Analysis of Russian Apps for TSPU-Related Risks
- Author (aut): Konyukhov, Vitaliy
- Thesis advisor (ths): Crandall, Jedidiah
- Committee member: Wang, Fish
- Committee member: Bazzi, Rida
- Publisher (pbl): Arizona State University
The rampant occurrence of spam telephone calls shows a clear weakness of authentication and security in our telephone systems. The onset of cheap and effective voice over Internet Protocol (VoIP) technology is a major factor in this as our existing telephone ecosystem is virtually defenseless by many features of this technology. Our telephone systems have also suffered tremendously from a lack of a proper Caller ID verification system. Phone call spammers are able to mask their identities with relative ease by quickly editing their Caller ID. It will take a combination of unique innovations in implementing new authentication mechanisms in the telephone ecosystem, novel government regulation, and understanding how the people behind the spam phone calls themselves operate.<br/><br/>This study dives into the robocall ecosystem to find more about the humans behind spam telephone calls and the economic models they use. Understanding how the people behind robocalls work within their environments will allow for more insight into how the ecosystem works. The study looks at the human component of robocalls: what ways they benefit from conducting spam phone calls, patterns in how they identify which phone number to call, and how these people interact with each other within the telephone spam ecosystem. This information will be pivotal to educate consumers on how they should mitigate spam as well as for creating defensive systems. In this qualitative study, we have conducted numerous interviews with call center employees, have had participants fill out surveys, and garnered data through our CallFire integrated voice broadcast system. While the research is still ongoing, initial conclusions in my pilot study interview data point to promising transparency in how the voices behind these calls operate on both a small and large scale.
Secure Scuttlebutt is a digital social network in which the network data is distributed among the users.<br/>This is done to secure several benefits, like offline browsing, censorship resistance, and to imitate natural social networks, but it comes with downsides, like the lack of an obvious implementation of a recommendation algorithm.<br/>This paper proposes Whuffie, an algorithm that tracks each user's reputation for having information that is interesting to a user using conditional probabilities.<br/>Some errors in the main Secure Scuttlebutt network prevent current large-scale testing of the usefulness of the algorithm, but testing on my own personal account led me to believe it a success.
Cryptojacking is a process in which a program utilizes a user’s CPU to mine cryptocurrencies unknown to the user. Since cryptojacking is a relatively new problem and its impact is still limited, very little has been done to combat it. Multiple studies have been conducted where a cryptojacking detection system is implemented, but none of these systems have truly solved the problem. This thesis surveys existing studies and provides a classification and evaluation of each detection system with the aim of determining their pros and cons. The result of the evaluation indicates that it might be possible to bypass detection of existing systems by modifying the cryptojacking code. In addition to this classification, I developed an automatic code instrumentation program that replaces specific instructions with functionally similar sequences as a way to show how easy it is to implement simple obfuscation to bypass detection by existing systems.