Current Search: Security (x)
Pages
-
-
Title
-
An Approach for Measuring the Confidentiality of Data Assured by the Confidentiality of Information Security Systems in Healthcare Organizations.
-
Creator
-
Gallaher, Shawn, Elshennawy, Ahmad, Sala-Diakanda, Serge, Karwowski, Waldemar, Xanthopoulos, Petros, Yousef, Nabeel, University of Central Florida
-
Abstract / Description
-
Because of the expansion in health information technology and the continued migration toward digital patient records as a foundation for the delivery of healthcare services, healthcare organizations face significant challenges in their efforts to determine how well they are protecting electronic health information from unauthorized disclosure. The disclosure of one's personal medical information to unauthorized parties or individuals can have broad-reaching and long-term impacts to both...
Show moreBecause of the expansion in health information technology and the continued migration toward digital patient records as a foundation for the delivery of healthcare services, healthcare organizations face significant challenges in their efforts to determine how well they are protecting electronic health information from unauthorized disclosure. The disclosure of one's personal medical information to unauthorized parties or individuals can have broad-reaching and long-term impacts to both healthcare providers and consumers. Although several classes and types of methodologies exist for measuring information security in general, a number of overarching issues have been identified which prevent their adaptation to the problem of measuring the confidentiality (the protection from unauthorized disclosure) of electronic information in complex organizational systems.In this study, a new approach for measuring the confidentiality of electronic information in healthcare-related organizations is developed. By leveraging systemic principles and concepts, an information security system (ISS) for assuring the confidentiality of electronic information in healthcare organizations is synthesized. The ISS is defined as a complex system composed of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule information security safeguards and the people, processes, and technologies that contribute to these safeguards. The confidentiality of the ISS (-) a desired emergent property defined in terms of the systemic interactions which are present (-) represents the measure of protection from the unauthorized disclosure of electronic information.An information security model (ISM) that leverages the structure and parametric modeling capabilities of the Systems Modeling Language (SysML) was developed for specifyingan ISS in addition to the contained systemic interactions which are present. Through the use of a parametric solver capability, the complex system of equations which quantify the contained interactions was executed for the purpose of generating a measure of confidentiality using a set of user-provided input values (-) a process referred to as ISM instantiation.
Show less
-
Date Issued
-
2012
-
Identifier
-
CFE0004378, ucf:49380
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0004378
-
-
Title
-
Assessment of Information Security Culture in Higher Education.
-
Creator
-
Glaspie, Henry, Karwowski, Waldemar, Wan, Thomas, Hancock, Peter, Caulkins, Bruce, University of Central Florida
-
Abstract / Description
-
Information security programs are instituted by organizations to provide guidance to their users who handle their data and systems. The main goal of these programs is to protect the organization's information assets through the creation and cultivation of a positive information security culture within the organization. As the collection and use of data expands in all economic sectors, the threat of data breach due to human error increases. Employee's behavior towards information security is...
Show moreInformation security programs are instituted by organizations to provide guidance to their users who handle their data and systems. The main goal of these programs is to protect the organization's information assets through the creation and cultivation of a positive information security culture within the organization. As the collection and use of data expands in all economic sectors, the threat of data breach due to human error increases. Employee's behavior towards information security is influenced by the organizations information security programs and the overall information security culture. This study examines the human factors of an information security program and their effect on the information security culture. These human factors consist of stringency of organizational policies, behavior deterrence, employee attitudes towards information security, training and awareness, and management support of the information security programs. A survey questionnaire was given to employees in the Florida College System to measure the human aspects of the information security programs. Confirmatory factor analysis (CFA) and Structural Equation Modeling (SEM) were used to investigate the relationships between the variables in the study using IBM(&)#174; SPSS(&)#174; Amos 24 software. The study results show that management support and behavior deterrence have a significant positive relationship with information security. Additionally, the results show no significant association between information security culture and organization policies, employee commitment and employee awareness. This suggests a need for further refinement of the model and the survey tool design to properly assess human factors of information security programs and their effects on the organizational security culture.
