JSBiRTH: Dynamic javascript birthmark based on the run-time heap

JavaScript is currently the dominating client-side scripting language in the web community. However, the source code of JavaScript can be easily copied through a browser. The intellectual property right of the developers lacks protection. In this paper, we consider using dynamic software birthmark for JavaScript. Instead of using control flow trace (which can be corrupted by code obfuscation) and API (which may not work if the software does not have many API calls), we exploit the run-time heap, which reflects substantially the dynamic behavior of a program, to extract birthmarks. We introduce JSBiRTH, a novel software birthmark system for JavaScript based on the comparison of run-time heaps. We evaluated our system using 20 JavaScript programs with most of them being large-scale. Our system gave no false positive or false negative. Moreover, it is robust against code obfuscation attack. We also show that our system is effective in detecting partial code theft. © 2011 IEEE.published_or_final_versionThe 35th IEEE Annual Computer Software and Applications Conference (COMPSAC 2011), Munich, Germany, 18-22 July 2011. In Proceedings of 35th COMPSAC, 2011, p. 407-41

Assessing and Expanding Extracurricular Cybersecurity Youth Activities\u27 Impact on Career Interest

This thesis assesses and expands the potential of extracurricular activities to address the shortage of cybersecurity workers by increasing secondary school students’ interest in these careers. Competitions and badges, two forms of gamification often applied in extracurricular educational activities, have potential to improve motivation and increase interest in related careers, but are significantly understudied in the context of cybersecurity activities. CyberPatriot is the largest cybersecurity competition in the United States for secondary school students. Impact on participants’ career interests is assessed by analyzing responses to recent surveys conducted by the competition organizers. Analysis demonstrates significantly increased interest in cybersecurity in several dimensions relevant to career selection, significantly larger increases for females than males, and persistence of increased interest over time. A survey of U.S. Air Force enlisted members is designed to gauge the impact of cyber-related education activities on developing its cyber workforce. Cybersecurity activity options are expanded by creating a flexible age-appropriate digital forensics activity in which students analyze forensic evidence in folders and files, reconstructing user activity to answer some basic questions. A cybersecurity merit badge is proposed for the Boy Scouts of America with suggested requirements modeled on other successful technology-related merit badges

Encryption by Heart (EbH)-Using ECG for time-invariant symmetric key generation

Wearable devices are a part of Internet-of-Things (IoT) that may offer valuable data of their porting user. This paper explores the use of ElectroCardioGram (ECG) records to encrypt user data. Previous attempts have shown that ECG can be taken as a basis for key generation. However, these approaches do not consider time-invariant keys. This feature enables using these so-created keys for symmetrically encrypting data (e.g. smartphone pictures), enabling their decryption using the key derived from the current ECG readings. This paper addresses this challenge by proposing EbH, a mechanism for persistent key generation based on ECG. EbH produces seeds from which encryption keys are generated. Experimental results over 24 h for 199 users show that EbH, under certain settings, can produce permanent seeds (thus time-invariant keys) computed on-the-fly and different for each user up to 95.97% of users produce unique keys. In addition, EbH can be tuned to produce seeds of different length (up to 300 bits) and with variable min-entropy (up to 93.51). All this supports the workability of EbH in a real setting. (C) 2017 Elsevier B.V. All rights reserved.Funding: This work was supported by the MINECO grants TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You) and TIN2016-79095-C2-2-R (SMOG-DEV); by the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks), which is co-funded by European Funds (FEDER); and by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain (J. M. de Fuentes and L. Gonzalez-Manzano grants). Data used for this research was provided by the Telemetric and ECG Warehouse (THEW) of University of Rochester, NY

Attribute-based encryption with granular revocation

National Research Foundation (NRF) Singapor

Air Force Institute of Technology Research Report 2013

This report summarizes the research activities of the Air Force Institute of Technology’s Graduate School of Engineering and Management. It describes research interests and faculty expertise; lists student theses/dissertations; identifies research sponsors and contributions; and outlines the procedures for contacting the school. Included in the report are: faculty publications, conference presentations, consultations, and funded research projects. Research was conducted in the areas of Aeronautical and Astronautical Engineering, Electrical Engineering and Electro-Optics, Computer Engineering and Computer Science, Systems Engineering and Management, Operational Sciences, Mathematics, Statistics and Engineering Physics

Department of Computer Science Activity 1998-2004

This report summarizes much of the research and teaching activity of the Department of Computer Science at Dartmouth College between late 1998 and late 2004. The material for this report was collected as part of the final report for NSF Institutional Infrastructure award EIA-9802068, which funded equipment and technical staff during that six-year period. This equipment and staff supported essentially all of the department\u27s research activity during that period

LEES: a Hybrid Lightweight Elliptic ElGamal-Schnorr-Based Cryptography for Secure D2D Communications, Journal of Telecommunications and Information Technology, 2021, nr 2

Device-to-device (D2D) communications in 5G networks will provide greater coverage, as devices will be acting as users or relays without any intermediate nodes. However, this arrangement poses specific security issues, such as rogue relays, and is susceptible to various types of attacks (impersonation, eavesdropping, denial-of-service), due to the fact that communication occurs directly. It is also recommended to send fewer control messages, due to authenticity- and secrecy related prevailing requirements in such scenarios. Issues related to IoT applications need to be taken into consideration as well, as IoT networks are inherently resource-constrained and susceptible to various attacks. Therefore, novel signcryption algorithms which combine encryption with digital signatures are required to provide secure 5G IoT D2D communication scenarios in order to protect user information and their data against attacks, without simultaneously increasing communication costs. In this paper, we propose LEES, a secure authentication scheme using public key encryption for secure D2D communications in 5G IoT networks. This lightweight solution is a hybrid of elliptic curve ElGamal-Schnorr algorithms. The proposed scheme is characterized by low requirements concerning computation cost, storage and network bandwidth, and is immune to security threats, thus meeting confidentiality, authenticity, integrity and non-repudiation-related criteria that are so critical for digital signature schemes. It may be used in any 5G IoT architectures requiring enhanced D2D security and performanc

El mundo de las ciencias de la complejidad

La situación es verdaderamente apasionante. Mientras que en el mundo llamado real –y entonces se hace referencia a dominios como la política, la economía, los conflictos militares y sociales, por ejemplo–, la percepción natural –digamos: de los medios y la opinión pública– es que el país y el mundo se encuentran en condiciones difíciles; en algunos casos, dramática; y en muchas ocasiones trágica, en el campo del progreso del conocimiento asistimos a una magnífica vitalidad. Esta vitalidad se expresa en la ciencia de punta y, notablemente, en las ciencias de la complejidad. Mientras que la ciencia normal –para volver a la expresión de Kuhn– se encuentra literalmente a la defensiva en numerosos campos, temas y problemas –digamos, a la defensiva con respecto al decurso de los acontecimientos y a las dinámicas del mundo contemporáneo–, en el contexto del estudio de los sistemas complejos adaptativos asistimos a una vitalidad que es prácticamente desconocida para la corriente principal de académicos –independientemente de los niveles en los que trabajan–, de científicos, de administradores de educación y de ciencia y tecnología (por ejemplo rectores, vicerrectores, decanos, directores de departamentos, tomadores de decisión, políticos y gobernantes). La corriente principal del conocimiento (mainstream) desconoce una circunstancia, un proceso, una dinámica que sí es conocida por parte de quienes trabajan e investigan activamente en el campo de las ciencias de la complejidad