On recommending hashtags in Twitter networks

National Research Foundation (NRF) Singapore under International Research Centres in Singapore Funding Initiativ

Evaluation of Different Electronic Product Code Discovery Service Models

Electronic Product Code Discovery Service (EPCDS) is an important concept in supply chain processes and in Internet of Things (IOT). It allows supply chain participants to search for their partners, communicate with them and share product information using standardized interfaces securely. Many researchers have been proposing different EPCDS models, considering different requirements. In this paper, we describe existing architecture designs of EPCDS systems, namely Directory Service Model, Query Relay Model and Aggregating Discovery Service Model (ADS). We also briefly mention Secure Discovery Service (SecDS) Model, which is an improved version of Directory Service Model with a secure attribute-based access control mechanism. Then, we analyze the strengths and limitations of these models, by comparing based on non-functional features such as data ownership, confidentiality, business relationship independence, availability, reliability, implementation complexity, visibility, and scalability. From the analysis results, we have a better understanding of which model is more suitable in what kinds of situations or scenarios. Moreover, we suggest possible improvements and identify possible future add-on applications to SecDS model in the paper

PrivateDroid: Private Browsing Mode for Android

Abstract—Private browsing mode is a privacy feature adopted by many modern computer browsers. With the increased use of mobile devices and escalating privacy concerns for mobile users, browser applications on mobile devices have also started incorporating private browsing mode. Even so, the use of private browsing mode is limited to the browser applications and cannot be applied directly on other third-party mobile applications. In this paper, we propose PrivateDroid, which provides a private browsing mode for third-party applications on the Android plat-form. First, we discuss three possible approaches of implementing mobile private browsing mode: code instrumentation, an extra sandbox, and a Linux container approach. Then, we implement PrivateDroid, which creates a new sandbox for every application in private mode and destroys the sandbox once the application is closed. After that, we evaluate usability, efficiency and security of the system with 25 popular Android applications. Our design considerations, implementation details, evaluation results, and challenges lay a foundation of private browsing mode on mobile platforms. Index Terms—Mobile Privacy, Private Browsing Mode I

Biometric authentication on iPhone and Android: Usability, perceptions, and influences on adoption

Abstract—While biometrics have long been promoted as the future of authentication, the recent introduction of Android face unlock and iPhone fingerprint unlock are among the first large-scale deployments of biometrics for consumers. In a 10-participant, within-subjects lab study and a 198-participant online survey, we investigated the usability of these schemes, along with users ’ experiences, attitudes, and adoption decisions. Participants in our lab study found both face unlock and fingerprint unlock easy to use in typical scenarios. The notable exception was that face unlock was completely unusable in a dark room. Most participants preferred fingerprint unlock over face unlock or a PIN. In our survey, most fingerprint unlock users perceived it as more secure and convenient than a PIN. In contrast, face unlock users had mixed experiences, and many had stopped using it. We conclude with design recommendations for biometric authentication on smartphones. I

Launching generic attacks on iOS with approved third-party applications

Abstract. iOS is Apple’s mobile operating system, which is used on iPhone, iPad and iPod touch. Any third-party applications developed for iOS devices are required to go through Apple’s application vetting pro-cess and appear on the official iTunes App Store upon approval. When an application is downloaded from the store and installed on an iOS device, it is given a limited set of privileges, which are enforced by iOS applica-tion sandbox. Although details of the vetting process and the sandbox are kept as black box by Apple, it was generally believed that these iOS security mechanisms are effective in defending against malwares. In this paper, we propose a generic attack vector that enables third-party applications to launch attacks on non-jailbroken iOS devices. Fol-lowing this generic attack mechanism, we are able to construct multiple proof-of-concept attacks, such as cracking device PIN and taking snap-shots without user’s awareness. Our applications embedded with the at-tack codes have passed Apple’s vetting process and work as intended on non-jailbroken devices. Our proof-of-concept attacks have shown that Apple’s vetting process and iOS sandbox have weaknesses which can be exploited by third-party applications. We further provide corresponding mitigation strategies for both vetting and sandbox mechanisms, in order to defend against the proposed attack vector.