Physical Sciences and Mathematics Commons^™

An Amulet For Trustworthy Wearable Mhealth, Jacob Sorber, Minho Shin, Ronald Peterson, Cory Cornelius, Shrirang Mare, Aarathi Prasad, Zachary Marois, Emma N. Smithayer, David Kotz

Dartmouth Scholarship

Mobile technology has significant potential to help revolutionize personal wellness and the delivery of healthcare. Mobile phones, wearable sensors, and home-based tele-medicine devices can help caregivers and individuals themselves better monitor and manage their health. While the potential benefits of this “mHealth” technology include better health, more effective healthcare, and reduced cost, this technology also poses significant security and privacy challenges. In this paper we propose \emphAmulet, an mHealth architecture that provides strong security and privacy guarantees while remaining easy to use, and outline the research and engineering challenges required to realize the Amulet vision.

Book Review: Security Risk Management: Building An Information Security Risk Management Program From The Ground Up, Katina Michael

Associate Professor Katina Michael

In an age of outsourcing tasks that are not considered to be a core competency of the business, organisations have often relied on external consultants for matters pertaining to security. In actual fact, most companies could have utilized existing skill-sets in-house to produce a security risk management program, if only they knew what steps to take, and how to go about it all. Evan Wheeler in his book on information security risk management does just that- he equips professionals tasked with security, with the thinking required to create a program that is more preoccupied with the complex strategic-level questions than …

Human Rights, Regulation, And National Security (Introduction), Simon Bronitt, Katina Michael

Faculty of Informatics - Papers (Archive)

Law disciplines technology, though it does so in a partial and incomplete way. This fact is refl ected in the old adage that technology outstrips the capacity of law to regulate it. The rise of new technologies poses a signifi cant threat to human rights. The pervasive use of closedcircuit television (CCTV), as well as mobile CCTV, telecommunications interception, and low-cost audiovisual recording and tracking devices (some of these discreetly wearable), extend the power of the state and corporations to signifi cantly intrude into the lives of citizens.

Building Patient Trust In Electronic Health Records, Helen Cripps, Craig Standing

Research outputs 2012

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been …

Accountable-Ehealth Systems: The Next Step Forward For Privacy, Randike Gajanayake, Tony Iannella, Bill Lane, Tony Sahama

Research outputs 2012

EHealth systems promise enviable benefits and capabilities for healthcare, yet the technologies that make these capabilities possible brings with them undesirable drawback such as information security related threats which need to be appropriately addressed. Lurking in these threats are patient privacy concerns. Resolving these privacy concerns have proven to be difficult since they often conflict with information requirements of healthcare providers. It is important to achieve a proper balance between these requirements. We believe that information accountability can achieve this balance. In this paper we introduce accountable-eHealth systems. We will discuss how our designed protocols can successfully address the aforementioned …

Building Patient Trust In Electronic Health Records, Helen Cripps, Craig Standing

Australian eHealth Informatics and Security Conference

While electronic medical records have the potential to vastly improve a patient’s health care, their introduction also raises new and complex security and privacy issues. The challenge of preserving what patients’ believe as their privacy in the context of the introduction of the Personally Controlled Electronic Health Record (PCEHR), into the multi-layered and decentralised Australian health system is discussed. Based on a number of European case studies the paper outlines the institutional measures for privacy and security that have been put in place, and compares them with the current status in Australia. The implementation of the PCEHR has not been …

Accountable-Ehealth Systems: The Next Step Forward For Privacy, Randike Gajanayake, Tony Iannella, Bill Lane, Tony Sahama

Australian eHealth Informatics and Security Conference

EHealth systems promise enviable benefits and capabilities for healthcare, yet the technologies that make these capabilities possible brings with them undesirable drawback such as information security related threats which need to be appropriately addressed. Lurking in these threats are patient privacy concerns. Resolving these privacy concerns have proven to be difficult since they often conflict with information requirements of healthcare providers. It is important to achieve a proper balance between these requirements. We believe that information accountability can achieve this balance. In this paper we introduce accountable-eHealth systems. We will discuss how our designed protocols can successfully address the aforementioned …

Networking And Security Solutions For Vanet Initial Deployment Stage, Baber Aslam

Electronic Theses and Dissertations

Vehicular ad hoc network (VANET) is a special case of mobile networks, where vehicles equipped with computing/communicating devices (called "smart vehicles") are the mobile wireless nodes. However, the movement pattern of these mobile wireless nodes is no more random, as in case of mobile networks, rather it is restricted to roads and streets. Vehicular networks have hybrid architecture; it is a combination of both infrastructure and infrastructure-less architectures. The direct vehicle to vehicle (V2V) communication is infrastructure-less or ad hoc in nature. Here the vehicles traveling within communication range of each other form an ad hoc network. On the other …

Information Flow Security In Cyber-Physical Systems, Thoshitha Gamage, Ravi Akella, Thomas Roth, Bruce Mcmillin

Computer Science Faculty Research & Creative Works

Preserving the confidentiality of sensitive internal actions is a unique challenge in Cyber-Physical Systems (CPSs) due to the inherent external observability of such systems and the tight coupling between their cyber and physical domains. the far-reaching objective of this work is to develop a science of self-obfuscating systems based on the composition of simple building blocks. a model of Nondeducibility composes the building blocks under information flow security properties. to this end, this paper proposes fundamental theories on external observability for basic regular networks and the concept of "event compensation". Copyright © 2011 ACM.

