Physical Sciences and Mathematics Commons^™

Ldakm-Eiot: Lightweight Device Authentication And Key Management Mechanism For Edge-Based Iot Deployment, Mohammad Wazid, Ashok Kumar Das, Sachin Shetty, Joel J. P. C. Rodrigues, Youngho Park

VMASC Publications

In recent years, edge computing has emerged as a new concept in the computing paradigm that empowers several future technologies, such as 5G, vehicle-to-vehicle communications, and the Internet of Things (IoT), by providing cloud computing facilities, as well as services to the end users. However, open communication among the entities in an edge based IoT environment makes it vulnerable to various potential attacks that are executed by an adversary. Device authentication is one of the prominent techniques in security that permits an IoT device to authenticate mutually with a cloud server with the help of an edge node. If authentication …

A Study Of Existing Cross-Site Scripting Detection And Prevention Techniques Using Xampp And Virtualbox, Jalen Mack, Yen-Hung (Frank) Hu, Mary Ann Hoppa

Virginia Journal of Science

Most operating websites experience a cyber-attack at some point. Cross-site Scripting (XSS) attacks are cited as the top website risk. More than 60 percent of web applications are vulnerable to them, and they ultimately are responsible for over 30 percent of all web application attacks. XSS attacks are complicated, and they often are used in conjunction with social engineering techniques to cause even more damage. Although prevention techniques exist, hackers still find points of vulnerability to launch their attacks. This project explored what XSS attacks are, examples of popular attacks, and ways to detect and prevent them. Using knowledge gained …

Hacking The Extended Mind: The Security Implications Of The New Metaphysics, Robin L. Zebrowski

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Computer security expert Paul Syverson has argued that there is a computer security equivalent of gaslighting: where a clever adversary could convince some system that some component that is not really a part of the system is in fact a part of the system. If non-biological items from our environments (or even pieces of our environments themselves) can be part of our minds (the standard Extended Mind hypothesis, EM), they are therefore part of our selves, and therefore subject to Syverson’s worry about boundary in a way that has not been explored before. If some version of EM holds, then …

Difference Between Algorithmic Processing And The Process Of Lifeworld (Lebenswelt), Domenico Schneider

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The following article compares the temporality of the life-world with the digital processing. The temporality of the life-world is determined to be stretched and spontaneous. The temporality of the digital is given by discrete step-by-step points of time. Most ethical issues can be traced back to a mismatch of these two ways of processing. This creates a foundation for the ethics of the digital processing. Methodologically, phenomenological considerations are merged with media-philosophical considerations in the article.

What To Do When Privacy Is Gone, James Brusseau

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Today’s ethics of privacy is largely dedicated to defending personal information from big data technologies. This essay goes in the other direction. It considers the struggle to be lost, and explores two strategies for living after privacy is gone. First, total exposure embraces privacy’s decline, and then contributes to the process with transparency. All personal information is shared without reservation. The resulting ethics is explored through a big data version of Robert Nozick’s Experience Machine thought experiment. Second, transient existence responds to privacy’s loss by ceaselessly generating new personal identities, which translates into constantly producing temporarily unviolated private information. The …

Responding To Some Challenges Posed By The Re-Identification Of Anonymized Personal Data, Herman T. Tavani, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper, we examine a cluster of ethical controversies generated by the re-identification of anonymized personal data in the context of big data analytics, with particular attention to the implications for personal privacy. Our paper is organized into two main parts. Part One examines some ethical problems involving re-identification of personally identifiable information (PII) in large data sets. Part Two begins with a brief description of Moor and Weckert’s Dynamic Ethics (DE) and Nissenbaum’s Contextual Integrity (CI) Frameworks. We then investigate whether these frameworks, used together, can provide us with a more robust scheme for analyzing privacy concerns that …

Information Privacy: Not Just Gdpr, Danilo Bruschi

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The "information rush" which is characterizing the current phase of the information age calls for actions aimed at enforcing the citizens' right to privacy. Since the entire information life-cycle (collection, manipulation, storing) is now carried out by digital technologies, most of such actions consists of the adoption of severe measures (both organizational and technological) aimed at improving the security of computer systems, as in the case of the EU General Data Protection Regulation. Usually, data processors which comply with these requirements are exempted by any other duty. Unfortunately recent trends in the computer attack field show that even the adoption …

Keeping Anonymity At The Consumer Behavior On The Internet: Proof Of Sacrifice, Sachio Horie

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The evolution of the Internet and AI technology has made it possible for the government and the businesses to keep track of their personal lives. GAFA continues to collect information unintended by the individuals. It is a threat that our privacy is violated in this way. In order to solute such problems, it is important to consider a mechanism that enables us to be peaceful lives while protecting privacy in the Internet society.

This paper focuses on the consumption behavior on the Internet and addresses anonymity. We consider some network protocols that enable sustainable consensus by combining anonymity methods such …

The Right To Human Intervention: Law, Ethics And Artificial Intelligence, Maria Kanellopoulou - Botti, Fereniki Panagopoulou, Maria Nikita, Anastasia Michailaki

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

The paper analyses the new right of human intervention in use of information technology, automatization processes and advanced algorithms in individual decision-making activities. Art. 22 of the new General Data Protection Regulation (GDPR) provides that the data subject has the right not to be subject to a fully automated decision on matters of legal importance to her interests, hence the data subject has a right to human intervention in this kind of decisions.

