Physical Sciences and Mathematics Commons^™

A Domain Specific Language For Digital Forensics And Incident Response Analysis, Christopher D. Stelly

University of New Orleans Theses and Dissertations

One of the longstanding conceptual problems in digital forensics is the dichotomy between the need for verifiable and reproducible forensic investigations, and the lack of practical mechanisms to accomplish them. With nearly four decades of professional digital forensic practice, investigator notes are still the primary source of reproducibility information, and much of it is tied to the functions of specific, often proprietary, tools.

The lack of a formal means of specification for digital forensic operations results in three major problems. Specifically, there is a critical lack of:

a) standardized and automated means to scientifically verify accuracy of digital forensic tools; …

Dronescape:Distributed Rapid On-Site Network Self-Deploying Cellular Advanced Phone Environment, Daryl Johnson, Bill Stackpole

Presentations and other scholarship

When disasters happen, the speed with which first responders and emergency personnel can contact and be contacted by the people affected by the disaster during the first minutes or hours is critical. Early communications can make the difference between life and death. During a disaster communications infrastructure of the affected area is likely to be compromised. This project proposes an inexpensive, rapidly deployable cloud of autonomous drones, each coupled with a micro-cellular base station that deploys from a transportable deployment module. The goal is to temporarily restore communications for both first responders to communicate amongst themselves as well as for …

Advanced Security Analysis For Emergent Software Platforms, Mohannad Alhanahnah

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Emergent software ecosystems, boomed by the advent of smartphones and the Internet of Things (IoT) platforms, are perpetually sophisticated, deployed into highly dynamic environments, and facilitating interactions across heterogeneous domains. Accordingly, assessing the security thereof is a pressing need, yet requires high levels of scalability and reliability to handle the dynamism involved in such volatile ecosystems.

This dissertation seeks to enhance conventional security detection methods to cope with the emergent features of contemporary software ecosystems. In particular, it analyzes the security of Android and IoT ecosystems by developing rigorous vulnerability detection methods. A critical aspect of this work is the …

Benchmarking Applicability Of Cryptographic Wireless Communication Over Arduino Platforms, Carolina Vázquez Torres

University Honors Program Senior Projects

The spaces around us are becoming equipped with devices and appliances that collect data from their surroundings and react accordingly to provide smarter networks where they are interconnected and able to communicate with one another. These smart networks of devices and appliances along with the applications that utilize them build smart spaces known as Internet of Things (IoT). With the on growing popularity of such smart devices (e.g., smart cars, watches, home-security systems) and IoT, the need for securing these environments increases. The smart devices around us can collect private and personal information, and the challenge lies in maintaining the …

Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park

VMASC Publications

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …

Rhetsec_ | Rhetorical Security, Jennifer Mead

Culminating Projects in English

Rhetsec_ examines the rhetorical situation, the rhetorical appeals, and how phishing emails simulate "real" emails in five categories of phishing emails. While the first focus of cybersecurity is security, you must also understand the language of computers to know how to secure them. Phishing is one way to compromise security using computers, and so the computer becomes a tool for malicious language (phishing emails and malware) to be transmitted. Therefore to be concerned with securing computers, then you must also be concerned with language. Language is rhetoric's domain, and the various rhetorical elements which create an identity of the phisher …

Iomt Malware Detection Approaches: Analysis And Research Challenges, Mohammad Wazid, Ashok Kumar Das, Joel J.P.C. Rodrigues, Sachin Shetty, Youngho Park

VMASC Publications

The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, …

Authentication Usability Methodology, Jean-Baptiste Subils

USF Tampa Graduate Theses and Dissertations

Nowadays many systems require end users to authenticate themselves. Authentication is one of the security activities that end users perform the most. Thus, the usability of this security feature plays a major role in the proper utilization and adoption of a novel authentication method.

This dissertation presents coauthentication, a novel authentication system. Many authentication methods and protocols exist, but passwords remain the predominant authentication method used. Coauthentication is presented here in detail in several possible variations and their associated protocols, with performance comparisons.

This dissertation also presents a framework to evaluate authentication methods in terms of usability.

