Brain-Based Authentication Systems and Brain Liveness Problem

161998-Thumbnail Image.png
Description
In recent years, brain signals have gained attention as a potential trait for biometric-based security systems and laboratory systems have been designed. A real-world brain-based security system requires to be usable, accurate, and robust. While there have been developments in

In recent years, brain signals have gained attention as a potential trait for biometric-based security systems and laboratory systems have been designed. A real-world brain-based security system requires to be usable, accurate, and robust. While there have been developments in these aspects, there are still challenges to be met. With regard to usability, users need to provide lengthy amount of data compared to other traits such as fingerprint and face to get authenticated. Furthermore, in the majority of works, medical sensors are used which are more accurate compared to commercial ones but have a tedious setup process and are not mobile. Performance wise, the current state-of-art can provide acceptable accuracy on a small pool of users data collected in few sessions close to each other but still falls behind on a large pool of subjects over a longer time period. Finally, a brain security system should be robust against presentation attacks to prevent adversaries from gaining access to the system. This dissertation proposes E-BIAS (EEG-based Identification and Authentication System), a brain-mobile security system that makes contributions in three directions. First, it provides high performance on signals with shorter lengths collected by commercial sensors and processed with lightweight models to meet the computation/energy capacity of mobile devices. Second, to evaluate the system's robustness a novel presentation attack was designed which challenged the literature's presumption of intrinsic liveness property for brain signals. Third, to bridge the gap, I formulated and studied the brain liveness problem and proposed two solution approaches (model-aware & model agnostic) to ensure liveness and enhance robustness against presentation attacks. Under each of the two solution approaches, several methods were suggested and evaluated against both synthetic and manipulative classes of attacks (a total of 43 different attack vectors). Methods in both model-aware and model-agnostic approaches were successful in achieving an error rate of zero (0%). More importantly, such error rates were reached in face of unseen attacks which provides evidence of the generalization potentials of the proposed solution approaches and methods. I suggested an adversarial workflow to facilitate attack and defense cycles to allow for enhanced generalization capacity for domains in which the decision-making process is non-deterministic such as cyber-physical systems (e.g. biometric/medical monitoring, autonomous machines, etc.). I utilized this workflow for the brain liveness problem and was able to iteratively improve the performance of both the designed attacks and the proposed liveness detection methods.
Date Created
2021
Agent

Reliable Distributed Management in Uncertain Environments

161300-Thumbnail Image.png
Description
Increase in the usage of Internet of Things(IoT) devices across physical systems has provided a platform for continuous data collection, real-time monitoring, and extracting useful insights. Limited computing power and constrained resources on the IoT devices has driven the physical

Increase in the usage of Internet of Things(IoT) devices across physical systems has provided a platform for continuous data collection, real-time monitoring, and extracting useful insights. Limited computing power and constrained resources on the IoT devices has driven the physical systems to rely on external resources such as cloud computing for handling compute-intensive and data-intensive processing. Recently, physical environments have began to explore the usage of edge devices for handling complex processing. However, these environments may face many challenges suchas uncertainty of device availability, uncertainty of data relevance, and large set of geographically dispersed devices. This research proposes the design of a reliable distributed management system that focuses on the following objectives: 1. improving the success rate of task completion in uncertain environments. 2. enhancing the reliability of the applications and 3. support latency sensitive applications. Main modules of the proposed system include: 1. A novel proactive user recruitment approach to improve the success rate of the task completion. 2.Contextual data acquisition and integration of false data detection for enhancing the reliability of the applications. 3. Novel distributed management of compute resources for achieving real-time monitoring and to support highly responsive applications. User recruitment approaches select the devices for offloading computation. Proposed proactive user recruitment module selects an optimized set of devices that match the resource requirements of the application. Contextual data acquisition module banks on the contextual requirements for identifying the data sources that are more useful to the application. Proposed reliable distributed management system can be used as a framework for offloading the latency sensitive applications across the volunteer computing edge devices.
Date Created
2021
Agent

Improving the Trustworthiness of Electronic Voting Systems Using Blockchain

158018-Thumbnail Image.png
Description
Many researchers have seen the value blockchain can add to the field of voting and many protocols have been proposed to allow voting to be conducted in a way that takes advantage of blockchains distributed and immutable structure. While blockchains

Many researchers have seen the value blockchain can add to the field of voting and many protocols have been proposed to allow voting to be conducted in a way that takes advantage of blockchains distributed and immutable structure. While blockchains immutable structure can take the place of paper records in preventing tampering it by itself is insufficient to construct a trustworthy voting system with eligibility, privacy, verifiability, and fairness requirements. Many of the protocols which strive to keep voters votes confidential, but also allow for verifiability and eligibility requirements rely on either a blind signature provided by a central authority to provide compliance with these requirements or ring signatures to prove membership in the set of voters. A blind signature issued by a central authority introduces a potential vulnerability as it allows a corrupt central authority to pass a large number of forged ballots into the mix without any detection. Ring signatures on the other hand tend to be overly resource intensive to allow for practical usage in large voting sets. The research in this thesis focuses on improving the trustworthiness of electronic voting systems by providing possible ways of avoiding or detecting corrupt central authorities while still relying upon the benefits of efficiency the blind signature provides.
Date Created
2020
Agent

