Perils of Zero-Interaction Security in the Internet of Things

The Internet of Things (IoT) demands authentication systems which can provide both security and usability. Recent research utilizes the rich sensing capabilities of smart devices to build security schemes operating without human interaction, such as zero-interaction pairing (ZIP) and zero-interaction authentication (ZIA). Prior work proposed a number of ZIP and ZIA schemes and reported promising results. However, those schemes were often evaluated under conditions which do not reflect realistic IoT scenarios. In addition, drawing any comparison among the existing schemes is impossible due to the lack of a common public dataset and unavailability of scheme implementations. In this paper, we address these challenges by conducting the first large-scale comparative study of ZIP and ZIA schemes, carried out under realistic conditions. We collect and release the most comprehensive dataset in the domain to date, containing over 4250 hours of audio recordings and 1 billion sensor readings from three different scenarios, and evaluate five state-of-the-art schemes based on these data. Our study reveals that the effectiveness of the existing proposals is highly dependent on the scenario they are used in. In particular, we show that these schemes are subject to error rates between 0.6% and 52.8%

Internet Predictions

More than a dozen leading experts give their opinions on where the Internet is headed and where it will be in the next decade in terms of technology, policy, and applications. They cover topics ranging from the Internet of Things to climate change to the digital storage of the future. A summary of the articles is available in the Web extras section

SAFER: Development and Evaluation of an IoT Device Risk Assessment Framework in a Multinational Organization

Users of Internet of Things (IoT) devices are often unaware of their security risks and cannot sufficiently factor security considerations into their device selection. This puts networks, infrastructure and users at risk. We developed and evaluated SAFER, an IoT device risk assessment framework designed to improve users' ability to assess the security of connected devices. We deployed SAFER in a large multinational organization that permits use of private devices. To evaluate the framework, we conducted a mixed-method study with 20 employees. Our findings suggest that SAFER increases users' awareness of security issues. It provides valuable advice and impacts device selection. Based on our findings, we discuss implications for the design of device risk assessment tools, with particular regard to the relationship between risk communication and user perceptions of device complexity

“The feeling of fear was not from my student, but from myself”: A pre-service teacher’s shift from traditional to problem-posing second language pedagogy in a Mexican youth prison

This era of globalization, capitalism, and economic progress has given rise to mass incarceration, as a considerable number of youths in developing and developed countries live behind bars in detention facilities without appropriate educational support. Educators in these facilities deposit knowledge, through traditional pedagogical approaches, under systemic oppression and surveillance deemed necessary for safety and security. This study investigated implementations of Freire’s (2000) problem-posing pedagogy using a participatory action research (PAR) approach through the lens of critical theory. Two of the co-authors helped develop a Freirean language teaching program in an urban youth prison in Mexico, centering student teachers’ critical self-awareness by providing them with opportunities to reflect on their identity, life experiences, and reality while teaching in prison. Through critical, autoethnographic self-reflections of a bilingual teacher candidate on her teaching practices, this study provides insights into how the teacher was impacted by the problem-posing pedagogy and how it was reflected in her transformation to a critical, loving teacher and student progress. This research embraces a humanistic approach to teaching incarcerated youth in Mexico through care and courage by supporting them as students, as well as by empowering their voices and thoughts. Building a learning community, where students and teachers create respectful human connections through dialogue and discussions on language, culture, and lived experiences, is portrayed in this research as essential

The Mobile Generation: Global Transformations at the Cellular Level

Every year we see a new dimension of the ongoing Digital Revolution, which is enabling an abundance of information to move faster, cheaper, in more intelligible forms, in more directions, and across borders of every kind. The exciting new dimension on which the Aspen Institute focused its 2006 Roundtable on Information Technology was mobility, which is making the Digital Revolution ubiquitous. As of this writing, there are over two billion wireless subscribers worldwide and that number is growing rapidly. People are constantly innovating in the use of mobile technologies to allow them to be more interconnected. Almost a half century ago, Ralph Lee Smith conjured up "The Wired Nation," foretelling a world of interactive communication to and from the home that seems commonplace in developed countries today. Now we have a "Wireless World" of communications potentially connecting two billion people to each other with interactive personal communications devices. Widespead adoption of wireless handsets, the increasing use of wireless internet, and the new, on-the-go content that characterizes the new generation of users are changing behaviors in social, political and economic spheres. The devices are easy to use, pervasive and personal. The affordable cell phone has the potential to break down the barriers of poverty and accessibility previously posed by other communications devices. An entire generation that is dependant on ubiquitous mobile technologies is changing the way it works, plays and thinks. Businesses, governments, educational institutions, religious and other organizations in turn are adapting to reach out to this mobile generation via wireless technologies -- from SMS-enabled vending machines in Finland to tech-savvy priests in India willing to conduct prayers transmitted via cell phones. Cellular devices are providing developing economies with opportunities unlike any others previously available. By opening the lines of communication, previously disenfranchised groups can have access to information relating to markets, economic opportunities, jobs, and weather to name just a few. When poor village farmers from Bangladesh can auction their crops on a craigslist-type service over the mobile phone, or government officials gain instantaneous information on contagious diseases via text message, the miracles of mobile connectivity move us from luxury to necessity. And we are only in the early stages of what the mobile electronic communications will mean for mankind. We are now "The Mobile Generation." Aspen Institute Roundtable on Information Technology. To explore the implications of these phenomena, the Aspen Institute Communications and Society Program convened 27 leaders from business, academia, government and the non-profit sector to engage in three days of dialogue on related topics. Some are experts in information and communications technologies, others are leaders in the broader society affected by these innovations. Together, they examined the profound changes ahead as a result of the convergence of wireless technologies and the Internet. In the following report of the Roundtable meeting held August 1-4, 2006, J. D. Lasica, author of Darknet and co-founder of Ourmedia.org, deftly sets up, contextualizes, and captures the dialogue on the impact of the new mobility on economic models for businesses and governments, social services, economic development, and personal identity

