Physical Sciences and Mathematics Commons^™

Data: The Good, The Bad And The Ethical, John D. Kelleher, Filipe Cabral Pinto, Luis M. Cortesao

Articles

It is often the case with new technologies that it is very hard to predict their long-term impacts and as a result, although new technology may be beneficial in the short term, it can still cause problems in the longer term. This is what happened with oil by-products in different areas: the use of plastic as a disposable material did not take into account the hundreds of years necessary for its decomposition and its related long-term environmental damage. Data is said to be the new oil. The message to be conveyed is associated with its intrinsic value. But as in …

Thaw Publications, Carl Landwehr, David Kotz

Computer Science Technical Reports

In 2013, the National Science Foundation's Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project's bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials …

On Improving The Memorability Of System-Assigned Recognition-Based Passwords, Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Matthew Wright, Shannon Scielzo

Computer Science Faculty and Staff Publications

User-chosen passwords reflecting common strategies and patterns ease memorization but offer uncertain and often weak security, while system-assigned passwords provide higher security guarantee but suffer from poor memorability. We thus examine the technique to enhance password memorability that incorporates a scientific understanding of long-term memory. In particular, we examine the efficacy of providing users with verbal cues—real-life facts corresponding to system-assigned keywords. We also explore the usability gain of including images related to the keywords along with verbal cues. In our multi-session lab study with 52 participants, textual recognition-based scheme offering verbal cues had a significantly higher login success …

Driving Cybersecurity Policy Insights From Information On The Internet, Qiu-Hong Wang, Steven Mark Miller, Robert H. Deng

Research Collection School Of Computing and Information Systems

Cybersecurity policy analytics quantitatively evaluates the effectiveness of cybersecurity protection measures consisting of both technical and managerial countermeasures and is inherently interdisciplinary work, drawing on the concepts and methods from economics, business, social science, and law.

Differential Privacy Protection Over Deep Learning: An Investigation Of Its Impacted Factors, Ying Lin, Ling-Yan Bao, Ze-Minghui Li, Shu-Sheng Si, Chao-Hsien Chu

Research Collection School Of Computing and Information Systems

Deep learning (DL) has been widely applied to achieve promising results in many fields, but it still exists various privacy concerns and issues. Applying differential privacy (DP) to DL models is an effective way to ensure privacy-preserving training and classification. In this paper, we revisit the DP stochastic gradient descent (DP-SGD) method, which has been used by several algorithms and systems and achieved good privacy protection. However, several factors, such as the sequence of adding noise, the models used etc., may impact its performance with various degrees. We empirically show that adding noise first and clipping second will not only …

Walls Have Ears: Eavesdropping User Behaviors Via Graphics-Interrupt-Based Side Channel, Haoyu Ma, Jianwen Tian, Debin Gao, Jia Chunfu

Research Collection School Of Computing and Information Systems

Graphics Processing Units (GPUs) are now playing a vital role in many devices and systems including computing devices, data centers, and clouds, making them the next target of side-channel attacks. Unlike those targeting CPUs, existing side-channel attacks on GPUs exploited vulnerabilities exposed by application interfaces like OpenGL and CUDA, which can be easily mitigated with software patches. In this paper, we investigate the lower-level and native interface between GPUs and CPUs, i.e., the graphics interrupts, and evaluate the side channel they expose. Being an intrinsic profile in the communication between a GPU and a CPU, the pattern of graphics interrupts …

Politeness In Security Directives: Insights In Browser Compliance For The Human Element, Deanna House, Gabe Giordano

Information Systems and Quantitative Analysis Faculty Publications

The technical protection provided by information security technology is necessary as a frontline defense against threats. However, the human element adds great risk to systems and cannot be ignored. This research explores the human elements related to security communications and intention to comply with security directives. Security communications are more-commonly being sent using richer computer-based channels. While the goal of security communications is the gain compliance, there is still much to learn related to what influences a user to comply. This research explores the effects that (im)politeness has on intention to comply with security directives. The research utilized an experiment …

Lightning-Fast And Privacy-Preserving Outsourced Computation In The Cloud, Ximeng Liu, Robert H. Deng, Pengfei Wu, Yang Yang

