Cyber security in home and small office local area networks - Attack vectors and vulnerabilities

This thesis presents security issues and vulnerabilities in home and small office local area networks that can be used in cyber-attacks. There is previous research done on single vulnerabilities and attack vectors, but not many papers present full scale attack examples towards LAN. First this thesis categorizes different security threads and later in the paper methods to launch the attacks are shown by example. Offensive security and penetration testing is used as research methods in this thesis. As a result of this thesis an attack is conducted using vulnerabilities in WLAN, ARP protocol, browser as well as methods of social engineering. In the end reverse shell access is gained to the target machine. Ready-made tools are used in the attack and their inner workings are described. Prevention methods are presented towards the attacks in the end of the thesis.

Cyber foraging for green computing, improving performance and prolonging battery life of mobile devices

The increasing dependency of everyday life on mobile devices also increases the number and complexity of computing tasks to be supported by these devices. However, the inherent requirement of mobility restricts them from being resources rich both in terms of energy (battery capacity) and other computing resources such as processing capacity, memory and other resources. This thesis looks into cyber foraging technique of offloading computing tasks. Various experiments on android mobile devices are carried out to evaluate offloading benefits in terms of sustainability advantage, prolonging battery life and augmenting the performance of mobile devices. This thesis considers two scenarios of cyber foraging namely opportunistic offloading and competitive offloading. These results show that the offloading scenarios are important for both green computing and resource augmentation of mobile devices. A significant advantage in battery life gain and performance enhancement is obtained. Moreover, cyber foraging is proved to be efficient in minimizing energy consumption per computing tasks. The work is based on scavenger cyber foraging system. In addition, the work can be used as a basis for studying cyber foraging and other similar approaches such as mobile cloud/edge computing for internet of things devices and improving the user experiences of applications by minimizing latencies through the use of potential nearby surrogates.

Validity and reliability of the Cyber-aggression Questionnaire for Adolescents (CYBA)

Cybercrime is a growing and worrisome problem, particularly when it involves minors. Cyber-aggression among adolescents in particular can result in negative legal and psychological consequences for people involved. Therefore, it is important to have instruments to detect these incidents early and understand the problem to propose effective measures for prevention and treatment. This paper aims to design a new self-report, the Cyber-Aggression Questionnaire for Adolescents (CYBA), to evaluate the extent to which the respondent conducts aggressions through a mobile phone or the internet and analyse the factorial and criterion validity and reliability of their scores in a sample of adolescents from Asturias, Spain. The CYBA was administered to 3,148 youth aged between 12 and 18 years old along with three self-reports to measure aggression at school, impulsivity, and empathy. Regarding factorial validity, the model that best represents the structure of the CYBA consists of three factors (Impersonation, Visual-sexual Cyber-aggression, and Verbal Cyber-aggression and Exclusion) and four additional indicators of Visual Cyber-aggression-Teasing/Happy Slapping. Regarding criterion validity, the score on the CYBA correlates positively with aggression at school and impulsivity and negatively with empathy. That is the way cyber-aggression correlates with these three variables, according to previous empirical evidence. The reliability of the scores on each item and factor of the CYBA are adequate. Therefore, the CYBA offers a valid and reliable measure of cyber-aggression in adolescents.

The war of attrition in cyber-space or "cyber-attacks", "cyber-war" and "cyber-terrorism"

Nos últimos anos tornou-se óbvio que o mundo virtual das bases de dados e do software – popularmente denominado como ciberespaço – tem um lado negro. Este lado negro tem várias dimensões, nomeadamente perda de produtividade, crime financeiro, furto de propriedade intelectual, de identidade, bullying e outros. Empresas, governos e outras entidades são cada vez mais alvo de ataques de terceiros com o fim de penetrarem as suas redes de dados e sistemas de informação. Estes vão desde os adolescentes a grupos organizados e extremamente competentes, sendo existem indicações de que alguns Estados têm vindo a desenvolver “cyber armies” com capacidades defensivas e ofensivas. Legisladores, políticos e diplomatas têm procurado estabelecer conceitos e definições, mas apesar da assinatura da Convenção do Conselho da Europa sobre Cibercrime em 2001 por vários Estados, não existiram novos desenvolvimentos desde então. Este artigo explora as várias dimensões deste domínio e enfatiza os desafios que se colocam a todos aqueles que são responsáveis pela proteção diária da informação das respetivas organizações contra ataques de origem e objetivos muitas vezes desconhecidos.