Legal And Technical Issues For Text And Data Mining In Greece, Maria Kanellopoulou - Botti, Marinos Papadopoulos, Christos Zampakolas, Paraskevi Ganatsiou

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

Web harvesting and archiving pertains to the processes of collecting from the web and archiving of works that reside on the Web. Web harvesting and archiving is one of the most attractive applications for libraries which plan ahead for their future operation. When works retrieved from the Web are turned into archived and documented material to be found in a library, the amount of works that can be found in said library can be far greater than the number of works harvested from the Web. The proposed participation in the 2019 CEPE Conference aims at presenting certain issues related to …

On The Responsibility For Uses Of Downstream Software, Marty J. Wolf, Keith W. Miller, Frances S. Grodzinsky

Computer Ethics - Philosophical Enquiry (CEPE) Proceedings

In this paper we explore an issue that is different from whether developers are responsible for the direct impact of the software they write. We examine, instead, in what ways, and to what degree, developers are responsible for the way their software is used “downstream.” We review some key scholarship analyzing responsibility in computing ethics, including some recent work by Floridi. We use an adaptation of a mechanism developed by Floridi to argue that there are features of software that can be used as guides to better distinguish situations where a software developer might share in responsibility for the software’s …

Cyber Security- A New Secured Password Generation Algorithm With Graphical Authentication And Alphanumeric Passwords Along With Encryption, Akash Rao

Electrical & Computer Engineering Theses & Dissertations

Graphical passwords are always considered as an alternative of alphanumeric passwords for their better memorability and usability [1]. Alphanumeric passwords provide an adequate amount of satisfaction, but they do not offer better memorability compared to graphical passwords [1].

On the other hand, graphical passwords are considered less secured and provide better memorability [1]. Therefore many researchers have researched on graphical passwords to overcome the vulnerability. One of the most significant weaknesses of the graphical passwords is "Shoulder Surfing Attack," which means, sneaking into a victim's computer to learn the whole password or part of password or some confidential information. Such …

Quantifying Impact Of Cyber Actions On Missions Or Business Processes: A Multilayer Propagative Approach, Unal Tatar

Engineering Management & Systems Engineering Theses & Dissertations

Ensuring the security of cyberspace is one of the most significant challenges of the modern world because of its complexity. As the cyber environment is getting more integrated with the real world, the direct impact of cybersecurity problems on actual business frequently occur. Therefore, operational and strategic decision makers in particular need to understand the cyber environment and its potential impact on business. Cyber risk has become a top agenda item for businesses all over the world and is listed as one of the most serious global risks with significant financial implications for businesses.

Risk analysis is one of the …

Transfer Learning For Detecting Unknown Network Attacks, Juan Zhao, Sachin Shetty, Jan Wei Pan, Charles Kamhoua, Kevin Kwiat

VMASC Publications

Network attacks are serious concerns in today’s increasingly interconnected society. Recent studies have applied conventional machine learning to network attack detection by learning the patterns of the network behaviors and training a classification model. These models usually require large labeled datasets; however, the rapid pace and unpredictability of cyber attacks make this labeling impossible in real time. To address these problems, we proposed utilizing transfer learning for detecting new and unseen attacks by transferring the knowledge of the known attacks. In our previous work, we have proposed a transfer learning-enabled framework and approach, called HeTL, which can find the common …

Sec-Lib: Protecting Scholarly Digital Libraries From Infected Papers Using Active Machine Learning Framework, Nir Nissim, Aviad Cohen, Jian Wu, Andrea Lanzi, Lior Rokach, Yuval Elovici, Lee Giles

Computer Science Faculty Publications

Researchers from academia and the corporate-sector rely on scholarly digital libraries to access articles. Attackers take advantage of innocent users who consider the articles' files safe and thus open PDF-files with little concern. In addition, researchers consider scholarly libraries a reliable, trusted, and untainted corpus of papers. For these reasons, scholarly digital libraries are an attractive-target and inadvertently support the proliferation of cyber-attacks launched via malicious PDF-files. In this study, we present related vulnerabilities and malware distribution approaches that exploit the vulnerabilities of scholarly digital libraries. We evaluated over two-million scholarly papers in the CiteSeerX library and found the library …

Attacker Capability Based Dynamic Deception Model For Large-Scale Networks, Md Ali Reza Al Amin, Sachhin Shetty, Laurent Njilla, Deepak K. Tosh, Charles Kamhoua

Computational Modeling & Simulation Engineering Faculty Publications

In modern days, cyber networks need continuous monitoring to keep the network secure and available to legitimate users. Cyber attackers use reconnaissance mission to collect critical network information and using that information, they make an advanced level cyber-attack plan. To thwart the reconnaissance mission and counterattack plan, the cyber defender needs to come up with a state-of-the-art cyber defense strategy. In this paper, we model a dynamic deception system (DDS) which will not only thwart reconnaissance mission but also steer the attacker towards fake network to achieve a fake goal state. In our model, we also capture the attacker’s capability …