Show less
-
Date Issued
-
2018
-
Identifier
-
CFE0007184, ucf:52272
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0007184
-
-
Title
-
Stability and the Nth country problem.
-
Creator
-
Tucker, Robert W
-
Date Issued
-
1961
-
Identifier
-
1927045, CFDT1927045, ucf:4798
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/FCLA/DT/1927045
-
-
Title
-
Concerted action or isolation: Which is the road to peace.
-
Creator
-
Browder, Earl
-
Date Issued
-
1938
-
Identifier
-
2659975, CFDT2659975, ucf:4966
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/FCLA/DT/2659975
-
-
Title
-
REGIONAL READINESS FOR INTELLIGENCE INFORMATION SHARING TO SUPPORT HOMELAND SECURITY.
-
Creator
-
Kemp, Christine, Reynolds, Michael, University of Central Florida
-
Abstract / Description
-
The Markle Task Force on National Security in the Information Age was created to produce recommendations on how to best leverage intelligence and information to improve security without compromising existing civil liberties. Their second report proposed that the government set up an information-sharing network using currently available technology to improve our ability to prevent terrorist attacks, while protecting civil liberties. The Markle recommendations have been incorporated into the...
Show moreThe Markle Task Force on National Security in the Information Age was created to produce recommendations on how to best leverage intelligence and information to improve security without compromising existing civil liberties. Their second report proposed that the government set up an information-sharing network using currently available technology to improve our ability to prevent terrorist attacks, while protecting civil liberties. The Markle recommendations have been incorporated into the recent Intelligence Reform and Terrorism Prevention Act of 2004. The proposition is that the Markle task force recommendations are sufficient to achieve the required data integration in the United States. To affirm or falsify the proposition, three existing systems will be reviewed: Alabama's Law Enforcement Tactical System Portal (LETS), Florida's Statewide Data Sharing Effort (FINDER), and Orange County, Florida's Integrated Criminal Justice System. This study found that there is no overall model for national intelligence analysis that incorporates the capabilities that law enforcement has for collection and analysis in with the federal capabilities for collection and analysis. This may ultimately limit the regional systems' success. Recommendations for potential initial models are made. In addition, recommendations for improvement in each regional system are provided. Finally, further research is needed to refine a national intelligence analysis model that can be supported by a distributed information sharing network.
Show less
-
Date Issued
-
2005
-
Identifier
-
CFE0000623, ucf:46542
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0000623
-
-
Title
-
Enhanced Hardware Security Using Charge-Based Emerging Device Technology.
-
Creator
-
Bi, Yu, Yuan, Jiann-Shiun, Jin, Yier, DeMara, Ronald, Lin, Mingjie, Chow, Lee, University of Central Florida
-
Abstract / Description
-
The emergence of hardware Trojans has largely reshaped the traditional view that the hardware layer can be blindly trusted. Hardware Trojans, which are often in the form of maliciously inserted circuitry, may impact the original design by data leakage or circuit malfunction. Hardware counterfeiting and IP piracy are another two serious issues costing the US economy more than $200 billion annually. A large amount of research and experimentation has been carried out on the design of these...
Show moreThe emergence of hardware Trojans has largely reshaped the traditional view that the hardware layer can be blindly trusted. Hardware Trojans, which are often in the form of maliciously inserted circuitry, may impact the original design by data leakage or circuit malfunction. Hardware counterfeiting and IP piracy are another two serious issues costing the US economy more than $200 billion annually. A large amount of research and experimentation has been carried out on the design of these primitives based on the currently prevailing CMOS technology.However, the security provided by these primitives comes at the cost of large overheads mostly in terms of area and power consumption. The development of emerging technologies provides hardware security researchers with opportunities to utilize some of the otherwise unusable properties of emerging technologies in security applications. In this dissertation, we will include the security consideration in the overall performance measurements to fully compare the emerging devices with CMOS technology.The first approach is to leverage two emerging devices (Silicon NanoWire and Graphene SymFET) for hardware security applications. Experimental results indicate that emerging device based solutions can provide high level circuit protection with relatively lower performance overhead compared to conventional CMOS counterpart. The second topic is to construct an energy-efficient DPA-resilient block cipher with ultra low-power Tunnel FET. Current-mode logic is adopted as a circuit-level solution to countermeasure differential power analysis attack, which is mostly used in the cryptographic system. The third investigation targets on potential security vulnerability of foundry insider's attack. Split manufacturing is adopted for the protection on radio-frequency (RF) circuit design.
