833 resultados para Terrorist attacks
Resumo:
TiO2 nanofibers with different crystal phases have been discovered to be efficient catalysts for the transesterification of alcohols with dimethyl carbonate to produce corresponding methyl carbonates. Advantages of this catalytic system include excellent selectivity (>99%), general suitability to alcohols, reusability and ease of preparation and separation of fibrous catalysts. Activities of TiO2 catalysts were found to correlate with their crystal phases which results in different absorption abilities and activation energies on the catalyst surfaces. The kinetic isotope effect (KIE) investigation identified the rate-determining step, and the isotope labeling of oxygen-18 of benzyl alcohol clearly demonstrated the reaction pathway. Finally, the transesterification mechanism of alcohols with dimethyl carbonate catalyzed by TiO2 nanofibers was proposed, in which the alcohol released the proton to form benzyl alcoholic anion, and subsequently the anion attacks the carbonyl carbon of dimethyl carbonate to produce the target product of benzyl methyl carbonate.
Resumo:
This paper presents a vulnerability within the generic object oriented substation event (GOOSE) communication protocol. It describes an exploit of the vulnerability and proposes a number of attack variants. The attacks sends GOOSE frames containing higher status numbers to the receiving intelligent electronic device (IED). This prevents legitimate GOOSE frames from being processed and effectively causes a hijacking of the communication channel, which can be used to implement a denial–of–service (DoS) or manipulate the subscriber (unless a status number roll-over occurs). The authors refer to this attack as a poisoning of the subscriber. A number of GOOSE poisoning attacks are evaluated experimentally on a test bed and demonstrated to be successful.
Resumo:
The Modicon Communication Bus (Modbus) protocol is one of the most commonly used protocols in industrial control systems. Modbus was not designed to provide security. This paper confirms that the Modbus protocol is vulnerable to flooding attacks. These attacks involve injection of commands that result in disrupting the normal operation of the control system. This paper describes a set of experiments that shows that an anomaly-based change detection algorithm and signature-based Snort threshold module are capable of detecting Modbus flooding attacks. In comparing these intrusion detection techniques, we find that the signature-based detection requires a carefully selected threshold value, and that the anomaly-based change detection algorithm may have a short delay before detecting the attacks depending on the parameters used. In addition, we also generate a network traffic dataset of flooding attacks on the Modbus control system protocol.
Resumo:
For decades Supervisory Control and Data Acquisition (SCADA) and Industrial Control Systems (ICS) have used computers to monitor and control physical processes in many critical industries, including electricity generation, gas pipelines, water distribution, waste treatment, communications and transportation. Increasingly these systems are interconnected with corporate networks via the Internet, making them vulnerable and exposed to the same risks as those experiencing cyber-attacks on a conventional network. Very often SCADA networks services are viewed as a specialty subject, more relevant to engineers than standard IT personnel. Educators from two Australian universities have recognised these cultural issues and highlighted the gap between specialists with SCADA systems engineering skills and the specialists in network security with IT background. This paper describes a learning approach designed to help students to bridge this gap, gain theoretical knowledge of SCADA systems' vulnerabilities to cyber-attacks via experiential learning and acquire practical skills through actively participating in hands-on exercises.
Resumo:
Basing signature schemes on strong lattice problems has been a long standing open issue. Today, two families of lattice-based signature schemes are known: the ones based on the hash-and-sign construction of Gentry et al.; and Lyubashevsky’s schemes, which are based on the Fiat-Shamir framework. In this paper we show for the first time how to adapt the schemes of Lyubashevsky to the ring signature setting. In particular we transform the scheme of ASIACRYPT 2009 into a ring signature scheme that provides strong properties of security under the random oracle model. Anonymity is ensured in the sense that signatures of different users are within negligible statistical distance even under full key exposure. In fact, the scheme satisfies a notion which is stronger than the classical full key exposure setting as even if the keypair of the signing user is adversarially chosen, the statistical distance between signatures of different users remains negligible. Considering unforgeability, the best lattice-based ring signature schemes provide either unforgeability against arbitrary chosen subring attacks or insider corruption in log-sized rings. In this paper we present two variants of our scheme. In the basic one, unforgeability is ensured in those two settings. Increasing signature and key sizes by a factor k (typically 80 − 100), we provide a variant in which unforgeability is ensured against insider corruption attacks for arbitrary rings. The technique used is pretty general and can be adapted to other existing schemes.
