Matching Items (26)
Filtering by
- All Subjects: Unity
- All Subjects: Security
- Creators: Computer Science and Engineering Program
- Member of: Barrett, The Honors College Thesis/Creative Project Collection
Description
HackerHero is an educational game designed to teach children, especially those from marginalized backgrounds, computation thinking skills needed for STEAM fields. It also teaches children about social injustice. This project was focused on creating an audio visualization for an AI character within the HackerHero game. The audio visualization consisted of a static silhouette of a face and a wave-like form to represent the mouth. Audio content analysis was performed on audio sampled from the character’s voice lines. Pitch and amplitude derived from the analysis was used to animate the character’s visual features such as it’s brightness, color, and mouth movement. The mouth’s movement and color was manipulated with the audio’s pitch. The lights of Wave were controlled by the amplitude of the audio. Design considerations were made to accommodate those with visual disabilities such as color blindness and epilepsy. Overall the final audio visualization satisfied the project sponsor and built upon existing audio visualization work. User feedback will be a necessity for improving the audio visualization in the future.
ContributorsNguyen, Joshep D (Author) / Chavez-Echaegaray, Helen (Thesis director) / Waggoner, Trae (Committee member) / Department of Psychology (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
Description
Radio Frequency Identification (RFID) technology allows objects to be identified electronically by way of a small electronic tag. RFID is quickly becoming quite popular, and there are many security hurdles for this technology to overcome. The iCLASS line of RFID, produced by HID Global, is one such technology that is widely used for secure access control and applications where a contactless authentication element is desirable. Unfortunately, iCLASS has been shown to have security issues. Nevertheless customers continue to use it because of the great cost that would be required to completely replace it. This Honors Thesis will address attacks against iCLASS and means for countering them that do not require such an overhaul.
ContributorsMellott, Matthew John (Author) / Ahn, Gail-Joon (Thesis director) / Thorstenson, Tina (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2014-05
Description
Modern computer processors contain an embedded firmware known as microcode that controls decode and execution of x86 instructions. Although proprietary and relatively obscure, this microcode can be modified using updates released by hardware manufacturers to correct processor logic flaws (errata). At the same time, a malicious microcode update could compromise a processor by implementing new malicious instructions or altering the functionality of existing instructions, including processor-accelerated virtualization or cryptographic primitives. Not only is this attack vector capable of subverting all software-enforced security policies and access controls, but it also leaves behind no postmortem forensic evidence since the write-only patch memory is cleared upon system reset. Although supervisor privileges (ring zero) are required to update processor microcode, this attack cannot be easily mitigated due to the implementation of microcode update functionality within processor silicon. In this paper, we reveal the microarchitecture and mechanism of microcode updates, present a security analysis of this attack vector, and provide some mitigation suggestions.
ContributorsChen, Daming Dominic (Author) / Ahn, Gail-Joon (Thesis director) / Lee, Joohyung (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor) / School of International Letters and Cultures (Contributor) / School of Mathematical and Statistical Sciences (Contributor)
Created2014-05
Description
We discuss processes involved in user-centric security design, including the synthesis of goals based on security and usability tasks. We suggest the usage of implicit security and the facilitation of secureuser actions. We propose a process for evaluating usability flaws by treating them as security threats and adapting traditional HCI methods. We discuss how to correct these flaws once they are discovered. Finally, we discuss the Usable Security Development Model for developing usable secure systems.
ContributorsJorgensen, Jan Drake (Author) / Ahn, Gail-Joon (Thesis director) / VanLehn, Kurt (Committee member) / Wilkerson, Kelly (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
This thesis is based on bringing together three different components: non-Euclidean geometric worlds, virtual reality, and environmental puzzles in video games. While all three exist in their own right in the world of video games, as well as combined in pairs, there are virtually no examples of all three together. Non-Euclidean environmental puzzle games have existed for around 10 years in various forms, short environmental puzzle games in virtual reality have come into existence in around the past five years, and non-Euclidean virtual reality exists mainly as non-video game short demos from the past few years. This project seeks to be able to bring these components together to create a proof of concept for how a game like this should function, particularly the integration of non-Euclidean virtual reality in the context of a video game. To do this, a Unity package which uses a custom system for creating worlds in a non-Euclidean way rather than Unity’s built-in components such as for transforms, collisions, and rendering was used. This was used in conjunction with the SteamVR implementation with Unity to create a cohesive and immersive player experience.
