Physical Sciences and Mathematics Commons^™

A Conceptual Decentralized Identity Solution For State Government, Martin Duclos

Theses and Dissertations

In recent years, state governments, exemplified by Mississippi, have significantly expanded their online service offerings to reduce costs and improve efficiency. However, this shift has led to challenges in managing digital identities effectively, with multiple fragmented solutions in use. This paper proposes a Self-Sovereign Identity (SSI) framework based on distributed ledger technology. SSI grants individuals control over their digital identities, enhancing privacy and security without relying on a centralized authority. The contributions of this research include increased efficiency, improved privacy and security, enhanced user satisfaction, and reduced costs in state government digital identity management. The paper provides background on digital …

Privacy-Preserving Bloom Filter-Based Keyword Search Over Large Encrypted Cloud Data, Yanrong Liang, Jianfeng Ma, Yinbin Miao, Da Kuang, Xiangdong Meng, Robert H. Deng

Research Collection School Of Computing and Information Systems

To achieve the search over encrypted data in cloud server, Searchable Encryption (SE) has attracted extensive attention from both academic and industrial fields. The existing Bloom filter-based SE schemes can achieve similarity search, but will generally incur high false positive rates, and even leak the privacy of values in Bloom filters (BF). To solve the above problems, we first propose a basic Privacy-preserving Bloom filter-based Keyword Search scheme using the Circular Shift and Coalesce-Bloom Filter (CSC-BF) and Symmetric-key Hidden Vector Encryption (SHVE) technology (namely PBKS), which can achieve effective search while protecting the values in BFs. Then, we design a …

Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Research Collection School Of Computing and Information Systems

Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly …

Multi-Functional Job Roles To Support Operations In A Multi-Faceted Jewel Enabled By Ai And Digital Transformation, Steven M. Miller

Research Collection School Of Computing and Information Systems

In this story, we highlight the way in which the use of AI enabled support systems, together with work process digital transformation and innovative approaches to job redesign, have combined to dramatically change the nature of the work of the front-line service staff who protect and support the facility and visitors at the world’s most iconic airport mall and lifestyle destination.

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially …

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …

Formal Modeling And Verification Of A Blockchain-Based Crowdsourcing Consensus Protocol, Hamra Afzaal, Muhammad Imran, Muhammad Umar Janjua, Sarada Prasad Gochhayat

VMASC Publications

Crowdsourcing is an effective technique that allows humans to solve complex problems that are hard to accomplish by automated tools. Some significant challenges in crowdsourcing systems include avoiding security attacks, effective trust management, and ensuring the system’s correctness. Blockchain is a promising technology that can be efficiently exploited to address security and trust issues. The consensus protocol is a core component of a blockchain network through which all the blockchain peers achieve an agreement about the state of the distributed ledger. Therefore, its security, trustworthiness, and correctness have vital importance. This work proposes a Secure and Trustworthy Blockchain-based Crowdsourcing (STBC) …

Impact Of Internal Control, Cybersecurity Risk, And Competitive Advantage On Retail Cybersecurity Budget, Samuel William Pfanstiel

Walden Dissertations and Doctoral Studies

Retail organizations are driven to improve security posture for many reasons, including meeting financial regulation requirements, mitigating threats of data breach, and differentiating themselves within markets affected by customer perception. The problem was that little was known about how these drivers of internal control, cybersecurity risk, and competitive advantage impact retail cybersecurity budgets within the retail sector. The purpose of this quantitative nonexperimental correlational study was to describe the relationship between cybersecurity budget and drivers of internal control, cybersecurity risk, and competitive advantage among U.S.-based retail merchant organizations. Real options theory provided a foundation for explaining this decision-making process. Data …

Smart Contract Security: A Practitioners' Perspective, Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang

Research Collection School Of Computing and Information Systems

Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners' perceptions and practices on smart contract security. Our study uncovers practitioners' motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms …

The Future Of Work Now: The Multi-Faceted Mall Security Guard At A Multi-Faceted Jewel, Thomas H. Davenport, Steven M. Miller

Research Collection School Of Computing and Information Systems

One of the most frequently-used phrases at business events these days is “the future of work.” It’s increasingly clear that artificial intelligence and other new technologies will bring substantial changes in work tasks and business processes. But while these changes are predicted for the future, they’re already present in many organizations for many different jobs. The job and incumbents described below are an example of this phenomenon. Steve Miller of Singapore Management University and I co-authored the story.

