Design, Modeling, And Simulation Of Secure X.509 Certificate Revocation,
2023
University of Tennessee at Chattanooga
Design, Modeling, And Simulation Of Secure X.509 Certificate Revocation, Sai Medury
Masters Theses and Doctoral Dissertations
TLS communication over the internet has risen rapidly in the last seven years (2015--2022), and there were over 156M active SSL certificates in 2022. The state-of-the-art Public Key Infrastructure (PKI), encompassing protocols, computational resources, and digital certificates, has evolved for 24 years to become the de-facto choice for encrypted communication over the Internet even on newer platforms such as mobile devices and Internet-of-Things (IoT) (despite being low powered with computational constraints). However, certificate revocation is one sub-protocol in TLS communication that fails to meet the rising scalability demands and remains open to exploitation. In this dissertation, the standard for X.509 …
Healthcare Facilities: Maintaining Accessibility While Implementing Security,
2023
University of Nebraska at Omaha
Healthcare Facilities: Maintaining Accessibility While Implementing Security, Ryan Vilter
UNO Student Research and Creative Activity Fair
In the wake of the Tulsa, Oklahoma hospital shooting in the summer of 2022, it was made clear that more security needed to be implemented in healthcare facilities. As a result, I inquired: What is the happy balance for healthcare facilities to maintain their accessibility to the public while also implementing security measures to prevent terrorist attacks? With that base, I give recommendations in the areas of cybersecurity, physical infrastructure, and physical and mental health, based off the existing literature and data gathered from terrorist attacks against hospitals over several decades.
Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps),
2023
Southern Methodist University
Self-Learning Algorithms For Intrusion Detection And Prevention Systems (Idps), Juan E. Nunez, Roger W. Tchegui Donfack, Rohit Rohit, Hayley Horn
SMU Data Science Review
Today, there is an increased risk to data privacy and information security due to cyberattacks that compromise data reliability and accessibility. New machine learning models are needed to detect and prevent these cyberattacks. One application of these models is cybersecurity threat detection and prevention systems that can create a baseline of a network's traffic patterns to detect anomalies without needing pre-labeled data; thus, enabling the identification of abnormal network events as threats. This research explored algorithms that can help automate anomaly detection on an enterprise network using Canadian Institute for Cybersecurity data. This study demonstrates that Neural Networks with Bayesian …
The Rise And Risks Of Internet Of Things,
2023
Christopher Newport University
The Rise And Risks Of Internet Of Things, Diamond E. Hicks
Cybersecurity Undergraduate Research
Internet of Things (IoT) has become a necessary part of our everyday lives. IoT is the network in which many different devices communicate, connect, and share data. Though how IoT got to where it is today, the issues it faced, and how it affects our lives today is not common knowledge. Despite the fact that IoT has advanced our technology to what it is today, people do not completely understand what it does.
Using Probabilistic Context-Free Grammar To Create Password Guessing Models,
2023
University of Minnesota - Morris
Using Probabilistic Context-Free Grammar To Create Password Guessing Models, Isabelle Hjelden
Scholarly Horizons: University of Minnesota, Morris Undergraduate Journal
This paper will discuss two versions of probabilistic context-free grammar password-guessing models. The first model focuses on using English semantics to break down passwords and identify patterns. The second model identifies repeating chunks in passwords and uses this information to create possible passwords. Then, we will show the performance of each model on leaked password databases, and finally discuss the observations made on these tests.
