1,720,962 research outputs found
Metodi di autenticazione: Nuovi attacchi e difese
Full text linkAl giorno d'oggi, i sistemi di autenticazione sono molto diffusi nei nostri dispositivi. Proteggono la sicurezza dei nostri sistemi, garantendo che solo le persone autorizzate abbiano accesso a servizi e dati riservati. Grazie a questo ruolo, i sistemi di autenticazione hanno fatto la loro prima apparizione negli anni '60, con la diffusione dei primi computer nelle università. Nel corso degli anni, questi sistemi si sono evoluti. Se i primi sistemi di autenticazione erano basati solo su password, oggi sono notevolmente avanzati. In particolare, con l'ampia diffusione degli smartphone, i sistemi di autenticazione sono diventati di uso comune, focalizzandosi su sistemi user-friendly come quelli biometrici. Questa evoluzione ha generato un mercato in forte crescita, e si prevede che nei prossimi anni aumenterà ancora del 15%, con un fatturato di centinaia di miliardi di dollari.
L'usabilità non è l'unico fattore che influenza l'evoluzione dei sistemi di autenticazione. Anche la loro sicurezza determina la loro evoluzione nel tempo. Se un metodo di autenticazione garantisce la sicurezza di un sistema, è anche vero che è il primo a soffrire di attacchi informatici.
Dopo la comparsa di nuove tecnologie di autenticazione sul mercato, è frequente notare la diffusione di nuovi metodi per aggirare la sicurezza della nuova tecnologia.
La ricerca in queste aree diventa fondamentale: da un lato, per scoprire nuovi sistemi di autenticazione che possano migliorare l'usabilità dei nostri dispositivi, e dall'altro, per anticipare le possibili vulnerabilità e rendere questi sistemi più sicuri.
Questa tesi studia la sicurezza dei metodi di autenticazione, ed è composta da due parti logiche che si concentrano su: (i) lo sviluppo di nuovi attacchi contro i metodi di autenticazione esistenti, (ii) lo sviluppo di nuovi metodi di autenticazione.
Nella prima parte di questa tesi, ci concentriamo sugli attacchi contro i metodi di autenticazione. In particolare, mostriamo l'efficacia di tre attacchi contro la sicurezza dei metodi di autenticazione con password e PIN.
Il primo lavoro mostra come un attaccante possa utilizzare l'audio registrato durante una chiamata VoIP per dedurre i tasti premuti da una vittima. Abbiamo mostrato come questo attacco possa essere usato per dedurre le password con successo. Gli altri due lavori della prima parte consistono in due metodi distinti per rubare i codici segreti dai PIN pad dei bancomat. Per tutti questi attacchi, proponiamo contromisure efficaci mostrando quanto sia importante partecipare attivamente alla ricerca in questo campo per migliorare la sicurezza dei sistemi di autenticazione.
Nella seconda parte di questa tesi, abbiamo esplorato i sistemi di autenticazione sia dal punto di vista dell'autenticazione di utenti che di dispositivi. In particolare, abbiamo studiato un nuovo metodo biometrico basato sul riconoscimento del movimento masticatorio di un utente e un nuovo metodo di autenticazione per garantire la sicurezza dei cyber-physical systems datati. Nel primo lavoro, presentiamo i nostri risultati sperimentali, mostrando come il nostro metodo può garantire la sicurezza dell'utente mantenendo un ambiente user-friendly. Per il secondo lavoro, presentiamo il nostro metodo di autenticazione mostrando come può migliorare la sicurezza delle infrastrutture legacy, mantenendo bassi i costi.Nowadays, authentication systems are widespread in our devices. They protect the security of our systems, guaranteeing that only authorized people have access to reserved services and data. Thanks to this role, authentication systems made their first appearance in the `60s, with the diffusion of the first computers in universities. Over the years, these systems have evolved. If the first authentication systems were based only on passwords, they are considerably advanced today. In particular, with the widespread diffusion of smartphones, authentication systems became commonly used, focusing on user-friendly systems such as biometrics. This evolution generated a market that is growing strongly, and it is expected to increase by 15% again in the next few years, with revenues of hundreds of billions of dollars.
Usability is not the only factor influencing the evolution of authentication systems. Their safety also determines their evolution over time. If an authentication method guarantees the security of a system, it is also true that it is the first to suffer from cyber-attacks.
After the appearance of new authentication technologies on the market, it is frequent to notice the spread of new methods to bypass the security of the novel technology.
Research in these areas becomes fundamental: on one side, to discover new authentication systems that can improve the usability of our devices, and on the other, to anticipate possible vulnerabilities and make these systems more secure.
This thesis investigates the security of authentication methods, and it is composed of two logical parts that focus on: (i) the development of novel attacks against existing authentication methods, (ii) the development of novel authentication methods.
In the first part of this thesis, we focus on attacks against authentication methods. In particular, we show the effectiveness of three attacks against the security of password and PIN authentication methods.
The first work shows how an attacker can use the audio recorded during a VoIP call to infer the keys pressed by a victim. We showed how this attack could be used to infer passwords successfully. The other two works of the first part consist of two distinct methods to steal secret codes from ATM PIN pads. For all these attacks, we propose effective countermeasures showing how important it is to actively participate in research in this field to improve the security of authentication systems.