A large body …

Proximity Detection With Single-Antenna Iot Devices, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz

Dartmouth Scholarship

Providing secure communications between wireless devices that encounter each other on an ad-hoc basis is a challenge that has not yet been fully addressed. In these cases, close physical proximity among devices that have never shared a secret key is sometimes used as a basis of trust; devices in close proximity are deemed trustworthy while more distant devices are viewed as potential adversaries. Because radio waves are invisible, however, a user may believe a wireless device is communicating with a nearby device when in fact the user’s device is communicating with a distant adversary. Researchers have previously proposed methods for …

Challenges In Large-Scale Machine Learning Systems: Security And Correctness, Emad Alsuwat

Theses and Dissertations

In this research, we address the impact of data integrity on machine learning algorithms. We study how an adversary could corrupt Bayesian network structure learning algorithms by inserting contaminated data items. We investigate the resilience of two commonly used Bayesian network structure learning algorithms, namely the PC and LCD algorithms, against data poisoning attacks that aim to corrupt the learned Bayesian network model.

Data poisoning attacks are one of the most important emerging security threats against machine learning systems. These attacks aim to corrupt machine learning models by con- taminating datasets in the training phase. The lack of resilience of …

Using Vibrations From A Smartring As An Out-Of-Band Channel For Sharing Secret Keys, Sougata Sen, Varun Mishra, David Kotz

Dartmouth Scholarship

With the rapid growth in the number of Internet of Things (IoT) devices with wireless communication capabilities, and sensitive information collection capabilities, it is becoming increasingly necessary to ensure that these devices communicate securely with only authorized devices. A major requirement of this secure communication is to ensure that both the devices share a secret, which can be used for secure pairing and encrypted communication. Manually imparting this secret to these devices becomes an unnecessary overhead, especially when the device interaction is transient. In this work, we empirically investigate the possibility of using an out-of-band communication channel – vibration, generated …

Closetalker: Secure, Short-Range Ad Hoc Wireless Communication, Timothy J. Pierson, Travis Peters, Ronald Peterson, David Kotz

Dartmouth Scholarship

Secure communication is difficult to arrange between devices that have not previously shared a secret. Previous solutions to the problem are susceptible to man-in-the-middle attacks, require additional hardware for out-of-band communication, or require an extensive public-key infrastructure. Furthermore, as the number of wireless devices explodes with the advent of the Internet of Things, it will be impractical to manually configure each device to communicate with its neighbors. Our system, CloseTalker, allows simple, secure, ad hoc communication between devices in close physical proximity, while jamming the signal so it is unintelligible to any receivers more than a few centimeters away. CloseTalker …

The Performance Cost Of Security, Lucy R. Bowen

Master's Theses

Historically, performance has been the most important feature when optimizing computer hardware. Modern processors are so highly optimized that every cycle of computation time matters. However, this practice of optimizing for performance at all costs has been called into question by new microarchitectural attacks, e.g. Meltdown and Spectre. Microarchitectural attacks exploit the effects of microarchitectural components or optimizations in order to leak data to an attacker. These attacks have caused processor manufacturers to introduce performance impacting mitigations in both software and silicon.

To investigate the performance impact of the various mitigations, a test suite of forty-seven different tests was created. …

Preventing Browser Fingerprinting By Randomizing Canvas, Rianna Quiogue

Honors Theses

Whether users know it or not, their online behaviors are being tracked and stored by many of the websites they visit regularly through a technique called browser fingerprinting. Just like a person's physical fingerprint can identify them, users' browser fingerprints can identify them on the Internet. This thesis outlines the techniques used in browser fingerprinting and explains how although it can be used for good, it can also be a major threat to people's online privacy and security. Since browser fingerprinting has gained popularity among many websites and advertising companies, researchers have been developing ways to counteract its effectiveness by …

Hacking The Extended Mind: The Security Implications Of The New Metaphysics, Robin L. Zebrowski

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Computer security expert Paul Syverson has argued that there is a computer security equivalent of gaslighting: where a clever adversary could convince some system that some component that is not really a part of the system is in fact a part of the system. If non-biological items from our environments (or even pieces of our environments themselves) can be part of our minds (the standard Extended Mind hypothesis, EM), they are therefore part of our selves, and therefore subject to Syverson’s worry about boundary in a way that has not been explored before. If some version of EM holds, then …

Securing Our Future Homes: Smart Home Security Issues And Solutions, Nicholas Romano

