Physical Sciences and Mathematics Commons^™

Security Assessment Of Web Applications, Renelada Kushe

UBT International Conference

A web application is an application that is accessed by users over a network such as the internet or intranet. The term also refers an application that is coded in a browser-supported programming language and reliant on a common web browser to render the application executable. Web applications are vulnerable to varies exploits from those which manipulate the application via its graphical web interface (HTTP exploits), to tampering the Uniform Resource Identifier (URI) or tampering HTTPS elements not contained in the URI. Getting started from the accessibility and the variety of exploits, the security assessment is a necessity for providing …

Simple Implementation Of An Elgamal Digital Signature And A Brute Force Attack On It, Valeriia Laryoshyna

Student Works

This study is an attempt to show a basic mathematical usage of the concepts behind digital signatures and to provide a simple approach and understanding to cracking basic digital signatures. The approach takes on simple C programming of the ElGamal digital signature to identify some limits that can be encountered and provide considerations for making more complex code. Additionally, there is a literature review of the ElGamal digital signature and the brute force attack.

The research component of this project provides a list of possible ways to crack the basic implementations and classifies the different approaches that could be taken …

Analysis Of Security In Big Data Related To Healthcare, Isabel De La Torre, Begoña García-Zapirain, Miguel López-Coronado

Journal of Digital Forensics, Security and Law

Big data facilitates the processing and management of huge amounts of data. In health, the main information source is the electronic health record with others being the Internet and social media. Health-related data refers to storage in big data based on and shared via electronic means. Why are criminal organisations interested in this data? These organisations can blackmail people with information related to their health condition or sell the information to marketing companies, etc. This article analyses healthcare-related big data security and proposes different solutions. There are different techniques available to help preserve privacy such as data modification techniques, cryptographic …

Secure And Efficient Delegation Of A Single And Multiple Exponentiations To A Single Malicious Server, Matluba Khodjaeva

Dissertations, Theses, and Capstone Projects

Group exponentiation is an important operation used in many cryptographic protocols, specifically public-key cryptosystems such as RSA, Diffie Hellman, ElGamal, etc. To expand the applicability of group exponentiation to computationally weaker devices, procedures were established by which to delegate this operation from a computationally weaker client to a computationally stronger server. However, solving this problem with a single, possibly malicious, server, has remained open since a formal cryptographic model was introduced by Hohenberger and Lysyanskaya in 2005. Several later attempts either failed to achieve privacy or only achieved constant security probability.

In this dissertation, we study and solve this problem …

Breaking Into The Vault: Privacy, Security And Forensic Analysis Of Android Vault Applications, Xiaolu Zhang, Ibrahim Baggili, Frank Breitinger

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we share the first account for the forensic analysis, security and privacy of Android vault applications. Vaults are designed to be privacy enhancing as they allow users to hide personal data but may also be misused to hide incriminating files. Our work has already helped law enforcement in the state of Connecticut to reconstruct 66 incriminating images and 18 videos in a single criminal case. We present case studies and results from analyzing 18 Android vault applications (accounting for nearly 220 million downloads from the Google Play store) by reverse engineering them and examining the forensic artifacts …

On The Security Of Information Dissemination In The Internet-Of-Vehicles, Danda B. Rawat, Moses Garuba, Lei Chen, Qing Yang

Department of Information Technology Faculty Publications

Internet of Vehicles (IoV) is regarded as an emerging paradigm for connected vehicles to exchange their information with other vehicles using vehicle-to-vehicle (V2V) communications by forming a vehicular ad hoc networks (VANETs), with roadside units using vehicle-to-roadside (V2R) communications. IoV offers several benefits such as road safety, traffic efficiency, and infotainment by forwarding up-to-date traffic information about upcoming traffic. For instance, IoV is regarded as a technology that could help reduce the number of deaths caused by road accidents, and reduce fuel costs and travel time on the road. Vehicles could rapidly learn about the road condition and promptly respond …

Enforcing Database Security On Cloud Using A Trusted Third Party Based Model, Victor Fuentes Tello

