16,380 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Towards a more just refuge regime: quotas, markets and a fair share

    Get PDF
    The international refugee regime is beset by two problems: Responsibility for refuge falls disproportionately on a few states and many owed refuge do not get it. In this work, I explore remedies to these problems. One is a quota distribution wherein states are distributed responsibilities via allotment. Another is a marketized quota system wherein states are free to buy and sell their allotments with others. I explore these in three parts. In Part 1, I develop the prime principles upon which a just regime is built and with which alternatives can be adjudicated. The first and most important principle – ‘Justice for Refugees’ – stipulates that a just regime provides refuge for all who have a basic interest in it. The second principle – ‘Justice for States’ – stipulates that a just distribution of refuge responsibilities among states is one that is capacity considerate. In Part 2, I take up several vexing questions regarding the distribution of refuge responsibilities among states in a collective effort. First, what is a state’s ‘fair share’? The answer requires the determination of some logic – some metric – with which a distribution is determined. I argue that one popular method in the political theory literature – a GDP-based distribution – is normatively unsatisfactory. In its place, I posit several alternative metrics that are more attuned with the principles of justice but absent in the political theory literature: GDP adjusted for Purchasing Power Parity and the Human Development Index. I offer an exploration of both these. Second, are states required to ‘take up the slack’ left by defaulting peers? Here, I argue that duties of help remain intact in cases of partial compliance among states in the refuge regime, but that political concerns may require that such duties be applied with caution. I submit that a market instrument offers one practical solution to this problem, as well as other advantages. In Part 3, I take aim at marketization and grapple with its many pitfalls: That marketization is commodifying, that it is corrupting, and that it offers little advantage in providing quality protection for refugees. In addition to these, I apply a framework of moral markets developed by Debra Satz. I argue that a refuge market may satisfy Justice Among States, but that it is violative of the refugees’ welfare interest in remaining free of degrading and discriminatory treatment

    Digital asset management via distributed ledgers

    Get PDF
    Distributed ledgers rose to prominence with the advent of Bitcoin, the first provably secure protocol to solve consensus in an open-participation setting. Following, active research and engineering efforts have proposed a multitude of applications and alternative designs, the most prominent being Proof-of-Stake (PoS). This thesis expands the scope of secure and efficient asset management over a distributed ledger around three axes: i) cryptography; ii) distributed systems; iii) game theory and economics. First, we analyze the security of various wallets. We start with a formal model of hardware wallets, followed by an analytical framework of PoS wallets, each outlining the unique properties of Proof-of-Work (PoW) and PoS respectively. The latter also provides a rigorous design to form collaborative participating entities, called stake pools. We then propose Conclave, a stake pool design which enables a group of parties to participate in a PoS system in a collaborative manner, without a central operator. Second, we focus on efficiency. Decentralized systems are aimed at thousands of users across the globe, so a rigorous design for minimizing memory and storage consumption is a prerequisite for scalability. To that end, we frame ledger maintenance as an optimization problem and design a multi-tier framework for designing wallets which ensure that updates increase the ledger’s global state only to a minimal extent, while preserving the security guarantees outlined in the security analysis. Third, we explore incentive-compatibility and analyze blockchain systems from a micro and a macroeconomic perspective. We enrich our cryptographic and systems' results by analyzing the incentives of collective pools and designing a state efficient Bitcoin fee function. We then analyze the Nash dynamics of distributed ledgers, introducing a formal model that evaluates whether rational, utility-maximizing participants are disincentivized from exhibiting undesirable infractions, and highlighting the differences between PoW and PoS-based ledgers, both in a standalone setting and under external parameters, like market price fluctuations. We conclude by introducing a macroeconomic principle, cryptocurrency egalitarianism, and then describing two mechanisms for enabling taxation in blockchain-based currency systems

