Physical Sciences and Mathematics Commons^™

Federated Learning For Secure Sensor Cloud, Viraaji Mothukuri

Master of Science in Software Engineering Theses

Intelligent sensing solutions bridge the gap between the physical world and the cyber world by digitizing the sensor data collected from sensor devices. Sensor cloud networks provide resources to physical and virtual sensing devices and enable uninterrupted intelligent solutions to end-users. Thanks to advancements in machine learning algorithms and big data, the automation of mundane tasks with artificial intelligence is becoming a more reliable smart option. However, existing approaches based on centralized Machine Learning (ML) on sensor cloud networks fail to ensure data privacy. Moreover, centralized ML works with the pre-requisite to have the entire training dataset from end-devices transferred …

An Analysis Of Modern Password Manager Security And Usage On Desktop And Mobile Devices, Timothy Oesch

Doctoral Dissertations

Security experts recommend password managers to help users generate, store, and enter strong, unique passwords. Prior research confirms that managers do help users move towards these objectives, but it also identified usability and security issues that had the potential to leak user data or prevent users from making full use of their manager. In this dissertation, I set out to measure to what extent modern managers have addressed these security issues on both desktop and mobile environments. Additionally, I have interviewed individuals to understand their password management behavior.

I begin my analysis by conducting the first security evaluation of the …

Smart Contract Security: A Practitioners' Perspective, Zhiyuan Wan, Xin Xia, David Lo, Jiachi Chen, Xiapu Luo, Xiaohu Yang

Research Collection School Of Computing and Information Systems

Smart contracts have been plagued by security incidents, which resulted in substantial financial losses. Given numerous research efforts in addressing the security issues of smart contracts, we wondered how software practitioners build security into smart contracts in practice. We performed a mixture of qualitative and quantitative studies with 13 interviewees and 156 survey respondents from 35 countries across six continents to understand practitioners' perceptions and practices on smart contract security. Our study uncovers practitioners' motivations and deterrents of smart contract security, as well as how security efforts and strategies fit into the development lifecycle. We also find that blockchain platforms …

Trust Models And Risk In The Internet Of Things, Jeffrey Hemmes

Regis University Faculty Publications

The Internet of Things (IoT) is envisaged to be a large-scale, massively heterogeneous ecosystem of devices with varying purposes and capabilities. While architectures and frameworks have focused on functionality and performance, security is a critical aspect that must be integrated into system design. This work proposes a method of risk assessment of devices using both trust models and static capability profiles to determine the level of risk each device poses. By combining the concepts of trust and secure device fingerprinting, security mechanisms can be more efficiently allocated across networked IoT devices. Simultaneously, devices can be allowed a greater degree of …

Using Grids As Password Entry Devices, Karol Lejmbach

Master's Theses (2009 -)

The classic text-based password has been around for a very long time. A lot of security research has been conducted on it. A set of best practices has been available for many years stressing the use of longer and more complex passwords. The issue with this approach is that humans have a hard time recalling long complex sequences of characters. Worse, the more complex the string of characters the more prone it is to being written down which is the most detrimental security threat. The goal of this paper is to introduce and provide an introductory analysis of a grid-based …

Out Of Sight, Out Of Mind? How Vulnerable Dependencies Affect Open-Source Projects, Gede Artha Azriadi Prana, Abhishek Sharma, Lwin Khin Shar, Darius Foo, Andrew E. Santosa, Asankhaya Sharma, David Lo

Research Collection School Of Computing and Information Systems

Context: Software developers often use open-source libraries in their project to improve development speed. However, such libraries may contain security vulnerabilities, and this has resulted in several high-profile incidents in re- cent years. As usage of open-source libraries grows, understanding of these dependency vulnerabilities becomes increasingly important. Objective: In this work, we analyze vulnerabilities in open-source libraries used by 450 software projects written in Java, Python, and Ruby. Our goal is to examine types, distribution, severity, and persistence of the vulnerabili- ties, along with relationships between their prevalence and project as well as commit attributes. Method: Our data is obtained …

