Physical Sciences and Mathematics Commons^™

Blockchain Based Access Control For Enterprise Blockchain Applications, Lei Xu, Isaac Markus, Subhod I, Nikhil Nayab

Computer Science Faculty Publications and Presentations

Access control is one of the fundamental security mechanisms of IT systems. Most existing access control schemes rely on a centralized party to manage and enforce access control policies. As blockchain technologies, especially permissioned networks, find more applicability beyond cryptocurrencies in enterprise solutions, it is expected that the security requirements will increase. Therefore, it is necessary to develop an access control system that works in a decentralized environment without compromising the unique features of a blockchain. A straightforward method to support access control is to deploy a firewall in front of the enterprise blockchain application. However, this approach does not …

Rhetsec_ | Rhetorical Security, Jennifer Mead

Culminating Projects in English

Rhetsec_ examines the rhetorical situation, the rhetorical appeals, and how phishing emails simulate "real" emails in five categories of phishing emails. While the first focus of cybersecurity is security, you must also understand the language of computers to know how to secure them. Phishing is one way to compromise security using computers, and so the computer becomes a tool for malicious language (phishing emails and malware) to be transmitted. Therefore to be concerned with securing computers, then you must also be concerned with language. Language is rhetoric's domain, and the various rhetorical elements which create an identity of the phisher …

Kcrs: A Blockchain-Based Key Compromise Resilient Signature System, Lei Xu, Lin Chen, Zhimin Gao, Xinxin Fan, Kimberly Doan, Shouhuai Xu, Weidong Shi

Computer Science Faculty Publications and Presentations

Digital signatures are widely used to assure authenticity and integrity of messages (including blockchain transactions). This assurance is based on assumption that the private signing key is kept secret, which may be exposed or compromised without being detected in the real world. Many schemes have been proposed to mitigate this problem, but most schemes are not compatible with widely used digital signature standards and do not help detect private key exposures. In this paper, we propose a Key Compromise Resilient Signature (KCRS) system, which leverages blockchain to detect key compromises and mitigate the consequences. Our solution keeps a log of …

The Information Disclosure Trilemma: Privacy, Attribution And Dependency, Ping Fan Ke

Research Collection School Of Computing and Information Systems

Information disclosure has been an important mechanism to increase transparency and welfare in various contexts, from rating a restaurant to whistleblowing the wrongdoing of government agencies. Yet, the author often needs to be sacrificed during information disclosure process – an anonymous disclosure will forgo the reputation and compensation whereas an identifiable disclosure will face the threat of retaliation. On the other hand, the adoption of privacy-enhancing technologies (PETs) lessens the tradeoff between privacy and attribution while introducing dependency and potential threats. This study will develop the desirable design principles and possible threats of an information disclosure system, and discuss how …

Using Vibrations From A Smartring As An Out-Of-Band Channel For Sharing Secret Keys, Sougata Sen, Varun Mishra, David Kotz

Dartmouth Scholarship

With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel – vibration, generated …

A Lattice-Based Linkable Ring Signature Supporting Stealth Addresses, Zhen Liu, Khoa Nguyen, Guomin Yang, Huaxiong Wang, Duncan S. Wong

Research Collection School Of Computing and Information Systems

First proposed in CryptoNote, a collection of popular privacy-centric cryptocurrencies have employed Linkable Ring Signature and a corresponding Key Derivation Mechanism (KeyDerM) for keeping the payer and payee of a transaction anonymous and unlinkable. The KeyDerM is used for generating a fresh signing key and the corresponding public key, referred to as a stealth address, for the transaction payee. The stealth address will then be used in the linkable ring signature next time when the payee spends the coin. However, in all existing works, including Monero, the privacy model only considers the two cryptographic primitives separately. In addition, to be …

Aggregating Private And Public Web Archives Using The Mementity Framework, Matthew R. Kelly

Computer Science Theses & Dissertations

Web archives preserve the live Web for posterity, but the content on the Web one cares about may not be preserved. The ability to access this content in the future requires the assurance that those sites will continue to exist on the Web until the content is requested and that the content will remain accessible. It is ultimately the responsibility of the individual to preserve this content, but attempting to replay personally preserved pages segregates archived pages by individuals and organizations of personal, private, and public Web content. This is misrepresentative of the Web as it was. While the Memento …