Bowtie models as preventive models in maritime safety

Aquest treball ha sorgit d’una proposta del Dr. Rodrigo de Larrucea que ha acabat de publicar un llibre ambiciós sobre Seguretat Marítima. Com ell mateix diu, el tema “excedeix amb molt les potencialitats de l’autor”, així que en el meu cas això és més cert. Es pot aspirar, però, a fer una modesta contribució a l’estudi i difusió de la seguretat de la cultura marítima, que només apareix a les notícies quan tenen lloc desastres molt puntuals. En qualsevol cas, el professor em va proposar que em centrés en els Bowtie Models, models en corbatí, que integren l’arbre de causes y el de conseqüències (en anglès el Fault Tree Analysis, FTA, i l’Event Tree Analysis, ETA). Certament, existeixen altres metodologies i aproximacions (i en el seu llibre en presenta vàries, resumides), però per la seva senzillesa conceptual i possibilitat de generalització i integració dels resultats era una bona aposta. Així, després d’una fase de meditació i recopilació de informació, em vaig decidir a presentar un model en corbatí molt general on caben les principals causes d’accidents (factores ambientals, error humà i fallada mecànica), comptant també que pot existir una combinació de causes. De tota manera, a l’hora d’explotar aquest model existeix la gran dificultat de donar una probabilitat de ocurrència, un nombre entre 0 i 1, a cada branca. Normalment les probabilitats d’ocurrència són petites i degut a això difícils d’estimar. Cada accident és diferent, de grans catàstrofes n’hi ha poques, i cada accident ja és estudiat de manera exhaustiva (més exhaustiva quan més greu és). Un altre factor que dificulta l’estima de la probabilitat de fallada és l’evolució constant del món marítim, tant des del punt de vista tècnic, de formació, legal i fins i tot generacional doncs cada generació de marins és diferent. Els esforços estan doncs enfocats a augmentar la seguretat, encara que sempre amb un ull posat sobre els costs. Així, he presentat un model en corbatí pel seu valor didàctic i gràfic però sense entrar en detalls numèrics, que si s’escau ja aniré afinant i interioritzant en l’exercici de la professió. En aquest treball també he intentat no mantenir-me totalment al costat de la teoria (ja se sap que si tot es fa bé, tot surt perfecte, etc…) sinó presentar amb cert detall 2 casos ben coneguts d’accidents marítims: el petroler Exxon Valdez, el 1989 i el ferry Estonia en 1994, entre altres esmentats. Són casos ja una mica vells però que van contribuir a augmentar la cultura de la seguretat, fins a arribar al nivell del que gaudim actualment, al menys als països occidentals. Doncs la seguretat, com esmenta Rodrigo de Larrucea “és una actitud i mai és fortuïta; sempre és el resultat d’una voluntat decidida, un esforç sincer, una direcció intel·ligent i una execució acurada. Sens lloc a dubtes, sempre suposa la millor alternativa”. The work has been inspired in its initial aspects by the book of my tutor Jaime Rodrigo de Larrucea, that presents a state of the art of all the maritime aspects related to safety. Evidently, since it covers all the topics, it cannot deepen on every topic. It was my opportunity to deepen in the Bowtie Model but finally I have also covered a wide variety of topics. Later, when I began to study the topics, I realized that the people in the maritime world usually do not understand to a great extent statistics. Everybody is concerned about safety but few nautical students take a probabilistic approach to the accidents. For this it is extremely important to study the population that is going to be studied: in our case the SOLAS ships Also, during my time at Riga, I have been very concerned with the most diverse accidents, some of them studied during the courses at Barcelona. I have seen that it is difficult to model mathematically the accidents, since each one has different characteristics, angles, and surely there are not 2 equal. Finally, it was accorded that I should concentrate on the Bowtie Model, which is not very complex from a statistical point of view. It is simply a fault tree of events model and a tree of effects. I present some examples in this Chapter 2. The difficulty I point out is to try to estimate the probabilities of occurrence of events that are unusual. We concentrated at major accidents, those that may cause victims or heavy losses. Then, for the sake of generality, at Chapter 4, I have divided the causes in 4 great classes: Natural hazards, human factor, mechanical failure and attacks (piracy and terrorism). The last concern maybe should not be included beside the others since terrorism and piracy acts are not accidents, but since there is an important code dedicated to prevent security threats, ISPS, it is example of design of barriers to prevent an undesired event (although it gives mainly guidelines to follow by the States, Port Terminals and Shipping Companies). I have presented a detailed study of the tragedy of the Estonia, showing how a mechanical failure triggered the failure of the ferry, by its nature a delicate ship, but there were other factors such as poor maintenance and heavy seas. At the next Chapter, certain characteristics of error chains are analyzed. Finally, the conclusions are drawn, offering a pretty optimistic view of the safety (and security) culture at the Western World but that may not easily permeate the entire World, due to the associated costs