Global ETD Search

511	Design and Analysis of Security Schemes for Low-cost RFID Systems Chai, Qi 01 1900 (has links) With the remarkable progress in microelectronics and low-power semiconductor technologies, Radio Frequency IDentification technology (RFID) has moved from obscurity into mainstream applications, which essentially provides an indispensable foundation to realize ubiquitous computing and machine perception. However, the catching and exclusive characteristics of RFID systems introduce growing security and privacy concerns. To address these issues are particularly challenging for low-cost RFID systems, where tags are extremely constrained in resources, power and cost. The primary reasons are: (1) the security requirements of low-cost RFID systems are even more rigorous due to large operation range and mass deployment; and (2) the passive tags' modest capabilities and the necessity to keep their prices low present a novel problem that goes beyond the well-studied problems of traditional cryptography. This thesis presents our research results on the design and the analysis of security schemes for low-cost RFID systems. Motivated by the recent attention on exploiting physical layer resources in the design of security schemes, we investigate how to solve the eavesdropping, modification and one particular type of relay attacks toward the tag-to-reader communication in passive RFID systems without requiring lightweight ciphers. To this end, we propose a novel physical layer scheme, called Backscatter modulation- and Uncoordinated frequency hopping-assisted Physical Layer Enhancement (BUPLE). The idea behind it is to use the amplitude of the carrier to transmit messages as normal, while to utilize its periodically varied frequency to hide the transmission from the eavesdropper/relayer and to exploit a random sequence modulated to the carrier's phase to defeat malicious modifications. We further improve its eavesdropping resistance through the coding in the physical layer, since BUPLE ensures that the tag-to-eavesdropper channel is strictly noisier than the tag-to-reader channel. Three practical Wiretap Channel Codes (WCCs) for passive tags are then proposed: two of them are constructed from linear error correcting codes, and the other one is constructed from a resilient vector Boolean function. The security and usability of BUPLE in conjunction with WCCs are further confirmed by our proof-of-concept implementation and testing. Eavesdropping the communication between a legitimate reader and a victim tag to obtain raw data is a basic tool for the adversary. However, given the fundamentality of eavesdropping attacks, there are limited prior work investigating its intension and extension for passive RFID systems. To this end, we firstly identified a brand-new attack, working at physical layer, against backscattered RFID communications, called unidirectional active eavesdropping, which defeats the customary impression that eavesdropping is a ``passive" attack. To launch this attack, the adversary transmits an un-modulated carrier (called blank carrier) at a certain frequency while a valid reader and a tag interacts at another frequency channel. Once the tag modulates the amplitude of reader's signal, it causes fluctuations on the blank carrier as well. By carefully examining the amplitude of the backscattered versions of the blank carrier and the reader's carrier, the adversary could intercept the ongoing reader-tag communication with either significantly lower bit error rate or from a significantly greater distance away. Our concept is demonstrated and empirically analyzed towards a popular low-cost RFID system, i.e., EPC Gen2. Although active eavesdropping in general is not trivial to be prohibited, for a particular type of active eavesdropper, namely a greedy proactive eavesdropper, we propose a simple countermeasure without introducing extra cost to current RFID systems. The needs of cryptographic primitives on constraint devices keep increasing with the growing pervasiveness of these devices. One recent design of the lightweight block cipher is Hummingbird-2. We study its cryptographic strength under a novel technique we developed, called Differential Sequence Attack (DSA), and present the first cryptanalytic result on this cipher. In particular, our full attack can be divided into two phases: preparation phase and key recovery phase. During the key recovery phase, we exploit the fact that the differential sequence for the last round of Hummingbird-2 can be retrieved by querying the full cipher, due to which, the search space of the secret key can be significantly reduced. Thus, by attacking the encryption (decryption resp.) of Hummingbird-2, our algorithm recovers 36-bit (another 28-bit resp.) out of 128-bit key with $2^{68}$ ($2^{60}$ resp.) time complexity if particular differential conditions of the internal states and of the keys at one round can be imposed. Additionally, the rest 64-bit of the key can be exhaustively searched and the overall time complexity is dominated by $2^{68}$. During the preparation phase, by investing $2^{81}$ effort in time, the adversary is able to create the differential conditions required in the key recovery phase with at least 0.5 probability. As an additional effort, we examine the cryptanalytic strength of another lightweight candidate known as A2U2, which is the most lightweight cryptographic primitive proposed so far for low-cost tags. Our chosen-plaintext-attack fully breaks this cipher by recovering its secret key with only querying the encryption twice on the victim tag and solving 32 sparse systems of linear equations (where each system has 56 unknowns and around 28 unknowns can be directly obtained without computation) in the worst case, which takes around 0.16 second on a Thinkpad T410 laptop. RFID Physical layer security Privacy Lightweight cryptography Electrical and Computer Engineering
