62 research outputs found
SoniControl - A Mobile Ultrasonic Firewall
The exchange of data between mobile devices in the near-ultrasonic frequency
band is a new promising technology for near field communication (NFC) but also
raises a number of privacy concerns. We present the first ultrasonic firewall
that reliably detects ultrasonic communication and provides the user with
effective means to prevent hidden data exchange. This demonstration showcases a
new media-based communication technology ("data over audio") together with its
related privacy concerns. It enables users to (i) interactively test out and
experience ultrasonic information exchange and (ii) shows how to protect
oneself against unwanted tracking.Comment: To appear in proceedings of 2018 ACM Multimedia Conference October
22--26, 2018, Seoul, Republic of Kore
Algorithm Selection Framework for Cyber Attack Detection
The number of cyber threats against both wired and wireless computer systems
and other components of the Internet of Things continues to increase annually.
In this work, an algorithm selection framework is employed on the NSL-KDD data
set and a novel paradigm of machine learning taxonomy is presented. The
framework uses a combination of user input and meta-features to select the best
algorithm to detect cyber attacks on a network. Performance is compared between
a rule-of-thumb strategy and a meta-learning strategy. The framework removes
the conjecture of the common trial-and-error algorithm selection method. The
framework recommends five algorithms from the taxonomy. Both strategies
recommend a high-performing algorithm, though not the best performing. The work
demonstrates the close connectedness between algorithm selection and the
taxonomy for which it is premised.Comment: 6 pages, 7 figures, 1 table, accepted to WiseML '2
A Formal Analysis of 5G Authentication
Mobile communication networks connect much of the world's population. The
security of users' calls, SMSs, and mobile data depends on the guarantees
provided by the Authenticated Key Exchange protocols used. For the
next-generation network (5G), the 3GPP group has standardized the 5G AKA
protocol for this purpose. We provide the first comprehensive formal model of a
protocol from the AKA family: 5G AKA. We also extract precise requirements from
the 3GPP standards defining 5G and we identify missing security goals. Using
the security protocol verification tool Tamarin, we conduct a full, systematic,
security evaluation of the model with respect to the 5G security goals. Our
automated analysis identifies the minimal security assumptions required for
each security goal and we find that some critical security goals are not met,
except under additional assumptions missing from the standard. Finally, we make
explicit recommendations with provably secure fixes for the attacks and
weaknesses we found.Comment: Categories (ACM class 2012): Security and privacy - Formal methods
and theory of security -- Security requirements -- Formal security models --
Logic and verification; Network protocols - Protocol correctness -- Formal
specifications; Security and privacy - Network security -- Mobile and
wireless security - Security services -- Privacy-preserving protocol
Adding Salt to Pepper: A Structured Security Assessment over a Humanoid Robot
The rise of connectivity, digitalization, robotics, and artificial
intelligence (AI) is rapidly changing our society and shaping its future
development. During this technological and societal revolution, security has
been persistently neglected, yet a hacked robot can act as an insider threat in
organizations, industries, public spaces, and private homes. In this paper, we
perform a structured security assessment of Pepper, a commercial humanoid
robot. Our analysis, composed by an automated and a manual part, points out a
relevant number of security flaws that can be used to take over and command the
robot. Furthermore, we suggest how these issues could be fixed, thus, avoided
in the future. The very final aim of this work is to push the rise of the
security level of IoT products before they are sold on the public market.Comment: 8 pages, 3 figures, 4 table
Third Party Tracking in the Mobile Ecosystem
Third party tracking allows companies to identify users and track their
behaviour across multiple digital services. This paper presents an empirical
study of the prevalence of third-party trackers on 959,000 apps from the US and
UK Google Play stores. We find that most apps contain third party tracking, and
the distribution of trackers is long-tailed with several highly dominant
trackers accounting for a large portion of the coverage. The extent of tracking
also differs between categories of apps; in particular, news apps and apps
targeted at children appear to be amongst the worst in terms of the number of
third party trackers associated with them. Third party tracking is also
revealed to be a highly trans-national phenomenon, with many trackers operating
in jurisdictions outside the EU. Based on these findings, we draw out some
significant legal compliance challenges facing the tracking industry.Comment: Corrected missing company info (Linkedin owned by Microsoft). Figures
for Microsoft and Linkedin re-calculated and added to Table
Associate a user's goal: exhaustivity and specificity information retrieval using ontology
In information retrieval it is difficult to extract the accurate information to satisfy a user’s information need. Based on the goals, we categorise the searches into two groups: information search and navigational search, and proposed a method using ontology to extract the the specific or general context for the given query and perform the search using it. An IR system using the method can be more efficient as it performs the search associating to the user's particular goal
Improving Air Interface User Privacy in Mobile Telephony
Although the security properties of 3G and 4G mobile networks have
significantly improved by comparison with 2G (GSM), significant shortcomings
remain with respect to user privacy. A number of possible modifications to 2G,
3G and 4G protocols have been proposed designed to provide greater user
privacy; however, they all require significant modifications to existing
deployed infrastructures, which are almost certainly impractical to achieve in
practice. In this article we propose an approach which does not require any
changes to the existing deployed network infrastructures or mobile devices, but
offers improved user identity protection over the air interface. The proposed
scheme makes use of multiple IMSIs for an individual USIM to offer a degree of
pseudonymity for a user. The only changes required are to the operation of the
authentication centre in the home network and to the USIM, and the scheme could
be deployed immediately since it is completely transparent to the existing
mobile telephony infrastructure. We present two different approaches to the use
and management of multiple IMSIs
BAN-GZKP: Optimal Zero Knowledge Proof based Scheme for Wireless Body Area Networks
BANZKP is the best to date Zero Knowledge Proof (ZKP) based secure
lightweight and energy efficient authentication scheme designed for Wireless
Area Network (WBAN). It is vulnerable to several security attacks such as the
replay attack, Distributed Denial-of-Service (DDoS) attacks at sink and
redundancy information crack. However, BANZKP needs an end-to-end
authentication which is not compliant with the human body postural mobility. We
propose a new scheme BAN-GZKP. Our scheme improves both the security and
postural mobility resilience of BANZKP. Moreover, BAN-GZKP uses only a
three-phase authentication which is optimal in the class of ZKP protocols. To
fix the security vulnerabilities of BANZKP, BAN-GZKP uses a novel random key
allocation and a Hop-by-Hop authentication definition. We further prove the
reliability of our scheme to various attacks including those to which BANZKP is
vulnerable. Furthermore, via extensive simulations we prove that our scheme,
BAN-GZKP, outperforms BANZKP in terms of reliability to human body postural
mobility for various network parameters (end-to-end delay, number of packets
exchanged in the network, number of transmissions). We compared both schemes
using representative convergecast strategies with various transmission rates
and human postural mobility. Finally, it is important to mention that BAN-GZKP
has no additional cost compared to BANZKP in terms memory, computational
complexity or energy consumption
- …