Global ETD Search

71	A Distributed Security Scheme to Secure Data Communication between Class-0 IoT Devices and the Internet King, James January 2015 (has links) This thesis focuses on securing data exchanged between highly constrained IoT devices and the internet. This thesis builds on existing research by combining elements of different research solutions to create a more secure solution. This solution helps to solve gaps in security left behind by existing solutions through the use of symmetric cryptography in data objects and IoT security gateways which act as intermediaries between devices and the internet. The goal of this research is to provide a security solution for devices which do not have the resources necessary to effectively implement the recommended TLS based protocols for secure communication over the internet. The solution provides confidentiality to data traveling between device and gateway while also providing confidentiality, integrity and authenticity to data traveling across the internet. The solution works by delegating demanding security processes to an IoT security gateway which securely processes communications to and from the internet using HTTPS (SSL/TLS). Security of data being passed between device and gateway is provided with AES symmetric encryption at the Data Link and Data Object layers. The performance of the solution is measured by timing the security process of the IoT device while also measuring the resource requirements of applying the solution to the device. / <p>Validerat; 20150622 (global_studentproject_submitter)</p> Technology Information Security Internet of Things Constrained Devices IoT Teknik
72	Assessment of Web-Based Authentication Methods in the U.S.: Comparing E-Learning Systems to Internet Healthcare Information Systems Mattord, Herbert J. 01 January 2012 (has links) Organizations continue to rely on password-based authentication methods to control access to many Web-based systems. This research study developed a benchmarking instrument intended to assess authentication methods used in Web-based information systems (IS). It developed an Authentication Method System Index (AMSI) to analyze collected data from representative samples of e-learning systems in the U.S. and from healthcare ISs, also in the U.S. This data were used to compare authentication methods used by those systems. The AMSI measured 1) password strength requirements, 2) password usage methods, and 3) password reset requirements. Those measures were combined into the single index that represents the current authentication methods. This study revealed that there is no significant difference in the ways that authentication methods are employed between the two groups of ISs. This research validated the criteria proposed for the AMSI using a panel of experts drawn from industry and academia. Simultaneously, the same panel provided preferences for the relative weight of specific criteria within some measures. The panel of experts also assessed the relative weight of each measure within the AMSI. Once the criteria were verified and the elicited weights were computed, an opportunity sample of Web-based ISs in the two groups identified earlier were assessed to ascertain the values for the criteria that comprise the AMSI. After completion of pre-analysis data screening, the collected data were assessed using the results of the AMSI benchmarking tool. Results of the comparison within and between the two sample groups are presented. This research found that the AMSI can be used as a mechanism to measure some aspects of the authentication methods used by Web-based systems. There was no measurable significance in the differences between the samples groups. However, IS designers, quality assurance teams, and information security practitioners charged with validating ISs methods may choose to use it to measure the effectiveness of such authentication methods. This can enable continuous improvement of authentication methods employed in such Web-based systems. Authentication E-learning Healthcare Information Security Security Management Computer Sciences
73	An Examination of an Information Security Framework Implementation Based on Agile Values to Achieve Health Insurance Portability and Accountability Act Security Rule Compliance in an Academic Medical Center: The Thomas Jefferson University Case Study Reis, David W. 01 January 2012 (has links) Agile project management is most often examined in relation to software development, while information security frameworks are often examined with respect to certain risk management capabilities rather than in terms of successful implementation approaches. This dissertation extended the study of both Agile project management and information security frameworks by examining the efficacy of implementing a security framework using a nontraditional project management approach. Such an investigation is significant because of the high rate of failed IT projects, gaps in the current security framework implementation literature, and increased regulatory pressure on Health Insurance Portability and Accountability (HIPAA)-covered entities to become compliant with the HIPAA Security Rule. HIPAA-covered entities have struggled to achieve HIPAA compliance since the Act's enforcement date. Specifically, academic medical centers have struggled to achieve and authoritatively document their compliance with the HIPAA Security Rule. To aid HIPAA-covered entities in confirming and documenting their HIPAA Security Rule compliance, the HITRUST Alliance has published the Common Security