Show less
-
Date Issued
-
2016
-
Identifier
-
CFE0006264, ucf:51041
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0006264
-
-
Title
-
Geneva and peace: An unfinished drama.
-
Creator
-
First Unitarian Church of Los Angeles Unitarian Fellowship for Social Justice Peace Committee
-
Date Issued
-
1956
-
Identifier
-
2683678, CFDT2683678, ucf:5113
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/FCLA/DT/2683678
-
-
Title
-
Social insurance.
-
Creator
-
Burnham, Grace M.
-
Date Issued
-
1932
-
Identifier
-
363254, CFDT363254, ucf:5280
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/FCLA/DT/363254
-
-
Title
-
DESIGN AND HARDWARE IMPLEMENTATION OF A NOVEL SCRAMBLING SECURITY ALGORITHM FOR ROBUST WIRELESS LOCAL AREA NETWORKS.
-
Creator
-
Jagetia, Mohit, Kocak, Taskin, University of Central Florida
-
Abstract / Description
-
The IEEE802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, which is a popular wireless secure communication stream cipher protocol approach to network security used to protect link-layer communications from eavesdropping and other attacks. It allows user to communicate with the user; sharing the public key over a network. It provides authentication and encrypted communications over unsecured channels. However, WEP protocol has an inherent security flaw....
Show moreThe IEEE802.11 standard for wireless networks includes a Wired Equivalent Privacy (WEP) protocol, which is a popular wireless secure communication stream cipher protocol approach to network security used to protect link-layer communications from eavesdropping and other attacks. It allows user to communicate with the user; sharing the public key over a network. It provides authentication and encrypted communications over unsecured channels. However, WEP protocol has an inherent security flaw. It is vulnerable to the various attacks, various experiments has proved that WEP fails to achieve its security goals. This thesis entails designing, evaluating and prototyping a wireless security infrastructure that can be used with the WEP protocol optionally, thus reducing the security vulnerabilities. We have studied the flaws of WEP and the reasons for their occurrence, and we provide the design and implementation of a novel scheme in Matlab and VHDL to improve the security of WEP in all aspects by a degree of 1000. The architecture was designed with a consideration for least increment in hardware, thus achieving power and cost efficiency. It also provides flexibility for optional implementation with the available technology by being able to be bypassed by the technology, which allows for non-replacement of existing hardware, common on both, the WEP and the proposed protocols, on the fly.
Show less
-
Date Issued
-
2004
-
Identifier
-
CFE0000062, ucf:46079
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0000062
-
-
Title
-
National Security and Political Polarization.
-
Creator
-
Funderburke, Joseph, Handberg, Roger, Pollock, Philip, Ilderton, Nathan, Kubiak, Jeffrey, University of Central Florida
-
Abstract / Description
-
This dissertation explores how partisan polarization among the political elites (the President and key Members of Congress) impacts national security decision-making. The research examines the relationship over time beginning at the start of the Cold War through 2014. In doing so, the research tests several hypotheses to determine the nature of the relationship and what the implications might be for future U.S. national security policy-making. There are three different approaches used in the...
Show moreThis dissertation explores how partisan polarization among the political elites (the President and key Members of Congress) impacts national security decision-making. The research examines the relationship over time beginning at the start of the Cold War through 2014. In doing so, the research tests several hypotheses to determine the nature of the relationship and what the implications might be for future U.S. national security policy-making. There are three different approaches used in the research centered on the same theory of partisan polarization. The first approach examines changes in the level of polarization and defense budgets each year. The second explores the impact of partisan polarization on the outcome of key roll-call votes on national security legislation. Lastly, the third approach studies the changes in polarization relative to the Presidents' decision to use force. Poole and Rosenthal (1984) argue that political polarization has increased among the political elite since the 1960s and the Republicans and Democrats continue to move further apart ideologically (Gray et al. 2015). I argue that the combined effect of polarization and a growing ideological divide between the two major political parties puts our collective national security at risk. Using analytical regression time series models and a qualitative analysis, the findings suggests that rising partisan polarization presents a clear and present threat to our national security.