Deep Vulman: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework,
2023
Army Cyber Institute, U.S. Military Academy
Deep Vulman: A Deep Reinforcement Learning-Enabled Cyber Vulnerability Management Framework, Soumyadeep Hore, Ankit Shah, Nathaniel D. Bastian
ACI Journal Articles
Cyber vulnerability management is a critical function of a cybersecurity operations center (CSOC) that helps protect organizations against cyber-attacks on their computer and network systems. Adversaries hold an asymmetric advantage over the CSOC, as the number of deficiencies in these systems is increasing at a significantly higher rate compared to the expansion rate of the security teams to mitigate them. The current approaches in cyber vulnerability management are deterministic and one-time decision-making methods, which do not consider future uncertainties when prioritizing and selecting vulnerabilities for mitigation. These approaches are also constrained by the sub-optimal distribution of resources, providing no flexibility …
Military And Security Applications: Cybersecurity (Encyclopedia Of Optimization, Third Edition),
2023
Army Cyber Institute, U.S. Military Academy
Military And Security Applications: Cybersecurity (Encyclopedia Of Optimization, Third Edition), Nathaniel D. Bastian, Matthew Dinmore
ACI Books & Book Chapters
The domain of cybersecurity is growing as part of broader military and security applications, and the capabilities and processes in this realm have qualities and characteristics that warrant using solution methods in mathematical optimization. Problems of interest may involve continuous or discrete variables, a convex or non-convex decision space, differing levels of uncertainty, and constrained or unconstrained frameworks. Cyberattacks, for example, can be modeled using hierarchical threat structures and may involve decision strategies from both an organization or individual and the adversary. Network traffic flow, intrusion detection and prevention systems, interconnected human-machine interfaces, and automated systems – these all require …
Lightweight And Non-Invasive User Authentication On Earables,
2023
Singapore Management University
Lightweight And Non-Invasive User Authentication On Earables, Changshuo Hu, Xiao Ma, Dong Ma, Ting Dang
Research Collection School Of Computing and Information Systems
The widespread adoption of wireless earbuds has advanced the developments in earable-based sensing in various domains like entertainment, human-computer interaction, and health monitoring. Recently, researchers have shown an increased interest in user authentication using earables. Despite the successes witnessed in acoustic probing and speech based authentication systems, this paper proposed a lightweight and non-invasive ambient sound based user authentication scheme. It employs the difference between the in-ear and out-ear sounds to estimate the individual-specific occluded ear canal transfer function (OECTF). Specifically, the {out-ear, in-ear} scaling factors at different frequency bands are captured via linear regression and treated as the OECTF …
Fa3: Fine-Grained Android Application Analysis,
2023
Singapore Management University
Fa3: Fine-Grained Android Application Analysis, Yan Lin, Weng Onn Wong, Debin Gao
Research Collection School Of Computing and Information Systems
Understanding Android applications' behavior is essential to many security applications, e.g., malware analysis. Although many systems have been proposed to perform such dynamic analysis, they are limited by their applicable analysis environment (on device vs. emulator), transparency to subject apps, applicable runtime (Dalvik vs. ART), applicable system stack, or granularity. In this paper, we propose FA3 (Fine-Grained Android Application Analysis), a novel on-device, non-invasive, and fine-grained analysis platform by leveraging existing profiling mechanisms in the Android Runtime (ART) and kernel to inspect method invocations and control-flow transfers for both Java methods and third-party native libraries. FA3 embeds its tracing capability …
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach,
2023
Singapore Management University
Safe Delivery Of Critical Services In Areas With Volatile Security Situation Via A Stackelberg Game Approach, Tien Mai, Arunesh Sinha
Research Collection School Of Computing and Information Systems
Vaccine delivery in under-resourced locations with security risks is not just challenging but also life threatening. The COVID pandemic and the need to vaccinate added even more urgency to this issue. Motivated by this problem, we propose a general framework to set-up limited temporary (vaccination) centers that balance physical security and desired (vaccine) service coverage with limited resources. We set-up the problem as a Stackelberg game between the centers operator (defender) and an adversary, where the set of centers is not fixed a priori but is part of the decision output. This results in a mixed combinatorial and continuous optimization …
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs,
2023
Arcadia University
Teaching By Practice: Shaping Secure Coding Mentalities Through Cybersecurity Ctfs, Jazmin Collins, Vitaly Ford
Journal of Cybersecurity Education, Research and Practice