Relationship Between Specific Security Concerns And Cio Intention To Adopt Cloud, Johnathan Francis Van Houten

Walden Dissertations and Doctoral Studies

Cloud computing adoption rates have not grown commensurate with several well-known and substantially tangible benefits such as horizontal distribution and reduced cost, the latter both in terms of infrastructure and specialized personnel. The lack of adoption presents a challenge to both service providers from a sales perspective and service consumers from a usability focus. The purpose of this quantitative correlational study utilizing the technological, organizational, and environmental framework was to examine the relationship between shared technology (ST), malicious insiders (MI), account hijacking, data leakage, data protection, service partner trust (SP), regulatory concerns and the key decision-makers intention to adopt cloud …

Exploring Mid-Market Strategies For Big Data Governance, Kenneth Stanley Knapton Iii

Walden Dissertations and Doctoral Studies

Many data scientists are struggling to adopt effective data governance practices as they transition from traditional data analysis to big data analytics. Data governance of big data requires new strategies to deal with the volume, variety, and velocity attributes of big data. The purpose of this qualitative multiple case study was to explore big data governance strategies employed by data scientists to provide a holistic perspective of those data for making decisions. The participants were 10 data scientists employed in multiple mid-market companies in the greater Salt Lake City, Utah area who have strategies to govern big data. This study’s …

Iomt Malware Detection Approaches: Analysis And Research Challenges, Mohammad Wazid, Ashok Kumar Das, Joel J.P.C. Rodrigues, Sachin Shetty, Youngho Park

VMASC Publications

The advancement in Information and Communications Technology (ICT) has changed the entire paradigm of computing. Because of such advancement, we have new types of computing and communication environments, for example, Internet of Things (IoT) that is a collection of smart IoT devices. The Internet of Medical Things (IoMT) is a specific type of IoT communication environment which deals with communication through the smart healthcare (medical) devices. Though IoT communication environment facilitates and supports our day-to-day activities, but at the same time it has also certain drawbacks as it suffers from several security and privacy issues, such as replay, man-in-the-middle, impersonation, …

Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler

Ryan Schuetzler

Deception in computer-mediated communication is a widespread phenomenon. Cyber criminals are exploiting technological mediums to communicate with potential targets as these channels reduce both the deception cues and the risk of detection itself. A prevalent deception-based attack in computer-mediated communication is phishing. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying and rejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as …

An Empirical Study On Deterministic Collusive Attack Using Inter Component Communication In Android Applications, Tanzeer Hossain

Wayne State University Theses

Security threats using intent based inter component communication (ICC) channels in Android are under constant scrutiny of software engineering researchers. Though prior research provides empirical evidence on the existence of collusive communication channels in popular android apps, little is known about developers’willful involvement and motivation to exploit these channels.To shed light on this matter, in this paper we devised a novel methodology to deterministically identify developers’ involvement in establishing collusive inter app communication channels. We incorporate static analysis and relational database technology to discover sensitive collusive channels and domain knowledge of the Android SDK to build a model to identify …

Analyzing Small Businesses' Adoption Of Big Data Security Analytics, Henry Mathias

Walden Dissertations and Doctoral Studies

Despite the increased cost of data breaches due to advanced, persistent threats from malicious sources, the adoption of big data security analytics among U.S. small businesses has been slow. Anchored in a diffusion of innovation theory, the purpose of this correlational study was to examine ways to increase the adoption of big data security analytics among small businesses in the United States by examining the relationship between small business leaders' perceptions of big data security analytics and their adoption. The research questions were developed to determine how to increase the adoption of big data security analytics, which can be measured …

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu

UBT International Conference

Complexity of information systems are increasing day by day. The security of information systems that are connected to public networks can be compromised by unauthorized, and usually anonymous, attempts to access them. By using public networks businesses and other institutions are exposed to numerous risks. This leads to more and more vulnerabilities in Information Systems. This situation calls for test methods that are devised from the attacker’s perspective to ensure that test conditions are as realistic as possible. In this paper we will describe complete stages of Vulnerability Assessment and Penetration Testing on some systems in UBT and proactive action …

