- Browse by Subject
Browsing by Subject "security"
Now showing 1 - 10 of 16
Results Per Page
Sort Options
Item Broadband and Health Care: Legal and Policy Issues with Personal Health Records (PHR)(2010-10-14) Hook, Sara Anne; Jones, JosetteThis session will discuss the security, privacy and accessibility of PHRs and how the 2009 ARRA stimulus provisions (HITECH Act) and the 2010 National Broadband Plan facilitate, hamper or leave gaps in the implementation of PHRs for managing health information. It will also highlight unsettled legal issues with PHRs and the impact of state and federal legislation and government agencies.Item Cluster Base Network: A Neighborhood Watch Approach(Office of the Vice Chancellor for Research, 2013-04-05) ZareAfifi, Saharnaz; King, BrianSensors can significantly impact one’s life, they can be used to measure various phenomena such as CO2, temperature, chemicals, water quality, etc. They can also be used in surveillance situations. The data collected by the sensors is processed into information from which decisions are made. Faulty information could cause severe problems. For example, a CO2 sensor with a low battery charge may trigger a false CO2 alarm, causing emergency personnel to respond, thus causing a temporary shortage of personnel able to respond to real emergencies. This situation is exacerbated in a sensor network where data collected is highly sensitive and decisions are important. Furthermore, sensor networks are ad-hoc in nature, with no central authority to analyze network behavior. A goal of our research is to construct energy efficient mechanisms that increase the integrity of the data collected within the sensor network in the presence of potential malicious behavior, sensors with weakened battery power, and/or faulty sensors. A mechanism that we have used in our research is a cluster-based approach. Here the ad-hoc network is partitioned into small clusters. Data collection, communications and processing can be observed by cluster members. The cluster members can police each other, assessing the trustworthiness of each member and collectively signing this assessment. Thus sensors can act as neighborhood watch in a large city, in the sense neighbors watch each other's house to protect each other and enhance the security of the neighborhood. In this research, we developed an energy efficient network protocol that constructs clusters without the use of a central authority. We have also constructed an energy efficient protocol for a cluster to assess members’ trustworthiness and mechanisms that allow the cluster to sign this assessment.Item CommandFence: A Novel Digital-Twin-Based Preventive Framework for Securing Smart Home Systems(IEEE, 2023-05) Xiao, Yinhao; Jia, Yizhen; Hu, Qin; Cheng, Xiuzhen; Gong, Bei; Yu, Jiguo; Computer and Information Science, School of ScienceSmart home systems are both technologically and economically advancing rapidly. As people become gradually inalienable to smart home infrastructures, their security conditions are getting more and more closely tied to everyone's privacy and safety. In this paper, we consider smart apps, either malicious ones with evil intentions or benign ones with logic errors, that can cause property loss or even physical sufferings to the user when being executed in a smart home environment and interacting with human activities and environmental changes. Unfortunately, current preventive measures rely on permission-based access control, failing to provide ideal protections against such threats due to the nature of their rigid designs. In this paper, we propose CommandFence, a novel digital-twin-based security framework that adopts a fundamentally new concept of protecting the smart home system by letting any sequence of app commands to be executed in a virtual smart home system, in which a deep-q network (DQN) is used to predict if the sequence could lead to a risky consequence. CommandFence is composed of an Interposition Layer to interpose app commands and an Emulation Layer to figure out whether they can cause any risky smart home state if correlating with possible human activities and environmental changes. We fully implemented our CommandFence implementation and tested against 553 official SmartApps on the Samsung SmartThings platform and successfully identified 34 potentially dangerous ones, with 31 of them reported to be problematic Author: Please provide index terms/keywords for your article. To download the IEEE Taxonomy go to http://www.ieee.org/documents/taxonomy_v101.pdf ?> the first time to our best knowledge. Moreover, We tested our CommandFence on the 10 malicious SmartApps created by Jia et al. 2017, and successfully identified 7 of them as risky, with the missed ones actually only causing smartphone information leak (not harmful to the smart home system). We also tested CommandFence against the 17 benign SmartApps with logic errors developed by Celik et al. 2017, and achieved a 100% accuracy. Our experimental studies indicate that adopting CommandFence incurs a neglectable overhead of 0.1675 seconds.Item Daily Situational Brief, January 12, 2015(MESH Coalition, 1/12/2015) MESH CoalitionItem Defense Strategies Toward Model Poisoning Attacks in Federated Learning: A Survey(IEEE, 2022-04) Wang, Zhilin; Kang, Qiao; Zhang, Xinyi; Hu, Qin; Computer and Information Science, School of ScienceAdvances in distributed machine learning can empower future communications and networking. The emergence of federated learning (FL) has provided an efficient framework for distributed machine learning, which, however, still faces many security challenges. Among them, model poisoning attacks have a significant impact on the security and performance of FL. Given that there have been many studies focusing on defending against model poisoning attacks, it is necessary to survey the existing work and provide insights to inspire future research. In this paper, we first classify defense mechanisms for model poisoning attacks into two categories: evaluation methods for local model updates and aggregation methods for the global model. Then, we analyze some of the existing defense strategies in detail. We also discuss some potential challenges and future research directions. To the best of our knowledge, we are the first to survey defense methods for model poisoning attacks in FL.Item Fault attacks on “secure” Smart Card(Office of the Vice Chancellor for Research, 2013-04-05) Ling, Jie; King, BrianToday’s software