Global ETD Search

11	A Fraud-Prevention Framework for Software Defined Radio Mobile Devices Brawerman, Alessandro 13 July 2005 (has links) The superior reconfigurability of software defined radio mobile devices has made it one of the most promising technology on the wireless network and in the mobile communication industry. The evolution from a static and rigid system to a highly dynamic environment, which offers many advantages over current systems, has been made possible thanks to the concepts of programmability and reconfigurability introduced by the software defined radio technology and the higher level of flexibility and openness of this technology's devices. Clearly, the software defined radio mobile device's flexibility is a great advantage since the customer is able to use the same device in different parts of the world, with different wireless technologies. Despite the advantages, there are still issues to be discussed regarding security. According to the Software Defined Radio Forum some of the concerns are the radio configuration download, storage and installation, user's privacy, and cloning. To address the SDR Forum concerns a raud-prevention framework is proposed. The framework is composed by new pieces of hardware, new modules and new protocols that together greatly enhance the overall security of software defined radio mobile devices and this new highly dynamic environment. The framework offers security monitoring against malicious attacks and viruses that may affect the configuration data; protects sensitive information through the use of protected storage; creates and protects an identity for the system; employs a secure and efficient protocol for radio configuration download and update; and finally, establishes an anti-cloning scheme, which not only guarantees that no units can be cloned over the air but also elevates the level of difficulty to clone units if the attacker has physical access to those units. Even if cloned units exist, the anti-cloning scheme is able to identify them and deny any service. Differential download Security and privacy issues Cloning Software defined radio Security protocols
12	Internet of Things : Tapping into security and privacy issues associated with the internet of things Ahmad, Nabeel January 2021 (has links) The Internet of things and its collaborative technologies such as 5G, cloud, artificial intelligence, analytics, and automation will allow people and objects/devices to communicate not only with each other but with anything at any time and anywhere using the internet. Nowadays, people interact with different smart devices daily. Keeping in mind technology’s evolution, it is estimated that each of us will own roughly 15 linked devices by 2030. Therefore, we cannot neglect the impact of this technology on virtually everything and the various risks associated with such emerging technologies. The goal of this thesis was to better understand the phenomenon of the Internet of Things and more importantly, what security, privacy, and trust threats are associated with it. And how these threats can be overcomed. Moreover, how IoT devices are perceived in terms of privacy and security by people and what factors they must keep in mind while buying, using, and disposing of such devices. Literature review and interviews were made to better understand the issues of privacy and security in IoT devices and people’s understanding of them. A general inductive method proposed by the grounded theory was used to analyze the obtained data, and answers were grouped into categories to identify different themes within the data. The results of the interviews and data showed that people’s top priorities with smart home IoT devices were interest in technology, comfort, a better lifestyle, energy savings, and cost savings. People were unaware of the gravity of security and privacy issues by and large, and they had no idea how to counteract them. Common uses of smart devices include virtual assistants, smart heating, listening to music, getting weather and traffic updates, smart lighting, smart lock systems, and fitness gadgets. The results can be seen in the empirical findings and discussion chapters. These results will also be published on relevant Facebook groups and in the local newspaper, Valbyavisen. Data showed IoT understanding and use of technology were directly proportional to the age factor. Young people were more aware and excited as compared to older ones. Finally, some suggestions were presented on how to buy, use, and discard IoT devices. Future research directions were also presented to conclude the thesis report. Internet of Things Security & Privacy Threats Architecture Grounded Theory. Information Systems
13	Search Rank Fraud Prevention in Online Systems Rahman, Md Mizanur 31 October 2018 (has links) The survival of products in online services such as Google Play, Yelp, Facebook and Amazon, is contingent on their search rank. This, along with the social impact of such services, has also turned them into a lucrative medium for fraudulently influencing public opinion. Motivated by the need to aggressively promote products, communities that specialize in social network fraud (e.g., fake opinions and reviews, likes, followers, app installs) have emerged, to create a black market for fraudulent search optimization. Fraudulent product developers exploit these communities to hire teams of workers willing and able to commit fraud collectively, emulating realistic, spontaneous activities from unrelated people. We call this behavior “search rank fraud”. In this dissertation, we argue that fraud needs to be proactively discouraged and prevented, instead of only reactively detected and filtered. We introduce two novel approaches to discourage search rank fraud in online systems. First, we detect fraud in real-time, when