Facebook Perceived User Privacy

133279-Thumbnail Image.png
Description
There are potential risks when individuals choose to share information on social media platforms such as Facebook. With over 2.20 billion active monthly users, Facebook has the largest collection of user information compared to other social media sites. Due to

There are potential risks when individuals choose to share information on social media platforms such as Facebook. With over 2.20 billion active monthly users, Facebook has the largest collection of user information compared to other social media sites. Due to their large collection of data, Facebook has constantly received criticism for their data privacy policies. Facebook has constantly changed its privacy policies in the effort to protect itself and end users. However, the changes in privacy policy may not translate into users changing their privacy controls. The goal of Facebook privacy controls is to allow Facebook users to be in charge of their data privacy. The goal of this study was to determine if a gap between user perceived privacy and reality existed. If this gap existed we investigated to see if certain information about the user would have a relationship to their ability to implement their settings successfully. We gathered information of ASU college students such as: gender, field of study, political affiliations, leadership involvement, privacy settings and online behaviors. After collecting the data, we reviewed each participants' Facebook profiles to examine the existence of the gap between their privacy settings and information available as a stranger. We found that there existed a difference between their settings and reality and it was not related to any of the users' background information.
Date Created
2018-05
Agent

Optimizing a Parallel Computing Stack for Single Board Computers

133359-Thumbnail Image.png
Description
The current trend of interconnected devices, or the internet of things (IOT) has led to the popularization of single board computers (SBC). This is primarily due to their form-factor and low price. This has led to unique networks of devices

The current trend of interconnected devices, or the internet of things (IOT) has led to the popularization of single board computers (SBC). This is primarily due to their form-factor and low price. This has led to unique networks of devices that can have unstable network connections and minimal processing power. Many parallel program- ming libraries are intended for use in high performance computing (HPC) clusters. Unlike the IOT environment described, HPC clusters will in general look to obtain very consistent network speeds and topologies. There are a significant number of software choices that make up what is referred to as the HPC stack or parallel processing stack. My thesis focused on building an HPC stack that would run on the SCB computer name the Raspberry Pi. The intention in making this Raspberry Pi cluster is to research performance of MPI implementations in an IOT environment, which had an impact on the design choices of the cluster. This thesis is a compilation of my research efforts in creating this cluster as well as an evaluation of the software that was chosen to create the parallel processing stack.
Date Created
2018-05
Agent

Threats, Countermeasures, and Research Trends for BLE-based IoT Devices

156006-Thumbnail Image.png
Description
The Internet of Things has conjured up a storm in the technology world by providing novel methods to connect, exchange, aggregate, and monitor data across a system of inter-related devices and entities. Of the myriad technologies that aid in the

The Internet of Things has conjured up a storm in the technology world by providing novel methods to connect, exchange, aggregate, and monitor data across a system of inter-related devices and entities. Of the myriad technologies that aid in the functioning of these IoT devices, Bluetooth Low Energy also known as BLE plays a major role in establishing inter-connectivity amongst these devices. This thesis aims to provide a background on BLE, the type of attacks that could occur in an IoT setting, the possible defenses that are available to prevent the occurrence of such attacks, and a discussion on the research trends that hold great promise in presenting seamless solutions to integrate IoT devices across different industry verticals.
Date Created
2017
Agent

Scratchpad Management in Software Managed Manycore Architectures

155944-Thumbnail Image.png
Description
Caches have long been used to reduce memory access latency. However, the increased complexity of cache coherence brings significant challenges in processor design as the number of cores increases. While making caches scalable is still an important research problem, some

Caches have long been used to reduce memory access latency. However, the increased complexity of cache coherence brings significant challenges in processor design as the number of cores increases. While making caches scalable is still an important research problem, some researchers are exploring the possibility of a more power-efficient SRAM called scratchpad memories or SPMs. SPMs consume significantly less area, and are more energy-efficient per access than caches, and therefore make the design of on-chip memories much simpler. Unlike caches, which fetch data from memories automatically, an SPM requires explicit instructions for data transfers. SPM-only architectures are thus named as software managed manycore (SMM), since the data movements of such architectures rely on software. SMM processors have been widely used in different areas, such as embedded computing, network processing, or even high performance computing. While SMM processors provide a low-power platform, the hardware alone does not guarantee power efficiency, if applications on such processors deliver low performance. Efficient software techniques are therefore required. A big body of management techniques for SMM architectures are compiler-directed, as inserting data movement operations by hand forces programmers to trace flow of data, which can be error-prone and sometimes difficult if not impossible. This thesis develops compiler-directed techniques to manage data transfers for embedded applications on SMMs efficiently. The techniques analyze and find out the proper program points and insert data movement instructions accordingly. The techniques manage code, stack and heap data of applications, and reduce execution time by 14%, 52% and 80% respectively compared to their predecessors on typical embedded applications. On top of managing local data, a technique is also developed for shared data in SMM architectures. Experimental results show it achieves more than 2X speedup than the previous technique on average.
Date Created
2017
Agent

