Matching Items (4)
Filtering by
- All Subjects: Security
- Creators: Zhao, Ziming
- Creators: Anderson, Kelly Joanne
- Member of: Barrett, The Honors College Thesis/Creative Project Collection
Description
IoT Media broadcast devices, such as the Roku stick, Amazon Fire, and Chromecast have been emerging onto the market recently as a portable and inexpensive alternative to cable and disk players, allowing easy integration between home and business Wi-Fi networks and television systems capable of supporting HDMI inputs without the additional overhead of setting up a heavy or complicated player or computer. The rapid expansion of these products as a mechanism to provide for TV Everywhere services for entertainment as well as cheap office appliances brings yet another node in the rapidly expanding network of IoT that surrounds us today. However, the security implications of these devices are nearly unexplored, despite their prevalence. In this thesis, I will go over the structure and mechanisms of Chromecast, and explore some of the potential exploits and consequences of the device. The thesis contains an overview of the inner workings of Chromecast, goes over the segregation and limited control and fundamental design choices of the Android based OS. It then identifies the objectives of security, four different potential methods of exploit to compromise those objectives on a Chromecast and/or its attached network, including rogue applications, traffic sniffing, evil access points and the most effective one: deauthentication attack. Tests or relevant analysis were carried out for each of these methods, and conclusions were drawn on their effectiveness. There is then a conclusion revolving around the consequences, mitigation and the future implications of security issues on Chromecast and the larger IoT landscape.
ContributorsHuang, Kaiyi (Author) / Zhao, Ziming (Thesis director) / Ahn, Gail-Joon (Committee member) / W. P. Carey School of Business (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
Node.js is an extremely popular development framework for web applications. The appeal of its event-driven, asynchronous flow and the convenience of JavaScript as its programming language have driven its rapid growth, and it is currently deployed by leading companies in retail, finance, and other important sectors. However, the tools currently available for Node.js developers to secure their applications against malicious attackers are notably scarce. While there has been a substantial amount of security tools created for web applications in many other languages such as PHP and Java, very little exists for Node.js applications. This could compromise private information belonging to companies such as PayPal and WalMart. We propose a tool to statically analyze Node.js web applications for five popular vulnerabilites: cross-site scripting, SQL injection, server-side request forgery, command injection, and code injection. We base our tool off of JSAI, a platform created to parse client-side JavaScript for security risks. JSAI is novel because of its configuration capabilities, which allow a user to choose between various analysis options at runtime in order to select the most thorough analysis with the least amount of processing time. We contribute to the development of our tool by rigorously analyzing and documenting vulnerable functions and objects in Node.js that are relevant to the vulnerabilities we have selected. We intend to use this documentation to build a robust Node.js static analysis tool and we hope that other developers will also incorporate this analysis into their Node.js security projects.
ContributorsWasserman, Jonathan Kanter (Author) / Doupe, Adam (Thesis director) / Ahn, Gail-Joon (Committee member) / Zhao, Ziming (Committee member) / School of Historical, Philosophical and Religious Studies (Contributor) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2017-05
Description
Smartphone privacy is a growing concern around the world; smartphone applications routinely take personal information from our phones and monetize it for their own profit. Worse, they're doing it legally. The Terms of Service allow companies to use this information to market, promote, and sell personal data. Most users seem to be either unaware of it, or unconcerned by it. This has negative implications for the future of privacy, particularly as the idea of smart home technology becomes a reality. If this is what privacy looks like now, with only one major type of smart device on the market, what will the future hold, when the smart home systems come into play. In order to examine this question, I investigated how much awareness/knowledge smartphone users of a specific demographic (millennials aged 18-25) knew about their smartphone's data and where it goes. I wanted three questions answered: - For what purposes do millennials use their smartphones? - What do they know about smartphone privacy and security? - How will this affect the future of privacy? To accomplish this, I gathered information using a distributed survey to millennials attending Arizona State University. Using statistical analysis, I exposed trends for this demographic, discovering that there isn't a lack of knowledge among millennials; most are aware that smartphone apps can collect and share data and many of the participants are not comfortable with the current state of smartphone privacy. However, more than half of the study participants indicated that they never read an app's Terms of Service. Due to the nature of the privacy vs. convenience argument, users will willingly agree to let apps take their personal in- formation, since they don't want to give up the convenience.
ContributorsJones, Scott Spenser (Author) / Atkinson, Robert (Thesis director) / Chavez-Echeagaray, Maria Elena (Committee member) / Computer Science and Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2016-12
Description
This thesis proposes hardware and software security enhancements to the robotic explorer of a capstone team, in collaboration with the NASA Psyche Mission Student Collaborations program. The NASA Psyche Mission, launching in 2022 and reaching the metallic asteroid of the same name in 2026, will explore from orbit what is hypothesized to be remnant core material of an early planet, potentially providing key insights to planet formation. Following this initial mission, it is possible there would be scientists and engineers interested in proposing a mission to land an explorer on the surface of Psyche to further document various properties of the asteroid. As a proposal for a second mission, an interdisciplinary engineering and science capstone team at Arizona State University designed and constructed a robotic explorer for the hypothesized surfaces of Psyche, capable of semi-autonomously navigating simulated surfaces to collect scientific data from onboard sensors. A critical component of this explorer is the command and data handling subsystem, and as such, the security of this system, though outside the scope of the capstone project, remains a crucial consideration. This thesis proposes the pairing of Trusted Platform Module (TPM) technology for increased hardware security and the implementation of SELinux (Security Enhanced Linux) for increased software security for Earth-based testing as well as space-ready missions.
ContributorsAnderson, Kelly Joanne (Author) / Bowman, Catherine (Thesis director) / Kozicki, Michael (Committee member) / Electrical Engineering Program (Contributor) / Barrett, The Honors College (Contributor)
Created2021-05