Privacy-preserving, User-centric VoIP CAPTCHA Challenges: an Integrated Solution in the SIP Environment

Purpose – This work aims to argue that it is possible to address discrimination issues that naturally arise in contemporary audio CAPTCHA challenges and potentially enhance the effectiveness of audio CAPTCHA systems by adapting the challenges to the user characteristics. Design/methodology/approach – A prototype has been designed, called PrivCAPTCHA, to offer privacy-preserving, user-centric CAPTCHA challenges. Anonymous credential proofs are integrated into the Session Initiation Protocol (SIP) protocol and the approach is evaluated in a real-world Voice over Internet Protocol (VoIP) environment. Findings – The results of this work indicate that it is possible to create VoIP CAPTCHA services offering privacy-preserving, user-centric challenges while maintaining sufficient efficiency. Research limitations/implications – The proposed approach was evaluated through an experimental implementation to demonstrate its feasibility. Additional features, such as appropriate user interfaces and efficiency optimisations, would be useful for a commercial product. Security measures to protect the system from attacks against the SIP protocol would be useful to counteract the effects of the introduced overhead. Future research could investigate the use of this approach on non-audio CAPTCHA services. Practical implications – PrivCAPTCHA is expected to achieve fairer, non-discriminating CAPTCHA services while protecting the user’s privacy. Adoption success relies upon the general need for employment of privacy-preserving practices in electronic interactions. Social implications – This approach is expected to enhance the quality of life of users, who will now receive CAPTCHA challenges closer to their characteristics. This applies especially to users with disabilities. Additionally, as a privacy-preserving service, this approach is expected to increase trust during the use of services that use it. Originality/value – To the best of authors’ knowledge, this is the first comprehensive proposal for privacy-preserving CAPTCHA challenge adaptation. The proposed system aims at providing an improved CAPTCHA service that is more appropriate for and trusted by human users

A review of cyber threats and defence approaches in emergency management

Emergency planners, first responders and relief workers increasingly rely on computational and communication systems that support all aspects of emergency management, from mitigation and preparedness to response and recovery. Failure of these systems, whether accidental or because of malicious action, can have severe implications for emergency management. Accidental failures have been extensively documented in the past and significant effort has been put into the development and introduction of more resilient technologies. At the same time researchers have been raising concerns about the potential of cyber attacks to cause physical disasters or to maximise the impact of one by intentionally impeding the work of the emergency services. Here, we provide a review of current research on the cyber threats to communication, sensing, information management and vehicular technologies used in emergency management. We emphasise on open issues for research, which are the cyber threats that have the potential to affect emergency management severely and for which solutions have not yet been proposed in the literature

Cryptographic mechanisms for privacy

With the increasing use of electronic media for our daily transactions, we widely distribute our personal information. Once released, controlling the dispersal of this information is virtually impossible. Privacy-enhancing technologies can help to minimise the amount of information that needs to be revealed in transactions, on the one hand, and to limit the dispersal, on the other hand. Unfortunately, these technologies are hardly used today. In this paper, we aim to foster the adoption of such technologies by providing a summary of what they can achieve. We hope that by this, policy makers, system architects, and security practitioners will be able to employ privacy-enhancing technologies.edition: 1ststatus: publishe

Blockchain Technology for Access and Authorization Management in the Internet of Things

The Internet of Things (IoT) continues to suffer from security issues, even after 20 years of technological evolution and continuing efforts. While the decentralization of the IoT seems to be a solution for improved resource management and scalability, most of the services remain centralized, exposing IoT systems to malicious attacks. As a result, this leads to functionality failures and endangers user and data integrity. Identity and Access Management (IAM) has the ability to provide defense against a great number of security threats. Additionally, blockchain is a technology which can natively support decentralization, as well as access and authorization management techniques, using the corresponding programmable logic and leveraging cryptographic mechanisms for privacy and security. Using standardized frameworks (e.g., Decentralized Identifiers and Verifiable Credentials), a blockchain-based access and authorization solution can present the basis for a uniform decentralized IAM framework for the IoT. To this end, this paper presents a proof-of-concept design and implementation of an IAM solution based on Solidity smart contracts, targeting two areas: firstly, supporting the fact that blockchain can seamlessly provide the basis for a decentralized IAM framework, while secondly (and most importantly) exploring the challenge of integrating within existing IoT systems, avoiding redesigning and redeveloping on behalf of IoT manufacturers