Matching Items (41)

134762-Thumbnail Image.png

Security Analysis of IoT Media Broadcast Devices

Description

IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk

IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk players, allowing easy integration between home and business Wi-Fi networks and television systems capable of supporting HDMI inputs without the additional overhead of setting up a heavy or complicated player or computer. The rapid expansion of these products as a mechanism to provide for TV Everywhere services for entertainment as well as cheap office appliances brings yet another node in the rapidly expanding network of IoT that surrounds us today. However, the security implications of these devices are nearly unexplored, despite their prevalence. In this thesis, I will go over the structure and mechanisms of Chromecast, and explore some of the potential exploits and consequences of the device. The thesis contains an overview of the inner workings of Chromecast, goes over the segregation and limited control and fundamental design choices of the Android based OS. It then identifies the objectives of security, four different potential methods of exploit to compromise those objectives on a Chromecast and/or its attached network, including rogue applications, traffic sniffing, evil access points and the most effective one: deauthentication attack. Tests or relevant analysis were carried out for each of these methods, and conclusions were drawn on their effectiveness. There is then a conclusion revolving around the consequences, mitigation and the future implications of security issues on Chromecast and the larger IoT landscape.

Contributors

Agent

Created

Date Created
  • 2016-12

134266-Thumbnail Image.png

TSCAN: Toward a Static and Customizable Analysis for Node.js

Description

Node.js is an extremely popular development framework for web applications. The appeal of its event-driven, asynchronous flow and the convenience of JavaScript as its programming language have driven its rapid

Node.js is an extremely popular development framework for web applications. The appeal of its event-driven, asynchronous flow and the convenience of JavaScript as its programming language have driven its rapid growth, and it is currently deployed by leading companies in retail, finance, and other important sectors. However, the tools currently available for Node.js developers to secure their applications against malicious attackers are notably scarce. While there has been a substantial amount of security tools created for web applications in many other languages such as PHP and Java, very little exists for Node.js applications. This could compromise private information belonging to companies such as PayPal and WalMart. We propose a tool to statically analyze Node.js web applications for five popular vulnerabilites: cross-site scripting, SQL injection, server-side request forgery, command injection, and code injection. We base our tool off of JSAI, a platform created to parse client-side JavaScript for security risks. JSAI is novel because of its configuration capabilities, which allow a user to choose between various analysis options at runtime in order to select the most thorough analysis with the least amount of processing time. We contribute to the development of our tool by rigorously analyzing and documenting vulnerable functions and objects in Node.js that are relevant to the vulnerabilities we have selected. We intend to use this documentation to build a robust Node.js static analysis tool and we hope that other developers will also incorporate this analysis into their Node.js security projects.

Contributors

Created

Date Created
  • 2017-05

134209-Thumbnail Image.png

Temperature dependency on baseline of polymer modified Tuning Forks

Description

Polymer modified tuning fork-based sensors were fabricated to assure reproducibility. The effect of system valve switching on the modified tuning fork-based sensors was studied at the different temperature. The response

Polymer modified tuning fork-based sensors were fabricated to assure reproducibility. The effect of system valve switching on the modified tuning fork-based sensors was studied at the different temperature. The response to Xylene gas sample on stabilized modified tuning fork-based sensors with temperature was defined while learning about the key analytical performance for chemical sensors to be used in the real-world application.

Contributors

Agent

Created

Date Created
  • 2017-05

131187-Thumbnail Image.png

HealthKeep: An Investment Opportunity to Save Lives

Description

In 2017 alone, over 250,00 patients died due to medical errors and is the 3rd leading cause of death in America. These errors attributed to incorrect diagnosis and treatment of

In 2017 alone, over 250,00 patients died due to medical errors and is the 3rd leading cause of death in America. These errors attributed to incorrect diagnosis and treatment of illnesses can be preventable. The solution to this major issue is the creation of an app called HealthKeep. Primary market research done during the first semester of the study included the creation of a school-wide survey across all ASU campuses that consisted of key questions for people of all ages in regards to their healthcare. These questions include how often patients of specific age ranges visit the doctor, their overall experience during appointments, and their attitudes towards the creation of a mobile health application that would be able to tabulate all your medical information neatly and securely. The overwhelming response stated that patient’s from all ranges would be open to the idea of having such an application. Further development included the creation of a business plan and application storyboard used when interviewing potential customers about the application. All of these tools aided in the first entry for Venture Devils in the first semester leading to the disappointing failure of winning funding. However, the feedback on the website created, executive summary, expanded pitch deck, and market research aided in the successful key revisions of the venture during this second semester and has resulted in placement in the final round of Pitch Playoffs where funding can be awarded.

