Category: Student Projects

To: Prof. Ellis

From: Ali Hossain

Date: 02/20/21

Subject: 500-Word Summary of Article About Security in social networking services

“Security in social networking services: A value focused thinking exploration in understanding user’s privacy and security concerns” is an article by Barrett-Maitland, Nadine, Barclay, Corlane published in 2016 identifies various prominent themes in need of more research in the continuous growth of social networking service and cybercrime management. Although most people are pursuing the short-term solution, the author takes a different approach to redefine the concept of social network protection where the privacy and security interests of the consumer play a vital role in the creation of a sustainable social network. Social networking is a set of rules and configurations designed to preserve the integrity, confidentiality and usability of all software and hardware technologies for computer networks and data. Any enterprise, regardless of size, sector or infrastructure, needs a degree of network protection solutions in place to protect it from the ever-growing environment of cyber threats in the wild today. In other words, the author aims to make it clear to individuals that network protection is the safeguard against hacking, misuse, and unauthorized system modification of access to files and directories on a computer network. It is a degree of confidence that all machines in a network operate optimally and that the users of these machines retain only the rights given to them. Considering the economic and moral components of an equation, the authors conclude that with the growth of wide open networks, security risks have increased dramatically in the past 20 years. Hackers have discovered more network vulnerabilities, and since you can now download apps that require little to no hacking knowledge to be introduced, apps designed to troubleshoot and maintain and optimize networks can be maliciously used in the wrong hands. The author walks an extra mile to explain how the safety and dignity of the social networking system, security controls, corporate social responsibility and personal obligations are central to optimizing the security and privacy of users by evaluating various networking systems. Security protection for networks is different for different types of situations. A home or small office may only require basic security, whereas large organizations may need high-maintenance and specialized software and hardware to prevent hacking and spamming from malicious attacks. Corporations also use software to conduct network security verifications to reduce vulnerability to malicious attacks from external network threats to the network. To prevent seeing ones organization in an irreversible damage position, it is vital to analyze ones network thoroughly and ensure it is free from security breaches. Three different controls usually consist of network

security: physical, technological and administrative. Physical protection measures are designed to discourage unauthorized personnel from getting physical access to network components such as routers, cabling cupboards, etc. Managed access, such as locks, biometric authentication and other devices, is essential in every organization. Data stored on the network or in transit through, into, or out of the network is covered by technical security controls. Safety is twofold: it must protect data and systems from unauthorized workers, and it must also protect staff from malicious activities. Security policies and procedures that regulate user actions consist of administrative security measures, including how users are authenticated, their access level, and even how IT staff members make adjustments to the infrastructure.

References:

Barrett-maitland, Nadine, Barclay, Corlane, (2016), Security in social networking services, Digital object identifier.

To Professor ELLIS

From Mohammad Amin

Date 03/03/2021

Subject: 500-word summary of Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms

Following 500-word summary article about IoT, IoT was created in 1999 and was officially launched in 2005 by the International Telecommunication Union, it was coined by Kevin Ashton. It has physical characteristics and virtual representation. The main idea of IoT is to convert miniature devices into smart objects and make them dynamic, it represents the parent class and enables intelligent communication with the information network. last few years, the concept of IoT has been applied in greenhouse monitoring, smart electric meter reading, telemedicine monitoring as well as intelligent transportation. With 5G network, IoT will make the online worlds much stronger but the biggest threat is to protect privacy. With 5G network, IoT will make the online worlds much stronger but the biggest threat is to protect privacy. The main goal of this study is to analyze the defense against IoT related challenge. Potential solutions to the security threats of IOT and review method to gain insight on the practical implication of security in the IoT. Patient data and staff can be monitored automatically using Iot technology. Many applications of Iot are used in smart cities. Protecting privacy is an important issue in digital environment but there is a risk of individual breaches of each device in the IoT network. In order to protect the authenticity of the information, only authorized users need to exchange information. The main goal of Iot is to provide accurate data to the user. IoT information must have protected so that no one can steal, delete or edit anything. Nonrepudiation is related to authentication of a legit party in getting access to the promised service. 