Research Collection School Of Computing and Information Systems

In this paper, we propose a framework for lightning-fast privacy-preserving outsourced computation framework in the cloud, which we refer to as LightCom. Using LightCom, a user can securely achieve the outsource data storage and fast, secure data processing in a single cloud server different from the existing multi-server outsourced computation model. Specifically, we first present a general secure computation framework for LightCom under the cloud server equipped with multiple Trusted Processing Units (TPUs), which face the side-channel attack. Under the LightCom, we design two specified fast processing toolkits, which allow the user to achieve the commonly-used secure integer computation and …

A Deep Learning Framework Supporting Model Ownership Protection And Traitor Tracing, Guowen Xu, Hongwei Li, Yuan Zhang, Xiaodong Lin, Robert H. Deng, Xuemin (Sherman) Shen

Research Collection School Of Computing and Information Systems

Cloud-based deep learning (DL) solutions have been widely used in applications ranging from image recognition to speech recognition. Meanwhile, as commercial software and services, such solutions have raised the need for intellectual property rights protection of the underlying DL models. Watermarking is the mainstream of existing solutions to address this concern, by primarily embedding pre-defined secrets in a model's training process. However, existing efforts almost exclusively focus on detecting whether a target model is pirated, without considering traitor tracing. In this paper, we present SecureMark_DL, which enables a model owner to embed a unique fingerprint for every customer within parameters …

Secure And Verifiable Inference In Deep Neural Networks, Guowen Xu, Hongwei Li, Hao Ren, Jianfei Sun, Shengmin Xu, Jianting Ning, Haoming Yang, Kan Yang, Robert H. Deng

Research Collection School Of Computing and Information Systems

Outsourced inference service has enormously promoted the popularity of deep learning, and helped users to customize a range of personalized applications. However, it also entails a variety of security and privacy issues brought by untrusted service providers. Particularly, a malicious adversary may violate user privacy during the inference process, or worse, return incorrect results to the client through compromising the integrity of the outsourced model. To address these problems, we propose SecureDL to protect the model’s integrity and user’s privacy in Deep Neural Networks (DNNs) inference process. In SecureDL, we first transform complicated non-linear activation functions of DNNs to low-degree …

Defense By Deception Against Stealthy Attacks In Power Grids, Md Hasan Shahriar

FIU Electronic Theses and Dissertations

Cyber-physical Systems (CPSs) and the Internet of Things (IoT) are converging towards a hybrid platform that is becoming ubiquitous in all modern infrastructures. The integration of the complex and heterogeneous systems creates enormous space for the adversaries to get into the network and inject cleverly crafted false data into measurements, misleading the control center to make erroneous decisions. Besides, the attacker can make a critical part of the system unavailable by compromising the sensor data availability. To obfuscate and mislead the attackers, we propose DDAF, a deceptive data acquisition framework for CPSs' hierarchical communication network. Each switch in the hierarchical …

The Restrictive Deterrent Effect Of Warning Messages Sent To Active Romance Fraudsters: An Experimental Approach, Fangzhou Wang, C. Jordan Howell, David Maimon, Scott Jacques

EBCS Articles

Victims of romance fraud experience both a financial and emotional burden. Although multiple studies have offered insight into the correlates of perpetration and victimization, no known study has examined if, and how, romance fraud can be curtailed. The current study uses a randomized experimental design to test the restrictive deterrent effect of warning messages sent to romance fraudsters via email. We find that active romance fraudsters who receive a deterrence message, instead of non-deterrence messages, respond at a lower rate; and, among those who respond, use fewer words and have a lower probability of seeking reply without denying wrongdoing. The …

A Secure Flexible And Tampering-Resistant Data Sharing System For Vehicular Social Networks, Jianfei Sun, Hu Xiong, Shufan Zhang, Ximeng Liu, Jiaming Yuan, Robert H. Deng