Show less
-
Date Issued
-
2019
-
Identifier
-
CFE0007458, ucf:52662
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0007458
-
-
Title
-
On the security of NoSQL cloud database services.
-
Creator
-
Ahmadian, Mohammad, Marinescu, Dan, Wocjan, Pawel, Heinrich, Mark, Brennan, Joseph, University of Central Florida
-
Abstract / Description
-
Processing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS...
Show moreProcessing a vast volume of data generated by web, mobile and Internet-enabled devices, necessitates a scalable and flexible data management system. Database-as-a-Service (DBaaS) is a new cloud computing paradigm, promising a cost-effective and scalable, fully-managed database functionality meeting the requirements of online data processing. Although DBaaS offers many benefits it also introduces new threats and vulnerabilities. While many traditional data processing threats remain, DBaaS introduces new challenges such as confidentiality violation and information leakage in the presence of privileged malicious insiders and adds new dimension to the data security. We address the problem of building a secure DBaaS for a public cloud infrastructure where, the Cloud Service Provider (CSP) is not completely trusted by the data owner. We present a high level description of several architectures combining modern cryptographic primitives for achieving this goal. A novel searchable security scheme is proposed to leverage secure query processing in presence of a malicious cloud insider without disclosing sensitive information. A holistic database security scheme comprised of data confidentiality and information leakage prevention is proposed in this dissertation. The main contributions of our work are:(i) A searchable security scheme for non-relational databases of the cloud DBaaS; (ii) Leakage minimization in the untrusted cloud.The analysis of experiments that employ a set of established cryptographic techniques to protect databases and minimize information leakage, proves that the performance of the proposed solution is bounded by communication cost rather than by the cryptographic computational effort.
Show less
-
Date Issued
-
2017
-
Identifier
-
CFE0006848, ucf:51777
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0006848
-
-
Title
-
Social security in a Soviet America.
-
Creator
-
Amter, Israel
-
Date Issued
-
1935
-
Identifier
-
370511, CFDT370511, ucf:5511
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/FCLA/DT/370511
-
-
Title
-
OPINIONS ON GOVERNMENT SPENDING ON SOCIAL SECURITY: A YEAR AND COHORT ANALYSIS.
-
Creator
-
Castora, Melissa, Dietz, Tracy, University of Central Florida
-
Abstract / Description
-
This paper is an analysis of American's opinions on government spending on Social Security. The main objectives were to analyze the effect of year and cohort membership on the likelihood for American's to say that they think the government is spending too little on Social Security. The data was obtained from the General Social Survey. Results of the analysis conclude that year is statistically significant in predicting the likelihood of those who say the government is spending too little on...
Show moreThis paper is an analysis of American's opinions on government spending on Social Security. The main objectives were to analyze the effect of year and cohort membership on the likelihood for American's to say that they think the government is spending too little on Social Security. The data was obtained from the General Social Survey. Results of the analysis conclude that year is statistically significant in predicting the likelihood of those who say the government is spending too little on Social Security. When comparing every year to 1994, 1996 is the only year that year that respondents were less likely to respond that the government was spending too little on Social Security. Every other test year, up to and including 2004, there is a growing likelihood of respondents indicating that the government is spending too little on Social Security. Finally, cohort membership was included in the analysis. Results conclude that the Swing cohort and the Babyboom cohort are statistically significant in predicting opinions on government spending on Social Security when being compared to the youngest cohort, the Babyboomlet-bust cohort. However, the results of the analysis show opposite direction in opinions between these two cohorts. Interestingly, the only cohort not statistically significant is the Silent generation.
Show less
-
Date Issued
-
2006
-
Identifier
-
CFE0001016, ucf:46791
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0001016
-
-
Title
-
FOOD AVAILABILITY IN EATONVILLE, FLORIDA.