it is posted, and impose resource consuming penalties on the devices that post activities. We introduce and leverage several novel concepts that include (i) stateless, verifiable computational puzzles that impose minimal performance overhead, but enable the efficient verification of their authenticity, (ii) a real-time, graph based solution to assign fraud scores to user activities, and (iii) mechanisms to dynamically adjust puzzle difficulty levels based on fraud scores and the computational capabilities of devices. In a second approach, we introduce the problem of fraud de-anonymization: reveal the crowdsourcing site accounts of the people who post large amounts of fraud, thus their bank accounts, and provide compelling evidence of fraud to the users of products that they promote. We investigate the ability of our solutions to ensure that fraud does not pay off. Usable security and social aspects Anonymity Machine learning Web security and privacy Other Computer Engineering
14	Privacy Aware Smart Surveillance Shirima, Emil 18 July 2019 (has links) No description available. Computer Science
15	Semantics-Aware Understanding and Handling of Security and Privacy Problems in Smart Environments Chi, Haotian, 0000-0002-0222-4660 January 2021 (has links) Internet of Things (IoT) platforms enable users to connect heterogeneous resource-constrained wireless devices and deploy semantics-rich home automation applications in smart homes. With the proliferation and fragmentation of IoT products, it even becomes a status quo that many smart IoT devices in a smart home are bounded or delegated to multiple IoT platforms, demonstrating the following characteristics. First, an IoT device may interact with more than one IoT platform. Second, a device can be accessed via multiple communication channels (e.g., Zigbee and Bluetooth). Third, automation applications or rules in a smart home may scatter on different platforms, mainly because each platform has its own strengths and restrictions on the supported IoT devices (e.g., many Google Nest devices are not compatible to work with the Amazon platform) and programming features. Despite the convenience brought by the modern platform-backed systems, a variety of attacks targeting the devices, applications and their interactions arise, which can put the smart home devices to insecure, unsafe, or unexpected states, or can breach users' private information in the daily life. In this dissertation, several semantics-aware security and privacy issues are discussed, analyzed and handled. In one way, we systematically categorized a family of cross-app interference threats and designed a Satisfiability modulo theories (SMT)-based solution to detect them. In another work, we revealed a family of delay-based automation interference attacks that cause cross-rule interference problems in multi-platform multi-path systems. We also studied privacy protection of IoT systems and proposed a semantics-aware customizable data flow control system to protect IoT data from being exploited by third parties and attackers. We also established a command sanitizer solution for detecting cross-app interference problems in multi-platform systems and enforce security and safety policies against various IoT threats. All the works were evaluated in real-world smart home testbeds. / Computer and Information Science Computer science Internet of Things IoT platforms Security and privacy Smart home automation
16	LEVERAGING MULTIMODAL SENSING FOR ENHANCING THE SECURITY AND PRIVACY OF MOBILE SYSTEMS Habiba Farrukh (13969653) 26 July 2023 (has links) <p>Mobile systems, such as smartphones, wearables (e.g., smartwatches, AR/VR headsets),<br> and IoT devices, have come a long way from being just a method of communication to<br> sophisticated sensing devices that monitor and control several aspects of our lives. These<br> devices have enabled several useful applications in a wide range of domains ranging from<br> healthcare and finance to energy and agriculture industries. While such advancement has<br> enabled applications in several aspects of human life, it has also made these devices an<br> interesting target for adversaries.<br> In this dissertation, I specifically focus on how the various sensors on mobile devices can<br> be exploited by adversaries to violate users’ privacy and present methods to use sensors<br> to improve the security of these devices. My thesis posits that multi-modal sensing can be<br> leveraged to enhance the security and privacy of mobile systems.<br> In this, first, I describe my work that demonstrates that human interaction with mobile de-<br> vices and their accessories (e.g., stylus pencils) generates identifiable patterns in permissionless<br> mobile sensors’ data, which reveal sensitive information about users. Specifically, I developed<br> S3 to show how embedded magnets in stylus pencils impact the mobile magnetometer sensor<br> and can be exploited to infer a users incredibly private handwriting. Then, I designed LocIn<br> to infer a users indoor semantic location from 3D spatial data collected by mixed reality<br> devices through LiDAR and depth sensors. These works highlight new privacy issues due to<br> advanced sensors on emerging commodity devices.<br> Second, I present my work that characterizes the threats against smartphone authentication<br> and IoT device pairing and proposes usable and secure methods to protect against these threats.<br> I developed two systems, FaceRevelio and IoTCupid, to enable reliable and secure user and<br> device authentication, respectively, to protect users’ private information (e.g., contacts,<br> messages, credit card details) on commodity mobile and allow secure communication between<br> IoT devices. These works enable usable authentication on diverse mobile and IoT devices<br> and eliminate the dependency on sophisticated hardware for user-friendly authentication.</p> Data and information privacy System and network security Mobile computing Multimodal sensing Mobile Security & Privacy