CYBER-ATTACKS ON IoT APPLICATIONS:

Sinkhole Attack creates the network traffic and collapses the network communication. Sinkhole attack creates counterfeit notes and sends route requests to neighboring notes.

Wormhole attack is an internal attack that make it very difficult to identify the attack as a result of unchanged network activity.

In a selective forwarding attack, a compromised node refuses to forward some of the packets in its outstanding buffer, such as control information or data packets in order to cut off the packet’s propagation.

Sybil Attack can create wrong reports, increase traffic load with spam and loss of privacy

Hello Flood Attack, usually within the range of the receiver’s device and can transmit to the receiver when it is incorrect. 

SET OF SECURITY REQUIREMENTS:

‘Internet of Things’ A study titled IoT has presented a secure model of how data can be kept secure. The technology used in the network in this study emphasizes the need for a legal framework in accordance with international standards. Zhuo and Chao security system was disrupted there. According to the author, “a security model for IOT in a study titled ‘‘Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT)’’. The author briefly discusses about the security and privacy concerns in IoT in this article” (Babar et al.,2018, p.11025) They are added encryption methods, communication medium security, use of cryptography and protection of sensor/control data for tackling the Major security and privacy.Internet security issues presented a paper entitled certification approach. Abomhara and Koien 

Author discusses IoT and provides future direction for tackling current and future privacy initiatives. IoT will connect billion of devices, these have achieved the requirement for protection. Overall, this study discusses in detail the security threats to the IoT environment and solutions.

Reference: 

T. A. Ahanger and A. Aljumah, “Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms,” in IEEE Access, vol. 7, pp. 11020-11028, 2019, doi: 10.1109/ACCESS.2018.2876939.

To: Prof. Ellis

From: Mateo Avila

Date: 3/3/2021

Subject: 500-Word summary of “Study on Security and Prevention Strategies of Computer Network”

Computer network is expanding in every aspect of people’s lives; therefore, vulnerabilities and privacy are the main concerns. In order to tackle these problems, more research in specific areas is being conducted. Areas such as network management, firewall, encryption, etc. Computer network security refers to the controls on how to protect privacy, integrity, and availability. There are two types of securities which are physical and logical security. Depending upon the individual and organizations, the privacy and data can mean different things. Some just want pure security privacy, others protection. To make plans against different threats/disasters in order to continue with the network communication. Additionally, network security consists of hardware and software that protects data and addresses technical and management issues. Threats include inside people, which are internal threats, employees who leak information intentionally or unintentionally, reconfigure the network, alter or steal data, and more examples of inside threats and destruction. There is also unauthorized user with unauthorized access, such as hackers and/or users navigating unauthorized ways of getting resources. Attacks on integrity which includes manipulating data, denying access to basic operations to users and providing wrong information to end users. Attackers find ways to intercept data such as frequency, length, parameters in order to obtain valuable information which is hard to detect. Attackers can also pretend to be network control, leaders, and other entities so they can access data, use unlimited resources, denial of actual users and obtain and modify key information, passwords, etc. Attackers destroy access to user such as not letting them use daily resources nor operations. Attackers can also repeat itself meaning obtain information and sent it as many times as they want whenever they want. Other kinds of threats are computer virus, network errors, disaster, etc. There are technical protections such as firewalls, constant virus analysis, monitoring, scanning, etc. Technical level includes department of network administrators, technicians and trained users in order to maintain a system of security. In which there will be detecting virus and backing up data on time. There is network access control which is especially important because it ensures for granting access to authorized users. Backup data and recovery is important due to how administrators obtain data after an accident by using different strategies. There is application code technology which is one of the main components of information security. It provides integrity with passwords, encryptions, signatures, and different types of keys. Use antivirus programs and do not download unknown content. Research up to date and better high security operating system in order a safer environment and high performance and do not give a virus any chance. Computer network depends on network protections, security technology, implementations, measurements, laws, and regulation in order to obtain an effective security. To prevent/resists computer’s users from virus, crimes, and hackers. “Users need to be educated and be aware of safety and management institution with continues improvement on technology and laws. According to the author “Never-ending education to users and staff such as code, computer safety principles and to obey rules and regulations to maintain a safe and reliable working environment” (Lin, 2012). Finally, there should be different types of rooms dedicated to different aspects of computer security countermeasures.

