Adaptive Protocols for Interactive Communication

How much adversarial noise can protocols for interactive communication tolerate? This question was examined by Braverman and Rao (IEEE Trans. Inf. Theory, 2014) for the case of "robust" protocols, where each party sends messages only in fixed and predetermined rounds. We consider a new class of non-robust protocols for Interactive Communication, which we call adaptive protocols. Such protocols adapt structurally to the noise induced by the channel in the sense that both the order of speaking, and the length of the protocol may vary depending on observed noise. We define models that capture adaptive protocols and study upper and lower bounds on the permissible noise rate in these models. When the length of the protocol may adaptively change according to the noise, we demonstrate a protocol that tolerates noise rates up to $1/3$. When the order of speaking may adaptively change as well, we demonstrate a protocol that tolerates noise rates up to $2/3$. Hence, adaptivity circumvents an impossibility result of $1/4$ on the fraction of tolerable noise (Braverman and Rao, 2014).Comment: Content is similar to previous version yet with an improved presentatio

Securing Cyber-Physical Social Interactions on Wrist-worn Devices

Since ancient Greece, handshaking has been commonly practiced between two people as a friendly gesture to express trust and respect, or form a mutual agreement. In this article, we show that such physical contact can be used to bootstrap secure cyber contact between the smart devices worn by users. The key observation is that during handshaking, although belonged to two different users, the two hands involved in the shaking events are often rigidly connected, and therefore exhibit very similar motion patterns. We propose a novel key generation system, which harvests motion data during user handshaking from the wrist-worn smart devices such as smartwatches or fitness bands, and exploits the matching motion patterns to generate symmetric keys on both parties. The generated keys can be then used to establish a secure communication channel for exchanging data between devices. This provides a much more natural and user-friendly alternative for many applications, e.g., exchanging/sharing contact details, friending on social networks, or even making payments, since it doesn’t involve extra bespoke hardware, nor require the users to perform pre-defined gestures. We implement the proposed key generation system on off-the-shelf smartwatches, and extensive evaluation shows that it can reliably generate 128-bit symmetric keys just after around 1s of handshaking (with success rate >99%), and is resilient to different types of attacks including impersonate mimicking attacks, impersonate passive attacks, or eavesdropping attacks. Specifically, for real-time impersonate mimicking attacks, in our experiments, the Equal Error Rate (EER) is only 1.6% on average. We also show that the proposed key generation system can be extremely lightweight and is able to run in-situ on the resource-constrained smartwatches without incurring excessive resource consumption

SoK: Inference Attacks and Defenses in Human-Centered Wireless Sensing

Human-centered wireless sensing aims to understand the fine-grained environment and activities of a human using the diverse wireless signals around her. The wireless sensing community has demonstrated the superiority of such techniques in many applications such as smart homes, human-computer interactions, and smart cities. Like many other technologies, wireless sensing is also a double-edged sword. While the sensed information about a human can be used for many good purposes such as enhancing life quality, an adversary can also abuse it to steal private information about the human (e.g., location, living habits, and behavioral biometric characteristics). However, the literature lacks a systematic understanding of the privacy vulnerabilities of wireless sensing and the defenses against them. In this work, we aim to bridge this gap. First, we propose a framework to systematize wireless sensing-based inference attacks. Our framework consists of three key steps: deploying a sniffing device, sniffing wireless signals, and inferring private information. Our framework can be used to guide the design of new inference attacks since different attacks can instantiate these three steps differently. Second, we propose a defense-in-depth framework to systematize defenses against such inference attacks. The prevention component of our framework aims to prevent inference attacks via obfuscating the wireless signals around a human, while the detection component aims to detect and respond to attacks. Third, based on our attack and defense frameworks, we identify gaps in the existing literature and discuss future research directions

Interacting and representing: can Web 2.0 enhance the roles of an MP?

Several UK Members of Parliament (MPs) have a foothold within a Web 2.0 environment. Some write blogs, such as Labour’s Tom Watson or Conservative John Redwood. Equally, some have joined virtual communities such as the social networking sites (SNS) MySpace or Facebook. Cumulatively this indicates they are exploring new means of promoting themselves, their politics as well as news means for interacting with their constituents or those who share their political interests. The key aspect of Web 2.0 technology that offers potential for MPs is that an architecture of participation is in place where those with Internet access can interact with one another. Apart from the Webmasters, there is no automatic hierarchy within communities and so each page within a community site is produced by its members. In sharp contrast to the ‘we will build it and they will come’ philosophy associated with Web 1.0 and the static website; Web 2.0 users work on a ‘we will come and build it philosophy’. MPs, in using this technology, must relinquish some control over their public representation in order to engage with community members; this papers asks to what extent this is occurring, what functions of an MPs role are enhanced through the use of Web 2.0, and concludes by focusing on the advantages and disadvantages for MPs of pursuing a Web 2.0 strategy. Our research analysed the content of the 42 weblogs and 37 SNS of MPs who advertise these on the personal websites. Our first set of questions related to the extent to which public conversations could take place; so assessing the extent of interactivity between the MPs and the visitors to these weblogs and SNS profiles. Secondly we focused on the extent to which interactivity was potentiated, either through site functions or the language used, such as asking questions; so assessing whether interaction could take place. Thirdly we assessed which of the MPs roles, the policy scrutiny trusteeship role, the party member role, or constituency representative role was being enhanced through Web 2.0 technologies and what relationship this had to interaction gained. Our data suggests that interactivity is taking place. But this can be in a fairly limited form with many visitors being more likely to comment without returning rather than being part of any reciprocal exchange with the MP. In our assessment, this was due to the fact that many blogs and SNS profiles are laden with too much information and insufficient opportunities to enter into conversations on matters of importance to visitors. When focusing on the functions of the MP, it was clear that many used Web 2.0 as a space to promote the party and communicate their thoughts on issues of the day however these tended to gain little interaction. However, those MPs who use Web 2.0 tools to enhance their constituency representative role did find visitors would interact with them. Within Web 2.0 we can also find a further purpose for MPs, offering insights into their background and personal life to offer a more three-dimensional perspective to visitors. Many MPs use SNS particularly in the same way as any other user, as an individual as opposed to as a professional within any particular career. Here we find MPs also benefiting from interaction with visitors and not only those that are within their offline circle of friends and colleagues. Thus we conclude that there is potential for MPs to use Web 2.0 to support their representative function and gain interaction with a broader public than they would normally. Weblogs can be used to build a community of interest around policy areas to some extent, though this is currently limited to a minority. However SNS can be used to enhance the link between constituents and the MP, if only a minority of the constituency, and can widen the MPs circle of contacts. However, the control aspect is clearly a worry for MPs. While outside of an election campaign it may not matter what is said on an MPs’ weblog or SNS profile there are dangers that during an election they can be hi-jacked by opponents. Therefore the calculation will remain one of benefit versus risk and an assessment of whether sufficient constituents can be reached, or significant numbers of contacts be made, to indicate whether Web 2.0 offers huge promise or huge dangers

Security challenges of small cell as a service in virtualized mobile edge computing environments

Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users