Saudi Cultural Missions Theses & Dissertations
Permanent URI for this communityhttps://drepo.sdl.edu.sa/handle/20.500.14154/10
Browse
16 results
Search Results
Item Restricted AI-Driven Approaches for Privacy Compliance: Enhancing Adherence to Privacy Regulations(Univeristy of Warwick, 2024-02) Alamri, Hamad; Maple, CarstenThis thesis investigates and explores some inherent limitations within the current privacy policy landscape, provides recommendations, and proposes potential solutions to address these issues. The first contribution of this thesis is a comprehensive study that addresses a significant gap in the literature. This study provides a detailed overview of the current landscape of privacy policies, covering both their limitations and proposed solutions, with the aim of identifying the most practical and applicable approaches for researchers in the field. Second, the thesis tackles the challenge of privacy policy accessibility in app stores by introducing the App Privacy Policy Extractor (APPE) system. The APPE pipeline consists of various components, each developed to perform a specific task and provide insightful information about the apps' privacy policies. By analysing over two million apps in the iOS App Store, APPE offers unprecedented and comprehensive store-wide insights into policy distribution and can act as a mechanism for enforcing privacy policy requirements in app stores automatically. Third, the thesis investigates the issue of privacy policy complexity. By establishing generalisability across app categories and drawing attention to associated matters of time and cost, the study demonstrates that the current situation requires immediate and effective solutions. It suggests several recommendations and potential solutions. Finally, to enhance user engagement with privacy policies, a novel framework utilising a cost-effective unsupervised approach, based on the latest AI innovations, has been developed. The comparison of the findings of this study with state-of-the-art methods suggests that this approach can produce outcomes that are on par with those of human experts, or even surpass them, yet in a more efficient and automated manner.21 0Item Restricted Verification of Smart Contracts using the Interactive Theorem Prover Agda(Swansea University, 2024-07-25) Alhabardi, Fahad; Setzer, AntonThe goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).7 0Item Restricted Verification of Smart Contracts using the Interactive Theorem Prover Agda(Swansea University, 2024-07-25) Alhabardi, Fahad Faleh; Setzer, AntonThe goal of this thesis is to verify smart contracts in Blockchain. In particular, we focus on smart contracts in Bitcoin and Solidity. In order to specify the correctness of smart contracts, we use weakest preconditions. For this, we develop a model of smart contracts in the interactive theorem prover and dependent type programming language Agda and prove the correctness of smart contracts in it. In the context of Bitcoin, our verification of Bitcoin scripts consists of non-conditional and conditional scripts. For Solidity, we refer to programs using object- oriented features of Solidity, such as calling of other contracts, full recursion, and the use of gas in order to guarantee termination while having a Turing-complete language. We have developed a simulator for Solidity-style smart contracts. As a main example, we executed a reentrancy attack in our model. We have verified smart contracts in Bitcoin and Solidity using weakest precondition in Agda. Furthermore, Agda, combined with the fact that it is a theorem prover and programming language, allows the writing of verified programs, where the verification takes place in the same language in which the program is written, avoiding the problem of translation from one language to another (with possible translation mistakes).11 0Item Restricted CROSS-CULTURAL UNDERSTANDING OF HOW PEOPLE USE SECURE GROUP CHAT TOOLS IN THE UNITED KINGDOM AND SAUDI ARABIA(King’s College London, 2023-08-15) Alrabeah, Ghada; Abu-Salma, RubaGroup communication tools have gained widespread popularity, attracting over a billion users. However, questions arise, how closely are our messages being watched by external parties? Is end-to-end encryption implemented by the application? Many group communication tools either do not offer enough security features to protect their users or make it challenging for them to understand and use these features. This research discusses how users perceive and use secure group communication tools, focusing on users in the United Kingdom and Saudi Arabia. A mixed-methods approach involving interviews with 20 participants and a survey with 204 respondents was conducted. The study reveals key factors driving users' choices, their understanding of security and privacy, their willingness to adopt or not adopt secure group communication tools, and cultural differences. The findings underline the priority factors like popularity, usability, and being free, as influential in tool selection. Users express willingness to use secure tools, yet gaps arise between intention and practice, attributed to misconceptions, motivation, and trust concerns. Privacy practices vary between cultures, with Saudi participants showing more caution. On the other hand, the UK displays higher trust levels in communication tools compared to Saudi Arabia. These cultural influences shape communication priorities, with Saudis leaning toward group communication and the UK prioritizing individual communications. Despite these differences, the study suggests the potential for universally secure applications catering to diverse user needs. The study offers recommendations for tool design that help improve the adoption of secure group communication.5 0Item Restricted Testing Privacy and Security of Voice Interface Applications in the IoT Era(Temple University, 2024-04-04) Shafei, Hassan Ali; Tan, Chiu C.Voice User Interfaces (VUI) are rapidly gaining popularity, revolutionizing user interaction with technology through the widespread adoption in devices such as desktop computers, smartphones, and smart home