Healthcare Facilities: Maintaining Accessibility While Implementing Security,
2023
University of Nebraska at Omaha
Healthcare Facilities: Maintaining Accessibility While Implementing Security, Ryan Vilter
UNO Student Research and Creative Activity Fair
In the wake of the Tulsa, Oklahoma hospital shooting in the summer of 2022, it was made clear that more security needed to be implemented in healthcare facilities. As a result, I inquired: What is the happy balance for healthcare facilities to maintain their accessibility to the public while also implementing security measures to prevent terrorist attacks? With that base, I give recommendations in the areas of cybersecurity, physical infrastructure, and physical and mental health, based off the existing literature and data gathered from terrorist attacks against hospitals over several decades.
The Rise And Risks Of Internet Of Things,
2023
Christopher Newport University
The Rise And Risks Of Internet Of Things, Diamond E. Hicks
Cybersecurity Undergraduate Research
Internet of Things (IoT) has become a necessary part of our everyday lives. IoT is the network in which many different devices communicate, connect, and share data. Though how IoT got to where it is today, the issues it faced, and how it affects our lives today is not common knowledge. Despite the fact that IoT has advanced our technology to what it is today, people do not completely understand what it does.
Using Probabilistic Context-Free Grammar To Create Password Guessing Models,
2023
University of Minnesota - Morris
Using Probabilistic Context-Free Grammar To Create Password Guessing Models, Isabelle Hjelden
Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal
This paper will discuss two versions of probabilistic context-free grammar password-guessing models. The first model focuses on using English semantics to break down passwords and identify patterns. The second model identifies repeating chunks in passwords and uses this information to create possible passwords. Then, we will show the performance of each model on leaked password databases, and finally discuss the observations made on these tests.
Deep Vulman: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework,
2023
Army Cyber Institute, U.S. Military Academy
Deep Vulman: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework, Soumyadeep Hore, Ankit Shah, Nathaniel D. Bastian
ACI Journal Articles
Cyber vulnerability management is a critical function of a cybersecurity operations center (CSOC) that helps protect organizations against cyber-attacks on their computer and network systems. Adversaries hold an asymmetric advantage over the CSOC, as the number of deficiencies in these systems is increasing at a significantly higher rate compared to the expansion rate of the security teams to mitigate them. The current approaches in cyber vulnerability management are deterministic and one-time decision-making methods, which do not consider future uncertainties when prioritizing and selecting vulnerabilities for mitigation. These approaches are also constrained by the sub-optimal distribution of resources, providing no flexibility …
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach,
2023
Singapore Management University
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs,
2023
Arcadia University
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford
Journal of Cybersecurity Education, Research and Practice
The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …
Lightweight Pairwise Key Distribution Scheme For Iots,
2023
California State University, Bakersfield
Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur
Journal of Cybersecurity Education, Research and Practice
Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …
Reinventing Cybersecurity Internships During The Covid-19 Pandemic,
2023
University of Southern Maine
Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman
Journal of Cybersecurity Education, Research and Practice
The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study,
2023
University of Alabama at Birmingham
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh
Journal of Cybersecurity Education, Research and Practice
Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic,
2023
University of West Florida
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid
Journal of Cybersecurity Education, Research and Practice
The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution,
2023
University of Padua
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Journal of Cybersecurity Education, Research and Practice
Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …
Finding Forensic Evidence In The Operating System's Graphical User Interface,
2023
Louisiana State University and Agricultural and Mechanical College
Finding Forensic Evidence In The Operating System's Graphical User Interface, Edward X. Wilson Mr.
LSU Master's Theses
A branch of cyber security known as memory forensics focuses on extracting meaningful evidence from system memory. This analysis is often referred to as volatile memory analysis, and is generally performed on memory captures acquired from target systems. Inside of a memory capture is the complete state of a system under investigation, including the contents of currently running as well as previously executed applications. Analysis of this data can reveal a significant amount of activity that occurred on a system since the last reboot. For this research, the Windows operating system is targeted. In particular, the graphical user interface component …
Towards Hardware-Based Application Fingerprinting With Microarchitectural Signals For Zero Trust Environments,
2023
Air Force Institute of Technology
Towards Hardware-Based Application Fingerprinting With Microarchitectural Signals For Zero Trust Environments, Tor J. Langehaug, Scott R. Graham
Faculty Publications
The interactions between software and hardware are increasingly important to computer system security. This research collects sequences of microprocessor control signals to develop machine learning models that identify software tasks. The proposed approach considers software task identification in hardware as a general problem with attacks treated as a subset of software tasks. Two lines of effort are presented. First, a data collection approach is described to extract sequences of control signals labeled by task identity during real (i.e., non-simulated) system operation. Second, experimental design is used to select hardware and software configuration to train and evaluate machine learning models. The …