ESR dating of pleistocene mammal teeth and its implications for the biostratigraphy and geological evolution of the coastal plain, Rio Grande do Sul, southern Brazil

The fossiliferous deposits in the coastal plain of the Rio Grande do Sul State, Southern Brazil, have been known since the late XIX century; however, the biostratigraphic and chronostratigraphic context is still poorly understood. The present work describes the results of electron spin resonance (ESR) dating in eleven fossil teeth of three extinct taxa (Toxodon platensis, Stegomastodon waringi and Hippidion principale) collected along Chui Creek and nearshore continental shelf, in an attempt to assess more accurately the ages of the fossils and its deposits. This method is based upon the analysis of paramagnetic defects found in biominerals, produced by ionizing radiation emitted by radioactive elements present in the surrounding sediment and by cosmic rays. Three fossils from Chui Creek, collected from the same stratigraphic horizon, exhibit ages between (42 +/- 3) Ka and (34 +/- 7) Ka, using the Combination Uptake model for radioisotopes uptake, while a incisor of Toxodon platensis collected from a stratigraphic level below is much older. Fossils from the shelf have ages ranging from (7 +/- 1) 10(5) Ka to (18 +/- 3) Ka, indicating the mixing of fossils of different epochs. The origin of the submarine fossiliferous deposits seems to be the result of multiple reworking and redeposition cycles by sea-level changes caused by the glacial-interglacial cycles during the Quaternary. The ages indicate that the fossiliferous outcrops at Chui Creek are much younger than previously thought, and that the fossiliferous deposits from the continental shelf encompass Ensenadan to late Lujanian ages (middle to late Pleistocene). (C) 2009 Elsevier Ltd and INQUA. All rights reserved.

Usability Requirements for Complex Cyber-Physical Systems in a Totally Networked World

Part 7: Cyber-Physical Systems

Towards a Generic Enterprise Systems Architecture Based on Cyber-Physical Systems Principles

Part 7: Cyber-Physical Systems

Characterization and age determination of Quaternary volcanism in the southern Ankaratra region (central Madagascar) through novel approaches in luminescence dating

This work introduces two novel approaches for the application of luminescence dating techniques to Quaternary volcanic eruptions: crystalline xenoliths from lava flows are demonstrated to be basically suitable for luminescence dating, and a set of phreatic explosion deposits from the Late Quaternary Vakinankaratra volcanic field in central Madagascar is successfully dated with infrared stimulated luminescence (IRSL). Using a numerical model approach and experimental verification, the potential for thermal resetting of luminescence signals of xenoliths in lava flows is demonstrated. As microdosimetry is an important aspect when using sample material extracted from crystalline whole rocks, autoradiography using image plates is introduced to the field of luminescence dating as a method for detection and assessment of spatially resolved radiation inhomogeneities. Determinations of fading rates of feldspar samples have been observed to result in aberrant g-values if the pause between preheat and measurement in the delayed measurements was kept short. A systematic investigation reveals that the phenomenon is caused by the presence of three signal components with differing individual fading behaviour. As this is restricted to short pauses, it is possible to determine a minimal required delay between preheating and measurement after which the aberrant behaviour disappears. This is applied in the measuring of 12 samples from phreatic explosion deposits from the Antsirabe – Betafo region in the Late Quaternary Vakinankaratra volcanic field. The samples were taken from stratigraphically correlatable sections and appear to represent at least three phreatic events, one of which created the Lac Andraikiba maar near Antsirabe. The obtained ages indicate that the eruptive activity in the region started in the Late Pleistocene between 113.9 and 99.6 ka. A second layer in the Betafo area is dated at approximately 73 ka and the Lac Andraikiba deposits give an age between 63.9 and 50.7 ka. The youngest phreatic layer is dated between 33.7 and 20.7 ka. These ages are the first recorded direct ages of such volcanic deposits, as well as the first and only direct ages for the Late Quaternary volcanism in the Vakinankaratra volcanic field. This illustrates the huge potential of this new method for volcanology and geochronology, as it enables direct numerical dating of a type of volcanic deposit which has not been successfully directly dated by any other method so far.

