21,119 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Теорія систем мобільних інфокомунікацій. Системна архітектура

    Get PDF
    Навчальний посібник містить опис логічних та фізичних структур, процедур, алгоритмів, протоколів, принципів побудови і функціонування мереж стільникового мобільного зв’язку (до 3G) і мобільних інфокомунікацій (4G і вище), приділяючи увагу розгляду загальних архітектур мереж операторів мобільного зв’язку, їх управління і координування, неперервності еволюції розвитку засобів функціонування і способів надання послуг таких мереж. Посібник структурно має сім розділів і побудований так, що складність матеріалу зростає з кожним наступним розділом. Навчальний посібник призначено для здобувачів ступеня бакалавра за спеціальністю 172 «Телекомунікації та радіотехніка», буде також корисним для аспірантів, наукових та інженерно-технічних працівників за напрямом інформаційно-телекомунікаційних систем та технологій.The manual contains a description of the logical and physical structures, procedures, algorithms, protocols, principles of construction and operation of cellular networks for mobile communications (up to 3G) and mobile infocommunications (4G and higher), paying attention to the consideration of general architectures of mobile operators' networks, their management, and coordination, the continuous evolution of the development of the means of operation and methods of providing services of such networks. The manual has seven structural sections and is structured in such a way that the complexity of the material increases with each subsequent chapter. The textbook is intended for applicants for a bachelor's degree in specialty 172 "Telecommunications and Radio Engineering", and will also be useful to graduate students, and scientific and engineering workers in the direction of information and telecommunication systems and technologies

    A Design Science Research Approach to Smart and Collaborative Urban Supply Networks

    Get PDF
    Urban supply networks are facing increasing demands and challenges and thus constitute a relevant field for research and practical development. Supply chain management holds enormous potential and relevance for society and everyday life as the flow of goods and information are important economic functions. Being a heterogeneous field, the literature base of supply chain management research is difficult to manage and navigate. Disruptive digital technologies and the implementation of cross-network information analysis and sharing drive the need for new organisational and technological approaches. Practical issues are manifold and include mega trends such as digital transformation, urbanisation, and environmental awareness. A promising approach to solving these problems is the realisation of smart and collaborative supply networks. The growth of artificial intelligence applications in recent years has led to a wide range of applications in a variety of domains. However, the potential of artificial intelligence utilisation in supply chain management has not yet been fully exploited. Similarly, value creation increasingly takes place in networked value creation cycles that have become continuously more collaborative, complex, and dynamic as interactions in business processes involving information technologies have become more intense. Following a design science research approach this cumulative thesis comprises the development and discussion of four artefacts for the analysis and advancement of smart and collaborative urban supply networks. This thesis aims to highlight the potential of artificial intelligence-based supply networks, to advance data-driven inter-organisational collaboration, and to improve last mile supply network sustainability. Based on thorough machine learning and systematic literature reviews, reference and system dynamics modelling, simulation, and qualitative empirical research, the artefacts provide a valuable contribution to research and practice

    Building data management capabilities to address data protection regulations: Learnings from EU-GDPR

    Get PDF
    The European Union’s General Data Protection Regulation (EU-GDPR) has initiated a paradigm shift in data protection toward greater choice and sovereignty for individuals and more accountability for organizations. Its strict rules have inspired data protection regulations in other parts of the world. However, many organizations are facing difficulty complying with the EU-GDPR: these new types of data protection regulations cannot be addressed by an adaptation of contractual frameworks, but require a fundamental reconceptualization of how companies store and process personal data on an enterprise-wide level. In this paper, we introduce the resource-based view as a theoretical lens to explain the lengthy trajectories towards compliance and argue that these regulations require companies to build dedicated, enterprise-wide data management capabilities. Following a design science research approach, we propose a theoretically and empirically grounded capability model for the EU-GDPR that integrates the interpretation of legal texts, findings from EU-GDPR-related publications, and practical insights from focus groups with experts from 22 companies and four EU-GDPR projects. Our study advances interdisciplinary research at the intersection between IS and law: First, the proposed capability model adds to the regulatory compliance management literature by connecting abstract compliance requirements to three groups of capabilities and the resources required for their implementation, and second, it provides an enterprise-wide perspective that integrates and extends the fragmented body of research on EU-GDPR. Practitioners may use the capability model to assess their current status and set up systematic approaches toward compliance with an increasing number of data protection regulations