Adapt-Lite: Privacy-Aware, Secure, And Efficient Mhealth Sensing, Shrirang Mare, Jacob Sorber, Minho Shin, Cory Cornelius, David Kotz

Dartmouth Scholarship

As healthcare in many countries faces an aging population and rising costs, mobile sensing technologies promise a new opportunity. Using mobile health (mHealth) sensing, which uses medical sensors to collect data about the patients, and mobile phones to act as a gateway between sensors and electronic health record systems, caregivers can continuously monitor the patients and deliver better care. Although some work on mHealth sensing has addressed security, achieving strong security and privacy for low-power sensors remains a challenge. \par We make three contributions. First, we propose Adapt-lite, a set of two techniques that can be applied to existing wireless …

Providing End-To-End Secure Communications In Wireless Sensor Networks, Wenjun Gu, Neelanjana Dutta, Sriram Chellappan, Xiaole Bai

Computer Science Faculty Research & Creative Works

In many Wireless Sensor Networks (WSNs), providing end to end secure communications between sensors and the sink is important for secure network management. While there have been many works devoted to hop by hop secure communications, the issue of end-to-end secure communications is largely ignored. in this paper, we design an end-to-end secure communication protocol in randomly deployed WSNs. Specifically, our protocol is based on a methodology called differentiated key pre-distribution. the core idea is to distribute different number of keys to different sensors to enhance the resilience of certain links. This feature is leveraged during routing, where nodes route …

Security Systems Based On Gaussian Integers : Analysis Of Basic Operations And Time Complexity Of Secret Transformations, Aleksey Koval

Dissertations

Many security algorithms currently in use rely heavily on integer arithmetic modulo prime numbers. Gaussian integers can be used with most security algorithms that are formulated for real integers. The aim of this work is to study the benefits of common security protocols with Gaussian integers. Although the main contribution of this work is to analyze and improve the application of Gaussian integers for various public key (PK) algorithms, Gaussian integers were studied in the context of image watermarking as well.

The significant benefits of the application of Gaussian integers become apparent when they are used with Discrete Logarithm Problem …

A Phishing Model And Its Applications To Evaluating Phishing Attacks, Narasimha Shashidhar, Lei Chen

International Cyber Resilience conference

Phishing is a growing threat to Internet users and causes billions of dollars in damage every year. In this paper, we present a theoretical yet practical model to study this threat in a formal manner. While it is folklore knowledge that a successful phishing attack entails creating messages that are indistinguishable from the natural, expected messages by the intended victim, this concept has not been formalized. Our model captures phishing in terms of this indistinguishability between the natural and phishing message distributions. To the best of our knowledge, this is the first study that places phishing on a concrete theoretical …

Networks - Ii: A Survey Of Data Management Issues & Frameworks For Mobile Ad Hoc Networks, Noman Islam, Zubair A. Shaikh

International Conference on Information and Communication Technologies

Data Management is the execution of a pool of activities on a set of data to conform to the end user data requisitions. MANET is an emerging discipline of computer networks in which a group of roaming hosts spontaneously establishes the network among themselves. The employment of data management in MANET can engender a number of useful applications. However, data management in MANET is a taxing job as it requires deliberation on a number of research issues (e.g. knowledge representation, knowledge discovery, caching, and security etc.). This paper provides a detailed account of the data management problem and its issues, …

Heaven And Hell: Visions For Pervasive Adaptation, Ben Paechter, Jeremy Pitt, Nikola Serbedzijac, Katina Michael, Jennifer Willies, Ingi Helgason

Professor Katina Michael

With everyday objects becoming increasingly smart and the “info-sphere” being enriched with nanosensors and networked to computationally-enabled devices and services, the way we interact with our environment has changed significantly, and will continue to change rapidly in the next few years. Being user-centric, novel systems will tune their behaviour to individuals, taking into account users’ personal characteristics and preferences. But having a pervasive adaptive environment that understands and supports us “behaving naturally” with all its tempting charm and usability, may also bring latent risks, as we seamlessly give up our privacy (and also personal control) to a pervasive world of …

