The Montclarion, April 05, 2012

Student Newspaper of Montclair State Universityhttps://digitalcommons.montclair.edu/montclarion/1978/thumbnail.jp

The Montclarion, April 05, 2012

Student Newspaper of Montclair State Universityhttps://digitalcommons.montclair.edu/montclarion/1955/thumbnail.jp

Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio

Critically engaging engineering in place by localizing counternarratives in engineering design

In this manuscript, we use the construct of critical epistemologies of place to frame our exploration of how to support engineering design among youth who have historically been marginalized from the domain, and its implications for educational settings. We present an in-depth longitudinal case study of one 12-year-old African American boy to raise questions of what it means for this youth to engage in engineering design in collaboration with the people around in him—experts and knowledgeable others in his community space and how this engagement supports his work in science and engineering. This study suggests that engaging engineering design through a critical epistemology of place involves an iterative and generative process of layering community wisdom and knowledge onto STEM toward (a) how epistemologies of place—and their layers—challenge dominant master narratives, (b) reimagining practices in place, and (c) transforming the dangerous territory of STEM. Our study expands upon current understandings of supporting youth in engaging engineering through highlighting the vital role of sociohistorically constructed understandings of STEM and community in determining when, how, and why engineering takes place

Mediating intimacy online: authenticity, magazines and chasing the clicks

This paper offers a production-based study of online consumer magazines for – and largely by – millennial women, with a particular focus on sex and relationship content. Adopting a feminist discourse analytic approach and a solidary-critical position, I examine 62 interviews conducted with producers, mainly writers and editors, from 12 publications based in the UK and Spain. The analysis maps how notions of intimacy penetrate different dimensions of the magazine, along with networks of influence for the development of content about sex and relationships, marked by a perceived shift from ‘experts’ to ‘real life’. The ways in which producers describe the particularities of woman’s magazine online journalism and dis/articulate a range of critiques are also explored. The paper highlights the increasing importance of ideas about authenticity for these media, making connections to online cultures, a reinvigorated interest in feminism, and contemporary branding strategies. Ultimately, I argue that journalists at women’s magazines simultaneously (re)produce, suffer and contest sexist media, deserving further feminist scholarly attention, and our solidarity as well as critique

Intensive Recrystallization-Controlled Rolling of High-Temperature-Processing Linepipe Steel with Low Niobium Content

The goal of this research was to gain a systematic understanding of the major factors that control the mechanical behavior and the final microstructure of a linepipe steel after High Temperature Processing and Controlled Cooling processing. Based on this in-depth knowledge, an innovative hot deformation process for optimized microstructure, strength and impact toughness using less alloying content was developed. The science and understanding of the underlying phenomena in High-Temperature Processing (HTP) of a new alloy is the focus of this work. Nb content was considered an important variable, an opportunity for its reduction was hypothesized and proved. HSLA linepipe steel with three different Nb contents (0.09, 0.07 and 0.05wt%) was compared through two different deformation approaches. The conventional approach, having thickness reductions of 75% in roughing and 67% in finishing deformation passes. And the Intensive Recrystallization-Controlled Rolling (IRCR), having 85% reduction in roughing and 46% in finishing. Mechanisms were found, that explain for these alloys the grain coarsening behavior of austenite, the mean flow stress at rolling temperatures, the temperature of non-recrystallization, the precipitation in all stages of the process and the transformations involved from slab-reheating to plate-coiling. An innovative hot deformation process was introduced, the IRCR process. While this work focused on the science, IRCR was devised as a robust thermomechanical process that can easily be scaled up to industrial proportions. This process achieved improved microstructural control, used less alloying and required less time for product processing. The microstructural control derived in improved mechanical properties and minimized variability through thick linepipe products (15-19mm). The science and engineering involved are presented and discussed in this document