512	Security and Privacy Preservation in Vehicular Social Networks Lu, Rongxing January 2012 (has links) Improving road safety and traffic efficiency has been a long-term endeavor for the government, automobile industry and academia. Recently, the U.S. Federal Communication Commission (FCC) has allocated a 75 MHz spectrum at 5.9 GHz for vehicular communications, opening a new door to combat the road fatalities by letting vehicles communicate to each other on the roads. Those communicating vehicles form a huge Ad Hoc Network, namely Vehicular Ad Hoc Network (VANET). In VANETs, a variety of applications ranging from the safety related (e.g. emergence report, collision warning) to the non-safety related (e.g., delay tolerant network, infortainment sharing) are enabled by vehicle-to-vehicle (V-2-V) and vehicle-to-roadside (V-2-I) communications. However, the flourish of VANETs still hinges on fully understanding and managing the challenging issues over which the public show concern, particularly, security and privacy preservation issues. If the traffic related messages are not authenticated and integrity-protected in VANETs, a single bogus and/or malicious message can potentially incur a terrible traffic accident. In addition, considering VANET is usually implemented in civilian scenarios where locations of vehicles are closely related to drivers, VANET cannot be widely accepted by the public if VANET discloses the privacy information of the drivers, i.e., identity privacy and location privacy. Therefore, security and privacy preservation must be well addressed prior to its wide acceptance. Over the past years, much research has been done on considering VANET's unique characteristics and addressed some security and privacy issues in VANETs; however, little of it has taken the social characteristics of VANET into consideration. In VANETs, vehicles are usually driven in a city environment, and thus we can envision that the mobility of vehicles directly reflects drivers' social preferences and daily tasks, for example, the places where they usually go for shopping or work. Due to these human factors in VANETs, not only the safety related applications but also the non-safety related applications will have some social characteristics. In this thesis, we emphasize VANET's social characteristics and introduce the concept of vehicular social network (VSN), where both the safety and non-safety related applications in VANETs are influenced by human factors including human mobility, human self-interest status, and human preferences. In particular, we carry on research on vehicular delay tolerant networks and infotainment sharing --- two important non-safety related applications of VSN, and address the challenging security and privacy issues related to them. The main contributions are, i) taking the human mobility into consideration, we first propose a novel social based privacy-preserving packet forwarding protocol, called SPRING, for vehicular delay tolerant network, which is characterized by deploying roadside units (RSUs) at high social intersections to assist in packet forwarding. With the help of high-social RSUs, the probability of packet drop is dramatically reduced and as a result high reliability of packet forwarding in vehicular delay tolerant network can be achieved. In addition, the SPRING protocol also achieves conditional privacy preservation and resist most attacks facing vehicular delay tolerant network, such as packet analysis attack, packet tracing attack, and black (grey) hole attacks. Furthermore, based on the ``Sacrificing the Plum Tree for the Peach Tree" --- one of the Thirty-Six Strategies of Ancient China, we also propose a socialspot-based packet forwarding (SPF) protocol for protecting receiver-location privacy, and present an effective pseudonyms changing at social spots strategy, called PCS, to facilitate vehicles to achieve high-level location privacy in vehicular social network; ii) to protect the human factor --- interest preference privacy in vehicular social networks, we propose an efficient privacy-preserving protocol, called FLIP, for vehicles to find like-mined ones on the road, which allows two vehicles sharing the common interest to identify each other and establish a shared session key, and at the same time, protects their interest privacy (IP) from other vehicles who do not share the same interest on the road. To generalize the FLIP protocol, we also propose a lightweight privacy-preserving scalar product computation (PPSPC) protocol, which, compared with the previously reported PPSPC protocols, is more efficient in terms of computation and communication overheads; and iii) to deal with the human factor -- self-interest issue in vehicular delay tolerant network, we propose a practical incentive protocol, called Pi, to stimulate self-interest vehicles to cooperate in forwarding bundle packets. Through the adoption of the proper incentive policies, the proposed Pi protocol can not only improve the whole vehicle delay tolerant network's performance in terms of high delivery ratio and low average delay, but also achieve the fairness among vehicles. The research results of the thesis should be useful to the implementation of secure and privacy-preserving vehicular social networks. Security and privacy preservation VANET Vehicular social networks Electrical and Computer Engineering
