ASU Electronic Theses and Dissertations
This collection includes most of the ASU Theses and Dissertations from 2011 to present. ASU Theses and Dissertations are available in downloadable PDF format; however, a small percentage of items are under embargo. Information about the dissertations/theses includes degree information, committee members, an abstract, supporting data or media.
In addition to the electronic theses found in the ASU Digital Repository, ASU Theses and Dissertations can be found in the ASU Library Catalog.
Dissertations and Theses granted by Arizona State University are archived and made available through a joint effort of the ASU Graduate College and the ASU Libraries. For more information or questions about this collection contact or visit the Digital Repository ETD Library Guide or contact the ASU Graduate College at gradformat@asu.edu.
Displaying 61 - 69 of 69
Filtering by
- Creators: Ahn, Gail-Joon
Description
The recent years have witnessed a rapid development of mobile devices and smart devices. As more and more people are getting involved in the online environment, privacy issues are becoming increasingly important. People’s privacy in the digital world is much easier to leak than in the real world, because every action people take online would leave a trail of information which could be recorded, collected and used by malicious attackers. Besides, service providers might collect users’ information and analyze them, which also leads to a privacy breach. Therefore, preserving people’s privacy is very important in the online environment.
In this dissertation, I study the problems of preserving people’s identity privacy and loca- tion privacy in the online environment. Specifically, I study four topics: identity privacy in online social networks (OSNs), identity privacy in anonymous message submission, lo- cation privacy in location based social networks (LBSNs), and location privacy in location based reminders. In the first topic, I propose a system which can hide users’ identity and data from untrusted storage site where the OSN provider puts users’ data. I also design a fine grained access control mechanism which prevents unauthorized users from accessing the data. Based on the secret sharing scheme, I construct a shuffle protocol that disconnects the relationship between members’ identities and their submitted messages in the topic of identity privacy in anonymous message submission. The message is encrypted on the mem- ber side and decrypted on the message collector side. The collector eventually gets all of the messages but does not know who submitted which message. In the third topic, I pro- pose a framework that hides users’ check-in information from the LBSN. Considering the limited computation resources on smart devices, I propose a delegatable pseudo random function to outsource computations to the much more powerful server while preserving privacy. I also implement efficient revocations. In the topic of location privacy in location based reminders, I propose a system to hide users’ reminder locations from an untrusted cloud server. I propose a cross based approach and an improved bar based approach, re- spectively, to represent a reminder area. The reminder location and reminder message are encrypted before uploading to the cloud server, which then can determine whether the dis- tance between the user’s current location and the reminder location is within the reminder distance without knowing anything about the user’s location information and the content of the reminder message.
In this dissertation, I study the problems of preserving people’s identity privacy and loca- tion privacy in the online environment. Specifically, I study four topics: identity privacy in online social networks (OSNs), identity privacy in anonymous message submission, lo- cation privacy in location based social networks (LBSNs), and location privacy in location based reminders. In the first topic, I propose a system which can hide users’ identity and data from untrusted storage site where the OSN provider puts users’ data. I also design a fine grained access control mechanism which prevents unauthorized users from accessing the data. Based on the secret sharing scheme, I construct a shuffle protocol that disconnects the relationship between members’ identities and their submitted messages in the topic of identity privacy in anonymous message submission. The message is encrypted on the mem- ber side and decrypted on the message collector side. The collector eventually gets all of the messages but does not know who submitted which message. In the third topic, I pro- pose a framework that hides users’ check-in information from the LBSN. Considering the limited computation resources on smart devices, I propose a delegatable pseudo random function to outsource computations to the much more powerful server while preserving privacy. I also implement efficient revocations. In the topic of location privacy in location based reminders, I propose a system to hide users’ reminder locations from an untrusted cloud server. I propose a cross based approach and an improved bar based approach, re- spectively, to represent a reminder area. The reminder location and reminder message are encrypted before uploading to the cloud server, which then can determine whether the dis- tance between the user’s current location and the reminder location is within the reminder distance without knowing anything about the user’s location information and the content of the reminder message.