Reference

Li, F. (2012). Study on Security and Prevention Strategies of Computer Network. International Conference on Computer Science and Information Processing (CSIP), 645-647. https://ieeexplore-ieee-org.citytech.ezproxy.cuny.edu/document/6308936

TO:      Prof. Ellis

FROM:  Chowdhury A Hashmee

DATE:   03/03/2021

SUBJECT: 500-Word Summary of “Mobile Applications for Business”

This memo is a 500-word summary of the article, “Mobile Applications for Business” by N. Angelova a researcher at Trakia University, faculty of Economics, Stara Zagora, Bulgaria. In this article the author describes the importance of mobile applications in business communication and the operating systems, mobile technologies and features that are being used daily. Over the past decades, the rapid growth of mobile technology has made mobile phones more available to the average user, including more messaging services, listening to music, playing sports, taking photographs and all kinds of entertainment. According to the author “Mobile can be describe as a part of technology that involves mobility”. (Angelova., 2019, p. 854). Using network infrastructures, protocols, and portable devices used for cellular communication, mobile technology enables users to flexibly perform different tasks in terms of time and place. Several smartphone operating systems, such as Android, iPhone OS / iOS, Samsung, BlackBerry, Windows, are primarily used on the market today. According to market surveys worldwide, the main leader of mobile operating systems is Android OS that is installed on most smartphones, while iOS market share is concentrated in countries that mainly produce and sell devices that support this OS. (Angelova, 2019, p. 853). Some of the most development countries that uses iOS are, US – 55.07%, UK – 49.81%, China – 24.1%, Japan – 71.9%, Germany – 28.38%, Russia – 26.6% etc. (Angelova, 2019, p. 854). Some  of the developed countries that uses Android OS are, US – 44.61%, UK – 49.42%, China – 74.6%, Japan – 27.81%, Germany – 70.61%, Russia – 72.32% etc. Mobile communications such as 1G, the first generation uses analogue voice-only relationship. The second generation 2G standard is Global Service for mobile communication(GSM), started in 1991 and the transfer rate was 906 kbit/s. The third generation 3G mobile communications started in 2002 which includes 3 standards – UMTS, WCDMA and CDMA2000 and provides speeds from 384 kbit/s to 2.4 Mbit/s. The fourth generation of mobile technologies 4G is a set of standards for broadband Internet access. Gigabit speeds above the current speeds would be enabled by the new standard 5G. Moreover, for several milliseconds, a minimum ping will be preserved. Depending on the mobile OS, mobile apps are created for a particular OS and can be downloaded from a special location. Some of the popular app stores are, Android – Google play, iOS – App Store, Windows 10 – Microsoft Store etc. Businesses needs mobile applications to create a direct marketing channel, build a brand for recognitions, Improving customer engagement etc. According to the article the most popular recommended mobile apps for businesses in google play and app stores are, scanning tools (Clear scan, Genius Scan), Office suits (OfficeSuite, Documents), Job Search or Hiring ( Glassdoor, LinkedIn) Employee Scheduling (Hours tracker, Paylocity Mobile), Video conferencing tools ( Hangout, Zoom), Planning (AWS events, Trello), Automated expense management (Invoice maker, Expensify) etc. To conclude, Mobile devices are an integral part of our lives and it seems like everything we possess is inside them behind the screen. It has no longer been the only mean for connecting and talking with people who are far away from us. It is our personal assistant.

Reference

Angelova, N. (2019). Mobile Applications for Business. EBSCO Connect Trakia Journal of Sciences, 17(1), 853–859. https://doi-org/10.15547/tjs.2019.s.01.140

TO:      Prof. Ellis

FROM:    Kiara Candelario

DATE:    3/03/2021

SUBJECT: 500-Word Summary of Article About Comparing Non-Relational and Relational Databases.

