37 research outputs found
Diffusion in Li<sub>2</sub>O studied by non-equilibrium molecular dynamics for 873 <T/K <1603
The use of non-equilibrium molecular dynamics facilitates the calculation of the cation diffusion constant of Li2O at temperatures too low to be accessible by other methods. Excellent agreement with experimental diffusion coefficients has been obtained over the temperature range 873 < T/K < 1603. Diffusion below 1200 K was shown to be dominated by a concerted nearest-neighbour hopping process, whereas in the high-temperature superionic region an additional mechanism involving a six-coordinate interstitial cation site in the anti-fluorite structure becomes increasingly dominant. Our model thus accounts for the transition from the superionic regime to the non-superionic regime.</p
The Big Society and the Conjunction of Crises: Justifying Welfare Reform and Undermining Social Housing
The idea of the āBig Societyā can be seen as culmination of a long-standing debate about the regulation of welfare. Situating the concept within governance theory, the article considers how the UK coalition government has justified a radical restructuring of welfare provision, and considers its implications for housing provision. Although drawing on earlier modernization processes, the article contends that the genesis for welfare reform was based on an analysis that the government was forced to respond to a unique conjunction of crises: in morality, the state, ideology and economics. The government has therefore embarked upon a programme, which has served to undermine the legitimacy of the social housing sector (most notably in England), with detrimental consequences for residents and raising significant dilemmas for those working in the housing sector
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
In this paper we provide evidence of an emerging criminal infrastructure
enabling impersonation attacks at scale. Impersonation-as-a-Service (ImpaaS)
allows attackers to systematically collect and enforce user profiles
(consisting of user credentials, cookies, device and behavioural fingerprints,
and other metadata) to circumvent risk-based authentication system and
effectively bypass multi-factor authentication mechanisms. We present the
ImpaaS model and evaluate its implementation by analysing the operation of a
large, invite-only, Russian ImpaaS platform providing user profiles for more
than Internet users worldwide. Our findings suggest that the ImpaaS
model is growing, and provides the mechanisms needed to systematically evade
authentication controls across multiple platforms, while providing attackers
with a reliable, up-to-date, and semi-automated environment enabling target
selection and user impersonation against Internet users as scale.Comment: Presented at ACM CCS 2020. Appendix on "Deriving a Threat Model from
Observation" available at
https://michelecampobasso.github.io/publication/2020-11-10-impaa
A Visual One-Time Password Authentication Scheme Using Mobile Devices
16th International Conference, ICICS 2014, Hong Kong, China, December 16-17, 2014The use of passwords for user authentication has become ubiquitous in our everyday lives. However, password theft is becoming a common occurrence due to a variety of security problems associated with passwords. As such, many organizations are moving towards adopting alternative solutions like one-time passwords, which are only valid for a single session. Nevertheless, various one-time password schemes also suffer from a number of drawbacks in terms of their method of generation or delivery. This paper presents the design of a challenge-response visual one-time password authentication scheme that is to be used in conjunction with the camera on a mobile device. The main purpose of the proposed scheme is to be able to send a challenge over a public channel for a user to obtain a session key, while safeguarding the userās long-term secret key. In this paper, we present the authentication protocol, the various design considerations and the advantages provided by the scheme.Department of Computin
Vulnerability analysis and attacks on NFC-enabled mobile phones
Near Field Communication (NFC)-enabled mobile phones and services are starting to appear in the field, yet no attempt was made to analyze the security of NFC-enabled mobile phones. The situation is critical because NFC is mostly used in the area of payment and ticketing. This paper presents our approach to security testing of NFC-enabled mobile phones. Our approach takes into account not only the NFC-subsystem but also software components that can be controlled through the NFC-interface. Through our testing approach, we were able to identify a number of previously unknown vulnerabilities, some of which can be exploited for spoofing of tag content, an NFC-based worm, and for Denial-of-Service attacks. We further show that our findings can be applied to real world NFC-services
Challenges for Dynamic Analysis of iOS Applications
Abstract. Recent research indicates that mobile platforms, such as Android and Appleās iOS increasingly face the threat of malware. These threats range from spyware that steals privacy sensitive information, such as location data or address book contents to malware that tries to collect ransom from users by locking the device and therefore rendering the device useless. Therefore, powerful analysis techniques and tools are necessary to quickly provide an analyst with the necessary information about an application to assess whether this application contains potentially malicious functionality. In this work, we focus on the challenges and open problems that have to be overcome to create dynamic analysis solutions for iOS applications. Additionally, we present two proof-of-concept implementations tackling two of these challenges. First, we present a basic dynamic analysis approach for iOS applications demonstrating the feasibility of dynamic analysis on iOS. Second, addressing the challenge that iOS applications are almost always user interface driven, we also present an approach to automatically exercise an applicationās user interface. The necessity of exercising application user interfaces is demonstrated by the difference in code coverage that we achieve with (69%) and without (16%) such techniques. Therefore, this work is a first step towards comprehensive dynamic analysis for iOS applications.