Physical Sciences and Mathematics Commons^™

A Dynamic Behavioral Biometric Approach To Authenticate Users Employing Their Fingers To Interact With Touchscreen Devices, Arturo Ponce

CCE Theses and Dissertations

The use of mobile devices has extended to all areas of human life and has changed the way people work and socialize. Mobile devices are susceptible to getting lost, stolen, or compromised. Several approaches have been adopted to protect the information stored on these devices. One of these approaches is user authentication. The two most popular methods of user authentication are knowledge based and token based methods but they present different kinds of problems.

Biometric authentication methods have emerged in recent years as a way to deal with these problems. They use an individual’s unique characteristics for identification and have …

Investigating Roles Of Information Security Strategy, Roger V. Seeholzer

CCE Theses and Dissertations

A fundamental understanding of the complexities comprising an information security strategy (ISS) in an organization is lacking. Most ISS implementations in government organizations equate anti-virus or installing a firewall to that of an ISS. While use of hardware and software forms a good defense; neither comprises the essence of an ISS. The ISS best integrates with business and information system strategies from the start, forming and shaping the direction of overall strategy synergistically within large government organizations. The researcher used grounded theory and investigated what a large government organization’s choices were with the differing roles an information security professional (ISP) …

Immunology Inspired Detection Of Data Theft From Autonomous Network Activity, Theodore O. Cochran

CCE Theses and Dissertations

The threat of data theft posed by self-propagating, remotely controlled bot malware is increasing. Cyber criminals are motivated to steal sensitive data, such as user names, passwords, account numbers, and credit card numbers, because these items can be parlayed into cash. For anonymity and economy of scale, bot networks have become the cyber criminal’s weapon of choice. In 2010 a single botnet included over one million compromised host computers, and one of the largest botnets in 2011 was specifically designed to harvest financial data from its victims. Unfortunately, current intrusion detection methods are unable to effectively detect data extraction techniques …

Usable Security Using Goms: A Study To Evaluate And Compare The Usability Of User Accounts On E-Government Websites, Amran Din

CCE Theses and Dissertations

The term e-Government refers to providing citizens a series of services that can be conveniently conducted over the Internet. However, the potential to redefine and transform e-Government increasingly relies on citizens successfully establishing and managing a user account profile online. E-Government has not adequately addressed user-centric designs for social inclusion of all citizens on e-Government websites. There is a lack of research on the usability of user account management, and a clear lack of innovation in incorporating user-friendly authentication interfaces to accommodate a diverse user population given the wealth of existing research in web authentication techniques within Identity Management. The …

The Impact Of Image Synonyms In Graphical-Based Authentication Systems, Jonathan William Sparks

CCE Theses and Dissertations

Traditional text-based passwords used for authentication in information systems have several known issues in the areas of usability and security. Research has shown that when users generate passwords for systems, they tend to create passwords that are subject to compromise more so than those created randomly by the computer. Research has also shown that users have difficulty remembering highly secure, randomly created, text-based passwords.

Graphical-based passwords have been shown to be highly memorable for users when applied to system authentication. However, graphical-based authentication systems require additional cognitive load to recognize and enter a password compared to traditional text-based authentication that …

Role-Based Access Control Administration Of Security Policies And Policy Conflict Resolution In Distributed Systems, Stephen Sakawa Kibwage

CCE Theses and Dissertations

Security models using access control policies have over the years improved from Role-based access control (RBAC) to newer models which have added some features like support for distributed systems and solving problems in older security policy models such as identifying policy conflicts. Access control policies based on hierarchical roles provide more flexibility in controlling system resources for users. The policies allow for granularity when extended to have both allow and deny permissions as well as weighted priority attribute for the rules in the policies. Such flexibility allows administrators to succinctly specify access for their system resources but also prone to …

Dynamic Game-Theoretic Models To Determine The Value Of Intrusion Detection Systems In The Face Of Uncertainty, David Paul Moured

