Physical Sciences and Mathematics Commons^™

Securing Information Technology In Healthcare, Denise Anthony, Andrew T. Campbell, Thomas Candon, Andrew Gettinger, David Kotz, Lisa A. Marsch, Andrés Molina-Markham, Karen M. Page, Sean W. Smith, Carl A. Gunter, M. Eric Johnson

Dartmouth Scholarship

Information technology (IT) has great potential to improve healthcare quality while also improving efficiency, and thus has been a major focus of recent healthcare reform efforts. However, developing, deploying and using IT that is both secure and genuinely effective in the complex clinical, organizational and economic environment of healthcare is a significant challenge. Further, it is imperative that we better understand the privacy concerns of patients and providers, as well as the ability of current technologies, policies, and laws to adequately protect privacy. The Securing Information Technology in Healthcare (SITH) workshops were created to provide a forum to discuss security …

A Secure And Effective Anonymous User Authentication Scheme For Roaming Service In Global Mobility Networks, Fengtong Wen, Willy Susilo, Guomin Yang

Research Collection School Of Computing and Information Systems

In global mobility networks, anonymous user authentication is an essential task for enabling roaming service. In a recent paper, Jiang et al. proposed a smart card based anonymous user authentication scheme for roaming service in global mobility networks. This scheme can protect user privacy and is believed to have many abilities to resist a range of network attacks, even if the secret information stored in the smart card is compromised. In this paper, we analyze the security of Jiang et al.’s scheme, and show that the scheme is in fact insecure against the stolen-verifier attack and replay attack. Then, we …

Does Your Wireless Lan Have Criminal Intent?, Michael Crowley, Andrew Woodward

Michael Crowley

All of the literature relating to wireless network security has focused on the flaws, newer alternatives and suggestions for securing the network. There is much speculation and anecdotal statements in relation to what can happen if a breach occurs, but this is mostly from a computer security perspective, and mostly expressed in terms of potential for financial loss. This paper examines the potential legal ramifications of failing to properly secure a wireless network. Several scenarios are examined within based on usage of wireless on the various category of attack. Legal opinion, backed up with case law, is provided for each …

Trajectory Privacy Preservation In Mobile Wireless Sensor Networks, Xinyu Jin

FIU Electronic Theses and Dissertations

In recent years, there has been an enormous growth of location-aware devices, such as GPS embedded cell phones, mobile sensors and radio-frequency identification tags. The age of combining sensing, processing and communication in one device, gives rise to a vast number of applications leading to endless possibilities and a realization of mobile Wireless Sensor Network (mWSN) applications. As computing, sensing and communication become more ubiquitous, trajectory privacy becomes a critical piece of information and an important factor for commercial success. While on the move, sensor nodes continuously transmit data streams of sensed values and spatiotemporal information, known as ``trajectory information". …

Improved Kernel Security Through Code Validation, Diversification, And Minimization, Dannie Michael Stanley

Open Access Dissertations

The vast majority of hosts on the Internet, including mobile clients, are running one of three commodity, general-purpose operating system families. In such operating systems the kernel software executes at the highest processor privilege level. If an adversary is able to hijack the kernel software then by extension he has full control of the system. This control includes the ability to disable protection mechanisms and hide evidence of compromise.

The lack of diversity in commodity, general-purpose operating systems enables attackers to craft a single kernel exploit that has the potential to infect millions of hosts. If enough variants of the …

Securearray: Improving Wifi Security With Fine-Grained Physical-Layer, Jie Xiong, Kyle Jamieson

Research Collection School Of Computing and Information Systems

Despite the important role that WiFi networks play in home and enterprise networks they are relatively weak from a security standpoint. With easily available directional antennas, attackers can be physically located off-site, yet compromise WiFi security protocols such as WEP, WPA, and even to some extent WPA2 through a range of exploits specific to those protocols, or simply by running dictionary and human-factors attacks on users' poorly-chosen passwords. This presents a security risk to the entire home or enterprise network. To mitigate this ongoing problem, we propose SecureArray, a system designed to operate alongside existing wireless security protocols, adding defense …

Forensic Analysis Of Whatsapp On Android Smartphones, Neha S. Thakur

University of New Orleans Theses and Dissertations

Android forensics has evolved over time offering significant opportunities and exciting challenges. On one hand, being an open source platform Android is giving developers the freedom to contribute to the rapid growth of the Android market whereas on the other hand Android users may not be aware of the security and privacy implications of installing these applications on their phones. Users may assume that a password-locked device protects their personal information, but applications may retain private information on devices, in ways that users might not anticipate. In this thesis we will be concentrating on one such application called 'WhatsApp', a …

Is Security Sustainable?, Jeremy W. Crampton

Geography Faculty Publications

No abstract provided.

