279 resultados para mimicking attack
Resumo:
This paper presents a model for the generation of a MAC tag using a stream cipher. The input message is used indirectly to control segments of the keystream that form the MAC tag. Several recent proposals can be considered as instances of this general model, as they all perform message accumulation in this way. However, they use slightly different processes in the message preparation and finalisation phases. We examine the security of this model for different options and against different types of attack, and conclude that the indirect injection model can be used to generate MAC tags securely for certain combinations of options. Careful consideration is required at the design stage to avoid combinations of options that result in susceptibility to forgery attacks. Additionally, some implementations may be vulnerable to side-channel attacks if used in Authenticated Encryption (AE) algorithms. We give design recommendations to provide resistance to these attacks for proposals following this model.
Resumo:
Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.
Resumo:
Trivium is a bit-based stream cipher in the final portfolio of the eSTREAM project. In this paper, we apply the algebraic attack approach of Berbain et al. to Trivium-like ciphers and perform new analyses on them. We demonstrate a new algebraic attack on Bivium-A. This attack requires less time and memory than previous techniques to recover Bivium-A's initial state. Though our attacks on Bivium-B, Trivium and Trivium-N are worse than exhaustive keysearch, the systems of equations which are constructed are smaller and less complex compared to previous algebraic analyses. We also answer an open question posed by Berbain et al. on the feasibility of applying their technique on Trivium-like ciphers. Factors which can affect the complexity of our attack on Trivium-like ciphers are discussed in detail. Analysis of Bivium-B and Trivium-N are omitted from this manuscript. The full paper is available on the IACR ePrint Archive.
Resumo:
Throughout Australia (and in comparable urban contexts around the world) public spaces may be said to be under attack by developers and also attempts by civic authorities to regulate, restrict, rebrand and reframe them. A consequence of the increasingly security driven, privatised and surveilled nature of public space is the exclusion and displacement of those considered flawed and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities discourses can refashion public space as sites of selective inclusion and exclusion. In this context of monitoring and control procedures, children and young people’s use of space in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to the social order, requiring various forms of punitive and/or remedial action. This paper discusses developments in the surveillance, governance and control of public space used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of place and belonging, and right to public space as an expression of their civil, political and social citizenship(s).
Resumo:
Maritime terrorism is one of the main maritime security issues in the contemporary world. The threat of maritime terrorism is more apparent than ever in the post-September 11 era. Although maritime terrorism is an old issue, the disastrous events of 11 September 2001 brought this issue again onto the global agenda. This incident brought to the forefront the longstanding concerns that terrorists could severely disrupt the global maritime supply chain by using shipping containers or vessels to attack major business centres, port facilities and offshore installations. A number of international criminal law studies have been conducted to identify international legal challenges in maritime security. Some of these works have critically examined the international legal framework for maritime security and identified the lacunas in the existing system. Some of these writings have also identified that emerging maritime terrorism issues are prompting States to introduce some stringent measures. Although the international legal regime related to maritime terrorism is a well-researched area, very little research work has explored the legal issues related to State responsibility for maritime terrorism. This article argues that, although the United Nations Convention on the Law of the Sea (UNCLOS) provisions related to maritime piracy may not be applicable for some dimensions of maritime violence, different provisions of UNCLOS may relevant in identifying State responsibility for maritime terrorism.
Resumo:
This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing higher status numbers to the receiving intelligent electronic device (IED). This prevents legitimate GOOSE frames from being processed and effectively causes a hijacking of the communication channel, which can be used to implement a denial–of–service (DoS) or manipulate the subscriber (unless a status number roll-over occurs). The authors refer to this attack as a poisoning of the subscriber. A number of GOOSE poisoning attacks are evaluated experimentally on a test bed and demonstrated to be successful.
