The Dark Side(-Channel) of Mobile Devices: A Survey on Network Traffic Analysis

In recent years, mobile devices (e.g., smartphones and tablets) have met an increasing commercial success and have become a fundamental element of the everyday life for billions of people all around the world. Mobile devices are used not only for traditional communication activities (e.g., voice calls and messages) but also for more advanced tasks made possible by an enormous amount of multi-purpose applications (e.g., finance, gaming, and shopping). As a result, those devices generate a significant network traffic (a consistent part of the overall Internet traffic). For this reason, the research community has been investigating security and privacy issues that are related to the network traffic generated by mobile devices, which could be analyzed to obtain information useful for a variety of goals (ranging from device security and network optimization, to fine-grained user profiling). In this paper, we review the works that contributed to the state of the art of network traffic analysis targeting mobile devices. In particular, we present a systematic classification of the works in the literature according to three criteria: (i) the goal of the analysis; (ii) the point where the network traffic is captured; and (iii) the targeted mobile platforms. In this survey, we consider points of capturing such as Wi-Fi Access Points, software simulation, and inside real mobile devices or emulators. For the surveyed works, we review and compare analysis techniques, validation methods, and achieved results. We also discuss possible countermeasures, challenges and possible directions for future research on mobile traffic analysis and other emerging domains (e.g., Internet of Things). We believe our survey will be a reference work for researchers and practitioners in this research field.Comment: 55 page

Fraud investigation in the extravirgin olive oil supply chain : Identification of vulnerable points and development of novel fraud detection methods

With the globalisation of the food supply system, food fraud can have international impacts, sometimes with far-reaching and lethal consequences. Extra virgin olive oil (EVOO) is considered one of the most frequently reported commodities, suffering from fraud. Knowledge about risk factors and precise laboratory and broad on-site screening methods will help to combat fraud in the EVOO supply chain network. The main objectives of this thesis are to develop strategies to combat fraud in the EVOO supply chains through knowledge about weak spots and underlying risk factors and the development of novel detection methods. To achieve these goals, firstly, the EVOO supply chain was assessed for their vulnerability using the SSAFE food fraud vulnerability assessment tool. These assessments indicate that the EVOO supply chain is fairly vulnerable. B2B companies and retailers in the EVOO supply chain are more vulnerable to fraud than olive oil producers and food manufacturers due to the additional vulnerability related to opportunities in time and place and a lack of control measures. Fraud vulnerability across the EVOO supply chain was not only determined by the place of the actor in the chain (node), but also by the scale and location of the companies. Four novel methods were developed in this thesis for EVOO authentication. Monochloropropanediol (MCPD) esters and glycidyl esters (GEs) analysis by gas chromatography-tandem mass spectrometry (GC-MS/MS) was applied to defect EVOO adulteration with lower grade oils. The limit of fraud detection of lower grade olive oils in EVOO was 2% when using 3-MCPD esters, 5% for 2-MCPD esters and 13–14% for GEs. These results imply that the method is fairly useful for confirmatory analysis. However, 3-MCPD analysis by GC-MS/MS is currently a tedious and time-consuming method, it is not recommended to use this method to analyse a large number of suspect samples when a quick response is required. In addition, three rapid and non-destructive techniques were developed. The volatile organic compounds (VOCs) fingerprint analysis by proton transfer reaction-quadrupole ion guide time of flight-mass spectrometry in combination with multivariate statistics proved to be a promising screening methodology for the distinction of EVOO from its lower grade counterparts, as well as from other vegetable oils that are potential adulterants. In the one class classification evaluation, the k-nearest neighbours model presented the best results, which showed that more than 95% of oil samples were correctly predicted. For this most successful model, formic acid, dimethyl sulphide and hexenal are key compounds for the distinction of EVOO from the other oils. Except for the VOCs analysis, the spectral analysis by handheld near infrared spectroscopy combined with multivariate statistics also proved to be good methodology to discriminate EVOO from its lower grade counterparts. The EVOO samples were 100% correctly identified. Pomace olive oil (POO) was efficiently discriminated from EVOO, but 7% of the refined olive oil samples were predicted incorrectly. Furthermore, it was found that the relevant spectral information for the distinction of the oils strongly correlated with the degree of unsaturation of the oils as well as their levels of chlorophylls, carotenoids and moisture. In addition, a newly developed ultrasonic pulse echo system appeared to be a rapid and non-destructive method for the characterisation of vegetable oils. The ultrasonic velocity of EVOO differed significantly from those of POO and the oils of other botanical origin, but not from the velocity of refined olive oil. Furthermore, it was found that the underlying reason for the ultrasonic velocity differences between oils was the variation of the density and viscosity of the oils.  In conclusion, this study shows that the intermediaries between producers and consumers are more vulnerable to fraud due to the opportunities to commit fraud, as well as the greatest lack of adequate food fraud control measures. The results of this thesis also show that the newly developed methods cannot easily to be circumvented by fraudsters and they can be effectively applied for the distinction of EVOO from its lower grade counterparts and some vegetable oils. The insights in the weak spots in the EVOO supply chain network in combination with the newly developed fraud methods add to and reinforce the strategies to combat fraud in the EVOO supply chain. This all will help to ensure that consumers get what they are paying for and to fight unfair competition

A survey on security analysis of machine learning-oriented hardware and software intellectual property

