Physical Sciences and Mathematics Commons^™

Using Blockchain For Enabling Transparent, Traceable, And Trusted University Ranking Systems, Ammar Battah, Khaled Salah, Raja Jayaraman, Ibrar Yaqoob, Ashraf Khalil

All Works

Ranking systems have proven to improve the quality of education and help build the reputation of academic institutions. Each of the current academic ranking systems is based on different methodologies, criteria, and standards of measurement. Academic and employer reputations are subjective indicators of some rankings determined through surveying that is neither transparent nor traceable. The current academic ranking systems fall short of providing transparency and traceability features for both subjective and objective indicators that are used to calculate the ranking. Also, the ranking systems are managed and controlled in a centralized manner by specific entities. This raises concerns about fairness …

Insecure Deserialization Detection In Python, Aneesh Verma

Master's Projects

The importance of Cyber Security is increasing every single day. From the emergence of new ransomware to major data breaches, the online world is getting dangerous. A multinational non- profit group devoted to online application security is called OWASP, or the Open Web Application Security Project. The OWASP Top 10 is a frequently updated report that highlights the ten most important vulnerabilities to web application security. Among these 10 vulnerabilities, there exists a vulnerability called Software and Data Integrity Failures. A subset of this vulnerability is Insecure Deserialization. An object is transformed into a stream of bytes through the serialization …

Performance Analysis Of Zero Trust In Cloud Native Systems, Simone Rodigari

Theses

Critical applications demand strong security implementations, low latency and high availability at constant rates, however, the performance of a software system is affected by the implementation of security. This research measures the performance overhead and possible mitigation in cloud native systems secured with a service mesh, which allows enabling security policies for the authentication, authorization and encryption of traffic within distributed systems. The side-car proxy is a core component of this architecture, acting as a policy enforcement point and intercepting networking communication from/to applications part of the mesh, consequently affecting the performance of applications hosted in the cloud. Physical resources …

Reks: Role-Based Encrypted Keyword Search With Enhanced Access Control For Outsourced Cloud Data, Yibin Miao, Feng Li, Xiaohua Jia, Huaxiong Wang, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Research Collection School Of Computing and Information Systems

Keyword-based search over encrypted data is an important technique to achieve both data confidentiality and utilization in cloud outsourcing services. While commonly used access control mechanisms, such as identity-based encryption and attribute-based encryption, do not generally scale well for hierarchical access permissions. To solve this problem, we propose a Role-based Encrypted Keyword Search (REKS) scheme by using the role-based access control and broadcast encryption. Specifically, REKS allows owners to deploy hierarchical access control by allowing users with parent roles to have access permissions from child roles. Using REKS, we further facilitate token generation preprocessing and efficient user management, thereby significantly …

A Survey Of Wearable Devices Pairing Based On Biometric Signals, Jafar Pourbemany, Ye Zhu, Riccardo Bettati

Electrical and Computer Engineering Faculty Publications

With the rapid growth of wearable devices, more applications require direct communication between wearable devices. To secure the communication between wearable devices, various pairing protocols have been proposed to generate common keys for encrypting the communication. Since the wearable devices are attached to the same body, the devices can generate common keys based on the same context by utilizing onboard sensors to capture a common biometric signal such as body motion, gait, heartbeat, respiration, and EMG signals. The context-based pairing does not need prior information to generate common keys. As context-based pairing does not need any human involvement in the …

Mitigation Of Cache Attacks On Cloud Services, Mudassiruddin Mohammed

All Student Theses

Cloud computing is frequently used due to its low cost and flexibility, but it also raises security issues to cloud service providers and customers. Cache attacks are a critical security risk in cloud computing. Cache attacks use weaknesses in cloud servers' cache memory to steal sensitive information, interrupt services, and decrease cloud performance. This study examines the many forms of cache attacks, their possible effects, and known mitigation measures. The study approach includes a review of current methods and their effectiveness in combating cache attack. The report also suggests future research topics for developing more effective and economical methods for …

Unlocking User Identity: A Study On Mouse Dynamics In Dual Gaming Environments For Continuous Authentication, Marcho Setiawan Handoko