Resumo:
Estimation of total protein concentration is an essential step in any protein- or peptide-centric analysis pipeline. This study demonstrates that urobilin, a breakdown product of heme and a major constituent of urine, interferes considerably with the bicinchoninic acid (BCA) assay. This interference is probably due to the propensity of urobilin to reduce cupric ions (Cu2+) to cuprous ions (Cu1+), thus mimicking the reduction of copper by proteins, which the assay was designed to do. In addition, it is demonstrated that the Bradford assay is more resistant to the influence of urobilin and other small molecules. As such, urobilin has a strong confounding effect on the estimate of total protein concentrations obtained by BCA assay and thus this assay should not be used for urinary protein quantification. It is recommended that the Bradford assay be used instead.
Resumo:
PROBLEM Estradiol regulates chemokine secretion from uterine epithelial cells, but little is known about estradiol regulation in vivo or the role of estrogen receptors (ERs). METHOD CCL20 and CXCL1 present in reproductive washes following treatment with selective estrogen receptor modulators (SERMs) were compared with that during estrous and following estradiol-treated ovariectomized BALB/c mice. Cellular regulation was determined using isolated vaginal and uterine epithelial/stromal cells in vitro. RESULTS Uterine and vaginal chemokine secretion is cyclically regulated with CCL20 at low levels but CXCL1 at high levels during high estradiol, generally mimicking estradiol effect in vivo. ERα but not ERβ regulated CCL20/CXCL1 secretion by uterine epithelial cells in vitro and vaginal CCL20 in vivo. Estradiol/SERMs failed to alter uterine CCL20 secretion in ovariectomized mice. Diminished uterine epithelial ERα staining following ovariectomy corresponded with estradiol unresponsiveness of uterine tissue. CONCLUSION Estrogen receptors α regulates CCL20/CXCL1 secretion in the female reproductive tract, and ERα antagonists directly oppose the regulation by estradiol. Understanding ER-mediated antimicrobial chemokine expression is important to elucidate cyclic susceptibility to sexually transmitted pathogens.
Resumo:
The immune system in the female reproductive tract (FRT) does not mount an attack against HIV or other sexually transmitted infections (STI) with a single endogenously produced microbicide or with a single arm of the immune system. Instead, the body deploys dozens of innate antimicrobials to the secretions of the female reproductive tract. Working together, these antimicrobials along with mucosal antibodies attack many different viral, bacterial and fungal targets. Within the FRT, the unique challenges of protection against sexually transmitted pathogens coupled with the need to sustain the development of an allogeneic fetus have evolved in such a way that sex hormones precisely regulate immune function to accomplish both tasks. The studies presented in this review demonstrate that estradiol and progesterone secreted during the menstrual cycle act both directly and indirectly on epithelial cells and other immune cells in the reproductive tract to modify immune function in a way that is unique to specific sites throughout the FRT. As presented in this review, studies from our laboratory and others demonstrate that the innate immune response is under hormonal control, varies with the stage of the menstrual cycle, and as such is suppressed at mid-cycle to optimize conditions for successful fertilization and pregnancy. In doing so, a window of STI vulnerability is created during which potential pathogens including HIV enter the reproductive tract to infect host targets.
Resumo:
Throughout much of the world, urban and rural public spaces may be said to be under attack by property developers, commercial interests and also attempts by civic authorities to regulate, restrict, reframe and rebrand these spaces. A consequence of the increasingly security driven, privatised, commercial and surveilled nature of public space is the exclusion and displacement of those considered ‘flawed’ and unwelcome in the ‘spectacular’ consumption spaces of many major urban centres. In the name of urban regeneration, processes of securitisation, ‘gentrification’ and creative cities initiatives can act to refashion public space as sites of selective inclusion and exclusion. The use of surveillance and other control technologies as deployed in and around the UK ‘Riots’ of 2011 may help to promote and encourage a passing sense of personal safety and confidence in using public space. Through systems of social sorting, the same surveillance assemblages can also further the physical, emotional and psychological exclusion of certain groups and individuals, deemed to be both ‘out of time and out of place’ in major zones of urban, conspicuous, consumption. In this harsh environment of monitoring and control procedures, children and young people’s use of public spaces and places in parks, neighbourhoods, shopping malls and streets is often viewed as a threat to social order, requiring various forms of punitive and/or remedial action. Much of this civic action actively excludes some children and young people from participation and as a consequence, their trust in local processes and communities is eroded. This paper discusses worldwide developments in the surveillance, governance and control of the public space environments used by children and young people in particular and the capacity for their displacement and marginality, diminishing their sense of belonging, wellbeing and rights to public space as an expression of their social, political and civil citizenship(s).
