Online project management system

Dhir, Amit

01 January 2005

The purpose of this project is to design and create a system that can be used by a wide variety of groups who do projects. The system created has been specifically tailored for a medium-level company that has employees in different locations and levels, and also has customers for whom they do projects.

Project management Computer programs

Online information services

Online databases

Network analysis (Planning)

Visual Basic (Computer program language)

Network analysis (Planning)

Online databases

Online information services

Project management Computer programs

Visual Basic (Computer program language)

Software Engineering

Securing sensor network

Zare Afifi, Saharnaz

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / A wireless sensor network consists of lightweight nodes with a limited power source. They can be used in a variety of environments, especially in environments for which it is impossible to utilize a wired network. They are easy/fast to deploy. Nodes collect data and send it to a processing center (base station) to be analyzed, in order to detect an event and/or determine information/characteristics of the environment. The challenges for securing a sensor network are numerous. Nodes in this network have a limited amount of power, therefore they could be faulty because of a lack of battery power and broadcast faulty information to the network. Moreover, nodes in this network could be prone to different attacks from an adversary who tries to eavesdrop, modify or repeat the data which is collected by other nodes. Nodes may be mobile. There is no possibility of having a fixed infrastructure. Because of the importance of extracting information from the data collected by the sensors in the network there needs to be some level of security to provide trustworthy information. The goal of this thesis is to organize part of the network in an energy efficient manner in order to produce a suitable amount of integrity/security. By making nodes monitor each other in small organized clusters we increase security with a minimal energy cost. To increase the security of the network we use cryptographic techniques such as: public/ private key, manufacturer signature, cluster signature, etc. In addition, nodes monitor each other's activity in the network, we call it a "neighborhood watch" In this case, if a node does not forward data, or modifies it, and other nodes which are in their transmission range can send a claim against that node.

Cluster-Base Network

Threshold Signature

Data Aggregation

Wireless Network

Ad-hoc Network

Neighborhood Watch

Threshold signatures -- Research

Computer networks -- Security measures

Wireless communication systems

Wireless LANs

Group signatures (Computer security)

Data protection

Computer security -- Management

Sensor networks -- Research

Pattern recognition systems

Computers -- Access control

Computer network protocols

Secure Digital Provenance: Challenges and a New Design

Rangwala, Mohammed M.

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Derived from the field of art curation, digital provenance is an unforgeable record of a digital object's chain of successive custody and sequence of operations performed on the object. It plays an important role in accessing the trustworthiness of the object, verifying its reliability and conducting audit trails of its lineage. Digital provenance forms an immutable directed acyclic graph (DAG) structure. Since history of an object cannot be changed, once a provenance chain has been created it must be protected in order to guarantee its reliability. Provenance can face attacks against the integrity of records and the confidentiality of user information, making security an important trait required for digital provenance. The digital object and its associated provenance can have different security requirements, and this makes the security of provenance different from that of traditional data. Research on digital provenance has primarily focused on provenance generation, storage and management frameworks in different fields. Security of digital provenance has also gained attention in recent years, particularly as more and more data is migrated in cloud environments which are distributed and are not under the complete control of data owners. However, there still lacks a viable secure digital provenance scheme which can provide comprehensive security for digital provenance, particularly for generic and dynamic ones. In this work, we address two important aspects of secure digital provenance that have not been investigated thoroughly in existing works: 1) capturing the DAG structure of provenance and 2) supporting dynamic information sharing. We propose a scheme that uses signature-based mutual agreements between successive users to clearly delineate the transition of responsibility of the digital object as it is passed along the chain of users. In addition to preserving the properties of confidentiality, immutability and availability for a digital provenance chain, it supports the representation of DAG structures of provenance. Our scheme supports dynamic information sharing scenarios where the sequence of users who have custody of the document is not predetermined. Security analysis and empirical results indicate that our scheme improves the security of the typical secure provenance schemes with comparable performance.

availability

confidentiality

cryptography

integrity

provenance

signatures

Cryptography -- Research

Data protection -- Research

Digital signatures

Cultural property -- Protection

Computer networks -- Security measures

Database management

Databases -- Quality control

Computer networks -- Monitoring

Information services -- Quality control

Application software -- Development

Computer programs -- Validation

Smart card fault attacks on public key and elliptic curve cryptography

Ling, Jie

January 2014

Indiana University-Purdue University Indianapolis (IUPUI) / Blömmer, Otto, and Seifert presented a fault attack on elliptic curve scalar multiplication called the Sign Change Attack, which causes a fault that changes the sign of the accumulation point. As the use of a sign bit for an extended integer is highly unlikely, this appears to be a highly selective manipulation of the key stream. In this thesis we describe two plausible fault attacks on a smart card implementation of elliptic curve cryptography. King and Wang designed a new attack called counter fault attack by attacking the scalar multiple of discrete-log cryptosystem. They then successfully generalize this approach to a family of attacks. By implementing King and Wang's scheme on RSA, we successfully attacked RSA keys for a variety of sizes. Further, we generalized the attack model to an attack on any implementation that uses NAF and wNAF key.

