Physical Sciences and Mathematics Commons^™

A Survey On Security Analysis Of Amazon Echo Devices, Surendra Pathak, Sheikh Ariful Islam, Honglu Jiang, Lei Xu, Emmett Tomai

Computer Science Faculty Publications and Presentations

Since its launch in 2014, Amazon Echo family of devices has seen a considerable increase in adaptation in consumer homes and offices. With a market worth millions of dollars, Echo is used for diverse tasks such as accessing online information, making phone calls, purchasing items, and controlling the smart home. Echo offers user-friendly voice interaction to automate everyday tasks making it a massive success. Though many people view Amazon Echo as a helpful assistant at home or office, few know its underlying security and privacy implications. In this paper, we present the findings of our research on Amazon Echo’s security …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Multi-Functional Job Roles To Support Operations In A Multi-Faceted Jewel Enabled By Ai And Digital Transformation, Steven M. Miller

Research Collection School Of Computing and Information Systems

In this story, we highlight the way in which the use of AI enabled support systems, together with work process digital transformation and innovative approaches to job redesign, have combined to dramatically change the nature of the work of the front-line service staff who protect and support the facility and visitors at the world’s most iconic airport mall and lifestyle destination.

Nft Certificates And Proof Of Delivery For Fine Jewelry And Gemstones, Noura Alnuaimi, Alanoud Almemari, Mohammad Madine, Khaled Salah, Hamda Al Breiki, Raja Jayaraman

All Works

Fine jewelry is a unique class of ornaments composed of precious metals and gemstones. Premium-grade metals such as gold, platinum, and sliver, and gemstones such as pearls, diamonds, rubies, and emeralds are used use to make fine jewelry. Paper-based certificates are typically issued by retailers and producers for fine jewelry and gemstones as a proof of origin, sale, ownership, history, and quality. However, paper certificates are subject to counterfeiting, loss, or theft. In this paper, we show how non-fungible tokens (NFTs) and Ethereum blockchain can be used for digital certification, proof of ownership, sale history, and quality, as well as …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

Emerging Technologies, Evolving Threats: Next-Generation Security Challenges, Tamara Bonaci, Katina Michael, Pablo Rivas, Lindsay J. Roberston, Michael Zimmer

Computer Science Faculty Research and Publications

Security is a fundamental human requirement. We desire the security of our person against injury, security of our capability to provide for our families, security of income linked to needs (food, water, clothing, and shelter), and much more. Most also hope for security of a way of life that is fulfilling and pleasant and peaceful [1] . In 2003, Alkire [2] defined “human security” as: “[t]he objective … to safeguard the vital core of all human lives from critical pervasive threats, in a way that is consistent with long-term human fulfillment.” Today most of the world’s population is highly dependent, …

Witness-Authenticated Key Exchange, Kelsey G. Melissaris

Dissertations, Theses, and Capstone Projects

In this dissertation we investigate Witness-Authenticated Key Exchange (WAKE), a key agreement protocol in which each party is authenticated through knowledge of a witness to an arbitrary NP statement. We provide both game-based and universally composable definitions. Thereby, this thesis presents solutions for the most flexible and general method of authentication for group key exchange, providing simple constructions from (succinct) signatures of knowledge (SOK) and a two round UC-secure protocol.

After a discussion of flaws in previous definitions for WAKE we supply a new and improved game-based definition along with the first definition for witness-authenticated key exchange between groups of …

The Effects Of Side-Channel Attacks On Post-Quantum Cryptography: Influencing Frodokem Key Generation Using The Rowhammer Exploit, Michael Jacob Fahr

Graduate Theses and Dissertations

Modern cryptographic algorithms such as AES and RSA are effectively used for securing data transmission. However, advancements in quantum computing pose a threat to modern cryptography algorithms due to the potential of solving hard mathematical problems faster than conventional computers. Thus, to prepare for quantum computing, NIST has started a competition to standardize quantum-resistant public-key cryptography algorithms. These algorithms are evaluated for strong theoretical security and run-time performance. NIST is in the third round of the competition, and the focus has shifted to analyzing the vulnerabilities to side-channel attacks. One algorithm that has gained notice is the Round 3 alternate …

Code Cyber: A Curated Collection Of Cybersecurity Career Learning And Preparation Resources, Kazi Tasin, Ethan Pruzhansky, Jason Lin, Tanvir Rahman, Patrick J. Slattery

Publications and Research

Since we are living in a digital age, the need to protect ourselves and those who are vulnerable to cyber-attacks is paramount to prevent cyber attacks that steal information such as banking accounts and important sensitive information.