All Graduate Theses, Dissertations, and Other Capstone Projects

With the surge in information management technology reliance and the looming presence of cyber threats, user authentication has become paramount in computer security. Traditional static or one-time authentication has its limitations, prompting the emergence of continuous authentication as a frontline approach for enhanced security. Continuous authentication taps into behavior-based metrics for ongoing user identity validation, predominantly utilizing machine learning techniques to continually model user behaviors. This study elucidates the potential of mouse movement dynamics as a key metric for continuous authentication. By examining mouse movement patterns across two contrasting gaming scenarios - the high-intensity "Team Fortress" and the low-intensity strategic …

Ranked Keyword Search Over Encrypted Cloud Data Through Machine Learning Method, Yinbin Miao, Wei Zheng, Xiaohua Jia, Ximeng Liu, Kim-Kwang Raymond Choo, Robert H. Deng

Research Collection School Of Computing and Information Systems

Ranked keyword search over encrypted data has been extensively studied in cloud computing as it enables data users to find the most relevant results quickly. However, existing ranked multi-keyword search solutions cannot achieve efficient ciphertext search and dynamic updates with forward security simultaneously. To solve the above problems, we first present a basic Machine Learning-based Ranked Keyword Search (ML-RKS) scheme in the static setting by using the k-means clustering algorithm and a balanced binary tree. ML-RKS reduces the search complexity without sacrificing the search accuracy, but is still vulnerable to forward security threats when applied in the dynamic setting. Then, …

A Provable Secure And Efficient Authentication Framework For Smart Manufacturing Industry, Muhammad Hammad, Akhtar Badshah, Ghulam Abbas, Hisham Alasmary, Muhammad Waqas, Wasim A. Khan

Research outputs 2022 to 2026

Smart manufacturing is transforming the manufacturing industry by enhancing productivity and quality, driving growth in the global economy. The Internet of Things (IoT) has played a crucial role in realizing Industry 4.0, where machines can communicate and interact in real-time. Despite these advancements, security remains a major challenge in developing and deploying smart manufacturing. As cyber-attacks become more prevalent, researchers are making security a top priority. Although IoT and Industrial IoT (IIoT) are used to establish smart industries, these systems remain vulnerable to various types of attacks. To address these security issues, numerous authentication methods have been proposed. However, many …

A Review Of Iot Security And Privacy Using Decentralized Blockchain Techniques, Vinay Gugueoth, Sunitha Safavat, Sachin Shetty, Danda Rawat

Electrical & Computer Engineering Faculty Publications

IoT security is one of the prominent issues that has gained significant attention among the researchers in recent times. The recent advancements in IoT introduces various critical security issues and increases the risk of privacy leakage of IoT data. Implementation of Blockchain can be a potential solution for the security issues in IoT. This review deeply investigates the security threats and issues in IoT which deteriorates the effectiveness of IoT systems. This paper presents a perceptible description of the security threats, Blockchain based solutions, security characteristics and challenges introduced during the integration of Blockchain with IoT. An analysis of different …

Design Of Robust Blockchain-Envisioned Authenticated Key Management Mechanism For Smart Healthcare Applications, Siddhant Thapiyal, Mohammad Wazid, Devesh Pratap Singh, Ashok Kumar Das, Sachin Shetty

VMASC Publications

The healthcare sector is a very crucial and important sector of any society, and with the evolution of the various deployed technologies, like the Internet of Things (IoT), machine learning and blockchain it has numerous advantages. However, in this section, the data is much more vulnerable than others, because the data is strictly private and confidential, and it requires a highly secured framework for the transmission of data between entities. In this article, we aim to design a blockchain-envisioned authentication and key management mechanism for the IoMT-based smart healthcare applications (in short, we call it SBAKM-HS). We compare the various …

Security Of Internet Of Things (Iot) Using Federated Learning And Deep Learning — Recent Advancements, Issues And Prospects, Vinay Gugueoth, Sunitha Safavat, Sachin Shetty

