The need to ensure the primary functionality of any system means that considerations of security are often secondary. Computer security considerations are made in relation to considerations of usability, functionality, productivity, and other goals. Decision-making related to security is about finding an appropriate tradeoff. Most existing security mechanisms take a binary approach where an action is either malicious or benign, and therefore allowed or denied. However, security and privacy outcomes are often fuzzy and cannot be represented by a binary decision. It is useful for end users, who may ultimately need to allow or deny an action, to understand the potential differences among objects and the way that these differences are communicated matters. ^ In this work, we use machine learning and feature extraction techniques to model normal behavior in various contexts and then used those models to detect the degree that new behavior is anomalous. This measurement can then be used, not as a binary signal but as a more nuanced indicator that can be communicated to a user to help guide decision-making. ^ We examine the application of this idea in two domains. The first is the installation of applications on a mobile device. The focus in this domain is on permissions that represent capabilities and access to data, and we generate a model for expected permission requests. Various user studies were conducted to explore effective ways to communicate this measurement to influence decision-making by end users. Next, we examined to the domain of insider threat detection in the setting of a source code repository. The goal was to build models of expected user access and more appropriately predict the degree that new behavior deviates from the previous behavior. This information can be utilized and understood by security personnel to focus on unexpected patterns.^

One major impediment to large-scale use of cloud services is concern for confidentiality of the data and the computations carried out on it. This dissertation advances the state of art for secure and private outsourcing to untrusted cloud servers by solving three problems in the computational outsourcing setting and extending the semantics of oblivious storage in the storage outsourcing setting. ^ In computational outsourcing, this dissertation provides protocols for two parties to collaboratively design engineering systems and check certain properties of the codesigning system with the help of a cloud server, without leaking the designing parameters to each other or to the server. It also provides approaches to outsource two computationally intensive tasks, image feature extraction and generalized matrix multiplication, preserving the confidentiality of both the input data and the output result. Experiments are included to demonstrate the viability of the protocols. ^ In storage outsourcing, this dissertation extends the semantics of the oblivious storage scheme by providing algorithms to support nearest neighbor search. It enables clients to perform nearest neighbor queries on the outsourced storage without leaking the access pattern.^

Meaning-Based Machine Learning (MBML) is a research program intended to show how training machine learning (ML) algorithms on meaningful data produces more accurate results than that of using unstructured data.

Security for public cloud providers is an ongoing concern.  Programs like FedRAMP look to certify a minimum level of compliance.  This project aims to build a tool to help decision makers compare different clouds solutions and weigh the risks against their own organizational needs.

Our goal is to improve the detection of phishing attack emails by using natural language processing (NLP) technology that models the semantic meaning behind the email text.

In this paper we identified and addressed some of the key challenges in digital forensics. An intensive review was conducted of the major challenges that have already been identified. At the end, the findings proposed a solution and how having a standardized body that governs the digital forensics community could make a difference.

As AMI is deployed throughout the power grid, identifying the attack surface is a necessary step in achieving cyber security in smart grids and AMI. An important first step to attaining cyber security is to define and illustrate the Cyber Attack Surface with respect to hardware and network configurations, protocols, and software.

The use of deception to enhance security has showed promising result as a defensive technique. In this paper we present an authentication scheme that better protects users’ passwords than in currently deployed password-based schemes, without taxing the users’ memory or damaging the user-friendliness of the lo- gin process. Our scheme maintains comparability with traditional password- based authentication, without any additional storage requirements, giving service providers the ability to selectively enroll users and fall-back to traditional methods if needed. The scheme utilizes the ubiquity of smartphones; however, unlike previous proposals it does not require registration or connectivity of the phones used. In addition, no long-term secrets are stored in any user’s phone, mitigating the consequences of losing it. Our design significantly increases the difficulty of launching a phishing attack by automating the decisions of whether a website should be trusted and introducing additional risk at the adversary side of being detected and deceived. In addition, the scheme is resilient against Man-in-the-Browser (MitB) attacks and compromised client machines. We also introduce a covert communication between the user’s client and the service provider. This can be used to covertly and securely communicate the user context that comes with the use of this mechanism. The scheme also incorporate the use of deception that make it possible to dismantle a large-scale attack infrastructure before it succeeds. As an added feature, the scheme gives service providers the ability to have full-transaction authentication.

In this work we present a simple, yet effective and practical, scheme to improve the security of stored password hashes rendering their cracking detectable and insuperable at the same time. We utilize a machine-dependent function, such as a physically unclonable function (PUF) or a hardware security module (HSM) at the authentication server. The scheme can be easily integrated with legacy systems without the need of any additional servers, changing the structure of the hashed password file or any client modifications. When using the scheme the structure of the hashed passwords file, etc/shadow or etc/master.passwd, will appear no different than in the traditional scheme.1 However,when an attacker exfiltrates the hashed passwords file and tries to crack it, the only passwords he will get are the ersatzpasswords — the “fake passwords”. When an attempt to login using these ersatzpasswords is detected an alarm will be triggered in the system that someone attempted to crack the password file. Even with an adversary who knows the scheme, cracking cannot be launched without physical access to the authentication server. The scheme also includes a secure backup mechanism in the event of a failure of the hardware dependent function. We discuss our implementation and provide some discussion in comparison to the traditional authentication scheme.