Graduate Theses and Dissertations

Cloud computing offers a considerable number of advantages to clients and organizations that use several capabilities to store sensitive data, interact with applications, or use technology infrastructure to perform daily activities. The development of new models in cloud computing brings with it a series of elements that must be considered by companies, particularly when the sensitive data needs to be protected. There are some concerns related to security that need to be taken into consideration when a service provider manage and store the data in a location outside the company. In this research, a model that uses a trusted third …

A Privacy Preserving Framework For Rfid Based Healthcare Systems, Farzana Rahman, Anwarul A. Bhuiyan, Sheikh Iqbal Ahamed

Mathematics, Statistics and Computer Science Faculty Research and Publications

RFID (Radio Frequency IDentification) is anticipated to be a core technology that will be used in many practical applications of our life in near future. It has received considerable attention within the healthcare for almost a decade now. The technology’s promise to efficiently track hospital supplies, medical equipment, medications and patients is an attractive proposition to the healthcare industry. However, the prospect of wide spread use of RFID tags in the healthcare area has also triggered discussions regarding privacy, particularly because RFID data in transit may easily be intercepted and can be send to track its user (owner). In a …

Pedagogical Resources For Industrial Control Systems Security: Design, Implementation, Conveyance, And Evaluation, Guillermo A. Francia Iii, Greg Randall, Jay Snellen

Journal of Cybersecurity Education, Research and Practice

Industrial Control Systems (ICS), which are pervasive in our nation’s critical infrastructures, are becoming increasingly at risk and vulnerable to internal and external threats. It is imperative that the future workforce be educated and trained on the security of such systems. However, it is equally important that careful and deliberate considerations must be exercised in designing and implementing the educational and training activities that pertain to ICS. To that end, we designed and implemented pedagogical materials and tools to facilitate the teaching and learning processes in the area of ICS security. In this paper, we describe those resources, the professional …

Investigating Security For Ubiquitous Sensor Networks, Alfredo J. Perez, Sherali Zeadally, Nafaa Jabeur

Information Science Faculty Publications

The availability of powerful and sensor-enabled mobile and Internet-connected devices have enabled the advent of the ubiquitous sensor network paradigm which is providing various types of solutions to the community and the individual user in various sectors including environmental monitoring, entertainment, transportation, security, and healthcare. We explore and compare the features of wireless sensor networks and ubiquitous sensor networks and based on the differences between these two types of systems, we classify the security-related challenges of ubiquitous sensor networks. We identify and discuss solutions available to address these challenges. Finally, we briefly discuss open challenges that need to be addressed …

Bystanders' Privacy, Alfredo J. Perez, Sherali Zeadally, Scott Griffith

Computer Science Faculty Publications

The growing adoption of Internet-connected devices has given rise to significant privacy issues not only for users but also for bystanders. The authors explore privacy concerns related to bystanders' privacy and present a taxonomy of the solutions found in the literature to handle this issue. They also explore open issues that must be addressed in the future.

Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee

Research Collection School Of Computing and Information Systems

We propose BreathPrint, a new behavioural biometric signature based on audio features derived from an individual's commonplace breathing gestures. Specifically, BreathPrint uses the audio signatures associated with the three individual gestures: sniff, normal, and deep breathing, which are sufficiently different across individuals. Using these three breathing gestures, we develop the processing pipeline that identifies users via the microphone sensor on smartphones and wearable devices. In BreathPrint, a user performs breathing gestures while holding the device very close to their nose. Using off-the-shelf hardware, we experimentally evaluate the BreathPrint prototype with 10 users, observed over seven days. We show that users …

Malware Analysis And Privacy Policy Enforcement Techniques For Android Applications, Aisha Ibrahim Ali-Gombe

University of New Orleans Theses and Dissertations

The rapid increase in mobile malware and deployment of over-privileged applications over the years has been of great concern to the security community. Encroaching on user’s privacy, mobile applications (apps) increasingly exploit various sensitive data on mobile devices. The information gathered by these applications is sufficient to uniquely and accurately profile users and can cause tremendous personal and financial damage.

