264 research outputs found
Studying Potential Side Channel Leakages on an Embedded Biometric Comparison System
We study in this work the potential side channel leakages of a hardware biometric comparison system that has been designed for fingerprints.
An embedded biometric system for comparison aims at comparing a stored biometric data with a freshly acquired one without the need to send the stored biometric data outside the system. Here one may try to retrieve the stored data via side channel, similarly as for embedded cryptographic modules where one may try to exploit side channel for attacking the modules.
On one hand, we show that we can find partial information by the means of simple Side Channel Analysis that may help to retrieve the stored fingerprint. On the other hand, we illustrate that reconstructing the fingerprint remains not trivial and we give some simple countermeasures to protect further the comparison algorithm
Redesigning the Indian food security system through e-governance: the case of Kerala
The link between e-governance and development has been widely leveraged for policy formulation in India, however, little is known about its application to food security. This paper fills the gap with a study of Kerala, where the Public Distribution System (PDS), the main national food security program, has been digitalized in its main functions. Findings reveal that the digital program has been purposefully devised to combat the problem of diversion ("rice mafia") of PDS goods to the market: however, issues of partial coverage and mistargeting remain. Lessons are drawn for other states computerizing the PDS and their social safety nets
The political prioritisation of welfare in India:comparing the Public Distribution System in Chhattisgarh and Jharkhand
The idea of state responsibility for ensuring food security has gained ground, with strong popular mobilisations for the Right to Food around the world; but important variations prevail, both in the articulation of demands around food security interventions and in political responses to these. This paper takes a close look at India’s Public Distribution System, a programme with a long history and clear national-level, legislative backing, but considerable differences in prioritisation at the subnational level. Through an empirically rich and innovative comparison of Chhattisgarh with Jharkhand – both created at the same time, in 2000 – it asks why the opportunities afforded by statehood allowed Chhattisgarh to politically prioritise the PDS, but not Jharkhand. The paper finds that the explanation lies in the interrelated dimensions of political competition, the nature of pressures exerted by electorally significant societal groups, and political enablement of bureaucratic capacity. Finally, the analytical framework at the heart of the paper contributes to the emerging literature on the political conditions that allow the deployment of state capacity for the promotion of welfar
Recommended from our members
Hardware and software fingerprinting of mobile devices
This dissertation presents novel and practical algorithms to identify the software and hardware components on mobile devices. In particular, we make significant contributions in two challenging areas: library fingerprinting, to identify third-party software libraries, and device fingerprinting, to identify individual hardware components. Our work has significant implications for the privacy and security of mobile platforms.
Software-based library fingerprinting can be used to detect vulnerable libraries and uncover large-scale data collection activities. We develop a novel Android library finger-printing tool, LibID, to reliably identify specific versions of in-app third-party libraries. LibID is more effective against code obfuscation than prior art. When comparing LibID with other tools in identifying the correct library version using obfuscated F-Droid apps, LibID achieves an F1 score of more than 0.5 in all cases while prior work is below 0.25. We also demonstrate the utility of LibID by detecting the use of a vulnerable version of the OkHttp library in nearly 10% of the 3 958 popular apps on the Google Play Store.
Hardware-based device fingerprinting allows apps and websites to invade user privacy by tracking user activity online as the user moves between apps or websites. In particular, we present a new type of device fingerprinting attack, the factory calibration fingerprinting attack, that recovers embedded per-device factory calibration data from motion sensors in a smartphone. We investigate the calibration behaviour of each sensor and show that the calibration fingerprint is fast to generate, does not change over time or after a factory reset, and can be obtained without any special user permissions.
We estimate the entropy of the calibration fingerprint and find the fingerprint is very likely to be globally unique for iOS devices (~67 bits of entropy for iPhone 6S) and recent Google Pixel devices (~57 bits of entropy for Pixel 4/4 XL). By comparison, the fingerprint generated by previous work has at most 13 bits of entropy. Following our disclosures, Apple deployed a fix in iOS 12.2 and Google in Android 11.
Both code obfuscation and factory calibration help to hide software and hardware idiosyncrasies from third-parties, but this dissertation demonstrates that reliable software and hardware fingerprints can still be generated given sufficient knowledge and a suitable approach. Our work has significant practical implications and can be used to improve platform security and protect user privacy.China Scholarship Council
The Boeing Company
Microsoft Researc
- …