513	Attitudes towards mobile payment : An empirical study of the consumers’ perception of security, privacy and convenience Lindbäck, Karin, Blommé, Carl January 2011 (has links) Mobile payment is a new payment method that is being introduced on the Swedish market, but has not yet come to its breakthrough. This thesis investigates the attitude the Swedish consumer has towards mobile payment. Based on previous surveys and theory, three main attributes, security, privacy and convenience, were chosen to represent the attitude of the consumer towards mobile payment. In order to analyze the data obtained from the surveys conducted, the multi-attribute attitude model was used. The model showed that convenience was the most beneficial attribute in mobile payment, followed by security and then privacy. Security was the attribute that the survey participants valued the most when it comes to payment methods, but was also the attribute they thought that mobile payment would lack the most. Therefore security was determined to be the most important aspect when it comes to the success of mobile payment. Mobile payment Attitude Security Privacy Convenience Business studies Företagsekonomi
514	När det privata blir offentligt : En kvalitativ studie om hur privatliv framställs i två kända bloggar Öst, Emelie, Söderström, Fanny January 2010 (has links) I bloggar hittar vi mängder av personlig information som berör både blogginnehavaren och dennes anhöriga, medvetet eller omedvetet. Den här studien avser att öka förståelsen för hur privatliv och personligt relaterad information framställs i två kända personers bloggar. Studien baseras på två bloggar skrivna av offentliga, kända personer - Alex Schulman och Pernilla Wahlgren. Han är en känd medieentreprenör och skribent, hon är en folkkär artist och sångerska från en teaterfamilj. Dessa bloggare är redan kända av allmänheten, något som gör att gränsen för vad som är privat och offentlig information blir väldigt suddig. Genom en kvalitativ textanalys i två steg, en beskrivande samt en tolkande textanalys, kommer resultatet visa vilka ämnen som tas upp i bloggarna. I den beskrivande analysen studeras texten, och teman som är unika för bloggarna genereras ur texterna. Därefter tolkas och studeras dessa teman i den tolkande textanalysen för att få en förståelse för den information som bloggarna lämnar ut. Med utgångspunkt i Privacy theory diskuteras vilken typ av personlig information som blogginnehavarna delar med sig utav. Utifrån resultatet av analysen visar studien att de ämnen som presenteras i bloggarna är följande: privat i offentligheten, vardagsreflektioner, självgranskning, känslouttryck, familjeliv och arbete och familj. Privacy Blogg Sociala medier Offentlig Media and communication studies Medie- och kommunikationsvetenskap
515	Essays on the Impact of Regulation Policies Krasteva, Silvana Simeonova January 2009 (has links) <p><p>This work analyzes the impact of regulation policies in two distinct settings.</p><p><p>Chapter 1 provides an overview of the existing theoretical literature on innovation and entrepreneurship. It summarizes some of the main findings of the effect of various means of protecting intellectual property on the innovation incentives and the level of entrepreneurship activity. A general observation is that much of the existing work compares the extremes of no protection and perfect protection and the resulting prediction is that perfect protection leads to higher innovation incentives. This is puzzling in light of the empirical evidence that shows the opposite trend. Chapter 2 explicitly takes into account the fact that patent protection is imperfect and likely to lie in between the two extremes. In addition, in more than 70% of infringement cases in the U.S., infringement damages are calculated according to the so-called reasonable royalties rule that essentially awards a portion of the imitator's realized revenues to the innovator. I show that incorporating these two facts result in a non-monotonic relationship between the patent strength and R&D investment if one moves from zero protection to perfect protection in a continuous way. The intuition is that when protection is less than perfect, though not zero, equilibrium may involve both imitation and damages. Viewing damages as an alternative source of profits, the innovator may be less aggressive in pursuing R&D as patents become stronger. This result has important welfare implications. Besides the well-known effect of reducing welfare due to less competitive markets, stronger protection can further curtail welfare by decreasing R&D investment.