17	Exploring Security and Privacy Practices of Home IoT Users Andersen, Adelina January 2021 (has links) Internet of Things (IoT) devices are becoming more and more common in homes, making the security and privacy of these increasingly important. Previous research has found that home IoT users can become a threat to themselves if they lack knowledge of their devices and awareness of potential threats. To investigate how the users’ security and privacy practices can be improved, it is necessary to understand the current everyday practices and what impacts these. This is examined in 10 interviews, revealing that the practices are primarily influenced by convenience, motivation and the effort required from the user. Using these insights, this thesis suggests that tangible interaction needs to be used as a complement to digital solutions to improve the security and privacy practices. By having a physical object that in a simple way can inform everyone of the current security and privacy situation and is equally accessible for all members of a household, the security and privacy can become more attainable for all users no matter their level of knowledge and experience. / Internet of Things (IoT) enheter har blivit vanligt förekommande i hem vilket gör deras säkerhet och integritet allt viktigare. Det har tidigare visats att användare av IoT i hemmet kan utgöra ett hot mot sig själva om de saknar kunskap om enheterna och kännedom om potentiella hot. För att undersöka hur användarnas vanor kring säkerhet och integitet kan förbättras är det först nödvändigt att utforska de nuvarande vanorna och vad som påverkar dessa. Detta undersöks i tio intervjuer som visar att vanorna främst påverkas av bekvämlighet, motivation och ansträngningen som krävs av användaren. Utifrån dessa insikter föreslås det att fysisk interaktion används som ett komplement till digitala lösningar för att förbättra vanorna kring säkerhet och integritet. Genom att ha ett fysiskt objekt som på ett enkelt sätt kan förmedla enheternas nuvarande status och är lika tillgängligt för alla medlemmar i ett hushåll kan säkerhet och integritet bli mer uppnåeligt för alla användare, oavsett deras nivå av kunskap och erfarenhet. Computer and Information Sciences Data- och informationsvetenskap
18	<b>USER-CENTERED DATA ACCESS CONTROL TECHNIQUES FOR SECURE AND PRIVACY-AWARE MOBILE SYSTEMS</b> Reham Mohamed Sa Aburas (18857674) 25 June 2024 (has links) <p dir="ltr">The pervasive integration of mobile devices in today’s modern world, e.g., smartphones, IoT, and mixed-reality devices, has transformed various domains, enhancing user experiences, yet raising concerns about data security and privacy. Despite the implementation of various measures, such as permissions, to protect user privacy-sensitive data, vulnerabilities persist. These vulnerabilities pose significant threats to user privacy, including the risk of side-channel attacks targeting low-permission sensors. Additionally, the introduction of new permissions, such as the App Tracking Transparency framework in iOS, seeks to enhance user transparency and control over data sharing practices. However, these framework designs are accompanied by ambiguous developer guidelines, rendering them susceptible to deceptive patterns. These patterns can influence user perceptions and decisions, undermining the intended purpose of these permissions. Moreover, the emergence of new mobile technologies, e.g., mixed-reality devices, presents novel challenges in ensuring secure data sharing among multiple users in collaborative environments, while preserving usability.</p><p dir="ltr">In this dissertation, I focus on developing user-centered methods for enhancing the security and privacy of mobile system, navigating through the complexities of unsolicited data access strategies and exploring innovative approaches to secure device authentication and data sharing methodologies.</p><p dir="ltr">To achieve this, first, I introduce my work on the iStelan system, a three-stage side-channel attack. This method exploits the low-permission magnetometer sensor in smartphones to infer user sensitive touch data and application usage patterns. Through an extensive user study, I demonstrate the resilience of iStelan across different scenarios, surpassing the constraints and limitations of prior research efforts.</p><p dir="ltr">Second, I present my analysis and study on the App Tracking Transparency permission in iOS. Specifically, my work focuses on analyzing and detecting the dark patterns employed by app developers in the permission alerts to obtain user consent. I demonstrate my findings on the dark patterns observed in permission alerts on a large-scale of apps collected from Apple’s store, using both static and dynamic analysis methods. Additionally, I discuss the application of a between-subject user study to evaluate users’ perceptions and understanding when exposed to different alert patterns.</p><p dir="ltr">Lastly, I introduce StareToPair, a group pairing system that leverages multi-modal sensing technologies in mixed-reality devices to enable secure data sharing in collaborative settings. StareToPair employs a sophisticated threat model capable of addressing various real-world scenarios, all while ensuring high levels of scalability and usability.</p><p dir="ltr">Through rigorous investigation, theoretical analysis and user studies, my research endeavors enhance the field of security and privacy for mobile systems. The insights gained from these studies offer valuable guidance for future developments in mobile systems, ultimately contributing to the design of user-centered secure and privacy-aware mobile ecosystems.</p> Data security and protection System and network security Mobile computing Mobile Security & Privacy Usable Security
