Master of Computer Science (M.C.S.), University of Dayton, 2023, Computer Science

In today's interconnected digital landscape, the surge in malicious websites has caused a significant number of cyber-attacks and data breaches. These malicious entities largely employ JavaScript to execute attacks on web browsers. It is becoming increasingly apparent that attackers can evade traditional mechanisms, such as lexical analysis, content examination, and blacklists, through code obfuscation, which disguises the true intent of the code, and polymorphic or metamorphic code that alters itself with each execution. These techniques make it difficult for traditional static analysis tools to detect dynamically generated or altered code characteristics of sophisticated, evolving threats. Considering these challenges, notable research has progressed, proposing dynamic approaches that monitor JavaScript behavior in real-time. These dynamic methods can identify malicious patterns and activities, offering a significant advancement over static analysis by detecting and mitigating threats as they occur. This thesis introduces an innovative runtime analysis method for JavaScript that encompasses all JavaScript executions, including traditionally on-the-fly generated code and advanced evasion techniques. Our approach centrally applies the security reference monitor technique, which mediates JavaScript's security-sensitive operations during execution. This includes closely monitoring function calls and property access, ensuring a thorough capture of runtime behaviors, and effectively mitigating the risk of attack, regardless of the code's structure or the obfuscation techniques employed. We have implemented this method as an extension in the Chromium browser to intercept and log about 59 security-sensitive JavaScript operations, demonstrating its applicability in a real-world web browsing environment. To evaluate the effectiveness of our framework, we have developed a toolset to automate the execution of the Chromium browser with our extension on a large-sc (open full item for complete abstract)

Committee: Phu Phung (Advisor); Zhongmei Yao (Committee Member); Tianming Zhao (Committee Member) Subjects: Computer Science

MS, University of Cincinnati, 2018, Engineering and Applied Science: Computer Engineering

For many years, reverse engineering of hardware designs has been an area of great interest. Efficient and structured analysis of fabricated designs is important for several reasons, such as design validation, IP protection, process quality control etc. More recently, multivariate nature of semiconductor supply-chain has opened doors for insertion of obscure hardware vulnerabilities making hardware integrity check essential for ICs used in critical application areas. Most traditional hardware reverse engineering techniques are invasive and lead to a partial or complete destruction of the system under investigation which is often times unwanted. In this thesis, we present scalable, non-invasive procedures to reverse engineer unknown CMOS based ICs. Specifically, the focus is on black-box analysis of unknown Moore Finite State Machine based sequential circuit designs. We present two different recovery techniques based on a novel analysis approach that combines investigation of input-output responses and power consumption of the system under investigation. The first technique performs a tree-based guided exploration of the machine structure and employs subtree matching to identify distinct and equivalent states. The second technique translates machine exploration and state identification into a constraint satisfaction problem that can be efficiently handled by a SMT Solver. The advantage of the tree-based approach is that it guarantees a minimally equivalent recovery, whereas the solver-based approach works adaptively and hence, faster and scalable to handle large machines. Both these techniques successfully recover a logically equivalent state machine structure. To study the efficiency and performance of the proposed techniques we present its implementation. We compare the execution times for different standard MCNC benchmark machines and show that the solver-based recovery technique is faster.

Committee: Ranganadha Vemuri Ph.D. (Committee Chair); Wen-Ben Jone Ph.D. (Committee Member); Carla Purdy Ph.D. (Committee Member) Subjects: Computer Engineering

Doctor of Philosophy (Ph.D.), Bowling Green State University, 2015, American Culture Studies

