14,654 research outputs found

    The Viability and Potential Consequences of IoT-Based Ransomware

    Get PDF
    With the increased threat of ransomware and the substantial growth of the Internet of Things (IoT) market, there is significant motivation for attackers to carry out IoT-based ransomware campaigns. In this thesis, the viability of such malware is tested. As part of this work, various techniques that could be used by ransomware developers to attack commercial IoT devices were explored. First, methods that attackers could use to communicate with the victim were examined, such that a ransom note was able to be reliably sent to a victim. Next, the viability of using "bricking" as a method of ransom was evaluated, such that devices could be remotely disabled unless the victim makes a payment to the attacker. Research was then performed to ascertain whether it was possible to remotely gain persistence on IoT devices, which would improve the efficacy of existing ransomware methods, and provide opportunities for more advanced ransomware to be created. Finally, after successfully identifying a number of persistence techniques, the viability of privacy-invasion based ransomware was analysed. For each assessed technique, proofs of concept were developed. A range of devices -- with various intended purposes, such as routers, cameras and phones -- were used to test the viability of these proofs of concept. To test communication hijacking, devices' "channels of communication" -- such as web services and embedded screens -- were identified, then hijacked to display custom ransom notes. During the analysis of bricking-based ransomware, a working proof of concept was created, which was then able to remotely brick five IoT devices. After analysing the storage design of an assortment of IoT devices, six different persistence techniques were identified, which were then successfully tested on four devices, such that malicious filesystem modifications would be retained after the device was rebooted. When researching privacy-invasion based ransomware, several methods were created to extract information from data sources that can be commonly found on IoT devices, such as nearby WiFi signals, images from cameras, or audio from microphones. These were successfully implemented in a test environment such that ransomable data could be extracted, processed, and stored for later use to blackmail the victim. Overall, IoT-based ransomware has not only been shown to be viable but also highly damaging to both IoT devices and their users. While the use of IoT-ransomware is still very uncommon "in the wild", the techniques demonstrated within this work highlight an urgent need to improve the security of IoT devices to avoid the risk of IoT-based ransomware causing havoc in our society. Finally, during the development of these proofs of concept, a number of potential countermeasures were identified, which can be used to limit the effectiveness of the attacking techniques discovered in this PhD research

    Perceptions of surveillance: exploring feelings held by Black community leaders in Boston toward camera enforcement of roadway infractions

    Get PDF
    Roadway camera enforcement programs have been found to effectively reduce vehicle travel speeds, as well as decrease the number and severity of collisions. Despite a wealth of evaluative research confirming this enforcement approach's aptitude at promoting safer roadway behavior, fewer than 50 % of US states currently host camera-based programs. Public opposition is frequently cited as the cause for the slow proliferation of this enforcement strategy. However, with public demand for police reform having an increasing presence on the national political stage, how might feelings toward camera technology currently stand among groups most marginalized by existing enforcement systems, and how might those feelings vary by type of enforcement application? Through a series of focus groups, this work centers Black voices on matters of surveillance and roadway enforcement by discussing sentiment toward camera programs with Black community leaders. This discussion is contextually situated in Boston, Massachusetts, where legislation that would allow for camera enforcement of roadway infractions is actively being deliberated in the State Senate. Findings culminate in a list of right-sizing and procedural recommendations for policy makers hoping to gain support for camera enforcement, improve roadway safety, and advance racial equity in our systems of policing and governance

    Countermeasures for the majority attack in blockchain distributed systems

    Get PDF
    La tecnología Blockchain es considerada como uno de los paradigmas informáticos más importantes posterior al Internet; en función a sus características únicas que la hacen ideal para registrar, verificar y administrar información de diferentes transacciones. A pesar de esto, Blockchain se enfrenta a diferentes problemas de seguridad, siendo el ataque del 51% o ataque mayoritario uno de los más importantes. Este consiste en que uno o más mineros tomen el control de al menos el 51% del Hash extraído o del cómputo en una red; de modo que un minero puede manipular y modificar arbitrariamente la información registrada en esta tecnología. Este trabajo se enfocó en diseñar e implementar estrategias de detección y mitigación de ataques mayoritarios (51% de ataque) en un sistema distribuido Blockchain, a partir de la caracterización del comportamiento de los mineros. Para lograr esto, se analizó y evaluó el Hash Rate / Share de los mineros de Bitcoin y Crypto Ethereum, seguido del diseño e implementación de un protocolo de consenso para controlar el poder de cómputo de los mineros. Posteriormente, se realizó la exploración y evaluación de modelos de Machine Learning para detectar software malicioso de tipo Cryptojacking.DoctoradoDoctor en Ingeniería de Sistemas y Computació

