Physical Sciences and Mathematics Commons^™

Data Verifications For Online Social Networks, Mahmudur Rahman

FIU Electronic Theses and Dissertations

Social networks are popular platforms that simplify user interaction and encourage collaboration. They collect large amounts of media from their users, often reported from mobile devices. The value and impact of social media makes it however an attractive attack target. In this thesis, we focus on the following social media vulnerabilities. First, review centered social networks such as Yelp and Google Play have been shown to be the targets of significant search rank and malware proliferation attacks. Detecting fraudulent behaviors is thus paramount to prevent not only public opinion bias, but also to curb the distribution of malware. Second, the …

A Comparative Study Of Formal Verification Techniques For Authentication Protocols, Hernan Miguel Palombo

USF Tampa Graduate Theses and Dissertations

Protocol verification is an exciting area of network security that intersects engineering and formal methods. This thesis presents a comparison of formal verification tools for security protocols for their respective strengths and weaknesses supported by the results from several case studies. The formal verification tools considered are based on explicit model checking (SPIN), symbolic analysis (Proverif) and theorem proving (Coq). We formalize and provide models of several well-known authentication and key-establishment protocols in each of the specification languages, and use the tools to find attacks that show protocols insecurity. We contrast the modelling process on each of the tools by …

Developing A Compiler For A Regular Expression Based Policy Specification Language, Cory Michael Juhlin

USF Tampa Graduate Theses and Dissertations

Security policy specification languages are a response to today's complex and vulnerable software climate. These languages allow an individual or organization to restrict and modify the behavior of third-party applications such that they adhere to the rules specified in the policy. As software grows in complexity, so do the security policies that govern them. Existing policy specification languages have not adapted to the growing complexity of the software they govern and as a result do not scale well, often resulting in code that is overly complex or unreadable. Writing small, isolated policies as separate modules and combining them is known …

Blindcanseeql: Improved Blind Sql Injection For Db Schema Discovery Using A Predictive Dictionary From Web Scraped Word Based Lists, Ryan Wheeler

USF Tampa Graduate Theses and Dissertations

SQL Injections are still a prominent threat on the web. Using a custom built tool, BlindCanSeeQL (BCSQL), we will explore how to automate Blind SQL attacks to discover database schema using fewer requests than the standard methods, thus helping avoid detection from overloading a server with hits. This tool uses a web crawler to discover keywords that assist with autocompleting schema object names, along with improvements in ASCII bisection to lower the number of requests sent to the server. Along with this tool, we will discuss ways to prevent and protect against such attacks.

Implementing And Testing A Novel Chaotic Cryptosystem, Samuel Jackson, Scott Kerlin, Jeremy Straub

Jeremy Straub

Cryptography in the domain of small satellites is a relatively new area of research. Compared to typical desktop computers, small satellites have limited bandwidth, processing power, and battery power. Many of the current encryption schemes were developed for desktop computers and servers, and as such may be unsuitable for small satellites. In addition, most cryptographic research in the domain of small satellites focuses on hardware solutions, which can be problematic given the limited space requirements of small satellites.

This paper investigates potential software solutions that could be used to encrypt and decrypt data on small satellites and other devices with …

On Robust Image Spam Filtering Via Comprehensive Visual Modeling, Jialie Shen, Deng, Robert H., Zhiyong Cheng, Liqiang Nie, Shuicheng Yan

Research Collection School Of Computing and Information Systems

The Internet has brought about fundamental changes in the way peoples generate and exchange media information. Over the last decade, unsolicited message images (image spams) have become one of the most serious problems for Internet service providers (ISPs), business firms and general end users. In this paper, we report a novel system called RoBoTs (Robust BoosTrap based spam detector) to support accurate and robust image spam filtering. The system is developed based on multiple visual properties extracted from different levels of granularity, aiming to capture more discriminative contents for effective spam image identification. In addition, a resampling based learning framework …

Authentication Via Multiple Associated Devices, Jean-Baptiste Subils

USF Tampa Graduate Theses and Dissertations

This thesis presents a practical method of authentication utilizing multiple devices. The factors contributing to the practicality of the method are: the utilization of devices already commonly possessed by users and the amenability to being implemented on a wide variety of devices. The term “device” refers to anything able to perform cryptographic operations, store data, and communicate with another such device.