    Examining the Impact of Personal Social Media Use at Work on Workplace Outcomes

    Get PDF
    A noticable shift is underway in today’s multi-generational workforce. As younger employees propel digital workforce transformation and embrace technology adoption in the workplace, organisations need to show they are forward-thinking in their digital transformation strategies, and the emergent integration of social media in organisations is reshaping internal communication strategies, in a bid to improve corporate reputations and foster employee engagement. However, the impact of personal social media use on psychological and behavioural workplace outcomes is still debatebale with contrasting results in the literature identifying both positive and negative effects on workplace outcomes among organisational employees. This study seeks to examine this debate through the lens of social capital theory and study personal social media use at work using distinct variables of social use, cognitive use, and hedonic use. A quantitative analysis of data from 419 organisational employees in Jordan using SEM-PLS reveals that personal social media use at work is a double-edged sword as its impact differs by usage types. First, the social use of personal social media at work reduces job burnout, turnover intention, presenteeism, and absenteeism; it also increases job involvement and organisational citizen behaviour. Second, the cognitive use of personal social media at work increases job involvement, organisational citizen behaviour, employee adaptability, and decreases presenteeism and absenteeism; it also increases job burnout and turnover intention. Finally, the hedonic use of personal social media at work carries only negative effects by increasing job burnout and turnover intention. This study contributes to managerial understanding by showing the impact of different types of personal social media usage and recommends that organisations not limit employee access to personal social media within work time, but rather focus on raising awareness of the negative effects of excessive usage on employee well-being and encourage low to moderate use of personal social media at work and other personal and work-related online interaction associated with positive workplace outcomes. It also clarifies the need for further research in regions such as the Middle East with distinct cultural and socio-economic contexts

    Walking with the Earth: Intercultural Perspectives on Ethics of Ecological Caring

    Get PDF
    It is commonly believed that considering nature different from us, human beings (qua rational, cultural, religious and social actors), is detrimental to our engagement for the preservation of nature. An obvious example is animal rights, a deep concern for all living beings, including non-human living creatures, which is understandable only if we approach nature, without fearing it, as something which should remain outside of our true home. “Walking with the earth” aims at questioning any similar preconceptions in the wide sense, including allegoric-poetic contributions. We invited 14 authors from 4 continents to express all sorts of ways of saying why caring is so important, why togetherness, being-with each others, as a spiritual but also embodied ethics is important in a divided world

    In search of 'The people of La Manche': A comparative study of funerary practices in the Transmanche region during the late Neolithic and Early Bronze Age (250BC-1500BC)

    Get PDF
    This research project sets out to discover whether archaeological evidence dating between 2500 BC - 1500 BC from supposed funerary contexts in Kent, flanders and north-eastern Transmanche France is sufficient to make valid comparisons between social and cultural structures on either side of the short-sea Channel region. Evidence from the beginning of the period primarily comes in the form of the widespread Beaker phenomenon. Chapter 5 shows that this class of data is abundant in Kent but quite sparse in the Continental zones - most probably because it has not survived well. This problem also affects the human depositional evidence catalogued in Chapter 6, particularly in Fanders but also in north-eastern Transmanche France. This constricts comparative analysis, however, the abundant data from Kent means that general trends are still discernible. The quality and volume of data relating to the distribution, location, morphology and use of circular monuments in all three zones is far better - as demonstrated in Chapter 7 -mostly due to extensive aerial surveying over several decades. When the datasets are taken as a whole, it becomes possible to successfully apply various forms of comparative analyses. Most remarkably, this has revealed that some monuments apparently have encoded within them a sophisticated and potentially symbolically charged geometric shape. This, along with other less contentious evidence, demonstrates a level of conformity that strongly suggests a stratum of cultural homogeneity existed throughout the Transmanche region during the period 2500 BC - 1500 BC. The fact that such changes as are apparent seem to have developed simultaneously in each of the zones adds additional weight to the theory that contact throughout the Transmanche region was endemic. Even so, it may not have been continuous; there may actually have been times of relative isolation - the data is simply too course to eliminate such a possibility
    • 

    corecore