ContributorsZhao, Xinxin (Author) / Xue, Guoliang (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Huang, Dijiang (Committee member) / Zhang, Yanchao (Committee member) / Arizona State University (Publisher)
Created2015
Description
Utilities infrastructure like the electric grid have been the target of more sophisticated cyberattacks designed to disrupt their operation and create social unrest and economical losses. Just in 2016, a cyberattack targeted the Ukrainian power grid and successfully caused a blackout that affected 225,000 customers.
Industrial Control Systems (ICS) are a critical part of this infrastructure. Honeypots are one of the tools that help us capture attack data to better understand new and existing attack methods and strategies. Honeypots are computer systems purposefully left exposed to be broken into. They do not have any inherent value, instead, their value comes when attackers interact with them. However, state-of-the-art honeypots lack sophisticated service simulations required to obtain valuable data.
Worst, they cannot adapt while ICS malware keeps evolving and attacks patterns are increasingly more sophisticated.
This work presents HoneyPLC: A Next-Generation Honeypot for ICS. HoneyPLC is, the very first medium-interaction ICS honeypot, and includes advanced service simulation modeled after S7-300 and S7-1200 Siemens PLCs, which are widely used in real-life ICS infrastructures.
Additionally, HoneyPLC provides much needed extensibility features to prepare for new attack tactics, e.g., exploiting a new vulnerability found in a new PLC model.
HoneyPLC was deployed both in local and public environments, and tested against well-known reconnaissance tools used by attackers such as Nmap and Shodan's Honeyscore. Results show that HoneyPLC is in fact able to fool both tools with a high level of confidence. Also, HoneyPLC recorded high amounts of interesting ICS interactions from all around the globe, proving not only that attackers are in fact targeting ICS systems, but that HoneyPLC provides a higher level of interaction that effectively deceives them.
Industrial Control Systems (ICS) are a critical part of this infrastructure. Honeypots are one of the tools that help us capture attack data to better understand new and existing attack methods and strategies. Honeypots are computer systems purposefully left exposed to be broken into. They do not have any inherent value, instead, their value comes when attackers interact with them. However, state-of-the-art honeypots lack sophisticated service simulations required to obtain valuable data.
Worst, they cannot adapt while ICS malware keeps evolving and attacks patterns are increasingly more sophisticated.
This work presents HoneyPLC: A Next-Generation Honeypot for ICS. HoneyPLC is, the very first medium-interaction ICS honeypot, and includes advanced service simulation modeled after S7-300 and S7-1200 Siemens PLCs, which are widely used in real-life ICS infrastructures.
Additionally, HoneyPLC provides much needed extensibility features to prepare for new attack tactics, e.g., exploiting a new vulnerability found in a new PLC model.
HoneyPLC was deployed both in local and public environments, and tested against well-known reconnaissance tools used by attackers such as Nmap and Shodan's Honeyscore. Results show that HoneyPLC is in fact able to fool both tools with a high level of confidence. Also, HoneyPLC recorded high amounts of interesting ICS interactions from all around the globe, proving not only that attackers are in fact targeting ICS systems, but that HoneyPLC provides a higher level of interaction that effectively deceives them.
ContributorsLopez Morales, Efren (Author) / Doupe, Adam (Thesis advisor) / Ahn, Gail-Joon (Thesis advisor) / Rubio-Medrano, Carlos (Committee member) / Arizona State University (Publisher)
Created2020
Description
Despite an abundance of defenses that work to protect Internet users from online threats, malicious actors continue deploying relentless large-scale phishing attacks that target these users. Effectively mitigating phishing attacks remains a challenge for the security community due to attackers' ability to evolve and adapt to defenses, the cross-organizational nature of the infrastructure abused for phishing, and discrepancies between theoretical and realistic anti-phishing systems. Although technical countermeasures cannot always compensate for the human weakness exploited by social engineers, maintaining a clear and up-to-date understanding of the motivation behind---and execution of---modern phishing attacks is essential to optimizing such countermeasures.
