Completely Automated Public Physical test to tell Computers and Humans Apart: A usability study on mobile devices

A very common approach adopted to fight the increasing sophistication and dangerousness of malware and hacking is to introduce more complex authentication mechanisms. This approach, however, introduces additional cognitive burdens for users and lowers the whole authentication mechanism acceptability to the point of making it unusable. On the contrary, what is really needed to fight the onslaught of automated attacks to users data and privacy is to first tell human and computers apart and then distinguish among humans to guarantee correct authentication. Such an approach is capable of completely thwarting any automated attempt to achieve unwarranted access while it allows keeping simple the mechanism dedicated to recognizing the legitimate user. This kind of approach is behind the concept of Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA), yet CAPTCHA leverages cognitive capabilities, thus the increasing sophistication of computers calls for more and more difficult cognitive tasks that make them either very long to solve or very prone to false negatives. We argue that this problem can be overcome by substituting the cognitive component of CAPTCHA with a different property that programs cannot mimic: the physical nature. In past work we have introduced the Completely Automated Public Physical test to tell Computer and Humans Apart (CAPPCHA) as a way to enhance the PIN authentication method for mobile devices and we have provided a proof of concept implementation. Similarly to CAPTCHA, this mechanism can also be used to prevent automated programs from abusing online services. However, to evaluate the real efficacy of the proposed scheme, an extended empirical assessment of CAPPCHA is required as well as a comparison of CAPPCHA performance with the existing state of the art. To this aim, in this paper we carry out an extensive experimental study on both the performance and the usability of CAPPCHA involving a high number of physical users, and we provide comparisons of CAPPCHA with existing flavors of CAPTCHA

Near Field Communication Applications

Near Field Communication (NFC) is a short-range, low power contactless communication between NFC-enabled devices that are held in the closed proximity to each other. NFC technology has been moving rapidly from its initial application areas of mobile payment services and contactless ticketing to the diversity of new areas. Three specific NFC tags highlighted in the thesis have different structures in terms of memory, security and usage in different applications. NFC information tags exploit the data exchange format NDEF standardized by NFC Forum. NFC applications are rapidly stepping into novel and diverse application areas. Often they are deployed in combination with different devices and systems through their integrability and adaptability features. The diverse application areas where NFC tags and cards are used cover smart posters, contactless ticketing, keys and access control, library services, entertainment services, social network services, education, location based services, work force and retail management and healthcare. In designing different NFC applications, it is necessary to take into consideration different design issues such as to choosing the NFC tools and devices according to the technical requirements of the application, considering especially the memory, security and price factors as well as their relation to the purpose and usage of the final product. The security aspect of the NFC tags is remarkably important in selecting the proper NFC device. The race between hackers attacking and breaking the security systems of programmable high level products and manufacturers to produce reliable secure systems and products seems to never end. This has proven to be case, for example, for trying MIFARE Ultralight and DESFire MF3ICD40 tags. An important consideration of studying the different applications of NFC tags and cards during the thesis work was to understand the ubiquitous character of NFC technology.Lähitunnistus yhteys tekniikka (NFC) on lyhyen tähtäimen, pienitehoinen, kontaktiton yhteydenpito NFC yhteensopivien laitteiden välillä, jossa laitteet pidetään toistensä välittömässä läheisyydessä tiedon siirtämiseksi niiden välillä. NFC-teknologia on siirtynyt nopeasti sen alkuperäisiltä toimialueilta eli mobiili maksupalvelujen ja kontaktittomien lippujen sovellusalueilta moninaisille uusille alueille. Kolmella NFC tagillä, joita on käsitelty tässä tutkielmassa, on muistin, turvallisuuden ja käytön kannalta erilaisiä rakenteita, joita käytetään eri sovelluksissa. NFC-tagit käyttävät tiedonvälityksessä NFC Forumin standardoimaa NDEF-tiedonvaihtoformaattia. NFC sovellukset esiintyvät yhä enenevässä määrin nopeasti kehyttyvillä, uudenlaisilla ja monipuolisilla sovellusalueilla, usein yhdessä eri laitteiden ja järjestelmien kanssa. NFC on käytettävissä erinäisten laitteiden kanssa erilaisissa järjestelmäympäristöissä. Monipuoliset sovellusalueet, joissa muun muassa NFC-tagejä ja -kortteja käytetään sisältävät seuraavanlaisia sovelluksia: älykkäät julisteet, kontaktittomat liput, avaimet ja pääsynvalvonta, kirjastopalvelut, viihdepalvelut, sosiaalisen verkoston palvelut, kasvatukseen ja koulutukseen liittyvät palvelut, sijaintiperustaiset palvelut, työvoiman ja vähittäiskaupan hallinto-palvelut ja terveyspalvelut. Erilaisten NFC-sovelluksien suunnittelussa on väistämätöntä ottaa erilaisia suunnitteluasioita huomioon kuten valita NFC-työkalut ja laitteet sovelluksen teknisten vaatimusten mukaan. Erilaiset tärkeät tekijät kuten muisti, tietoturvallisuusominaisuudet ja hinta ja niiden kaikkien toimivuus lopputuotteen kannalta on otettava huomioon. Tietoturvallisuusnäkökohta on erityisen tärkeä oikean NFC laitteen valitsemisessa, sillä käynnissä on loputon kilpajuoksu hakkerien, jotka yrittävät rikkoa ohjelmoitavien korkeatasoisten laitteiden ja tuotteiden tietoturvajärjestelmiä, ja valmistajien, jotka pyrkivät tuottamaan luotettavia varmoja järjestelmiä, välillä. Tietoturvariskiin liittyviä ongelmia on löydetty esimerkiksi MIFARE Ultralight ja DESFire MF3ICD40 tageista. Tärkeä havainto, joka saatiin erilaisten NFC sovelluksien tutkimisesta, oli oivaltaa NFCteknologian potentiaalinen kaikkialle ulottuva, yleiskäyttöinen luonne