Electrical & Computer Engineering Faculty Publications

There is a great demand for an efficient security framework which can secure IoT systems from potential adversarial attacks. However, it is challenging to design a suitable security model for IoT considering the dynamic and distributed nature of IoT. This motivates the researchers to focus more on investigating the role of machine learning (ML) in the designing of security models. A brief analysis of different ML algorithms for IoT security is discussed along with the advantages and limitations of ML algorithms. Existing studies state that ML algorithms suffer from the problem of high computational overhead and risk of privacy leakage. …

Transfer Learning Using Infrared And Optical Full Motion Video Data For Gender Classification, Alexander M. Glandon, Joe Zalameda, Khan M. Iftekharuddin, Gabor F. Fulop (Ed.), David Z. Ting (Ed.), Lucy L. Zheng (Ed.)

Electrical & Computer Engineering Faculty Publications

This work is a review and extension of our ongoing research in human recognition analysis using multimodality motion sensor data. We review our work on hand crafted feature engineering for motion capture skeleton (MoCap) data, from the Air Force Research Lab for human gender followed by depth scan based skeleton extraction using LIDAR data from the Army Night Vision Lab for person identification. We then build on these works to demonstrate a transfer learning sensor fusion approach for using the larger MoCap and smaller LIDAR data for gender classification.

A Survey On Security Analysis Of Amazon Echo Devices, Surendra Pathak, Sheikh Ariful Islam, Honglu Jiang, Lei Xu, Emmett Tomai

Computer Science Faculty Publications and Presentations

Since its launch in 2014, Amazon Echo family of devices has seen a considerable increase in adaptation in consumer homes and offices. With a market worth millions of dollars, Echo is used for diverse tasks such as accessing online information, making phone calls, purchasing items, and controlling the smart home. Echo offers user-friendly voice interaction to automate everyday tasks making it a massive success. Though many people view Amazon Echo as a helpful assistant at home or office, few know its underlying security and privacy implications. In this paper, we present the findings of our research on Amazon Echo’s security …

Software Protection And Secure Authentication For Autonomous Vehicular Cloud Computing, Muhammad Hataba

Dissertations

Artificial Intelligence (AI) is changing every technology we deal with. Autonomy has been a sought-after goal in vehicles, and now more than ever we are very close to that goal. Vehicles before were dumb mechanical devices, now they are becoming smart, computerized, and connected coined as Autonomous Vehicles (AVs). Moreover, researchers found a way to make more use of these enormous capabilities and introduced Autonomous Vehicles Cloud Computing (AVCC). In these platforms, vehicles can lend their unused resources and sensory data to join AVCC.

In this dissertation, we investigate security and privacy issues in AVCC. As background, we built our …

Multi-Functional Job Roles To Support Operations In A Multi-Faceted Jewel Enabled By Ai And Digital Transformation, Steven M. Miller

Research Collection School Of Computing and Information Systems

In this story, we highlight the way in which the use of AI enabled support systems, together with work process digital transformation and innovative approaches to job redesign, have combined to dramatically change the nature of the work of the front-line service staff who protect and support the facility and visitors at the world’s most iconic airport mall and lifestyle destination.

Nft Certificates And Proof Of Delivery For Fine Jewelry And Gemstones, Noura Alnuaimi, Alanoud Almemari, Mohammad Madine, Khaled Salah, Hamda Al Breiki, Raja Jayaraman

All Works

Fine jewelry is a unique class of ornaments composed of precious metals and gemstones. Premium-grade metals such as gold, platinum, and sliver, and gemstones such as pearls, diamonds, rubies, and emeralds are used use to make fine jewelry. Paper-based certificates are typically issued by retailers and producers for fine jewelry and gemstones as a proof of origin, sale, ownership, history, and quality. However, paper certificates are subject to counterfeiting, loss, or theft. In this paper, we show how non-fungible tokens (NFTs) and Ethereum blockchain can be used for digital certification, proof of ownership, sale history, and quality, as well as …

Presenting A Method To Detect Intrusion In Iot Through Private Blockchain, Rezvan Mahmoudie, Saeed Parsa, Amir Masoud Rahmani