-
Creator
-
Benwell-Lybarger, Jerian, Donley, Amy, University of Central Florida
-
Abstract / Description
-
Food availability is a serious problem for some low-income neighborhoods. This study examines food access in Eatonville, Florida, a small town in Orlando, Florida. Eatonville was one of the first African American towns incorporated into the United States after emancipation. It is a low-income community with 25% of the overall population and 30% of children living below the poverty line. This study will examine the state of food availability through food store and resident surveys in hopes of...
Show moreFood availability is a serious problem for some low-income neighborhoods. This study examines food access in Eatonville, Florida, a small town in Orlando, Florida. Eatonville was one of the first African American towns incorporated into the United States after emancipation. It is a low-income community with 25% of the overall population and 30% of children living below the poverty line. This study will examine the state of food availability through food store and resident surveys in hopes of diagnosing need in order to alleviate it. There are serious implications for residents of cities with inadequate access to nutritious, affordable food. Children living with unequal access will face many future disadvantages in education, employment, and health. These compounding problems lead to a cycle of poverty that can be alleviated with appropriate public policy measures and other neighborhood changes that address food access in low-income neighborhoods.
Show less
-
Date Issued
-
2012
-
Identifier
-
CFH0004261, ucf:44913
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFH0004261
-
-
Title
-
D-FENS: DNS Filtering (&) Extraction Network System for Malicious Domain Names.
-
Creator
-
Spaulding, Jeffrey, Mohaisen, Aziz, Leavens, Gary, Bassiouni, Mostafa, Fu, Xinwen, Posey, Clay, University of Central Florida
-
Abstract / Description
-
While the DNS (Domain Name System) has become a cornerstone for the operation of the Internet, it has also fostered creative cases of maliciousness, including phishing, typosquatting, and botnet communication among others. To address this problem, this dissertation focuses on identifying and mitigating such malicious domain names through prior knowledge and machine learning. In the first part of this dissertation, we explore a method of registering domain names with deliberate typographical...
Show moreWhile the DNS (Domain Name System) has become a cornerstone for the operation of the Internet, it has also fostered creative cases of maliciousness, including phishing, typosquatting, and botnet communication among others. To address this problem, this dissertation focuses on identifying and mitigating such malicious domain names through prior knowledge and machine learning. In the first part of this dissertation, we explore a method of registering domain names with deliberate typographical mistakes (i.e., typosquatting) to masquerade as popular and well-established domain names. To understand the effectiveness of typosquatting, we conducted a user study which helped shed light on which techniques were more (")successful(") than others in deceiving users. While certain techniques fared better than others, they failed to take the context of the user into account. Therefore, in the second part of this dissertation we look at the possibility of an advanced attack which takes context into account when generating domain names. The main idea is determining the possibility for an adversary to improve their (")success(") rate of deceiving users with specifically-targeted malicious domain names. While these malicious domains typically target users, other types of domain names are generated by botnets for command (&) control (C2) communication. Therefore, in the third part of this dissertation we investigate domain generation algorithms (DGA) used by botnets and propose a method to identify DGA-based domain names. By analyzing DNS traffic for certain patterns of NXDomain (non-existent domain) query responses, we can accurately predict DGA-based domain names before they are registered. Given all of these approaches to malicious domain names, we ultimately propose a system called D-FENS (DNS Filtering (&) Extraction Network System). D-FENS uses machine learning and prior knowledge to accurately predict unreported malicious domain names in real-time, thereby preventing Internet devices from unknowingly connecting to a potentially malicious domain name.
Show less
-
Date Issued
-
2018
-
Identifier
-
CFE0007587, ucf:52540
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0007587
-
-
Title
-
DEATH AND DISENGAGEMENT: A CRITICAL ANALYSIS OF THE INTERNATIONAL COMMUNITYÃÂ'S INTERVENTION EFFORT IN DARFUR.