Recognizing Whether Sensors Are On The Same Body, Cory Cornelius, David Kotz

Dartmouth Scholarship

As personal health sensors become ubiquitous, we also expect them to become interoperable. That is, instead of closed, end-to-end personal health sensing systems, we envision standardized sensors wirelessly communicating their data to a device many people already carry today, the cellphone. In an open personal health sensing system, users will be able to seamlessly pair off-the-shelf sensors with their cellphone and expect the system to ıt just work. However, this ubiquity of sensors creates the potential for users to accidentally wear sensors that are not necessarily paired with their own cellphone. A husband, for example, might mistakenly wear a heart-rate …

Cloud Computing: Architectural And Policy Implications, Christopher S. Yoo

All Faculty Scholarship

Cloud computing has emerged as perhaps the hottest development in information technology. Despite all of the attention that it has garnered, existing analyses focus almost exclusively on the issues that surround data privacy without exploring cloud computing’s architectural and policy implications. This article offers an initial exploratory analysis in that direction. It begins by introducing key cloud computing concepts, such as service-oriented architectures, thin clients, and virtualization, and discusses the leading delivery models and deployment strategies that are being pursued by cloud computing providers. It next analyzes the economics of cloud computing in terms of reducing costs, transforming capital expenditures …

Anonysense: A System For Anonymous Opportunistic Sensing, Minho Shin, Cory Cornelius, Dan Peebles, Apu Kapadia, David Kotz, Nikos Triandopoulos

Dartmouth Scholarship

We describe AnonySense, a privacy-aware system for realizing pervasive applications based on collaborative, opportunistic sensing by personal mobile devices. AnonySense allows applications to submit sensing \emphtasks\/ to be distributed across participating mobile devices, later receiving verified, yet anonymized, sensor data \emphreports\/ back from the field, thus providing the first secure implementation of this participatory sensing model. We describe our security goals, threat model, and the architecture and protocols of AnonySense. We also describe how AnonySense can support extended security features that can be useful for different applications. We evaluate the security and feasibility of AnonySense through security analysis and prototype …

Trends In Phishing Attacks: Suggestions For Future Research, Ryan M. Schuetzler

Information Systems and Quantitative Analysis Faculty Proceedings & Presentations

Deception in computer-mediated communication is a widespread phenomenon. Cyber criminals are exploiting technological mediums to communicate with potential targets as these channels reduce both the deception cues and the risk of detection itself. A prevalent deception-based attack in computer-mediated communication is phishing. Prior phishing research has addressed the “bait” and “hook” components of phishing attacks, the human-computer interaction that takes place as users judge the veracity of phishing emails and websites, and the development of technologies that can aid users in identifying and rejecting these attacks. Despite the extant research on this topic, phishing attacks continue to be successful as …

Programmable Logic Controller Based Fibre Bragg Grating In-Ground Intrusion Detection System, Gary Allwood, Graham Wild, Steven Hinckley

Australian Security and Intelligence Conference

In this paper we present an in-ground intrusion detection system for security applications. Here, an optical fibre pressure switch is directly connected to a standard digital input of a programmable logic controller (PLC). This is achieved using an intensiometric detection system, where a laser diode and Fibre Bragg Grating (FBG) are optically mismatched, resulting in a static dc offset from the transmitted and reflected optical power signals. Pressure applied to the FBG, as the intruder stepped on it, induced a wavelength shift in the FBG. The wavelength shift was then converted into an intensity change as the wavelength of the …

An Empirical Study Of Challenges In Managing The Security In Cloud Computing, Bupesh Mansukhani, Tanveer A. Zia

Australian Information Security Management Conference

Cloud computing is being heralded as an important trend in information technology throughout the world. Benefits for business and IT include reducing costs and increasing productivity. The downside is that many organizations are moving swiftly to the cloud without making sure that the information they put in the cloud is secure. The purpose of this paper is to learn from IT and IT security practitioners in the Indian Continent the current state of cloud computing security in their organizations and the most significant changes anticipated by respondents as computing resources migrate from on-premise to the cloud. As organizations grapple with …

Privacy-Preserving Assessment Of Location Data Trustworthiness, Chenyun Dai, Fang-Yu Rao, Gabriel Ghinita, Elisa Bertino

Cyber Center Publications

Assessing the trustworthiness of location data corresponding to individuals is essential in several applications, such as forensic science and epidemic control. To obtain accurate and trustworthy location data, analysts must often gather and correlate information from several independent sources, e.g., physical observation, witness testimony, surveillance footage, etc. However, such information may be fraudulent, its accuracy may be low, and its vol-
ume may be insufficient to ensure highly trustworthy data. On the other hand, recent advancements in mobile computing and positioning systems, e.g., GPS-enabled cell phones, highway sensors, etc., bring new and effective technological means to track the location of …

Prox-Rbac: A Proximity-Based Spatially Aware Rbac, Michael Kirkpatrick, Maria Luisa Damiani, Elisa Bertino

