Towards accurate accounting of cellular data for TCP retransmission

The current architecture supporting data services to mobile devices is built below the network layer (IP) and users receive the payload at the application layer. Between them is the transport layer that can cause data consumption inflation due to the retransmission mecha-nism that provides reliable delivery. In this paper, we examine the accounting policies of five large cellular ISPs in the U.S. and South Korea. We look at their policies regarding the transport layer re-liability mechanism with TCP’s retransmission and show that the current implementation of accounting policies either fails to meet the billing fairness or is vulnerable to charge evasions. Three of the ISPs surveyed charge for all IP packets regardless of retransmis-sion, allowing attackers to inflate a victim’s bill by intentionally re-transmitting packets. The other two ISPs deduct the retransmitted amount from the user’s bill thus allowing tunneling through TCP retransmissions. We show that a “free-riding ” attack is viable with these ISPs and discuss some of the mitigation techniques

Sok: Security and privacy in implantable medical devices and body area networks.

Abstract-Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and identify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required

Cybersecurity and medical devices: A practical guide for cardiac electrophysiologists

Medical devices increasingly depend on software. While this expands the ability of devices to perform key therapeutic and diagnostic functions, reliance on software inevitably causes exposure to hazards of security vulnerabilities. This article uses a recent high‐profile case example to outline a proactive approach to security awareness that incorporates a scientific, risk‐based analysis of security concerns that supports ongoing discussions with patients about their medical devices.Peer Reviewedhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/1/pace13102_am.pdfhttps://deepblue.lib.umich.edu/bitstream/2027.42/138357/2/pace13102.pd

Starburst99: Synthesis Models for Galaxies with Active Star Formation

Starburst99 is a comprehensive set of model predictions for spectrophotometric and related properties of galaxies with active star formation. The models are an improved and extended version of the data set previously published by Leitherer & Heckman (1995). We have upgraded our code by implementing the latest set of stellar evolution models of the Geneva group and the model atmosphere grid compiled by Lejeune et al. (1997). Several predictions which were not included in the previous publication are shown here for the first time. The models are presented in a homogeneous way for five metallicities between Z = 0.040 and 0.001 and three choices of the initial mass function. The age coverage is 10^6 to 10^9 yr. We also show the spectral energy distributions which are used to compute colors and other quantities. The full data set is available for retrieval at http://www.stsci.edu/science/starburst99/. This website allows users to run specific models with non-standard parameters as well. We also make the source code available to the community.Comment: 32 pages, LaTeX. All the Figures and the summary Table are located at http://www.stsci.edu/science/starburst99/, ApJ accepte

Toward a Safe Integrated Clinical Environment: A Communication Security Perspective

With a vision emerging for dynamically composable and interoperable medical devices and information systems, many communication standards have been proposed, and more are in development. However, few include sufficiently comprehensive or flexible security mechanisms to meet current and future safety needs. In this work, we enumerate security requirements for the communication stack of a medical composition framework. We then survey existing medical and non-medical communication standards and find significant gaps between required properties and those that can be fulfilled even by combinations of currently standardized protocols. This paper is meant to inform future work on building such a comprehensive protocol stack or standardizing protocols and protocol suites that satisfy the properties needed for safe and secure next-generation device coordination

SoK: Security and Privacy in Implantable Medical Devices and Body Area Networks

Abstract—Balancing security, privacy, safety, and utility is a necessity in the health care domain, in which implantable medical devices (IMDs) and body area networks (BANs) have made it possible to continuously and automatically manage and treat a number of health conditions. In this work, we survey publications aimed at improving security and privacy in IMDs and health-related BANs, providing clear definitions and a comprehensive overview of the problem space. We analyze common themes, categorize relevant results, and iden-tify trends and directions for future research. We present a visual illustration of this analysis that shows the progression of IMD/BAN research and highlights emerging threats. We identify three broad research categories aimed at ensuring the security and privacy of the telemetry interface, software, and sensor interface layers and discuss challenges researchers face with respect to ensuring reproducibility of results. We find that while the security of the telemetry interface has received much attention in academia, the threat of software exploitation and the sensor interface layer deserve further attention. In addition, we observe that while the use of physiological values as a source of entropy for cryptographic keys holds some promise, a more rigorous assessment of the security and practicality of these schemes is required. I