Resumo:
This paper will identify and discuss the major occupational health and safety (OHS) hazards and risks for clean-up and recovery workers. The lessons learned from previous disasters including; the Exxon Valdez oil spill, World Trade Centre (WTC) terrorist attack, Hurricane Katrina and the Deepwater Horizon Gulf of Mexico oil spill will be discussed. The case for an increased level of preparation and planning to mitigate the health risks for clean-up and recovery workers will be presented, based on recurring themes identified in the peer reviewed literature. There are a number of important issues pertaining to the occupational health and safety of workers who are engaged in clean-up and recovery operations following natural and technological disasters. These workers are often exposed to a wide range of occupational health and safety hazards, some of which may be unknown at the time. It is well established that clean-up and recovery operations involve risks of physical injury, for example, from manual handling, mechanical equipment, extreme temperatures, slips, trips and falls. In addition to these well established physical injury risks there are now an increasing number of studies which highlight the risks of longer term or chronic health effects arising from clean-up and recovery work. In particular, follow up studies from the Exxon Valdez oil spill, Hurricane Katrina and the World Trade Centre (WTC) terrorism attack have documented the longer term health consequences of these events. These health effects include respiratory symptoms and musculoskeletal disorders, as well as post traumatic stress disorder (PTSD). In large scale operations many of those workers and supervisors involved have not had any specific occupational health and safety (OHS) training and may not have access to the necessary instruction, personal protective equipment or other appropriate equipment, this is especially true when volunteers are used to form part of the clean-up and recovery workforce. In general, first responders are better equipped and trained than clean-up and recovery workers and some of the training approaches used for the traditional first responders would be relevant for clean-up and recovery workers.
Resumo:
Fusion techniques can be used in biometrics to achieve higher accuracy. When biometric systems are in operation and the threat level changes, controlling the trade-off between detection error rates can reduce the impact of an attack. In a fused system, varying a single threshold does not allow this to be achieved, but systematic adjustment of a set of parameters does. In this paper, fused decisions from a multi-part, multi-sample sequential architecture are investigated for that purpose in an iris recognition system. A specific implementation of the multi-part architecture is proposed and the effect of the number of parts and samples in the resultant detection error rate is analysed. The effectiveness of the proposed architecture is then evaluated under two specific cases of obfuscation attack: miosis and mydriasis. Results show that robustness to such obfuscation attacks is achieved, since lower error rates than in the case of the non-fused base system are obtained.
Resumo:
This chapter discusses fictional texts set in New York City soon after Septem- ber 11, 2001 (9/11), or whose characters are affected by the attacks on the World Trade Center. Whereas these texts may not have been directly marketed at young adults, they all address ‘youth issues’. Each of the books discussed here contain or are focalized through the eyes of adolescent protagonists. They are all coming-of-age narratives in that the crises within them are usually a result of a catastrophe, taking the characters on journeys of self-discovery, which, once fulfilled, lead them back home.1 As Jerry Griswold (1992) has suggested, coming-of-age stories are especially well suited to the American psyche, and are already familiar to readers of literature based in New York City (the most familiar work being J.D. Salinger’s The Catcher in the Rye). As with other clas- sic American young adult (YA) literature, the journey and homecoming com- monly associated with coming-of-age are often employed in fiction about 9/11. With the key elements of loss and suffering, self-awareness, introspection, and growth, the coming-of-age novel also fulfils agendas common to both litera- ture and politics: the literary journey becomes the nation’s journey.
Resumo:
Social networking sites (SNSs), with their large numbers of users and large information base, seem to be perfect breeding grounds for exploiting the vulnerabilities of people, the weakest link in security. Deceiving, persuading, or influencing people to provide information or to perform an action that will benefit the attacker is known as “social engineering.” While technology-based security has been addressed by research and may be well understood, social engineering is more challenging to understand and manage, especially in new environments such as SNSs, owing to some factors of SNSs that reduce the ability of users to detect the attack and increase the ability of attackers to launch it. This work will contribute to the knowledge of social engineering by presenting the first two conceptual models of social engineering attacks in SNSs. Phase-based and source-based models are presented, along with an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
While social engineering represents a real and ominous threat to many organizations, companies, governments, and individuals, social networking sites (SNSs), have been identified as among the most common means of social engineering attacks. Owing to factors that reduce the ability of users to detect social engineering tricks and increase the ability of attackers to launch them, SNSs seem to be perfect breeding ground for exploiting the vulnerabilities of people, and the weakest link in security. This work will contribute to the knowledge of social engineering by identifying different entities and subentities that affect social engineering based attacks in SNSs. Moreover, this paper includes an intensive and comprehensive overview of different aspects of social engineering threats in SNSs.
