9,051 research outputs found
SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices
The simplicity of deployment and perpetual operation of energy harvesting
devices provides a compelling proposition for a new class of edge devices for
the Internet of Things. In particular, Computational Radio Frequency
Identification (CRFID) devices are an emerging class of battery-free,
computational, sensing enhanced devices that harvest all of their energy for
operation. Despite wireless connectivity and powering, secure wireless firmware
updates remains an open challenge for CRFID devices due to: intermittent
powering, limited computational capabilities, and the absence of a supervisory
operating system. We present, for the first time, a secure wireless code
dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic
hardware security primitive Static Random Access Memory Physical Unclonable
Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i)
overcomes the resource-constrained and intermittently powered nature of the
CRFID devices; ii) is fully compatible with existing communication protocols
employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is
built upon a standard and industry compliant firmware compilation and update
method realized by extending a recent framework for firmware updates provided
by Texas Instruments. We build an end-to-end SecuCode implementation and
conduct extensive experiments to demonstrate standards compliance, evaluate
performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin
Herding Vulnerable Cats: A Statistical Approach to Disentangle Joint Responsibility for Web Security in Shared Hosting
Hosting providers play a key role in fighting web compromise, but their
ability to prevent abuse is constrained by the security practices of their own
customers. {\em Shared} hosting, offers a unique perspective since customers
operate under restricted privileges and providers retain more control over
configurations. We present the first empirical analysis of the distribution of
web security features and software patching practices in shared hosting
providers, the influence of providers on these security practices, and their
impact on web compromise rates. We construct provider-level features on the
global market for shared hosting -- containing 1,259 providers -- by gathering
indicators from 442,684 domains. Exploratory factor analysis of 15 indicators
identifies four main latent factors that capture security efforts: content
security, webmaster security, web infrastructure security and web application
security. We confirm, via a fixed-effect regression model, that providers exert
significant influence over the latter two factors, which are both related to
the software stack in their hosting environment. Finally, by means of GLM
regression analysis of these factors on phishing and malware abuse, we show
that the four security and software patching factors explain between 10\% and
19\% of the variance in abuse at providers, after controlling for size. For
web-application security for instance, we found that when a provider moves from
the bottom 10\% to the best-performing 10\%, it would experience 4 times fewer
phishing incidents. We show that providers have influence over patch
levels--even higher in the stack, where CMSes can run as client-side
software--and that this influence is tied to a substantial reduction in abuse
levels
The STRS (shortness of breath, tremulousness, racing heart, and sweating): A brief checklist for acute distress with panic-like autonomic indicators; development and factor structure
Background: Peritraumatic response, as currently assessed by Posttraumatic Stress Disorder (PTSD) diagnostic criterion A2, has weak positive predictive value (PPV) with respect to PTSD diagnosis. Research suggests that indicators of peritraumatic autonomic activation may supplement the PPV of PTSD criterion A2. We describe the development and factor structure of the STRS (Shortness of Breath, Tremulousness, Racing Heart, and Sweating), a one page, two-minute checklist with a five-point Likert-type response format based on a previously unpublished scale. It is the first validated self-report measure of peritraumatic activation of the autonomic nervous system.\ud
\ud
Methods: We selected items from the Potential Stressful Events Interview (PSEI) to represent two latent variables: 1) PTSD diagnostic criterion A, and 2) acute autonomic activation. Participants (a convenience sample of 162 non-treatment seeking young adults) rated the most distressing incident of their lives on these items. We examined the factor structure of the STRS in this sample using factor and cluster analysis.\ud
\ud
Results: Results confirmed a two-factor model. The factors together accounted for 68% of the variance. The variance in each item accounted for by the two factors together ranged from 41% to 74%. The item loadings on the two factors mapped precisely onto the two proposed latent variables.\ud
\ud
Conclusion: The factor structure of the STRS is robust and interpretable. Autonomic activation signs tapped by the STRS constitute a dimension of the acute autonomic activation in response to stress that is distinct from the current PTSD criterion A2. Since the PTSD diagnostic criteria are likely to change in the DSM-V, further research is warranted to determine whether signs of peritraumatic autonomic activation such as those measured by this two-minute scale add to the positive predictive power of the current PTSD criterion A2. Additionally, future research is warranted to explore whether the four automatic activation items of the STRS can be useful as the basis for a possible PTSD criterion A3 in the DSM-V
Demonstration of Cyberattacks and Mitigation of Vulnerabilities in a Webserver Interface for a Cybersecure Power Router
Cyberattacks are a threat to critical infrastructure, which must be secured against them to ensure continued operation. A defense-in-depth approach is necessary to secure all layers of a smart-grid system and contain the impact of any exploited vulnerabilities. In this undergraduate thesis a webserver interface for smart-grid devices communicating over Modbus TCP was developed and exposed to SQL Injection attacks and Cross-Site Scripting attacks. Analysis was performed on Supply-Chain attacks and a mitigation developed for attacks stemming from compromised Content Delivery Networks. All attempted attacks were unable to exploit vulnerabilities in the webserver due to its use of input sanitization and access controls
A Novel Method for Decentralised Peer-to-peer Software License Validation Using Cryptocurrency Blockchain Technology
Protecting software copyright has been an issue since the late 1970’s, and software license validation has been a primary method employed in an attempt to minimise software piracy and protect software copyright. This paper presents a novel method for decentralised peer-to-peer software license validation using cryptocurrency blockchain technology to ameliorate software piracy, and to provide a mechanism for all software developers to protect their copyrighted works
Integrated Framework For Secure Distributed Management Of Duplicated Ipv6 Address Detection
Alamat bernegara auto-konfigurasi adalah ciri utama protokol IPv6, yang membolehkan tuan rumah untuk mengkonfigurasi alamat IP secara automatik tanpa perlu apa-apa perkhidmatan tambahan seperti; DHCPv6
Stateless address auto-configuration is the primary feature of IPv6 protocol, which allows hosts to configure IP addresses automatically without the need of any additional services such as; DHCPv
- …