This project analyzes how contemporary US cultural and legislative texts shape US society's impression of undocumented (im)migrants and whether they fit socially constructed definitions of what it means to “be American” or part of the US national imaginary. I argue that (im)migrant-themed cultural texts, alongside legal policies, participate in racial formation projects that use racial logic to implicitly mark (im)migrants as outsiders while actively employing ideologies rooted in gender, economics, and nationality to rationalize (im)migrants' exclusion or inclusion from the US nation-state. I examine the tactics anti- and pro-(im)migrant camps utilize in suppressing the role of race—particularly the rhetorical strategies that focus on class, nation, and gender as rationale for (im)migrants' inclusion or exclusion—in order to expose the similar strategies governing contemporary US (im)migration thought and practice. This framework challenges dichotomous thinking and instead focuses on gray areas. Through close readings of political and cultural texts focused on undocumented (im)migration (including documentaries, narrative fiction, and photography), this project homes in on the gray areas between seemingly pro- and anti-(im)migrant discourses. I contend (im)migration-themed political and popular rhetoric frequently selects a specific identity marker (e.g. gender or socio-economic status—never race) and depicts it as the single factor influencing US border monitoring and defense. In order to demonstrate this argument, I place legal texts in conversation with cultural texts. Taken together, political and cultural texts show the emergent strategies for discussing undocumented (im)migration without directly discussing race or racial inequalities, as the texts deny or have purportedly resolved racial inequalities.

Committee: Jolie Sheffer PhD (Advisor); Susana Peña PhD (Committee Member); Rebecca Kinney PhD (Committee Member); Lisa Hanasono PhD (Committee Member) Subjects: American Studies; Ethnic Studies; Gender Studies; Womens Studies

MS, Kent State University, 2024, College of Arts and Sciences / Department of Computer Science

Cryptography, derived from the Greek word meaning "to hide information," involves techniques for converting readable plaintext into unreadable ciphertext through a process called encryption. Cryptography algorithms are broadly categorized into two types: symmetric key cryptography and asymmetric key cryptography. Symmetric key cryptography is further divided into block ciphers and stream ciphers. Block ciphers, based on their structure, can be classified into two main categories: Substitution-Permutation Networks (SPN) and Feistel Networks (FN). This research focuses on SPN-based block ciphers. In 1949[1], Claude Shannon introduced two fundamental operations required for a robust cryptosystem: substitution and permutation. Substitution, the core component of SPN-based cryptography, is implemented through substitution boxes (S-Boxes), where each element in the plaintext is mapped to another element to achieve nonlinearity and provide the confusion property crucial for security. With the rise of constrained devices, such as the Internet of Things (IoT), there is an increasing demand for lightweight symmetric-key algorithms. However, in many cases, the S-Box contributes the most to the hardware complexity and computational load compared to other linear components. This research addresses this challenge by designing and optimizing a lightweight cryptosystem suitable for resource-limited environments. The thesis makes two key contributions to the field of lightweight cryptography. The first contribution is the development of chaos-based S-Boxes tailored for devices with restricted computational capabilities. By leveraging chaotic maps, the proposed S-Boxes achieve a high degree of nonlinearity and security while maintaining a minimal computational and hardware footprint, making them ideal for IoT and other constrained devices. These chaos-based S-Boxes introduce dynamic, unpredictable substitution patterns that enhance resistance to cryptanalysis techniques such as l (open full item for complete abstract)

Committee: Maha Allouzi Dr (Advisor); Younghun Chae Dr (Committee Member); Lei Xu Dr (Committee Member) Subjects: Computer Engineering; Computer Science

Master of Science, The Ohio State University, 2008, Graduate School

Committee: Not Provided (Other) Subjects:

PhD, University of Cincinnati, 2024, Engineering and Applied Science: Computer Science and Engineering

This work explores the explainability of features used for classification of malicious binaries in machine learning systems based on semantic representations of data dependency graphs. This work demonstrates that explainable features can be used with comparable classification accuracy in real-time through non-parametric learning. This work defines operational semantics in terms of data dependency isomorphism, and quantifies the network structure of the graphs present in static features of binaries. This work shows that a bottom-up analysis holds across levels in the architectural hierarchy, and can be performed across system architectures. This work shows that semantic representations can be used for search and retrieval of malicious binaries based on their behavior. This work shows that unknown vulnerabilities can be predicted through descriptions of structure and semantics.