In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide.
In this dissertation, I analyze the state of the anti-phishing ecosystem and show that phishers use evasion techniques, including cloaking, to bypass anti-phishing mitigations in hopes of maximizing the return-on-investment of their attacks. I develop three novel, scalable data-collection and analysis frameworks to pinpoint the ecosystem vulnerabilities that sophisticated phishing websites exploit. The frameworks, which operate on real-world data and are designed for continuous deployment by anti-phishing organizations, empirically measure the robustness of industry-standard anti-phishing blacklists (PhishFarm and PhishTime) and proactively detect and map phishing attacks prior to launch (Golden Hour). Using these frameworks, I conduct a longitudinal study of blacklist performance and the first large-scale end-to-end analysis of phishing attacks (from spamming through monetization). As a result, I thoroughly characterize modern phishing websites and identify desirable characteristics for enhanced anti-phishing systems, such as more reliable methods for the ecosystem to collectively detect phishing websites and meaningfully share the corresponding intelligence. In addition, findings from these studies led to actionable security recommendations that were implemented by key organizations within the ecosystem to help improve the security of Internet users worldwide.
ContributorsOest, Adam (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Johnson, RC (Committee member) / Arizona State University (Publisher)
Created2020
Description
Cyberspace has become a field where the competitive arms race between defenders and adversaries play out. Adaptive, intelligent adversaries are crafting new responses to the advanced defenses even though the arms race has resulted in a gradual improvement of the security posture. This dissertation aims to assess the evolving threat landscape and enhance state-of-the-art defenses by exploiting and mitigating two different types of emerging security vulnerabilities. I first design a new cache attack method named Prime+Count which features low noise and no shared memory needed.I use the method to construct fast data covert channels. Then, I propose a novel software-based approach, SmokeBomb, to prevent cache side-channel attacks for inclusive and non-inclusive caches based on the creation of a private space in the L1 cache. I demonstrate the effectiveness of SmokeBomb by applying it to two different ARM processors with different instruction set versions and cache models and carry out an in-depth evaluation. Next, I introduce an automated approach that exploits a stack-based information leak vulnerability in operating system kernels to obtain sensitive data. Also, I propose a lightweight and widely applicable runtime defense, ViK, for preventing temporal memory safety violations which can lead attackers to have arbitrary code execution or privilege escalation together with information leak vulnerabilities. The security impact of temporal memory safety vulnerabilities is critical, but,they are difficult to identify because of the complexity of real-world software and the spatial separation of allocation and deallocation code. Therefore, I focus on preventing not the vulnerabilities themselves, but their exploitation. ViK can effectively protect operating system kernels and user-space programs from temporal memory safety violations, imposing low runtime and memory overhead.
ContributorsCho, Haehyun (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Shoshitaishvili, Yan (Committee member) / Wang, Ruoyu (Committee member) / Wu, Carole-Jean (Committee member) / Arizona State University (Publisher)
Created2021
Description
Emerging trends in cyber system security breaches in critical cloud infrastructures show that attackers have abundant resources (human and computing power), expertise and support of large organizations and possible foreign governments. In order to greatly improve the protection of critical cloud infrastructures, incorporation of human behavior is needed to predict potential security breaches in critical cloud infrastructures. To achieve such prediction, it is envisioned to develop a probabilistic modeling approach with the capability of accurately capturing system-wide causal relationship among the observed operational behaviors in the critical cloud infrastructure and accurately capturing probabilistic human (users’) behaviors on subsystems as the subsystems are directly interacting with humans. In our conceptual approach, the system-wide causal relationship can be captured by the Bayesian network, and the probabilistic human behavior in the subsystems can be captured by the Markov Decision Processes. The interactions between the dynamically changing state graphs of Markov Decision Processes and the dynamic causal relationships in Bayesian network are key components in such probabilistic modelling applications. In this thesis, two techniques are presented for supporting the above vision to prediction of potential security breaches in critical cloud infrastructures. The first technique is for evaluation of the conformance of the Bayesian network with the multiple MDPs. The second technique is to evaluate the dynamically changing Bayesian network structure for conformance with the rules of the Bayesian network using a graph checker algorithm. A case study and its simulation are presented to show how the two techniques support the specific parts in our conceptual approach to predicting system-wide security breaches in critical cloud infrastructures.