In the method presented herein, multiple devices need to be associated with a single user to provide this user an identity in the system. A public key infrastructure is used to provide this identity. Each of the devices associated …

Modeling Security And Resource Allocation For Mobile Multi-Hop Wireless Neworks Using Game Theory, Laurent L. Y. Njilla

FIU Electronic Theses and Dissertations

This dissertation presents novel approaches to modeling and analyzing security and resource allocation in mobile ad hoc networks (MANETs). The research involves the design, implementation and simulation of different models resulting in resource sharing and security’s strengthening of the network among mobile devices. Because of the mobility, the network topology may change quickly and unpredictably over time. Moreover, data-information sent from a source to a designated destination node, which is not nearby, has to route its information with the need of intermediary mobile nodes. However, not all intermediary nodes in the network are willing to participate in data-packet transfer of …

From Physical Security To Cybersecurity, Arunesh Sinha, Thanh H. Nguyen, Debarun Kar, Matthew Brown, Milind Tambe, Albert Xin Jiang

Research Collection School Of Computing and Information Systems

Security is a critical concern around the world. In many domains from cybersecurity to sustainability, limited security resources prevent complete security coverage at all times. Instead, these limited resources must be scheduled (or allocated or deployed), while simultaneously taking into account the importance of different targets, the responses of the adversaries to the security posture, and the potential uncertainties in adversary payoffs and observations, etc. Computational game theory can help generate such security schedules. Indeed, casting the problem as a Stackelberg game, we have developed new algorithms that are now deployed over multiple years in multiple applications for scheduling of …

Secure And Authenticated Data Communication In Wireless Sensor Networks, Omar Alfandi, Arne Bochem, Ansgar Kellner, Christian Göge, Dieter Hogrefe

All Works

© 2015 by the authors; licensee MDPI, Basel, Switzerland. Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory …

Intrusion Detection System Of Industrial Control Networks Using Network Telemetry, Stanislav Ponomarev

Doctoral Dissertations

Industrial Control Systems (ICSs) are designed, implemented, and deployed in most major spheres of production, business, and entertainment. ICSs are commonly split into two subsystems - Programmable Logic Controllers (PLCs) and Supervisory Control And Data Acquisition (SCADA) systems - to achieve high safety, allow engineers to observe states of an ICS, and perform various configuration updates. Before wide adoption of the Internet, ICSs used "air-gap" security measures, where the ICS network was isolated from other networks, including the Internet, by a physical disconnect [1]. This level of security allowed ICS protocol designers to concentrate on the availability and safety of …

Slides: Ag Water Sharing: Legal Challenges And Considerations, Peter D. Nichols

Innovations in Managing Western Water: New Approaches for Balancing Environmental, Social and Economic Outcomes (Martz Summer Conference, June 11-12)

Presenter: Peter D. Nichols, Esq., Partner, Berg, Hill, Greenleaf and Ruscitti, Boulder, CO

25 slides

Pinpoint: Efficient And Effective Resource Isolation For Mobile Security And Privacy, Paul Ratazzi, Ashok Bommisetti, Nian Ji, Wenliang Du

Electrical Engineering and Computer Science - All Scholarship

Virtualization is frequently used to isolate untrusted processes and control their access to sensitive resources. However, isolation usually carries a price in terms of less resource sharing and reduced inter-process communication. In an open architecture such as Android, this price and its impact on performance, usability, and transparency must be carefully considered. Although previous efforts in developing general-purpose isolation solutions have shown that some of these negative sideeffects can be mitigated, doing so involves overcoming significant design challenges by incorporating numerous additional platform complexities not directly related to improved security. Thus, the general purpose solutions become inefficient and burdensome if …

Mobile Device Use: Increasing Privacy And Security Awareness For Nurse Practitioners, Lauren Storbrauck

Economic Crime Forensics Capstones

Nurse practitioners are increasingly using mobile devices to access electronic medical records, as the use of the devices increases so does the risk of a potential breach. This is a direct result of technological advances such as larger storage capacities, faster computing speeds, and better portability/connectivity (Torrieri, 2011). These devices include: mobile phones, tablets, and laptops. The use of these devices has greatly facilitated the work of Nurse Practitioners, by allowing them to have instant access to patient records, health history and recommended treatment plans (Ventola, 2014). However, seventy-three percent of all mobile users stated that they are not always …

Investigating Roles Of Information Security Strategy, Roger V. Seeholzer

CCE Theses and Dissertations

A fundamental understanding of the complexities comprising an information security strategy (ISS) in an organization is lacking. Most ISS implementations in government organizations equate anti-virus or installing a firewall to that of an ISS. While use of hardware and software forms a good defense; neither comprises the essence of an ISS. The ISS best integrates with business and information system strategies from the start, forming and shaping the direction of overall strategy synergistically within large government organizations. The researcher used grounded theory and investigated what a large government organization’s choices were with the differing roles an information security professional (ISP) …

Handling Human Hacking: Creating A Comprehensive Defensive Strategy Against Modern Social Engineering, Charles Snyder

