133,536 research outputs found
IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT
With the rapid growth of the Internet-of-Things (IoT), concerns about the
security of IoT devices have become prominent. Several vendors are producing
IP-connected devices for home and small office networks that often suffer from
flawed security designs and implementations. They also tend to lack mechanisms
for firmware updates or patches that can help eliminate security
vulnerabilities. Securing networks where the presence of such vulnerable
devices is given, requires a brownfield approach: applying necessary protection
measures within the network so that potentially vulnerable devices can coexist
without endangering the security of other devices in the same network. In this
paper, we present IOT SENTINEL, a system capable of automatically identifying
the types of devices being connected to an IoT network and enabling enforcement
of rules for constraining the communications of vulnerable devices so as to
minimize damage resulting from their compromise. We show that IOT SENTINEL is
effective in identifying device types and has minimal performance overhead
BitTorrent Sync: Network Investigation Methodology
The volume of personal information and data most Internet users find
themselves amassing is ever increasing and the fast pace of the modern world
results in most requiring instant access to their files. Millions of these
users turn to cloud based file synchronisation services, such as Dropbox,
Microsoft Skydrive, Apple iCloud and Google Drive, to enable "always-on" access
to their most up-to-date data from any computer or mobile device with an
Internet connection. The prevalence of recent articles covering various
invasion of privacy issues and data protection breaches in the media has caused
many to review their online security practices with their personal information.
To provide an alternative to cloud based file backup and synchronisation,
BitTorrent Inc. released an alternative cloudless file backup and
synchronisation service, named BitTorrent Sync to alpha testers in April 2013.
BitTorrent Sync's popularity rose dramatically throughout 2013, reaching over
two million active users by the end of the year. This paper outlines a number
of scenarios where the network investigation of the service may prove
invaluable as part of a digital forensic investigation. An investigation
methodology is proposed outlining the required steps involved in retrieving
digital evidence from the network and the results from a proof of concept
investigation are presented.Comment: 9th International Conference on Availability, Reliability and
Security (ARES 2014
The Critical Challenges from International High-Tech and Computer-Related Crime at the Millennium
The automotive industry stands in front of a great challenge, to decrease its impact on the environment. One important part in succeeding with this is to decrease the structural weight of the body structure and by that the fuel consumption or the required battery power. Carbon fibre composites are by many seen as the only real option when traditional engineering materials are running out of potential for further weight reduction. However, the automotive industry lacks experience working with structural composites and the methods for high volume composite manufacturing are immature. The development of a composite automotive body structure, therefore, needs methods to support and guide the conceptual work to improve the financial and technical results. In this thesis a framework is presented which will provide guidelines for the conceptual phase of the development of an automotive body structure. The framework follows two main paths, one to strive for the ideal material diversity, which also defines an initial partition of the body structure based on the process and material selection. Secondly, a further analysis of the structures are made to evaluate if a more cost and weight efficient solution can be found by a more differential design and by that define the ideal part size. In the case and parameter studies performed, different carbon fibre composite material systems and processes are compared and evaluated. The results show that high performance material system with continuous fibres becomes both more cost and performance effective compared to industrialised discontinuous fibre composites. But also that cycle times, sometimes, are less important than a competitive feedstock cost for a manufacturing process. When further analysing the manufacturing design of the structures it is seen that further partition(s) can become cost effective if the size and complexity is large enough. Â Â Â QC 20140527</p
I Know Why You Went to the Clinic: Risks and Realization of HTTPS Traffic Analysis
Revelations of large scale electronic surveillance and data mining by
governments and corporations have fueled increased adoption of HTTPS. We
present a traffic analysis attack against over 6000 webpages spanning the HTTPS
deployments of 10 widely used, industry-leading websites in areas such as
healthcare, finance, legal services and streaming video. Our attack identifies
individual pages in the same website with 89% accuracy, exposing personal
details including medical conditions, financial and legal affairs and sexual
orientation. We examine evaluation methodology and reveal accuracy variations
as large as 18% caused by assumptions affecting caching and cookies. We present
a novel defense reducing attack accuracy to 27% with a 9% traffic increase, and
demonstrate significantly increased effectiveness of prior defenses in our
evaluation context, inclusive of enabled caching, user-specific cookies and
pages within the same website
- …