Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Institution
-
- Embry-Riddle Aeronautical University (59)
- Singapore Management University (36)
- Edith Cowan University (16)
- Air Force Institute of Technology (9)
- Selected Works (6)
-
- Maurer School of Law: Indiana University (4)
- University of Arkansas, Fayetteville (4)
- California State University, San Bernardino (3)
- University of New Haven (2)
- Brigham Young University (1)
- Franklin University (1)
- Georgia State University (1)
- Governors State University (1)
- Portland State University (1)
- SelectedWorks (1)
- University of Dayton (1)
- University of Nebraska at Omaha (1)
- Western University (1)
- Keyword
-
- Computer security (6)
- Data protection (5)
- Applied sciences (4)
- Data privacy (4)
- Digital forensics (4)
-
- Android (3)
- Cloud computing (3)
- Computer Forensics (3)
- Intrusion detection systems (Computer security) (3)
- Network security (3)
- Privacy (3)
- Security (3)
- Access Control (2)
- Access control (2)
- Anomaly detection (Computer security) (2)
- Authentication (2)
- Botnets (2)
- Cell phone (2)
- Computer forensics (2)
- Data encryption (Computer science) (2)
- Data mining (2)
- Data security (2)
- Defect prediction (2)
- Digital Forensics (2)
- Digital evidence (2)
- Digital signature (2)
- EPC Discovery Service (2)
- Email (2)
- End users (2)
- Evidence (2)
- Publication
-
- Journal of Digital Forensics, Security and Law (45)
- Research Collection School Of Computing and Information Systems (32)
- Annual ADFSL Conference on Digital Forensics, Security and Law (13)
- Australian Information Security Management Conference (13)
- Theses and Dissertations (9)
-
- Articles by Maurer Faculty (4)
- Graduate Theses and Dissertations (4)
- Dr Guilin Wang (3)
- Theses Digitization Project (3)
- Electrical & Computer Engineering and Computer Science Faculty Publications (2)
- LARC Research Publications (2)
- Research outputs 2012 (2)
- All Capstone Projects (1)
- All Faculty and Staff Scholarship (1)
- Computer Science Faculty Publications (1)
- David LO (1)
- Dissertations and Theses (1)
- Dissertations and Theses Collection (Open Access) (1)
- EBCS Articles (1)
- Electrical and Computer Engineering Publications (1)
- Faculty Publications (1)
- Interdisciplinary Informatics Faculty Publications (1)
- Leisa Armstrong (1)
- Maurice Dawson (1)
- Miriam A M Capretz (1)
- Research Collection School Of Accountancy (1)
- Security Studies & International Affairs - Daytona Beach (1)
- Theses: Doctorates and Masters (1)
- Publication Type
Articles 1 - 30 of 148
Full-Text Articles in Physical Sciences and Mathematics
Security Analysis Of Two Signcryption Schemes, Guilin Wang, Robert H. Deng, Dongjin Kwak, Sangjae Moon
Security Analysis Of Two Signcryption Schemes, Guilin Wang, Robert H. Deng, Dongjin Kwak, Sangjae Moon
Dr Guilin Wang
Signcryption is a new cryptographic primitive that performs signing and encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In this paper, we present a security analysis of two such schemes: the Huang-Chang convertible signcryption scheme, and the Kwak-Moon group signcryption scheme. Our results show that both schemes are insecure. Specifically, the Huang-Chang scheme fails to provide confidentiality, while the Kwak-Moon scheme does not satisfy the properties of unforgeability, coalition-resistance, and traceability.
