The Impact of IPv6 on Penetration Testing

In this paper we discuss the impact the use of IPv6 has on remote penetration testing of servers and web applications. Several modifications to the penetration testing process are proposed to accommodate IPv6. Among these modifications are ways of performing fragmentation attacks, host discovery and brute-force protection. We also propose new checks for IPv6-specific vulnerabilities, such as bypassing firewalls using extension headers and reaching internal hosts through available transition mechanisms. The changes to the penetration testing process proposed in this paper can be used by security companies to make their penetration testing process applicable to IPv6 targets

Therapists' experiences of relational depth: a qualitative interview study

The aim of this study was to explore therapists' experiences of meeting their clients at a level of 'relational depth'. This was defined as a feeling of profound contact and engagement with another, in which the therapists experienced high levels of empathy, acceptance and transparency towards their clients, and experienced their clients as acknowledging their empathy and acceptance in a genuine way. Participants were primarily experienced person-centred therapists, five of whom were female and three of whom were male. Data was gathered through the use of qualitative, unstructured interviews within the broader framework of a person-centred and phenomenological methodology. All interviewees described experiencing moments of relational depth with their clients, and substantial commonalities emerged in their descriptions. These included heightened feelings of empathy, acceptance and receptivity towards their clients; powerful feelings of immersion in the therapeutic work; increased perceptual clarity; and greater levels of awareness, aliveness and satisfaction. At these times, the therapists also experienced their clients as highly transparent; articulating core concerns and issues; and reciprocating the therapist's acknowledgement of them in a flowing, bi-directional encounter. These findings are discussed in relation to recent research on 'presence' and 'flow' and it is proposed that relational depth can be conceptualised as a form of 'co-presence' or a co-experiencing of the person-centred 'core conditions'. Limitations of the study and areas for further research are discussed

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

International audienceExclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications , due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR.The TAMARIN prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs

Transformation of Organizations Through Enhancing Free Energy of Individulas, Collectivity and the Organization

Organization identity is shaped by multiple factors. This shaping leads to transformation of the organization. An organization transforms its own identity with the help of free energy. It can also mobilize captive or frozen intrinsic energy into free energy. Each of these energies is driven by either internal or external factors and has its own effect that decides how the organization transforms itself. Indian organizations can also transform themselves in an effective manner through organizational leadership. The strength of the leadership and its understanding of the internal and external driving forces will determine how the organization transforms itself. For an organization to transform, the leader must first identify the free, captive and frozen energy within himself, collectivity and the organization and do what is necessary to make these available to the organization for transformation. The paper deals with how the organization can enhance and channelise its free energy, alertness and aliveness to fulfill the vision, goals and objectives of the organization.

Security of RFID Protocols - A Case Study

AbstractIn the context of Dolev-Yao style analysis of security protocols, we investigate the security claims of a recently proposed RFID authentication protocol. We exhibit a flaw which has gone unnoticed in RFID protocol literature and present the resulting attacks on authentication, untraceability, and desynchronization resistance. We analyze and discuss the authors' proofs of security. References to other vulnerable protocols are given

On the Complexity of Heuristic Synthesis for Satisficing Classical Planning: Potential Heuristics and Beyond

Potential functions are a general class of heuristics for classical planning. For satisficing planning, previous work suggested the use of descending and dead-end avoiding (DDA) potential heuristics, which solve planning tasks by backtrack-free search. In this work we study the complexity of devising DDA potential heuristics for classical planning tasks. We show that verifying or synthesizing DDA potential heuristics is PSPACE-complete, but suitable modifications of the DDA properties reduce the complexity of these problems to the first and second level of the polynomial hierarchy. We also discuss the implications of our results for other forms of heuristic synthesis in classical planning

Privacy-Enhanced AKMA for Multi-Access Edge Computing Mobility

Multi-access edge computing (MEC) is an emerging technology of 5G that brings cloud computing benefits closer to the user. The current specifications of MEC describe the connectivity of mobile users and the MEC host, but they have issues with application-level security and privacy. We consider how to provide secure and privacy-preserving communication channels between a mobile user and a MEC application in the non-roaming case. It includes protocols for registration of the user to the main server of the MEC application, renewal of the shared key, and usage of the MEC application in the MEC host when the user is stationary or mobile. For these protocols, we designed a privacy-enhanced version of the 5G authentication and key management for applications (AKMA) service. We formally verified the current specification of AKMA using ProVerif and found a new spoofing attack as well as other security and privacy vulnerabilities. Then we propose a fix against the spoofing attack. The privacy-enhanced AKMA is designed considering these shortcomings. We formally verified the privacy-enhanced AKMA and adapted it to our solution