Dynamic Near Field Communication Pairing For Wireless Sensor Networks, Steven Charles Cook

Theses and Dissertations

Wireless sensor network (WSN) nodes communicate securely using pre-installed cryptographic keys. Although key pre-installation makes nodes less expensive, the technical process of installing keys prevents average users from deploying and controlling their own WSNs. Wireless pairing enables users to set up WSNs without pre-installing keys, but current pairing techniques introduce numerous concerns regarding security, hardware expense, and usability. This thesis introduces dynamic Near Field Communication (NFC) pairing, a new pairing technique designed for WSNs. This pairing overcomes the limitations of both key pre-installation and current pairing techniques. Dynamic NFC pairing is as secure as using pre-installed keys, requires only inexpensive …

Big Data: New Opportunities And New Challenges, Katina Michael, Keith Miller

Associate Professor Katina Michael

We can live with many of the uncertainties of big data for now, with the hope that its benefits will outweigh its harms, but we shouldn't blind ourselves to the possible irreversibility of changes—whether good or bad—to society.

It's no secret that both private enterprise and government seek greater insights into people's behaviors and sentiments. Organizations use various analytical techniques—from crowdsourcing to genetic algorithms to neural networks to sentiment analysis—to study both structured and unstructured forms of data that can aid product and process discovery, productivity, and policy-making. This data is collected from numerous sources including sensor networks, government data …

Big Data: New Opportunities And New Challenges, Katina Michael, Keith W. Miller

Keith Miller

We can live with many of the uncertainties of big data for now, with the hope that its benefits will outweigh its harms, but we shouldn't blind ourselves to the possible irreversibility of changes—whether good or bad—to society.

It's no secret that both private enterprise and government seek greater insights into people's behaviors and sentiments. Organizations use various analytical techniques—from crowdsourcing to genetic algorithms to neural networks to sentiment analysis—to study both structured and unstructured forms of data that can aid product and process discovery, productivity, and policy-making. This data is collected from numerous sources including sensor networks, government data …

Balance Or Trade-Off? Online Security Technologies And Fundamental Rights, Mireille Hildebrandt

Mireille Hildebrandt

In this contribution I argue that the image of the balance is often used to defend the idea of a trade-off. To understand the drawbacks of this line of thought I will explore the relationship between online security technologies and fundamental rights, notably privacy, non-discrimination, freedom of speech and due process. After discriminating between three types of online security technologies I will trace the reconfiguration of the notion of privacy in the era of smart environments. This will lead to an inquiry into the metaphor of the scale, building on the triple test regarding the justification of the limitation of …

A Secure And Fair Resource Sharing Model For Community Clouds, Santhosh S. Anand

Graduate Theses and Dissertations

Cloud computing has gained a lot of importance and has been one of the most discussed segment of today's IT industry. As enterprises explore the idea of using clouds, concerns have emerged related to cloud security and standardization. This thesis explores whether the Community Cloud Deployment Model can provide solutions to some of the concerns associated with cloud computing. A secure framework based on trust negotiations for resource sharing within the community is developed as a means to provide standardization and security while building trust during resource sharing within the community. Additionally, a model for fair sharing of resources is …

Hybrid Spread-Spectrum Tcp For Combating Fraudulent Cyber Activities Against Reconnaissance Attacks, Simon Enoch Yusuf, Olumide Longe

The African Journal of Information Systems

The inefficiencies of current intrusion detection system against fraudulent cyber activities attracts the attention of computer gurus, also known as “hackers” to exploit known weakness on a particular host or network. These hackers are expert programmers who mainly focus on how the Internet works, and they interact with each other to know its strengths and weaknesses. Then they develop advanced tools which an average attacker with little background can use to know the liveness, reachability and running service on the network. Once an attacker identifies these details, he can accurately launch an effective attack and get maximum benefit out of …

The Social Implications Of Covert Policing, Simon Bronitt, Clive Harfield, K. Michael

Clive Harfield

Police agencies have been accused of suffering from an acute form of technophilia. Rather than representing some dreadful disorder, this assessment reflects the strong imperative, both in police agencies and the wider community, that police must have access to the latest technologies of surveillance and crime detection.

