Matching Items (7)
Filtering by
- All Subjects: Smartphones
- Creators: Ahn, Gail-Joon
Description
This thesis addresses the ever increasing threat of botnets in the smartphone domain and focuses on the Android platform and the botnets using Online Social Networks (OSNs) as Command and Control (C&C;) medium. With any botnet, C&C; is one of the components on which the survival of botnet depends. Individual bots use the C&C; channel to receive commands and send the data. This thesis develops active host based approach for identifying the presence of bot based on the anomalies in the usage patterns of the user before and after the bot is installed on the user smartphone and alerting the user to the presence of the bot. A profile is constructed for each user based on the regular web usage patterns (achieved by intercepting the http(s) traffic) and implementing machine learning techniques to continuously learn the user's behavior and changes in the behavior and all the while looking for any anomalies in the user behavior above a threshold which will cause the user to be notified of the anomalous traffic. A prototype bot which uses OSN s as C&C; channel is constructed and used for testing. Users are given smartphones(Nexus 4 and Galaxy Nexus) running Application proxy which intercepts http(s) traffic and relay it to a server which uses the traffic and constructs the model for a particular user and look for any signs of anomalies. This approach lays the groundwork for the future host-based counter measures for smartphone botnets using OSN s as C&C; channel.
ContributorsKilari, Vishnu Teja (Author) / Xue, Guoliang (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Dasgupta, Partha (Committee member) / Arizona State University (Publisher)
Created2013
Description
Cyber threats are growing in number and sophistication making it important to continually study and improve all dimensions of digital forensics. Teamwork in forensic analysis has been overlooked in systems even though forensics relies on collaboration. Forensic analysis lacks a system that is flexible and available on different electronic devices which are being used and incorporated into everyday life. For instance, cellphones or tablets that are easy to bring on-the-go to sites where the first steps of forensic analysis is done. Due to the present day conversion to online accessibility, most electronic devices connect to the internet. Squeegee is a proof of concept that forensic analysis can be done on the web. The forensic analysis expansion to the web opens many doors to collaboration and accessibility.
ContributorsJuntiff, Samantha Maria (Author) / Ahn, Gail-Joon (Thesis director) / Kashiwagi, Jacob (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2015-05
Description
Over the past several years, the three major mobile platforms have seen
tremendous growth and success; as a result, the platforms have been the target
of many malicious attacks. These attacks often request certain permissions in
order to carry out the malicious activities, and uninformed users usually grant
them. One prevalent example of this type of malware is one that requests
permission to the device’s SMS service, and once obtained, uses the SMS
service to accrue charges to the user. This type of attack is one of the most
prevalent on the Android application marketplace, and requires a long-term
solution. Replication of an attack is necessary to fully understand efficient
prevention methods, and due to the open-source nature of Android development,
to determine the likely mechanics of the attack as feasible.
This study uses the Hacker News application, an open source application
that is available for download through GitHub as a basis for creating a malware
application to study the SMS attack and explore prevention methods. From the
results and knowledge gained from both research and experimentation, a
proposition for a more secure operating system architecture was defined to
prevent and mitigate various attacks on mobile systems with a focus on SMS
attacks.
tremendous growth and success; as a result, the platforms have been the target
of many malicious attacks. These attacks often request certain permissions in
order to carry out the malicious activities, and uninformed users usually grant
them. One prevalent example of this type of malware is one that requests
permission to the device’s SMS service, and once obtained, uses the SMS
service to accrue charges to the user. This type of attack is one of the most
prevalent on the Android application marketplace, and requires a long-term
solution. Replication of an attack is necessary to fully understand efficient
prevention methods, and due to the open-source nature of Android development,
to determine the likely mechanics of the attack as feasible.
This study uses the Hacker News application, an open source application
that is available for download through GitHub as a basis for creating a malware
application to study the SMS attack and explore prevention methods. From the
results and knowledge gained from both research and experimentation, a
proposition for a more secure operating system architecture was defined to
prevent and mitigate various attacks on mobile systems with a focus on SMS
attacks.
