Cloud Security, Isabella Roth, Jose Salazar, Yi Hu

Posters-at-the-Capitol

Isabella Roth

Jose Salazar

Professor Yi Hu

Computer Information Technology

Cloud Security: AWS Abstract

With enterprises moving their IT infrastructure to the cloud using providers like Amazon Web Services (AWS), security problems have not been reduced. In fact, cloud computing brings new security challenges. Our research investigated better solutions to the security problems that come with using the cloud to store a companies data.

The cloud is a general term for using the internet to receive some sort of data vs connecting directly to a server. This makes it easier to do things such as connecting to an online app …

Vulnerability Assessment & Penetration Testing: Case Study On Web Application Security, Gazmend Krasniqi, Veton Bejtullahu

UBT International Conference

Complexity of information systems are increasing day by day. The security of information systems that are connected to public networks can be compromised by unauthorized, and usually anonymous, attempts to access them. By using public networks businesses and other institutions are exposed to numerous risks. This leads to more and more vulnerabilities in Information Systems. This situation calls for test methods that are devised from the attacker’s perspective to ensure that test conditions are as realistic as possible. In this paper we will describe complete stages of Vulnerability Assessment and Penetration Testing on some systems in UBT and proactive action …

Mapping Knowledge Units Using A Learning Management System (Lms) Course Framework, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to examine the outcomes of using a Learning Management System (LMS) course as a framework for mapping the Centers of Academic Excellence in Cyber Defense (CAE-CD) 2019 Knowledge Units (KU) to college courses. The experience shared herein will be useful to faculty who are interested in performing the mapping and applying for CAE-CDE designation.

Hijacking Wireless Communications Using Wifi Pineapple Nano As A Rogue Access Point, Shawn J. Witemyre, Tamirat T. Abegaz, Bryson R. Payne, Ash Mady

KSU Proceedings on Cybersecurity Education, Research and Practice

Wireless access points are an effective solution for building scalable, flexible, mobile networks. The problem with these access points is often the lack of security. Users regularly connect to wireless access points without thinking about whether they are genuine or malicious. Moreover, users are not aware of the types of attacks that can come from “rogue” access points set up by attackers and what information can be captured by them. Attackers use this advantage to gain access to users’ confidential information. The objective of this study is to examine the effectiveness of the WiFi Pineapple NANO used as a rogue …

Towards A Development Of Predictive Models For Healthcare Hipaa Security Rule Violation Fines, Jim Furstenberg, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

The Health Insurance Portability and Accountability Act’s (HIPAA) Security Rule (SR) mandate provides a national standard for the protection of electronic protected health information (ePHI). The SR’s standards provide healthcare covered entities (CEs’) flexibility in how to meet the standards because the SR regulators realized that all health care organizations are not the same. However, the SR requires CEs’ to implement reasonable and appropriate safeguards, as well as security controls that protect the confidentiality, integrity, and availability (CIA) of their ePHI data. However, compliance with the HIPAA SR mandates are confusing, complicated, and can be costly to CEs’. Flexibility in …

Using Project Management Knowledge And Practice To Address Digital Forensic Investigation Challenges, Steven S. Presley, Jeffrey P. Landry, Michael Black

KSU Proceedings on Cybersecurity Education, Research and Practice

The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results …

Cybersecurity Education Employing Experiential Learning, Travis Lowe, Casey Rackley

KSU Proceedings on Cybersecurity Education, Research and Practice

ABSTRACT

The purpose of this paper is to discuss a curriculum design that employs Kolb’s Experiential Learning Theory stages and Kolb’s Learning Styles in four consecutive class sessions. The challenge each class is to present students with perplexing and often frustrating network problems that someday might be encountered on the job. By using Kolb’s theory, students address those problems from the perspective of each learning style, while passing through each phase of the learning cycle. As a result, students gain stronger cognitive thinking skills and hands-on troubleshooting skills in preparation for work as network administrators or cybersecurity analysts.

Capturing The Existential Cyber Security Threats From The Sub-Saharan Africa Zone Through Literature Database, Samuel B. Olatunbosun, Nathanial J. Edwards, Cytyra D. Martineau

KSU Proceedings on Cybersecurity Education, Research and Practice

Abstract - The Internet brought about the phenomenon known as Cyber-space which is boundless in nature. It is one of the fastest-growing areas of technical infrastructure development over the past decade. Its growth has afforded everyone the opportunity to carry out one or more transactions for personal benefits. The African continent; often branded as ‘backward’ by the Western press has been able to make substantial inroads into the works of Information and Computer Technology (ICT). This rapid transition by Africans into ICT power has thus opened up the opportunities for Cybercriminal perpetrators to seek and target victims worldwide including America …