-
Creator
-
Hodges, Victor, Ezekiel, Walker, University of Central Florida
-
Abstract / Description
-
This thesis seeks to analyze the international community's conflict management capabilities through its response to the Darfur crisis. Primarily, it aims to show through the lens of the Darfur crisis, which is widely accepted as the first genocide of the twenty-first century, that the international community has yet to develop a framework to collectively intervene in and resolve crimes against humanity. Additionally, this thesis will show the international community's recognition of...
Show moreThis thesis seeks to analyze the international community's conflict management capabilities through its response to the Darfur crisis. Primarily, it aims to show through the lens of the Darfur crisis, which is widely accepted as the first genocide of the twenty-first century, that the international community has yet to develop a framework to collectively intervene in and resolve crimes against humanity. Additionally, this thesis will show the international community's recognition of their shortcomings through the gradual transformation of policies undertaken by several of its leading entities in response to the crisis. The research will pinpoint several major factors behind the lack of a unified global community acting in Darfur, such as geopolitical fragility between major international organizations, fragmentation caused by wars in Iraq and Afghanistan as well as the global War on Terror which occurred concurrently with the genocide in Darfur, and the underlying political and economic alliances that many major countries including the United States and China, enjoy with the Government of Sudan. The work will focus specifically on the United States, the United Nations, the European Union, and the African Union, analyzing the actions of each respective group in facilitating an end to the Darfur conflict. Ultimately, this thesis will use the research to conclude that the international community was willing to accept the Darfur genocide, with its death toll nearing four-hundred thousand and well over two million internally displaced peoples, in order to advance their respective global interests and preserve the status quo of global affairs in the early twenty-first century.
Show less
-
Date Issued
-
2010
-
Identifier
-
CFE0003385, ucf:48442
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0003385
-
-
Title
-
ENVIRONMENTAL SECURITY IN THE GLOBAL CAPITALIST SYSTEM: A WORLD-SYSTEMS APPROACH AND STUDY OF PANAMA.
-
Creator
-
Freeman, Mark, Jacques, Peter, University of Central Florida
-
Abstract / Description
-
The current global capitalist system is at odds with environmental protection and the protection of indigenous people that are directly linked to the land on which they live. In environmental security literature, many have argued that, theoretically and functionally, it is possible to link national security with environmental security. However possible this may be on paper, in practice, the global capitalist system prevents this from becoming a reality. Using a world-systems approach, this...
Show moreThe current global capitalist system is at odds with environmental protection and the protection of indigenous people that are directly linked to the land on which they live. In environmental security literature, many have argued that, theoretically and functionally, it is possible to link national security with environmental security. However possible this may be on paper, in practice, the global capitalist system prevents this from becoming a reality. Using a world-systems approach, this thesis will show that core countries seeking to expand capital by tapping into new markets, locating new sources of raw materials and even forming strategic military partnerships in periphery countries unavoidably degrade the natural environment and thus, adversely affect the lives and health of indigenous people. It is also the argument in this paper that the primary purpose of strategic military partnerships with periphery states, such as those formed in Panama and Colombia, are primarily meant to protect economic interests, thus perpetuating the capitalist cycle. The end result is that, while it is theoretically possible, through a different theoretical lens, to bridge the definitional and theoretical gulf between national security and environmental security, the reality of the system subverts this endeavor, and will continue to do so under its current configuration.
Show less
-
Date Issued
-
2007
-
Identifier
-
CFE0001981, ucf:47425
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0001981
-
-
Title
-
Game-Theoretic Frameworks and Strategies for Defense Against Network Jamming and Collocation Attacks.
-
Creator
-
Hemida, Ahmed, Atia, George, Simaan, Marwan, Vosoughi, Azadeh, Sukthankar, Gita, Guirguis, Mina, University of Central Florida
-
Abstract / Description
-
Modern networks are becoming increasingly more complex, heterogeneous, and densely connected. While more diverse services are enabled to an ever-increasing number of users through ubiquitous networking and pervasive computing, several important challenges have emerged. For example, densely connected networks are prone to higher levels of interference, which makes them more vulnerable to jamming attacks. Also, the utilization of software-based protocols to perform routing, load balancing and...