ContributorsRomo, James Tyler (Co-author) / Rezende, Bryan (Co-author) / Whitaker, Jeremy (Co-author) / Ahn, Gail-Joon (Thesis director) / Wilkerson, Kelly (Committee member) / Conquest, Kevin (Committee member) / Barrett, The Honors College (Contributor) / Computer Science and Engineering Program (Contributor)
Created2013-05
Description
Smartphones are pervasive nowadays. They are supported by mobile platforms that allow users to download and run feature-rich mobile applications (apps). While mobile apps help users conveniently process personal data on mobile devices, they also pose security and privacy threats and put user's data at risk. Even though modern mobile platforms such as Android have integrated security mechanisms to protect users, most mechanisms do not easily adapt to user's security requirements and rapidly evolving threats. They either fail to provide sufficient intelligence for a user to make informed security decisions, or require great sophistication to configure the mechanisms for enforcing security decisions. These limitations lead to a situation where users are disadvantageous against emerging malware on modern mobile platforms. To remedy this situation, I propose automated and systematic approaches to address three security management tasks: monitoring, assessment, and confinement of mobile apps. In particular, monitoring apps helps a user observe and record apps' runtime behaviors as controlled under security mechanisms. Automated assessment distills intelligence from the observed behaviors and the security configurations of security mechanisms. The distilled intelligence further fuels enhanced confinement mechanisms that flexibly and accurately shape apps' behaviors. To demonstrate the feasibility of my approaches, I design and implement a suite of proof-of-concept prototypes that support the three tasks respectively.
ContributorsJing, Yiming (Author) / Ahn, Gail-Joon (Thesis advisor) / Doupe, Adam (Committee member) / Huang, Dijiang (Committee member) / Zhang, Yanchao (Committee member) / Arizona State University (Publisher)
Created2015
Description
The widespread adoption of mobile devices gives rise to new opportunities and challenges for authentication mechanisms. Many traditional authentication mechanisms become unsuitable for smart devices. For example, while password is widely used on computers as user identity authentication, inputting password on small smartphone screen is error-prone and not convenient. In the meantime, there are emerging demands for new types of authentication. Proximity authentication is an example, which is not needed for computers but quite necessary for smart devices. These challenges motivate me to study and develop novel authentication mechanisms specific for smart devices.
In this dissertation, I am interested in the special authentication demands of smart devices and about to satisfy the demands. First, I study how the features of smart devices affect user identity authentications. For identity authentication domain, I aim to design a continuous, forge-resistant authentication mechanism that does not interrupt user-device interactions. I propose a mechanism that authenticates user identity based on the user's finger movement patterns. Next, I study a smart-device-specific authentication, proximity authentication, which authenticates whether two devices are in close proximity. For prox- imity authentication domain, I aim to design a user-friendly authentication mechanism that can defend against relay attacks. In addition, I restrict the authenticated distance to the scale of near field, i.e., a few centimeters. My first design utilizes a user's coherent two-finger movement on smart device screen to restrict the distance. To achieve a fully-automated system, I explore acoustic communications and propose a novel near field authentication system.
In this dissertation, I am interested in the special authentication demands of smart devices and about to satisfy the demands. First, I study how the features of smart devices affect user identity authentications. For identity authentication domain, I aim to design a continuous, forge-resistant authentication mechanism that does not interrupt user-device interactions. I propose a mechanism that authenticates user identity based on the user's finger movement patterns. Next, I study a smart-device-specific authentication, proximity authentication, which authenticates whether two devices are in close proximity. For prox- imity authentication domain, I aim to design a user-friendly authentication mechanism that can defend against relay attacks. In addition, I restrict the authenticated distance to the scale of near field, i.e., a few centimeters. My first design utilizes a user's coherent two-finger movement on smart device screen to restrict the distance. To achieve a fully-automated system, I explore acoustic communications and propose a novel near field authentication system.
ContributorsLi, Lingjun (Author) / Xue, Guoliang (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Ye, Jieping (Committee member) / Zhang, Yanchao (Committee member) / Arizona State University (Publisher)
Created2014
Description
On Android, existing security procedures require apps to request permissions for access to sensitive resources.
Only when the user approves the requested permissions will the app be installed.
However, permissions are an incomplete security mechanism.
In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone.
Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected.
Applications can potentially send or receive sensitive information from other applications without the required permissions by using intents.
In other words, applications can potentially collaborate in ways unforeseen by the user, even if the user understands the permissions of each app independently.
In this thesis, we present several graph-based approaches to address these issues.
We determine the permissions of an app and generate scores based on our assigned value of certain resources.
We analyze these scores overall, as well as in the context of the app's category as determined by Google Play.
We show that these scores can be used to identify overzealous apps, as well as apps that do not properly fit within their category.
We analyze potential interactions between different applications using intents, and identify several promiscuous apps with low permission scores, showing that permissions alone are not sufficient to evaluate the security risks of an app.
Our analyses can form the basis of a system to assist users in identifying apps that can potentially compromise user privacy.
Only when the user approves the requested permissions will the app be installed.
However, permissions are an incomplete security mechanism.
In addition to a user's limited understanding of permissions, the mechanism does not account for the possibility that different permissions used together have the ability to be more dangerous than any single permission alone.