Committee: Anca Ralescu Ph.D. (Committee Chair); Kenneth Berman Ph.D. (Committee Member); Alina Campan Ph.D M.A B.A. (Committee Member); Boyang Wang Ph.D. (Committee Member); Dan Ralescu Ph.D. (Committee Member) Subjects: Artificial Intelligence

Doctor of Philosophy in Engineering, Cleveland State University, 2024, Washkewicz College of Engineering

Electrocardiogram (ECG) recordings are vital for diagnosing cardiac abnormalities like arrhythmias, crucial in managing cardiovascular diseases (CVD). However, manual analysis of ECG data is error-prone and challenging in remote areas, creating a need for automated systems. This need is further amplified by advancements in implantable medical devices (IMDs), wireless sensors, and smart wearables, which expand health monitoring beyond traditional uses to include continuous assessment and security enhancements. This dissertation introduces the ECG Transformer (ECGTR), a sequence-to-sequence deep learning model that segments and classifies various arrhythmias in continuous ECG recordings. Comprehensive experiments conducted across multiple datasets, including diverse populations, validate its efficacy and robustness. The ECGTR outperforms existing models by leveraging advanced machine learning techniques to offer superior diagnostic accuracy. Alongside, we developed a novel real-time, video-based method for monitoring heart and respiratory rates, significantly enhancing the capabilities of non-invasive health tracking technologies. This method underscores the potential of advanced machine learning techniques in improving healthcare outcomes. Additionally, we address the security of wearable devices by proposing novel biometric-based pairing strategies, including a key generation protocol that uses cardiac and respiratory signals. We also present the Breath-to-Pair (B2P) protocol, utilizing breathing patterns for secure device pairing. These innovations not only advance biomedical signal processing and wearable security but also promise to revolutionize patient care and health monitoring in the future.

Committee: Ye Zhu (Advisor); Larisa Tereshchenko (Advisor); Sunnie (Sun) Chung (Committee Member); Hongkai Yu (Committee Member); Xue-Long Sun (Committee Member) Subjects: Computer Science

Doctor of Philosophy, University of Toledo, 2022, Engineering

Ever-increasing hardware fabrication costs have compelled the semiconductor industry to utilize the global supply chain by shifting integrated circuit manufacturing overseas. This approach has resulted in several challenges and concerns such as intellectual property (IP) infringement, counterfeiting, reverse engineering, and the introduction of Trojans. Because of the increased demand for integrated circuits (ICs) in different applications, counterfeit circuits and devices can infiltrate crucial infrastructures such as smart grids, military installations, and other critical cyber infrastructures. The usage of counterfeit and compromised devices and chips can cause severe monetary losses and make the security and reliability of the ICs suspect. Physical Unclonable Function (PUF) can ensure the security of ICs by utilizing process manufacturing variations to establish a unique signature and key for the IC chip. These keys have potential use in the generation of secret keys and unique IDs for device authentication. This research presents a comprehensive analysis of the environmental impact on Ring Oscillator PUFs (ROPUFs) design using ten different Xilinx Artix-7 FPGAs. For a comparative study of their performance metrics; three, five, and seven stage configurations of AND-Inverter ROPUFs are implemented. The performance is evaluated in terms of uniformity, reliability, bit-aliasing, uniqueness, and randomness. The impacts of temperature variations, voltage variations, and aging are analyzed in depth for these metrics. The results demonstrate that using a lower number of stages in the Ring Oscillator (RO) promises a better security feature. ROs with a lower number of stages generate higher Challenge and Response Pairs (CRPs). The higher number of CRPs leads to enhanced security. Additionally, this work includes an analysis of two simultaneous environmental variation factors; namely, aging and voltage variations, and temperature variations with voltage variations. The (open full item for complete abstract)

Committee: Mohammed Niamat, PhD (Committee Chair); Richard Molyet, PhD (Committee Member); Weiqing Sun, PhD (Committee Member); Ahmad Javaid, PhD (Committee Member); Noor Ahmad Hazari, PhD (Committee Member) Subjects: Computer Engineering; Electrical Engineering

PhD, University of Cincinnati, 2022, Engineering and Applied Science: Computer Science and Engineering

