108 research outputs found

    Multimedia Forensics

    Get PDF
    This book is open access. Media forensics has never been more relevant to societal life. Not only media content represents an ever-increasing share of the data traveling on the net and the preferred communications means for most users, it has also become integral part of most innovative applications in the digital information ecosystem that serves various sectors of society, from the entertainment, to journalism, to politics. Undoubtedly, the advances in deep learning and computational imaging contributed significantly to this outcome. The underlying technologies that drive this trend, however, also pose a profound challenge in establishing trust in what we see, hear, and read, and make media content the preferred target of malicious attacks. In this new threat landscape powered by innovative imaging technologies and sophisticated tools, based on autoencoders and generative adversarial networks, this book fills an important gap. It presents a comprehensive review of state-of-the-art forensics capabilities that relate to media attribution, integrity and authenticity verification, and counter forensics. Its content is developed to provide practitioners, researchers, photo and video enthusiasts, and students a holistic view of the field

    Multimedia Forensics

    Get PDF
    This book is open access. Media forensics has never been more relevant to societal life. Not only media content represents an ever-increasing share of the data traveling on the net and the preferred communications means for most users, it has also become integral part of most innovative applications in the digital information ecosystem that serves various sectors of society, from the entertainment, to journalism, to politics. Undoubtedly, the advances in deep learning and computational imaging contributed significantly to this outcome. The underlying technologies that drive this trend, however, also pose a profound challenge in establishing trust in what we see, hear, and read, and make media content the preferred target of malicious attacks. In this new threat landscape powered by innovative imaging technologies and sophisticated tools, based on autoencoders and generative adversarial networks, this book fills an important gap. It presents a comprehensive review of state-of-the-art forensics capabilities that relate to media attribution, integrity and authenticity verification, and counter forensics. Its content is developed to provide practitioners, researchers, photo and video enthusiasts, and students a holistic view of the field

    An Approach to Guide Users Towards Less Revealing Internet Browsers

    Get PDF
    When browsing the Internet, HTTP headers enable both clients and servers send extra data in their requests or responses such as the User-Agent string. This string contains information related to the sender’s device, browser, and operating system. Previous research has shown that there are numerous privacy and security risks result from exposing sensitive information in the User-Agent string. For example, it enables device and browser fingerprinting and user tracking and identification. Our large analysis of thousands of User-Agent strings shows that browsers differ tremendously in the amount of information they include in their User-Agent strings. As such, our work aims at guiding users towards using less exposing browsers. In doing so, we propose to assign an exposure score to browsers based on the information they expose and vulnerability records. Thus, our contribution in this work is as follows: first, provide a full implementation that is ready to be deployed and used by users. Second, conduct a user study to identify the effectiveness and limitations of our proposed approach. Our implementation is based on using more than 52 thousand unique browsers. Our performance and validation analysis show that our solution is accurate and efficient. The source code and data set are publicly available and the solution has been deployed

    On Security and Privacy for Networked Information Society : Observations and Solutions for Security Engineering and Trust Building in Advanced Societal Processes

