Synthetic speech detection and audio steganography in VoIP scenarios

The distinction between synthetic and human voice uses the techniques of the current biometric voice recognition systems, which prevent that a person’s voice, no matter if with good or bad intentions, can be confused with someone else’s. Steganography gives the possibility to hide in a file without a particular value (usually audio, video or image files) a hidden message in such a way as to not rise suspicion to any external observer. This article suggests two methods, applicable in a VoIP hypothetical scenario, which allow us to distinguish a synthetic speech from a human voice, and to insert within the Comfort Noise a text message generated in the pauses of a voice conversation. The first method takes up the studies already carried out for the Modulation Features related to the temporal analysis of the speech signals, while the second one proposes a technique that derives from the Direct Sequence Spread Spectrum, which consists in distributing the signal energy to hide on a wider band transmission. Due to space limits, this paper is only an extended abstract. The full version will contain further details on our research

Sicurezza del browser e delle informazioni nell'interazione Web. Minacce e prevenzione

La velocità con cui le tecnologie dell'informazione ci hanno somministrato dosi massive di connettività, dati, strumenti di produttività ed esistenza online non ha avuto idoneo riscontro nell'educazione ad Internet, alle sue potenzialità e alle sue insidie. I nativi digitali considerano la rete alla stregua dell'aria o di un giocattolo – qualcosa che esiste da sempre e che avvolge le nostre vite – mentre i nativi analogici si suddividono fra coloro che si sono adattati e gli altri, che sono culturalmente distanti da questa presenza trasversale alle attività umane, di cui non si può che predire l'ulteriore espansione. Ma sia i nativi digitali che i nativi analogici riadattati sono troppo spesso inconsapevoli di come alcuni valori indipendenti dalla rete, come la privacy, il rispetto, la sicurezza, trovino nuove declinazioni e differenti sfumature quando immersi nella rete. La mancanza di una alfabetizzazione della sicurezza, la ridotta percezione dell'incapacità della rete di dimenticare, la sottovalutazione dei meccanismi fulminei e asimmetrici operanti sulla rete e la mancata considerazione dei rischi ad essa connessi determinano frequentamene situazioni gravemente problematiche, di non facile risoluzione e che richiedono quantità ingenti di risorse e tempi prolungati per la loro gestione appropriata. Eppure alla base della consapevolezza e di una corretta valutazione del rischio ci sono pochi principi essenziali, riconducibili alla sicurezza delle informazioni, tema assai più anziano della tecnologia dell'informazione, che offre tuttavia nel XXI secolo nuove e significative angolazioni, che annunciano grandi sfide ed opportunità. In questo articolo viene proposto un breve percorso che, partendo proprio dalla sicurezza delle informazioni, ne esamina le nuove declinazioni che si configurano prendendo in considerazione la più classica delle interazioni con la rete: la navigazione Web.The speed with which information technology has given us massive amounts of connectivity, data, productivity tools, and online existence has not had a good record in Internet education, its potential and its pitfalls. Digital natives regard the network as the air or a toy - something that has existed for ever and wraps our lives - while analogic natives are subdivided between those who have adapted themselves and others who are culturally distant from this transversal presence in human activities, of which one can only predict further expansion. But both digital natives and revised analogic native people are too often unaware of how some network-independent values ​​such as privacy, respect, security, new declinations and different shades when dipped into the network. The lack of security literacy, the reduced perception of the inability of the network to forget, the underestimation of lightning and asymmetric mechanisms operating on the network and the failure to take into account the risks associated with it, lead to situations of serious concern, not easy resolution and require large amounts of resources and prolonged time for their proper management. Yet, at the heart of awareness and proper risk assessment, there are few essential principles that relate to information security, a much older theme in information technology, but it still offers significant new angles in the 21st century, which announce great challenges and opportunity. This article proposes a short path that, starting from the security of information, examines the new declinations that are configured by considering the most classic of interactions with the network: Web browsing