The last decade has witnessed the proliferation of low-cost surveillance technologies, some developed specifically for law enforcement purposes. Technology once the preserve of the military or secret intelligence agencies is now within the reach of ordinary general duties police officers. The new generation of police recruits is highly adept at using new technologies. …

Utilizing Cyber Espionage To Combat Terrorism, Gary Adkins

Open Access Theses & Dissertations

The world has effectively exited the Industrial Age and is firmly planted in the Information Age. Global communication at the speed of light has been a great asset to both businesses and private citizens. However, there is a dark side to the age we live in, where terrorist groups are able to communicate, plan, fund, recruit, and spread their message to the world. The relative anonymity the internet provides hinders law enforcement and security agencies in not only locating would-be terrorists but also in disrupting their operations. The internet is a loosely knit group of computers and routers and is …

Raising The Game: Applying Theory And Analytics To Real-World Threats, Singapore Management University

Perspectives@SMU

Safety and security are, on many levels, essential priorities for governments, businesses and individuals. While an increase of defence and security budgets may bring some assurance of peaceful times to come, it seems the world has no lack of insane perpetrators who can still somehow evade, breach, ambush, assail and attack as they please. Enter the “Bayesian Stackelberg Game”, a game theory model that can, and has been applied rather successfully to the allocation of security resources in the United States by Prof Milind Tambe, University of Southern California.

Application Of A Layered Hidden Markov Model In The Detection Of Network Attacks, Lawrence Taub

CCE Theses and Dissertations

Network-based attacks against computer systems are a common and increasing problem. Attackers continue to increase the sophistication and complexity of their attacks with the goal of removing sensitive data or disrupting operations. Attack detection technology works very well for the detection of known attacks using a signature-based intrusion detection system. However, attackers can utilize attacks that are undetectable to those signature-based systems whether they are truly new attacks or modified versions of known attacks. Anomaly-based intrusion detection systems approach the problem of attack detection by detecting when traffic differs from a learned baseline. In the case of this research, the …

Automated Detection Of Vehicles With Machine Learning, Michael N. Johnstone, Andrew Woodward

Australian Information Security Management Conference

Considering the significant volume of data generated by sensor systems and network hardware which is required to be analysed and intepreted by security analysts, the potential for human error is significant. This error can lead to consequent harm for some systems in the event of an adverse event not being detected. In this paper we compare two machine learning algorithms that can assist in supporting the security function effectively and present results that can be used to select the best algorithm for a specific domain. It is suggested that a naive Bayesian classiifer (NBC) and an artificial neural network (ANN) …

Physical Unclonable Function Techniques Applied For Digital Hardware Protection, Anthony Barrera

Dissertations and Theses

"Privacy is an important property that is growing harder to keep as people develop new ways to steal information from users on their computers. Software alone cannot ensure privacy since an infected system is untrustworthy. This paper presents several challenges malware brings that can be solved by using an external processor. Techniques such as keystroke encryption and message authentication can be used to protect users from having their passwords and other private data stolen. To take advantage of the external hardware, a physical unclonable function can be used to generate private keys without the need for storing them in memory. …

Exploiting Human Factors In User Authentication, Payas Gupta

Dissertations and Theses Collection (Open Access)

Our overarching issue in security is the human factor – and dealing with it is perhaps one of the biggest challenges we face today. Human factor is often described as the weakest part of a security system and users are often described as the weakest link in the security chain. In this thesis, we focus on two problems which are caused by human factors in user authentication and propose respective solutions. a) Secrecy information inference attack – publicly available information can be used to infer some secrecy information about the user. b) Coercion attack – where an attacker forces a …

Opacity Of Discrete Event Systems: Analysis And Control, Majed Mohamed Ben Kalefa

Wayne State University Dissertations

The exchange of sensitive information in many systems over a network can be manipulated

by unauthorized access. Opacity is a property to investigate security and

privacy problems in such systems. Opacity characterizes whether a secret information

of a system can be inferred by an unauthorized user. One approach to verify security

and privacy properties using opacity problem is to model the system that may leak confidential

information as a discrete event system. The problem that has not investigated

intensively is the enforcement of opacity properties by supervisory control. In other

words, constructing a minimally restrictive supervisor to limit the system's …

Assessing The Role Of User Computer Self-Efficacy, Cybersecurity Countermeasures Awareness, And Cybersecurity Skills Toward Computer Misuse Intention At Government Agencies, Min Suk Choi

CCE Theses and Dissertations

Cybersecurity threats and vulnerabilities are causing substantial financial losses for governments and organizations all over the world. Cybersecurity criminals are stealing more than one billion dollars from banks every year by exploiting vulnerabilities caused by bank users' computer misuse. Cybersecurity breaches are threatening the common welfare of citizens since more and more terrorists are using cyberterrorism to target critical infrastructures (e.g., transportation, telecommunications, power, nuclear plants, water supply, banking) to coerce the targeted government and its people to accomplish their political objectives. Cyberwar is another major concern that nations around the world are struggling to get ready to fight. It …

