A dynamical system approach to higher order gravity

The dynamical system approach has recently acquired great importance in the investigation on higher order theories of gravity. In this talk I review the main results and I give brief comments on the perspectives for further developments.Comment: 6 pages, 1 figure, 2 tables, talk given at IRGAC 2006, July 200

Proximity Tracing in an Ecosystem of Surveillance Capitalism

Proximity tracing apps have been proposed as an aide in dealing with the COVID-19 crisis. Some of those apps leverage attenuation of Bluetooth beacons from mobile devices to build a record of proximate encounters between a pair of device owners. The underlying protocols are known to suffer from false positive and re-identification attacks. We present evidence that the attacker's difficulty in mounting such attacks has been overestimated. Indeed, an attacker leveraging a moderately successful app or SDK with Bluetooth and location access can eavesdrop and interfere with these proximity tracing systems at no hardware cost and perform these attacks against users who do not have this app or SDK installed. We describe concrete examples of actors who would be in a good position to execute such attacks. We further present a novel attack, which we call a biosurveillance attack, which allows the attacker to monitor the exposure risk of a smartphone user who installs their app or SDK but who does not use any contact tracing system and may falsely believe that they have opted out of the system. Through traffic auditing with an instrumented testbed, we characterize precisely the behaviour of one such SDK that we found in a handful of apps---but installed on more than one hundred million mobile devices. Its behaviour is functionally indistinguishable from a re-identification or biosurveillance attack and capable of executing a false positive attack with minimal effort. We also discuss how easily an attacker could acquire a position conducive to such attacks, by leveraging the lax logic for granting permissions to apps in the Android framework: any app with some geolocation permission could acquire the necessary Bluetooth permission through an upgrade, without any additional user prompt. Finally we discuss motives for conducting such attacks

A novel hybrid password authentication scheme based on text and image

Considering the popularity and wide deployment of text passwords, we predict that they will be used as a prevalent authentication mechanism for many years to come. Thus, we have carried out studies on mechanisms to enhance text passwords. These studies suggest that password space and memorability should be improved, with an additional mechanism based on images. The combination of text and images increases resistance to some password attacks, such as brute force and observing attacks. We propose a hybrid authentication scheme integrating text and recognition-based graphical passwords. This authentication scheme can reduce the phishing attacks because if users are deceived to share their key passwords, there is still a chance to save the complete password as attackers do not know the users' image preferences. In addition to the security aspect, the proposed authentication scheme increases memorability as it does not require users to remember long and complex passwords. Thus, with the proposed scheme users will be able to create strong passwords without sacrificing usability. The hybrid scheme also offers an enjoyable sign-in/log-in experience to users