Detecting Targeted Smartphone Malware with Behavior-Triggering Stochastic Models

none4sinoneGuillermo Suarez-Tangil; Mauro Conti; Juan E. Tapiador; and Pedro Peris-LopezGuillermo Suarez, Tangil; Conti, Mauro; Juan E., Tapiador; Pedro Peris, Lope

Hikester - the event management application

Today social networks and services are one of the most important part of our everyday life. Most of the daily activities, such as communicating with friends, reading news or dating is usually done using social networks. However, there are activities for which social networks do not yet provide adequate support. This paper focuses on event management and introduces "Hikester". The main objective of this service is to provide users with the possibility to create any event they desire and to invite other users. "Hikester" supports the creation and management of events like attendance of football matches, quest rooms, shared train rides or visit of museums in foreign countries. Here we discuss the project architecture as well as the detailed implementation of the system components: the recommender system, the spam recognition service and the parameters optimizer

Customer satisfaction with the electronic banking services in Zimbabwe: a case of Mashonaland West Province, Zimbabwe.

Doctoral Degree. University of KwaZulu-Natal, Pietermaritzburg.With the constant advances in technology, it is expected that life should become easier in various way, one of these being that people would no longer have to wait in queues in banks as technology allows people to do most of their transactions by computer or cell phone. This research sought to gather information on customer satisfaction with the electronic banking (e-banking) facilities and services in Zimbabwe. The problem which was identified is that people spend a lot of time waiting in queues for services they could access much more quickly on e-banking platforms. Three e-banking platforms were examined, these being automated teller machines (ATMs), internet banking, and mobile banking (m-banking). The research took the form of a descriptive case study design. It also took a mixed method approach where both quantitative and qualitative data was used. Mashonaland West Province in Zimbabwe was the location for the study. Questionnaires were distributed in all seven districts of this province, on a pro rata basis depending on population size. According to the 2012 census survey in Zimbabwe, the total population of economically active people, between the ages of 15 and 64 years living in the province was 825 911 people. The researcher used Kredjice and Morgan’s table to calculate the sample size of 384 people. Two hundred and eighty-three (283) questionnaires were returned out of the three Hundred and eighty-four (384) questionnaires which were distributed, thus the response rate was 73.7%. The Statistical Package for the Social Sciences (version 20) was used to analyze the data. Results showed that e-banking services in Zimbabwe are satisfactory as there was not a single attribute of banking where the majority of people showed dissatisfaction. However, there is a need for Zimbabwean banks to continue to educate citizens on how to use e-banking facilities effectively. Internet banking had the lowest levels of reported user satisfaction with the problem emanating from a lack of internet access by the majority of citizens. There was also no significant gap realized between bank sector managers’ perceptions of customers’ needs and wants and the actual needs of customers. A model for adoption of electronic banking in Zimbabwe has been developed by the researcher and is made up of five key factors which determine the adoption of electronic banking in Zimbabwe, these are: education, accessibility, ease of use, friendliness, and security. These key factors determine the success of electronic banking in Zimbabwe. If this model is adopted it can assist Zimbabwe banks in new products development, improving service quality and therefore establish sustainable competitive advantage

A Test Environment for Wireless Hacking in Domestic IoT Scenarios

Security is gaining importance in the daily life of every citizen. The advent of Internet of Things devices in our lives is changing our conception of being connected through a single device to a multiple connection in which the centre of connection is becoming the devices themselves. This conveys the attack vector for a potential attacker is exponentially increased. This paper presents how the concatenation of several attacks on communication protocols (WiFi, Bluetooth LE, GPS, 433 Mhz and NFC) can lead to undesired situations in a domestic environment. A comprehensive analysis of the protocols with the identification of their weaknesses is provided. Some relevant aspects of the whole attacking procedure have been presented to provide some relevant tips and countermeasures.This work has been partially supported by the Spanish Ministry of Science and Innovation through the SecureEDGE project (PID2019-110565RB-I00), and by the by the Andalusian FEDER 2014-2020 Program through the SAVE project (PY18-3724). // Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. // Funding for open access charge: Universidad de Málaga / CBU