Research Collection School Of Computing and Information Systems

Vehicular social networks (VSNs) have emerged as the promising paradigm of vehicular networks that can improve traffic safety, relieve traffic congestion and even provide comprehensive social services by sharing vehicular sensory data. To selectively share the sensory data with other vehicles in the vicinity and reduce the local storage burden of vehicles, the vehicular sensory data are usually outsourced to vehicle cloud server for sharing and searching. However, existing data sharing systems for VSNs can neither provide secure selective one-to-many data sharing and verifiable data retrieval over encrypted data nor ensure that the integrity of retrieved data. In this paper, …

Multi-User Verifiable Searchable Symmetric Encryption For Cloud Storage, Xueqiao Liu, Guomin Yang, Guomin Yang

Research Collection School Of Computing and Information Systems

In a cloud data storage system, symmetric key encryption is usually used to encrypt files due to its high efficiency. In order allow the untrusted/semi-trusted cloud storage server to perform searching over encrypted data while maintaining data confidentiality, searchable symmetric encryption (SSE) has been proposed. In a typical SSE scheme, a users stores encrypted files on a cloud storage server and later can retrieve the encrypted files containing specific keywords. The basic security requirement of SSE is that the cloud server learns no information about the files or the keywords during the searching process. Some SSE schemes also offer additional …

Boosting Privately: Federated Extreme Gradient Boosting For Mobile Crowdsensing, Yang Liu, Zhuo Ma, Ximeng Liu, Siqi Ma, Surya Nepal, Robert H. Deng, Kui Ren

Research Collection School Of Computing and Information Systems

Recently, Google and other 24 institutions proposed a series of open challenges towards federated learning (FL), which include application expansion and homomorphic encryption (HE). The former aims to expand the applicable machine learning models of FL. The latter focuses on who holds the secret key when applying HE to FL. For the naive HE scheme, the server is set to master the secret key. Such a setting causes a serious problem that if the server does not conduct aggregation before decryption, a chance is left for the server to access the user’s update. Inspired by the two challenges, we propose …

Coinwatch: A Clone-Based Approach For Detecting Vulnerabilities In Cryptocurrencies, Qingze Hum, Wei Jin Tan, Shi Ying Tey, Latasha Lenus, Ivan Homoliak, Yun Lin, Jun Sun

Research Collection School Of Computing and Information Systems

Cryptocurrencies have become very popular in recent years. Thousands of new cryptocurrencies have emerged, proposing new and novel techniques that improve on Bitcoin's core innovation of the blockchain data structure and consensus mechanism. However, cryptocurrencies are a major target for cyber-attacks, as they can be sold on exchanges anonymously and most cryptocurrencies have their codebases publicly available. One particular issue is the prevalence of code clones in cryptocurrencies, which may amplify security threats. If a vulnerability is found in one cryptocurrency, it might be propagated into other cloned cryptocurrencies. In this work, we propose a systematic remedy to this problem, …

Sfuzz: An Efficient Adaptive Fuzzer For Solidity Smart Contracts, Tai D. Nguyen, Long H. Pham, Jun Sun, Yun Lin, Minh Quang Tran

Research Collection School Of Computing and Information Systems

Smart contracts are Turing-complete programs that execute on the infrastructure of the blockchain, which often manage valuable digital assets. Solidity is one of the most popular programming languages for writing smart contracts on the Ethereum platform. Like traditional programs, smart contracts may contain vulnerabilities. Unlike traditional programs, smart contracts cannot be easily patched once they are deployed. It is thus important that smart contracts are tested thoroughly before deployment. In this work, we present an adaptive fuzzer for smart contracts on the Ethereum platform called sFuzz. Compared to existing Solidity fuzzers, sFuzz combines the strategy in the AFL fuzzer and …

Attribute-Based Keyword Search Over Hierarchical Data In Cloud Computing, Yinbin Miao, Jianfeng Ma, Ximeng Liu, Xinghua Li, Qi Jiang, Junwei Zhang

Research Collection School Of Computing and Information Systems

Searchable encryption (SE) has been a promising technology which allows users to perform search queries over encrypted data. However, the most of existing SE schemes cannot deal with the shared records that have hierarchical structures. In this paper, we devise a basic cryptographic primitive called as attribute-based keyword search over hierarchical data (ABKS-HD) scheme by using the ciphertext-policy attribute-based encryption (CP-ABE) technique, but this basic scheme cannot satisfy all the desirable requirements of cloud systems. The facts that the single keyword search will yield many irrelevant search results and the revoked users can access the unauthorized data with the old …