Resumo:
This paper will identify and discuss the major occupational health and safety (OHS) hazards and risks for clean-up and recovery workers. The lessons learned from previous disasters including; the Exxon Valdez oil spill, World Trade Centre (WTC) terrorist attack, Hurricane Katrina and the Deepwater Horizon Gulf of Mexico oil spill will be discussed. The case for an increased level of preparation and planning to mitigate the health risks for clean-up and recovery workers will be presented, based on recurring themes identified in the peer reviewed literature. There are a number of important issues pertaining to the occupational health and safety of workers who are engaged in clean-up and recovery operations following natural and technological disasters. These workers are often exposed to a wide range of occupational health and safety hazards, some of which may be unknown at the time. It is well established that clean-up and recovery operations involve risks of physical injury, for example, from manual handling, mechanical equipment, extreme temperatures, slips, trips and falls. In addition to these well established physical injury risks there are now an increasing number of studies which highlight the risks of longer term or chronic health effects arising from clean-up and recovery work. In particular, follow up studies from the Exxon Valdez oil spill, Hurricane Katrina and the World Trade Centre (WTC) terrorism attack have documented the longer term health consequences of these events. These health effects include respiratory symptoms and musculoskeletal disorders, as well as post traumatic stress disorder (PTSD). In large scale operations many of those workers and supervisors involved have not had any specific occupational health and safety (OHS) training and may not have access to the necessary instruction, personal protective equipment or other appropriate equipment, this is especially true when volunteers are used to form part of the clean-up and recovery workforce. In general, first responders are better equipped and trained than clean-up and recovery workers and some of the training approaches used for the traditional first responders would be relevant for clean-up and recovery workers.
Resumo:
Fusion techniques can be used in biometrics to achieve higher accuracy. When biometric systems are in operation and the threat level changes, controlling the trade-off between detection error rates can reduce the impact of an attack. In a fused system, varying a single threshold does not allow this to be achieved, but systematic adjustment of a set of parameters does. In this paper, fused decisions from a multi-part, multi-sample sequential architecture are investigated for that purpose in an iris recognition system. A specific implementation of the multi-part architecture is proposed and the effect of the number of parts and samples in the resultant detection error rate is analysed. The effectiveness of the proposed architecture is then evaluated under two specific cases of obfuscation attack: miosis and mydriasis. Results show that robustness to such obfuscation attacks is achieved, since lower error rates than in the case of the non-fused base system are obtained.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.
Resumo:
The development of effective therapeutic strategies against prostate cancer bone metastases has been impeded by the lack of adequate animal models that are able to recapitulate the biology of the disease in humans. Bioengineered approaches allow researchers to create sophisticated experimentally and physiologically relevant in vivo models to study interactions between cancer cells and their microenvironment under reproducible conditions. The aim of this study was to engineer a morphologically and functionally intact humanized organ bone which can serve as a homing site for human prostate cancer cells. Transplantation of biodegradable tubular composite scaffolds seeded with human mesenchymal progenitor cells and loaded with rhBMP-7 resulted in the development of a chimeric bone construct including a large number of human mesenchymal cells which were shown to be metabolically active and capable of producing extracellular matrix components. Micro-CT analysis demonstrated that the newly formed ossicle recapitulated the morphological features of a physiological organ bone with a trabecular network surrounded by a cortex-like outer structure. This microenvironment was supportive of the lodgement and maintenance of murine haematopoietic cell clusters, thus mimicking a functional organ bone. Bioluminescence imaging demonstrated that luciferase-transduced human PC3 cells reproducibly homed to the humanized tissue engineered bone constructs, proliferated, and developed macro-metastases. This model allows the analysis of interactions between human prostate cancer cells and a functional humanized bone organ within an immuno-incompetent murine host. The system can serve as a reproducible platform to study effects of therapeutics against prostate cancer bone metastases within a humanized microenvironment.