Biometrics For Internet‐Of‐Things Security: A Review, Wencheng Yang, Song Wang, Nor Masri Sahri, Nickson M. Karie, Mohiuddin Ahmed, Craig Valli

Research outputs 2014 to 2021

The large number of Internet‐of‐Things (IoT) devices that need interaction between smart devices and consumers makes security critical to an IoT environment. Biometrics offers an interesting window of opportunity to improve the usability and security of IoT and can play a significant role in securing a wide range of emerging IoT devices to address security challenges. The purpose of this review is to provide a comprehensive survey on the current biometrics research in IoT security, especially focusing on two important aspects, authentication and encryption. Regarding authentication, contemporary biometric‐based authentication systems for IoT are discussed and classified based on different biometric …

Digital Forensic Readiness In Operational Cloud Leveraging Iso/Iec 27043 Guidelines On Security Monitoring, Sheunesu Makura, H. S. Venter, Victor R. Kebande, Nickson M. Karie, Richard A. Ikuesan, Sadi Alawadi

Research outputs 2014 to 2021

An increase in the use of cloud computing technologies by organizations has led to cybercriminals targeting cloud environments to orchestrate malicious attacks. Conversely, this has led to the need for proactive approaches through the use of digital forensic readiness (DFR). Existing studies have attempted to develop proactive prototypes using diverse agent-based solutions that are capable of extracting a forensically sound potential digital evidence. As a way to address this limitation and further evaluate the degree of PDE relevance in an operational platform, this study sought to develop a prototype in an operational cloud environment to achieve DFR in the cloud. …

Privacy-Preserving Non-Participatory Surveillance System For Covid-19-Like Pandemics, Mahmoud Nabil, Ahmed Sherif, Mohamed Mahmoud, Waleed Alsmary, Maazen Alsabaan

Faculty Publications

COVID-19 pandemic has revealed a pressing need for an effective surveillance system to control the spread of infection. However, the existing systems are run by the people’s smartphones and without a strong participation from the people, the systems become ineffective. Moreover, these systems can be misused to spy on people and breach their privacy. Due to recent privacy breaches, people became anxious about their privacy, and without privacy reassurance, the people may not accept the systems. In this paper, we propose a non-participatory privacy-preserving surveillance system for COVID-19-like pandemics. The system aims to control the spread of COVID-19 infection without …

A Review Of Security Standards And Frameworks For Iot-Based Smart Environments, Nickson M. Karie, Nor Masri Sahri, Wencheng Yang, Craig Valli, Victor R. Kebande

Research outputs 2014 to 2021

Assessing the security of IoT-based smart environments such as smart homes and smart cities is becoming fundamentally essential to implementing the correct control measures and effectively reducing security threats and risks brought about by deploying IoT-based smart technologies. The problem, however, is in finding security standards and assessment frameworks that best meets the security requirements as well as comprehensively assesses and exposes the security posture of IoT-based smart environments. To explore this gap, this paper presents a review of existing security standards and assessment frameworks which also includes several NIST special publications on security techniques highlighting their primary areas of …

Security Against Data Falsification Attacks In Smart City Applications, Venkata Praveen Kumar Madhavarapu

Doctoral Dissertations

Smart city applications like smart grid, smart transportation, healthcare deal with very important data collected from IoT devices. False reporting of data consumption from device failures or by organized adversaries may have drastic consequences on the quality of operations. To deal with this, we propose a coarse grained and a fine grained anomaly based security event detection technique that uses indicators such as deviation and directional change in the time series of the proposed anomaly detection metrics to detect different attacks. We also built a trust scoring metric to filter out the malicious devices. Another challenging problem is injection of …