Intellectual Property (IP) includes ideas, innovations, methodologies, works of authorship (viz., literary and artistic works), emblems, brands, images, etc. This property is intangible since it is pertinent to the human intellect. Therefore, IP entities are indisputably vulnerable to infringements and modifications without the owner’s consent. IP protection regulations have been deployed and are still in practice, including patents, copyrights, contracts, trademarks, trade secrets, etc., to address these challenges. Unfortunately, these protections are insufficient to keep IP entities from being changed or stolen without permission. As for this, some IPs require hardware IP protection mechanisms, and others require software IP protection techniques. To secure these IPs, researchers have explored the domain of Intellectual Property Protection (IPP) using different approaches. In this paper, we discuss the existing IP rights and concurrent breakthroughs in the field of IPP research; provide discussions on hardware IP and software IP attacks and defense techniques; summarize different applications of IP protection; and lastly, identify the challenges and future research prospects in hardware and software IP security

From Understanding Telephone Scams to Implementing Authenticated Caller ID Transmission

abstract: The telephone network is used by almost every person in the modern world. With the rise of Internet access to the PSTN, the telephone network today is rife with telephone spam and scams. Spam calls are significant annoyances for telephone users, unlike email spam, spam calls demand immediate attention. They are not only significant annoyances but also result in significant financial losses in the economy. According to complaint data from the FTC, complaints on illegal calls have made record numbers in recent years. Americans lose billions to fraud due to malicious telephone communication, despite various efforts to subdue telephone spam, scam, and robocalls. In this dissertation, a study of what causes the users to fall victim to telephone scams is presented, and it demonstrates that impersonation is at the heart of the problem. Most solutions today primarily rely on gathering offending caller IDs, however, they do not work effectively when the caller ID has been spoofed. Due to a lack of authentication in the PSTN caller ID transmission scheme, fraudsters can manipulate the caller ID to impersonate a trusted entity and further a variety of scams. To provide a solution to this fundamental problem, a novel architecture and method to authenticate the transmission of the caller ID is proposed. The solution enables the possibility of a security indicator which can provide an early warning to help users stay vigilant against telephone impersonation scams, as well as provide a foundation for existing and future defenses to stop unwanted telephone communication based on the caller ID information.Dissertation/ThesisDoctoral Dissertation Computer Science 201

Efficient Radiometric Signature Methods for Cognitive Radio Devices

This thesis presents the first comprehensive study and new methods for radiometric fingerprinting of the Cognitive Radio (CR) devices. The scope of the currently available radio identification techniques is limited to a single radio adjustment. Yet, the variable nature of the CR with multiple levels of parameters and adjustments renders the radiometric fingerprinting much more complex. We introduce a new method for radiometric fingerprinting that detects the unique variations in the hardware of the reconfigurable radio by passively monitoring the radio packets. Several individual identifiers are used for extracting the unique physical characteristics of the radio, including the frequency offset, modulated phase offset, in-phase/quadrature-phase offset from the origin, and magnitude. Our method provides stable and robust identification by developing individual identifiers (classifiers) that may each be weak (i.e., incurring a high prediction error) but their committee can provide a strong classification technique. Weighted voting method is used for combining the classifiers. Our hardware implementation and experimental evaluations over multiple radios demonstrate that our weighted voting approach can identify the radios with an average of 97.7% detection probability and an average of 2.3% probability of false alarm after testing only 5 frames. The probability of detection and probability of false alarms both rapidly improve by increasing the number of test frames

Ion Mobility Spectrometry in Food Analysis: Principles, Current Applications and Future Trends

In the last decade, ion mobility spectrometry (IMS) has reemerged as an analytical separation technique, especially due to the commercialization of ion mobility mass spectrometers. Its applicability has been extended beyond classical applications such as the determination of chemical warfare agents and nowadays it is widely used for the characterization of biomolecules (e.g., proteins, glycans, lipids, etc.) and, more recently, of small molecules (e.g., metabolites, xenobiotics, etc.). Following this trend, the interest in this technique is growing among researchers from different fields including food science. Several advantages are attributed to IMS when integrated in traditional liquid chromatography (LC) and gas chromatography (GC) mass spectrometry (MS) workflows: (1) it improves method selectivity by providing an additional separation dimension that allows the separation of isobaric and isomeric compounds; (2) it increases method sensitivity by isolating the compounds of interest from background noise; (3) and it provides complementary information to mass spectra and retention time, the so-called collision cross section (CCS), so compounds can be identified with more confidence, either in targeted or non-targeted approaches. In this context, the number of applications focused on food analysis has increased exponentially in the last few years. This review provides an overview of the current status of IMS technology and its applicability in different areas of food analysis (i.e., food composition, process control, authentication, adulteration and safety).M.H.-M. was granted a postdoctoral fellowship (University Research Plan, Program “Perfeccionamiento de doctores en el extranjero 2017”) by the University of Granada (Spain)

Distributed-Proof-of-Sense: Blockchain Consensus Mechanisms for Detecting Spectrum Access Violations of the Radio Spectrum

The exponential growth in connected devices with Internet-of-Things (IoT) and next-generation wireless networks requires more advanced and dynamic spectrum access mechanisms. Blockchain-based approaches to Dynamic Spectrum Access (DSA) seem efficient and robust due to their inherited characteristics such as decentralization, immutability and transparency. However, conventional consensus mechanisms used in blockchain networks are expensive to be used due to the cost, processing and energy constraints. Moreover, addressing spectrum violations (i.e., unauthorized access to the spectrum) is not well-discussed in most blockchain-based DSA systems in the literature. In this work, we propose a newly tailored energyefficient consensus mechanism called “Distributed-Proof-of-Sense (DPoS)” that is specially designed to enable DSA and detect spectrum violations. The proposed consensus algorithm motivates blockchain miners to perform spectrum sensing, which leads to the collection of a full spectrum of sensing data. An elliptic curve cryptography-based zero-knowledge proof is used as the core of the proposed mechanism. We use MATLAB simulations to analyze the performance of the consensus mechanism and implement several consensus algorithms in a microprocessor to highlight the benefits of adopting the proposed system