Smart Card

RSA

ECC

Fault Attack

Smart Card Security

Public Key

NAF

wNAF

Counter Fault Attack

Bit Flip Attack

Doubling Attack

Attack Simulation

Data encryption (Computer science)

Curves, Elliptic -- Data processing

Cryptography -- Mathematics

Public key cryptography -- Research

Data protection -- Research

Computer engineering -- Research

Coding theory

Computer security

Data structures (Computer science)

Embedded computer systems

Smart card industry

Computer networks -- Security measures

Computers -- Access control

Development of a diagnostic instrument and privacy model for student personal information privacy perceptions at a Zimbabwean university

Maguraushe, Kudakwashe

05 1900

Orientation: The safety of any natural being with respect to the processing of their personal information is an essential human right as specified in the Zimbabwe Data Protection Act (ZDPA) bill. Once enacted, the ZDPA bill will affect universities as public entities. It will directly impact how personal information is collected and processed. The bill will be fundamental in understanding the privacy perceptions of students in relation to privacy awareness, privacy expectations and confidence within university. These need to be understood to give guidelines to universities on the implementation of the ZPDA. Problem Statement: The current constitution and the ZDPA are not sufficient to give organisations guidelines on ensuring personal information privacy. There is need for guidelines to help organisations and institutions to implement and comply with the provisions of the ZDPA in the context of Zimbabwe. The privacy regulations, regarded as the three concepts (awareness, expectations and confidence), were used to determine the student perceptions. These three concepts have not been researched before in the privacy context and the relationship between the three concepts has not as yet been established. Research purpose: The main aim of the study was to develop and validate an Information Privacy Perception Survey (IPPS) diagnostic tool and a Student Personal Information Privacy Perception (SPIPP) model to give guidelines to universities on how they can implement the ZDPA and aid universities in comprehending student privacy perceptions to safeguard personal information and assist in giving effect to their privacy constitutional right. Research Methodology: A quantitative research method was used in a deductive research approach where a survey research strategy was applied using the IPPS instrument for data collection. The IPPS instrument was designed with 54 items that were developed from the literature. The preliminary instrument was taken through both the expert review and pilot study. Using the non-probability convenience sampling method, 287 students participated in the final survey. SPSS version 25 was used for data analysis. Both descriptive and inferential statistics were done. Exploratory factor analysis (EFA) was used to validate the instrument while confirmatory factor analysis (CFA) and the structural equation modelling (SEM) were used to validate the model. Main findings: diagnostic instrument was validated and resulted in seven new factors, namely university confidence (UC), privacy expectations (PE), individual awareness (IA), external awareness (EA), privacy awareness (PA), practice confidence (PC) and correctness expectations (CE). Students indicated that they had high expectations of the university on privacy. The new factors showed a high level of awareness of privacy and had low confidence in the university safeguarding their personal information privacy. A SPIPP empirical model was also validated using structural equation modelling (SEM) and it indicated an average overall good fit between the proposed SPIPP conceptual model and the empirically derived SPIPP model Contribution: A diagnostic instrument that measures the perceptions (privacy awareness, expectations and confidence of students) was developed and validated. This study further contributed a model for information privacy perceptions that illustrates the relationship between the three concepts (awareness, expectations and confidence). Other universities can use the model to ascertain the perceptions of students on privacy. This research also contributes to improvement in the personal information protection of students processed by universities. The results will aid university management and information regulators to implement measures to create a culture of privacy and to protect student data in line with regulatory requirements and best practice. / School of Computing / Ph. D. (Information Systems)

Confirmatory factor analysis

Correctness expectations

Diagnostic instrument

Exploratory factor analysis

External awareness

Individual awareness

Practice confidence

Perceptions

Personal information

Privacy

Privacy education

Privacy expectations

Instrument

Structural equation modelling

University confidence

005.807116891

Zimbabwe Data Protection Act