Contracting For Algorithmic Accountability, Cary Coglianese, Erik Lampmann

All Faculty Scholarship

As local, state, and federal governments increase their reliance on artificial intelligence (AI) decision-making tools designed and operated by private contractors, so too do public concerns increase over the accountability and transparency of such AI tools. But current calls to respond to these concerns by banning governments from using AI will only deny society the benefits that prudent use of such technology can provide. In this Article, we argue that government agencies should pursue a more nuanced and effective approach to governing the governmental use of AI by structuring their procurement contracts for AI tools and services in ways that …

Quality Of Sql Code Security On Stackoverflow And Methods Of Prevention, Robert Klock

Honors Papers

This paper explores the frequency at which SQL/PHP posts on the website Stackoverflow.com contain code susceptible to SQL Injection, a common database vulnerability. Specifically, we analyze whether other users give notice of the vulnerability or provide an answer that is secure. The majority of questions analyzed were vulnerable to SQL Injection and were not corrected in their answers or brought to the attention of the original poster. To mitigate this, we present a machine learning bot which analyzes the poster’s code and alerts them of potential injection vulnerabilities, if necessary.

Improved Secure And Low Computation Authentication Protocol For Wireless Body Area Network With Ecc And 2d Hash Chain, Soohyeon Choi

Electronic Theses and Dissertations

Since technologies have been developing rapidly, Wireless Body Area Network (WBAN) has emerged as a promising technique for healthcare systems. People can monitor patients’ body condition and collect data remotely and continuously by using WBAN with small and compact wearable sensors. These sensors can be located in, on, and around the patient’s body and measure the patient’s health condition. Afterwards sensor nodes send the data via short-range wireless communication techniques to an intermediate node. The WBANs deal with critical health data, therefore, secure communication within the WBAN is important. There are important criteria in designing a security protocol for a …

Lightweight Encryption Based Security Package For Wireless Body Area Network, Sangwon Shin

Electronic Theses and Dissertations

As the demand of individual health monitoring rose, Wireless Body Area Networks (WBAN) are becoming highly distinctive within health applications. Nowadays, WBAN is much easier to access then what it used to be. However, due to WBAN’s limitation, properly sophisticated security protocols do not exist. As WBAN devices deal with sensitive data and could be used as a threat to the owner of the data or their family, securing individual devices is highly important. Despite the importance in securing data, existing WBAN security methods are focused on providing light weight security methods. This led to most security methods for WBAN …

Covid-19 And Biocybersecurity's Increasing Role On Defending Forward, Xavier Palmer, Lucas N. Potter, Saltuk Karahan

Electrical & Computer Engineering Faculty Publications

The evolving nature of warfare has been changing with cybersecurity and the use of advanced biotechnology in each aspect of the society is expanding and overlapping with the cyberworld. This intersection, which has been described as “biocybersecurity” (BCS), can become a major front of the 21st-century conflicts. There are three lines of BCS which make it a critical component of overall cybersecurity: (1) cyber operations within the area of BCS have life threatening consequences to a greater extent than other cyber operations, (2) the breach in health-related personal data is a significant tool for fatal attacks, and (3) health-related misinformation …

Biocybersecurity: A Converging Threat As An Auxiliary To War, Lucas Potter, Orlando Ayala, Xavier-Lewis Palmer

Engineering Technology Faculty Publications

Biodefense is the discipline of ensuring biosecurity with respect to select groups of organisms and limiting their spread. This field has increasingly been challenged by novel threats from nature that have been weaponized such as SARS, Anthrax, and similar pathogens, but has emerged victorious through collaboration of national and world health groups. However, it may come under additional stress in the 21st century as the field intersects with the cyberworld-- a world where governments have already been struggling to keep up with cyber attacks from small to state-level actors as cyberthreats have been relied on to level the playing field …

Improving A Wireless Localization System Via Machine Learning Techniques And Security Protocols, Zachary Yorio

Masters Theses, 2020-current

The recent advancements made in Internet of Things (IoT) devices have brought forth new opportunities for technologies and systems to be integrated into our everyday life. In this work, we investigate how edge nodes can effectively utilize 802.11 wireless beacon frames being broadcast from pre-existing access points in a building to achieve room-level localization. We explain the needed hardware and software for this system and demonstrate a proof of concept with experimental data analysis. Improvements to localization accuracy are shown via machine learning by implementing the random forest algorithm. Using this algorithm, historical data can train the model and make …