The following is a 500-word summary of a peer-reviewed article about testing and comparing MongoDB and MySQL using IoT data on a virtual machine. The Internet of things is a system that consists of sensing, and collecting data, and it’s becoming a large aspect in many industries. According to the author, ” using IoT technology generates a large amount of heterogeneous data like texts, numbers, audio, videos, and pictures. These types of data need to be transferred, processed and stored” (Eyada et al., 2020, p. 110656). IoT data comes from different sources, and a database management system can assist with storing the amount of data that IoT creates. Relational DBMS’s use SQL,which is a popular system, but IoT data is heterogeneous, and it can negatively affect the database’s performance. NoSQL database, also known as a non-relational database, is the best option for IoT data due to storing unstructured data and is schema-free. NoSQL also has high scalability and availability. Cloud computing can deal with large amounts of data, and databases use cloud computing to improve consistency, availability, and tolerance.

MySQL is a relational database system that uses SQL to store data in tables and needs a pre-defined schema. Any change to the schema can hinder the performance and takes the database offline. MongoDB is a non-relational database system that is document-oriented, and it stores data as BSON objects. It has quick query access, and a structure does not need to be declared. MongoDB has different features that provide better performance based on long-term storage of large amounts of data and flexibility to work. The current experiment will solve the previous limitations that the other experiments had by enhancing both databases and not limiting the number of sensor nodes.

MongoDB and MySQL will store the IoT information, and it is base on the data collected from air pollution indoors and outdoors. In the MySQL database setup, two tables are created named station_location and town_name, which manage the station’s location and the sensor nodes. In the MongoDB Database Setup, two collections are made, where the first collection saves every station’s location. The second collection is the sensor table for all the sensors in the station. Node.JS is the server language that is used to process the collected data. Ubuntu 16. 04 LTS is the operating system installed on the virtual machine to setup MongoDB, MySQL, and Node.JS. Amazon Web Service’s Elastic Compute Cloud is the virtual machine that is used to establish the environment.

The experiment was conducted based on increasing the workload of each database latency, database size, and the number of sensor nodes. The impact of increasing the workload resulted in a latency decrease in the MongoDB database compared to the MySQL database. The impact of increasing the workload on database sizes demonstrates that MySQL outperforms MongoDB. Lastly, increasing the number of sensor nodes that connect to each station resulted in MongoDB outperforming MySQL significantly. The results demonstrate that MongoDB outperforms MySQL due to MySQL performance loss when increasing the workload.

Reference:

M. M. Eyada, W. Saber, M. M. El Genidy and F. Amer, “Performance Evaluation of IoT Data Management Using MongoDB Versus MySQL Databases in Different Cloud Environments,” in IEEE Access, vol. 8, pp. 110656-110668, 2020, doi: 10.1109/ACCESS.2020.3002164.

To: Professor Ellis

From: Foysal Ahmed

Date:03-03-21

Subject: 500 word summary of an article about “Cyber Security.”

The following is a 500 word summary of a peer-reviewed article about quantifying the significance and relevance of cyber-security text through textual similarity and a cyber-security knowledge graph. Presenting various opportunities to socialize and business in general, these opportunities also bring different kinds of risks such as cyber-attacks, data breaches, loss of intellectual properties, financial fraud, etc. The idea of sharing threat information stems from the assumption that an adversary that attacks a specific target is also likely to attack similar targets in the near future. From the paper, we can know about quantifying the significance and relevance of the threat information applying different methods, such as the Entity Recognition (NER) model and the Cyber-security Knowledge Graph (CKG), the subjective relevance of the cyber-security text to the user, and to generate correlation features. This paper also shows that to mitigate cyber-security risks proactively, security analysts continuously monitor sources of threat information. 

“While information-sharing platforms have grown in popularity, the amount of shared threat information has grown tremendously, overwhelming human analysts and undermining the efforts to share threat information.” (2)

Even though there are approaches that automatically share information between machines through structured information sharing such as Structured Threat Information Expression (STIX) and its corresponding protocol, Trusted Automated Exchange of Intelligence Information (TAXII), the need to process unstructured text reports that might be shared via email or forums still exists. For example, dark-web forums provide valuable threat information if the noise can be segregated with less effort. Also, to establish situational awareness, a security analyst has to identify cyber threat-related information specifically applicable to his environment to monitor and prevent the possible intrusion proactively and control the possible risk. To ensure those all, the research first shows why they are so willing to research on this topic; then they find the problems out to be solved and show the existing methods that could not solve the problem. They proposed their solution and then tried to prove why that solution is significantly more important than the existing ones.