With the paradigm shift to cloud-based operations, reliable and secure access to and transfer of data between differing security domains has never been more essential. A Cross Domain Solution (CDS) is a guarded interface which serves to execute the secure access and/or transfer of data between isolated and/or differing security domains defined by an administrative security policy. Cross domain security requires trustworthiness at the confluence of the hardware and software components which implement a security policy. Security components must be relied upon to defend against widely encompassing threats -- consider insider threats and nation state threat actors which can be both onsite and offsite threat actors -- to information assurance. Current implementations of CDS systems use sub-optimal Trusted Computing Bases (TCB) without any formal verification proofs, confirming the gap between blind trust and trustworthiness. Moreover, most CDSs are exclusively operated by Department of Defense agencies and are not readily available to the commercial sectors, nor are they available for independent security verification. Still, more CDSs are only usable in physically isolated environments such as Sensitive Compartmented Information Facilities and are inconsistent with the paradigm shift to cloud environments. Our purpose is to address the question of how trustworthiness can be implemented in a remotely deployable CDS that also supports availability and accessibility to all sectors. In this paper, we present a novel CDS system architecture which is the first to use a formally verified TCB. Additionally, our CDS model is the first of its kind to utilize a computation-isolation approach which allows our CDS to be remotely deployable for use in cloud-based solutions.

Committee: John Franco Ph.D. (Committee Member); John Emmert Ph.D. (Committee Member); Marcus Dwan Pendleton Ph.D. (Committee Member); Nan Niu Ph.D. (Committee Member); Rashmi Jha Ph.D. (Committee Member) Subjects: Computer Science

Master of Science, The Ohio State University, 2022, Health and Rehabilitation Sciences

Background: Food insecurity is a persistent public health issue that affects 10.5% of households in the U.S. The United States Department of Agriculture monitors food insecurity using the Household Food Security Survey Module (HFSSM). There is growing concern that it may not capture the true extent of food insecurity nor reflect the lived realities of households across the food security spectrum, particularly in rural areas. Study Objective: To explore whether the HFSSM reflects the lived realities and conceptualizations of food security among adults with varying food security experiences. Methodology and Data: A study recruitment postcard was mailed to all residential addresses in the Athens County region of Appalachian Ohio in late June 2020. Adult recipients were invited to complete an initial survey with quarterly follow-up for one year. Surveys included a demographic questionnaire and the HFSSM. Based on HFSSM-based trajectories of household food security over study time points, a purposively selected sub-sample of respondents were invited for in-depth semi-structured interviews (n=16) conducted in May-June 2021. Interviews were audio-recorded and transcribed verbatim. Using NVivo (Version 12), template analysis was employed to identify themes through a process employing both a priori codes (based on HFSSM constructs) and emergent codes. The codebook went through six iterations based on a series of consensus-building discussions among three co-authors until saturation was reached and no new codes emerged. Two researchers coded a subset of interviews to check codebook clarity and ensure interrater reliability. Results: Interviewed adults represented households experiencing consistent food security (n=7), transient insecurity (n=5), and persistent insecurity (n=4) across time points. Households with a history of food insecurity characterize their experiences in ways that largely converge with the HFSSM measure, including skipping meals, reducing meal size, (open full item for complete abstract)

Committee: Jennifer Garner (Advisor); Claire Bollinger (Committee Member); Michelle Kaiser (Committee Member); Colleen Spees (Committee Member) Subjects: Health Sciences; Nutrition; Public Health

Doctor of Philosophy (PhD), Wright State University, 2021, Computer Science and Engineering PhD

Vulnerable web applications fundamentally undermine website security as they often expose critical infrastructures and sensitive information behind them to potential risks and threats. Web applications with unrestricted file upload vulnerabilities allow attackers to upload a file with malicious code, which can be later executed on the server by attackers to enable various attacks such as information exfiltration, spamming, phishing, and spreading malware. This dissertation presents our research in building two novel frameworks to detect server-side applications vulnerable to unrestricted file uploading attacks. We design the innovative model that holistically characterizes both data and control flows using a graphbased data structure. Such a model makes effortless critical program analysis mechanisms, such as static analysis and constraint modeling. We build the interpreter to model a web program by symbolically interpreting its abstract syntax tree (AST). Our research has led to three complementary systems that can effectively detect unrestricted file uploading vulnerabilities. The first system, namely UChecker, leverages satisfiability modulo theory to perform detection, whereas the second system, namely UFuzzer, detects such vulnerability by intelligently synthesizing code snippets and performing fuzzing. We also proposed the third system to mitigate the challenge of path explosion that the previous two systems suffered and enable a computationally efficient model generation process for large programs. We have deployed all of our systems, namely UGraph, to scan many server-side applications. They have identified 49 vulnerable PHP-based web applications that are previously unknown, including 11 CVEs.

