21 research outputs found
Towards accurate accounting of cellular data for TCP retransmission
The current architecture supporting data services to mobile devices is built below the network layer (IP) and users receive the payload at the application layer. Between them is the transport layer that can cause data consumption inflation due to the retransmission mecha-nism that provides reliable delivery. In this paper, we examine the accounting policies of five large cellular ISPs in the U.S. and South Korea. We look at their policies regarding the transport layer re-liability mechanism with TCPâs retransmission and show that the current implementation of accounting policies either fails to meet the billing fairness or is vulnerable to charge evasions. Three of the ISPs surveyed charge for all IP packets regardless of retransmis-sion, allowing attackers to inflate a victimâs bill by intentionally re-transmitting packets. The other two ISPs deduct the retransmitted amount from the userâs bill thus allowing tunneling through TCP retransmissions. We show that a âfree-riding â attack is viable with these ISPs and discuss some of the mitigation techniques
Sok: Security and privacy in implantable medical devices and body area networks.
Abstract-Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and identify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required
Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists
Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent highâprofile case example to outline a proactive approach to security awareness that incorporates a scientific, riskâbased analysis of security concerns that supports ongoing discussions with patients about their medical devices.Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/1/pace13102_am.pdfhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/2/pace13102.pd
Starburst99: Synthesis Models for Galaxies with Active Star Formation
Starburst99 is a comprehensive set of model predictions for
spectrophotometric and related properties of galaxies with active star
formation. The models are an improved and extended version of the data set
previously published by Leitherer & Heckman (1995). We have upgraded our code
by implementing the latest set of stellar evolution models of the Geneva group
and the model atmosphere grid compiled by Lejeune et al. (1997). Several
predictions which were not included in the previous publication are shown here
for the first time. The models are presented in a homogeneous way for five
metallicities between Z = 0.040 and 0.001 and three choices of the initial mass
function. The age coverage is 10^6 to 10^9 yr. We also show the spectral energy
distributions which are used to compute colors and other quantities. The full
data set is available for retrieval at
http://www.stsci.edu/science/starburst99/. This website allows users to run
specific models with non-standard parameters as well. We also make the source
code available to the community.Comment: 32 pages, LaTeX. All the Figures and the summary Table are located at
http://www.stsci.edu/science/starburst99/, ApJ accepte
Toward a Safe Integrated Clinical Environment: A Communication Security Perspective
With a vision emerging for dynamically composable and interoperable medical devices and information systems, many communication standards have been proposed, and more are in development. However, few include sufficiently comprehensive or flexible security mechanisms to meet current and future safety needs. In this work, we enumerate security requirements for the communication stack of a medical composition framework. We then survey existing medical and non-medical communication standards and find significant gaps between required properties and those that can be fulfilled even by combinations of currently standardized protocols. This paper is meant to inform future work on building such a comprehensive protocol stack or standardizing protocols and protocol suites that satisfy the properties needed for safe and secure next-generation device coordination
SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks
AbstractâBalancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and iden-tify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required. I