On Android specifically, the security and privacy holes in the operating system and framework code has created a whole new dynamic for malware and privacy exploitation. This research work seeks to develop novel analysis techniques that monitor Android applications for …

Lighttouch: Securely Connecting Wearables To Ambient Displays With User Intent, Xiaohui Liang, Tianlong Yun, Ronald Peterson, David Kotz

Dartmouth Scholarship

Wearables are small and have limited user interfaces, so they often wirelessly interface with a personal smartphone/computer to relay information from the wearable for display or other interactions. In this paper, we envision a new method, LightTouch, by which a wearable can establish a secure connection to an ambient display, such as a television or a computer monitor, while ensuring the user's intention to connect to the display. LightTouch uses standard RF methods (like Bluetooth) for communicating the data to display, securely bootstrapped via the visible-light communication (the brightness channel) from the display to the low-cost, low-power, ambient light sensor …

Practical Attacks On Cryptographically End-To-End Verifiable Internet Voting Systems, Nicholas Chang-Fong

Electronic Thesis and Dissertation Repository

Cryptographic end-to-end verifiable voting technologies concern themselves with the provision of a more trustworthy, transparent, and robust elections. To provide voting systems with more transparency and accountability throughout the process while preserving privacy which allows voters to express their true intent.

Helios Voting is one of these systems---an online platform where anyone can easily host their own cryptographically end-to-end verifiable election, aiming to bring verifiable voting to the masses. Helios does this by providing explicit cryptographic checks that an election was counted correctly, checks that any member of the public can independently verify. All of this while still protecting one …

Tradeoffs In Protocol Designs For Collaborative Authentication, Jacob Venne

USF Tampa Graduate Theses and Dissertations

Authentication is a crucial tool used in access control mechanisms to verify a user’s identity. Collaborative Authentication (co-authentication) is a newly proposed authentication scheme designed to improve on traditional token authentication. Co-authentication works by using multiple user devices as tokens to collaborate in a challenge and authenticate a user request on single device.

This thesis adds two contributions to the co-authentication project. First, a detailed survey of applications that are suitable for adopting co-authentication is presented. Second, an analysis of tradeoffs between varying protocol designs of co-authentication is performed to determine whether, and how, any designs are superior to other …

Anonpri: A Secure Anonymous Private Authentication Protocol For Rfid Systems, Farzana Rahman, Md. Endadul Hoque, Sheikh Iqbal Ahamed

Mathematics, Statistics and Computer Science Faculty Research and Publications

Privacy preservation in RFID systems is a very important issue in modern day world. Privacy activists have been worried about the invasion of user privacy while using various RFID systems and services. Hence, significant efforts have been made to design RFID systems that preserve users' privacy. Majority of the privacy preserving protocols for RFID systems require the reader to search all tags in the system in order to identify a single RFID tag which not efficient for large scale systems. In order to achieve high-speed authentication in large-scale RFID systems, researchers propose tree-based approaches, in which any pair of tags …

Evaluating Ip Surveillance Camera Vulnerabilities, Brian Cusack, Zhuang Tian

Australian Information Security Management Conference

Hacking of IP surveillance camera systems came to public attention in 2016 when the high bandwidth and resources were exploited for a massive DDoS attack that affected one third of all US Internet services. A review of previous studies show that a vast number of IP cameras have been hacked because the default usernames and passwords have not been changed from the factory defaults. In this research we asked, What are the vulnerabilities of an IP surveillance camera? The purpose of the study was to provide identification of vulnerabilities and guidance for the protection of surveillance camera systems. The research …

Neurosecurity For Brainware Devices, Brian Cusack, Kaushik Sundararajan, Reza Khaleghparast

Australian Information Security Management Conference

Brainware has a long history of development down into the present day where very simple and usable devices are available to train for the control of games and services. One of the big areas of application has been in the health sciences to provide compensatory control to humans who may lack the usual capabilities. Our concern has been the protection of information in brainware so that a human intention may have confidentiality, integrity, and accessibility to the required implementation mechanisms for services. The research question was: What are the consequences of security failure in brainware? Our research tested a brainware …