Committee: Junjie Zhang Ph.D. (Advisor); Krishnaprasad Thirunarayan Ph.D. (Committee Member); Michelle Andreen Cheatham Ph.D. (Committee Member); Phu H. Phung Ph.D. (Committee Member) Subjects: Computer Science

PhD, University of Cincinnati, 2021, Arts and Sciences: Mathematical Sciences

It has been known that the rapid development of large-scale quantum computers gives rise to threats to widely-deployed number theory based cryptography such as RSA, DSA, ECDH, etc. The goal of post-quantum cryptography is to develop cryptosystems that can resist quantum computer attacks. Multivariate public key cryptography is believed to be one of the choices for quantum-safe cryptography. At the end of 2017, 10 multivariate public key cryptosystems participated the round one of the National Institute of Standards and Technology (NIST) post-quantum standardization. The Himq-3 signature scheme proposed by Kyung-Ah Shim et al. is one of those NIST post-quantum standardization candidates. The Himq-3 signature scheme can be classified into the oil vinegar signature scheme family. Similar to the rainbow signature scheme, the Himq-3 signature scheme uses a multilayer structure to shorten the key size and the signature size. Moreover, the signing process is very fast due to a special system called L-invertible cycle system in its central map. The authors of the Himq-3 signature scheme claim that the scheme can resist all known attacks. The main result of this dissertation is a new attack method on the Himq-3 signature scheme. We will first discuss the urgency of post-quantum cryptography. Next multivariate public key cryptography will be introduced. We will also present some useful attacks on multivariate public key cryptography. Then the Himq-3 scheme will be described and the security against all known attacks will be analyzed. Afterward, we will show our new attack method called the singularity attack on the Himq-3 scheme and its variant Himq-3F. This new attack is based on the fact that some variables in the central map cannot be equal to zero in any valid signature. Based on this observation, we are able to filter out those linear combinations of variables that would be equal to zero for some signature, leaving the true ones we want provided that a large number of si (open full item for complete abstract)

Committee: Jintai Ding Ph.D. (Committee Chair); Seungki Kim (Committee Member); Benjamin Vaughan Ph.D. (Committee Member) Subjects: Mathematics

Ph.D., Antioch University, 2021, Leadership and Change

The U.S. intelligence community is a critical mission industry responsible for protecting lives and safety in ways that impact the global security environment. Research on the deleterious impact of toxic workplace behavior on other critical mission fields, such as health care and the U.S. military, is robust. However, intelligence scholars publishing within the unclassified arena have been silent on the phenomenon, how personnel respond to it, and how it may impact the intelligence function. This lack of scholarship has afforded an opportunity to understand what constitutes toxic behavior in the intelligence environment and how it may affect U.S. national security objectives. This study presents a theoretical model of response to toxic workplace behavior among intelligence officers in the U.S. intelligence community that centers on a single goal: Holding Self. Using grounded theory methodology and situational analysis in two segments, the study examines how intelligence officers responded and the role that efforts to hold onto self-concepts played in those responses. The findings included three psychological dimensions, three action dimensions, and two inter-dimensions of response. The findings also included identification of the broader ecological situation conditioning response and how those choices operationalized into the business of being intelligence officers. The final model serves as a foundation for future empirical research on the topic. This dissertation is available in open access at AURA: Antioch University Repository and Archive, https://aura.antioch.edu/, and OhioLINK ETD Center, https://etd.ohiolink.edu/.