Even if users did understand the nature of an app's requested permissions, this mechanism is still not enough to guarantee that a user's information is protected.
Applications can potentially send or receive sensitive information from other applications without the required permissions by using intents.
In other words, applications can potentially collaborate in ways unforeseen by the user, even if the user understands the permissions of each app independently.
In this thesis, we present several graph-based approaches to address these issues.
We determine the permissions of an app and generate scores based on our assigned value of certain resources.
We analyze these scores overall, as well as in the context of the app's category as determined by Google Play.
We show that these scores can be used to identify overzealous apps, as well as apps that do not properly fit within their category.
We analyze potential interactions between different applications using intents, and identify several promiscuous apps with low permission scores, showing that permissions alone are not sufficient to evaluate the security risks of an app.
Our analyses can form the basis of a system to assist users in identifying apps that can potentially compromise user privacy.
ContributorsGibson, Aaron (Author) / Bazzi, Rida (Thesis advisor) / Ahn, Gail-Joon (Committee member) / Walker, Erin (Committee member) / Arizona State University (Publisher)
Created2015
Description
ABSTRACT
Community colleges serve an important and pivotal role in society. Neighborhood community colleges attract local students and students who attend community colleges do so for reasons including convenience and cost savings of living near or at home, lower tuition, developmental education courses, vocational training, ESL courses for English Language Learners, and a myriad of student and college resources. Community college faculty and administration work hard to meet the needs of by providing vocational and university transfer programs.
This research study is about the proliferation of online learning and the community college’s struggle to offer online course and keep students enrolled. In an effort to keep up with new educational innovations such as learning online, community colleges offer and fill online courses. However, attrition in online courses is high. Educators continue to innovate and change in areas of course design and online teaching pedagogy, but online learning lacks the physical presence of teacher-student and student-to-student contact and connectedness to the class itself. This study investigates whether it is possible, and effective, for educators to include non-content related curriculum that tries to boost student connectedness to the class, reduce stress, and increase focus so students are more likely to stay enrolled or at least gain more self-efficacy.
I chose mindfulness and its myriad of benefits to incorporate into assignments to enhance the online learning experience and keep students enrolled and passing. This study used one class section of online ENG102 students in a small, urban community college. Within the online course students were introduced mindfulness through periodic opportunities to read about and participate in mindfulness activities.
Results indicate that students still withdrew or stopped participating in the course, even after just a couple weeks and with minimal opportunity to engage in the mindfulness exercises. Students who did stay enrolled and participated in the mindfulness exercises reported that mindfulness did relieve stress and increase focus in general and when approaching course work. Attrition remained high. The implications for online educators indicate that more than just mindfulness is needed to address the attrition problem in online courses.
Keywords: mindfulness, attrition, online learning
Community colleges serve an important and pivotal role in society. Neighborhood community colleges attract local students and students who attend community colleges do so for reasons including convenience and cost savings of living near or at home, lower tuition, developmental education courses, vocational training, ESL courses for English Language Learners, and a myriad of student and college resources. Community college faculty and administration work hard to meet the needs of by providing vocational and university transfer programs.
This research study is about the proliferation of online learning and the community college’s struggle to offer online course and keep students enrolled. In an effort to keep up with new educational innovations such as learning online, community colleges offer and fill online courses. However, attrition in online courses is high. Educators continue to innovate and change in areas of course design and online teaching pedagogy, but online learning lacks the physical presence of teacher-student and student-to-student contact and connectedness to the class itself. This study investigates whether it is possible, and effective, for educators to include non-content related curriculum that tries to boost student connectedness to the class, reduce stress, and increase focus so students are more likely to stay enrolled or at least gain more self-efficacy.
I chose mindfulness and its myriad of benefits to incorporate into assignments to enhance the online learning experience and keep students enrolled and passing. This study used one class section of online ENG102 students in a small, urban community college. Within the online course students were introduced mindfulness through periodic opportunities to read about and participate in mindfulness activities.
Results indicate that students still withdrew or stopped participating in the course, even after just a couple weeks and with minimal opportunity to engage in the mindfulness exercises. Students who did stay enrolled and participated in the mindfulness exercises reported that mindfulness did relieve stress and increase focus in general and when approaching course work. Attrition remained high. The implications for online educators indicate that more than just mindfulness is needed to address the attrition problem in online courses.
Keywords: mindfulness, attrition, online learning
ContributorsRomirowsky, Kelly (Author) / Hermanns, Carl (Thesis advisor) / Archambault, Leanna (Committee member) / Lindsey, LeeAnn (Committee member) / Arizona State University (Publisher)
Created2018