Comments On "A Practical (T, N) Threshold Proxy Signature Scheme Based On The Rsa Cryptosystem", Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng
Comments On "A Practical (T, N) Threshold Proxy Signature Scheme Based On The Rsa Cryptosystem", Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng
Dr Guilin Wang
In a (t, n) threshold proxy signature scheme based on RSA, any t or more proxy signers can cooperatively generate a proxy signature while t-1 or fewer of them can't do it. The threshold proxy signature scheme uses the RSA cryptosystem to generate the private and the public key of the signers. In this article, we discuss the implementation and comparison of some threshold proxy signature schemes that are based on the RSA cryptosystem. Comparison is done on the basis of time complexity, space complexity and communication overhead. We compare the performance of four schemes: Hwang et al., Wen et …
Proxy Signature Scheme With Multiple Original Signers For Wireless E-Commerce Applications, Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng
Proxy Signature Scheme With Multiple Original Signers For Wireless E-Commerce Applications, Guilin Wang, Feng Bao, Jianying Zhou, Robert H. Deng
Dr Guilin Wang
In a proxy signature scheme, a user delegates his/her signing capability to another user in such a way that the latter can sign messages on behalf of the former. We propose an efficient and secure proxy signature scheme with multiple original signers. Our scheme is suitable for wireless electronic commerce applications, since the overheads of computation and communication are low. As an example, we present an electronic air ticket booking scheme for wireless customers.
An Information Security Awareness Capability Model (Isacm), Robert Poepjes, Michael Lane
An Information Security Awareness Capability Model (Isacm), Robert Poepjes, Michael Lane
Australian Information Security Management Conference
A lack of information security awareness within some parts of society as well as some organisations continues to exist today. Whilst we have emerged from the threats of late 1990s of viruses such as Code Red and Melissa, through to the phishing emails of the mid 2000’s and the financial damage some such as the Nigerian scam caused, we continue to react poorly to new threats such as demanding money via SMS with a promise of death to those who won’t pay. So is this lack of awareness translating into problems within the workforce? There is often a lack of …
Experimenting With Anomaly Detection By Mining Large-Scale Information Networks, A. Taleb-Bendiab
Experimenting With Anomaly Detection By Mining Large-Scale Information Networks, A. Taleb-Bendiab
Australian Information Security Management Conference
Social networks have formed the basis of many studies into large networks analysis. Whilst much is already known regarding efficient algorithms for large networks analysis, data mining, knowledge diffusion, anomaly detection, viral marketing, to mention. More recent research is focussing on new classes of efficient approximate algorithms that can scale to billion nodes and edges. To this end, this paper presents an extension of an algorithm developed originally to analyse large scale-free autonomic networks called the Global Observer Model. In this paper, the algorithm is studied in the context of monitoring large-scale information networks. Hence, taking into account the size …
Does The Android Permission System Provide Adequate Information Privacy Protection For End-Users Of Mobile Apps?, Michael Lane
Does The Android Permission System Provide Adequate Information Privacy Protection For End-Users Of Mobile Apps?, Michael Lane
Australian Information Security Management Conference
This paper investigates the Android permission system and its adequacy in alerting end-users of potential information privacy risks in an app. When an end-user seeks to install an app, they are presented with the required permissions and make a supposedly informed decision as to whether to install that app based on the permissions presented. The results from an analysis of ten popular apps indicate a number of permissions that pose potential information privacy risks of which most end-users are likely to be unaware. The Android permission system is complex and difficult for end-users to comprehend and effectively evaluate the potential …
Web-Based Risk Analysis For Home Users, R. T. Magaya, N. L. Clarke
Web-Based Risk Analysis For Home Users, R. T. Magaya, N. L. Clarke
Australian Information Security Management Conference
The advancement of the Internet has provided access to a wide variety of online services such as banking, e-commerce, social networking and entertainment. The wide availability and popularity of the Internet has also led to the rise in risks and threats to users, as criminals have taken an increasingly active role in abusing innocent users. Current risk analysis tools, techniques and methods available do not cater for home users but are tailored for large organisations. The tools require expertise to use them and they are expensive to purchase. What is available for home users are generic information portals that provide …
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