ContributorsVerhagen, Daniel William (Author) / Kobayashi, Yoshihiro (Thesis director) / Nelson, Brian (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2021-05
Description
Apple’s HomeKit framework centralizes control of smart home devices and allows users to create home automations based on predefined rules. For example, a user can add a rule to turn off all the lights in their house whenever they leave. Currently, these rules must be added through a graphical user interface provided by Apple or a third-party app on iOS. This thesis describes how a text-based language provides users with a more expressive means of creating complex home automations and successfully implements such a language. Rules created using this text-based format are parsed and interpreted into rules that can be added directly into HomeKit. This thesis also explores how security features should be implemented with this text-based approach. Since automations are run by the system without user interaction, it is important to consider how the system itself can provide functionality to address the unintended consequences that may result from running an automation. This is especially important for the text-based approach since its increase in expressiveness makes it easier for a user to make a mistake in programming that leads to a security concern. The proposed method for preventing unintended side effects is using a simulation to run every automation prior to actually running the automation on real-world devices. This approach allows users to code some conditions that must be satisfied in order for the automation to run on devices in the home. This thesis describes the creation of such a program that successfully simulates every device in the home. There were limitations, however, with Apple's HomeKit framework, which made it impractical to match the state of simulated devices to real devices in the home. Without being able to match the current state of the home to the current state of the simulation, this method cannot satisfy the goal of ensuring that certain adverse effects will not occur as a result of automations. Other smart home control platforms that provide more extensibility could be used to create this simulation-based security approach. Perhaps as Apple continues to open up their HomeKit platform to developers, this approach may be feasible within Apple's ecosystem at some point in the future.
ContributorsSharp, Trevor Ryan (Co-author) / Sharp, Trevor (Co-author) / Bazzi, Rida (Thesis director) / Doupe, Adam (Committee member) / Economics Program in CLAS (Contributor) / Department of Management and Entrepreneurship (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
One of the major sources of authentication is through the use of username and password systems. Ideally, each password is a unique identifier known by a single individual. In reality however, exposed passwords from past data breaches reveal vulnerabilities that are traceable to passwords created today. Vulnerabilities include repetitions of characters, words, character sequences, and phrases that are used in a password. This project was observed in English to highlight the vulnerabilities that can come from utilizing the English language. However, the vulnerabilities highlighted in this project can also be applicable in languages across the world. It was observed that through the common types of digital attacks, brute force attack and dictionary attack work effectively against weak passwords. Brute force attack revealed that a user could expose an alphanumeric password of length eight in as little as one and a half days. In addition, dictionary attacks revealed that an alphanumeric password of length eight can be exposed in a shorter amount of time if the password contains a single long word or phrase thought to be secure. During this attack analysis, it found that passwords become significantly more secure in the utilization of alphanumeric passwords of minimal length of eight. In addition, the password must also not be a particular phrase or word with simplistic characteristics for adequate strength against dictionary attack. The solution to using username and password systems is to create a password utilizing as many characters as possible while still retaining memorability. If creating a password of this type is not feasible, there is a need to use technological solutions to keep the current system of username and passwords as secure as possible under daily life. Otherwise, there will be a need to replace the username and password system altogether before it becomes insecure by technology.