Our research team extensively investigated the five aspects of cybersecurity such as identity, protection, detection, and response. By conducting various interviews with cybersecurity professionals, we gathered information about these five aspects for example security intelligence or security operations and response, (thread hunting, response orchestration) identity access management, (identity management, and data protection), and risks (risk perspective). Our main goal is to look into …

Formal Verification Applications For The Treekem Continuous Group Key Agreement Protocol, Alexander J. Washburn

Theses and Dissertations

The features of Secure Group Messaging, the security guarantees of Message Layer Security, and the TreeKEM protocol designed to satisfy these guarantees and features are explored. A motivation and methodology for verification via explicit model checking is presented. Subsequently, a translation of the TreeKEM protocol into a Promela reference model is described, examining the nuances explicit model checking brings. Finally the results of the formal verification methods are discussed.

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Using Blockchain To Improve Security Of The Internet Of Things, Joshua W. Quist

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

The Internet of Things has increased in popularity in recent years, with daily life now being surrounded by “smart devices.” This network of smart devices, such as thermostats, refrigerators, and even stationary bikes affords us convenience, but at a cost. Security measures are typically inferior on these devices; considering that they collect our data around the clock, this is a big reason for concern. Recent research shows that blockchain technology may be one way to address these security concerns. This paper discusses the Internet of Things and the current issues with how security is handled, discusses how blockchain can shore …

Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo

Research Collection School Of Computing and Information Systems

In the research of mining software repositories, we need to label a large amount of data to construct a predictive model. The correctness of the labels will affect the performance of a model substantially. However, limited studies have been performed to investigate the impact of mislabeled instances on a predictive model. To bridge the gap, in this article, we perform a case study on the security bug report (SBR) prediction. We found five publicly available datasets for SBR prediction contains many mislabeled instances, which lead to the poor performance of SBR prediction models of recent studies (e.g., the work of …

Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha

Journal of the Arab American University مجلة الجامعة العربية الامريكية للبحوث

In the digital age, internet users are exposed to privacy issues online. Few rarely know when someone else is eavesdropping or about to scam them. Companies, governments, and individual internet users are all vulnerable to security breaches due to the challenges of online privacy ranging from trust and hierarchical control to financial losses. As systems advance, people are optimistic that forensic science will provide long-term interventions that surpass the current solutions, including setting stronger passwords and firewall protection. The future of online privacy is changing, and more practical interventions, such as email, malware, mobile, and network forensics, must be integrated, …

Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche

Dartmouth College Undergraduate Theses

When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to …

Towards Practicalization Of Blockchain-Based Decentralized Applications, Songlin He

Dissertations

Blockchain can be defined as an immutable ledger for recording transactions, maintained in a distributed network of mutually untrusting peers. Blockchain technology has been widely applied to various fields beyond its initial usage of cryptocurrency. However, blockchain itself is insufficient to meet all the desired security or efficiency requirements for diversified application scenarios. This dissertation focuses on two core functionalities that blockchain provides, i.e., robust storage and reliable computation. Three concrete application scenarios including Internet of Things (IoT), cybersecurity management (CSM), and peer-to-peer (P2P) content delivery network (CDN) are utilized to elaborate the general design principles for these two main …

A Systematic Review On Machine Learning Models For Online Learning And Examination Systems, Sanaa Kaddoura, Daniela Elena Popescu, Jude D. Hemanth

All Works

Examinations or assessments play a vital role in every student’s life; they determine their future and career paths. The COVID pandemic has left adverse impacts in all areas, including the academic field. The regularized classroom learning and face-to-face real-time examinations were not feasible to avoid widespread infection and ensure safety. During these desperate times, technological advancements stepped in to aid students in continuing their education without any academic breaks. Machine learning is a key to this digital transformation of schools or colleges from real-time to online mode. Online learning and examination during lockdown were made possible by Machine learning methods. …

Information Provenance For Mobile Health Data, Taylor A. Hardin

Dartmouth College Ph.D Dissertations

Mobile health (mHealth) apps and devices are increasingly popular for health research, clinical treatment and personal wellness, as they offer the ability to continuously monitor aspects of individuals' health as they go about their everyday activities. Many believe that combining the data produced by these mHealth apps and devices may give healthcare-related service providers and researchers a more holistic view of an individual's health, increase the quality of service, and reduce operating costs. For such mHealth data to be considered useful though, data consumers need to be assured that the authenticity and the integrity of the data has remained intact---especially …