The Mobile Execution Environment: A Secure And Non-Intrusive Approach To Implement A Bring You Own Device Policy For Laptops, Peter James, Don Griffiths
Australian Information Security Management Conference
Bring Your Own Device (BYOD) has become an established business practice, however the practice can increase an organisation’s information security risks. The implementation of a BYOD policy for laptops must consider how the information security risks can be mitigated or managed. The selection of an appropriate secure laptop software configuration is an important part of the information security risk mitigation/management strategy. This paper considers how a secure laptop software configuration, the Mobile Execution Environment (MEE) can be used to minimise risks when a BYOD policy for laptops is implemented. In this paper the security and business risks associated with the …
Harms: Hierarchical Attack Representation Models For Network Security Analysis, Jin Hong, Dong-Seong Kim
Harms: Hierarchical Attack Representation Models For Network Security Analysis, Jin Hong, Dong-Seong Kim
Australian Information Security Management Conference
Attack models can be used to assess network security. Purely graph based attack representation models (e.g., attack graphs) have a state-space explosion problem. Purely tree-based models (e.g., attack trees) cannot capture the path information explicitly. Moreover, the complex relationship between the host and the vulnerability information in attack models create difficulty in adjusting to changes in the network, which is impractical for modern large and dynamic network systems. To deal with these issues, we propose hierarchical attack representation models (HARMs). The main idea is to use two-layer hierarchy to separate the network topology information (in the upper layer) from the …
Territorial Behavior And The Economics Of Botnets, Craig S. Wright
Territorial Behavior And The Economics Of Botnets, Craig S. Wright
Australian Information Security Management Conference
This paper looks at the economics associated with botnets. This research can be used to calculate territorial sizes for online criminal networks. Looking at the types of systems we can compare the time required to maintain the botnet against the benefits received. In doing this it will be possible to formulate economic defence strategies that reduce the benefits received through the control of the botnet. We look at the decision to be territorial or not from the perspective of the criminal bot-herder. This is extended to an analysis of territorial size. The criminal running a botnet seeks to maximize profit. …
Implementing A Secure Academic Grid System - A Malaysian Case, Mohd Samsu Sajat, Suhaidi Hassan, Adi Affandi Ahmad, Ali Yusny Daud, Amran Ahmad
Implementing A Secure Academic Grid System - A Malaysian Case, Mohd Samsu Sajat, Suhaidi Hassan, Adi Affandi Ahmad, Ali Yusny Daud, Amran Ahmad
Australian Information Security Management Conference
Computational grids have become very popular in the recent times due to their capabilities and flexibility in handling large computationally intensive jobs. When it comes to the implementation of practical grid systems, security plays a major role due to the confidentiality of the information handled and the nature of the resources employed. Also due to the complex nature of the grid operations, grid systems face unique security threats compared to other distributed systems. This paper describes how to implement a secure grid system with special emphasis on the steps to be followed in obtaining, implementing and testing PKI certificates.
A Proposed Formula For Comparing Kill Password Effectiveness In Single Password Rfid Systems, Christopher Bolan
A Proposed Formula For Comparing Kill Password Effectiveness In Single Password Rfid Systems, Christopher Bolan
Australian Information Security Management Conference
The Electronic Product Code standard for RFID systems plays a significant role in worldwide RFID implementations. A feature of the RFID standards has been the RFID Kill command which allows for the "permanent" destruction of an RFID tag through the issuing of a simple command. Whilst the inclusion of this command may be vital for user privacy it also opens up significant avenues for attack. Whilst such attacks may be well documented there has been little to no discussion of the efficacy of the differing mitigation approaches taken. A simple formula to calculate the full timing of such an attack …
Human-Readable Real-Time Classifications Of Malicious Executables, Anselm Teh, Arran Stewart
Human-Readable Real-Time Classifications Of Malicious Executables, Anselm Teh, Arran Stewart
Australian Information Security Management Conference
Shafiq et al. (2009a) propose a non–signature-based technique for detecting malware which applies data mining techniques to features extracted from executable files. Their technique has a high level of accuracy, a low false positive rate, and a speed on par with commercial anti-virus products. One portion of their technique uses a multi-layer perceptron as a classifier, which provides little insight into the reasons for classification. Our experience is that network security analysts prefer tools which provide human-comprehensible reasons for a classification, rather than operating as “black boxes”. We therefore build on the results of Shafiq et al. by demonstrating a …
