Browsing by Author "Odemis, Murat"

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    Conference Object
    An authorization-based cryptographically secure mobile voting system
    (Curran Associates Inc., 2017) Murat Odemis; Ahmet Hasan Koltuksuz; Odemis, Murat; Koltuksuz, Ahmet; M. Scanlon , N.-A. Le-Khac
    Governments and the private sector keep pace with the innovations on mobile technologies. Most countries have developed e-Government portals for their citizens which also have mobile applications. They aim to provide public services in efficient and effective manners. While the governments are administering existing duties through an electronic platform they are also trying to transform the paper-based voting into a fertile electronic method. Recent advancements in mobilebased communication networks and cryptography have made it possible to consider mobile voting as a feasible alternative for conventional elections. Mobile voting has the flexibility of allowing citizens to participate in an election no matter where they physically are. Benefits of this alternative may include a reduced cost and increased participation speed flexibility and accuracy as well as improved accessibility for disabled people. According to Chung and Wu (2012) mobile voting schemes should all have anonymity eligibility fairness mobility uniqueness verifiability uncoercibility limited transparency and appropriate location freedom. While previously published papers in the field of mobile voting has been scrutinized in this work this paper itself proposes for a reliable secure authorization-based mobile voting system which will enable instantaneous vote submissions for not only the government elections but also for institutions and meetings which currently lack such a favorable arrangement. A mobile application was also developed to prove the system. Hybrid cryptosystem is used for data security and the data gets encrypted and decrypted via AES-256. Elliptic Curve Diffie-Hellman schema called Curve25519 (Bernstein 2006) is used for the key exchange mechanism for Curve25519 provides one of the fastest results. In addition to this biometric fingerprint-scanning technology is used. One of the most important features of the system is that after user enters to the system with his institutive credential if and when under pressure voter can use the fake trapdoor. The user sets both genuine and fake character-based password and geometric pattern password to vote. The network is protected by SSL and OpenSSL is used on certification phases. The application consists of a login certification activation listing election and a voting screen. An Authorization-Based Cryptographically Secure Mobile Voting System will be introduced in this paper. © 2023 Elsevier B.V. All rights reserved.
  • Thumbnail Image
    Article
    Citation - WoS: 8
    Citation - Scopus: 8
    Detecting User Behavior in Cyber Threat Intelligence: Development of Honeypsy System
    (Hindawi Limited, 2022) Murat Odemis; Cagatay Yucel; Ahmet Hasan Koltuksuz; Yucel, Cagatay; Odemis, Murat; Koltuksuz, Ahmet
    This research demonstrates a design of an experiment of a hacker infiltrating a server where it is assumed that the communication between the hacker and the target server is established and the hacker also escalated his rights on the server. Therefore the honeypot server setup has been designed to reveal the correlation of a hacker's actions with that of the hacker's experience personality expertise and psychology. To the best of our knowledge such a design of experiment has never been tested rigorously on a honeypot implementation except for self-reporting tests applied to hackers in the literature. However no study evaluates the actual data of these hackers and these tests. This study also provides a honeypot design to understand the personality and expertise of the hacker and displays the correlation of these data with the tests. Our Honeypsy system is composed of a Big-5 personality test a cyber expertise test and a capture-the-flag (CTF) event to collect logs with honeypot applied in this sequence. These three steps generate data on the expertise and psychology of known cyber hackers. The logs of the known hacker activities on honeypots are obtained through the CTF event that they have participated in. The design and deployment of a honeypot as well as the CTF event were specifically prepared for this research. Our aim is to predict an unknown hacker's expertise and personality by analyzing these data. By examining/analyzing the data of the known hackers it is now possible to make predictions about the expertise and personality of the unknown hackers. The same logic applies when one tries to predict the next move of the unknown hackers attacking the server. We have aimed to underline the details of the personalities and expertise of hackers and thus help the defense experts of victimized institutions to develop their cyber defense strategies in accordance with the modus operandi of the hackers. © 2022 Elsevier B.V. All rights reserved.
  • Thumbnail Image
    Conference Object
    Citation - WoS: 3
    Suggesting a Honeypot Design to Capture Hacker Psychology- Personality and Sophistication
    (ACAD CONFERENCES LTD, 2018) Murat Odemis; Cagatay Yucel; Ahmet Koltuksuz; Gokhan Ozbilgin; Yucel, Cagatay; Ozbilgin, Gokhan; Odemis, Murat; Koltuksuz, Ahmet; JS Hurley; JQ Chen
    The benefits of collaborating across disciplines such as social sciences applied statistics and computer science primarily affect the security arena regarding the fields of open source intelligence information warfare and strategic studies of security. Computer science and psychology are becoming more and more involved with the advancements in big data analytics. Contemporary studies in this intersection show that personality traits such as neuroticism extroversion openness agreeableness and conscientiousness can be predicted through sensors logs and active user behaviors. In the security systems it is now a need for psychoanalysis to become more proactive as it plays an important role in the understanding of a cyber threat. The research question that leads the suggestions in this paper is How much can be learned from logs honeypots and collected security-related data about a hacker's psychology personality and sophistication? Hackers' traits have been investigated in the following dimensions: persistence skill greed motivation confidence and stealth. Honeypots have been designed to create a passive trap for the adversaries. This unlocks and reveals actionable information about the adversaries regarding their identities locations types of attacks they choose to use and their motivations. When a standard private honeypot server is online it will fill out its logs with many attacks from botnets and other automated malicious activities within a short time. In this mass production of logs and activities the quantity within the collection of useful information becomes unfeasible to have gathered without such a program. So far honeypots have been categorized according to their interaction levels and service types. A low-interaction honeypot emulates a few steps and replies of the vulnerable network protocol and the network stack is imitated while a high-interaction honeypot provides a full experience of the service for which it is designed. The amount of transferred data number of failed logins CPU and memory usage and the search sophistication levels are the characteristics which can be derived from a honeypot. This work-in-progress study will detail the specifications of a special type of honeypot that is designed to capture the aforementioned characteristics and sophistication of a hacker.