Protezione del traffico aereo civile dalla minaccia cibernetica

L’impiego dell’Ict ha caratterizzato in maniera crescente l’evoluzione dell’aviazione civile. La digitalizzazione e la messa in rete di strumenti tecnologici complessi implicano delle problematiche rilevanti per la sicurezza cibernetica del settore. Il Government Accountability Office ha recentemente sottolineato come alcune vulnerabilità riscontrate nei sistemi statunitensi di gestione e controllo del traffico aereo civile possano, se sfruttate, avere serie conseguenze per la sicurezza. Da tali considerazioni scaturiscono una serie di domande sul caso italiano: su quali tecnologie si basano i nostri sistemi di gestione e controllo del traffico aereo civile? Qual è il loro livello di vulnerabilità? Quali attori possono minacciare tali sistemi? E questi attori hanno le capacità tecnologiche per condurre attacchi cibernetici tali da compromettere queste infrastrutture critiche? Le limitate risorse tecniche e i diversi obiettivi degli attori non statali esaminati in questo studio, le misure messe in campo da Enav e la funzione di prevenzione delle autorità italiane consentono di affermare che il livello di rischio a cui sono esposti nel breve periodo i sistemi Atc italiani è relativamente basso. È tuttavia necessario sottolineare la necessità di mantenere un livello di attenzione alto.The use of ICT in civil aviation has increased exponentially in the last years. Digitalisation and the technological tools and systems often connected to the internet constitute serious risks for aviation cyber security. The Government Accountability Office (GAO) has recently stated that air traffic management and control (ATM/ATC) vulnerabilities could be used to undermine national security. Against this backdrop, several related questions arise: what technologies do air traffic management and control systems rely on? Are these systems vulnerable? Which actors could pose a threat to these systems? Do they have the technological skills to conduct attacks that could compromise them? The low technical skills of the non-state actors analysed in this research, the cyber security countermeasures adopted by ENAV and the preventive activities conducted by Italian authorities make the risk for Italian ATM/ATC systems low. However, it is necessary to keep a high level of attention and awareness on possible future developments of the cyber threat

Distributed physical sensors network for the protection of critical infrastractures against physical attacks

The SCOUT project is based on the use of multiple innovative and low impact technologies for the protection of space control ground stations and the satellite links against physical and cyber-attacks, and for intelligent reconfiguration of the ground station network (including the ground node of the satellite link) in the case that one or more nodes fail. The SCOUT sub-system devoted to physical attacks protection, SENSNET, is presented. It is designed as a network of sensor networks that combines DAB and DVB-T based passive radar, noise radar, Ku-band radar, infrared cameras, and RFID technologies. The problem of data link architecture is addressed and the proposed solution described

Multi-model study of mercury dispersion in the atmosphere : Atmospheric processes and model evaluation

Current understanding of mercury (Hg) behavior in the atmosphere contains significant gaps. Some key characteristics of Hg processes, including anthropogenic and geogenic emissions, atmospheric chemistry, and air-surface exchange, are still poorly known. This study provides a complex analysis of processes governing Hg fate in the atmosphere involving both measured data from ground-based sites and simulation results from chemical transport models. A variety of long-term measurements of gaseous elemental Hg (GEM) and reactive Hg (RM) concentration as well as Hg wet deposition flux have been compiled from different global and regional monitoring networks. Four contemporary global-scale transport models for Hg were used, both in their state-of-the-art configurations and for a number of numerical experiments to evaluate particular processes. Results of the model simulations were evaluated against measurements. As follows from the analysis, the interhemispheric GEM gradient is largely formed by the prevailing spatial distribution of anthropogenic emissions in the Northern Hemisphere. The contributions of natural and secondary emissions enhance the south-to-north gradient, but their effect is less significant. Atmospheric chemistry has a limited effect on the spatial distribution and temporal variation of GEM concentration in surface air. In contrast, RM air concentration and wet deposition are largely defined by oxidation chemistry. The Br oxidation mechanism can reproduce successfully the observed seasonal variation of the RM=GEM ratio in the near-surface layer, but it predicts a wet deposition maximum in spring instead of in summer as observed at monitoring sites in North America and Europe. Model runs with OH chemistry correctly simulate both the periods of maximum and minimum values and the amplitude of observed seasonal variation but shift the maximum RM=GEM ratios from spring to summer. O3 chemistry does not predict significant seasonal variation of Hg oxidation. Hence, the performance of the Hg oxidation mechanisms under study differs in the extent to which they can reproduce the various observed parameters. This variation implies possibility of more complex chemistry and multiple Hg oxidation pathways occurring concurrently in various parts of the atmosphere