Provenance Framework For Mhealth, Aarathi Prasad, Ronald Peterson, Shrirang Mare, Jacob Sorber, Kolin Paul, David Kotz

Dartmouth Scholarship

Mobile health technologies allow patients to collect their health information outside the hospital and share this information with others. But how can data consumers know whether to trust the sensor-collected and human-entered data they receive? Data consumers might be able to verify the accuracy and authenticity of the data if they have information about its origin and about changes made to it, i.e., the \emphprovenance\/ of the data. We propose a provenance framework for mHealth devices, to collect and share provenance metadata and help the data consumer verify whether certain provenance properties are satisfied by the data they receive. This …

Security Risks And Protection In Online Learning: A Survey, Yong Chen, Wu He

Distance Learning Faculty & Staff Publications

This paper describes a survey of online learning which attempts to determine online learning providers' awareness of potential security risks and the protection measures that will diminish them. The authors use a combination of two methods: blog mining and a traditional literature search. The findings indicate that, while scholars have identified diverse security risks and have proposed solutions to mitigate the security threats in online learning, bloggers have not discussed security in online learning with great frequency. The differences shown in the survey results generated by the two different methods confirm that online learning providers and practitioners have not considered …

Defining And Preventing Code-Injection Attacks, Donald Ray

USF Tampa Graduate Theses and Dissertations

This thesis shows that existing definitions of code-injection attacks (e.g., SQL-injection attacks) are flawed. The flaws make it possible for attackers to circumvent existing mechanisms, by supplying code-injecting inputs that are not recognized as such. The flaws also make it possible for benign inputs to be treated as attacks. After describing these flaws in conventional definitions of code-injection attacks, this thesis proposes a new definition, which is based on whether the symbols input to an application get used as (normal-form) values in the application's output. Because values are already fully evaluated, they cannot be considered ``code'' when injected. This simple …

Ensuring Application Specific Security, Privacy And Performance Goals In Rfid Systems, Farzana Rahman

Dissertations (1934 -)

Radio Frequency IDentification (RFID) is an automatic identification technology that uses radio frequency to identify objects. Securing RFID systems and providing privacy in RFID applications has been the focus of much academic work lately. To ensure universal acceptance of RFID technology, security and privacy issued must be addressed into the design of any RFID application. Due to the constraints on memory, power, storage capacity, and amount of logic on RFID devices, traditional public key based strong security mechanisms are unsuitable for them. Usually, low cost general authentication protocols are used to secure RFID systems. However, the generic authentication protocols provide …

Data Security And Information Privacy For Pda Accessible Clinical-Log For Medical Education In Problem-Based Learning (Pbl) Approach, Rattiporn Luanrattana, Khin Than Win, John A. Fulcher

Dr Khin Win

Data security and information privacy are the important aspects to consider for the use of mobile technology for recording clinical experience and encounter in medical education. Objective: This study aims to address the qualitative findings of the appropriate data security and information privacy for PDA accessible clinical-log in problem-based learning (PBL) approach in medical education. Method: The semi-structured interviews were conducted with the medical faculty members, honorary clinical academics and medical education technology specialists. Results: Data security and information access plan were determined for managing clinical-log data. The results directed the guideline for the future development and implementation of clinical-log …

On The Cca-1 Security Of Somewhat Homomorphic Encryption Over The Integers, Zhenfei Zhang, Thomas Plantard, Willy Susilo

Dr Thomas Plantard

The notion of fully homomorphic encryption is very important since it enables many important applications, such as the cloud computing scenario. In EUROCRYPT 2010, van Dijk, Gentry, Halevi and Vaikuntanathan proposed an interesting fully homomorphic encryption scheme based on a somewhat homomorphic encryption scheme using integers. In this paper, we demonstrate a very practical CCA-1 attack against this somewhat homomorphic encryption scheme. Given a decryption oracle, we show that within O(λ2) queries, we can recover the secret key successfully, where λ is the security parameter for the system.

A Generic Construction Of Dynamic Single Sign-On With Strong Security, Jinguang Han, Yi Mu, Willy Susilo, Jun Yan

Dr Jun Yan

Single Sign-On (SSO) is a core component in a federated identity management (FIM). Dynamic Single Sign-on (DSSO) is a more flexible SSO where users can change their service requirements dynamically. However, the security in the current SSO and DSSO systems remain questionable. As an example, personal credentials could be illegally used to allow illegal users to access the services. It is indeed a challenging task to achieve strong security in SSO and DSSO. In this paper, we propose a generic construction of DSSO with strong security. We propose the formal definitions and security models for SSO and DSSO, which enable …