874 research outputs found
More Competitive Search Through Regulation
This paper identifies a set of possible regulations that could be used both to make the search market more competitive and simultaneously ameliorate the harms flowing from Google's current monopoly position. The purpose of this paper is to identify conceptual problems and solutions based on sound economic principles and to begin a discussion from which robust and specific policy recommendations can be drafted
ACUTA Journal of Telecommunications in Higher Education
In This Issue
The Future of the University Telephone System
Two Approaches to Communications in the Desert
Dual-Mode Smartphones Are Shaping the Future for VolP
ADVERTORIAL: The Future of the Managed Emergency Communications System
Penn State\u27s Voice Services: Roadmap to the Clouds
Where Are We Now...Where Are We Going?
Preparing for the Future as an ICT Professional
Videoconferencing Goes Mobile
President\u27s Message
From the Executive Director
Q&A with the CI
Mobile Authentication with NFC enabled Smartphones
Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication
Holistic security 4.0
The future computer climate will represent an ever more aligned world of integrating
technologies, affecting consumer, business and industry sectors. The vision was first outlined
in the Industry 4.0 conception. The elements which comprise smart systems or embedded
devices have been investigated to determine the technological climate.
The emerging technologies revolve around core concepts, and specifically in this project, the
uses of Internet of Things (IoT), Industrial Internet of Things (IIoT) and Internet of Everything
(IoE). The application of bare metal and logical technology qualities are put under the
microscope to provide an effective blue print of the technological field.
The systems and governance surrounding smart systems are also examined. Such an approach
helps to explain the beneficial or negative elements of smart devices. Consequently, this
ensures a comprehensive review of standards, laws, policy and guidance to enable security and
cybersecurity of the 4.0 systems
What people complain about drone apps? a large-scale empirical study of Google play store reviews
Within the past few years, there has been a tremendous increase in the number of UAVs (Unmanned Aerial Vehicle) or drones manufacture and purchase. It is expected to proliferate further, penetrating into every stream of life, thus making its usage inevitable. The UAV’s major components are its physical hardware and programming software, which controls its navigation or performs various tasks based on the field of concern. The drone manufacturers launch the controlling app for the drones in mobile app stores. A few drone manufacturers also release development kits to aid drone enthusiasts in developing customized or more creative apps. Thus, the app stores are also expected to be flooded with drone-related apps in the near future. With various active research and studies being carried out in UAV’s hardware field, no effort is dedicated to studying/researching the software side of UAV. Towards this end, a large-scale empirical study of UAV or drone-related apps of the Google Play Store Platform is conducted. The study consisted of 1,825 UAV mobile apps, across twenty-five categories, with 162,250 reviews. Some of the notable findings of the thesis are (a) There are 27 major types of issues the drone app users complain about, (b) The top four complaints observed are Functional Error (27.9%), Device Compatibility (16.8%), Cost (16.2%) and Connection/Sync (15.6%), (c) The top four issues for which the UAV manufactures or Drone app developers provide feedback to user complaints are Functional Error (40.9%), Cost (33.3%), Device Compatibility (23.1%) and ConnectionSync (16%), (d) Developers respond to the most frequently occurring complaints rather than the most negatively impacting ones
On the security of mobile sensors
PhD ThesisThe age of sensor technology is upon us. Sensor-rich mobile devices
are ubiquitous. Smart-phones, tablets, and wearables are increasingly
equipped with sensors such as GPS, accelerometer, Near Field Communication
(NFC), and ambient sensors. Data provided by such sensors, combined
with the fast-growing computational capabilities on mobile platforms,
offer richer and more personalised apps. However, these sensors
introduce new security challenges to the users, and make sensor management
more complicated.
In this PhD thesis, we contribute to the field of mobile sensor security by
investigating a wide spectrum of open problems in this field covering attacks
and defences, standardisation and industrial approaches, and human
dimensions. We study the problems in detail and propose solutions.
First, we propose “Tap-Tap and Pay” (TTP), a sensor-based protocol to
prevent the Mafia attack in NFC payment. The Mafia attack is a special
type of Man-In-The-Middle attack which charges the user for something
more expensive than what she intends to pay by relaying transactions
to a remote payment terminal. In TTP, a user initiates the payment by
physically tapping her mobile phone against the reader. We observe that
this tapping causes transient vibrations at both devices which are measurable
by the embedded accelerometers. Our observations indicate that
these sensor measurements are closely correlated within the same tapping,
and different if obtained from different tapping events. By comparing the
similarity between the two measurements, the bank can distinguish the
Mafia fraud apart from a legitimate NFC transaction. The experimental
results and the user feedback suggest the practical feasibility of TTP. As
compared with previous sensor-based solutions, ours is the only one that
works even when the attacker and the user are in nearby locations or share
similar ambient environments. Second, we demonstrate an in-app attack based on a real world problem
in contactless payment known as the card collision or card clash. A card
collision happens when more than one card (or NFC-enabled device) are
presented to the payment terminal’s field, and the terminal does not know
which card to choose. By performing experiments, we observe that the
implementation of contactless terminals in practice matches neither EMV
nor ISO standards (the two primary standards for smart card payment)
on card collision. Based on this inconsistency, we propose “NFC Payment
Spy”, a malicious app that tracks the user’s contactless payment transactions.
This app, running on a smart phone, simulates a card which
requests the payment information (amount, time, etc.) from the terminal.
When the phone and the card are both presented to a contactless
terminal (given that many people use mobile case wallets to travel light
and keep wallet essentials close to hand), our app can effectively win the
race condition over the card. This attack is the first privacy attack on
contactless payments based on the problem of card collision. By showing
the feasibility of this attack, we raise awareness of privacy and security
issues in contactless payment protocols and implementation, specifically
in the presence of new technologies for payment such as mobile platforms.
Third, we show that, apart from attacking mobile devices by having access
to the sensors through native apps, we can also perform sensor-based
attacks via mobile browsers. We examine multiple browsers on Android
and iOS platforms and study their policies in granting permissions to
JavaScript code with respect to access to motion and orientation sensor
data. Based on our observations, we identify multiple vulnerabilities,
and propose “TouchSignatures” and “PINLogger.js”, two novel attacks in
which malicious JavaScript code listens to such sensor data measurements.
We demonstrate that, despite the much lower sampling rate (comparing to
a native app), a remote attacker is able to learn sensitive user information
such as physical activities, phone call timing, touch actions (tap, scroll,
hold, zoom), and PINs based on these sensor data. This is the first report
of such a JavaScript-based attack. We disclosed the above vulnerability to
the community and major mobile browser vendors classified the problem
as high-risk and fixed it accordingly.
Finally, we investigate human dimensions in the problem of sensor management.
Although different types of attacks via sensors have been known for many years, the problem of data leakage caused by sensors has remained
unsolved. While working with W3C and browser vendors to fix
the identified problem, we came to appreciate the complexity of this problem
in practice and the challenge of balancing security, usability, and functionality.
We believe a major reason for this is that users are not fully
aware of these sensors and the associated risks to their privacy and security.
Therefore, we study user understanding of mobile sensors, specifically
their risk perceptions. This is the only research to date that studies risk
perceptions for a comprehensive list of mobile sensors (25 in total). We
interview multiple participants from a range of backgrounds by providing
them with multiple self-declared questionnaires. The results indicate that
people in general do not have a good understanding of the complexities
of these sensors; hence making security judgements about these sensors
is not easy for them. We discuss how this observation, along with other
factors, renders many academic and industry solutions ineffective. This
makes the security and privacy issues of mobile sensors and other sensorenabled
technologies an important topic to be investigated further
- …