Key-Insulated And Privacy-Preserving Signature Scheme With Publicly Derived Public Key, Zhen Liu, Guomin Yang, Duncan S. Wong, Khoa Nguyen, Huaxiong Wang

Research Collection School Of Computing and Information Systems

Since the introduction of Bitcoin in 2008, cryptocurrency has been undergoing a quick and explosive development. At the same time, privacy protection, one of the key merits of cryptocurrency, has attracted much attention by the community. A deterministic wallet algorithm and a stealth address algorithm have been widely adopted in the community, due to their virtues on functionality and privacy protection, which come from a key derivation mechanism that an arbitrary number of derived keys can be generated from a master key. However, these algorithms suffer a vulnerability. In particular, when a minor fault happens (say, one derived key is …

Preventing Browser Fingerprinting By Randomizing Canvas, Rianna Quiogue

Honors Theses

Whether users know it or not, their online behaviors are being tracked and stored by many of the websites they visit regularly through a technique called browser fingerprinting. Just like a person's physical fingerprint can identify them, users' browser fingerprints can identify them on the Internet. This thesis outlines the techniques used in browser fingerprinting and explains how although it can be used for good, it can also be a major threat to people's online privacy and security. Since browser fingerprinting has gained popularity among many websites and advertising companies, researchers have been developing ways to counteract its effectiveness by …

What To Do When Privacy Is Gone, James Brusseau

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction. It considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The …

Responding To Some Challenges Posed By The Re-Identification Of Anonymized Personal Data, Herman T. Tavani, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper, we examine a cluster of ethical controversies generated by the re-identification of anonymized personal data in the context of big data analytics, with particular attention to the implications for personal privacy. Our paper is organized into two main parts. Part One examines some ethical problems involving re-identification of personally identifiable information (PII) in large data sets. Part Two begins with a brief description of Moor and Weckert’s Dynamic Ethics (DE) and Nissenbaum’s Contextual Integrity (CI) Frameworks. We then investigate whether these frameworks, used together, can provide us with a more robust scheme for analyzing privacy concerns that …

Responding To Some Challenges Posed By The Re-Identification Of Anonymized Personal Data, Herman T. Tavani, Frances Grodzinsky, Ed.

School of Computer Science & Engineering Faculty Publications

In this paper, we examine a cluster of ethical controversies generated by the reidentification of anonymized personal data in the context of big data analytics, with particular attention to the implications for personal privacy. Our paper is organized into two main parts. Part One examines some ethical problems involving re-identification of personally identifiable information (PII) in large data sets. Part Two begins with a brief description of Moor and Weckert’s Dynamic Ethics (DE) and Nissenbaum’s Contextual Integrity (CI) Frameworks. We then investigate whether these frameworks, used together, can provide us with a more robust scheme for analyzing privacy concerns that …

Efficient, Effective, And Realistic Website Fingerprinting Mitigation, Weiqi Cui, Jiangmin Yu, Yanmin Gong, David Chan-Tin

Computer Science: Faculty Publications and Other Works

Website fingerprinting attacks have been shown to be able to predict the website visited even if the network connection is encrypted and anonymized. These attacks have achieved accuracies as high as 92%. Mitigations to these attacks are using cover/decoy network traffic to add noise, padding to ensure all the network packets are the same size, and introducing network delays to confuse an adversary. Although these mitigations have been shown to be effective, reducing the accuracy to 10%, the overhead is high. The latency overhead is above 100% and the bandwidth overhead is at least 30%. We introduce a new realistic …

The Ethics Of Cookies: Exploring The Collection Of Big Data And Its Ramifications, Sarah Biely

Honor Scholar Theses

Technology is taking over the world. In every aspect of human life, technology has been able to provide some sort of help or solution. At the forefront of this revolution is the Internet and with it, the activity of day-to-day life that now takes place online. This rapid takeover pushes technological innovations to develop quickly, pushing boundaries and creating a new way of life.