</p><p><p>Chapter 3, coauthored with Professor Huseyin Yildirim, studies situations, in which one buyer sequentially negotiates with multiple suppliers to acquire goods or services that are either complements or substitutes to each other. We find that the buyer weakly prefers private negotiations because it creates strategic uncertainty about the outcomes from earlier negotiations, leading to less aggressive pricing. For substitutes, this strategic uncertainty is more beneficial for short expiries because long ones allow purchasing decisions to be made after all negotiations are over, creating enough competition on their own and leading to Bertrand prices. In contrast to substitutes, for which suppliers are in direct competition, complements create incentives for suppliers to coordinate their prices to extract the additional surplus resulting from the complementarities of their goods. In this case, introducing uncertainty through privacy is more beneficial for the buyer as suppliers' bargaining powers increase vis-á-vis the buyer because it creates greater coordination concerns. This leads to a somewhat surprising result that the buyer could benefit from negotiating with more powerful suppliers. The model enables an evaluation of certain laws and regulations that govern bilateral negotiations. For instance, open record/open meetings laws, setting rules on public access of information, generate efficient outcomes, but in general are harmful to the buyer. Similarly, the FTC's cooling-off rule sets long expiries by giving the buyer three days to cancel a contract, which generates efficient outcomes when goods are substitutes because of suppliers' Bertrand pricing, but reduces efficiency when goods are complements since long expiries make coordination harder to sustain.</p> / Dissertation Economics, Theory entrepreneurship innovation negotiations patent protection patent strength privacy
516	Privacy and Proportionality Iachello, Giovanni 03 April 2006 (has links) Over the past several years, the press, trade publications and academic literature have reported with increasing frequency on the social concerns caused by ubiquitous computingInformation Technology (IT) embedded in artifacts, infrastructure and environments of daily life. Designers and researchers of ubiquitous computing (ubicomp) technologies have spent considerable efforts to address these concerns, which include privacy and data protection issues, information security and personal safety. Yet, designing successful ubicomp applications is still an unreliable and expensive endeavor, in part due to imperfect understanding of how technology is appropriated, the lack of effective design tools and the challenges of prototyping these applications in realistic conditions. I introduce the concept of proportionality as a principle able to guide design of ubiquitous computing applications and specifically to attack privacy and security issues. Inspired by the principle, I propose a design process framework that assists the practitioner in making reasoned and documented design choices throughout the development process. I validate the design process framework through a quantitative design experiment vis--vis other design methods. Furthermore, I present several case studies and evaluations to demonstrate the design methods effectiveness and generality. I claim that the design method helps to identify some of the obstacles to the acceptance of ubiquitous computing applications and to translate security and privacy concerns into research questions in the design process. I further discuss some of the inquiry and validation techniques that are appropriate to answer these questions. Ubiquitous computing Privacy Security User-centered design Design methods
517	Strong Privacy Preserving Communication Protocol for VANETs Huang, Shih-wei 23 August 2011 (has links) Vehicular ad hoc networks (VANETs) are instances of mobile ad hoc networks with the aim to enhance the safety and efficiency of road traffic. The basic idea is to allow arbitrary vehicles to broadcast ad hoc messages (e.g. traffic accidents) to other vehicles and remind drivers to change their route immediately or slow down to avoid dangers. However, some concerns of security and privacy are also raised in this environment. Messages should be signed and verified before they are trusted while the real identities of vehicles should not be revealed to guarantee the source privacy, but it still has to be traceable to prevent any abuse of VANETs (e.g. sending a fake message). Many related works have been presented in the literature so far. They can be generally divided into two constructions, where one is based on pseudonymous authentication and the other is based on group signatures. However, both of the two constructions have some drawbacks. Consequently, in this thesis, we come up with a provably secure and strong privacy preserving protocol based on the blind signature technique to guarantee privacy and fulfill other essential security requirements in the vehicular communication environment. Besides, compared with other similar works, we offer an efficient tracing mechanism to trace and revoke the vehicles abusing the VANETs. In addition, considering the real environment, we also provide simulation results to show that our scheme is more practical, efficient and suitable for VANETs under a real city street scenario with high vehicle density. Finally, we also demonstrate the security of the proposed protocol by formal proofs. Blind Signature Vehicular Communication Privacy Preservation Authentication Anonymity