Senior Honors Theses

The Internet of Things, commonly known as IoT, is a new technology transforming businesses, individuals’ daily lives and the operation of entire countries. With more and more devices becoming equipped with IoT technology, smart homes are becoming increasingly popular. The components that make up a smart home are at risk for different types of attacks; therefore, security engineers are developing solutions to current problems and are predicting future types of attacks. This paper will analyze IoT smart home components, explain current security risks, and suggest possible solutions. According to “What is a Smart Home” (n.d.), a smart home is a …

The Security Of Big Data In Fog-Enabled Iot Applications Including Blockchain: A Survey, Noshina Tariq, Muhammad Asim, Feras Al-Obeidat, Muhammad Zubair Farooqi, Thar Baker, Mohammad Hammoudeh, Ibrahim Ghafir

All Works

© 2019 by the authors. Licensee MDPI, Basel, Switzerland. The proliferation of inter-connected devices in critical industries, such as healthcare and power grid, is changing the perception of what constitutes critical infrastructure. The rising interconnectedness of new critical industries is driven by the growing demand for seamless access to information as the world becomes more mobile and connected and as the Internet of Things (IoT) grows. Critical industries are essential to the foundation of today’s society, and interruption of service in any of these sectors can reverberate through other sectors and even around the globe. In today’s hyper-connected world, the …

The Ethics Of Cookies: Exploring The Collection Of Big Data And Its Ramifications, Sarah Biely

Honor Scholar Theses

Technology is taking over the world. In every aspect of human life, technology has been able to provide some sort of help or solution. At the forefront of this revolution is the Internet and with it, the activity of day-to-day life that now takes place online. This rapid takeover pushes technological innovations to develop quickly, pushing boundaries and creating a new way of life.

Today in the United States, websites are allowed to track user data. When a user clicks on a website that intends on documenting the user's actions, the website installs a tracker, otherwise known as "cookie." Websites …

Scalable Containerized Security Training Environment, Robert Sauer

Mahurin Honors College Capstone Experience/Thesis Projects

The purpose of this project is to develop a portable application which is hosted on a server that provides an environment to safely conduct security training procedures and protocols. The project will be scalable to handle from a few to a multitude of users concurrently using a single server. For many users to perform security training simultaneously, each user must be directed to a sandbox environment, a container, where one user’s actions do not affect the website or database of other users. Furthermore, such an application should be readily deployable into any environment to provide the widest range of compatibility. …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Feasibility And Security Analysis Of Wideband Ultrasonic Radio For Smart Home Applications, Qi Xia

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Smart home Internet-of-Things (IoT) accompanied by smart home apps has witnessed tremendous growth in the past few years. Yet, the security and privacy of the smart home IoT devices and apps have raised serious concerns, as they are getting increasingly complicated each day, expected to store and exchange extremely sensitive personal data, always on and connected, and commonly exposed to any users in a sensitive environment. Nowadays wireless smart home IoT devices rely on electromagnetic wave-based radio-frequency (RF) technology to establish fast and reliable quality network connections. However, RF has its limitations that can negatively affect the smart home user …

After Https: Indicating Risk Instead Of Security, Matthew Wayne Holt

Theses and Dissertations

Browser security indicators show warnings when sites load without HTTPS, but more malicious sites are using HTTPS to appear legitimate in browsers and deceive users. We explore a new approach to browser indicators that overcomes several limitations of existing indicators. First, we develop a high-level risk assessment framework to identify risky interactions and evaluate the utility of this approach through a survey. Next, we evaluate potential designs for a new risk indicator to communicate risk rather than security. Finally, we conduct a within-subjects user study to compare the risk indicator to existing security indicators by observing participant behavior and collecting …

Frameup: An Incriminatory Attack On Storj: A Peer To Peer Blockchain Enabled Distributed Storage System, Xiaolu Zhang, Justin Grannis, Ibrahim Baggili, Nicole Lang Beebe

Electrical & Computer Engineering and Computer Science Faculty Publications

In this work we present a primary account of frameup, an incriminatory attack made possible because of existing implementations in distributed peer to peer storage. The frameup attack shows that an adversary has the ability to store unencrypted data on the hard drives of people renting out their hard drive space. This is important to forensic examiners as it opens the door for possibly framing an innocent victim. Our work employs Storj as an example technology, due to its popularity and market size. Storj is a blockchain enabled system that allows people to rent out their hard drive space …

