2,859 research outputs found
Defending against Sybil Devices in Crowdsourced Mapping Services
Real-time crowdsourced maps such as Waze provide timely updates on traffic,
congestion, accidents and points of interest. In this paper, we demonstrate how
lack of strong location authentication allows creation of software-based {\em
Sybil devices} that expose crowdsourced map systems to a variety of security
and privacy attacks. Our experiments show that a single Sybil device with
limited resources can cause havoc on Waze, reporting false congestion and
accidents and automatically rerouting user traffic. More importantly, we
describe techniques to generate Sybil devices at scale, creating armies of
virtual vehicles capable of remotely tracking precise movements for large user
populations while avoiding detection. We propose a new approach to defend
against Sybil devices based on {\em co-location edges}, authenticated records
that attest to the one-time physical co-location of a pair of devices. Over
time, co-location edges combine to form large {\em proximity graphs} that
attest to physical interactions between devices, allowing scalable detection of
virtual vehicles. We demonstrate the efficacy of this approach using
large-scale simulations, and discuss how they can be used to dramatically
reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio
An Architecture for Integrated Intelligence in Urban Management using Cloud Computing
With the emergence of new methodologies and technologies it has now become
possible to manage large amounts of environmental sensing data and apply new
integrated computing models to acquire information intelligence. This paper
advocates the application of cloud capacity to support the information,
communication and decision making needs of a wide variety of stakeholders in
the complex business of the management of urban and regional development. The
complexity lies in the interactions and impacts embodied in the concept of the
urban-ecosystem at various governance levels. This highlights the need for more
effective integrated environmental management systems. This paper offers a
user-orientated approach based on requirements for an effective management of
the urban-ecosystem and the potential contributions that can be supported by
the cloud computing community. Furthermore, the commonality of the influence of
the drivers of change at the urban level offers the opportunity for the cloud
computing community to develop generic solutions that can serve the needs of
hundreds of cities from Europe and indeed globally.Comment: 6 pages, 3 figure
Proceedings of the Designing interactive secure systems workshop (DISS 2012).
In recent years, the field of usable security has attracted researchers from HCI and Information Security, and led to a better understanding of the interplay between human factors and security mechanisms. Despite these advances, designing systems which are both secure in, and appropriate for, their contexts of use continues to frustrate both researchers and practitioners. One reason is a misunderstanding of the role that HCI can play in the design of secure systems. A number of eminent security researchers and practitioners continue to espouse the need to treat people as the weakest link, and encourage designers to build systems that Homer Simpson can use. Unfortunately, treating users as a problem can limit the opportunities for innovation when people are engaged as part of a solution. Similarly, while extreme characters (such as Homer) can be useful for envisaging different modes of interaction, when taken out of context they risk disenfranchising the very people the design is meant to support. Better understanding the relationship between human factors and the design of secure systems is an important step forward, but many design research challenges still remain. There is growing evidence that HCI design artefacts can be effective at supporting secure system design, and that some alignment exists between HCI, security, and software engineering activities. However, more is needed to understand how broader insights from the interactive system design and user experience communities might also find traction in secure design practice. For these insights to lead to design practice innovation, we also need usability and security evaluation activities that better support interaction design, together with software tools that augment, rather than hinder, these design processes. Last, but not least, we need to share experiences and anecdotes about designing usable and secure systems, and reflect on the different ways of performing and evaluating secure interaction design research. The objective of this workshop is to act as a forum for those interested in the design of interactive secure systems. By bringing together a like-minded community of researchers and practitioners, we hope to share knowledge gleaned from recent research, as well as experiences designing secure and usable systems in practice
Recommended from our members
Security challenges and solutions for e-business
The advantages of economic growth and increasing ease of operation afforded by e-business and e-commerce developments are unfortunately matched by growth in cyber attacks. This paper outlines the common attacks faced by e-business and describes the defenses that can be used against them. It also reviews the development of newer security defense methods. These are: (1) biometrics for authentication; parallel processing to increase power and speed of defenses; (2) data mining and machine learning to identify attacks; (3) peer-to-peer security using blockchains; 4) enterprise security modelling and security as a service; and (5) user education and engagement. The review finds overall that one of the most prevalent dangers is social engineering in the form of phishing attacks. Recommended counteractions include education and training, and the development of new machine learning and data sharing approaches so that attacks can be quickly discovered and mitigated
Vulnerability and resilience of cyber-physical power systems: results from an empirical-based study
Power systems are undergoing a profound transformation towards cyber-physical systems. Disruptive changes due to energy system transition and the complexity of the interconnected systems expose the power system to new, unknown and unpredictable risks. To identify the critical points, a vulnerability assessment was conducted, involving experts from power as well as information and communication technologies (ICT) sectors. Weaknesses were identified e.g.,the lack of policy enforcement worsened by the unreadiness of involved actors. The complex dynamics of ICT makes it infeasible to keep a complete inventory of potential stressors to define appropriate preparation and prevention mechanisms. Therefore, we suggest applying a resilience management approach to increase the resilience of the system. It aims at a better ride through failures rather than building higher walls. We conclude that building resilience in cyber-physical power systems is feasible and helps in preparing for the unexpected
- …