Establishing Trust In Vehicle-To-Vehicle Coordination: A Sensor Fusion Approach, Jakob Veselsky, Jack West, Isaac Ahlgren, George K. Thiruvathukal, Neil Klingensmith, Abhinav Goel, Wenxin Jiang, James C. Davis, Kyuin Lee, Younghyun Kim

Computer Science: Faculty Publications and Other Works

Autonomous vehicles (AVs) use diverse sensors to understand their surroundings as they continually make safety- critical decisions. However, establishing trust with other AVs is a key prerequisite because safety-critical decisions cannot be made based on data shared from untrusted sources. Existing protocols require an infrastructure network connection and a third-party root of trust to establish a secure channel, which are not always available.

In this paper, we propose a sensor-fusion approach for mobile trust establishment, which combines GPS and visual data. The combined data forms evidence that one vehicle is nearby another, which is a strong indication that it is …

Game-Theoretic Deception Modeling For Distracting Network Adversarie, Mohammad Sujan Miah

Open Access Theses & Dissertations

In this day and age, adversaries in the cybersecurity space have become alarmingly capable of identifying network vulnerabilities and work out various targets to attack where deception is becoming an increasingly crucial technique for the defenders to delay these attacks. For securing computer networks, the defenders use various deceptive decoy objects to detect, confuse, and distract attackers. By trapping the attackers, these decoys gather information, waste their time and resources, and potentially prevent future attacks. However, we have to consider that an attacker with the help of smart techniques may detect the decoys and avoid them. One of the well-known …

An Evaluation Of Security In Blockchain-Based Sharing Of Student Records In Higher Education, Timothy Arndt, Angela Guercio, Yonghun Chae

Information Systems

Blockchain has recently taken off as a disruptive technology, from its initial use in cryptocurrencies to wider applications in areas such as property registration and insurance due to its characteristic as a distributed ledger which can remove the need for a trusted third party to facilitate transactions. This spread of the technology to new application areas has been driven by the development of smart contracts – blockchain-based protocols which can automatically enforce a contract by executing code based on the logic expressed in the contract. One exciting area for blockchain is higher education. Students in higher education are ever more …

Optimized Damage Assessment And Recovery Through Data Categorization In Critical Infrastructure System., Shruthi Ramakrishnan

Graduate Theses and Dissertations

Critical infrastructures (CI) play a vital role in majority of the fields and sectors worldwide. It contributes a lot towards the economy of nations and towards the wellbeing of the society. They are highly coupled, interconnected and their interdependencies make them more complex systems. Thus, when a damage occurs in a CI system, its complex interdependencies make it get subjected to cascading effects which propagates faster from one infrastructure to another resulting in wide service degradations which in turn causes economic and societal effects. The propagation of cascading effects of disruptive events could be handled efficiently if the assessment and …

Machine Learning-Based Device Type Classification For Iot Device Re- And Continuous Authentication, Kaustubh Gupta

Department of Computer Science and Engineering: Dissertations, Theses, and Student Research

Today, the use of Internet of Things (IoT) devices is higher than ever and it is growing rapidly. Many IoT devices are usually manufactured by home appliance manufacturers where security and privacy are not the foremost concern. When an IoT device is connected to a network, currently there does not exist a strict authentication method that verifies the identity of the device, allowing any rogue IoT device to authenticate to an access point. This thesis addresses the issue by introducing methods for continuous and re-authentication of static and dynamic IoT devices, respectively. We introduce mechanisms and protocols for authenticating a …

Management Of Data Brokers In Support Of Smart Community Applications, Shadha Tabatabai

Dissertations

The widespread use of smart devices has led to the Internet of Things (IoT) revolution. Big data generated by billions of devices must be analyzed to make better decisions. However, this introduces security, communication, and processing problems. To solve these problems, we develop algorithms to enhance the work of brokers. We focus our efforts on three problems.

