A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Analysis of Token and Ticket Based Mechanisms for Current VoIP Security Issues and Enhancement Proposal

Interior vie

Improving infection control at Atoifi Adventist Hospital, Solomon Islands: a participatory action research approach

Vanessa explored how perceptions of disease causation and transmission influence infection control practice at Atoifi Adventist Hospital. She found germ theory was only one component. Social, cultural and spiritual beliefs also guided practice. Local beliefs must be incorporated into infection control programs to reduce hospital acquired infections in the Pacific

Link-time smart card code hardening

This paper presents a feasibility study to protect smart card software against fault-injection attacks by means of link-time code rewriting. This approach avoids the drawbacks of source code hardening, avoids the need for manual assembly writing, and is applicable in conjunction with closed third-party compilers. We implemented a range of cookbook code hardening recipes in a prototype link-time rewriter and evaluate their coverage and associated overhead to conclude that this approach is promising. We demonstrate that the overhead of using an automated link-time approach is not significantly higher than what can be obtained with compile-time hardening or with manual hardening of compiler-generated assembly code

Women In The Web of Secondary Copyright Liability and Internet Filtering

This Essay suggests possible explanations for why there is not very much legal scholarship devoted to gender issues on the Internet; and it asserts that there is a powerful need for Internet legal theorists and activists to pay substantially more attention to the gender-based differences in communicative style and substance that have been imported from real space to cyberspace. Information portals, such as libraries and web logs, are gendered in ways that may not be facially apparent. Women are creating and experiencing social solidarity online in ways that male scholars and commentators do not seem to either recognize or deem important. Internet specific content restrictions for the purposes of protecting copyrights and protecting children jeopardize online freedoms for women in diverse ways, and sometimes for different reasons than they do for men. Disparities in the ways women and men use, experience and communicate over the Internet need to be recognized, studied, and accommodated by those who would theorize cyberspace law and advocate directions for its evolution

Tracing writer/reader identity in, and in response to, queer latinx Autohistoria-Teorìa

This project examines how diverse representation changes the discourse around queer latinx identities. This project extends theories of representation that show how a text changes the imaginary of the reader through a two-part methodology. First, through explicating Spit & Passion and A Cup of Water Under My Bed, this project examines how these texts construct a readers’ imaginary. Then, through a corresponding qualitative assessment on readers’ responses to the texts, this project identifies the extent to which the texts change the beliefs and understandings of a small group of students. Articulating an ecology of identity using the texts under examination, this project offers a representational analysis of the ways Cristy C. Road and Daisy Hernández exhibit their queer latinx identities and the forms of resistance they use to survive the constraints of their particular cultural, historical, spiritual, material, political and personal spheres. Further, the representational analysis looks at how Road and Hernández follow in the path laid out by other latinx and queer theorists and engage in Anzaldúa’s “autohistoria-teoría.” Additionally, using a mixed-methods qualitative assessment, this project follows the shift that occurs in readers’ identity forming and ideological perspectives once they have read the two texts. Most importantly, this qualitative assessment demonstrates that Cristy C. Road’s Spit & Passion and Daisy Hernández’s A Cup of Water Under My Bed impact readers’ understanding of their own identities, their understanding of the identities portrayed in the texts, and their worldview

Disinformation and Fact-Checking in Contemporary Society

Funded by the European Media and Information Fund and research project PID2022-142755OB-I00

Security for Decentralised Service Location - Exemplified with Real-Time Communication Session Establishment

Decentralised Service Location, i.e. finding an application communication endpoint based on a Distributed Hash Table (DHT), is a fairly new concept. The precise security implications of this approach have not been studied in detail. More importantly, a detailed analysis regarding the applicability of existing security solutions to this concept has not been conducted. In many cases existing client-server approaches to security may not be feasible. In addition, to understand the necessity for such an analysis, it is key to acknowledge that Decentralised Service Location has some unique security requirements compared to other P2P applications such as filesharing or live streaming. This thesis concerns the security challenges for Decentralised Service Location. The goals of our work are on the one hand to precisely understand the security requirements and research challenges for Decentralised Service Location, and on the other hand to develop and evaluate corresponding security mechanisms. The thesis is organised as follows. First, fundamentals are explained and the scope of the thesis is defined. Decentralised Service Location is defined and P2PSIP is explained technically as a prototypical example. Then, a security analysis for P2PSIP is presented. Based on this security analysis, security requirements for Decentralised Service Location and the corresponding research challenges -- i.e. security concerns not suitably mitigated by existing solutions -- are derived. Second, several decentralised solutions are presented and evaluated to tackle the security challenges for Decentralised Service Location. We present decentralised algorithms to enable availability of the DHTs lookup service in the presence of adversary nodes. These algorithms are evaluated via simulation and compared to analytical bounds. Further, a cryptographic approach based on self-certifying identities is illustrated and discussed. This approach enables decentralised integrity protection of location-bindings. Finally, a decentralised approach to assess unknown identities is introduced. The approach is based on a Web-of-Trust model. It is evaluated via prototypical implementation. Finally, the thesis closes with a summary of the main contributions and a discussion of open issues