Thaw Publications, Carl Landwehr, David Kotz

Computer Science Technical Reports

In 2013, the National Science Foundation's Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project's bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials …

A Survey On Ddos Attacks In Edge Servers, Iftakhar Ahmad

Computer Science and Engineering Theses

In modern times, the need for latency sensitive applications is growing rapidly. Cloud computing infrastructure is unable to provide support to such delay sensitive applications. Therefore, a new paradigm called edge computing has emerged. In edge computing various paradigms like Fog, Cloudlet, Mobile Edge Computing, etc. provide real-time, location aware services to users. As a result number of requests are generated for processing in the edge servers. If these edge servers for some reason become unavailable for providing service, users will not be able to perform their delay sensitive or location aware operations. Like other servers in the network, edge …

Towards Development Of A Remote Charting System For Connected Healthcare, Alex Bodurka

Masters Theses

Health Care Providers play a crucial role in a patients well-being. While their primary role is to treat the patient, it is also vital to ensure that they can spend adequate time with the patient to create a unique treatment plan and build a personal relationship with their patients to help them feel comfortable during their treatment. Health Care Providers are frequently required to manually record patient data to track their healthcare progress during their hospital stay. However, with hospitals continuously trying to optimize their workflows, this crucial one-on-one time with the patient is often not practical.

As a solution, …

Oauth2.0 In Securing Apis, Olimpion Shurdi, Aleksander Biberaj, Igli Tafa, Genci Mesi

UBT International Conference

Today’s modern applications are mostly designed around API’s. API’s are used for a variety of things such as passing data to another webservice reading data from a database etc. The problem with this is that not all the API’s are secure. Most of the today’s API’s are old and rely only on an authentication token where the user data often had to share their credentials with the application to enable such an API call on their behalf or string them, which is often hardcoded. We will focus on OAUTH 2.0 as new protocol in securing our API’s. This is a …

Security, Privacy And Trust For Smart Mobile- Internet Of Things (M-Iot): A Survey, Vishal Sharma, Ilsun You, Karl Andersson, Francesco Palmieri, Mubashir Husain Rehmani, Jaedeock Lim

Publications

With an enormous range of applications, the Internet of Things (IoT) has magnetized industries and academicians from everywhere. IoT facilitates operations through ubiquitous connectivity by providing Internet access to all the devices with computing capabilities. With the evolution of wireless infrastructure, the focus from simple IoT has been shifted to smart, connected and mobile IoT (M-IoT) devices and platforms, which can enable low-complexity, low-cost and efficient computing through sensors, machines, and even crowdsourcing. All these devices can be grouped under a common term of M-IoT. Even though the positive impact on applications has been tremendous, security, privacy and trust are …

Is The Transit Industry Prepared For The Cyber Revolution? Policy Recommendations To Enhance Surface Transit Cyber Preparedness, Scott Belcher, Terri Belcher, Eric Greenwald, Brandon Thomas

Mineta Transportation Institute

The intent of this study is to assess the readiness, resourcing, and structure of public transit agencies to identify, protect from, detect, respond to, and recover from cybersecurity vulnerabilities and threats. Given the multitude of connected devices already in use by the transit industry and the vast amount of data generated (with more coming online soon), the transit industry is vulnerable to malicious cyber-attack and other cybersecurity-related threats. This study reviews the state of best cybersecurity practices in public surface transit; outlines U.S. public surface transit operators’ cybersecurity operations; assesses U.S. policy on cybersecurity in public surface transportation; and provides …

The Future Of Work Now: The Multi-Faceted Mall Security Guard At A Multi-Faceted Jewel, Thomas H. Davenport, Steven M. Miller

Research Collection School Of Computing and Information Systems

One of the most frequently-used phrases at business events these days is “the future of work.” It’s increasingly clear that artificial intelligence and other new technologies will bring substantial changes in work tasks and business processes. But while these changes are predicted for the future, they’re already present in many organizations for many different jobs. The job and incumbents described below are an example of this phenomenon. Steve Miller of Singapore Management University and I co-authored the story.