CCE Theses and Dissertations

Firms lose millions of dollars every year to cyber-attacks and the risk to these companies is growing exponentially. The threat to monetary and intellectual property has made Information Technology (IT) security management a critical challenge to firms. Security devices, including Intrusion Detections Systems (IDS), are commonly used to help protect these firms from malicious users by identifying the presence of malicious network traffic. However, the actual value of these devices remains uncertain among the IT security community because of the costs associated with the implementation of different monitoring strategies that determine when to inspect potentially malicious traffic and the costs …

Incremental Sparse-Pca Feature Extraction For Data Streams, Jean-Pierre Nziga

CCE Theses and Dissertations

Intruders attempt to penetrate commercial systems daily and cause considerable financial losses for individuals and organizations. Intrusion detection systems monitor network events to detect computer security threats. An extensive amount of network data is devoted to detecting malicious activities.

Storing, processing, and analyzing the massive volume of data is costly and indicate the need to find efficient methods to perform network data reduction that does not require the data to be first captured and stored. A better approach allows the extraction of useful variables from data streams in real time and in a single pass. The removal of irrelevant attributes …

Identifying Key Determinants Of Service Provider Effectiveness And The Impact It Has On Outsourced Security Success, James B. Lewis

CCE Theses and Dissertations

The purpose of this research was to identify key determinants of service provider effectiveness and how it impacts outsourced security success. As environments have become more robust and dynamic, many organizations have made the decision to leverage external security expertise and have outsourced many of their information technology security functions to Managed Security Service Providers (MSSPs).

Information Systems Outsourcing, at its core, is when a customer chooses to outsource certain information technology functions or services to a service provider and engages in a legally binding agreement. While legal contracts govern many aspects of an outsourcing arrangement, it cannot serve as …

Examining The Security Awareness, Information Privacy, And The Security Behaviors Of Home Computer Users, Keith Edwards

CCE Theses and Dissertations

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the incentive to take security awareness training on their own. Research in security awareness and security behavior has produced conflicting results. Therefore, it is not clear, how security aware home computer users are or to what extent security awareness affects the security behavior of home computer users. …

Designing An Effective Information Security Policy For Exceptional Situations In An Organization: An Experimental Study, George S. Antoniou

CCE Theses and Dissertations

An increasing number of researchers are recognizing the importance of the role played by employees in maintaining the effectiveness of an information security policy. Currently, little research exists to validate the relationship between the actions (behaviors) taken by employees in response to exceptional situations (antecedents) regarding an organization’s information security policy, the impact (consequences) those actions have on an organization, and the motives that prompt those actions. When these exceptional situations occur, employees may feel compelled to engage in behaviors that violate the terms of an information security policy because strict compliance with the policy could cause the organization to …

Virtue Ethics: Examining Influences On The Ethical Commitment Of Information System Workers In Trusted Positions, John Max Gray

CCE Theses and Dissertations

Despite an abundance of research on the problem of insider threats, only limited success has been achieved in preventing trusted insiders from committing security violations. Virtue ethics may be an approach that can be utilized to address this issue. Human factors such as moral considerations impact Information System (IS) design, use, and security; consequently they affect the security posture and culture of an organization. Virtue ethics based concepts have the potential to influence and align the moral values and behavior of information systems workers with those of an organization in order to provide increased protection of IS assets. An individual’s …

An Electroencephalogram (Eeg) Based Biometrics Investigation For Authentication: A Human-Computer Interaction (Hci) Approach, Ricardo J. Rodriguez

CCE Theses and Dissertations

Encephalogram (EEG) devices are one of the active research areas in human-computer interaction (HCI). They provide a unique brain-machine interface (BMI) for interacting with a growing number of applications. EEG devices interface with computational systems, including traditional desktop computers and more recently mobile devices. These computational systems can be targeted by malicious users. There is clearly an opportunity to leverage EEG capabilities for increasing the efficiency of access control mechanisms, which are the first line of defense in any computational system.

Access control mechanisms rely on a number of authenticators, including “what you know”, “what you have”, and “what you …

Security Frameworks For Machine-To-Machine Devices And Networks, Michael Demblewski

CCE Theses and Dissertations

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and …