An Investigation Into The Wi-Fi Protected Setup Pin Of The Linksys Wrt160n V2, Symon Aked, Christopher Bolan, Murray Brand
An Investigation Into The Wi-Fi Protected Setup Pin Of The Linksys Wrt160n V2, Symon Aked, Christopher Bolan, Murray Brand
Australian Information Security Management Conference
Wi-Fi Protected Setup (WPS) is a method of allowing a consumer to set up a secure wireless network in a user friendly way. However, in December 2011 it was discovered that a brute force attack exists that reduces the WPS key space from 108 to 104+103. This resulted in a proof of concept tool that was able to search all possible combinations of PINs within a few days.This research presents a methodology to test wireless devices to determine their susceptibility to the external registrar PIN authentication design vulnerability. A number of devices were audited, and the Linksys WRT160N v2 router …
Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward
Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward
Australian Information Security Management Conference
The usage of 128 bit addresses with hexadecimal representation in IPv6 poses significant potential privacy issues. This paper discusses the means of allocating IPv6 addresses, along with the implications each method may have upon privacy in different usage scenarios. The division of address space amongst the global registries in a hierarchal fashion can provide geographical information about the location of an address, and its originating device. Many IPv6 address configuration methods are available, including DHCPv6, SLAAC (with or without privacy extensions), and Manual assignment. These assignment techniques are dissected to expose the identifying characteristics of each technique. It is seen …
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Semi-Automated Verification Of Defense Against Sql Injection In Web Applications, Kaiping Liu, Hee Beng Kuan Tan, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
Recent reports reveal that majority of the attacks to Web applications are input manipulation attacks. Among these attacks, SQL injection attack malicious input is submitted to manipulate the database in a way that was unintended by the applications' developers is one such attack. This paper proposes an approach for assisting to code verification process on the defense against SQL injection. The approach extracts all such defenses implemented in code. With the use of the proposed approach, developers, testers or auditors can then check the defenses extracted from code to verify their adequacy. We have evaluated the feasibility, effectiveness, and usefulness …
Ibinhunt: Binary Hunting With Inter-Procedural Control Flow, Jiang Ming, Meng Pan, Debin Gao
Ibinhunt: Binary Hunting With Inter-Procedural Control Flow, Jiang Ming, Meng Pan, Debin Gao
Research Collection School Of Computing and Information Systems
Techniques have been proposed to find the semantic differences between two binary programs when the source code is not available. Analyzing control flow, and in particular, intra-procedural control flow, has become an attractive technique in the latest binary diffing tools since it is more resistant to syntactic, but non-semantic, differences. However, this makes such techniques vulnerable to simple function obfuscation techniques (e.g., function inlining) attackers any malware writers could use. In this paper, we first show function obfuscation as an attack to such binary diffing techniques, and then propose iBinHunt which uses deep taint and automatic input generation to find …
Scalable Malware Clustering Through Coarse-Grained Behavior Modeling, Mahinthan Chandramohan, Hee Beng Kuan Tan, Lwin Khin Shar
Scalable Malware Clustering Through Coarse-Grained Behavior Modeling, Mahinthan Chandramohan, Hee Beng Kuan Tan, Lwin Khin Shar
Research Collection School Of Computing and Information Systems
Anti-malware vendors receive several thousand new malware (malicious software) variants per day. Due to large volume of malware samples, it has become extremely important to group them based on their malicious characteristics. Grouping of malware variants that exhibit similar behavior helps to generate malware signatures more efficiently. Unfortunately, exponential growth of new malware variants and huge-dimensional feature space, as used in existing approaches, make the clustering task very challenging and difficult to scale. Furthermore, malware behavior modeling techniques proposed in the literature do not scale well, where malware feature space grows in proportion with the number of samples under examination. …
Audit Mechanisms For Provable Risk Management And Accountable Data Governance, Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Audit Mechanisms For Provable Risk Management And Accountable Data Governance, Jeremiah Blocki, Nicolas Christin, Anupam Datta, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Organizations that collect and use large volumes of personal information are expected under the principle of accountable data governance to take measures to protect data subjects from risks that arise from inapproriate uses of this information. In this paper, we focus on a specific class of mechanisms—audits to identify policy violators coupled with punishments—that organizations such as hospitals, financial institutions, and Web services companies may adopt to protect data subjects from privacy and security risks stemming from inappropriate information use by insiders. We model the interaction between the organization (defender) and an insider (adversary) during the audit process as a …
