Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

Impact of rapeseed press-cake on Maillard reaction in a cookie model system

Rapeseed press-cake (RPC) is a byproduct of rapeseed oil production, rich in proteins and fiber. The aim of this study was to investigate the impact of cold pressed RPC, RPC fiber isolate and RPC alkaline extract on the formation of acrylamide and 5-hydroxymethylfufural (HMF) in cookies. Both compounds were influenced by the ingredients: the addition of RPC led to a significant dose-dependent increase of HMF in the cookies and to an increase of acrylamide up to 66.9%. On the contrary, acrylamide concentration was reduced down to 39.6% in presence of the alkaline extract and down to 4.4% in the presence of the fiber extract. The Michael addition of free amino acids to acrylamide was further investigated by high-resolution mass spectrometry (HRMS) revealing that cysteine was the preferred nucleophile for acrylamide elimination

Online advertising: analysis of privacy threats and protection approaches

Online advertising, the pillar of the “free” content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.Peer ReviewedPostprint (author's final draft

You never surf alone. Ubiquitous tracking of users' browsing habits

In the early age of the internet users enjoyed a large level of anonymity. At the time web pages were just hypertext documents; almost no personalisation of the user experience was o ered. The Web today has evolved as a world wide distributed system following specific architectural paradigms. On the web now, an enormous quantity of user generated data is shared and consumed by a network of applications and services, reasoning upon users expressed preferences and their social and physical connections. Advertising networks follow users' browsing habits while they surf the web, continuously collecting their traces and surfing patterns. We analyse how users tracking happens on the web by measuring their online footprint and estimating how quickly advertising networks are able to pro le users by their browsing habits

Invisible Pixels Are Dead, Long Live Invisible Pixels!

Privacy has deteriorated in the world wide web ever since the 1990s. The tracking of browsing habits by different third-parties has been at the center of this deterioration. Web cookies and so-called web beacons have been the classical ways to implement third-party tracking. Due to the introduction of more sophisticated technical tracking solutions and other fundamental transformations, the use of classical image-based web beacons might be expected to have lost their appeal. According to a sample of over thirty thousand images collected from popular websites, this paper shows that such an assumption is a fallacy: classical 1 x 1 images are still commonly used for third-party tracking in the contemporary world wide web. While it seems that ad-blockers are unable to fully block these classical image-based tracking beacons, the paper further demonstrates that even limited information can be used to accurately classify the third-party 1 x 1 images from other images. An average classification accuracy of 0.956 is reached in the empirical experiment. With these results the paper contributes to the ongoing attempts to better understand the lack of privacy in the world wide web, and the means by which the situation might be eventually improved.Comment: Forthcoming in the 17th Workshop on Privacy in the Electronic Society (WPES 2018), Toronto, AC

Law and Policy in the Age of the Internet

Technological knowledge is of many different kinds, from experience-based know-how in the crafts to science-based knowledge in modern engineering. It is inherently oriented towards being useful in technological activities, such as manufacturing and engineering design. The purpose of this thesis is to highlight special characteristics of technological knowledge and how these affect how technology should be taught in school. It consists of an introduction, a summary in Swedish, and five papers: Paper I is about rules of thumb, which are simple instructions, used to guide actions toward a specific result, without need of advanced knowledge. One off the major advantages of rules of thumb is the ease with which they can be learnt. One of their major disadvantages is that they cannot easily be adjusted to new situations or conditions. Paper II describes how Gilbert Ryle's distinction between knowing how and knowing that is applicable in the technological domain. Knowing how and knowing that are commonly used together, but there are important differences between them which motivate why they should be regarded as different types: they are learnt in different ways, justified in different ways, and knowing that is susceptible to Gettier type problems which technological knowing how is not. Paper III is based on a survey about how Swedish technology teachers understand the concept of technological knowledge. Their opinions show an extensive variation, and they have no common terminology for describing the knowledge. Paper IV deals with non-scientific models that are commonly used by engineers, based on for example folk theories or obsolete science. These should be included in technology education if it is to resemble real technology. Different, and partly contradictory, epistemological frameworks must be used in different school subjects. This leads to major pedagogical challenges, but also to opportunities to clarify the differences between technology and the natural sciences and between models and reality. Paper V is about explanation, prediction, and the use of models in technology education. Explanations and models in technology differ from those in the natural sciences in that they have to include users' actions and intentions.QC 20140512</p