518	Privacy-Preserving Distributed Data Aggregation Scheme with Public Verification in Smart Grid Lai, Yi-Lung 28 August 2012 (has links) The issue of energy shortage has arisen in recent years. All countries must discuss the manner to reduce energy consumption, and smart grid is a better one of the solutions. According to related researches, energy consumption can be effectively reduced using energy management information of smart grids. By using smart grids, electricity suppliers can learn about the current energy consumption of neighborhoods, and control the electrical energy generation and price of electrical energy. Users can learn the current price of electrical energy and obtain energy management information from smart meters for energy management and device control. However, electricity consumptions of users may divulge the privacy information of users. Therefore, privacy of users and communication security of smart grid become crucial security issues. In this thesis, we propose a provably secure power usage data aggregation scheme for smart grids. Electricity suppliers can learn about the current power usage of neighborhoods without knowing the individual electricity consumption of each user, and use the current power usage of neighborhoods to arrange energy distribution. Therefore, electricity suppliers cannot use the data to reveal lifestyles of each user. In our scheme, the transmission information is encrypted and signed to prevent theft or tampering of data. Finally, we also provide formal proofs for our scheme in this thesis. Smart grid Smart meter Data aggregation Privacy Energy management
519	Consumers' Cognitive, Affective, and Behavioral Responses to an Invasion of Privacy: Essays on Understanding Consumer's Privacy Concerns Srivastava, Mona 15 May 2009 (has links) This dissertation focuses on the discrepancy between consumers’ attitudes towards privacy and actual behavior. Although consumers increasingly protest against invasions of privacy, they routinely disclose more information than their disclosure intent. Firms make sizeable investments in acquiring consumer information because it helps them build and enhance customer relationships. However, some of the information acquisition occurs at the expense of consumers’ privacy. Against this backdrop, understanding and being responsive to consumers’ privacy concerns is critical. Essay 1 focuses on consumers’ thoughts and feelings underlying their intention to disclose or withhold information from firms. I use the Zaltman Metaphor Elicitation Technique (ZMET), a depth interviewing process that involves story-telling, sensory images, and vignettes based on psychodrama. The results reported are based on depth interviews of twenty consumers from a large city and mid-sized town in the U.S.A. Essay 2 focuses on consumers’ behavioral responses to an invasion of privacy from a social justice theory perspective. I use the Critical Incident Technique (CIT) in an online survey of 997 respondents to understand thoughts and feelings about privacy that drive the behavioral responses of consumers to an actual/potential invasion of privacy. I identify the antecedents and outcomes of consumers’ information experience with firms. Additionally, I examine vividness effects to understand the extent to which consumer perceptions of likely outcomes due to firms acquiring and using information about them are influenced by media coverage of the issue. Building on the findings of essays 1 and 2, I develop a model and working hypotheses for further empirical analysis. By examining the negative (i.e., violation of privacy) as well as positive experiences of consumers, I identify how consumers’ attitudes towards firms acquiring and using information about them are focused on risks, whereas their behavior takes into account risks as well as rewards. A better understanding of consumers’ privacy concerns can be valuable to firms in personalizing their data acquisition and use strategies, customer communications as well as their overall customer relationship management (CRM) strategy. Privacy CRM Customer Relationship Managament Consumer information Database marketing
520	Using Secure Real-time Padding Protocol to Secure Voice-over-IP from Traffic Analysis Attacks Mohanty, Saswat 2011 May 1900 (has links) Voice Over IP (VoIP) systems and transmission technologies have now become the norm for many communications applications. However, whether they are used for personal communication or priority business conferences and talks, privacy and confidentiality of the communication is of utmost priority. The present industry standard is to encrypt VoIP calls using Secure Real-time Transport Protocol (SRTP), aided by ZRTP, but this methodology remains vulnerable to traffic analysis attacks, some of which utilize the length of the encrypted packets to infer the language and spoken phrases of the conversation. Secure Real-time Padding Protocol (SRPP) is a new RTP profile which pads all VoIP sessions in a unique way to thwart traffic analysis attacks on encrypted calls. It pads every RTP or SRTP packet to a predefined packet size, adds dummy packets at the end of every burst in a controllable way, adds dummy bursts to hide silence spurts, and hides information about the packet inter-arrival timings. This thesis discusses a few practical approaches and a theoretical optimization approach to packet size padding. SRPP has been implemented in the form of a library, libSRPP, for VoIP application developers and as an application, SQRKal, for regular users. SQRKal also serves as an extensive platform for implementation and verification of new packet padding techniques. Traffic Analysis Padding SRPP VoIP Security Privacy and Anonymity

Search results