Show moreModern networks are becoming increasingly more complex, heterogeneous, and densely connected. While more diverse services are enabled to an ever-increasing number of users through ubiquitous networking and pervasive computing, several important challenges have emerged. For example, densely connected networks are prone to higher levels of interference, which makes them more vulnerable to jamming attacks. Also, the utilization of software-based protocols to perform routing, load balancing and power management functions in Software-Defined Networks gives rise to more vulnerabilities that could be exploited by malicious users and adversaries. Moreover, the increased reliance on cloud computing services due to a growing demand for communication and computation resources poses formidable security challenges due to the shared nature and virtualization of cloud computing. In this thesis, we study two types of attacks: jamming attacks on wireless networks and side-channel attacks on cloud computing servers. The former attacks disrupt the natural network operation by exploiting the static topology and dynamic channel assignment in wireless networks, while the latter attacks seek to gain access to unauthorized data by co-residing with target virtual machines (VMs) on the same physical node in a cloud server. In both attacks, the adversary faces a static attack surface and achieves her illegitimate goal by exploiting a stationary aspect of the network functionality. Hence, this dissertation proposes and develops counter approaches to both attacks using moving target defense strategies. We study the strategic interactions between the adversary and the network administrator within a game-theoretic framework.First, in the context of jamming attacks, we present and analyze a game-theoretic formulation between the adversary and the network defender. In this problem, the attack surface is the network connectivity (the static topology) as the adversary jams a subset of nodes to increase the level of interference in the network. On the other side, the defender makes judicious adjustments of the transmission footprint of the various nodes, thereby continuously adapting the underlying network topology to reduce the impact of the attack. The defender's strategy is based on playing Nash equilibrium strategies securing a worst-case network utility. Moreover, scalable decomposition-based approaches are developed yielding a scalable defense strategy whose performance closely approaches that of the non-decomposed game for large-scale and dense networks. We study a class of games considering discrete as well as continuous power levels.In the second problem, we consider multi-tenant clouds, where a number of VMs are typically collocated on the same physical machine to optimize performance and power consumption and maximize profit. This increases the risk of a malicious virtual machine performing side-channel attacks and leaking sensitive information from neighboring VMs. The attack surface, in this case, is the static residency of VMs on a set of physical nodes, hence we develop a timed migration defense approach. Specifically, we analyze a timing game in which the cloud provider decides when to migrate a VM to a different physical machine to mitigate the risk of being compromised by a collocated malicious VM. The adversary decides the rate at which she launches new VMs to collocate with the victim VMs. Our formulation captures a data leakage model in which the cost incurred by the cloud provider depends on the duration of collocation with malicious VMs. It also captures costs incurred by the adversary in launching new VMs and by the defender in migrating VMs. We establish sufficient conditions for the existence of Nash equilibria for general cost functions, as well as for specific instantiations, and characterize the best response for both players. Furthermore, we extend our model to characterize its impact on the attacker's payoff when the cloud utilizes intrusion detection systems that detect side-channel attacks. Our theoretical findings are corroborated with extensive numerical results in various settings as well as a proof-of-concept implementation in a realistic cloud setting.
Show less
-
Date Issued
-
2019
-
Identifier
-
CFE0007468, ucf:52677
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0007468
-
-
Title
-
ENHANCING MESSAGE PRIVACY IN WIRED EQUIVALENT PRIVACY.
-
Creator
-
Purandare, Darshan, Guha, Ratan, University of Central Florida
-
Abstract / Description
-
The 802.11 standard defines the Wired Equivalent Privacy (WEP) and encapsulation of data frames. It is intended to provide data privacy to the level of a wired network. WEP suffered threat of attacks from hackers owing to certain security shortcomings in the WEP protocol. Lately, many new protocols like WiFi Protected Access (WPA), WPA2, Robust Secure Network (RSN) and 802.11i have come into being, yet their implementation is fairly limited. Despite its shortcomings one cannot undermine the...