Framework. Thomas Jefferson University selected the Common Security Framework to help them assess and document their HIPAA Security Rule compliance. However, there is a documented gap in the literature on successful methods for implementing information security-related projects, particularly HIPAA compliance. In this single-case case study, the author examined the implementation of an Information Security Framework based on Agile values. Specifically examined were the values of (a) individuals and interactions over processes and tools; (b) working software over comprehensive documentation; (c) customer collaboration over contract negotiation; and (d) responding to change over following a plan. The results of this investigation indicated that an information security framework implementation based on Agile values is a viable approach for successfully implementing the Common Security Framework at an academic medical center. Agile HIPAA HITRUST Information Security Project Management Computer Sciences
74	Detection of Deviations From Authorized Network Activity Using Dynamic Bayesian Networks Ewell, Cris Vincent 01 January 2011 (has links) This research addressed one of the hard problems still plaguing the information security profession; detection of network activity deviations from authorized accounts when the deviations are similar to normal network activity. Specifically, when user and administrator type accounts are used for malicious activity, harm can come to the organization. Accurately modeling normal user network activity is hard to accomplish and detecting misuse is a complex problem. Much work has been done in the past with intrusion detection systems, but being able to detect masquerade events with high accuracy and low false alarm rates continues to be an issue. Bayesian networks have been successfully used in the past to reason under certainty by combining prior knowledge with observed data. The use of dynamic Bayesian Networks, such as multi-entity Bayesian network, extends the capability and can address complex problems. The goal of the research was to extend previous research with multi-entity Bayesian networks along with discretization methods to improve the effectiveness of the detection rate while maintaining an acceptable level of false positives. Preprocessing continuous variables has proven effective in prior research but has not been applied to multi-entity Bayesian networks in the past. Five different discretization methods were used in this research. Analysis using receiver operating characteristic curves, confusion matrix, and other comparison methods were completed as part of this research. The results of the research demonstrated that a multi-entity Bayesian network model based on multiple data sources and the relationship between the user attributes could be used to detect unauthorized access to data. The supervised top down discretization methods had better performance related to the overall classification accuracy. Specifically, the class-attribute interdependence maximization discretization method outperformed the other four discretization methods. When compared to previous masquerade detection methods, the class-attribute interdependence maximization discretization method had a comparable true positive rate with a lower false positive rate. Bayesian Networks Information Security Intrusion Detection Computer Sciences
75	Detecting Objective-C Malware through Memory Forensics Case, Andrew 13 May 2016 (has links) Memory forensics is increasingly used to detect and analyze sophisticated malware. In the last decade, major advances in memory forensics have made analysis of kernel-level malware straightforward. Kernel-level malware has been favored by attackers because it essentially provides complete control over a machine. This has changed recently as operating systems vendors now routinely enforce driving signing and strategies for protecting kernel data, such as Patch Guard, have made userland attacks much more attractive to malware authors. In this thesis, new techniques for detecting userland malware written in Objective-C on Mac OS X are presented. As the thesis illustrates, Objective-C provides a rich set of APIs that malware uses to manipulate and steal data and to perform other malicious activities. The novel memory forensics techniques presented in this thesis deeply examine the state of the Objective-C runtime, identifying a number of suspicious activities, from keystroke logging to pointer swizzling. Memory Forensics Objective-C Malware Analysis Incident Response Information Security
76	Capturing and Analyzing Network Traffic from Common Mobile Devices for Security and Privacy Overton, Billy 01 May 2014 (has links) Mobile devices such as tablets and smartphones are becoming more common, and they are holding more information. This includes private information such as contacts, financial data, and passwords. At the same time these devices have network capability with access to the Internet being a prime feature. Little research has been done in observing the network traffic produced by these mobile devices. To determine if private information was being transmitted without user knowledge, the mobile capture lab and a set of procedures have been created to observe, capture and analyze the network traffic produced by mobile devices. The effectiveness of the lab and procedures has been evaluated with the analysis of four common mobile devices. The data analyzed from the case studies indicates that, contrary to popular opinion, very little private information is transmitted in clear text by mobile devices without the user’s knowledge. security mobile traffic analysis traffic capture Information Security Systems Architecture