    Get PDF
    Our society has developed into a networked information society, in which all aspects of human life are interconnected via the Internet — the backbone through which a significant part of communications traffic is routed. This makes the Internet arguably the most important piece of critical infrastructure in the world. Securing Internet communications for everyone using it is extremely important, as the continuing growth of the networked information society relies upon fast, reliable and secure communications. A prominent threat to the security and privacy of Internet users is mass surveillance of Internet communications. The methods and tools used to implement mass surveillance capabilities on the Internet pose a danger to the security of all communications, not just the intended targets. When we continue to further build the networked information upon the unreliable foundation of the Internet we encounter increasingly complex problems,which are the main focus of this dissertation. As the reliance on communication technology grows in a society, so does the importance of information security. At this stage, information security issues become separated from the purely technological domain and begin to affect everyone in society. The approach taken in this thesis is therefore both technical and socio-technical. The research presented in this PhD thesis builds security in to the networked information society and provides parameters for further development of a safe and secure networked information society. This is achieved by proposing improvements on a multitude of layers. In the technical domain we present an efficient design flow for secure embedded devices that use cryptographic primitives in a resource-constrained environment, examine and analyze threats to biometric passport and electronic voting systems, observe techniques used to conduct mass Internet surveillance, and analyze the security of Finnish web user passwords. In the socio-technical domain we examine surveillance and how it affects the citizens of a networked information society, study methods for delivering efficient security education, examine what is essential security knowledge for citizens, advocate mastery over surveillance data by the targeted citizens in the networked information society, and examine the concept of forced trust that permeates all topics examined in this work.Yhteiskunta, jossa elĂ€mme, on muovautunut teknologian kehityksen myötĂ€ todelliseksi tietoyhteiskunnaksi. Monet verkottuneen tietoyhteiskunnan osa-alueet ovat kokeneet muutoksen tĂ€mĂ€n kehityksen seurauksena. TĂ€mĂ€n muutoksen keskiössĂ€ on Internet: maailmanlaajuinen tietoverkko, joka mahdollistaa verkottuneiden laitteiden keskenĂ€isen viestinnĂ€n ennennĂ€kemĂ€ttömĂ€ssĂ€ mittakaavassa. Internet on muovautunut ehkĂ€ keskeisimmĂ€ksi osaksi globaalia viestintĂ€infrastruktuuria, ja siksi myös globaalin viestinnĂ€n turvaaminen korostuu tulevaisuudessa yhĂ€ enemmĂ€n. Verkottuneen tietoyhteiskunnan kasvu ja kehitys edellyttĂ€vĂ€t vakaan, turvallisen ja nopean viestintĂ€jĂ€rjestelmĂ€n olemassaoloa. Laajamittainen tietoverkkojen joukkovalvonta muodostaa merkittĂ€vĂ€n uhan tĂ€mĂ€n jĂ€rjestelmĂ€n vakaudelle ja turvallisuudelle. Verkkovalvonnan toteuttamiseen kĂ€ytetyt menetelmĂ€t ja työkalut eivĂ€t vain anna mahdollisuutta tarkastella valvonnan kohteena olevaa viestiliikennettĂ€, vaan myös vaarantavat kaiken Internet-liikenteen ja siitĂ€ riippuvaisen toiminnan turvallisuuden. Kun verkottunutta tietoyhteiskuntaa rakennetaan tĂ€mĂ€n kaltaisia valuvikoja ja haavoittuvuuksia sisĂ€ltĂ€vĂ€n jĂ€rjestelmĂ€n varaan, keskeinen uhkatekijĂ€ on, ettĂ€ yhteiskunnan ydintoiminnot ovat alttiina ulkopuoliselle vaikuttamiselle. NĂ€iden uhkatekijöiden ja niiden taustalla vaikuttavien mekanismien tarkastelu on tĂ€mĂ€n vĂ€itöskirjatyön keskiössĂ€. Koska työssĂ€ on teknisen sisĂ€llön lisĂ€ksi vahva yhteiskunnallinen elementti, tarkastellaan tiukan teknisen tarkastelun sijaan aihepiirĂ€ laajemmin myös yhteiskunnallisesta nĂ€kökulmasta. TĂ€ssĂ€ vĂ€itöskirjassa pyritÀÀn rakentamaan kokonaiskuvaa verkottuneen tietoyhteiskunnan turvallisuuteen, toimintaan ja vakauteen vaikuttavista tekijöistĂ€, sekĂ€ tuomaan esiin uusia ratkaisuja ja avauksia eri nĂ€kökulmista. Työn tavoitteena on osaltaan mahdollistaa entistĂ€ turvallisemman verkottuneen tietoyhteiskunnan rakentaminen tulevaisuudessa. TeknisestĂ€ nĂ€kökulmasta työssĂ€ esitetÀÀn suunnitteluvuo kryptografisia primitiivejĂ€ tehokkaasti hyödyntĂ€ville rajallisen laskentatehon sulautetuviiille jĂ€rjestelmille, analysoidaan biometrisiin passeihin, kansainvĂ€liseen passijĂ€rjestelmÀÀn, sekĂ€ sĂ€hköiseen ÀÀnestykseen kohdistuvia uhkia, tarkastellaan joukkovalvontaan kĂ€ytettyjen tekniikoiden toimintaperiaatteita ja niiden aiheuttamia uhkia, sekĂ€ tutkitaan suomalaisten Internet-kĂ€yttĂ€jien salasanatottumuksia verkkosovelluksissa. Teknis-yhteiskunnallisesta nĂ€kökulmasta työssĂ€ tarkastellaan valvonnan teoriaa ja perehdytÀÀn siihen, miten valvonta vaikuttaa verkottuneen tietoyhteiskunnan kansalaisiin. LisĂ€ksi kehitetÀÀn menetelmiĂ€ parempaan tietoturvaopetukseen kaikilla koulutusasteilla, mÀÀritellÀÀn keskeiset tietoturvatietouden kĂ€sitteet, tarkastellaan mahdollisuutta soveltaa tiedon herruuden periaatetta verkottuneen tietoyhteiskunnan kansalaisistaan kerÀÀmĂ€n tiedon hallintaan ja kĂ€yttöön, sekĂ€ tutkitaan luottamuksen merkitystĂ€ yhteiskunnan ydintoimintojen turvallisuudelle ja toiminnalle, keskittyen erityisesti pakotetun luottamuksen vaikutuksiin

    Climate change as a knowledge controversy: investigating debates over science and policy