    The developing maternal-infant relationship: a qualitative longitudinal study

    Get PDF
    Aim The study aimed to explore maternal perceptions and the use of knowledge relating to their infant’s mental health over time using qualitative longitudinal research. Background There has been a growing interest in infant mental health over recent years. Much of this interest is directed through the lens of infant determinism, through knowledge regarding neurological development resulting in biological determinism. Research and policy in this field are directed toward individual parenting behaviours, usually focused on the mother. Despite this, there is little attention given to maternal perspectives of infant mental health, indicating that a more innovative approach to methodology is required. Methods This study took a qualitative longitudinal approach, and interviews were undertaken with seven mothers from the third trimester of pregnancy and then throughout the first year of the infant’s life. Interviews were conducted at 34 weeks of pregnancy, and then when the infant was 6 and 12 weeks, 6, 9, and 12 months, alongside the collection of researcher field notes—a total of 41 interviews. Data were analysed by creating case profiles, memos, and summaries, and then cross-comparison of the emerging narratives. A psycho-socially informed approach was taken to the analysis of data. Findings Three interrelated themes emerged from the data: evolving maternal identity, growing a person, and creating a safe space. The theme of evolving maternal identity dominated the other themes of growing a person and creating a safe space in a way that met perceived socio-cultural requirements for mothering and childcare practices. Participants’ personal stories give voice to their perceptions of the developing maternal-infant relationship in the context of their socio-cultural setting, relationships with others, and experiences over time. Conclusions This study adds new knowledge by giving mothers a voice to express how the maternal-infant relationship develops over time. The findings demonstrate how the developing maternal-infant relationship grows in response to their mutual needs as the mother works to create and sustain identities for herself and the infant that will fit within their socio-cultural context and individual situations. Additionally, the findings illustrate the importance of temporal considerations, social networks, and intergenerational relationships to this evolving process. Recommendations for practice, policy, and education are made that reflect the unique relationship between mother and infant and the need to conceptualise this using an ecological approach

    TOWARDS AN UNDERSTANDING OF EFFORTFUL FUNDRAISING EXPERIENCES: USING INTERPRETATIVE PHENOMENOLOGICAL ANALYSIS IN FUNDRAISING RESEARCH

    Get PDF
    Physical-activity oriented community fundraising has experienced an exponential growth in popularity over the past 15 years. The aim of this study was to explore the value of effortful fundraising experiences, from the point of view of participants, and explore the impact that these experiences have on people’s lives. This study used an IPA approach to interview 23 individuals, recognising the role of participants as proxy (nonprofessional) fundraisers for charitable organisations, and the unique organisation donor dynamic that this creates. It also bought together relevant psychological theory related to physical activity fundraising experiences (through a narrative literature review) and used primary interview data to substantiate these. Effortful fundraising experiences are examined in detail to understand their significance to participants, and how such experiences influence their connection with a charity or cause. This was done with an idiographic focus at first, before examining convergences and divergences across the sample. This study found that effortful fundraising experiences can have a profound positive impact upon community fundraisers in both the short and the long term. Additionally, it found that these experiences can be opportunities for charitable organisations to create lasting meaningful relationships with participants, and foster mutually beneficial lifetime relationships with them. Further research is needed to test specific psychological theory in this context, including self-esteem theory, self determination theory, and the martyrdom effect (among others)