engineers are faced with the problem of building secure systems from untrustworthy components, which used widely in everyday life. A Smart Card is a popular security token, with applications integrated in many areas including: credit cards, bank cards, cellular communications, electronic cash, banking, satellite TV and Government identifications. Smart cards are often touted as “secure” portable devices. Applications often assume that information (keys) stored on the card will be securely stored, and access control to the information will be properly maintained. Unfortunately, it has been repeatedly proven that Smart Cards are not as secure as they are commonly supposed to be. For example consider the following scenario, you go to restaurant and pay your bill with a Smart Card (type of bank card), when you pay the bill, do you constantly monitor/observe the card as the waiter uses the card? After the waiter takes the card into their possession, it is possible that they continue to swipe your card in a manner to purposely induce faults and record all the faulty/error information outputted. By analyzing the faulty output later off-line they can retrieve all secret keys, and construct a clone of your card, using it for their needs at your expense. This technique, based on fault injections which modify the behavior of the application, is named “Fault Attack”. Fault attacks on Smart Cards may be diverse in nature but successful nevertheless. In this project using fault attack, we have simulated the process of key recovery for both Elliptic Curve Cryptography (ECC) and RSA systems. Our work investigates both attacks and countermeasure to the attacks.Item FlexiWi-Fi Security Manager Using Freescale embedded System(IEEE, 2015-12) Kamoona, Mustafa; El-Sharkawy, Mohamed; Department of Electrical and Computer Engineering, School of Engineering and TechnologyAmong the current Wi-Fi two security models (Enterprise and Personal), while the Enterprise model (802.1X) offers an effective framework for authenticating and controlling the user traffic to a protected network, the Personal model (802.11) offers the cheapest and the easiest to setup solution. However, the drawback of the personal model implementation is that all access points and client radio NIC on the wireless LAN should use the same encryption key. A major underlying problem of the 802.11 standard is that the pre-shared keys are cumbersome to change. So if those keys are not updated frequently, unauthorized users with some resources and within a short timeframe can crack the key and breach the network security. The purpose of this paper is to propose and implement an effective method for the system administrator to manage the users connected to a router, update the keys and further distribute them for the trusted clients using the Freescale embedded system, Infrared and Bluetooth modules.Item Hardware Speculation Vulnerabilities and Mitigations(IEEE, 2021-10) Swearingen, Nathan; Hosler, Ryan; Zou, Xukai; Computer and Information Science, School of ScienceThis paper will discuss speculation vulnerabilities, which arise from hardware speculation, an optimization technique. Unlike many other types of vulnerabilities, these are very difficult to patch completely, and there are techniques developed to mitigate them. We will look at many of the variants of this type of vulnerability. We will look at the techniques mitigating those vulnerabilities and the effectiveness and scope of each. Finally, we will compare and evaluate different vulnerabilities and mitigation techniques and recommend how various mitigation techniques apply to different situations.Item Internet of Things Security Using Proactive WPA/WPA2(2016-04-05) Kamoona, Mustafa; El-Sharkawy, Mohamed A.; King, Brian; Rizkalla, MaherThe Internet of Things (IoT) is a natural evolution of the Internet and is becoming more and more ubiquitous in our everyday home, enterprise, healthcare, education, and many other aspects. The data gathered and processed by IoT networks might be sensitive and that calls for feasible and adequate security measures. The work in this thesis describes the use of the Wi-Fi technology in the IoT connectivity, then proposes a new approach, the Proactive Wireless Protected Access (PWPA), to protect the access networks. Then a new end to end (e2e) IoT security model is suggested to include the PWPA scheme. To evaluate the solutions security and performance, rstly, the cybersecurity triad: con dentiality, integrity, and availability aspects were discussed, secondly, the solutions performance was compared to a counterpart e2e security solution, the Secure Socket Layer security. A small e2e IoT network was set up to simulate a real environment that uses HTTP protocol. Packets were then collected and analyzed. Data analysis showed a bandwidth e ciency increase by 2% (Internet links) and 12% (access network), and by 344% (Internet links) and 373% (access network) when using persistent and non-persistent HTTP respectively. On the other hand, the analysis showed a reduction in the average request-response delay of 25% and 53% when using persistent and non-persistent HTTP respectively. This scheme is possibly a simple and feasible solution that improves the IoT network security performance by reducing the redundancy in the TCP/IP layers security implementation.Item Legal and Ethical Implications of Mobile Live-Streaming Video Apps(ACM, 2016-09) Faklaris, Cori; Cafaro, Francesco; Hook, Sara Anne; Blevins, Asa; O'Haver, Matt; Singhal, Neha; Department of Human-Centered Computing, School of Informatics and ComputingThe introduction of mobile apps such as Meerkat, Periscope, and Facebook Live has sparked enthusiasm for live-streaming video. This study explores the legal and ethical implications of mobile live-streaming video apps through a review of public-policy considerations and the computing literature as well as analyses of a mix of quantitative and qualitative user data. We identify lines of research inquiry for five policy challenges and two areas of the literature in which the impact of these apps is so far unaddressed. The detailed data gathered from these inquiries will significantly contribute to the design and development of tools, signals or affordances to address the concerns that our study identifies. We hope our work will help shape the fields of ubiquitous computing and collaborative and social computing, jurisprudence, public policy and applied ethics in the future.