ContributorsTipton, Tony T (Co-author) / Tipton, Tony (Co-author) / Meuth, Ryan (Thesis director) / Tirupalavanam, Ganesh (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2020-05
Description
Despite the more tightly controlled permissions and Java framework used by most programs in the Android operating system, an attacker can use the same classic vulnerabilities that exist for traditional Linux binaries on the programs in the Android operating system. Some classic vulnerabilities include stack overows, string formats, and heap meta-information corruption. Through the exploitation of these vulnerabilities an attacker can hijack the execution ow of an application. After hijacking the execution ow, an attacker can then violate the con_dentiality, integrity, or availability of the operating system. Over the years, the operating systems and compliers have implemented a number of protections to prevent the exploitation of vulnerable programs. The most widely implemented protections include Non-eXecutable stack (NX Stack), Address Space Layout Randomization (ASLR), and Stack Canaries (Canaries). NX Stack protections prevent the injection and execution of arbitrary code through the use of a permissions framework within a program. Whereas, ASLR and Canaries rely on obfuscation techniques to protect control ow, which requires su_cient entropy between each execution. Early in the implementation of these protections in Linux, researchers discovered that without su_cient entropy between executions, ASLR and Canaries were easily bypassed. For example, the obfuscation techniques were useless in programs that ran continuously because the programs did not change the canaries or re-randomize the address space. Similarly, aws in the implementation of ASLR and Canaries in Android only re-randomizes the values after rebooting, which means the address space locations and canary values remain constant across the executions of an Android program. As a result, an attacker can hijack the control ow Android binaries that contain control ow vulnerabilities. The purpose of this paper is to expose these aws and the methodology used to verify their existence in Android versions 4.1 (Jelly Bean) through 8.0 (Oreo).
ContributorsGibbs, Wil (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2018-12
Description
Third-party mixers are used to heighten the anonymity of Bitcoin users. The mixing techniques implemented by these tools are often untraceable on the blockchain, making them appealing to money launderers. This research aims to analyze mixers currently available on the deep web. In addition, an in-depth case study is done on an open-source bitcoin mixer known as Penguin Mixer. A local version of Penguin Mixer was used to visualize mixer behavior under specific scenarios. This study could lead to the identification of vulnerabilities in mixing tools and detection of these tools on the blockchain.
ContributorsPakki, Jaswant (Author) / Doupe, Adam (Thesis director) / Shoshitaishvili, Yan (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2018-12
Description
Virtual reality gives users the opportunity to immerse themselves in an accurately
simulated computer-generated environment. These environments are accurately simulated in that they provide the appearance of- and allow users to interact with- the simulated environment. Using head-mounted displays, controllers, and auditory feedback, virtual reality provides a convincing simulation of interactable virtual worlds (Wikipedia, “Virtual reality”). The many worlds of virtual reality are often expansive, colorful, and detailed. However, there is one great flaw among them- an emotion evoked in many users through the exploration of such worlds-loneliness.
The content in these worlds is impressive, immersive, and entertaining. Without other people to share in these experiences, however, one can find themselves lonely. Users discover a feeling that no matter how many objects and colors surround them in countless virtual worlds, every world feels empty. As humans are social beings by nature, they feel lost without a sense of human connection and human interaction. Multiplayer experiences offer this missing element into the immersion of virtual reality worlds. Multiplayer offers users the opportunity to interact with other live people in a virtual simulation, which creates lasting memories and deeper, more meaningful immersion.
simulated computer-generated environment. These environments are accurately simulated in that they provide the appearance of- and allow users to interact with- the simulated environment. Using head-mounted displays, controllers, and auditory feedback, virtual reality provides a convincing simulation of interactable virtual worlds (Wikipedia, “Virtual reality”). The many worlds of virtual reality are often expansive, colorful, and detailed. However, there is one great flaw among them- an emotion evoked in many users through the exploration of such worlds-loneliness.
The content in these worlds is impressive, immersive, and entertaining. Without other people to share in these experiences, however, one can find themselves lonely. Users discover a feeling that no matter how many objects and colors surround them in countless virtual worlds, every world feels empty. As humans are social beings by nature, they feel lost without a sense of human connection and human interaction. Multiplayer experiences offer this missing element into the immersion of virtual reality worlds. Multiplayer offers users the opportunity to interact with other live people in a virtual simulation, which creates lasting memories and deeper, more meaningful immersion.
ContributorsJorgensen, Nicholas Keith (Co-author) / Jorgensen, Caitlin Nicole (Co-author) / Selgrad, Justin (Thesis director) / Ehgner, Arnaud (Committee member) / Computer Science and Engineering Program (Contributor, Contributor) / Barrett, The Honors College (Contributor)
Created2019-05