703 research outputs found
A dynamical system approach to higher order gravity
The dynamical system approach has recently acquired great importance in the
investigation on higher order theories of gravity. In this talk I review the
main results and I give brief comments on the perspectives for further
developments.Comment: 6 pages, 1 figure, 2 tables, talk given at IRGAC 2006, July 200
Proximity Tracing in an Ecosystem of Surveillance Capitalism
Proximity tracing apps have been proposed as an aide in dealing with the
COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons
from mobile devices to build a record of proximate encounters between a pair of
device owners. The underlying protocols are known to suffer from false positive
and re-identification attacks. We present evidence that the attacker's
difficulty in mounting such attacks has been overestimated. Indeed, an attacker
leveraging a moderately successful app or SDK with Bluetooth and location
access can eavesdrop and interfere with these proximity tracing systems at no
hardware cost and perform these attacks against users who do not have this app
or SDK installed. We describe concrete examples of actors who would be in a
good position to execute such attacks. We further present a novel attack, which
we call a biosurveillance attack, which allows the attacker to monitor the
exposure risk of a smartphone user who installs their app or SDK but who does
not use any contact tracing system and may falsely believe that they have opted
out of the system.
Through traffic auditing with an instrumented testbed, we characterize
precisely the behaviour of one such SDK that we found in a handful of
apps---but installed on more than one hundred million mobile devices. Its
behaviour is functionally indistinguishable from a re-identification or
biosurveillance attack and capable of executing a false positive attack with
minimal effort. We also discuss how easily an attacker could acquire a position
conducive to such attacks, by leveraging the lax logic for granting permissions
to apps in the Android framework: any app with some geolocation permission
could acquire the necessary Bluetooth permission through an upgrade, without
any additional user prompt. Finally we discuss motives for conducting such
attacks
A novel hybrid password authentication scheme based on text and image
Considering the popularity and wide deployment of text passwords, we predict that they will be used as a prevalent authentication mechanism for many years to come. Thus, we have carried out studies on mechanisms to enhance text passwords. These studies suggest that password space and memorability should be improved, with an additional mechanism based on images. The combination of text and images increases resistance to some password attacks, such as brute force and observing attacks. We propose a hybrid authentication scheme integrating text and recognition-based graphical passwords. This authentication scheme can reduce the phishing attacks because if users are deceived to share their key passwords, there is still a chance to save the complete password as attackers do not know the users' image preferences. In addition to the security aspect, the proposed authentication scheme increases memorability as it does not require users to remember long and complex passwords. Thus, with the proposed scheme users will be able to create strong passwords without sacrificing usability. The hybrid scheme also offers an enjoyable sign-in/log-in experience to users
- …