Biblio

Along with the development of the Windows operating system, browser applications to surf the internet are also growing rapidly. The most widely used browsers today are Google Chrome and Mozilla Firefox. Both browsers have a username and password management feature that makes users login to a website easily, but saving usernames and passwords in the browser is quite dangerous because the stored data can be hacked using brute force attacks or read through a program. One way to get a username and password in the browser is to use a program that can read Google Chrome and Mozilla Firefox login data from the computer's internal storage and then show those data. In this study, an attack will be carried out by implementing Rubber Ducky using BadUSB to run the ChromePass and PasswordFox program and the PowerShell script using the Arduino Pro Micro Leonardo device as a USB Password Stealer. The results obtained from this study are the username and password on Google Chrome and Mozilla Firefox successfully obtained when the USB is connected to the target device, the average time of the attack is 14 seconds then sending it to the author's email.

Data privacy is a very important problem to address while sharing data among multiple organizations and has become very crucial in the health sectors since multiple organizations such as hospitals are storing data of patients in the form of Electronic Health Records. Stored data is used with other organizations or research analysts to improve the health care of patients. However, the data records contain sensitive information such as age, sex, and date of birth of the patients. Revealing sensitive data can cause a privacy breach of the individuals. This has triggered research that has led to many different privacy preserving techniques being introduced. Thus, we designed a technique that not only encrypts / hides the sensitive information but also sends the data to different organizations securely. To encrypt sensitive data we use different fuzzy logic membership functions. We then use an autoencoder neural network to send the modified data. The output data of the autoencoder can then be used by different organizations for research analysis.

Currently, the guidelines for business entities to collect and use consumer information from online sources is guided by the Fair Information Practice Principles set forth by the Federal Trade Commission in the United States. These guidelines are inadequate, outdated, and provide little protection for consumers. Moreover, there are many techniques to anonymize the stored data that was collected by large companies and governments. However, what does not exist is a framework that is capable of evaluating and scoring the effects of this information in the event of a data breach. In this work, a framework for scoring and evaluating the vulnerability of private data is presented. This framework is created to be used in parallel with currently adopted frameworks that are used to score and evaluate other areas of deficiencies within the software, including CVSS and CWSS. It is dubbed the Privacy Assessment Vulnerability Scoring System (PAVSS) and quantifies the privacy-breach vulnerability an individual takes on when using an online platform. This framework is based on a set of hypotheses about user behavior, inherent properties of an online platform, and the usefulness of available data in performing a cyber attack. The weight each of these metrics has within our model is determined by surveying cybersecurity experts. Finally, we test the validity of our user-behavior based hypotheses, and indirectly our model by analyzing user posts from a large twitter data set.

In recent years, cloud computing has gained lots of importance and is being used in almost all applications in terms of various services. One of the most widely used service is storage as a service. Even though the stored data can be accessed from anytime and at any place, security of such data remains a prime concern of storage server as well as data owner. It may possible that the stored data can be altered or deleted. Therefore, it is essential to verify the correctness of data (auditing) and an agent termed as Third Party Auditor (TPA) can be utilised to do so. Existing auditing approaches have their own strengths and weakness. Hence, it is essential to propose auditing scheme which eliminates limitations of existing auditing mechanisms. Here we are proposing public auditing scheme which supports data dynamics as well as preserves privacy. Data owner, TPA, and cloud server are integral part of any auditing mechanism. Data in the form of various blocks are encoded, hashed, concatenated and then signature is calculated on it. This scheme also supports data dynamics in terms of addition, modification and deletion of data. TPA reads encoded data from cloud server and perform hashing, merging and signature calculation for checking correctness of data. In this paper, we have proposed efficient privacy preserving and dynamic public auditing by utilizing Merkle Hash Tree (MHT) for indexing of encoded data. It allows updating of data dynamically while preserving data integrity. It supports data dynamics operations like insert, modify and deletion. Several users can request for storage correctness simultaneously and it will be efficiently handled in the proposed scheme. It also minimizes the communication and computing cost. The proposed auditing scheme is experimented and results are evaluated considering various block size and file size parameters.