assistants, thanks to significant advancements in voice recognition and processing technologies. Over a hundred million users now utilize these devices daily, and smart home assistants have been sold in massive numbers, owing to their ease and convenience in controlling a diverse range of smart devices within the home IoT environment through the power of voice, such as controlling lights, heating systems, and setting timers and alarms. VUI enables users to interact with IoT technology and issue a wide range of commands across various services using their voice, bypassing traditional input methods like keyboards or touchscreens. With ease, users can inquire in natural language about the weather, stock market, and online shopping and access various other types of general information. However, as VUI becomes more integrated into our daily lives, it brings to the forefront issues related to security, privacy, and usability. Concerns such as the unauthorized collection of user data, the potential for recording private conversations, and challenges in accurately recognizing and executing commands across diverse accents, leading to misinterpretations and unintended actions, underscore the need for more robust methods to test and evaluate VUI services. In this dissertation, we delve into voice interface testing, evaluation for privacy and security associated with VUI applications, assessment of the proficiency of VUI in handling diverse accents, and investigation into access control in multi-user environments. We first study the privacy violations of the VUI ecosystem. We introduced the definition of the VUI ecosystem, where users must connect the voice apps to corresponding services and mobile apps to function properly. The ecosystem can also involve multiple voice apps developed by the same third-party developers. We explore the prevalence of voice apps with corresponding services in the VUI ecosystem, assessing the landscape of privacy compliance among Alexa voice apps and their companion services. We developed a testing framework for this ecosystem. We present the first study conducted on the Alexa ecosystem, specifically focusing on voice apps with account linking. Our designed framework analyzes both the privacy policies of these voice apps and their companion services or the privacy policies of multiple voice apps published by the same developers. Using machine learning techniques, the framework automatically extracts data types related to data collection and sharing from these privacy policies, allowing for a comprehensive comparison. Next, researchers studied the voice apps' behavior to conduct privacy violation assessments. An interaction approach with voice apps is needed to extract the behavior where pre-defined utterances are input into the simulator to simulate user interaction. The set of pre-defined utterances is extracted from the skill's web page on the skill store. However, the accuracy of the testing analysis depends on the quality of the extracted utterances. An utterance or interaction that was not captured by the extraction process will not be detected, leading to inaccurate privacy assessment. Therefore, we revisited the utterance extraction techniques used by prior works to study the skill's behavior for privacy violations. We focused on analyzing the effectiveness and limitations of existing utterance extraction techniques. We proposed a new technique that improved prior work extraction techniques by utilizing the union of these techniques and human interaction. Our proposed technique makes use of a small set of human interactions to record all missing utterances, then expands that to test a more extensive set of voice apps. We also conducted testing on VUI with various accents to study by designing a testing framework that can evaluate VUI on different accents to assess how well VUI implemented in smart speakers caters to a diverse population. Recruiting individuals with different accents and instructing them to interact with the smart speaker while adhering to specific scripts is difficult. Thus, we proposed a framework known as AudioAcc, which facilitates evaluating VUI performance across diverse accents using YouTube videos. Our framework uses a filtering algorithm to ensure that the extracted spoken words used in constructing these composite commands closely resemble natural speech patterns. Our framework is scalable; we conducted an extensive examination of the VUI performance across a wide range of accents, encompassing both professional and amateur speakers. Additionally, we introduced a new metric called Consistency of Results (COR) to complement the standard Word Error Rate (WER) metric employed for assessing ASR systems. This metric enables developers to investigate and rewrite skill code based on the consistency of results, enhancing overall WER performance. Moreover, we looked into a special case related to the access control of VUI in multi-user environments. We proposed a framework for automated testing to explore the access control weaknesses to determine whether the accessible data is of consequence. We used the framework to assess the effectiveness of voice access control mechanisms within multi-user environments. Thus, we show that the convenience of using voice systems poses privacy risks as the user's sensitive data becomes accessible. We identify two significant flaws within the access control mechanisms proposed by the voice system, which can exploit the user's private data. These findings underscore the need for enhanced privacy safeguards and improved access control systems within online shopping. We also offer recommendations to mitigate risks associated with unauthorized access, shedding light on securing the user's private data within the voice systems.29 0Item Restricted Security Countermeasures for Topology and Flooding Attacks in Low Power and Lossy Networks(University of Bristol, 2023-10-06) Algahtani, Fahad Mohammed F; Oikonomou, GeorgeInternet of Things have become an integral part in many industries such as health- care, home automation, automobile, and agriculture. Many applications of IoT use networks of