Resumo:
There is no doubt that social engineering plays a vital role in compromising most security defenses, and in attacks on people, organizations, companies, or even governments. It is the art of deceiving and tricking people to reveal critical information or to perform an action that benefits the attacker in some way. Fraudulent and deceptive people have been using social engineering traps and tactics using information technology such as e-mails, social networks, web sites, and applications to trick victims into obeying them, accepting threats, and falling victim to various crimes and attacks such as phishing, sexual abuse, financial abuse, identity theft, impersonation, physical crime, and many other forms of attack. Although organizations, researchers, practitioners, and lawyers recognize the severe risk of social engineering-based threats, there is a severe lack of understanding and controlling of such threats. One side of the problem is perhaps the unclear concept of social engineering as well as the complexity of understand human behaviors in behaving toward, approaching, accepting, and failing to recognize threats or the deception behind them. The aim of this paper is to explain the definition of social engineering based on the related theories of the many related disciplines such as psychology, sociology, information technology, marketing, and behaviourism. We hope, by this work, to help researchers, practitioners, lawyers, and other decision makers to get a fuller picture of social engineering and, therefore, to open new directions of collaboration toward detecting and controlling it.
Resumo:
The three-volume Final Report of the Wood inquiry into NSW Police (Royal Commission Into the New South Wales Police Service, 'Final Report, Vol I: Corruption; Vol II: Reform; Vol III: Appendices', May 1997) was publicly released on 15 May 1997, to much media fanfare. The Sydney Morning Herald (SMH) devoted an 8-page special report on I May to the pending release of the Inquiry Report, headed The Police Purge. On the day of the public release of the Report, the SMH five-page 'Special Report' under the banner The Police Verdict was headlined Wood, Carr Split on Drugs. The Australian led with Call for Drug Law Revamp, Force Overhaul to Fight Corruption, Wood Attacks Culture of Greed, and the Daily Telegraph front page 'Final Verdict' was True Blue Strategy for an Honest Police Force...
Resumo:
Security models for two-party authenticated key exchange (AKE) protocols have developed over time to prove the security of AKE protocols even when the adversary learns certain secret values. In this work, we address more granular leakage: partial leakage of long-term secrets of protocol principals, even after the session key is established. We introduce a generic key exchange security model, which can be instantiated allowing bounded or continuous leakage, even when the adversary learns certain ephemeral secrets or session keys. Our model is the strongest known partial-leakage-based security model for key exchange protocols. We propose a generic construction of a two-pass leakage-resilient key exchange protocol that is secure in the proposed model, by introducing a new concept: the leakage-resilient NAXOS trick. We identify a special property for public-key cryptosystems: pair generation indistinguishability, and show how to obtain the leakage-resilient NAXOS trick from a pair generation indistinguishable leakage-resilient public-key cryptosystem.
Resumo:
Introduction Cybercrime consists of any criminal action or behaviour that is committed through the use of Information Technology. Common examples of such activities include cyber hacking, identity theft, cracking, spamming, social engineering, data tampering, online fraud, programming attacks, etc. The pervasive use of the internet clearly indicates that the impacts of cybercrime is far reaching and any one, may it be a person or an entity can be a victim of cybercriminal activities. Recently in the US, eight members of a global cybercrime ring were charged in one of the biggest ever bank heists. The cybercrime gang allegedly stole US$45 million by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries (Jessica et al. 2013). An extreme example, the above case highlights how IT is changing the way crimes are being committed. No longer do criminals use masks, guns and get-a-way cars, criminals are able to commit crimes in the comfort of their homes, millions of miles from the scene of the crime and can access significant sums of money that can financially cripple organisations. The world is taking notice of this growing threat and organisations in the Pacific must also be proactive in tackling this emerging issue.
Resumo:
We construct two efficient Identity-Based Encryption (IBE) systems that admit selective-identity security reductions without random oracles in groups equipped with a bilinear map. Selective-identity secure IBE is a slightly weaker security model than the standard security model for IBE. In this model the adversary must commit ahead of time to the identity that it intends to attack, whereas in an adaptive-identity attack the adversary is allowed to choose this identity adaptively. Our first system—BB1—is based on the well studied decisional bilinear Diffie–Hellman assumption, and extends naturally to systems with hierarchical identities, or HIBE. Our second system—BB2—is based on a stronger assumption which we call the Bilinear Diffie–Hellman Inversion assumption and provides another approach to building IBE systems. Our first system, BB1, is very versatile and well suited for practical applications: the basic hierarchical construction can be efficiently secured against chosen-ciphertext attacks, and further extended to support efficient non-interactive threshold decryption, among others, all without using random oracles. Both systems, BB1 and BB2, can be modified generically to provide “full” IBE security (i.e., against adaptive-identity attacks), either using random oracles, or in the standard model at the expense of a non-polynomial but easy-to-compensate security reduction.