Laboratory Exercises To Accompany Industrial Control And Embedded Systems Security Curriculum Modules, Gretchen Richards

KSU Proceedings on Cybersecurity Education, Research and Practice

The daily intrusion attempts and attacks on industrial control systems (ICS) and embedded systems (ES) underscore the criticality of the protection of our Critical Infrastructures (CIs). As recent as mid-July 2018, numerous reports on the infiltration of US utility control rooms by Russian hackers have been published. These successful infiltration and possible manipulation of the utility companies could easily translate to a devastating attack on our nation’s power grid and, consequently, our economy and well-being. Indeed, the need to secure the control and embedded systems which operate our CIs has never been so pronounced. In our attempt to address this …

A Blockchain-Based Security-Oriented Framework For Cloud Federation, Ramandeep Kaur Sandhu, Kweku Muata A. Osei-Bryson

KSU Proceedings on Cybersecurity Education, Research and Practice

Cloud federations have been formed to share the services, prompt and support cooperation, as well as interoperability among their already deployed cloud systems. However, the creation and management of the cloud federations lead to various security issues such as confidentially, integrity and availability of the data. Despite the access control policies in place, an attacker may compromise the communication channel processing the access requests and the decisions between the access control systems and the members(users) and vice-versa. In cloud federation, the rating of the services offered by different cloud members becomes integral to providing the users with the best quality …

Information Privacy Concerns In The Age Of Internet Of Things, Madhav Sharma, David Biros

KSU Proceedings on Cybersecurity Education, Research and Practice

Internet of things (IoT) offer new opportunities for advancement in many domains including healthcare, home automation, manufacturing and transportation. In recent years, the number of IoT devices have exponentially risen and this meteoric rise is poised to continue according to the industry. Advances in the IoT integrated with ambient intelligence are intended to make our lives easier. Yet for all these advancements, IoT also has a dark side. Privacy and security were already priorities when personal computers, devices and work stations were the only point of vulnerability to personal information, however, with the ubiquitous nature of smart technologies has increased …

Teaching Cybersecurity In An Undergraduate Engineering Course, Xiuli Qu, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

Organizations create a huge amount of sensitive and confidential data, which must be protected from unauthorized access or disclosure. Nowadays, most organizations store their business data in digital formats. With the increasing use of digital data, data breaches are more often and serious in recent years. Therefore, it is very important for next-generation engineers to be aware of the importance of information security, and be able to recognize vulnerabilities and threats to an information system and design user-friendly and effective security measures. To achieve it, two modules of information systems security, including lectures and in-class labs, were developed and taught …

Study Of Physical Layer Security And Teaching Methods In Wireless Communications, Zhijian Xie, Christopher Horne

KSU Proceedings on Cybersecurity Education, Research and Practice

In most wireless channels, the signals propagate in all directions. For the communication between Alice and Bob, an Eavesdropper can receive the signals from both Alice and Bob as far as the Eavesdropper is in the range determined by the transmitting power. Through phased array antenna with beam tracking circuits or cooperative iteration, the signals are confined near the straight line connecting the positions of Alice and Bob, so it will largely reduce the valid placement of an Eavesdropper. Sometimes, this reduction can be prohibitive for Eavesdropper to wiretap the channel since the reduced space can be readily protected. Two …

Car Hacking: Can It Be That Simple?, Bryson Payne

KSU Proceedings on Cybersecurity Education, Research and Practice

The Internet of Things (IoT) has expanded the reach of technology at work, at home, and even on the road. As Internet-connected and self-driving cars become more commonplace on our highways, the cybersecurity of these “data centers on wheels” is of greater concern than ever. Highly publicized hacks against production cars, and a relatively small number of crashes involving autonomous vehicles, have brought the issue of securing smart cars to the forefront as a matter of public and individual safety. This article describes the integration of a module on car hacking into a semester-long ethical hacking cybersecurity course, including full …

Evaluating Two Hands-On Tools For Teaching Local Area Network Vulnerabilities, Ariana Brown, Jinsheng Xu, Xiaohong Yuan

KSU Proceedings on Cybersecurity Education, Research and Practice

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) …

Towards An Empirical Assessment Of Cybersecurity Readiness And Resilience In Small Businesses, Darrell Eilts, Yair Levy

KSU Proceedings on Cybersecurity Education, Research and Practice

Many small businesses struggle to improve their cybersecurity posture despite the risk to their business. Small businesses lacking adequate protection from cyber threats, or a business continuity strategy to recover from disruptions, have a very high risk of loss due to a cyberattack. These cyberattacks, either deliberate or unintentional, can become costly when a small business is not prepared. This developmental research is focused on the relationship between two constructs that are associated with readiness and resilience of small businesses based on their cybersecurity planning, implementation, as well as response activities. A Cybersecurity Preparedness-Risk Taxonomy (CyPRisT) is proposed using the …

Digital Identity, Philip Andreae

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Managing 3rd Party Cybersecurity Risk Is A Matter Of National Security, Keith Deininger

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Six Things I Wish New Employees Knew, Brian Albertson

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Why Networks Still Matter, Tim O'Neill

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Beyond The Classroom - What Students Need To Know, Will Alexander

KSU Proceedings on Cybersecurity Education, Research and Practice

No abstract provided.