Today in the United States, websites are allowed to track user data. When a user clicks on a website that intends on documenting the user's actions, the website installs a tracker, otherwise known as "cookie." Websites …

After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt

Theses and Dissertations

Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. First, we develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. Next, we evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting …

Preserving Privacy In Automotive Tire Pressure Monitoring Systems, Kenneth L. Hacker

Theses and Dissertations

The automotive industry is moving towards a more connected ecosystem, with connectivity achieved through multiple wireless systems. However, in the pursuit of these technological advances and to quickly satisfy requirements imposed on manufacturers, the security of these systems is often an afterthought. It has been shown that systems in a standard new automobile that one would not expect to be vulnerable can be exploited for a variety of harmful effects. This thesis considers a seemingly benign, but government mandated, safety feature of modern vehicles; the Tire Pressure Monitoring System (TPMS). Typical implementations have no security-oriented features, leaking data that can …

Towards Secure Data Flow Oriented Multi-Vendor Ict Governance Model, Lars Magnusson, Patrik Elm, Anita Mirijamdotter

International Journal of Business and Technology

Today, still, ICT Governance is being regarded as a departmental concern, not an overall organizational concern. History has shown us that implementation strategies, which are based on departments, results in fractional implementations leading to ad hoc solutions with no central control and stagnation for the in-house ICT strategy. Further, this recently has created an opinion trend; many are talking about the ICT department as being redundant, a dying out breed, which should be replaced by on-demand specialized external services. Clearly, the evermore changing surroundings do force organizations to accelerate the pace of new adaptations within their ICT plans, more vivacious …

Permission-Based Privacy Analysis For Android Applications, Erza Gashi, Zhilbert Tafa

International Journal of Business and Technology

While Information and Communication Technology (ICT) trends are moving towards the Internet of Things (IoT), mobile applications are becoming more and more popular. Mostly due to their pervasiveness and the level of interaction with the users, along with the great number of advantages, the mobile applications bring up a great number of privacy related issues as well. These platforms can gather our very sensitive private data by only granting them a list of permissions during the installation process. Additionally, most of the users can find it difficult, or even useless, to analyze system permissions. Thus, their guess of app’s safety …

When Disclosure Is Involuntary: Empowering Users With Control To Reduce Concerns, David W. Wilson, Ryan M. Schuetzler, Bradley Dorn, Jeffrey Gainer Proudfoot

Ryan Schuetzler

Modern organizations must carefully balance the practice of gathering large amounts of valuable data from individuals with the associated ethical considerations and potential negative public image inherent in breaches of privacy. As it becomes increasingly commonplace for many types of information to be collected without individuals' knowledge or consent, managers and researchers alike can benefit from understanding how individuals react to such involuntary disclosures, and how these reactions can impact evaluations of the data-collecting organizations. This research develops and empirically tests a theoretical model that shows how empowering individuals with a sense of control over their personal information can help …

Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle

Ryan Schuetzler

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users' perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security …

A New Network Model For Cyber Threat Intelligence Sharing Using Blockchain Technology, Daire Homan, Ian Shiel, Christina Thorpe

Conference Papers

The aim of this research is to propose a new blockchain network model that facilitates the secure dissemination of Cyber Threat Intelligence (CTI) data. The primary motivations for this study are based around the recent changes to information security legislation in the European Union and the challenges that Computer Security and Incident Response Teams (CSIRT) face when trying to share actionable and highly sensitive data within systems where participants do not always share the same interests or motivations. We discuss the common problems within the domain of CTI sharing and we propose a new model, that leverages the security properties …

Cyber Security Awareness Among College Students, Abbas Moallem

Faculty Publications

This study reports the early results of a study aimed to investigate student awareness and attitudes toward cyber security and the resulting risks in the most advanced technology environment: the Silicon Valley in California, USA. The composition of students in Silicon Valley is very ethnically diverse. The objective was to see how much the students in such a tech-savvy environment are aware of cyber-attacks and how they protect themselves against them. The early statistical analysis suggested that college students, despite their belief that they are observed when using the Internet and that their data is not secure even on university …

An Investigation Of Electronic Protected Health Information (E-Phi) Privacy Policy Legislation In California For Seniors Using In-Home Health Monitoring Systems, Robert Lee Saganich

CCE Theses and Dissertations

This study examined privacy legislation in California to identify those electronic Protected Health Information (e-PHI) privacy policies that are suited to seniors using in-home health monitoring systems. Personal freedom and independence are essential to a person's physical and mental health, and mobile technology applications provide a convenient and economical method for monitoring personal health. Many of these apps are written by third parties, however, which poses serious risks to patient privacy. Current federal regulations only cover applications and systems developed for use by covered entities and their business partners. As a result, the responsibility for protecting the privacy of the …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …

Privacy Issues In Post Dissemination On Facebook, Burcu Sayi̇n Günel, Serap Şahi̇n, Dimitris G. Kogias, Charalampos Z. Patrikakis

Turkish Journal of Electrical Engineering and Computer Sciences

With social networks (SNs) being populated by a still increasing numbers of people who take advantage of the communication and collaboration capabilities that they offer, the probability of the exposure of people's personal moments to a wider than expected audience is also increasing. By studying the functionalities and characteristics that modern SNs offer, along with the people's habits and common behaviors in them, it is easy to understand that several privacy risks may exist, many of which people may be unaware of. In this paper, we focus on users' interactions with posts in a social network (SN), using Facebook as …

Integration Of Biometrics And Steganography: A Comprehensive Review, Ian Mcateer, Ahmed Ibrahim, Guanglou Zhang, Wencheng Yang, Craig Valli

Research outputs 2014 to 2021

The use of an individual’s biometric characteristics to advance authentication and verification technology beyond the current dependence on passwords has been the subject of extensive research for some time. Since such physical characteristics cannot be hidden from the public eye, the security of digitised biometric data becomes paramount to avoid the risk of substitution or replay attacks. Biometric systems have readily embraced cryptography to encrypt the data extracted from the scanning of anatomical features. Significant amounts of research have also gone into the integration of biometrics with steganography to add a layer to the defence-in-depth security model, and this has …

Design And Evaluation Of A Wearable System For Facial Privacy, Scott Griffith

Theses and Dissertations

Through the increasingly common use of devices that provide ubiquitous sensor data such as wearables, mobile phones, and Internet-connected devices of the sort, privacy challenges are becoming even more significant. One major challenge that requires more focus is bystanders' privacy, as there are too few solutions that solve the issue. Of the solutions available, many of them do not give bystanders a choice in how their private data is used, Bystanders' privacy has become an afterthought when it comes to data capture in the forms of photographs, videos, voice recordings, etc. and continues to remain that way. This thesis provides …

Privacy-Preserving Attribute-Based Keyword Search In Shared Multi-Owner Setting, Yibin Miao, Ximeng Liu, Robert H. Deng, Robert H. Deng, Jjguo Li, Hongwei Li, Jianfeng Ma

Research Collection Yong Pung How School Of Law

Ciphertext-Policy Attribute-Based Keyword Search (CP-ABKS) facilitates search queries and supports fine-grained access control over encrypted data in the cloud. However, prior CP-ABKS schemes were designed to support unshared multi-owner setting, and cannot be directly applied in the shared multi-owner setting (where each record is accredited by a fixed number of data owners), without incurring high computational and storage costs. In addition, due to privacy concerns on access policies, most existing schemes are vulnerable to off-line keyword-guessing attacks if the keyword space is of polynomial size. Furthermore, it is difficult to identify malicious users who leak the secret keys when more …

"Anon What What?": Children's Understanding Of The Language Of Privacy, Stacy Black, Rezvan Joshaghani, Dhanush Kumar Ratakonda, Hoda Mehrpouyan, Jerry Alan Fails

Computer Science Faculty Publications and Presentations

Internet usage continues to increase among children ages 12 and younger. Because their digital interactions can be persistently stored, there is a need for building an understanding and foundational knowledge of privacy. We describe initial investigations into children’s understanding of privacy from a Contextual Integrity (CI) perspective by conducting semi-structured interviews. We share results – that echo what others have shown – that indicate children have limited knowledge and understanding of CI principles. We also share an initial exploration of utilizing participatory design theater as a possible educational mechanism to help children develop a stronger understanding of important privacy principles.

Privacy Preservation In Social Media Environments Using Big Data, Katrina Ward

Doctoral Dissertations

"With the pervasive use of mobile devices, social media, home assistants, and smart devices, the idea of individual privacy is fading. More than ever, the public is giving up personal information in order to take advantage of what is now considered every day conveniences and ignoring the consequences. Even seemingly harmless information is making headlines for its unauthorized use (18). Among this data is user trajectory data which can be described as a user's location information over a time period (6). This data is generated whenever users access their devices to record their location, query the location of a point …