Cyber Center Publications

As mobile computing devices are becoming increasingly dominant in enterprise and government organizations, the need for fine-grained access control in these environments continues to grow. Specifically, advanced forms of access control can be deployed to ensure authorized users can access sensitive resources only when in trusted locations. One technique that has been proposed is to augment role-based access control (RBAC) with spatial constraints. In such a system, an authorized user must be in a designated location in order to exercise the privileges associated with a role. In this work, we extend spatially aware RBAC systems by defining the notion of …

Using Checklists To Make Better Best, Craig S. Wright, Tanveer A. Zia

Australian Information Security Management Conference

The more routine a task is we see the greater the need for a checklist. Even the smartest of us can forget where we parked our cars on returning from a long flight. So, the question is, why not create a straightforward checklist that will improve system management and security? In Information Technology operations, the vast majority of skilled people have re-built servers, but in an incident response situation, it can be unforgivable to overlook a serious security configuration simply because in the stress of the environment causes one to lose track of which stage they were on while being …

A Preliminary Investigation Of Distributed And Cooperative User Authentication, C G. Hocking, S M. Furnell, N L. Clarke, P L. Reynolds

Australian Information Security Management Conference

Smartphones and other highly mobile yet sophisticated technologies are rapidly spreading through society and increasingly finding their way into pockets and handbags. As reliance upon these intensifies and familiarity grows, human nature dictates that more and more personal details and information is now to be found upon such devices. The need to secure and protect this valuable and desirable information is becoming ever more prevalent. Building upon previous work which proposed a novel approach to user authentication, an Authentication Aura, this paper investigates the latent security potential contained in surrounding devices in everyday life. An experiment has been undertaken to …

Security Risk Management: A Psychometric Map Of Expert Knowledge Structure, David Brooks

Research outputs 2011

The security industry operates within a diverse and multi-disciplined knowledge base, with risk management as a fundamental knowledge domain within security to mitigate its risks. Nevertheless, there has been limited research in understanding and mapping security expert knowledge structures within security risk management to consider if parts of security risk management are unique from more general risk management. This interpretive study applied a technique of multidimensional scaling (MDS) to develop and present a psychometric map within the knowledge domain of security risk management, validated with expert interviews. The psychometric MDS security risk management concept map presented the expert knowledge structure …

Modelling Misuse Cases As A Means Of Capturing Security Requirements, Michael N. Johnstone

Australian Information Security Management Conference

Use cases as part of requirements engineering are often seen as an essential part of systems development in many methodologies. Given that modern, security-oriented software development methods such as SDL , SQUARE and CLASP place security at the forefront of product initiation, design and implementation, the focus of requirements elicitation must now move to capturing security requirements so as not to replicate past errors. Misuse cases can be an effective tool to model security requirements. This paper uses a case study to investigate the generation of successful misuse cases by employing the STRIDE framework as used in the SDL.

Cloud Computing Concerns In Developing Economies, Mathias Mujinga, Baldreck Chipangura

Australian Information Security Management Conference

Cloud computing promises to bring substantial benefits to how organizations conduct their businesses and the way their services reach out to potential consumers. Cloud computing is a welcome initiative for small businesses that cannot afford to invest in ICT infrastructure but need to benefit from the rewards of conducting business online. In developing economies, there are challenges that face cloud services providers and their consumers. Broadband network access was identified as the main essential service for a successful cloud computing offering. The objective of this paper is to give background information on the security issues in cloud computing, and highlight …

Improving Security Of Q-Sdh Based Digital Signatures, Fuchun Guo, Yi Mu, Willy Susilo

Faculty of Informatics - Papers (Archive)

In Eurocrypt 2009, Hohenberger and Waters pointed out that a complexity assumption, which restricts the adversary to a single correct response, seems inherently more reliable than their flexible counterparts. The q-SDH assumption is less reliable than standard assumptions because its solution allows exponential answers. On the other hand, the q-SDH assumption exhibits the nice feature of tight reduction in security proof. In this paper, we propose a variant of the q-SDH assumption, so that its correct answers are polynomial and no longer exponentially many. The new assumption is much more reliable and weaker than the original q-SDH assumption. We propose …

Exploring Identity Management At Community Colleges In Texas With Open Access To College Computer Networks, Michael John Callahan

Walden Dissertations and Doctoral Studies

The study addressed the lack of identity management practices in Texas community colleges to identify guest users who access college computers. Guest user access is required by Texas law and is part of the state's mission to bridge the technology gap; however, improper identification methods leave the college vulnerable to liability issues. The purpose of this study was to eliminate or mitigate liabilities facing colleges by creating and using security policies to identify guest users. This study combined the theoretical concepts of Cameron's internal security management model with the external trust models of the Liberty Alliance and Microsoft's Passport software. …