Show moreThe 802.11 standard defines the Wired Equivalent Privacy (WEP) and encapsulation of data frames. It is intended to provide data privacy to the level of a wired network. WEP suffered threat of attacks from hackers owing to certain security shortcomings in the WEP protocol. Lately, many new protocols like WiFi Protected Access (WPA), WPA2, Robust Secure Network (RSN) and 802.11i have come into being, yet their implementation is fairly limited. Despite its shortcomings one cannot undermine the importance of WEP as it still remains the most widely used system and we chose to address certain security issues and propose some modifications to make it more secure. In this thesis we have proposed a modification to the existing WEP protocol to make it more secure. We achieve Message Privacy by ensuring that the encryption is not breached. The idea is to update the shared secret key frequently based on factors like network traffic and number of transmitted frames. We also develop an Initialization Vector (IV) avoidance algorithm that eliminates IV collision problem. The idea is to partition the IV bits among different wireless hosts in a predetermined manner unique to every node. We can use all possible 224 different IVs without making them predictable for an attacker. Our proposed algorithm eliminates the IV collision ensuring Message Privacy that further strengthens security of the existing WEP. We show that frequent rekeying thwarts all kinds of cryptanalytic attacks on the WEP.
Show less
-
Date Issued
-
2005
-
Identifier
-
CFE0000479, ucf:46371
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0000479
-
-
Title
-
EXTENDING DISTRIBUTED TEMPORAL PROTOCOL LOGIC TO A PROOF BASED FRAMEWORK FOR AUTHENTICATION PROTOCOLS.
-
Creator
-
Muhammad, Shahabuddin, Guha, Ratan, University of Central Florida
-
Abstract / Description
-
Running critical applications, such as e-commerce, in a distributed environment requires assurance of the identities of the participants communicating with each other. Providing such assurance in a distributed environment is a difficult task. The goal of a security protocol is to overcome the vulnerabilities of a distributed environment by providing a secure way to disseminate critical information into the network. However, designing a security protocol is itself an error-prone process. In...
Show moreRunning critical applications, such as e-commerce, in a distributed environment requires assurance of the identities of the participants communicating with each other. Providing such assurance in a distributed environment is a difficult task. The goal of a security protocol is to overcome the vulnerabilities of a distributed environment by providing a secure way to disseminate critical information into the network. However, designing a security protocol is itself an error-prone process. In addition to employing an authentication protocol, one also needs to make sure that the protocol successfully achieves its authentication goals. The Distributed Temporal Protocol Logic (DTPL) provides a language for formalizing both local and global properties of distributed communicating processes. The DTPL can be effectively applied to security protocol analysis as a model checker. Although, a model checker can determine flaws in a security protocol, it can not provide proof of the security properties of a protocol. In this research, we extend the DTPL language and construct a set of axioms by transforming the unified framework of SVO logic into DTPL. This results into a deductive style proof-based framework for the verification of authentication protocols. The proposed framework represents authentication protocols and concisely proves their security properties. We formalize various features essential for achieving authentication, such as message freshness, key association, and source association in our framework. Since analyzing security protocols greatly depends upon associating a received message to its source, we separately analyze the source association axioms, translate them into our framework, and extend the idea for public-key protocols. Developing a proof-based framework in temporal logic gives us another verification tool in addition to the existing model checker. A security property of a protocol can either be verified using our approach, or a design flaw can be identified using the model checker. In this way, we can analyze a security protocol from both perspectives while benefiting from the representation of distributed temporal protocol logic. A challenge-response strategy provides a higher level of abstraction for authentication protocols. Here, we also develop a set of formulae using the challenge-response strategy to analyze a protocol at an abstract level. This abstraction has been adapted from the authentication tests of the graph-theoretic approach of strand space method. First, we represent a protocol in logic and then use the challenge-response strategy to develop authentication tests. These tests help us find the possibility of attacks on authentication protocols by investigating the originator of its received messages. Identifying the unintended originator of a received message indicates the existence of possible flaws in a protocol. We have applied our strategy on several well-known protocols and have successfully identified the attacks.
Show less
-
Date Issued
-
2007
-
Identifier
-
CFE0001799, ucf:47281
-
Format
-
Document (PDF)
-
PURL
-
http://purl.flvc.org/ucf/fd/CFE0001799
Pages