    Get PDF
    Understanding climate change as a knowledge controversy, this thesis provides new insights into the form, value and impact of the climate change debate on science and policy processes. Based on 99 interviews in New Zealand and the United Kingdom as well as social network analysis, it provides an original contribution to knowledge by identifying previously unknown sites of knowledge contestation within the climate change debate, in addition to contributory factors, and potential solutions to, debate polarisation. It also addresses a fundamental gap in the literature regarding the impact of controversy on the production of scientific knowledge and policy decision-making. This thesis comprises five standalone papers (Chapters 2-6) which together explore climate change as a knowledge controversy using frameworks from science and technology studies, sociology and geography. Chapter 2 finds that the most central blogs within the climate sceptical blogosphere predominantly focus on the scientific element of the climate debate. It argues that by acting as an alternative public site of expertise, the blogosphere may be playing a central role in perpetuating doubt regarding the scientific basis for climate change policymaking. Chapter 3 suggests that the binary and dualistic format of labels used within the climate debate such as “denier” or “alarmist” contribute towards polarisation by reducing possibilities for constructive dialogue. Chapter 4 investigates rationales for debate participation and argues that identifying and emphasising commonalities between previously polarised individuals may serve to reduce antagonism within the climate change debate. Chapter 5 investigates the impact of controversy on the production of scientific knowledge and finds that climate scientists identify substantial impacts on their agency as scientists, but not on scientific practice. It argues that this distinction indicates that boundarymaking may be understood as a more active and explicit process under conditions of controversy. Finally, Chapter 6 introduces the concept of post-decisional logics of inaction, emphasising the role of place in determining the influence of controversial knowledge claims on climate change policymaking. These findings make explicit the underlying politics of knowledge inherent within the climate change debate, and emphasise the need for a more attentive consideration of the role of knowledge, place and performativity in contested science and policy environments

    Political organisation, leadership and communication in authoritarian settings: Digital activism in Belarus and Russia

    Get PDF
    Citizens of authoritarian regimes face multiple constraints when they express critical political views using digital media. The regime may monitor their activities, censor their speech or persecute them. Despite these challenges, politically-active citizens organise outside of traditional hierarchical arrangements to advocate for pro-democracy changes. I analyse how the affordances of digital media help activists to organise, to select and to protect their leaders, as well as to distribute information. I use interviews, content analysis and participant observation to study two recent cases of successful political campaigning on digital media. Unusually, both cases managed to challenge the state elites in authoritarian countries, Belarus and Russia respectively. I found that the two studied organisations relied on ad hoc, segmented and shadowed organisational configurations that deployed vast digital communication infrastructures to disseminate information. Journalists, the authorities and the public often misperceived these configurations as either over-centralised or not organised at all. This misperception, as well as the management of leadership visibility on social media, allowed activist groups to protect some of their leaders from persecution. The findings contribute to the discussion regarding the nature of political organising in the digital age by refining and problematising social movement theories for digital authoritarian contents. The study also contributes to the discussion of the strategies that authoritarian regimes use to respond to and combat online opposition. These findings challenge the idea that authoritarian regimes have neared full co-optation of the internet. Instead, the internet should be considered as a battlefield for political influence

    Ethical and Unethical Hacking

    Get PDF
    The goal of this chapter is to provide a conceptual analysis of ethical, comprising history, common usage and the attempt to provide a systematic classification that is both compatible with common usage and normatively adequate. Subsequently, the article identifies a tension between common usage and a normativelyadequate nomenclature. ‘Ethical hackers’ are often identified with hackers that abide to a code of ethics privileging business-friendly values. However, there is no guarantee that respecting such values is always compatible with the all-things-considered morally best act. It is recognised, however, that in terms of assessment, it may be quite difficult to determine who is an ethical hacker in the ‘all things considered’ sense, while society may agree more easily on the determination of who is one in the ‘business-friendly’ limited sense. The article concludes by suggesting a pragmatic best-practice approach for characterising ethical hacking, which reaches beyond business-friendly values and helps in the taking of decisions that are respectful of the hackers’ individual ethics in morally debatable, grey zones

    Best Practices and Recommendations for Cybersecurity Service Providers

    Full text link
    This chapter outlines some concrete best practices and recommendations for cybersecurity service providers, with a focus on data sharing, data protection and penetration testing. Based on a brief outline of dilemmas that cybersecurity service providers may experience in their daily operations, it discusses data handling policies and practices of cybersecurity vendors along the following five topics: customer data handling; information about breaches; threat intelligence; vulnerability-related information; and data involved when collaborating with peers, CERTs, cybersecurity research groups, etc. There is, furthermore, a discussion of specific issues of penetration testing such as customer recruitment and execution as well as the supervision and governance of penetration testing. The chapter closes with some general recommendations regarding improving the ethical decision-making procedures of private cybersecurity service providers
    • 

    corecore