In the first problem, brokers are used in the cloud along with Software Defined Network (SDN) switches. We formulate minimizing brokers’ load difference within a reconfiguration budget with the constraint of indivisible topics as an Integer Linear Programming (ILP) problem. We show that …

Assessing Security Risks With The Internet Of Things, Faith Mosemann

Senior Honors Theses

For my honors thesis I have decided to study the security risks associated with the Internet of Things (IoT) and possible ways to secure them. I will focus on how corporate, and individuals use IoT devices and the security risks that come with their implementation. In my research, I found out that IoT gadgets tend to go unnoticed as a checkpoint for vulnerability. For example, often personal IoT devices tend to have the default username and password issued from the factory that a hacker could easily find through Google. IoT devices need security just as much as computers or servers …

Establishing Trust In Vehicle-To-Vehicle Coordination: A Sensor Fusion Approach, Jakob Veselsky, Jack West, Isaac Ahlgren, George K. Thiruvathukal, Neil Klingensmith, Abhinav Goel, Wenxin Jiang, James C. Davis, Kyuin Lee, Younghyun Kim

Computer Science: Faculty Publications and Other Works

As we add more autonomous and semi-autonomous vehicles (AVs) to our roads, their effects on passenger and pedestrian safety are becoming more important. Despite extensive testing, AVs do not always identify roadway hazards. Failures in object recognition components have already led to several fatal collisions, e.g. as a result of faults in sensors, software, or vantage point. Although a particular AV may fail, there is an untapped pool of information held by other AVs in the vicinity that could be used to identify roadway hazards before they present a safety threat.

Permissioned Blockchain Based Remote Electronic Examination, Öznur Kalkar, İsa Sertkaya

Turkish Journal of Electrical Engineering and Computer Sciences

Recent coronavirus pandemic transformed almost all aspects of daily life including educational institutions and learning environments. As a result, this transformation brought remote electronic examination (shortly e-exam) concepts back into consideration. In this study, we revisit secure and privacy preserving e-exam protocol proposals and propose an e-exam protocol that utilizes decentralized identity-based verifiable credentials for proof of authentication and public-permissioned blockchain for immutably storing records. In regard to the previously proposed e-exam schemes, our scheme offers both privacy enhancement and better efficiency. More concretely, the proposed solution satisfies test answer authentication, examiner authentication, anonymous marking, anonymous examiner, question secrecy, question …

Formal Modeling And Verification Of A Blockchain-Based Crowdsourcing Consensus Protocol, Hamra Afzaal, Muhammad Imran, Muhammad Umar Janjua, Sarada Prasad Gochhayat

VMASC Publications

Crowdsourcing is an effective technique that allows humans to solve complex problems that are hard to accomplish by automated tools. Some significant challenges in crowdsourcing systems include avoiding security attacks, effective trust management, and ensuring the system’s correctness. Blockchain is a promising technology that can be efficiently exploited to address security and trust issues. The consensus protocol is a core component of a blockchain network through which all the blockchain peers achieve an agreement about the state of the distributed ledger. Therefore, its security, trustworthiness, and correctness have vital importance. This work proposes a Secure and Trustworthy Blockchain-based Crowdsourcing (STBC) …

Ascp-Iomt: Ai-Enabled Lightweight Secure Communication Protocol For Internet Of Medical Things, Mohammad Wazid, Jaskaran Singh, Ashok Kumar Das, Sachin Shetty, Muhammad Khurram Khan, Joel J.P.C. Rodrigues

VMASC Publications

The Internet of Medical Things (IoMT) is a unification of smart healthcare devices, tools, and software, which connect various patients and other users to the healthcare information system through the networking technology. It further reduces unnecessary hospital visits and the burden on healthcare systems by connecting the patients to their healthcare experts (i.e., doctors) and allows secure transmission of healthcare data over an insecure channel (e.g., the Internet). Since Artificial Intelligence (AI) has a great impact on the performance and usability of an information system, it is important to include its modules in a healthcare information system, which will be …

Post-Quantum Secure Identity-Based Encryption Scheme Using Random Integer Lattices For Iot-Enabled Ai Applications, Dharminder Dharminder, Ashok Kumar Das, Sourav Saha, Basudeb Bera, Athanasios V. Vasilakos

VMASC Publications

Identity-based encryption is an important cryptographic system that is employed to ensure confidentiality of a message in communication. This article presents a provably secure identity based encryption based on post quantum security assumption. The security of the proposed encryption is based on the hard problem, namely Learning with Errors on integer lattices. This construction is anonymous and produces pseudo random ciphers. Both public-key size and ciphertext-size have been reduced in the proposed encryption as compared to those for other relevant schemes without compromising the security. Next, we incorporate the constructed identity based encryption (IBE) for Internet of Things (IoT) applications, …