Contextualizing Secure Information System Design: A Socio-Technical Approach, Abdul Rahim Charif

CCE Theses and Dissertations

Secure Information Systems (SIS) design paradigms have evolved in generations to adapt to IS security needs. However, modern IS are still vulnerable and are far from secure. The development of an underlying IS cannot be reduced to “technological fixes” neither is the design of SIS. Technical security cannot ensure IS security. Generations of SIS design paradigms have evolved, all with their own sets of shortcomings. A SIS design paradigm must meet well-defined requirements, yet contemporary paradigms do not meet all these requirements. Current SIS design paradigms are not easily applicable to IS. They lack a comprehensive modeling support and ignore …

A Particle Swarm Optimization And Block-Svd-Based Watermarking For Digital Images, Falgun Thakkar, Vinay Kumar Srivastava

Turkish Journal of Electrical Engineering and Computer Sciences

The major issues in most watermarking schemes are security, reliability, and robustness against attacks. To achieve these objectives in a watermarking algorithm, the selection of a scale factor to embed the watermark into the host image is a challenging problem. In this paper, a block singular value decomposition (SVD)-based reliable, robust, secure, and fast watermarking scheme is proposed that uses particle swarm optimization (PSO) in the selection of the scale factor. SVD is applied here on the nonoverlapping blocks of LL wavelet subbands. Selected singular values of these blocks are modified with the pixel values of the watermark image. Selected …

The Proceedings Of 15th Australian Information Security Management Conference, 5-6 December, 2017, Edith Cowan University, Perth, Australia, Craig Valli (Ed.)

Australian Information Security Management Conference

Conference Foreword

The annual Security Congress, run by the Security Research Institute at Edith Cowan University, includes the Australian Information Security and Management Conference. Now in its fifteenth year, the conference remains popular for its diverse content and mixture of technical research and discussion papers. The area of information security and management continues to be varied, as is reflected by the wide variety of subject matter covered by the papers this year. The papers cover topics from vulnerabilities in “Internet of Things” protocols through to improvements in biometric identification algorithms and surveillance camera weaknesses. The conference has drawn interest and …

Exploring Security, Privacy, And Reliability Strategies To Enable The Adoption Of Iot, Daud Alyas Kamin

Walden Dissertations and Doctoral Studies

The Internet of things (IoT) is a technology that will enable machine-to-machine communication and eventually set the stage for self-driving cars, smart cities, and remote care for patients. However, some barriers that organizations face prevent them from the adoption of IoT. The purpose of this qualitative exploratory case study was to explore strategies that organization information technology (IT) leaders use for security, privacy, and reliability to enable the adoption of IoT devices. The study population included organization IT leaders who had knowledge or perceptions of security, privacy, and reliability strategies to adopt IoT at an organization in the eastern region …

How Attitude Toward The Behavior, Subjective Norm, And Perceived Behavioral Control Affects Information Security Behavior Intention, David Philip Johnson

Walden Dissertations and Doctoral Studies

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human InfoSec behavior. Applying sociobehavioral theories to InfoSec research provides information to aid IT security program managers in developing improved SETA programs. The purpose of this correlational study was to examine through the theoretical lens of the theory of planned behavior (TPB) how attitude toward the behavior (ATT), subjective norm (SN), and …

Proposing A New Clustering Method To Detect Phishing Websites, Morteza Arab, Mohammad Karim Sohrabi

Turkish Journal of Electrical Engineering and Computer Sciences

Phishing websites are fake ones that are developed by ill-intentioned people to imitate real and legal websites. Most of these types of web pages have high visual similarities to hustle the victims. The victims of phishing websites may give their bank accounts, passwords, credit card numbers, and other important information to the designers and owners of phishing websites. The increasing number of phishing websites has become a great challenge in e-business in general and in electronic banking specifically. In the present study, a novel framework based on model-based clustering is introduced to fight against phishing websites. First, a model is …