This paper explores the security of WinRAR encrypted archives.  Previous works concerning potential attacks against encrypted archives are studied and evaluated for practical implementation.  These attacks include passive actions examining the effects of compression ratios of archives and the files contained, the study of temporary artifacts and active man-in-the-middle attacks on communication between individuals.  An extensive overview of the WinRAR software and the functions implemented within it is presented to aid in understanding the intricacies of attacks against archives.
 
  Several attacks are chosen from the literature to execute on WinRAR v5.10.  Select file types are identified through the examination of compression ratios.  The appearance of a file in an archive is determined through both the appearance of substrings in the known area of an archive and the comparison of compression ratios.
 
  Finally, the author outlines a revised version of an attack that takes advantage of the independence between the compression and encryption algorithms.  While a previous version of this attack only succeeded in removing the encryption from an archive, the revised version is capable of fully recovering an original document from a encrypted compressed archive.  The advantages and shortcomings of these attacks are discussed and some countermeasures are briefly mentioned.

The aim of this thesis is to determine if there are greater benefits than costs associated in the participation of public K-12 school corporations in the Indiana Cybersecurity Services Center (INCSC). This thesis is an ex-ante cost-benefit analysis policy assessment of the INCSC. The study consisted of a sample of 6 school corporations from which 5 were classified as small and 1 was large. Three methods were considered for data collection; however conducting interviews was the most effective method due to the interaction with IT personnel from each organization in order to analyze current costs related to 4 areas of interest: (a) networking hardware; (b) Antivirus software; (c) computer hardware; (d) IT personnel. These costs were compared to those potential costs if products and/or services would be procured through the INCSC.

School corporations, with the goal to enhance their level of information security, would only receive benefit from participating in the INCSC when procuring networking equipment and Antivirus software. The author also recommends exploring the costs and legal implications of data breaches as well as considering insurance products.

—- Vargas Silva, Hans C. M.S. Purdue University, Decenber 2014. The Indiana Cybersecurity Services Center (INCSC): A Cost-Benefit Analysis for K-12 Schools. Mayor Professor: Melissa Dark.

For efficient data management and economic benefits, organizations are increasingly moving towards the paradigm of “database as a service” where their data are managed by a database management system (DBMS) hosted in a public cloud. However, data are the most valuable asset in an organization, and inappropriate data disclosure puts the organization’s business at risk. Therefore, data are usually encrypted in order to preserve their confidentiality. Past research has extensively investigated query processing on encrypted data. However, a naive encryption scheme negates the benefits provided by the use of a DBMS. In particular, past research efforts do not have adequately addressed flexible access control on encrypted data at different granularity levels which is critical when data are shared among different users and applications. Previous access control approaches in the best case only support as minimum granularity level the table column, by which the authorization is associated with an entire column within a table. Other approaches only support access control granularity at the database level, meaning that authorizations are associated with the entire database, and thus either a user can access the entire database or cannot access any data item. In this paper, we propose DBMask, a novel solution that supports fine-grained access control, including row and cell level access control, when evaluating SQL queries on encrypted data. Our solution does not require modification to the database engine, and thus maximizes the reuse of the existing DBMS infrastructures. Our experimental results show that our solution is efficient and scalable to large datasets.

Messaging systems, where a user maintains a set of contacts and broadcasts messages to them, are very common. In a situation where a user only sends messages directly to a set of online contacts, a contact might miss a message if it is not available to receive it directly from the user. This work addresses the problem of a trusted contact’s obtaining a message that it missed, from other trusted contacts of the user, while maintaining the anonymity of all participating contacts. A protocol is presented to facilitate this communication. An experimental framework is developed to evaluate various possible configurations of the entities involved.

The techniques developed to address the above problem are extended to address the problem of a user’s authenticating with a service provider while ensuring that multiple sessions are unlinkable. The proposed approach achieves this by setting up an authenticated secure channel between the user and the service provider. Information exchanged for the setup of this secure channel is unique over multiple authentications. The proposed protocol is further enhanced to accommodate service provider policies that use credentials with relationship constraints among them. In such cases, the service provider will not be able to analyze and identify sets of users who authenticate with different credential subsets. The proposed credential revocation scheme allows an identity provider to revoke user credentials without compromising user privacy, even while relying on a public channel. Moreover, these protocols do not require the identity provider to remain online during authentication and revocation. Finally, details on how to adapt the proposed identity management system to privately manage healthcare records is presented as an application of the proposed system.

This paper describes our approach to assured information sharing. The research is being carried out under a MURI 9Multiuniversity Research Initiative) project funded by the air force office of scientific research (AFOSR). The main objective of our project is: define, design and develop an assured information sharing lifecycle (AISL) that realizes the DoD’s information sharing value chain. In this paper we describe the problem faced by the department of defense and our solution to developing an AISL system.

In this paper, we introduce Audlib, an extendable tool for generating security-relevant information on Unix systems. Audlib is a wrapper environment that generates application level audit information from existing executable programs. Audlib is not a detection system, instead it is designed to supplement existing audit systems and work transparently with them. Audlib records information that is not presently available from existing kernel-level audit sources. Here, we describe the design of the Audlib framework and the information it provides. We compare auditing the actions of a web server with Audlib to existing kernel audit sources and show that we have 2–4 times the throughput of Linux auditd and less than half the performance overhead of Solaris BSM while collecting detailed information about the server’s execution. Although Audlib is focused on recording security information, this technique can be used to collect data for a wide variety of purposes including profiling, dependency analysis, and debugging. Copyright © 2010 John Wiley & Sons, Ltd.