    Design Justice Principles and Do-It-Yourself Assistive Technology: Case Study

    Get PDF
    In this project, we focus on the Principles of Design Justice, as developed by the Design Justice Network, a community committed to challenging structural inequalities of design. Our thesis research project is aligned with the premise of user-centered design and the situated knowledge in third paradigm of HCI. We examine some of the current processes for Do-It-Yourself Assistive Technology (DIY-AT) development and deployment using the works of Makers Making Change (MMC). MMC connects the makers of DIY-AT devices to people who need AT devices. We also examine the impacts of the ongoing COVID-19 pandemic on the need for DIY-AT and the challenges it might have caused. Our findings include MMC's positive impact regarding DIY-AT service delivery, engaging local makers into making DIY-AT, and a modest job in integrating Design Justice Principles. The findings of our study also suggest an increase in the demand for AT due to the pandemic

    Educating Sub-Saharan Africa:Assessing Mobile Application Use in a Higher Learning Engineering Programme

    Get PDF
    In the institution where I teach, insufficient laboratory equipment for engineering education pushed students to learn via mobile phones or devices. Using mobile technologies to learn and practice is not the issue, but the more important question lies in finding out where and how they use mobile tools for learning. Through the lens of Kearney et al.’s (2012) pedagogical model, using authenticity, personalisation, and collaboration as constructs, this case study adopts a mixed-method approach to investigate the mobile learning activities of students and find out their experiences of what works and what does not work. Four questions are borne out of the over-arching research question, ‘How do students studying at a University in Nigeria perceive mobile learning in electrical and electronic engineering education?’ The first three questions are answered from qualitative, interview data analysed using thematic analysis. The fourth question investigates their collaborations on two mobile social networks using social network and message analysis. The study found how students’ mobile learning relates to the real-world practice of engineering and explained ways of adapting and overcoming the mobile tools’ limitations, and the nature of the collaborations that the students adopted, naturally, when they learn in mobile social networks. It found that mobile engineering learning can be possibly located in an offline mobile zone. It also demonstrates that investigating the effectiveness of mobile learning in the mobile social environment is possible by examining users’ interactions. The study shows how mobile learning personalisation that leads to impactful engineering learning can be achieved. The study shows how to manage most interface and technical challenges associated with mobile engineering learning and provides a new guide for educators on where and how mobile learning can be harnessed. And it revealed how engineering education can be successfully implemented through mobile tools

    DataProVe: Fully Automated Conformance Verification Between Data Protection Policies and System Architectures

    Get PDF
    Privacy and data protection by design are relevant parts of the General Data Protection Regulation (GDPR), in which businesses and organisations are encouraged to implement measures at an early stage of the system design phase to fulfil data protection requirements. This paper addresses the policy and system architecture design and propose two variants of privacy policy language and architecture description language, respectively, for specifying and verifying data protection and privacy requirements. In addition, we develop a fully automated algorithm based on logic, for verifying three types of conformance relations (privacy, data protection, and functional conformance) between a policy and an architecture specified in our languages’ variants. Compared to related works, this approach supports a more systematic and fine-grained analysis of the privacy, data protection, and functional properties of a system. Our theoretical methods are then implemented as a software tool called DataProVe and its feasibility is demonstrated based on the centralised and decentralised approaches of COVID-19 contact tracing applications

    Virtual Robotics in Hybrid Teaching and Learning

    Get PDF
    Traditional robotics instruction in face-to-face classrooms, after-school clubs, and independent competition environments align with expensive, physical robot kits shared by students. Students or parent groups often elect themselves because of previous experience, expertise, or perceived technical ability to dominate the physical robotic platforms’ planning, engineering, building, and subsequent programming. This self-elected grabbing of control leaves students who are not regarded as well-positioned to contribute sidelined to observe the self-appointed experts of the group. Virtual robotics platforms provide educators and coaches with the unique opportunity to give every student access to a robot. Each student learns programming, math, and scientific forces that impact robots through simulated physics algorithms. With their customizable virtual environments, virtual robotics platforms such as Vex VR and Robot Virtual Worlds level the playing field. All students can learn, practice, and subsequently contribute to robotics-centered group projects or competitive teams in meaningful ways. This book chapter delineates the strategies to implement virtual robotics in hybrid classroom environments supported by the Technological Pedagogical Content Knowledge (TPACK) framework. Additionally, this chapter reviews how computer-aided design and augmented reality platforms provide students with the opportunity to incorporate 3D objects into virtual worlds
    corecore