A Performance-Sensitive Malware Detection System Using Deep Learning On Mobile Devices, Ruitao Feng, Sen Chen, Xiaofei Xie, Guozhu Meng, Shang-Wei Lin, Yang Liu

Research Collection School Of Computing and Information Systems

Currently, Android malware detection is mostly performed on server side against the increasing number of malware. Powerful computing resource provides more exhaustive protection for app markets than maintaining detection by a single user. However, apart from the applications (apps) provided by the official market (i.e., Google Play Store), apps from unofficial markets and third-party resources are always causing serious security threats to end-users. Meanwhile, it is a time-consuming task if the app is downloaded first and then uploaded to the server side for detection, because the network transmission has a lot of overhead. In addition, the uploading process also suffers …

Crowdsourcing Atop Blockchains, Yuan Lu

Dissertations

Traditional crowdsourcing systems, such as Amazon's Mechanical Turk (MTurk), though once acquiring great economic successes, have to fully rely on third-party platforms to serve between the requesters and the workers for basic utilities. These third-parties have to be fully trusted to assist payments, resolve disputes, protect data privacy, manage user authentications, maintain service online, etc. Nevertheless, tremendous real-world incidents indicate how elusive it is to completely trust these platforms in reality, and the reduction of such over-reliance becomes desirable.

In contrast to the arguably vulnerable centralized approaches, a public blockchain is a distributed and transparent global "consensus computer" that is …

"How Good Are They?" - A State Of The Effectiveness Of Anti-Phishing Tools On Twitter, Sayak Saha Roy

Computer Science and Engineering Theses

Phishing websites are one of the most pervasive online attack vectors, with nearly 1.5 million such attacks created every month. Social media is the primary ground for phishing attacks, with 86% of these attacks originating from Twitter, Facebook, LinkedIn, etc. Prevalent approaches against these attacks includes URL scanners, anti-phishing blacklists and social media's own detection systems. In this work, we focus on Twitter, and through a combination of data-driven methods and emulations, we evaluate the verdicts provided by URL scanners, and Twitter’s detection system. We show that these sources provide a good amount of misinformation, which not only can lead …

Privacy Preserving Search Services Against Online Attack, Yi Zhao, Jianting Nian, Kaitai Liang, Yanqi Zhao, Liqun Chen, Bo Yang

Research Collection School Of Computing and Information Systems

Searchable functionality is provided in many online services such as mail services or outsourced data storage. To protect users privacy, data in these services is usually stored after being encrypted using searchable encryption. This enables the data user to securely search encrypted data from a remote server without leaking data and query information. Public key encryption with keyword search is one of the research branches of searchable encryption; this provides privacy-preserving searchable functionality for applications such as encrypted email systems. However, it has an inherent vulnerability in that the information of a query may be leaked using a keyword guessing …

Secure Mobile Computing By Using Convolutional And Capsule Deep Neural Networks, Rui Ning

Electrical & Computer Engineering Theses & Dissertations

Mobile devices are becoming smarter to satisfy modern user's increasing needs better, which is achieved by equipping divers of sensors and integrating the most cutting-edge Deep Learning (DL) techniques. As a sophisticated system, it is often vulnerable to multiple attacks (side-channel attacks, neural backdoor, etc.). This dissertation proposes solutions to maintain the cyber-hygiene of the DL-Based smartphone system by exploring possible vulnerabilities and developing countermeasures.

First, I actively explore possible vulnerabilities on the DL-Based smartphone system to develop proactive defense mechanisms. I discover a new side-channel attack on smartphones using the unrestricted magnetic sensor data. I demonstrate that attackers can …