Contributors

Agent

Created

Date Created
  • 2020-05

131747-Thumbnail Image.png

The Vulnerabilities of Using Passwords and Username Based Systems

Description

One of the major sources of authentication is through the use of username and password systems. Ideally, each password is a unique identifier known by a single individual. In reality

One of the major sources of authentication is through the use of username and password systems. Ideally, each password is a unique identifier known by a single individual. In reality however, exposed passwords from past data breaches reveal vulnerabilities that are traceable to passwords created today. Vulnerabilities include repetitions of characters, words, character sequences, and phrases that are used in a password. This project was observed in English to highlight the vulnerabilities that can come from utilizing the English language. However, the vulnerabilities highlighted in this project can also be applicable in languages across the world. It was observed that through the common types of digital attacks, brute force attack and dictionary attack work effectively against weak passwords. Brute force attack revealed that a user could expose an alphanumeric password of length eight in as little as one and a half days. In addition, dictionary attacks revealed that an alphanumeric password of length eight can be exposed in a shorter amount of time if the password contains a single long word or phrase thought to be secure. During this attack analysis, it found that passwords become significantly more secure in the utilization of alphanumeric passwords of minimal length of eight. In addition, the password must also not be a particular phrase or word with simplistic characteristics for adequate strength against dictionary attack. The solution to using username and password systems is to create a password utilizing as many characters as possible while still retaining memorability. If creating a password of this type is not feasible, there is a need to use technological solutions to keep the current system of username and passwords as secure as possible under daily life. Otherwise, there will be a need to replace the username and password system altogether before it becomes insecure by technology.

Contributors

Agent

Created

Date Created
  • 2020-05

135099-Thumbnail Image.png

How Much Do They Know? A Study on Mobile Phone Information Use

Description

Smartphone privacy is a growing concern around the world; smartphone applications routinely take personal information from our phones and monetize it for their own profit. Worse, they're doing it legally.

Smartphone privacy is a growing concern around the world; smartphone applications routinely take personal information from our phones and monetize it for their own profit. Worse, they're doing it legally. The Terms of Service allow companies to use this information to market, promote, and sell personal data. Most users seem to be either unaware of it, or unconcerned by it. This has negative implications for the future of privacy, particularly as the idea of smart home technology becomes a reality. If this is what privacy looks like now, with only one major type of smart device on the market, what will the future hold, when the smart home systems come into play. In order to examine this question, I investigated how much awareness/knowledge smartphone users of a specific demographic (millennials aged 18-25) knew about their smartphone's data and where it goes. I wanted three questions answered: - For what purposes do millennials use their smartphones? - What do they know about smartphone privacy and security? - How will this affect the future of privacy? To accomplish this, I gathered information using a distributed survey to millennials attending Arizona State University. Using statistical analysis, I exposed trends for this demographic, discovering that there isn't a lack of knowledge among millennials; most are aware that smartphone apps can collect and share data and many of the participants are not comfortable with the current state of smartphone privacy. However, more than half of the study participants indicated that they never read an app's Terms of Service. Due to the nature of the privacy vs. convenience argument, users will willingly agree to let apps take their personal in- formation, since they don't want to give up the convenience.

Contributors

Created

Date Created
  • 2016-12

133206-Thumbnail Image.png

SolPatch: Toward Automatic Vulnerability Mitigation For Ethereum Smart Contracts

Description

Ethereum smart contracts are susceptible not only to those vulnerabilities common to all software development domains, but also to those arising from the peculiar execution model of the Ethereum Virtual

Ethereum smart contracts are susceptible not only to those vulnerabilities common to all software development domains, but also to those arising from the peculiar execution model of the Ethereum Virtual Machine. One of these vulnerabilities, a susceptibility to re-entrancy attacks, has been at the center of several high-profile contract exploits. Currently, there exist many tools to detect these vulnerabilties, as well as languages which preempt the creation of contracts exhibiting these issues, but no mechanism to address them in an automated fashion. One possible approach to filling this gap is direct patching of source files. The process of applying these patches to contracts written in Solidity, the primary Ethereum contract language, is discussed. Toward this end, a survey of deployed contracts is conducted, focusing on prevalence of language features and compiler versions. A heuristic approach to mitigating a particular class of re-entrancy vulnerability is developed, implemented as the SolPatch tool, and examined with respect to its limitations. As a proof of concept and illustrative example, a simplified version of the contract featured in a high-profile exploit is patched in this manner.