(Strong) Multidesignated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Au, Guomin Yang, Willy Susilo
(Strong) Multidesignated Verifiers Signatures Secure Against Rogue Key Attack, Yunmei Zhang, Man Ho Au, Guomin Yang, Willy Susilo
Research Collection School Of Computing and Information Systems
Designated verifier signatures (DVS) allow a signer to create a signature whose validity can only be verified by a specific entity chosen by the signer. In addition, the chosen entity, known as the designated verifier, cannot convince any body that the signature is created by the signer. Multi-designated verifiers signatures (MDVS) are a natural extension of DVS in which the signer can choose multiple designated verifiers. DVS and MDVS are useful primitives in electronic voting and contract signing. In this paper, we investigate various aspects of MDVS and make two contributions. Firstly, we revisit the notion of unforgeability under rogue …
An Improved Authentication Scheme For H.264/Svc And Its Performance Evaluation Over Non-Stationary Wireless Mobile Networks, Yifan Zhao, Swee-Won Lo, Robert H. Deng, Xuhua Ding
An Improved Authentication Scheme For H.264/Svc And Its Performance Evaluation Over Non-Stationary Wireless Mobile Networks, Yifan Zhao, Swee-Won Lo, Robert H. Deng, Xuhua Ding
Research Collection School Of Computing and Information Systems
In this paper, a bit stream-based authentication scheme for H.264/Scalable Video Coding (SVC) is proposed. The proposed scheme seamlessly integrates cryptographic algorithms and erasure correction codes (ECCs) to SVC video streams such that the authenticated streams are format compliant with the SVC specifications and preserve the three dimensional scalability (i. e., spatial, quality and temporal) of the original streams. We implement our scheme on a smart phone and study its performance over a realistic bursty packet-lossy wireless mobile network. Our analysis and experimental results show that the scheme achieves very high verification rates with lower communication overhead and much smaller …
Oto: Online Trust Oracle For User-Centric Trust Establishment, Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, Debin Gao
Oto: Online Trust Oracle For User-Centric Trust Establishment, Tiffany Hyun-Jin Kim, Payas Gupta, Jun Han, Emmanuel Owusu, Jason Hong, Adrian Perrig, Debin Gao
Research Collection School Of Computing and Information Systems
Malware continues to thrive on the Internet. Besides automated mechanisms for detecting malware, we provide users with trust evidence information to enable them to make informed trust decisions. To scope the problem, we study the challenge of assisting users with judging the trustworthiness of software downloaded from the Internet. Through expert elicitation, we deduce indicators for trust evidence, then analyze these indicators with respect to scalability and robustness. We design OTO, a system for communicating these trust evidence indicators to users, and we demonstrate through a user study the effectiveness of OTO, even with respect to IE’s SmartScreen Filter (SSF). …
Utilizing Graphics Processing Units For Network Anomaly Detection, Jonathan D. Hersack
Utilizing Graphics Processing Units For Network Anomaly Detection, Jonathan D. Hersack
Theses and Dissertations
This research explores the benefits of using commonly-available graphics processing units (GPUs) to perform classification of network traffic using supervised machine learning algorithms. Two full factorial experiments are conducted using a NVIDIA GeForce GTX 280 graphics card. The goal of the first experiment is to create a baseline for the relative performance of the CPU and GPU implementations of artificial neural network (ANN) and support vector machine (SVM) detection methods under varying loads. The goal of the second experiment is to determine the optimal ensemble configuration for classifying processed packet payloads using the GPU anomaly detector. The GPU ANN achieves …
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Effects Of Architecture On Information Leakage Of A Hardware Advanced Encryption Standard Implementation, Eric A. Koziel
Theses and Dissertations
Side-channel analysis (SCA) is a threat to many modern cryptosystems. Many countermeasures exist, but are costly to implement and still do not provide complete protection against SCA. A plausible alternative is to design the cryptosystem using architectures that are known to leak little information about the cryptosystem's operations. This research uses several common primitive architectures for the Advanced Encryption Standard (AES) and assesses the susceptibility of the full AES system to side-channel attack for various primitive configurations. A combined encryption/decryption core is also evaluated to determine if variation of high-level architectures affects leakage characteristics. These different configurations are evaluated under …