Strategies Used By Cloud Security Managers To Implement Secure Access Methods, Eric Harmon

Walden Dissertations and Doctoral Studies

Cloud computing can be used as a way to access services and resources for many organizations; however, hackers have created security concerns for users that incorporate cloud computing in their everyday functions. The purpose of this qualitative multiple case study was to explore strategies used by cloud security managers to implement secure access methods to protect data on the cloud infrastructure. The population for this study was cloud security managers employed by 2 medium size businesses in the Atlanta, Georgia metropolitan area and that have strategies to implement secure access methods to protect data on the cloud infrastructure. The technology …

Security Assessment Of Web Applications, Renelada Kushe

UBT International Conference

A web application is an application that is accessed by users over a network such as the internet or intranet. The term also refers an application that is coded in a browser-supported programming language and reliant on a common web browser to render the application executable. Web applications are vulnerable to varies exploits from those which manipulate the application via its graphical web interface (HTTP exploits), to tampering the Uniform Resource Identifier (URI) or tampering HTTPS elements not contained in the URI. Getting started from the accessibility and the variety of exploits, the security assessment is a necessity for providing …

Breathprint: Breathing Acoustics-Based User Authentication, Jagmohan Chauhan, Yining Hu, Suranga Sereviratne, Archan Misra, Aruna Sereviratne, Youngki Lee

Research Collection School Of Computing and Information Systems

We propose BreathPrint, a new behavioural biometric signature based on audio features derived from an individual's commonplace breathing gestures. Specifically, BreathPrint uses the audio signatures associated with the three individual gestures: sniff, normal, and deep breathing, which are sufficiently different across individuals. Using these three breathing gestures, we develop the processing pipeline that identifies users via the microphone sensor on smartphones and wearable devices. In BreathPrint, a user performs breathing gestures while holding the device very close to their nose. Using off-the-shelf hardware, we experimentally evaluate the BreathPrint prototype with 10 users, observed over seven days. We show that users …

Exploring Security, Privacy, And Reliability Strategies To Enable The Adoption Of Iot, Daud Alyas Kamin

Walden Dissertations and Doctoral Studies

The Internet of things (IoT) is a technology that will enable machine-to-machine communication and eventually set the stage for self-driving cars, smart cities, and remote care for patients. However, some barriers that organizations face prevent them from the adoption of IoT. The purpose of this qualitative exploratory case study was to explore strategies that organization information technology (IT) leaders use for security, privacy, and reliability to enable the adoption of IoT devices. The study population included organization IT leaders who had knowledge or perceptions of security, privacy, and reliability strategies to adopt IoT at an organization in the eastern region …

How Attitude Toward The Behavior, Subjective Norm, And Perceived Behavioral Control Affects Information Security Behavior Intention, David Philip Johnson

Walden Dissertations and Doctoral Studies

The education sector is at high risk for information security (InfoSec) breaches and in need of improved security practices. Achieving data protections cannot be through technical means alone. Addressing the human behavior factor is required. Security education, training, and awareness (SETA) programs are an effective method of addressing human InfoSec behavior. Applying sociobehavioral theories to InfoSec research provides information to aid IT security program managers in developing improved SETA programs. The purpose of this correlational study was to examine through the theoretical lens of the theory of planned behavior (TPB) how attitude toward the behavior (ATT), subjective norm (SN), and …

A System For Detecting Malicious Insider Data Theft In Iaas Cloud Environments, Jason Nikolai, Yong Wang

Faculty Research & Publications

The Cloud Security Alliance lists data theft and insider attacks as critical threats to cloud security. Our work puts forth an approach using a train, monitor, detect pattern which leverages a stateful rule based k-nearest neighbors anomaly detection technique and system state data to detect inside attacker data theft on Infrastructure as a Service (IaaS) nodes. We posit, instantiate, and demonstrate our approach using the Eucalyptus cloud computing infrastructure where we observe a 100 percent detection rate for abnormal login events and data copies to outside systems.