In the second part of this thesis, we explored authentication systems from the perspective of both users and devices authentication. In particular, we investigated a novel biometrics method based on recognizing the user's chewing movement and a new authentication method to ensure the security of legacy cyber-physical systems. We present our experimental results for the former, showing how our method can guarantee user security by keeping a user-friendly environment. For the latter, we present our authentication method showing how it can improve the security of legacy infrastructures, keeping costs down
Poster: A roaming-based denial of service attack on LTE networks
No full textDuring the last ten years, mobile communications greatly evolved. Along this process, the main goal was to satisfy users' needs such as coverage, communication speed, and availability. However, less attention has been posed to prevent attacks such as Denial of Service (DoS), which aim to render the mobile network unserviceable.
In this paper, we present a novel method to implement a distributed DoS attack on a target mobile operator's Control Network. We exploit the lack of coordination between local and remote components of the LTE network during the roaming authentication process to realize a pulse DoS using temporal lensing. Finally, we discuss the feasibility of our attack on future 5G networks
Going Beyond Counting First Authors in Author Co-citation Analysis
Full text linkThe present study examines one of the fundamental aspects of author co-citation analysis (ACA) - the way co-citation
counts are defined. Co-citation counting provides the data on which all subsequent statistical analyses and mappings
are based, and we compare ACA results based on two different types of co-citation counting - the traditional type that
only counts the first one among a cited work's authors on the one hand and a non-traditional type that takes into
account the first 5 authors of a cited work on the other hand. Results indicate that the picture produced through this non-traditional author co-citation counting contains more coherent author groups and is therefore considerably clearer. However, this picture represents fewer specialties in the research field being studied than that produced through the traditional first-author co-citation counting when the same number of top-ranked authors is selected and analyzed. Reasons for these effects are discussed
Malingering Scraper: A novel framework to reconstruct honest profiles from malingerer psychopathological tests.
No full textMalingered responses to psychological testing are frequent when monetary incentives or other forms of rewards are at stake. Psychological symptoms are usually identified through clinical questionnaires which, however, may be easily inflated by malingered responses (fake-bad). A fake-bad response style is usually identified through specialized scales embedded in the personality questionnaires, but no procedure is currently available that reconstructs honest responses from malingered responses.
In this paper, we present a technique for the Millon (MCMI-III) questionnaire a widely used test for investigating psychopathology. This technique detects malingered MCMI-III profiles (malingering detector) and removes the intentionally inflated test results (malingering remover). We demonstrate that by applying machine learning to the validity scales of MCMI-III we can discriminate between malingerer and honest profiles with 90% accuracy. Moreover, our results show that by applying regression models to malingerer tests, we are able to well reconstruct the original honest profile. Our models decrease the RMSE (Root Mean Square Error) of the reconstruction up to 19% compared to base correction procedures. Finally, applying the malingering detector to the reconstructed scales, we show that only 9% were classified as malingerers, demonstrating the validity of the proposed approach
Variations on the Author
Full text link“Variations on the Author” discusses two of Eduardo Coutinho’s recent films (Um Dia na Vida, from 2010, and Últimas Conversas, posthumously released in 2015) and their contribution to the general question of documentary authorship. The director’s filmography is characterized by a consistent yet self-effacing form of authorial self-inscription: Coutinho often features as an interviewer that rather than express opinions propels discourses; an interviewer that is good at listening. This mode of self-inscription characterizes him as an author who is not expressive but who is nonetheless markedly present on the screen. In Um Dia na Vida, however, Coutinho is completely absent form the image, while Últimas Conversas, on the contrary, includes a confessional prologue that moves the director from the margins to the center of his films. This article examines the ways in which these works stand out in the filmography of a director who offers new insights into the notion of cinematic authorship
Appropriate Similarity Measures for Author Cocitation Analysis
Full text linkWe provide a number of new insights into the methodological discussion about author cocitation analysis. We first argue that the use of the Pearson correlation for measuring the similarity between authors’ cocitation profiles is not very satisfactory. We then discuss what kind of similarity measures may be used as an alternative to the Pearson correlation. We consider three similarity measures in particular. One is the well-known cosine. The other two similarity measures have not been used before in the bibliometric literature. Finally, we show by means of an example that our findings have a high practical relevance.information science;Pearson correlation;cosine;similarity measure;author cocitation analysis
Dispelling the Myths Behind First-author Citation Counts
Full text linkWe conducted a full-scale evaluative citation analysis study of scholars in the XML research field to explore just how different from each other author rankings resulting from different citation counting methods actually are, and to demonstrate the capability of emerging data and tools on the Web in supporting more realistic citation counting methods. Our results contest some common arguments for the continued
use of first-author citation counts in the evaluation of scholars, such as high correlations between author rankings by first-author citation counts and other citation
counting methods, and high costs of using more realistic citation counting methods that are not well-supported by the ISI databases. It is argued that increasingly available digital full text research papers make it possible for citation analysis studies to go beyond what the ISI databases have directly supported and to employ more
sophisticated methods
- …