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies,
2023
Virginia Tech
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant
Department of Electrical and Computer Engineering Faculty Publications
Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …
Digital Transformation, Applications, And Vulnerabilities In Maritime And Shipbuilding Ecosystems,
2023
Old Dominion University
Digital Transformation, Applications, And Vulnerabilities In Maritime And Shipbuilding Ecosystems, Rafael Diaz, Katherine Smith
VMASC Publications
The evolution of maritime and shipbuilding supply chains toward digital ecosystems increases operational complexity and needs reliable communication and coordination. As labor and suppliers shift to digital platforms, interconnection, information transparency, and decentralized choices become ubiquitous. In this sense, Industry 4.0 enables "smart digitalization" in these environments. Many applications exist in two distinct but interrelated areas related to shipbuilding design and shipyard operational performance. New digital tools, such as virtual prototypes and augmented reality, begin to be used in the design phases, during the commissioning/quality control activities, and for training workers and crews. An application relates to using Virtual Prototypes …
Artificial Intelligence-Enabled Exploratory Cyber-Physical Safety Analyzer Framework For Civilian Urban Air Mobility,
2023
Old Dominion University
Artificial Intelligence-Enabled Exploratory Cyber-Physical Safety Analyzer Framework For Civilian Urban Air Mobility, Md. Shirajum Munir, Sumit Howlader Dipro, Kamrul Hasan, Tariqul Islam, Sachin Shetty
VMASC Publications
Urban air mobility (UAM) has become a potential candidate for civilization for serving smart citizens, such as through delivery, surveillance, and air taxis. However, safety concerns have grown since commercial UAM uses a publicly available communication infrastructure that enhances the risk of jamming and spoofing attacks to steal or crash crafts in UAM. To protect commercial UAM from cyberattacks and theft, this work proposes an artificial intelligence (AI)-enabled exploratory cyber-physical safety analyzer framework. The proposed framework devises supervised learning-based AI schemes such as decision tree, random forests, logistic regression, K-nearest neighbors (KNN), and long short-term memory (LSTM) for predicting and …
Intrusion Detection Based On Bidirectional Long Short-Term Memory With Attention Mechanism,
2023
Edith Cowan University
Intrusion Detection Based On Bidirectional Long Short-Term Memory With Attention Mechanism, Yongjie Yang, Shanshan Tu, Raja Hashim Ali, Hisham Alasmary, Muhammad Waqas, Muhammad Nouman Amjad
Research outputs 2022 to 2026
With the recent developments in the Internet of Things (IoT), the amount of data collected has expanded tremendously, resulting in a higher demand for data storage, computational capacity, and real-time processing capabilities. Cloud computing has traditionally played an important role in establishing IoT. However, fog computing has recently emerged as a new field complementing cloud computing due to its enhanced mobility, location awareness, heterogeneity, scalability, low latency, and geographic distribution. However, IoT networks are vulnerable to unwanted assaults because of their open and shared nature. As a result, various fog computing-based security models that protect IoT networks have been developed. …
A Secure Emr Sharing System With Tamper Resistance And Expressive Access Control,
2023
Singapore Management University
A Secure Emr Sharing System With Tamper Resistance And Expressive Access Control, Shengmin Xu, Jianting Ning, Yingjiu Li, Yinghui Zhang, Guowen Xu, Xinyi Huang, Robert H. Deng
Research Collection School Of Computing and Information Systems
To reduce the cost of human and material resources and improve the collaborations among medical systems, research laboratories and insurance companies for healthcare researches and commercial activities, electronic medical records (EMRs) have been proposed to shift from paperwork to friendly shareable electronic records. To take advantage of EMRs efficiently and reduce the cost of local storage, EMRs are usually outsourced to the remote cloud for sharing medical data with authorized users. However, cloud service providers are untrustworthy. In this paper, we propose an efficient, secure, and flexible EMR sharing system by introducing a novel cryptosystem called dual-policy revocable attribute-based encryption …
Identity-Based Edge Computing Anonymous Authentication Protocol,
2023
Edith Cowan University
Identity-Based Edge Computing Anonymous Authentication Protocol, Naixin Kang, Zhenhu Ning, Shiqiang Zhang, Sadaqat Ur Rehman, Muhammad Waqas
Research outputs 2022 to 2026
With the development of sensor technology and wireless communication technology, edge computing has a wider range of applications. The privacy protection of edge computing is of great significance. In the edge computing system, in order to ensure the credibility of the source of terminal data, mobile edge computing (MEC) needs to verify the signature of the terminal node on the data. During the signature process, the computing power of edge devices such as wireless terminals can easily become the bottleneck of system performance. Therefore, it is very necessary to improve efficiency through computational offloading. Therefore, this paper proposes an identity-based …
Camdec: Advancing Axis P1435-Le Video Camera Security Using Honeypot-Based Deception,
2023
Edith Cowan University
Camdec: Advancing Axis P1435-Le Video Camera Security Using Honeypot-Based Deception, Leslie F. Sikos, Craig Valli, Alexander E. Grojek, David J. Holmes, Samuel G. Wakeling, Warren Z. Cabral, Nickson M. Karie
Research outputs 2022 to 2026
The explosion of online video streaming in recent years resulted in advanced services both in terms of efficiency and convenience. However, Internet-connected video cameras are prone to exploitation, leading to information security issues and data privacy concerns. The proliferation of video-capable Internet of Things devices and cloud-managed surveillance systems further extend these security issues and concerns. In this paper, a novel approach is proposed for video camera deception via honeypots, offering increased security measures compared to what is available on conventional Internet-enabled video cameras.