unattended micro battery-operated devices with limited compu- tational power and unreliable communication systems. Such networks are called Low-Power and Lossy Network (LLN) which is based on a stack of protocols de- signed to prolong the life of an application by conserving battery power and mem- ory usage. Most commonly used routing protocol is the IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). RPL suffers from vulnerabilities related to routing paths formation, network maintenance, and response to some of its control messages. Specifically, compro- mised nodes can advertise falsified routing information to form sub-optimised paths or trigger network reformations. Furthermore, they can flood a network with join- ing requests to trigger a massive number of replies. No standardised RPL solutions provide the security against such attacks. Moreover, existing literature works are mostly based on using monitoring architectures, public key infrastructure (PKI), or a blacklisting approach. Any monitoring devices must be physically secured and utilising only secure communications which is not easily scaleable. Using PKI in LLNs is still a challenge as certificates management is unsuitable for LLN devices. Blacklisting nodes using their advertise addresses is clearly vulnerable to identity spoofing. Moreover, attacks described in few sentences could miss details which transforms any discussion on impact analysis to be subject to interpretation. Therefore, the aim of this dissertation is to first implement attacks using a developed framework to launch multiple attacks simultaneously on different nodes during specified times. Second, to analyse the strategies of an adversary when launching the aforementioned attacks. Then, the impact of the instigated attacks in each strategy is analysed to establish a baseline for countermeasures evaluation. Finally, security countermeasures for the aforementioned attacks are proposed as well as their performances are evaluated. In countering the attack responsible for forming sub-optimised routing paths, preloading a minimum relative location in each node has filtered out any future attempts to accept false routing metrics. As for the attack causing unnecessary net- work reformations, nodes will only accept cryptographically authenticated routing information to trigger future network rebuilds. Lastly, any faster interarriving join- ing requests will be evaluated against thresholds with hysteresis to adjust RPL’s response to potential floods.28 0Item Restricted LIGHTWEIGHT MUTUAL AUTHENTICATION PROTOCOLS FOR IOT SYSTEMS(University of Maryland Baltimore County, 2024) Alkanhal, Mona; Younis, MohamedThe Internet of Things (IoT) refers to the large-scale internetworking of diverse devices, many of them with very limited computational resources. Given the ad-hoc formation of the network and dynamic membership of nodes, device authentication is critical to prevent malicious devices from joining the network and impersonating legitimate nodes. The most popular authentication strategy in the literature is to pursue asymmetric cryptography. Such a solution is costly in terms of computing resources and power consumption and thus is not suitable for IoT devices which are often resource constrained. Moreover, due to the autonomous nature of the IoT nodes, relying on an intermediary server to manage the authentication process induces overhead and consequently decreases the network efficacy. Thus, the authentication process should be geared for nodes that operate autonomously. This dissertation opts to fulfill the aforementioned requirements by developing a library of lightweight authentication protocols that caterers for variant IoT applications. We consider a hardware-based security primitive, namely Physical Unclonable Functions (PUFs). A PUF benefits from the random and uncontrollable variations experienced during the manufacturing of integrated circuits in constructing a device signature that uniquely maps input bits, referred to as challenge, into an output bit(s) that reflects the PUF response. A fundamental issue with distributed authentication using PUFs is that the challenge-response exchange is among IoT nodes rather than the secure server and hence becomes subject to increased vulnerability to attacks. Particularly, eavesdroppers could intercept the inter-node interactions to collect sufficient challenge-response pairs (CRPs) for modeling the underlying PUF using machine learning (ML) techniques. Obfuscating the challenge and response through encryption is not practical since it requires network-wide management of secret keys and diminishes the advantages of PUFs. The dissertation tackles the aforementioned challenges. We first develop a novel authentication mechanism that is based on the incorporation of a PUF in each device. Our mechanism enables the challenge bit string intended by a verifier δy to be inferred by a prover δx rather than being explicitly sent. The proposed mechanism also obfuscates the shared information to safeguard it from eavesdroppers who strive to model the underlying PUF using machine learning techniques. Secondly, we further combine the advantage of PUFs, and the agility and configurability of physical-layer communication mechanisms, specifically the Multi-Input Multi Output (MIMO) method. We devise a protocol that utilizes an innovative method to counter attackers who might intercept the communication between δy and δx and uncover a set of CRPs to model δx’s PUF. Our protocol encodes the challenge bit using MIMO antennas array in a manner that is controlled by the verifier and that varies overtime. Additionally, we derive a two-factors authentication protocol by associating a Radio Frequency (RF) fingerprint with PUF. Such a unique combination obviates the need for traditional identification methods that rely on key storage for authentication. This identification mechanism enables the protocol to obfuscate the PUF response, circumventing the need for the incorporation of cryptographic primitives. Since both the PUF and the RF-fingerprint are based on unintended variations caused by manufacturing, we aim