Rationale for BepiColombo Studies of Mercury's Surface and Composition

BepiColombo has a larger and in many ways more capable suite of instruments relevant for determination of the topographic, physical, chemical and mineralogical properties of Mercury's surface than the suite carried by NASA's MESSENGER spacecraft. Moreover, BepiColombo's data rate is substantially higher. This equips it to confirm, elaborate upon, and go beyond many of MESSENGER's remarkable achievements. Furthermore, the geometry of BepiColombo's orbital science campaign, beginning in 2026, will enable it to make uniformly resolved observations of both northern and southern hemispheres. This will offer more detailed and complete imaging and topographic mapping, element mapping with better sensitivity and improved spatial resolution, and totally new mineralogical mapping. We discuss MESSENGER data in the context of preparing for BepiColombo, and describe the contributions that we expect BepiColombo to make towards increased knowledge and understanding of Mercury's surface and its composition. Much current work, including analysis of analogue materials, is directed towards better preparing ourselves to understand what BepiColombo might reveal. Some of MESSENGER's more remarkable observations were obtained under unique or extreme conditions. BepiColombo should be able to confirm the validity of these observations and reveal the extent to which they are representative of the planet as a whole. It will also make new observations to clarify geological processes governing and reflecting crustal origin and evolution. We anticipate that the insights gained into Mercury's geological history and its current space weathering environment will enable us to better understand the relationships of surface chemistry, morphologies and structures with the composition of crustal types, including the nature and mobility of volatile species. This will enable estimation of the composition of the mantle from which the crust was derived, and lead to tighter constraints on models for Mercury's origin including the nature and original heliocentric distance of the material from which it formed.Peer reviewe

Photometric behavior of Ryugu's NIR spectral parameters

Context. JAXA’s Hayabusa2 mission rendezvoused the Ryugu asteroid for 1.5 years to clarify the carbonaceous asteroids’ record for Solar System origin and evolution. Aims. We studied the photometric behavior of the spectral parameters characterizing the near-infrared (NIR) spectra of Ryugu provided by the Hayabusa2/NIRS3 instrument, that is to say 1.9 µm reflectance, 2.7 and 2.8 µm band depths (ascribed to phyllosilicates), and NIR slope. Methods. For each parameter, we applied the following empirical approach: (1) retrieval of the equigonal albedo by applying the Akimov disk function (this step was only performed for the reflectance photometric correction); (2) retrieval of the median spectral parameter value at each phase angle bin; and (3) retrieval of the phase function by a linear fit. Results. Ryugu’s phase function shows a steepness similar to Ceres, according to the same taxonomy of the two asteroids. Band depths decrease with increasing phase angle: this trend is opposite to that observed on other asteroids explored by space missions and is ascribed to the very dark albedo. NIR and visible phase reddening are similar, contrary to other asteroids, where visible phase reddening is larger: this could be due to surface darkness or to particle smoothness. Albedo and band depths are globally uncorrelated, but locally anticorrelated. A correlation between darkening and reddening is observed

Reducing the environmental impact of surgery on a global scale: systematic review and co-prioritization with healthcare workers in 132 countries

Abstract Background Healthcare cannot achieve net-zero carbon without addressing operating theatres. The aim of this study was to prioritize feasible interventions to reduce the environmental impact of operating theatres. Methods This study adopted a four-phase Delphi consensus co-prioritization methodology. In phase 1, a systematic review of published interventions and global consultation of perioperative healthcare professionals were used to longlist interventions. In phase 2, iterative thematic analysis consolidated comparable interventions into a shortlist. In phase 3, the shortlist was co-prioritized based on patient and clinician views on acceptability, feasibility, and safety. In phase 4, ranked lists of interventions were presented by their relevance to high-income countries and low–middle-income countries. Results In phase 1, 43 interventions were identified, which had low uptake in practice according to 3042 professionals globally. In phase 2, a shortlist of 15 intervention domains was generated. In phase 3, interventions were deemed acceptable for more than 90 per cent of patients except for reducing general anaesthesia (84 per cent) and re-sterilization of ‘single-use’ consumables (86 per cent). In phase 4, the top three shortlisted interventions for high-income countries were: introducing recycling; reducing use of anaesthetic gases; and appropriate clinical waste processing. In phase 4, the top three shortlisted interventions for low–middle-income countries were: introducing reusable surgical devices; reducing use of consumables; and reducing the use of general anaesthesia. Conclusion This is a step toward environmentally sustainable operating environments with actionable interventions applicable to both high– and low–middle–income countries

Automatic and Context-Aware Cross-Site Scripting Filter Evasion

Cross-Site Scripting (XSS) is a pervasive vulnerability that involves a huge portion of modern web applications. Implementing a correct and complete XSS filter for user-generated content can really be a challenge for web developers. Many aspects have to be taken into account since the attackers may continuously show off a potentially unlimited armory. This work proposes an approach and a tool – named snuck – for web application penetration testing, which can definitely help in finding hard-to-spot and advanced XSS vulnerabilities. This methodology is based on the inspection of the injection’s reflection context and relies on a set of specialized and obfuscated attack vectors for bypassing filter based protections, adopted against potentially harmful inputs. In addition, XSS testing is performed in-browser, this means that a web browser is driven in reproducing the attacker and possibly the victim behavior. Results of several tests on many popular Content Management Systems proved the benefits of this approach: no other web vulnerability scanner would have been able to discover some advanced ways to bypass robust XSS filters