77	An Analysis of Faculty and Staff's Identification of Malware Threats Quesinberry, Malora 01 August 2016 (has links) This document presents findings related to faculty and staff member’s ability to identify malware threats. This study involved discovering the most common incidents of malware threats to higher education systems. From this research, eight categories of malware were identified to be the most common threats to higher education systems. This document also describes the impact of malware intrusions on higher education systems to emphasis the importance of recognizing malware threats. Faculty and staff members at a midsize southeastern university were presented with realistic scenarios to determine the ability to identify malware threats. The results indicate malware categories such as virus, Trojan, browser hijacker, adware, and ransomware were identifiable by faculty and staff. Additionally, the findings demonstrate malware threats in the worm, spyware, and rootkit categories were difficult for faculty and staff members to identify. A recommendation for educating faculty and staff members to better identify malware threats in the less identified categories was proposed to help mitigate future malware intrusions. Future recommendations include investigating new types of malware risks and students’ awareness, or recognition of malware threats and solutions for mitigating these risks. information technology information security security awareness Technology and Innovation
78	File Fragment Classification Using Neural Networks with Lossless Representations Hiester, Luke 01 May 2018 (has links) This study explores the use of neural networks as universal models for classifying file fragments. This approach differs from previous work in its lossless feature representation, with fragments’ bits as direct input, and its use of feedforward, recurrent, and convolutional networks as classifiers, whereas previous work has only tested feedforward networks. Due to the study’s exploratory nature, the models were not directly evaluated in a practical setting; rather, easily reproducible experiments were performed to attempt to answer the initial question of whether this approach is worthwhile to pursue further, especially due to its high computational cost. The experiments tested classification of fragments of homogeneous file types as an idealized case, rather than using a realistic set of types, because the types of interest are highly application-dependent. The recurrent networks achieved 98 percent accuracy in distinguishing 4 file types, suggesting that this approach may be capable of yielding models with sufficient performance for practical applications. The potential applications depend mainly on the model performance gains achievable by future work but include binary mapping, deep packet inspection, and file carving. Artificial Intelligence and Robotics Information Security Other Computer Sciences
79	MULTI-WAY COMMUNICATION SYSTEM Chinnam, S. 01 March 2017 (has links) Videoconferencing is increasingly becoming a trend worldwide in applications where clients need to access lectures, meeting proceedings, communicating with family and friends etc. It provides a platform enabling the visual, audio and video communication between clients. The aim of this project is to utilize the open source Java software to build a desktop application enabling communication between clients. When a user needs to transfer a secured file, it’s unsafe to send it using social networking sites because of lack of security. So, with the “Multi-Way Communication System” (MWCS) we resolve some security issues. The MWCS is a highly secure way for file transfer, text and video conferencing. Multi-Way Computer Sciences Information Security Other Computer Sciences
80	Smartphone User Privacy Preserving through Crowdsourcing Rashidi, Bahman 01 January 2018 (has links) In current Android architecture, users have to decide whether an app is safe to use or not. Expert users can make savvy decisions to avoid unnecessary private data breach. However, the majority of regular users are not technically capable or do not care to consider privacy implications to make safe decisions. To assist the technically incapable crowd, we propose a permission control framework based on crowdsourcing. At its core, our framework runs new apps under probation mode without granting their permission requests up-front. It provides recommendations on whether to accept or not the permission requests based on decisions from peer expert users. To seek expert users, we propose an expertise rating algorithm using a transitional Bayesian inference model. The recommendation is based on aggregated expert responses and their confidence level. As a complete framework design of the system, this thesis also includes a solution for Android app risks estimation based on behaviour analysis. To eliminate the negative impact from dishonest app owners, we also proposed a bot user detection to make it harder to utilize false recommendations through bot users to impact the overall recommendations. This work also covers a multi-view permission notification design to customize the app safety notification interface based on users' need and an app recommendation method to suggest safe and usable alternative apps to users. Smartphone Security Privacy Recommendation Crowdsourcing Information Security Theory and Algorithms

Search results