    A citizen science approach to the characterisation and modelling of urban pluvial flooding

    Get PDF
    Urban pluvial flooding (UPF), a growing challenge across cities worldwide that is expected to worsen due to climate change and urbanisation, requires comprehensive response strategies. However, the characterisation and simulation of UPF is more complex than traditional catchment hydrological modelling because UPF is driven by a complex set of interconnected factors and modelling constraints. Different integrated approaches have attempted to address UPF by coupling humans and environmental systems and reflecting on the possible outcomes from the interactions among varied disciplines. Nonetheless, it is argued that current integrated approaches are insufficient. To further improve the characterisation and modelling of UPF, this study advances a citizen science approach that integrates local knowledge with the understanding and interpretation of UPF. The proposed framework provides an avenue to couple quantitative and qualitative community-based observations with traditional sources of hydro-information. This approach allows researchers and practitioners to fill spatial and temporal data gaps in urban catchments and hydrologic/hydrodynamic models, thus yielding a more accurate characterisation of local catchment response and improving rainfall-runoff modelling of UPF. The results of applying this framework indicate how community-based practices provide a bi-directional learning context between experts and residents, which can contribute to resilience building by providing UPF knowledge necessary for risk reduction and response to extreme flooding events

    ‘If I am on ART, my new-born baby should be put on treatment immediately’: Exploring the acceptability, and appropriateness of Cepheid Xpert HIV-1 Qual assay for early infant diagnosis of HIV in Malawi

    Get PDF
    Early infant diagnosis of HIV (EID-HIV) is key to reducing paediatric HIV mortality. Traditional approaches for diagnosing HIV in exposed infants are usually unable to optimally contribute to EID. Point-of-care testing such as Cepheid Xpert HIV-1 Qual assay-1 (XPertHIV) are available and could improve EID-HIV in resource constrained and high HIV burden contexts. We investigated the acceptability and perceived appropriateness of XpertHIV for EID-HIV in Mulanje Hospital, Malawi. Qualitative cross-sectional study using semi-structured interviews (SSI) among caregivers and health care workers at Mulanje District Hospital. The qualitative study was nested within a larger diagnostic study that evaluated the performance of XpertHIV using whole-blood-sample in a resource limited and high burden setting. A total of 65 SSIs were conducted among caregivers (n = 60) and health care providers (n = 5). Data were coded using deductive and inductive approaches while thematic approach was used to analyse data. Point-of-care XPertHIV was perceived to be acceptable among caregivers and health care providers. Caregivers’ motivations for accepting XPertHIV HIV-testing for their infants included perceived risk of HIV emanating from child’s exposure and validation of caregiver’s own HIV sero-status. Although concerns about pain of testing and blood sample volumes taken from an infant remained amplified, overall, both caregivers and health care providers felt XpertHIV was appropriate because of its quick result turn-around-time which decreased anxiety and stress, the prospect of early treatment initiation and reduction in hospital visits and related costs. Implementation of XpertHIV has a great potential to improve EID-HIV in Malawi because of its quick turn-around-time and associated benefits including overcoming access-related barriers. Scaled implementation of this diagnostic technology require a robust community engagement strategy for managing caregivers and community myths and misconceptions towards the amount of blood sample collected from infants

    A Phenomenological Study of How Active Engagement in Black Greek Letter Sororities Influences Christian Members\u27 Spiritual Growth