Committee: Elizabeth Holloway Ph.D. (Committee Chair); Aqeel Tirmizi Ph.D. (Committee Member); Jan Goldman Ed.D (Committee Member) Subjects: African Americans; Cognitive Psychology; Gender; Personal Relationships; Political Science; Psychology; Social Research

Master of Science (MS), Bowling Green State University, 2021, Computer Science

Along with the immense popularity of Android applications, the Android ecosystem is under constant threat of malware attacks. This issue warrants developing efficient tools to detect malware apps. There is a large body of work in the literature that has applied static analysis for malware detection. For instance, one popular idea has been to extract API-calls from the app code and then to use those API-calls as artifacts to train machine learning models to classify malware and benign apps. However, most of this line of work does not incorporate the true execution sequence of the API-calls, and thus misses out to capture a potentially rich signature. Furthermore, while evaluating the vetting accuracy, many of the prior work report their primary results on a randomly selected test set that are not spatially consistent (malware percentage in the test set approximating real-world scenario) and/or temporally consistent (having correct time split of train and test data) which artificially inflates the performance of the model. In this thesis, we explore if tracking the true sequence of the API-calls improves the effectiveness of the vetting process and present results ranging from testing on a random test set to a spatially and temporally consistent test set. We perform deep learning-based malware classification using a graph that we name API sequence graph which preserves the true sequence of API calls. The experiments show that our best performing model achieves AuPRC ranging from 0.977 to 0.86 and an F1-score of 0.955 to 0.83 depending on the consistency of the test set. The results show that our best-performing model, based on the true sequence of API calls, outperforms a quasi-sequence-based model.

Committee: Sankardas Roy Ph.D. (Advisor); Jong Kwan Lee Ph.D. (Committee Member); Qing Tian Ph.D. (Committee Member) Subjects: Computer Science

MS, University of Cincinnati, 2020, Education, Criminal Justice, and Human Services: Information Technology

Literature has shown that social groups play an important role in the ways that individuals learn about and change behaviors related to privacy and security management on digital devices. The term tech caregiver has recently been used to describe individuals that oer direct support to friends and family in need of help managing digital devices. This thesis investigates the role of these tech caregivers to support privacy and security management in small groups. To do this, 112 individuals were surveyed across the United States of America. These 112 participants belonged to 20 small groups comprising of technology caregivers and the technology caregivees. The results show that technology caregivers tend to be younger adults (age 19-25). Technology caregivers reported significantly higher levels of self-ecacy for privacy and security and power usage than technology caregivees. Qualitative feedback shows that participants primarily used text messages and phone calls to communicate to receive support on the topics of troubleshooting and device setup and the explanation of a new device. This work helps to characterize the role of technology caregivers within small groups when it comes to social support for digital privacy and security and describes design implications for creating a mobile platform that supports the work of tech caregivers in their social groups.

Committee: Jess Kropczynski Ph.D. (Committee Chair); Shane Halse Ph.D. (Committee Member) Subjects: Information Technology

Doctor of Philosophy, The Ohio State University, 2020, Electrical and Computer Engineering

With the globalization of the semiconductor industry and increased reliance on intellectual property (IP) blocks in integrated circuit (IC) design; malicious modifications, IP theft, and cloning have started to pose a significant economic and security threat. To mitigate this risk, logic locking (LL) techniques have been proposed to obscure the chip functionality and increase the difficulty to insert a trigger-based change via a hardware trojan. This is accomplished through the introduction of localized key gates, which corrupt the IC's function unless the correct key is supplied. The effectiveness of any LL technique, however, depends on the target design, the extent of locking, and where the locking elements are placed. Current attacks on LL focus primarily on Boolean satisfiability problem (SAT) solvers, which require the use of a fully operational chip (oracle) and rely solely on the input and output data through functional testing. To the authors' best knowledge, no current attacks exploit the design's underlying structure, vast amount of repetition, or circuit reuse. In this work, we propose a systematic method, borrowed from the network analysis domain, to analyze and exploit the local and global structure of circuits. The methods presented in this work demonstrates that LL minimally effects the underlying structure, allowing for circuit identification and key bit prediction without the need of an oracle. Moreover, this work also presents a framework in which to capture the security level of LL based on the amount of information leakage through our analysis techniques. Additionally, the framework can be expanded to incorporate other attack methods to create an overall security assessment of any implemented LL. To this end, the analyses and theory introduced in this work demonstrate the need for new comprehensive LL techniques, and proposes the method in which to validate their security.