A SURVEY OF SPOOFING ATTACKS AND CURRENT WELL KNOWN DEFENSES

136159-Thumbnail Image.png
Description
Defending against spoofing is an important part of security throughout the internet. With- out the ability to authenticate, within a certain confidence, that a person is in fact who they say are, can allow attackers to go unrecognized after performing

Defending against spoofing is an important part of security throughout the internet. With- out the ability to authenticate, within a certain confidence, that a person is in fact who they say are, can allow attackers to go unrecognized after performing an attack. It is much too easy for attackers today to hide their identity or pretend to be someone else through the means of spoof- ing. Researchers must focus their efforts on defenses that are scalable and effective in counter- ing spoofing. This thesis focuses on surveying different types of spoofing as well as attacks that lever- age spoofing with the hopes to hide the attacker's identity or leverage identity theft to perform an attack. It also looks at current defenses that hope to counter attacks that leverage spoofing and evaluates how realistic is to implement the defenses in terms of scalability and effective- ness. By surveying different attacks and defenses, researchers will be able to better focus their efforts on more effective and scalable defenses to spoofing and attacks that leverage spoofing.
Date Created
2015-05
Agent

Vulnerability and Protection Analysis of Critical Infrastructure Systems

155859-Thumbnail Image.png
Description
The power and communication networks are highly interdependent and form a part of the critical infrastructure of a country. Similarly, dependencies exist within the networks itself. Owing to cascading failures, interdependent and intradependent networks are extremely susceptible to widespread vulnerabilities.

The power and communication networks are highly interdependent and form a part of the critical infrastructure of a country. Similarly, dependencies exist within the networks itself. Owing to cascading failures, interdependent and intradependent networks are extremely susceptible to widespread vulnerabilities. In recent times the research community has shown significant interest in modeling to capture these dependencies. However, many of them are simplistic in nature which limits their applicability to real world systems. This dissertation presents a Boolean logic based model termed as Implicative Interdependency Model (IIM) to capture the complex dependencies and cascading failures resulting from an initial failure of one or more entities of either network.

Utilizing the IIM, four pertinent problems encompassing vulnerability and protection of critical infrastructures are formulated and solved. For protection analysis, the Entity Hardening Problem, Targeted Entity Hardening Problem and Auxiliary Entity Allocation Problem are formulated. Qualitatively, under a resource budget, the problems maximize the number of entities protected from failure from an initial failure of a set of entities. Additionally, the model is also used to come up with a metric to analyze the Robustness of critical infrastructure systems. The computational complexity of all these problems is NP-complete. Accordingly, Integer Linear Program solutions (to obtain the optimal solution) and polynomial time sub-optimal Heuristic solutions are proposed for these problems. To analyze the efficacy of the Heuristic solution, comparative studies are performed on real-world and test system data.
Date Created
2017
Agent

Mobile cloud application framework and offloading strategies

154901-Thumbnail Image.png
Description
Mobile Cloud computing has shown its capability to support mobile devices for

provisioning computing, storage and communication resources. A distributed mobile

cloud service system called "POEM" is presented to manage the mobile cloud resource

and compose mobile cloud applications. POEM considers resource management

Mobile Cloud computing has shown its capability to support mobile devices for

provisioning computing, storage and communication resources. A distributed mobile

cloud service system called "POEM" is presented to manage the mobile cloud resource

and compose mobile cloud applications. POEM considers resource management not

only between mobile devices and clouds, but also among mobile devices. It implements

both computation offloading and service composition features. The proposed POEM

solution is demonstrated by using OSGi and XMPP techniques.

Offloading is one major type of collaborations between mobile device and cloud

to achieve less execution time and less energy consumption. Offloading decisions for

mobile cloud collaboration involve many decision factors. One of important decision

factors is the network unavailability. This report presents an offloading decision model

that takes network unavailability into consideration. The application execution time

and energy consumption in both ideal network and network with some unavailability

are analyzed. Based on the presented theoretical model, an application partition

algorithm and a decision module are presented to produce an offloading decision that

is resistant to network unavailability.

Existing offloading models mainly focus on the one-to-one offloading relation. To

address the multi-factor and multi-site offloading mobile cloud application scenarios,

a multi-factor multi-site risk-based offloading model is presented, which abstracts the

offloading impact factors as for offloading benefit and offloading risk. The offloading

decision is made based on a comprehensive offloading risk evaluation. This presented

model is generic and expendable. Four offloading impact factors are presented to show

the construction and operation of the presented offloading model, which can be easily

extended to incorporate more factors to make offloading decision more comprehensive.

The overall offloading benefits and risks are aggregated based on the mobile cloud

users' preference.

The offloading topology may change during the whole application life. A set of

algorithms are presented to address the service topology reconfiguration problem in

several mobile cloud representative application scenarios, i.e., they are modeled as

finite horizon scenarios, infinite horizon scenarios, and large state space scenarios to

represent ad hoc, long-term, and large-scale mobile cloud service composition scenarios,

respectively.
Date Created
2016
Agent