ContributorsNagaraja, Vinjith (Author) / Yau, Stephen S. (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Davulcu, Hasan (Committee member) / Arizona State University (Publisher)
Created2015
Description
Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of cyber defense. Human teamwork in cyber defense analysis has been overlooked even though it has been identified as an important predictor of cyber defense performance. Also, to detect advanced forms of threats effective information sharing and collaboration between the cyber defense analysts becomes imperative. Therefore, through this dissertation work, I took a cognitive engineering approach to investigate and improve cyber defense teamwork. The approach involved investigating a plausible team-level bias called the information pooling bias in cyber defense analyst teams conducting the detection task that is part of forensics analysis through human-in-the-loop experimentation. The approach also involved developing agent-based models based on the experimental results to explore the cognitive underpinnings of this bias in human analysts. A prototype collaborative visualization tool was developed by considering the plausible cognitive limitations contributing to the bias to investigate whether a cognitive engineering-driven visualization tool can help mitigate the bias in comparison to off-the-shelf tools. It was found that participant teams conducting the collaborative detection tasks as part of forensics analysis, experience the information pooling bias affecting their performance. Results indicate that cognitive friendly visualizations can help mitigate the effect of this bias in cyber defense analysts. Agent-based modeling produced insights on internal cognitive processes that might be contributing to this bias which could be leveraged in building future visualizations. This work has multiple implications including the development of new knowledge about the science of cyber defense teamwork, a demonstration of the advantage of developing tools using a cognitive engineering approach, a demonstration of the advantage of using a hybrid cognitive engineering methodology to study teams in general and finally, a demonstration of the effect of effective teamwork on cyber defense performance.
ContributorsRajivan, Prashanth (Author) / Cooke, Nancy J. (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Janssen, Marcus (Committee member) / Arizona State University (Publisher)
Created2014
Description
Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates 3D virtual content into the physical world in real-time. It has been implemented for multiple intents as it enhances people’s interaction, e.g., shopping, entertainment, gaming, etc. Thus, MAR is expected to grow at a tremendous rate in the upcoming years, as its popularity via mobile devices has increased. But, unfortunately, the applications that implement MAR, hereby referred to as MAR-Apps, bear security issues. Such are imaged in worldwide recorded incidents caused by MAR-Apps, e.g., robberies, authorities requesting banning MAR at specific locations, etc. To further explore these concerns, a case study analyzed several MAR-Apps available in the market to identify the security problems in MAR. As a result of this study, the threats found were classified into three categories. First, Space Invasion implies the intrusive modification through MAR of sensitive spaces, e.g., hospitals, memorials, etc. Then, Space Affectation means the degradation of users’ experience via interaction with undesirable MAR or malicious entities. Finally, MAR-Apps mishandling sensitive data leads to Privacy Leaks. SpaceMediator, a proof-of-concept MAR-App that imitates the well-known and successful MAR-App Pokémon GO, implements the solution approach of a Policy-Governed MAR-App, which assists in preventing the aforementioned mentioned security issues. Furthermore, its feasibility is evaluated through a user study with 40 participants. As a result, uncovering understandability over the security issues as participants recognized and prevented them with success rates as high as 92.50%. Furthermore, there is an enriched interest in Policy-Governed MAR-Apps as 87.50% of participants agreed with restricted MAR-Apps within sensitive spaces, and 82.50% would implement constraints in MAR-Apps. These promising results encourage adopting the Policy-Governed solution approach in future MAR-Apps.