Senior Honors Theses

Social engineering is one of the most devastating threats to any company or business. Rather than relying upon technical flaws in order to break into computer networks, social engineers utilize a suave personality in order to deceive individuals through clever conversation. These devious conversations frequently provide the attacker with sufficient information to compromise the company’s computer network. Unlike common technical attacks, social engineering attacks cannot be prevented by security tools and software. Instead of attacking a network directly, a social engineer exploits human psychology in order to coerce the victim to inadvertently divulge sensitive information. Further complicating the issue, the …

Usable Security Using Goms: A Study To Evaluate And Compare The Usability Of User Accounts On E-Government Websites, Amran Din

CCE Theses and Dissertations

The term e-Government refers to providing citizens a series of services that can be conveniently conducted over the Internet. However, the potential to redefine and transform e-Government increasingly relies on citizens successfully establishing and managing a user account profile online. E-Government has not adequately addressed user-centric designs for social inclusion of all citizens on e-Government websites. There is a lack of research on the usability of user account management, and a clear lack of innovation in incorporating user-friendly authentication interfaces to accommodate a diverse user population given the wealth of existing research in web authentication techniques within Identity Management. The …

Constructing Secure Mapreduce Framework In Cloud-Based Environment, Yongzhi Wang

FIU Electronic Theses and Dissertations

MapReduce, a parallel computing paradigm, has been gaining popularity in recent years as cloud vendors offer MapReduce computation services on their public clouds. However, companies are still reluctant to move their computations to the public cloud due to the following reason: In the current business model, the entire MapReduce cluster is deployed on the public cloud. If the public cloud is not properly protected, the integrity and the confidentiality of MapReduce applications can be compromised by attacks inside or outside of the public cloud. From the result integrity’s perspective, if any computation nodes on the public cloud are compromised,thosenodes can …

Trust Based Privacy Policy Enforcement In Cloud Computing, Karthick Ramachandran

Electronic Thesis and Dissertation Repository

Cloud computing offers opportunities for organizations to reduce IT costs by using the computation and storage of a remote provider. Despite the benefits offered by cloud computing paradigm, organizations are still wary of delegating their computation and storage to a cloud service provider due to trust concerns. The trust issues with the cloud can be addressed by a combination of regulatory frameworks and supporting technologies. Privacy Enhancing Technologies (PET) and remote attestation provide the technologies for addressing the trust concerns. PET provides proactive measures through cryptography and selective dissemination of data to the client. Remote attestation mechanisms provides reactive measures …

Role-Based Access Control Administration Of Security Policies And Policy Conflict Resolution In Distributed Systems, Stephen Sakawa Kibwage

CCE Theses and Dissertations

Security models using access control policies have over the years improved from Role-based access control (RBAC) to newer models which have added some features like support for distributed systems and solving problems in older security policy models such as identifying policy conflicts. Access control policies based on hierarchical roles provide more flexibility in controlling system resources for users. The policies allow for granularity when extended to have both allow and deny permissions as well as weighted priority attribute for the rules in the policies. Such flexibility allows administrators to succinctly specify access for their system resources but also prone to …

Analysis And Improvement On A Biometric-Based Remote User Authentication Scheme Using Smart Cards, Fengtong Wen, Willy Susilo, Guomin Yang

Research Collection School Of Computing and Information Systems

In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user impersonation attack, server masquerading attack, and provide user anonymity, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Khan et al.’s scheme, and demonstrate that their scheme doesn’t provide user anonymity. This also renders that their scheme is insecure against other attacks, such as off-line password guessing attack, user impersonation attacks. Subsequently, we propose a …

Evaluating Single Sign On Security Failure In Cloud Services, Brian Cusack, Eghbal Zadeh

Australian Information Security Management Conference

The business use of cloud computing services is motivated by the ease of use and the potential financial cost reductions. Service failure may occur when the service provider does not protect information or when the use of the services becomes overly complex and difficult. The benefits also bring optimisation challenges for the information owners who must assess the service security risk and the degree to which new human behaviours are required. In this research we look at the risk of identity theft when ease of service access is provided through a Single Sign On (SSO) authorisation and ask: What are …

The Challeges In Implementing Security In Spontaneous Ad Hoc Networks, Alastair Nisbet

Australian Information Security Management Conference

Mobile Ad Hoc Networks (MANETS) promise much in the ability to rapidly deploy a wireless network in a fashion where no prior planning is needed and the network can be running efficiently and with high security within minutes. Natural disaster response, military, education and business provide areas where MANETS can offer significant advantages in communication where infrastructure networks may take days to set up or may be impossible to implement. This research reviews a selection of MANET protocols to show the progression of the research and the issues that are yet to be addressed. It discusses the challenges to researchers …

An Electroencephalogram (Eeg) Based Biometrics Investigation For Authentication: A Human-Computer Interaction (Hci) Approach, Ricardo J. Rodriguez

CCE Theses and Dissertations

Encephalogram (EEG) devices are one of the active research areas in human-computer interaction (HCI). They provide a unique brain-machine interface (BMI) for interacting with a growing number of applications. EEG devices interface with computational systems, including traditional desktop computers and more recently mobile devices. These computational systems can be targeted by malicious users. There is clearly an opportunity to leverage EEG capabilities for increasing the efficiency of access control mechanisms, which are the first line of defense in any computational system.