Turkish Journal of Electrical Engineering and Computer Sciences

Blockchain (BC) has been used as a new solution to overcome security and privacy challenges in the Internet of Things (IoT). However, recent studies have indicated that the BC has a limited scalability and is computationally costly. Also, it has significant overhead and delay in the network, which is not suitable to the nature of IoT. This article aims at implementing BC in the IoT context for smart home management, as the integration of these two technologies ensures the IoT's security and privacy. Therefore, we proposed an overlay network in private BC to optimize its compatibility with IoT by increasing …

Emerging Technologies, Evolving Threats: Next-Generation Security Challenges, Tamara Bonaci, Katina Michael, Pablo Rivas, Lindsay J. Roberston, Michael Zimmer

Computer Science Faculty Research and Publications

Security is a fundamental human requirement. We desire the security of our person against injury, security of our capability to provide for our families, security of income linked to needs (food, water, clothing, and shelter), and much more. Most also hope for security of a way of life that is fulfilling and pleasant and peaceful [1] . In 2003, Alkire [2] defined “human security” as: “[t]he objective … to safeguard the vital core of all human lives from critical pervasive threats, in a way that is consistent with long-term human fulfillment.” Today most of the world’s population is highly dependent, …

Witness-Authenticated Key Exchange, Kelsey G. Melissaris

Dissertations, Theses, and Capstone Projects

In this dissertation we investigate Witness-Authenticated Key Exchange (WAKE), a key agreement protocol in which each party is authenticated through knowledge of a witness to an arbitrary NP statement. We provide both game-based and universally composable definitions. Thereby, this thesis presents solutions for the most flexible and general method of authentication for group key exchange, providing simple constructions from (succinct) signatures of knowledge (SOK) and a two round UC-secure protocol.

After a discussion of flaws in previous definitions for WAKE we supply a new and improved game-based definition along with the first definition for witness-authenticated key exchange between groups of …

The Effects Of Side-Channel Attacks On Post-Quantum Cryptography: Influencing Frodokem Key Generation Using The Rowhammer Exploit, Michael Jacob Fahr

Graduate Theses and Dissertations

Modern cryptographic algorithms such as AES and RSA are effectively used for securing data transmission. However, advancements in quantum computing pose a threat to modern cryptography algorithms due to the potential of solving hard mathematical problems faster than conventional computers. Thus, to prepare for quantum computing, NIST has started a competition to standardize quantum-resistant public-key cryptography algorithms. These algorithms are evaluated for strong theoretical security and run-time performance. NIST is in the third round of the competition, and the focus has shifted to analyzing the vulnerabilities to side-channel attacks. One algorithm that has gained notice is the Round 3 alternate …

Code Cyber: A Curated Collection Of Cybersecurity Career Learning And Preparation Resources, Kazi Tasin, Ethan Pruzhansky, Jason Lin, Tanvir Rahman, Patrick J. Slattery

Publications and Research

Since we are living in a digital age, the need to protect ourselves and those who are vulnerable to cyber-attacks is paramount to prevent cyber attacks that steal information such as banking accounts and important sensitive information.

Our research team extensively investigated the five aspects of cybersecurity such as identity, protection, detection, and response. By conducting various interviews with cybersecurity professionals, we gathered information about these five aspects for example security intelligence or security operations and response, (thread hunting, response orchestration) identity access management, (identity management, and data protection), and risks (risk perspective). Our main goal is to look into …

Formal Verification Applications For The Treekem Continuous Group Key Agreement Protocol, Alexander J. Washburn

Theses and Dissertations

The features of Secure Group Messaging, the security guarantees of Message Layer Security, and the TreeKEM protocol designed to satisfy these guarantees and features are explored. A motivation and methodology for verification via explicit model checking is presented. Subsequently, a translation of the TreeKEM protocol into a Promela reference model is described, examining the nuances explicit model checking brings. Finally the results of the formal verification methods are discussed.