Continuous Smartphone Authentication Using Wristbands, Shrirang Mare, Reza Rawassizadeh, Ronald Peterson, David Kotz

Dartmouth Scholarship

Many users find current smartphone authentication methods (PINs, swipe patterns) to be burdensome, leading them to weaken or disable the authentication. Although some phones support methods to ease the burden (such as fingerprint readers), these methods require active participation by the user and do not verify the user’s identity after the phone is unlocked. We propose CSAW, a continuous smartphone authentication method that leverages wristbands to verify that the phone is in the hands of its owner. In CSAW, users wear a wristband (a smartwatch or a fitness band) with built-in motion sensors, and by comparing the wristband’s motion with …

Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler

Ryan Schuetzler

Deception in computer-mediated communication is a widespread phenomenon. Cyber criminals are exploiting technological mediums to communicate with potential targets as these channels reduce both the deception cues and the risk of detection itself. A prevalent deception-based attack in computer-mediated communication is phishing. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying and rejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as …

Patient Preferences For Authentication And Security: A Comparison Study Of Younger And Older Patients, Ann Fruhling, Devika Ramachandran, Tamara Bernard, Ryan Schuetzler, John R. Windle

Ryan Schuetzler

We examine authentication and security preferences of younger versus older patients in the healthcare domain. Previous research has investigated users' perception of the acceptability of various forms of authentication in nonhealthcare domains, but not patients’ preferences. First, we developed an interactive prototype to test three authentication methods: passwords, pattern, and voice. Our results indicate that younger patients prefer passwords by a significant margin. Older patients indicated more mixed preferences. In addition, we evaluated the level of security patients desired for protection of health information compared to financial information. We found no difference based on age: both groups felt financial security …

Social Engineering In Call Centers And Ways To Reduce It, Maureen York

Economic Crime Forensics Capstones

Social engineering is the use of trickery, deception, persuasion, emotional manipulation, impersonation, and abuse of trust to gain information or access through the use of a human interface (Thompson, 2006). Social engineering relies on the human behavior in order to gain information or access. The technique of social engineering can be performed in numerous ways and has been proven to be an effective way for perpetrators to obtain valuable information.

This capstone project, I will focus on social engineering of call centers and the steps organizations can take to reduce it. For most organizations, the call centers or customer support …

An Empirical Study On Deterministic Collusive Attack Using Inter Component Communication In Android Applications, Tanzeer Hossain

Wayne State University Theses

Security threats using intent based inter component communication (ICC) channels in Android are under constant scrutiny of software engineering researchers. Though prior research provides empirical evidence on the existence of collusive communication channels in popular android apps, little is known about developers’willful involvement and motivation to exploit these channels.To shed light on this matter, in this paper we devised a novel methodology to deterministically identify developers’ involvement in establishing collusive inter app communication channels. We incorporate static analysis and relational database technology to discover sensitive collusive channels and domain knowledge of the Android SDK to build a model to identify …

A New Network Model For Cyber Threat Intelligence Sharing Using Blockchain Technology, Daire Homan, Ian Shiel, Christina Thorpe

Conference Papers

The aim of this research is to propose a new blockchain network model that facilitates the secure dissemination of Cyber Threat Intelligence (CTI) data. The primary motivations for this study are based around the recent changes to information security legislation in the European Union and the challenges that Computer Security and Incident Response Teams (CSIRT) face when trying to share actionable and highly sensitive data within systems where participants do not always share the same interests or motivations. We discuss the common problems within the domain of CTI sharing and we propose a new model, that leverages the security properties …

Comprehending The Safety Paradox And Privacy Concerns With Medical Device Remote Patient Monitoring, Marc Doyle

CCE Theses and Dissertations

Medical literature identifies a number of technology-driven improvements in disease management such as implantable medical devices (IMDs) that are a standard treatment for candidates with specific diseases. Among patients using implantable cardiac defibrillators (ICD), for example, problems and issues are being discovered faster compared to patients without monitoring, improving safety. What is not known is why patients report not feeling safer, creating a safety paradox, and why patients identify privacy concerns in ICD monitoring.

There is a major gap in the literature regarding the factors that contribute to perceived safety and privacy in remote patient monitoring (RPM). To address this …