Spartan Daily, September 3, 2015

Volume 145, Issue 6https://scholarworks.sjsu.edu/spartandaily/8213/thumbnail.jp

PRECEPT:a framework for ethical digital forensics investigations

Purpose: Cyber-enabled crimes are on the increase, and law enforcement has had to expand many of their detecting activities into the digital domain. As such, the field of digital forensics has become far more sophisticated over the years and is now able to uncover even more evidence that can be used to support prosecution of cyber criminals in a court of law. Governments, too, have embraced the ability to track suspicious individuals in the online world. Forensics investigators are driven to gather data exhaustively, being under pressure to provide law enforcement with sufficient evidence to secure a conviction. Yet, there are concerns about the ethics and justice of untrammeled investigations on a number of levels. On an organizational level, unconstrained investigations could interfere with, and damage, the organization’s right to control the disclosure of their intellectual capital. On an individual level, those being investigated could easily have their legal privacy rights violated by forensics investigations. On a societal level, there might be a sense of injustice at the perceived inequality of current practice in this domain. This paper argues the need for a practical, ethically-grounded approach to digital forensic investigations, one that acknowledges and respects the privacy rights of individuals and the intellectual capital disclosure rights of organisations, as well as acknowledging the needs of law enforcement. We derive a set of ethical guidelines, then map these onto a forensics investigation framework. We subjected the framework to expert review in two stages, refining the framework after each stage. We conclude by proposing the refined ethically-grounded digital forensics investigation framework. Our treatise is primarily UK based, but the concepts presented here have international relevance and applicability.Design methodology: In this paper, the lens of justice theory is used to explore the tension that exists between the needs of digital forensic investigations into cybercrimes on the one hand, and, on the other, individuals’ rights to privacy and organizations’ rights to control intellectual capital disclosure.Findings: The investigation revealed a potential inequality between the practices of digital forensics investigators and the rights of other stakeholders. That being so, the need for a more ethically-informed approach to digital forensics investigations, as a remedy, is highlighted, and a framework proposed to provide this.Practical Implications: Our proposed ethically-informed framework for guiding digital forensics investigations suggest a way of re-establishing the equality of the stakeholders in this arena, and ensuring that the potential for a sense of injustice is reduced.Originality/value: Justice theory is used to highlight the difficulties in squaring the circle between the rights and expectations of all stakeholders in the digital forensics arena. The outcome is the forensics investigation guideline, PRECEpt: Privacy-Respecting EthiCal framEwork, which provides the basis for a re-aligning of the balance between the requirements and expectations of digital forensic investigators on the one hand, and individual and organizational expectations and rights, on the other

Hidden in Plain Sight: Exploring Encrypted Channels in Android apps

As privacy features in Android operating system improve, privacy-invasive apps may gradually shift their focus to non-standard and covert channels for leaking private user/device information. Such leaks also remain largely undetected by state-of-the-art privacy analysis tools, which are very effective in uncovering privacy exposures via regular HTTP and HTTPS channels. In this study, we design and implement, ThirdEye, to significantly extend the visibility of current privacy analysis tools, in terms of the exposures that happen across various non-standard and covert channels, i.e., via any protocol over TCP/UDP (beyond HTTP/S), and using multi-layer custom encryption over HTTP/S and non-HTTP protocols. Besides network exposures, we also consider covert channels via storage media that also leverage custom encryption layers. Using ThirdEye, we analyzed 12,598 top-apps in various categories from Androidrank, and found that 2887/12,598 (22.92%) apps used custom encryption/decryption for network transmission and storing content in shared device storage, and 2465/2887 (85.38%) of those apps sent device information (e.g., advertising ID, list of installed apps) over the network that can fingerprint users. Besides, 299 apps transmitted insecure encrypted content over HTTP/non-HTTP protocols; 22 apps that used authentication tokens over HTTPS, happen to expose them over insecure (albeit custom encrypted) HTTP/non-HTTP channels. We found non-standard and covert channels with multiple levels of obfuscation (e.g., encrypted data over HTTPS, encryption at nested levels), and the use of vulnerable keys and cryptographic algorithms. Our findings can provide valuable insights into the evolving field of non-standard and covert channels, and help spur new countermeasures against such privacy leakage and security issues.Comment: Extended version of an ACM CCS 2022 pape