Committee: Waleed Khalil PhD (Advisor); Hesham El Gamal PhD (Committee Member); Xinmiao Zhang PhD (Committee Member); Radu Teodorescu PhD (Committee Member) Subjects: Computer Engineering; Electrical Engineering

MS, University of Cincinnati, 2019, Engineering and Applied Science: Computer Science

Malice may be defined as intentional harm. In the context of a computing system, malice takes the form of various types of malware and the question is then how to design and implement a cognitive system which can understand it. This must begin with a definition of malice representation and cognitive models for capturing system security. Two components must be present in a cognitive security system, the current state of the system, and a model that captures the current actor's behavior. This study outlines behavioral models of malice classification based upon execution traces.

Committee: Anca Ralescu Ph.D. (Committee Chair); Rashmi Jha Ph.D. (Committee Member); David Kapp PhD (Committee Member); Temesguen Messay Kebede Ph.D. (Committee Member) Subjects: Artificial Intelligence

MS, University of Cincinnati, 2019, Engineering and Applied Science: Computer Science

Smart speakers like the Amazon Echo and Google Home offer users the convenience of hands-free information retrieval by utilizing the power of virtual assistant technology and the extensive cloud resources provided by their platform's service provider. These devices have saturated the market and millions of users worldwide have welcomed them to their homes, placing them on their kitchen counters, bedside tables and living room stands. Characteristics about a smart speaker's encrypted network traffic can be used by an attacker to infer what a user is saying to their smart speaker. In this paper, we propose an encrypted network traffic analysis attack on privacy. This attack uses an ensemble of deep learning models to predict what voice command a user issues to their smart speaker. We introduce a data collection platform which we designed specifically for smart speakers. This smart speaker automated crawler allows an attacker to collect the data needed to train the attack models. An evaluation of the voice command fingerprinting attack presented in this work shows that it can be used to correctly predict over 91% of voice commands issued by a user.

Committee: Boyang Wang Ph.D. (Committee Chair); Gowtham Atluri Ph.D. (Committee Member); Xuetao Wei Ph.D. (Committee Member) Subjects: Computer Science

Doctor of Philosophy (PhD), Wright State University, 2017, Computer Science and Engineering PhD

As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages (open full item for complete abstract)

Committee: Junjie Zhang Ph.D. (Advisor); Adam Robert Bryant Ph.D. (Committee Member); Bin Wang Ph.D. (Committee Member); Xuetao Wei Ph.D. (Committee Member) Subjects: Computer Science

Doctor of Philosophy (Ph.D.), Bowling Green State University, 2015, American Culture Studies

Historians and artists have examined the Farm Security Administration-Office of War Information (FSA-OWI) Photographic Collection as a broad and deep account of Depression era US experience, and as a valuable collection of early documentary photography. During the Depression, FSA photographs had everyday life implications for those experiencing rural poverty; the images were made and circulated in order to garner support for rural rehabilitation programs. Simultaneously, the images were circulated as visual representations of “Americans” and the rural US citizen. Problematically, the images were circulated within a modern framework of straight photography in connection to a discourse of objectivity. I consider the photographic project within the historical moment in which it was created with a specific focus on the influence of dominant constructions of race, motherhood, and poverty. The impetus for this research stems from a 1935 photograph by Dorothea Lange of a Mexican-American mother and child which is strikingly similar to her iconic 1936 “Migrant Mother.” In stark contrast to the icon, the image to which I refer as the “1935 Migrant Mother” was rendered invisible within the national imaginary. These two images serve as an entry point through which to consider the entire archive in terms of those images of rural mothers and motherhood that were popularly circulated and those images that were left unseen, unprinted, or unmade. I ask how popular readings of FSA photographs as objective or “true” impacted the material which circulated and that which were excluded from the dominant frame. Using written materials between the photographic unit director, field photographers, and media in conjunction with analysis of circulated photographs of mothers, I argue that the FSA photographs served as popular representations of those who could be imagined as possibly “deserving poor,” “client family,” “rehabilitatable mother,” and “US citizen.” The representation of thes (open full item for complete abstract)

Committee: Susana Peña PhD (Advisor); Andrew Hershberger PhD (Committee Member); Lynn Whitney MFA (Committee Member); Danielle Kuhl PhD (Other) Subjects: American Studies; Art History; Ethnic Studies; Gender Studies