to increase robustness and mitigate the potential effect of noise by applying the fuzzy extractor. Such a protocol does not retain CRPs of a node during the enrollment phase, nor does it incorporate a cryptosystem. All the aforementioned techniques enable mutual authentication of two devices without the involvement of a trusted third party. The experimental results demonstrate the efficacy of the proposed protocols against modeling attacks and impersonation attempts.15 0Item Restricted The Humanitarian Vehicle Routing Problem with Non-Routineness of Trips(Purdue University, 2024-04-22) Alturki, Ibrahim; Lee, SeokcheonThe escalating frequency and impact of natural disasters have necessitated the study of Humanitarian Logistics (HL) optimization to mitigate human and financial losses. This dissertation encompasses three pivotal studies that collectively seek to address some of the numerous gaps identified in the nascent literature of HL optimization, particularly in conflict-ridden and low-security environments. The first study conducts a comprehensive survey on the application of Multi-Criteria Decision Making (MCDM) methods in HL, identifying a significant gap between academic research and practical challenges, and highlighting underexplored areas within multicriteria optimization in HL. The second study introduces innovative deterministic and possibilistic models to improve the safety and security of humanitarian personnel by developing a vehicle routing model that minimizes the predictability of trips, a novel aspect in HL research. This includes the introduction of the Humanitarian Vehicle Routing Problem with Non-Routineness of Trips (HVRPNRT), creation of a unique index to measure trip routineness and the provision of an approximate closed-form solution for the aid allocation subproblem, and introduces a novel case study from the ongoing civil unrest in South Sudan. The third study presents a novel heuristic solution algorithm for the HVRPNRT, which is the first of its kind, and outperforms the commercial solver CPLEX on some instances. This algorithm offers near-optimal solutions with reduced computational times and maintains feasibility under stringent security conditions, thereby advancing the field of security-aware HL optimization. Collectively, these studies offer significant contributions to the field of HL optimization, providing a recent through survey of the field, novel practical models, methodologies, and an algorithm that address both operational efficiency and security challenges, in an effort to bridge the gap between theoretical research and real-world humanitarian needs.35 0Item Restricted Cruising The Sea Of Risks: The Impact Of Ship Countermeasures On Intentions To Cruise(Saudi Digital Library, 2023) Bahattab, Shadi; Demurtas, AlessandroCruise ships are one of the fastest growing industries in the tourism sector. Despite the promising future, the cruise industry is frequently challenged by major safety and security threats. Accordingly, multiple risks are found to be associated with cruising. These include onboard major crimes, sexual assault, fires, sea piracy, terrorist attacks, health problems, and infection outbreaks. Such risks have resulted in many bad experiences among passengers, injuries, and loss of life. As a floating resort, the closed environment of a conveniently flagged cruise ship, besides the complexity and the lack of safety and security measures can pose passengers to inevitable dangers, increasing the degree of their vulnerability when cruising. Although some protection measures have been implemented and followed to a certain degree, cruise ships are still devastated by major accidents and negative incidents. This has challenged the reputation of many cruise companies, thereby effecting their growing ability and profitability. Correspondingly, this study aims to investigate the impact of cruise ships safety and security measures on passengers’ purchase intention, through passengers’ safety and security perception. Following an exploratory analysis of all variables, this work is carried out using primary data, which have been quantitatively collected through self-administered questionnaires. The findings indicate that there is a strong correlation between the main three pairs of the aforementioned variables. The provided implications and recommendations can be highly beneficial for cruise operators and academia on how to best understand and determine the existence of the causal relationship between such variables.16 0Item Restricted Applying Push-Pull-Mooring model to investigate non-malicious workarounds behavior(Saudi Digital Library, 2023) Aljohani, Nawaf; Warkentin, MerrillMore than half of the violations of information systems security policies are initiated by non-malicious activities of insiders. To investigate these non-malicious activities, we utilized the theory of workaround and argued that the application of neutralization techniques impacts the use of workarounds. We built our model using three theories: the theory of workaround, push pull-mooring theory, and techniques of neutralization. We identified the elements of workarounds related to non-malicious violations and proposed a theoretical perspective using the push-pull-mooring theory to investigate non-malicious workarounds empirically. We propose that non-malicious activities of insiders can be seen as a switching behavior, with push factors such as system dissatisfaction and time pressure, and pull factors such as convenience and alternative attractiveness. The mooring factors in our model are techniques of neutralization, including denial of injury, denial of responsibility, and defense of necessity. We employed the scenario-based factorial survey method to mitigate the effect of social desirability bias. Our mixed model analysis indicates that time pressure, convenience, denial of injury, and defense of necessity significantly impact an individual's likelihood of engaging in non-malicious workarounds. Additionally, the relative weight analysis of our model shows that convenience and time pressure explain most of the variance in our model.23 0