57,798 research outputs found
Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
The rise of connectivity, digitalization, robotics, and artificial
intelligence (AI) is rapidly changing our society and shaping its future
development. During this technological and societal revolution, security has
been persistently neglected, yet a hacked robot can act as an insider threat in
organizations, industries, public spaces, and private homes. In this paper, we
perform a structured security assessment of Pepper, a commercial humanoid
robot. Our analysis, composed by an automated and a manual part, points out a
relevant number of security flaws that can be used to take over and command the
robot. Furthermore, we suggest how these issues could be fixed, thus, avoided
in the future. The very final aim of this work is to push the rise of the
security level of IoT products before they are sold on the public market.Comment: 8 pages, 3 figures, 4 table
State of Alaska Election Security Project Phase 2 Report
A laska’s election system is among the most secure in the country,
and it has a number of safeguards other states are now adopting. But
the technology Alaska uses to record and count votes could be improved—
and the state’s huge size, limited road system, and scattered communities
also create special challenges for insuring the integrity of the vote.
In this second phase of an ongoing study of Alaska’s election
security, we recommend ways of strengthening the system—not only the
technology but also the election procedures. The lieutenant governor
and the Division of Elections asked the University of Alaska Anchorage to
do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell.
State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference
Experimental Case Studies for Investigating E-Banking Phishing Techniques and Attack Strategies
Phishing is a form of electronic identity theft in which a combination of social engineering and web site spoofing techniques are used to trick a user into revealing confidential information with economic value. The problem of social engineering attack is that there is no single solution to eliminate it completely, since it deals largely with the human factor. This is why implementing empirical experiments is very crucial in order to study and to analyze all malicious and deceiving phishing website attack techniques and strategies. In this paper, three different kinds of phishing experiment case studies have been conducted to shed some light into social engineering attacks, such as phone phishing and phishing website attacks for designing effective countermeasures and analyzing the efficiency of performing security awareness about phishing threats. Results and reactions to our experiments show the importance of conducting phishing training awareness for all users and doubling our efforts in developing phishing prevention techniques. Results also suggest that traditional standard security phishing factor indicators are not always effective for detecting phishing websites, and alternative intelligent phishing detection approaches are needed
Oceanography Professional Development in Virginia Via Collaboration, Field Integration, and Inquiry
Seventy-nine in-service teachers completed one of six sections of a grant-funded, graduate-level, summer course entitled, Oceanography, that was offered at four different locations in Virginia between 2005 and 2007. The majority of the teachers enrolled with the objective of obtaining their add-on earth science endorsement through the Virginia Earth Science Collaborative (VESC). Oceanography was designed to integrate the following: 1) the ocean science disciplines of geology, chemistry, physics, and biology; 2) inquiry-based learning strategies, quantitative activities, and technology; and, 3) Virginia Institute of Marine Science (VIMS) field experience with classroom experiences. These design themes were informed by ocean science content standards and science education best practices, and supported the goal that, upon completion of the course, teachers would be confident and competent in their abilities to teach oceanography concepts to grades 6-12 [1-3]. Learning outcomes, instructor feedback, and participant feedback suggest that the VESC’s Oceanography can serve as an instructional model for teacher professional development in oceanography. A collaborative instructional framework (marine educators, master teacher, and university faculty), small class size, and end-of-course field synthesis projects are additional elements that contributed to positive learning outcomes in course sections. The primary challenge in the course was the compressed, two-week time frame of face-to-face instruction
Security awareness and affective feedback:categorical behaviour vs. reported behaviour
A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness
Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study
Passwords are still a mainstay of various security systems, as well as the
cause of many usability issues. For end-users, many of these issues have been
studied extensively, highlighting problems and informing design decisions for
better policies and motivating research into alternatives. However, end-users
are not the only ones who have usability problems with passwords! Developers
who are tasked with writing the code by which passwords are stored must do so
securely. Yet history has shown that this complex task often fails due to human
error with catastrophic results. While an end-user who selects a bad password
can have dire consequences, the consequences of a developer who forgets to hash
and salt a password database can lead to far larger problems. In this paper we
present a first qualitative usability study with 20 computer science students
to discover how developers deal with password storage and to inform research
into aiding developers in the creation of secure password systems
Usability of Humanly Computable Passwords
Reusing passwords across multiple websites is a common practice that
compromises security. Recently, Blum and Vempala have proposed password
strategies to help people calculate, in their heads, passwords for different
sites without dependence on third-party tools or external devices. Thus far,
the security and efficiency of these "mental algorithms" has been analyzed only
theoretically. But are such methods usable? We present the first usability
study of humanly computable password strategies, involving a learning phase (to
learn a password strategy), then a rehearsal phase (to login to a few
websites), and multiple follow-up tests. In our user study, with training,
participants were able to calculate a deterministic eight-character password
for an arbitrary new website in under 20 seconds
E-safety and Web 2.0: Web 2.0 technologies for learning at Key Stages 3 and 4
Becta commissioned the University of Nottingham in conjunction with London Knowledge Lab and Manchester Metropolitan University to research Web 2.0 technologies for learning at Key Stages 3 and 4. This is the fourth report from that research and concentrates on the e-safety aspects of Web 2.0 in education
- …