Security Simulations In Undergraduate Education: A Review, Joseph Simpson, Aaron Brantly

Journal of Cybersecurity Education, Research and Practice

Several decades of research in simulation and gamification in higher education shows that simulations are highly effective in improving a range of outcomes for students including declarative knowledge and interest in the topic being taught. While there appears to be a broad array of options to provide education in an undergraduate setting related to security, no previous reviews have explored computer-based simulations covering all facets of security. Given the increasing importance and adoption of interdisciplinary educational programs, it is important to take stock of simulations as a tool to broaden the range of problems, perspectives, and solutions presented to students. …

Using Blockchain To Improve Security Of The Internet Of Things, Joshua W. Quist

Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal

The Internet of Things has increased in popularity in recent years, with daily life now being surrounded by “smart devices.” This network of smart devices, such as thermostats, refrigerators, and even stationary bikes affords us convenience, but at a cost. Security measures are typically inferior on these devices; considering that they collect our data around the clock, this is a big reason for concern. Recent research shows that blockchain technology may be one way to address these security concerns. This paper discusses the Internet of Things and the current issues with how security is handled, discusses how blockchain can shore …

Data Quality Matters: A Case Study On Data Label Correctness For Security Bug Report Prediction, Xiaoxue Wu, Wei Zheng, Xin Xia, David Lo

Research Collection School Of Computing and Information Systems

In the research of mining software repositories, we need to label a large amount of data to construct a predictive model. The correctness of the labels will affect the performance of a model substantially. However, limited studies have been performed to investigate the impact of mislabeled instances on a predictive model. To bridge the gap, in this article, we perform a case study on the security bug report (SBR) prediction. We found five publicly available datasets for SBR prediction contains many mislabeled instances, which lead to the poor performance of SBR prediction models of recent studies (e.g., the work of …

Online Privacy Challenges And Their Forensic Solutions, Bandr Fakiha

Journal of the Arab American University مجلة الجامعة العربية الامريكية للبحوث

In the digital age, internet users are exposed to privacy issues online. Few rarely know when someone else is eavesdropping or about to scam them. Companies, governments, and individual internet users are all vulnerable to security breaches due to the challenges of online privacy ranging from trust and hierarchical control to financial losses. As systems advance, people are optimistic that forensic science will provide long-term interventions that surpass the current solutions, including setting stronger passwords and firewall protection. The future of online privacy is changing, and more practical interventions, such as email, malware, mobile, and network forensics, must be integrated, …

Torsh: Obfuscating Consumer Internet-Of-Things Traffic With A Collaborative Smart-Home Router Network, Adam Vandenbussche

Dartmouth College Undergraduate Theses

When consumers install Internet-connected "smart devices" in their homes, metadata arising from the communications between these devices and their cloud-based service providers enables adversaries privy to this traffic to profile users, even when adequate encryption is used. Internet service providers (ISPs) are one potential adversary privy to users’ incom- ing and outgoing Internet traffic and either currently use this insight to assemble and sell consumer advertising profiles or may in the future do so. With existing defenses against such profiling falling short of meeting user preferences and abilities, there is a need for a novel solution that empowers consumers to …

Towards Practicalization Of Blockchain-Based Decentralized Applications, Songlin He

Dissertations

Blockchain can be defined as an immutable ledger for recording transactions, maintained in a distributed network of mutually untrusting peers. Blockchain technology has been widely applied to various fields beyond its initial usage of cryptocurrency. However, blockchain itself is insufficient to meet all the desired security or efficiency requirements for diversified application scenarios. This dissertation focuses on two core functionalities that blockchain provides, i.e., robust storage and reliable computation. Three concrete application scenarios including Internet of Things (IoT), cybersecurity management (CSM), and peer-to-peer (P2P) content delivery network (CDN) are utilized to elaborate the general design principles for these two main …

A Systematic Review On Machine Learning Models For Online Learning And Examination Systems, Sanaa Kaddoura, Daniela Elena Popescu, Jude D. Hemanth

All Works

Examinations or assessments play a vital role in every student’s life; they determine their future and career paths. The COVID pandemic has left adverse impacts in all areas, including the academic field. The regularized classroom learning and face-to-face real-time examinations were not feasible to avoid widespread infection and ensure safety. During these desperate times, technological advancements stepped in to aid students in continuing their education without any academic breaks. Machine learning is a key to this digital transformation of schools or colleges from real-time to online mode. Online learning and examination during lockdown were made possible by Machine learning methods. …