ContributorsClaramunt, Luis Manuel (Author) / Ahn, Gail-Joon (Thesis advisor) / Rubio-Medrano, Carlos E (Committee member) / Baek, Jaejong (Committee member) / Arizona State University (Publisher)
Created2022
Description
Despite extensive research by the security community, cyberattacks such as phishing and Internet of Things (IoT) attacks remain profitable to criminals and continue to cause substantial damage not only to the victim users that they target, but also the organizations they impersonate. In recent years, phishing websites have taken the place of malware websites as the most prevalent web-based threat. Even though technical countermeasures effectively mitigate web-based malware, phishing websites continue to grow in sophistication and successfully slip past modern defenses. Phishing attack and its countermeasure have entered into a new era, where one side has upgraded their weapon, attempting to conquer the other. In addition, the amount and usage of IoT devices increases rapidly because of the development and deployment of 5G network. Although researchers have proposed secure execution environment, attacks targeting those devices can often succeed. Therefore, the security community desperately needs detection and prevention methodologies to fight against phishing and IoT attacks. In this dissertation, I design a framework, named CrawlPhish, to understand the prevalence and nature of such sophistications, including cloaking, in phishing attacks, which evade detections from the anti-phishing ecosystem by distinguishing the traffic between a crawler and a real Internet user and hence maximize the return-on-investment from phishing attacks. CrawlPhish also detects and categorizes client-side cloaking techniques in phishing with scalability and automation. Furthermore, I focus on the analysis redirection abuse in advanced phishing websites and hence propose mitigations to classify malicious redirection use via machine learning algorithms. Based on the observations from previous work, from the perspective of prevention, I design a novel anti-phishing system called Spartacus that can be deployed from the user end to completely neutralize phishing attacks.
Lastly, inspired by Spartacus, I propose iCore, which proactively monitors the operations in the trusted execution environment to identify any maliciousness.
ContributorsZhang, Penghui (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Oest, Adam (Committee member) / Kapravelos, Alexandros (Committee member) / Arizona State University (Publisher)
Created2022
Description
Studies on underground forums can significantly advance the understanding of cybercrime workflow and underground economies. However, research on underground forums has concentrated on public information with little attention paid to users’ private interactions. Since detailed information will be discussed privately, the failure to investigate private interactions may miss critical intelligence and even misunderstand the entire underground economy. Furthermore, underground forums have evolved into criminal freelance markets where criminals trade illicit products and cybercrime services, allowing unsophisticated people to launch sophisticated cyber attacks. However, current research rarely examines and explores how criminals interact with each other, which makes researchers miss the opportunities to detect new cybercrime patterns proactively. Moreover, in clearnet, criminals are active in exploiting human vulnerabilities to conduct various attacks, and the phishing attack is one of the most prevalent types of cybercrime. Phishing awareness training has been proven to decrease the rate of clicking phishing emails. However, the rate of reporting phishing attacks is unexpectedly low based on recent studies, leaving phishing websites with hours of additional active time before being detected. In this dissertation, I first present an analysis of private interactions in underground forums and introduce machine learning-based approaches to detect hidden connections between users. Secondly, I analyze how criminals collaborate with each other in an emerging scam service in underground forums that exploits the return policies of merchants to get a refund or a replacement without returning the purchased products. Finally, I conduct a comprehensive evaluation of the phishing reporting ecosystem to identify the critical challenges while reporting phishing attacks to enable people to fight against phishers proactively.
ContributorsSun, Zhibo (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Thesis advisor) / Bao, Tiffany (Committee member) / Benjamin, Victor (Committee member) / Arizona State University (Publisher)
Created2022