    Get PDF
    This phenomenological study explored how being part of a Black Greek Letter. Organization (BGLO) sorority impacts the spiritual growth of its Christian members. One of the issues explored was the influence relationships within these sororities have on members striving to be like Christ. There is a dichotomy of perspectives regarding Black Greek Letter Organizations (BGLOs). They have a significant role in the Black community as organizations that foster leadership, philanthropy, and sisterhood and promote education. They are admired on and off college campuses and in the broader community in graduate chapters. The objective of phenomenology is to describe phenomena of spiritual growth among Christian sorority members from the life experiences of those who live them; that premise guided the interviews conducted for this study. The results found that active engagement in a BGLO sorority positively impacts its members\u27 spiritual growth. From the emotional stories of sisterhood, service, and devotion to prayer, their experiences evidenced strengthened walks of faith. This study contrasts the Anti-BGLO narrative as a testament to these organizations\u27 legacy and practices deeply grounded in the church

    LIFE JOURNEY WITH SOMEBODY SPECIAL: THE HIGHS AND LOWS OF PARENTS OF CHILDREN WITH DISABILITY

    Get PDF
    Central to this study is the lived experiences of parents of children with physical disability. This study was conducted at Barangay Poblacion 8, Midsayap, Cotabato. It included as participants purposively chosen parents of children with physical disability. Their ages ranged from 31 to 53 years old, and were all mothers. The physical disabilities of their children were either musculoskeletal (orthopaedic) or visual. This study made use of the phenomenological research design. Findings bared that despite the apparent conditions of their children, the participants joyfully and with gratitude accepted their children as blessings from God. They spent bonding moments with them, and at times appreciative of their learning of new things, and were busy taking good care of the total well-being of their children. They were aware of their children’s limitations, but they do not consider them as different. Nevertheless, they sought acceptance, respect, and understanding from others. The participants were concerned about the health issues of their children, anxious about the mistreatment they received from others, and pondered on their possible rejection in the future. The participants stood by their children and draw strength from God. They look at the bright side of life and hope that their children finish studying. The participants as mothers were longing for help for their children’s sake.  Article visualizations

    The role of community health nurses in promoting school learners’ reproductive health in North West province

    Get PDF
    Background: Reproductive health education is a major component in schools, which is delivered through Life Orientation and Life Science subjects. Providing sexual and reproductive health education and services remains a challenge in schools of many countries, as well as South Africa. Community health nurses have the responsibility to initiate and participate in reproductive health promotion initiatives in schools. Aim: To explore the roles of community health nurses in the promotion of school learners’ reproductive health in schools. Setting: This study was conducted in the clinics of Madibeng municipality in North West province, South Africa. Methods: An exploratory qualitative research study was conducted using in-depth interviews for data collection. The population included community health nurses who were sampled purposively. Results: Community health nurses revealed that their primary role was to provide health education to learners, particularly in clinics. Furthermore, they revealed that they did not visit schools and had no communication with teachers regarding learners’ reproductive health issues. Conclusion: The Department of Education has opened a platform for the provision of reproductive health education in schools through various teacher-led initiatives. However, this has posed a significant challenge to teachers as they may not be willing to deliver sensitive and sexually themed information to learners. To ensure effective delivery of reproductive health education in schools, community health nurses, teachers and other relevant stakeholders must collaborate in schools. Contribution: This article highlights the importance of community health nurses visiting schools to promote the reproductive health of school learners

    An Ethereum-compatible blockchain that explicates and ensures design-level safety properties for smart contracts

    Full text link
    Smart contracts are crucial elements of decentralized technologies, but they face significant obstacles to trustworthiness due to security bugs and trapdoors. To address the core issue, we propose a technology that enables programmers to focus on design-level properties rather than specific low-level attack patterns. Our proposed technology, called Theorem-Carrying-Transaction (TCT), combines the benefits of runtime checking and symbolic proof. Under the TCT protocol, every transaction must carry a theorem that proves its adherence to the safety properties in the invoked contracts, and the blockchain checks the proof before executing the transaction. The unique design of TCT ensures that the theorems are provable and checkable in an efficient manner. We believe that TCT holds a great promise for enabling provably secure smart contracts in the future. As such, we call for collaboration toward this vision
    • …
    corecore