Contributors

Created

Date Created
  • 2018-12

131337-Thumbnail Image.png

Rule-Based Home Automation

Description

Apple’s HomeKit framework centralizes control of smart home devices and allows users to create home automations based on predefined rules. For example, a user can add a rule to turn

Apple’s HomeKit framework centralizes control of smart home devices and allows users to create home automations based on predefined rules. For example, a user can add a rule to turn off all the lights in their house whenever they leave. Currently, these rules must be added through a graphical user interface provided by Apple or a third-party app on iOS. This thesis describes how a text-based language provides users with a more expressive means of creating complex home automations and successfully implements such a language. Rules created using this text-based format are parsed and interpreted into rules that can be added directly into HomeKit. This thesis also explores how security features should be implemented with this text-based approach. Since automations are run by the system without user interaction, it is important to consider how the system itself can provide functionality to address the unintended consequences that may result from running an automation. This is especially important for the text-based approach since its increase in expressiveness makes it easier for a user to make a mistake in programming that leads to a security concern. The proposed method for preventing unintended side effects is using a simulation to run every automation prior to actually running the automation on real-world devices. This approach allows users to code some conditions that must be satisfied in order for the automation to run on devices in the home. This thesis describes the creation of such a program that successfully simulates every device in the home. There were limitations, however, with Apple's HomeKit framework, which made it impractical to match the state of simulated devices to real devices in the home. Without being able to match the current state of the home to the current state of the simulation, this method cannot satisfy the goal of ensuring that certain adverse effects will not occur as a result of automations. Other smart home control platforms that provide more extensibility could be used to create this simulation-based security approach. Perhaps as Apple continues to open up their HomeKit platform to developers, this approach may be feasible within Apple's ecosystem at some point in the future.

Contributors

Agent

Created

Date Created
  • 2020-05

147833-Thumbnail Image.png

Early Voting: Examining Its Impact on U.S. Election Integrity

Description

In light of the 2020 Presidential election, accusations regarding early voting methods have risen as a topic of debate among active voters. In order to ensure the voter’s trust in

In light of the 2020 Presidential election, accusations regarding early voting methods have risen as a topic of debate among active voters. In order to ensure the voter’s trust in voting methods, it is important to analyze whether such accusations are truthful or just dramatized speculation. Do early voting methods negatively infringe on the integrity the U.S. election process? Using gathered voter statistics and conducted partisan research within recent elections, this defense examines the impact early voting has had through the analysis of two of its most controversial claims. The author finds that there exists little to no reasonable support to conclude existence of infringement to the integrity of the election process, and the reasons that explain this topic’s rise in popularity lies in the failure to accept defeat and the notion of fear.

Contributors

Created

Date Created
  • 2021-05

148195-Thumbnail Image.png

Simulation and Design of Electrochemical Dendrites for Physically Unclonable Security Tags

Description

The colossal global counterfeit market and advances in cryptography including quantum computing supremacy have led the drive for a class of anti-counterfeit tags that are physically unclonable. Dendrites, previously considered

The colossal global counterfeit market and advances in cryptography including quantum computing supremacy have led the drive for a class of anti-counterfeit tags that are physically unclonable. Dendrites, previously considered an undesirable side effect of battery operation, have promise as an extremely versatile version of such tags, with their fundamental nature ensuring that no two dendrites are alike and that they can be read at multiple magnification scales. In this work, we first pursue a simulation for electrochemical dendrites that elucidates fundamental information about their growth mechanism. We then translate these results into physical dendrites and demonstrate methods of producing a hash from these dendrites that is damage-tolerant for real-world verification. Finally, we explore theoretical curiosities that arise from the fractal nature of dendrites. We find that uniquely ramified dendrites, which rely on lower ion mobility and conductive deposition, are particularly amenable to wavelet hashing, and demonstrate that these dendrites have strong commercial potential for securing supply chains at the highest level while maintaining a low price point.

Contributors

Agent

Created

Date Created
  • 2021-05