Situational Awareness And Public Wi-Fi Users' Self-Protective Behaviors, David Maimon, C. Jordan Howell, Scott Jacques, Robert Perkins

EBCS Articles

Accessing public Wi-Fi networks can be as dangerous as it is convenient. People who access a public Wi-Fi network should engage in self-protective behaviors to keep their data safe from malicious actors on the same network as well as persons looking over their shoulder, literally and proverbially. Using two independent research designs, we examined under what circumstances were people more likely to access an unsecured Wi-Fi network and engage in risky behavior on these networks. Findings from the first study, based on survey data, reveal that people who are more situationally aware are less likely to access personal accounts on …

Espade: An Efficient And Semantically Secure Shortest Path Discovery For Outsourced Location-Based Services, Bharath K. Samanthula, Divyadharshini Karthikeyan, Boxiang Dong, K. Anitha Kumari

Department of Computer Science Faculty Scholarship and Creative Works

With the rapid growth of smart devices and technological advancements in tracking geospatial data, the demand for Location-Based Services (LBS) is facing a constant rise in several domains, including military, healthcare and transportation. It is a natural step to migrate LBS to a cloud environment to achieve on-demand scalability and increased resiliency. Nonetheless, outsourcing sensitive location data to a third-party cloud provider raises a host of privacy concerns as the data owners have reduced visibility and control over the outsourced data. In this paper, we consider outsourced LBS where users want to retrieve map directions without disclosing their location information. …

Integrated Cyberattack Detection And Resilient Control Strategies Using Lyapunov-Based Economic Model Predictive Control, Henrique Oyama, Helen Durand

Chemical Engineering and Materials Science Faculty Research Publications

The use of an integrated system framework, characterized by numerous cyber/physical components (sensor measurements, signals to actuators) connected through wired/wireless networks, has not only increased the ability to control industrial systems, but also the vulnerabilities to cyberattacks. State measurement cyberattacks could pose threats to process control systems since feedback control may be lost if the attack policy is not thwarted. Motivated by this, we propose three detection concepts based on Lyapunov‐based economic model predictive control (LEMPC) for nonlinear systems. The first approach utilizes randomized modifications to an LEMPC formulation online to potentially detect cyberattacks. The second method detects attacks when …

Lecture - Csci 275: Linux Systems Administration And Security, Moe Hassan, Nyc Tech-In-Residence Corps

Open Educational Resources

Lecture for CSCI 275: Linux Systems Administration and Security

The Infosys Times, Vol. 6, No. 1, St. Cloud State University

The Infosys TIMES

• Husky Create-a-Thon Event Winner
• Virtual Guest Speaker Presentations
• Inspirational Story of Osama Chishti
• IS Department ABET Accreditation
• DOD/NSA Grants Received
• $9,332 Research Fund

Hierarchical Identity-Based Signature In Polynomial Rings, Zhichao Yang, Dung H. Duong, Willy Susilo, Guomin Yang, Chao Li, Rongmao Chen

Research Collection School Of Computing and Information Systems

Hierarchical identity-based signature (HIBS) plays a core role in a large community as it significantly reduces the workload of the root private key generator. To make HIBS still available and secure in post-quantum era, constructing lattice-based schemes is a promising option. In this paper, we present an efficient HIBS scheme in polynomial rings. Although there are many lattice-based signatures proposed in recent years, to the best of our knowledge, our HIBS scheme is the first ring-based construction. In the center of our construction are two new algorithms to extend lattice trapdoors to higher dimensions, which are non-trivial and of independent …

Catch You If You Deceive Me: Verifiable And Privacy-Aware Truth Discovery In Crowdsensing Systems, Guowen Xu, Hongwei Li, Shengmin Xu, Hao Ren, Yonghui Zhang, Jianfei Sun, Robert H. Deng