Terrorismo, sorveglianza e privacy. La nuova cyber war.

La sorveglianza di massa è sempre più utilizzata ai fini dell'anti-terrorismo e determina necessariamente una limitazione della protezione dei dati personali e l'intrusione nella sfera privata. Ovviamente non abbiamo la presunzione di pensare di poter trovare una soluzione al problema terrorismo, o anche al continuo contrasto tra terrorismo e privacy. Lo scopo di questa tesi è principalmente quello di analizzare cosa è stato fatto negli ultimi anni (più precisamente dal 2001 ad oggi), capire perché i governi sono stati finora “inefficienti” e cosa potrebbe succedere nel prossimo futuro.

Acumen : an open-source testbed for cyber-physical systems research

Developing Cyber-Physical Systems requires methods and tools to support simulation and verification of hybrid (both continuous and discrete) models. The Acumen modeling and simulation language is an open source testbed for exploring the design space of what rigorousbut- practical next-generation tools can deliver to developers of Cyber- Physical Systems. Like verification tools, a design goal for Acumen is to provide rigorous results. Like simulation tools, it aims to be intuitive, practical, and scalable. However, it is far from evident whether these two goals can be achieved simultaneously. This paper explains the primary design goals for Acumen, the core challenges that must be addressed in order to achieve these goals, the “agile research method” taken by the project, the steps taken to realize these goals, the key lessons learned, and the emerging language design.

Directly training spiking neural networks for cyber-physical systems: from supervised to reinforcement learning

Spiking Neural Networks (SNNs) are bio-inspired Artificial Neural Networks (ANNs) utilizing discrete spiking signals, akin to neuron communication in the brain, making them ideal for real-time and energy-efficient Cyber-Physical Systems (CPSs). This thesis explores their potential in Structural Health Monitoring (SHM), leveraging low-cost MEMS accelerometers for early damage detection in motorway bridges. The study focuses on Long Short-Term SNNs (LSNNs), although their complex learning processes pose challenges. Comparing LSNNs with other ANN models and training algorithms for SHM, findings indicate LSNNs' effectiveness in damage identification, comparable to ANNs trained using traditional methods. Additionally, an optimized embedded LSNN implementation demonstrates a 54% reduction in execution time, but with longer pre-processing due to spike-based encoding. Furthermore, SNNs are applied in UAV obstacle avoidance, trained directly using a Reinforcement Learning (RL) algorithm with event-based input from a Dynamic Vision Sensor (DVS). Performance evaluation against Convolutional Neural Networks (CNNs) highlights SNNs' superior energy efficiency, showing a 6x decrease in energy consumption. The study also investigates embedded SNN implementations' latency and throughput in real-world deployments, emphasizing their potential for energy-efficient monitoring systems. This research contributes to advancing SHM and UAV obstacle avoidance through SNNs' efficient information processing and decision-making capabilities within CPS domains.

Generazione efficiente di molteplici scenari di compromissione cyber ai fini di test e formazione

Questo lavoro si propone di implementare tre scenari di compromissione informatica tramite l'ausilio della strumentazione fornita da Ansible e Docker. Dopo una prima parte teorica di presentazione delle più recenti vulnerabilità/compromissioni informatiche, si passa all'illustrazione degli strumenti e dell'architettura degli scenari, anche tramite l'ausilio di codice. Tramite la funzione UNIX time si effettua l'analisi di diverse tecniche di distribuzione, dimostrando come l'automazione abbia effettivi e seri vantaggi rispetto ad una continua implementazione manuale, principalmente da un punto di vista temporale e computazionale.

Cyber threat intelligence: identifying hardcoded secrets in GitHub

The usage of version control systems and the capabilities of storing the source code in public platforms such as GitHub increased the number of passwords, API Keys and tokens that can be found and used causing a massive security issue for people and companies. In this project, SAP's secret scanner Credential Digger is presented. How it can scan repositories to detect hardcoded secrets and how it manages to filter out the false positives between them. Moreover, how I have implemented the Credential Digger's pre-commit hook. A performance comparison between three different implementations of the hook based on how it interacts with the Machine Learning model is presented. This project also includes how it is possible to use already detected credentials to decrease the number false positive by leveraging the similarity between leaks by using the Bucket System.