I know what you did last summer: New persistent tracking mechanisms in the wild

OAPA As the usage of the web increases, so do the threats an everyday user faces. One of the most pervasive threats a web user faces is tracking, which enables an entity to gain unauthorised access to the user’s personal data. Through the years many client storage technologies, such as cookies, have been used for this purpose and have been extensively studied in the literature. The focus of this work is on three newer client storage mechanisms, namely Web Storage, Web SQL Database and Indexed Database API. Initially, a large-scale analysis of their usage on the web is conducted to appraise their usage in the wild. Then, this work examines the extent they are used for tracking purposes. The results suggest that Web Storage is the most used among the three technologies. More importantly, to the best of our knowledge this work is the first to suggest web tracking as the main use case of these technologies. Motivated by these results, this work examines whether popular desktop and mobile browsers protect their users from tracking mechanisms that use Web Storage, Web SQL Database and Indexed Database. Our results uncover many cases where the relevant security controls are ineffective, thus making it virtually impossible for certain users to avoid tracking

Security considerations around the usage of client-side storage APIs

Web Storage, Indexed Database API and Web SQL Database are primitives that allow web browsers to store information in the client in a much more advanced way compared to other techniques such as HTTP Cookies. They were originally introduced with the goal of enhancing the capabilities of websites, however, they are often exploited as a way of tracking users across multiple sessions and websites. This work is divided in two parts. First, it quantifies the usage of these three primitives in the context of user tracking. This is done by performing a large-scale analysis on the usage of these techniques in the wild. The results highlight that code snippets belonging to those primitives can be found in tracking scripts at a surprising high rate, suggesting that user tracking is a major use case of these technologies. The second part reviews of the effectiveness of the removal of client-side storage data in modern browsers. A web application, built for specifically for this study, is used to highlight that it is often extremely hard, if not impossible, for users to remove personal data stored using the three primitives considered. This finding has significant implications, because those techniques are often uses as vector for cookie resurrection

Experiences from Using Gamification and IoT-based Educational Tools in High Schools towards Energy Savings

Raising awareness among young people, and especially students, on the relevance of behavior change for achieving energy savings is increasingly being considered as a key enabler towards long-term and cost-effective energy efficiency policies. However, the way to successfully apply educational interventions focused on such targets inside schools is still an open question. In this paper, we present our approach for enabling IoT-based energy savings and sustainability awareness lectures and promoting data-driven energy-saving behaviors focused on a high school audience. We present our experiences toward the successful application of sets of educational tools and software over a real-world Internet of Things (IoT) deployment. We discuss the use of gamification and competition as a very effective end-user engagement mechanism for school audiences. We also present the design of an IoT-based hands-on lab activity, integrated within a high school computer science curricula utilizing IoT devices and data produced inside the school building, along with the Node-RED platform. We describe the tools used, the organization of the educational activities and related goals. We report on the experience carried out in both directions in a high school in Italy and conclude by discussing the results in terms of achieved energy savings within an observation period.Comment: to be presented at 2019 European Conference on Ambient Intelligenc

An Economic Study of the Effect of Android Platform Fragmentation on Security Updates

Vendors in the Android ecosystem typically customize their devices by modifying Android Open Source Project (AOSP) code, adding in-house developed proprietary software, and pre-installing third-party applications. However, research has documented how various security problems are associated with this customization process. We develop a model of the Android ecosystem utilizing the concepts of game theory and product differentiation to capture the competition involving two vendors customizing the AOSP platform. We show how the vendors are incentivized to differentiate their products from AOSP and from each other, and how prices are shaped through this differentiation process. We also consider two types of consumers: security-conscious consumers who understand and care about security, and na\"ive consumers who lack the ability to correctly evaluate security properties of vendor-supplied Android products or simply ignore security. It is evident that vendors shirk on security investments in the latter case. Regulators such as the U.S. Federal Trade Commission have sanctioned Android vendors for underinvestment in security, but the exact effects of these sanctions are difficult to disentangle with empirical data. Here, we model the impact of a regulator-imposed fine that incentivizes vendors to match a minimum security standard. Interestingly, we show how product prices will decrease for the same cost of customization in the presence of a fine, or a higher level of regulator-imposed minimum security.Comment: 22nd International Conference on Financial Cryptography and Data Security (FC 2018