Research Collection School Of Computing and Information Systems

Truth Discovery (TD) is to infer truthful information by estimating the reliability of users in crowdsensing systems. To protect data privacy, many Privacy-Preserving Truth Discovery (PPTD) approaches have been proposed. However, all existing PPTD solutions do not consider a fundamental issue of trust. That is, if the data aggregator (e.g., the cloud server) is not trustworthy, how can an entity be convinced that the data aggregator has correctly performed the PPTD? A "lazy"cloud server may partially follow the deployed protocols to save its computing and communication resources, or worse, maliciously forge the results for some shady deals. In this paper, …

Revisiting The Law Of Confidence In Singapore And A Proposal For A New Tort Of Misuse Of Private Information, Cheng Lim Saw, Zheng Wen Samuel Chan, Wen Min Chai

Research Collection Yong Pung How School Of Law

This article critically examines the recent Court of Appeal decision in I-Admin (Singapore) Pte Ltd v Hong Ying Ting [2020] 1 SLR 1130 and its implications for the law of confidence. The article begins by setting out the decision at first instance, and then on appeal. It argues that the Court of Appeal’s “modified approach” fails to meaningfully engage the plaintiff ’s wrongful gain interest and places the law’s emphasis primarily, if not wholly, on the plaintiff ’s wrongful loss interest. The new framework also appears to have been influenced by English jurisprudence, which has had a long but unhelpful …

The Internet Never Forgets: Image-Based Sexual Abuse And The Workplace, John Schriner, Melody Lee Rood

Publications and Research

Image-based sexual abuse (IBSA), commonly known as revenge pornography, is a type of cyberharassment that often results in detrimental effects to an individual's career and livelihood. Although there exists valuable research concerning cyberharassment in the workplace generally, there is little written about specifically IBSA and the workplace. This chapter examines current academic research on IBSA, the issues with defining this type of abuse, victim blaming, workplace policy, and challenges to victim-survivors' redress. The authors explore monetary motivation for websites that host revenge pornography and unpack how the dark web presents new challenges to seeking justice. Additionally, this chapter presents recommendations …

Revocable And Certificateless Public Auditing For Cloud Storage, Yinghui Zhang, Tiantian Zhang, Shengmin Xu, Guowen Xu, Dong Zheng

Research Collection School Of Computing and Information Systems

Plenty of computing and storage resources in the cloud are provided for users with restricted computing and storage resources, which has attracted the attention of many researchers. A generic blockchain-based cloud data auditing scheme is proposed, which is compatible with any blockchains including the bitcoin blockchain. In the data integrity checking scheme, certificateless signature (CLS) can be used to verify the identity of users. Besides, the key exchange is utilized in the key generation, which can eliminate the security channel to achieve system robustness. Considering the real situation, the users who join the cloud storage system may be revoked for …

Towards Systematically Deriving Defence Mechanisms From Functional Requirements Of Cyber-Physical Systems, Cheah Huei Yoong, Venkata Reddy Palleti, Arlindo Silva, Christopher M. Poskitt

Research Collection School Of Computing and Information Systems

The threats faced by cyber-physical systems (CPSs) in critical infrastructure have motivated the development of different attack detection mechanisms, such as those that monitor for violations of invariants, i.e. properties that always hold in normal operation. Given the complexity of CPSs, several existing approaches focus on deriving invariants automatically from data logs, but these can miss possible system behaviours if they are not represented in that data. Furthermore, resolving any design flaws identified in this process is costly, as the CPS is already built. In this position paper, we propose a systematic method for deriving invariants before a CPS is …

Lis: Lightweight Signature Schemes For Continuous Message Authentication In Cyber-Physical Systems, Zheng Yang, Chenglu Jin, Yangguang Tian, Junyu Lai, Jianying Zhou

Research Collection School Of Computing and Information Systems

Cyber-Physical Systems (CPS) provide the foundation of our critical infrastructures, which form the basis of emerging and future smart services and improve our quality of life in many areas. In such CPS, sensor data is transmitted over the network to the controller, which will make real-time control decisions according to the received sensor data. Due to the existence of spoofing attacks (more specifically to CPS, false data injection attacks), one has to protect the authenticity and integrity of the transmitted data. For example, a digital signature can be used to solve this issue. However, the resource-constrained field devices like sensors …