Suas: Cybersecurity Threats, Vulnerabilities, And Exploits, Philip Craiger, Gary Kessler, William Rose

National Training Aircraft Symposium (NTAS)

The FAA predicts that purchases of hobbyist small unmanned aerial systems (sUAS) will grow from 1.9 million in 2016 to 4.3 million by 2020, and commercial sUAS to increase from 600,000 in 2016 to 2.7 million by 2020. sUAS, often referred to as 'drones,' are comprised of aeronautical hardware, a CPU, RAM, onboard storage, radio frequency communications, sensors, a camera, and a controller used by the pilot-in-command (PIC). Some have argued that a sUAS is essentially a flying computer. As such, sUAS are sometimes susceptible to many of the types of attacks that are often used on PC-based computers attached …

Exploring Confidentiality Issues In Hyperledger Fabric Business Applications, Shivam Bajpayi, Pedro Moreno-Sanchez, Donghang Lu, Sihao Yin

The Summer Undergraduate Research Fellowship (SURF) Symposium

The rise of Bitcoin and cryptocurrencies over the last decade have made its underlying technology (blockchain) come into the spotlight. Blockchain is a secure ledger of linked records called blocks. These records are cryptographically immutable and any tampering with the block is evident through a change in the cryptographic signature of the block. Among the blockchains deployed in practice today, Hyperledger Fabric is a platform that allows businesses to make use of blockchains in their applications. However, confidentiality issues arise with respects to the blocks in this blockchain network due to the fact that blocks might contain sensitive information accessible …

Contents, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.

Front Matter, Adfsl

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.

A Survey Of Lawyers’ Cyber Security Practises In Western Australia, Craig Valli, Mike Johnstone, Rochelle Fleming

Annual ADFSL Conference on Digital Forensics, Security and Law

This paper reports on the results of a survey that is the initial phase of an action research project being conducted with the Law Society of Western Australia. The online survey forms a baseline for the expression of a targeted training regime aimed at improving the cyber security awareness and posture of the membership of the Society. The full complement of over 3000 members were given the opportunity to participate in the survey, with 122 members responding in this initial round. The survey was designed to elicit responses about information technology use and the awareness of good practices with respect …

Analysis Of Data Erasure Capability On Sshd Drives For Data Recovery, Andrew Blyth

Annual ADFSL Conference on Digital Forensics, Security and Law

Data Protection and Computer Forensics/Anti-Forensics has now become a critical area of concern for organizations. A key element to this is how data is sanitized at end of life. In this paper we explore Hybrid Solid State Hybrid Drives (SSHD) and the impact that various Computer Forensics and Data Recovery techniques have when performing data erasure upon a SSHD.

Knowledge Expiration In Security Awareness Training, Tianjian Zhang

Annual ADFSL Conference on Digital Forensics, Security and Law

No abstract provided.

Positive Identification Of Lsb Image Steganography Using Cover Image Comparisons, Michael Pelosi, Nimesh Poudel, Pratap Lamichhane, Devon Lam, Gary Kessler, Joshua Macmonagle

Annual ADFSL Conference on Digital Forensics, Security and Law

In this paper we introduce a new software concept specifically designed to allow the digital forensics professional to clearly identify and attribute instances of LSB image steganography by using the original cover image in side-by-side comparison with a suspected steganographic payload image. The “CounterSteg” software allows detailed analysis and comparison of both the original cover image and any modified image, using sophisticated bit- and color-channel visual depiction graphics. In certain cases, the steganographic software used for message transmission can be identified by the forensic analysis of LSB and other changes in the payload image. The paper demonstrates usage and typical …

Exploring The Use Of Graph Databases To Catalog Artifacts For Client Forensics, Rose Shumba

Annual ADFSL Conference on Digital Forensics, Security and Law

Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted. It is providing users with data storage and processing services, enabling access to resources through multiple devices. Although organizations continue to embrace the advantages of flexibility and scalability offered by cloud computing, insider threats are becoming a serious concern as cited by security researchers. Insiders can use authorized access to steal sensitive information, calling for the need for an investigation. This concept paper describes research in progress towards developing a Neo4j graph database tool to enhance client forensics. The tool, with a Python interface, allows …