Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA

MobileTrust: Secure Knowledge Integration in VANETs

Vehicular Ad hoc NETworks (VANET) are becoming popular due to the emergence of the Internet of Things and ambient intelligence applications. In such networks, secure resource sharing functionality is accomplished by incorporating trust schemes. Current solutions adopt peer-to-peer technologies that can cover the large operational area. However, these systems fail to capture some inherent properties of VANETs, such as fast and ephemeral interaction, making robust trust evaluation of crowdsourcing challenging. In this article, we propose MobileTrust—a hybrid trust-based system for secure resource sharing in VANETs. The proposal is a breakthrough in centralized trust computing that utilizes cloud and upcoming 5G technologies to provide robust trust establishment with global scalability. The ad hoc communication is energy-efficient and protects the system against threats that are not countered by the current settings. To evaluate its performance and effectiveness, MobileTrust is modelled in the SUMO simulator and tested on the traffic features of the small-size German city of Eichstatt. Similar schemes are implemented in the same platform to provide a fair comparison. Moreover, MobileTrust is deployed on a typical embedded system platform and applied on a real smart car installation for monitoring traffic and road-state parameters of an urban application. The proposed system is developed under the EU-founded THREAT-ARREST project, to provide security, privacy, and trust in an intelligent and energy-aware transportation scenario, bringing closer the vision of sustainable circular economy

Currency Aspects of Financial Security of the Banking System of Ukraine: Regulatory Priorities and Transformation of Control

The article is devoted to the topical subject – the study of currency aspects of the financial security of the banking system of Ukraine, taking into account the threats of liberalization of cross-border capital transfer and currency regulation. The main objectives of the article are studying the main threats to the currency security of the banking system of Ukraine in the context of the transformation of currency control within the liberalization of currency relations. In particular, the study found that currency security is one of the main components of the financial security of the banking system, and exchange rate instability is one of the greatest threats to the effective functioning of Ukrainian banking institutions, taking into account the peculiarities of the national structure of financial assets and liabilities of business entities. As a result, it is found that the deterioration of the exchange rate stability leads to a revaluation of assets, the outflow of foreign currency deposits from banks, which leads to their loss and significant deterioration of financial security, while a decrease in the volume of gold and foreign exchange reserves directly affects the currency security of the state, in particular, and the economic in general. Based on the research results, proposals have been made to improve currency regulation and currency control, namely, amendments to the draft law should be made with regard to the administrative restriction of the dollarization level of deposits and credits, indicating the terms for reducing the dollarization rates of loans and deposits from 50 % to 20–25 %. The mechanism for such reduction in dollarization should be included in the instruments of the National Bank of Ukraine, namely, the norm of mandatory reservation for deposits in foreign currency should be 3–4 times higher than the reserve rate in the national currency, which will make foreign currency deposits "uninteresting" for banks, and therefore will lead to a reduction in the interest rate and, accordingly, reduce the desire to save in foreign currency. By dollarization of loans, the credit risk reservation ratio should also be significantly higher than in the national currency in order to demobilize banks for lending in foreign currency, an exception can only be for those enterprises that carry out foreign economic activity. In addition, lending to individuals for all types of loans in foreign currency should be banned, and the fact of such ban should be clearly spelled out in the Law on Currency. This will prevent the outflow of capital from the state and form a mechanism to reduce the scale of the shadow foreign exchange market as the main threats to the currency and financial security of the banking system of Ukraine

CoAP congestion control for the Internet of Things

“© © 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works.” August Betzler, Javier Isern, Carles Gomez, Ilker Demirkol, Josep Paradells, "Experimental evaluation of congestion control for CoAP communications without end-to-end reliability", Ad Hoc Networks, pp. , 2016, ISSN 15708705. DOI: 10.1109/MCOM.2016.7509394CoAP is a lightweight RESTful application layer protocol devised for the IoT. Operating on top of UDP, CoAP must handle congestion control by itself. The core CoAP specification defines a basic congestion control mechanism, but it is not capable of adapting to network conditions. However, IoT scenarios exhibit significant resource constraints, which pose new challenges on the design of congestion control mechanisms. In this article we present CoCoA, an advanced congestion control mechanism for CoAP being standardized by the Internet Engineering Task Force CoRE working group. CoCoA introduces a novel round-trip time estimation technique, together with a variable backoff factor and aging mechanisms in order to provide dynamic and controlled retransmission timeout adaptation suitable for the peculiarities of IoT communications. We conduct a comparative performance analysis of CoCoA and a variety of alternative algorithms including state-of-the-art mechanisms developed for TCP. The study is based on experiments carried out in real testbeds. Results show that, in contrast to the alternative methods considered, CoCoA consistently outperforms the default CoAP congestion control mechanism in all evaluated scenarios.Peer ReviewedPostprint (author's final draft

Trusted operational scenarios - Trust building mechanisms and strategies for electronic marketplaces.

This document presents and describes the trusted operational scenarios, resulting from the research and work carried out in Seamless project. The report presents identified collaboration habits of small and medium enterprises with low e-skills, trust building mechanisms and issues as main enablers of online business relationships on the electronic marketplace, a questionnaire analysis of the level of trust acceptance and necessity of trust building mechanisms, a proposal for the development of different strategies for the different types of trust mechanisms and recommended actions for the SEAMLESS project or other B2B marketplaces.trust building mechanisms, trust, B2B networks, e-marketplaces