SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems

Several years of academic and industrial research efforts have converged to a common understanding on fundamental security building blocks for the upcoming Vehicular Communication (VC) systems. There is a growing consensus towards deploying a special-purpose identity and credential management infrastructure, i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous authentication, with standardization efforts towards that direction. In spite of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant questions remain unanswered towards deploying a VPKI. Deep understanding of the VPKI, a central building block of secure and privacy-preserving VC systems, is still lacking. This paper contributes to the closing of this gap. We present SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI standards specifications. We provide a detailed description of our state-of-the-art VPKI that improves upon existing proposals in terms of security and privacy protection, and efficiency. SECMACE facilitates multi-domain operations in the VC systems and enhances user privacy, notably preventing linking pseudonyms based on timing information and offering increased protection even against honest-but-curious VPKI entities. We propose multiple policies for the vehicle-VPKI interactions, based on which and two large-scale mobility trace datasets, we evaluate the full-blown implementation of SECMACE. With very little attention on the VPKI performance thus far, our results reveal that modest computing resources can support a large area of vehicles with very low delays and the most promising policy in terms of privacy protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent Transportation System

Going Rogue: Mobile Research Applications and the Right to Privacy

This Article investigates whether nonsectoral state laws may serve as a viable source of privacy and security standards for mobile health research participants and other health data subjects until new federal laws are created or enforced. In particular, this Article (1) catalogues and analyzes the nonsectoral data privacy, security, and breach notification statutes of all fifty states and the District of Columbia; (2) applies these statutes to mobile-app-mediated health research conducted by independent scientists, citizen scientists, and patient researchers; and (3) proposes substantive amendments to state law that could help protect the privacy and security of all health data subjects, including mobile-app-mediated health research participants

A Survey on Phishing Attacks in Cyberspace

Phishing is a type of cyber attack in which cybercriminals use various advanced techniques to deceive people, such as creating fake webpages or malicious e-mails. The objective of phishing attacks is to gather personal data, money, or personal information from victims illegally. The primary aim of this review is to survey the literature on phishing attacks in cyberspace. It discusses different types of phishing attacks, such as spear phishing, e-mail spoofing, phone phishing, web spoofing, and angler phishing, as well as negative consequences they may cause for people. Phishing is typically carried out through different delivery methods such as e-mail, phone calls, or messaging. Victims of phishing are usually either not sensitive to privacy protection or do not have enough knowledge about social engineering attacks to know they are at risk. In addition, this paper introduces different methods for detecting phishing attacks. The last section discusses certain limitations of existing studies on phishing detection and potential future researc

Fictional and Fragmented Truths in Korean Adoptee Life Writing

This article explores the ways that life writing allows transnational, transracial Asian adoptee authors to navigate their complex experiences of truth and authenticity. It also addresses the transformations adoptee authors make to the memoir genre in order to accommodate the particularities of their experiences. I analyze Jane Jeong Trenka’s foundational Asian adoption memoir, The Language of Blood, and Kim Sunée’s lesser-known text, Trail of Crumbs, paying attention to the ways that the authors’ hybridized and deliberately constructionist approaches to genre parallel some of the identity issues that are brought out in their respective books. I explore the significance of the scrapbook form in The Language of Blood and the recipe book structure in Trail of Crumbs, arguing that Trenka and Sunée create hybridized life narratives because, like many transnational, transracial Asian adoptee life writers (and subjects), their identities are so inescapably predicated on assemblage. I argue that these authors reconsider some of the customary structures, styles, and themes found in traditional memoirs, and in so doing they participate in the postmodern project of de-essentializing truth claims that is crucial to their negotiations of their identities as Korean adoptees

Rape Culture and Epistemology

We consider the complex interactions between rape culture and epistemology. A central case study is the consideration of a deferential attitude about the epistemology of sexual assault testimony. According to the deferential attitude, individuals and institutions should decline to act on allegations of sexual assault unless and until they are proven in a formal setting, i.e., a criminal court. We attack this deference from several angles, including the pervasiveness of rape culture in the criminal justice system, the epistemology of testimony and norms connecting knowledge and action, the harms of tacit idealizations away from important contextual factors, and a contextualist semantics for 'knows' ascriptions