Evidence of inhibin/activin subunit betaC and betaE synthesis in normal human endometrial tissue

<p>Abstract</p> <p>Background</p> <p>Inhibins are important regulators of the female reproductive system. Recently, two new inhibin subunits betaC and betaE have been described, although it is unclear if they are synthesized in normal human endometrium.</p> <p>Methods</p> <p>Samples of human endometrium were obtained from 82 premenopausal, non-pregnant patients undergoing gynecological surgery for benign diseases. Endometrium samples were classified according to anamnestic and histological dating into proliferative (day 1-14, n = 46), early secretory (day 15-22, n = 18) and late secretory phase (day 23-28, n = 18). Immunohistochemical analyses were performed with specific antibodies against inhibin alpha (n = 81) as well as inhibin betaA (n = 82), betaB (n = 82), betaC (n = 74) and betaE (n = 76) subunits. RT-PCR was performed for all inhibin subunits. Correlation was assessed with the Spearman factor to assess the relationship of inhibin-subunits expression within the different endometrial samples.</p> <p>Results</p> <p>The novel inhibin betaC and betaE subunits were found in normal human endometrium by immunohistochemical and molecular techniques. Inhibin alpha, betaA, betaB and betaE subunits showed a circadian expression pattern, being more abundant during the late secretory phase than during the proliferative phase. Additionally, a significant correlation between inhibin alpha and all inhibin beta subunits was observed.</p> <p>Conclusions</p> <p>The differential expression pattern of the betaC- and betaE-subunits in normal human endometrial tissue suggests that they function in endometrial maturation and blastocyst implantation. However, the precise role of these novel inhibin/activin subunits in human endometrium is unclear and warrants further investigation.</p

Signal modelling: A versatile approach for the automatic analysis of the electroencephalogram

Despite recent advances in brain monitoring techniques, the electroencephalogram (EEG) is still widely used in the diagnosis and monitoring of epilepsy. To increase its effectiveness, long-term monitoring of patients was proposed but the large volume of recorded EEG signals produced, made their traditional interpretation by human experts difficult and automatic EEG analysis was proposed as an alternative. This Thesis is concerned, primarily, with the on-line detection of epileptic transients (spikes) in the interictal EEG signals of patients. A review of previous methods, revealed that the limited success of automatic analysis systems was linked to the vagueness of neurophysiological definitions and the subjectiveness of human interpretation, which is based on experience. To address these issues, it was realized that a common point of reference is required for the integration of medical and signal processing expertise, which could be provided by a model of the signal. Early attempts to develop such a model are described. These led to the development of spike detectors based on the derivatives of the EEG. Later, by describing medical definitions with signal processing terminology, a comprehensive model of the signal was constructed. This was based on its decomposition into background activity, spikes, transients and noise and describing each one of them in terms of simple, random signals and quasi-linear systems. This suggested a method of analysis based on inverse modelling for the decomposition of the EEG. The model for transients was estimated off-line. An on-line system, consisting of adaptive prediction error systems, constrained all-pole adaptive systems and a basic signal detection procedure was implemented. Several alternative adaptive realizations were investigated. The spike detection procedure was generalized for the detection of other transients. Finally this procedure was replaced by a Multi-Layer Perceptron neural network, whose inherent ability to learn by example is important, as it provides the means to incorporate medical experience without requiring its explicit quantification. The system is flexible and its extension to detect any number of transients is demonstrated. The method may be applied to other signals and improved by new developments in signal processing