19	Trusted data path protecting shared data in virtualized distributed systems Kong, Jiantao 20 January 2010 (has links) When sharing data across multiple sites, service applications should not be trusted automatically. Services that are suspected of faulty, erroneous, or malicious behaviors, or that run on systems that may be compromised, should not be able to gain access to protected data or entrusted with the same data access rights as others. This thesis proposes a context flow model that controls the information flow in a distributed system. Each service application along with its surrounding context in a distributed system is treated as a controllable principal. This thesis defines a trust-based access control model that controls the information exchange between these principals. An online monitoring framework is used to evaluate the trustworthiness of the service applications and the underlining systems. An external communication interception runtime framework enforces trust-based access control transparently for the entire system. Trusted data path Context flow control Trust-based access control Attribute based access control Security and privacy Data protection Access control
20	Pareamento privado de atributos no contexto da resolução de entidades com preservação de privacidade. NÓBREGA, Thiago Pereira da. 10 September 2018 (has links) Submitted by Emanuel Varela Cardoso (emanuel.varela@ufcg.edu.br) on 2018-09-10T19:58:50Z No. of bitstreams: 1 THIAGO PEREIRA DA NÓBREGA – DISSERTAÇÃO (PPGCC) 2018.pdf: 3402601 bytes, checksum: b1a8d86821a4d14435d5adbdd850ec04 (MD5) / Made available in DSpace on 2018-09-10T19:58:50Z (GMT). No. of bitstreams: 1 THIAGO PEREIRA DA NÓBREGA – DISSERTAÇÃO (PPGCC) 2018.pdf: 3402601 bytes, checksum: b1a8d86821a4d14435d5adbdd850ec04 (MD5) Previous issue date: 2018-05-11 / A Resolução de entidades com preservação de privacidade (REPP) consiste em identificar entidades (e.g. Pacientes), armazenadas em bases de dados distintas, que correspondam a um mesmo objeto do mundo real. Como as entidades em questão possuem dados privados (ou seja, dados que não podem ser divulgados) é fundamental que a tarefa de REPP seja executada sem que nenhuma informação das entidades seja revelada entre os participantes (proprietários das bases de dados), de modo que a privacidade dos dados seja preservada. Ao final da tarefa de REPP, cada participante identifica quais entidades de sua base de dados estão presentes nas bases de dados dos demais participantes. Antes de iniciar a tarefa de REPP os participantes devem concordar em relação à entidade (em comum), a ser considerada na tarefa, e aos atributos das entidades a serem utilizados para comparar as entidades. Em geral, isso exige que os participantes tenham que expor os esquemas de suas bases de dados, compartilhando (meta-) informações que podem ser utilizadas para quebrar a privacidade dos dados. Este trabalho propõe uma abordagem semiautomática para identificação de atributos similares (pareamento de atributos) a serem utilizados para comparar entidades durante a REPP. A abordagem é inserida em uma etapa preliminar da REPP (etapa de Apresentação) e seu resultado (atributos similares) pode ser utilizado pelas etapas subsequentes (Blocagem e Comparação). Na abordagem proposta a identificação dos atributos similares é realizada utilizando-se representações dos atributos (Assinaturas de Dados), geradas por cada participante, eliminando a necessidade de divulgar informações sobre seus esquemas, ou seja, melhorando a segurança e privacidade da tarefa de REPP. A avaliação da abordagem aponta que a qualidade do pareamento de atributos é equivalente a uma solução que não considera a privacidade dos dados, e que a abordagem é capaz de preservar a privacidade dos dados. / The Privacy Preserve Record Linkage (PPRL) aims to identify entities, that can not have their information disclosed (e.g., Medical Records), which correspond to the same real-world object across different databases. It is crucial to the PPRL tasks that it is executed without revealing any information between the participants (database owners) during the PPRL task, to preserve the privacy of the original data. At the end of a PPRL task, each participant identifies which entities in its database are present in the databases of the other participants. Thus, before starting the PPRL task, the participants must agree on the entity and its attributes, to be compared in the task. In general, this agreement requires that participants have to expose their schemas, sharing (meta-)information that can be used to break the privacy of the data. This work proposes a semiautomatic approach to identify similar attributes (attribute pairing) to identify the entities attributes. The approach is inserted as a preliminary step of the PPRL (Handshake), and its result (similar attributes) can be used by subsequent steps (Blocking and Comparison). In the proposed approach, the participants generate a privacy-preserving representation (Data Signatures) of the attributes values that are sent to a trusted third-party to identify similar attributes from different data sources. Thus, by eliminating the need to share information about their schemas, consequently, improving the security and privacy of the PPRL task. The evaluation of the approach points out that the quality of attribute pairing is equivalent to a solution that does not consider data privacy, and is capable of preserving data privacy. Ciência da computação Preservação de privacidade Segurança e privacidade Resolução de entidades Integração de dados Schema matching Security and Privacy Entity resolution Data integration

Search results