Finally, it is shown that due to the constraints such as a probable lack of identifiable cyber-security named entity in test data and the uncertainty of identified Mentioned Entities to exist in CKG, the effectiveness of the proposed architecture could not be proven directly on the raw test documents; however, by simulating the controlled environment by manipulating the test document achieved a classification accuracy of 88% using the logistic regression classifier. Since it is impossible to expect the controlled environment in a real-life situation, the experiment must be improved to reconcile the simulated dataset with real-life data. We believe by improving the NER performance and extending the scope of CKG, the experiment would come closer to producing production-grade results.

Cyber protection, as we all know, is the process of shielding computers, routers, handheld devices, electronic infrastructure, networks, and documents from malicious attacks, and It is also known as information technology security or electronic information security. As the term applies in various contexts, from business to mobile computing, and can be divided into a few common categories, research on this kind of topic is a crying need for the overall development of all.

References

Received September 9, 2020, accepted September 21, 2020, date of publication September 28, 2020, date of current version October 8, 2020. Digital Object    Identifier 10.1109/ACCESS.2020.3027321. 

Resource center. (n.d.). Retrieved March 02, 2021, from https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security.

TO: Prof. Ellis 

FROM: Jennifer Martinez

DATE: 03/03/2021

SUBJECT: 500- Word Summary of Article About the Adoption of a Secure Software Development Methodology.

The following is a 500-word summary of a peer-reviewed article about adopting a Secure Software Development Methodology to Secure Engineering Designs. The authors discuss an approach of how to implement security in the Engineering design through the normal Systems Development Life Cycle (SDLC) by first creating a baseline on the students’ knowledge on security and then they designed a guideline to help students implement the Security software development methodology (SecSDM) into their projects. According to the authors, “Traditionally the information technology (IT) professionals were considered…responsible for cybersecurity,…However, as engineering and control systems became more integrated with the IT infrastructure, securing these systems cannot remain the sole responsibility of IT professionals” (Von Solms & Futcher, 2020, p. 125630). Therefore it would be ideal for engineers to learn how to protect their designs. First, the authors created an analysis to determine how much knowledge engineering students had on software security. The Capstone is a final year project used for the analysis and consisted of focusing specifically on hardware, software design, and testing. The results illustrated the dissociation the engineer students had between software and security due to it not being a requirement. A survey was given to the students after the project to determine if they understood the terminology and implementation of security. The survey confirmed that students understood the importance of security but lack the knowledge and training. Following the baseline, the authors design a guideline for the students to secure their projects by integrating security into the system development life cycle (SDLC) through the SecSDM. First, in the exploration phase, the engineer must explore the technology readiness, conduct a risk analysis, and follow the SecSDM suggestion to define the security requirements by the ISO/IEC TR. Based on the pre-evaluation, the engineer must then recommend possible solutions, define the systems requirements and products specification, as well as follow the SecSDM suggestion to identify the security services that satisfied the requirements. The goal of the design and development phase for engineers is not only to design the system architecture and allocate systems requirements to subsystems but to map the security to the specific security mechanisms, as well as follow the SecSDM recommendation to use the “ISO 7498-2 standard’s security mechanisms” (Von Solms & Futcher, 2020, p. 125635). In the production and implementation phase involves the construction of subsystems, systems integration, and testing, as well as the engineer, should use the appropriate security controls based on the SecSDM recommendations. During the utilization and support phase, the engineer is responsible for the product to operate based on the user’s need plus is responsible for the continuous monitoring of the software and firmware to ensure that the product is secure and used correctly. Finally, the SecSDM doesn’t have specific requirements for the retirement phase other than the engineer must teach the user how to dispose of the data and product properly. Although this paper motivated various people to write proposals on the integration of secure software practices into engineering design, there’s still no practical approach on how to do so.

Reference 

Von Solms, S., & Futcher, L.A., (2020). Adaption of a secure software development methodology for secure engineering design. IEEE Access, 8, 125630-125637. https://doi.org/10.1109/ACCESS.2020.3007355