The use of the Capture the Flag (CTF)-style competitions has grown popular in a variety of environments as a method to improve or reinforce cybersecurity techniques. However, while these competitions have shown promise in student engagement, enjoyment, and the teaching of essential workforce cybersecurity concepts, many of these CTF challenges have largely focused on cybersecurity as a general topic. Further, most in-school CTF challenges are designed with technical institutes in mind, prepping only experienced or upper-level students in cybersecurity studies for real-world challenges. Our paper aims to focus on the setting of a liberal arts institute, emphasizing secure coding as …
Lightweight Pairwise Key Distribution Scheme For Iots,
2023
California State University, Bakersfield
Lightweight Pairwise Key Distribution Scheme For Iots, Kanwalinderjit Kaur
Journal of Cybersecurity Education, Research and Practice
Embedding a pairwise key distribution approach in IoT systems is challenging as IoT devices have limited resources, such as memory, processing power, and battery life. This paper presents a secure and lightweight approach that is applied to IoT devices that are divided into Voronoi clusters. This proposed algorithm comprises XOR and concatenation operations for interactive authentication between the server and the IoT devices. Predominantly, the authentication is carried out by the server. It is observed that the algorithm is resilient against man-in-the-middle attacks, forward secrecy, Denial of Service (DoS) attacks, and offers mutual authentication. It is also observed that the …
Reinventing Cybersecurity Internships During The Covid-19 Pandemic,
2023
University of Southern Maine
Reinventing Cybersecurity Internships During The Covid-19 Pandemic, Lori L. Sussman
Journal of Cybersecurity Education, Research and Practice
The Cybersecurity Ambassador Program provides professional skills training for emerging cybersecurity professionals remotely. The goal is to reach out to underrepresented populations who may use Federal Work-Study (FWS) or grant sponsored internships to participate. Cybersecurity Ambassadors (CAs) develop skills that will serve them well as cybersecurity workers prepared to do research, lead multidisciplinary, technical teams, and educate stakeholders and community members. CAP also reinforces leadership skills so that the next generation of cybersecurity professionals becomes a sustainable source of management talent for the program and profession. The remote curriculum innovatively builds non-technical professional skills (communications, teamwork, leadership) for cybersecurity research …
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study,
2023
University of Alabama at Birmingham
Risk Perceptions About Personal Internet-Of-Things: Research Directions From A Multi-Panel Delphi Study, Paul M. Di Gangi, Barbara A. Wech, Jennifer D. Hamrick, James L. Worrell, Samuel H. Goh
Journal of Cybersecurity Education, Research and Practice
Internet-of-Things (IoT) research has primarily focused on identifying IoT devices' organizational risks with little attention to consumer perceptions about IoT device risks. The purpose of this study is to understand consumer risk perceptions for personal IoT devices and translate these perceptions into guidance for future research directions. We conduct a sequential, mixed-methods study using multi-panel Delphi and thematic analysis techniques to understand consumer risk perceptions. The results identify four themes focused on data exposure and user experiences within IoT devices. Our thematic analysis also identified several emerging risks associated with the evolution of IoT device functionality and its potential positioning …
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic,
2023
University of West Florida
Cybersecurity Continuity Risks: Lessons Learned From The Covid-19 Pandemic, Tyler Fezzey, John H. Batchelor, Gerald F. Burch, Randall Reid
Journal of Cybersecurity Education, Research and Practice
The scope and breadth of the COVID-19 pandemic were unprecedented. This is especially true for business continuity and the related area of cybersecurity. Historically, business continuity and cybersecurity are viewed and researched as separate fields. This paper synthesizes the two disciplines as one, thus pointing out the need to address both topics simultaneously. This study identifies blind spots experienced by businesses as they navigated through the difficult time of the pandemic by using data collected during the height of the COVID-19 pandemic. One major shortcoming was that most continuity and cybersecurity plans focused on single-axis threats. The COVID-19 pandemic resulted …
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution,
2023
University of Padua
Alpha Phi-Shing Fraternity: Phishing Assessment In A Higher Education Institution, Marco Casagrande, Mauro Conti, Monica Fedeli, Eleonora Losiouk
Journal of Cybersecurity Education, Research and Practice
Phishing is a common social engineering attack aimed to steal personal information. Universities attract phishing attacks because: 1) they store employees and students sensitive data, 2) they save confidential documents, 3) their infrastructures often lack security. In this paper, we showcase a phishing assessment at the University of Redacted aimed to identify the people, and the features of such people, that are more susceptible to phishing attacks. We delivered phishing emails to 1.508 subjects in three separate batches, collecting a clickrate equal to 30%, 11% and 13%, respectively. We considered several features (i.e., age, gender, role, working/studying field, email template) …
Finding Forensic Evidence In The Operating System's Graphical User Interface,
2023
Louisiana State University and Agricultural and Mechanical College
Finding Forensic Evidence In The Operating System's Graphical User Interface, Edward X. Wilson Mr.