Access control mechanisms rely on a number of authenticators, including “what you know”, “what you have”, and “what you …

Security Frameworks For Machine-To-Machine Devices And Networks, Michael Demblewski

CCE Theses and Dissertations

Attacks against mobile systems have escalated over the past decade. There have been increases of fraud, platform attacks, and malware. The Internet of Things (IoT) offers a new attack vector for Cybercriminals. M2M contributes to the growing number of devices that use wireless systems for Internet connection. As new applications and platforms are created, old vulnerabilities are transferred to next-generation systems. There is a research gap that exists between the current approaches for security framework development and the understanding of how these new technologies are different and how they are similar. This gap exists because system designers, security architects, and …

Design, Testing And Implementation Of A New Authentication Method Using Multiple Devices, Cagri Cetin

USF Tampa Graduate Theses and Dissertations

Authentication protocols are very common mechanisms to confirm the legitimacy of someone’s or something’s identity in digital and physical systems.

This thesis presents a new and robust authentication method based on users’ multiple devices. Due to the popularity of mobile devices, users are becoming more likely to have more than one device (e.g., smartwatch, smartphone, laptop, tablet, smart-car, smart-ring, etc.). The authentication system presented here takes advantage of these multiple devices to implement authentication mechanisms. In particular, the system requires the devices to collaborate with each other in order for the authentication to succeed. This new authentication protocol is robust …

Evaluating Policy Layer Security Controls For Value Realisation In Secure Systems, Brian Cusack, Maher Al-Khazrajy

Australian Information Security Management Conference

A strategic question for any business is: What value do control frameworks give? The question concerns the costs associated with implementing and maintaining control frameworks compared with the benefits gained. Each control framework contains many controls that may or may not benefit a situation and this research is aimed at testing different selections and combinations of controls to forecast probable impacts on business outcomes. The scope of the research is limited to a representative set of security controls and the lesser question: What are the criteria for selecting the most effective and efficient security control configurations for best business value? …

Ransomware: Emergence Of The Cyber-Extortion Menace, Nikolai Hampton, Zubair A. Baig

Australian Information Security Management Conference

Ransomware is increasingly posing a threat to the security of information resources. Millions of dollars of monetary loss have been afflicted on end-users and corporations alike through unlawful deployment of ransomware. Through malware injection into end-user devices and subsequent extortion of their system or data, ransomware has emerged as a threat requiring immediate attention and containment by the cyber-security community. We conduct a detailed analysis of the steps of execution involved in ransomware deployment to facilitate readiness of the cyber-security community in containing the rapid proliferation of ransomware. This paper examines the evolution of malware over a period of 26 …

Innovating Additional Layer 2 Security Requirements For A Protected Stack, Brian Cusack, Raymond Lutui

Australian Information Security Management Conference

Security is only as good as the weakest link and if the weakness is at a low level in the communication stack then every other Layer has potential to inherit the problem. The OSI Layer model has defined the theoretical architecture for network communications (ISO/IEC 7498-1). Standardisation assures that each element of an internetwork uses the same model and hence a message can be moved intelligibly and correctly between participants. The OSI model divides communications into seven hierarchical Layers that provide the necessary services from the application Layer through to the physical Layer of electricity (ISO/IEC 7498-2). Each Layer is …

An Empirical Comparison Of Widely Adopted Hash Functions In Digital Forensics: Does The Programming Language And Operating System Make A Difference?, Satyendra Gurjar, Ibrahim Baggili, Frank Breitinger, Alice E. Fischer

Electrical & Computer Engineering and Computer Science Faculty Publications

Hash functions are widespread in computer sciences and have a wide range of applications such as ensuring integrity in cryptographic protocols, structuring database entries (hash tables) or identifying known files in forensic investigations. Besides their cryptographic requirements, a fundamental property of hash functions is efficient and easy computation which is especially important in digital forensics due to the large amount of data that needs to be processed when working on cases. In this paper, we correlate the runtime efficiency of common hashing algorithms (MD5, SHA-family) and their implementation. Our empirical comparison focuses on C-OpenSSL, Python, Ruby, Java on Windows and …