-36 Pro with the UFED Physical Analyzer, the Bulk Extractor open-source tool, and our own programs for extracting metadata, classifying file paths, and comparing them between images. Two phones were subjected to more detailed analysis. Results showed that many kinds of data were removed by the resets, but much user-specific configuration data was left. Android devices did …

A Novel Defense Mechanism Against Web Crawler Intrusion, Alireza Aghamohammadi

Master's Theses and Doctoral Dissertations

Web robots also known as crawlers or spiders are used by search engines, hackers and spammers to gather information about web pages. Timely detection and prevention of unwanted crawlers increases privacy and security of websites. In this research, a novel method to identify web crawlers is proposed to prevent unwanted crawler to access websites. The proposed method suggests a five-factor identification process to detect unwanted crawlers. This study provides the pretest and posttest results along with a systematic evaluation of web pages with the proposed identification technique versus web pages without the proposed identification process. An experiment was performed with …