LSU Master's Theses
A branch of cyber security known as memory forensics focuses on extracting meaningful evidence from system memory. This analysis is often referred to as volatile memory analysis, and is generally performed on memory captures acquired from target systems. Inside of a memory capture is the complete state of a system under investigation, including the contents of currently running as well as previously executed applications. Analysis of this data can reveal a significant amount of activity that occurred on a system since the last reboot. For this research, the Windows operating system is targeted. In particular, the graphical user interface component …
Towards Hardware-Based Application Fingerprinting With Microarchitectural Signals For Zero Trust Environments,
2023
Air Force Institute of Technology
Towards Hardware-Based Application Fingerprinting With Microarchitectural Signals For Zero Trust Environments, Tor J. Langehaug, Scott R. Graham
Faculty Publications
The interactions between software and hardware are increasingly important to computer system security. This research collects sequences of microprocessor control signals to develop machine learning models that identify software tasks. The proposed approach considers software task identification in hardware as a general problem with attacks treated as a subset of software tasks. Two lines of effort are presented. First, a data collection approach is described to extract sequences of control signals labeled by task identity during real (i.e., non-simulated) system operation. Second, experimental design is used to select hardware and software configuration to train and evaluate machine learning models. The …
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies,
2023
Virginia Tech
Improving Developers' Understanding Of Regex Denial Of Service Tools Through Anti-Patterns And Fix Strategies, Sk Adnan Hassan, Zainab Aamir, Dongyoon Lee, James C. Davis, Francisco Servant
Department of Electrical and Computer Engineering Faculty Publications
Regular expressions are used for diverse purposes, including input validation and firewalls. Unfortunately, they can also lead to a security vulnerability called ReDoS (Regular Expression Denial of Service), caused by a super-linear worst-case execution time during regex matching. Due to the severity and prevalence of ReDoS, past work proposed automatic tools to detect and fix regexes. Although these tools were evaluated in automatic experiments, their usability has not yet been studied; usability has not been a focus of prior work. Our insight is that the usability of existing tools to detect and fix regexes will improve if we complement them …
Layered Fiduciaries In The Information Age,
2023
University of Pittsburgh School of Law
Layered Fiduciaries In The Information Age, Zhaoyi Li
Articles
Technology companies such as Facebook have long been criticized for abusing customers’ personal information and monetizing user data in a manner contrary to customer expectations. Some commentators suggest fiduciary law could be used to restrict how these companies use their customers’ data. Under this framework, a new member of the fiduciary family called the “information fiduciary” was born. The concept of an information fiduciary is that a company providing network services to “collect, analyze, use, sell, and distribute personal information” owes customers and end-users a fiduciary duty to use the collected data to promote their interests, thereby assuming fiduciary liability …