Empirical Analysis Of Socio-Cognitive Factors Affecting Security Behaviors And Practices Of Smartphone Users, Joseph P. Simpson

CCE Theses and Dissertations

The overall security posture of information systems (IS) depends on the behaviors of the IS users. Several studies have shown that users are the greatest vulnerability to IS security. The proliferation of smartphones is introducing an entirely new set of risks, threats, and vulnerabilities. Smartphone devices amplify this data exposure problem by enabling instantaneous transmission and storage of personally identifiable information (PII) by smartphone users, which is becoming a major security risk. Moreover, companies are also capitalizing on the availability and powerful computing capabilities of these smartphone devices and developing a bring-your-own-device (BYOD) program, which makes companies susceptible to divulgence …

Understanding The Impact Of Hacker Innovation Upon Is Security Countermeasures, Sean M. Zadig

CCE Theses and Dissertations

Hackers external to the organization continue to wreak havoc upon the information systems infrastructure of firms through breaches of security defenses, despite constant development of and continual investment in new IS security countermeasures by security professionals and vendors. These breaches are exceedingly costly and damaging to the affected organizations. The continued success of hackers in the face of massive amounts of security investments suggests that the defenders are losing and that the hackers can innovate at a much faster pace.

Underground hacker communities have been shown to be an environment where attackers can learn new techniques and share tools pertaining …

On Robust Image Spam Filtering Via Comprehensive Visual Modeling, Jialie Shen, Deng, Robert H., Zhiyong Cheng, Liqiang Nie, Shuicheng Yan

Research Collection School Of Computing and Information Systems

The Internet has brought about fundamental changes in the way peoples generate and exchange media information. Over the last decade, unsolicited message images (image spams) have become one of the most serious problems for Internet service providers (ISPs), business firms and general end users. In this paper, we report a novel system called RoBoTs (Robust BoosTrap based spam detector) to support accurate and robust image spam filtering. The system is developed based on multiple visual properties extracted from different levels of granularity, aiming to capture more discriminative contents for effective spam image identification. In addition, a resampling based learning framework …

Security Policies That Make Sense For Complex Systems: Comprehensible Formalism For The System Consumer, Rhonda R. Henning

CCE Theses and Dissertations

Information Systems today rarely are contained within a single user workstation, server, or networked environment. Data can be transparently accessed from any location, and maintained across various network infrastructures. Cloud computing paradigms commoditize the hardware and software environments and allow an enterprise to lease computing resources by the hour, minute, or number of instances required to complete a processing task. An access control policy mediates access requests between authorized users of an information system and the system's resources. Access control policies are defined at any given level of abstraction, such as the file, directory, system, or network, and can be …

Using Database Management System Todevelop And Implement An Automated Vehicle Management System, Dr. Dipo Theophilus Akomolafe Mbcs, Mncs, Mcpn,, Naomi Timothy, Francis Ofere

Dr. Dipo Theophilus Akomolafe MBCS, MNCS, MCPN,

The automated motor vehicle management system is a system developed for managing the movement of vehicles in and out of an organization. Presently, movemnts of vehicles in most organisations are handled manually bythe security officials that are stationed at the gates. This system is associated with mismanaged data, inaccurate data or no data at all in some instances. Consequently, it is imperative to develop a computerized system to manage data taken from the large number of vehicles that move in and out of organisations in order to deal with cases of theft, proper monitoring of people and vehicles and to …

Supporting And Securing Personal Mobile Devices Within An Existing Information Technology Environment, George Allen Patton

Walden Dissertations and Doctoral Studies

Personal mobile devices are becoming integrated into the daily operations of business. Managers are realizing that employees who are allowed to use personal mobile devices to access corporate information systems may reduce costs as users buy their own devices. The problem was that managers have a limited understanding of the need to secure or support personal mobile devices. The purpose of this survey study was to examine the relationship between employees' desire to use personal mobile devices and corporation needs for security and support. Hypotheses were tested by examining the relationships between the requirement to support and secure personal mobile …

An Access Control Model For Nosql Databases, Motahera Shermin

Electronic Thesis and Dissertation Repository

Current development platforms are web scale, unlike recent platforms which were just network scale. There has been a rapid evolution in computing paradigm that has created the need for data storage as agile and scalable as the applications they support. Relational databases with their joins and locks influence performance in web scale systems negatively. Thus, various types of non-relational databases have emerged in recent years, commonly referred to as NoSQL databases. To fulfill the gaps created by their relational counter-part, they trade consistency and security for performance and scalability. With NoSQL databases being adopted by an increasing number of organizations, …