941 resultados para secret shopping
Resumo:
A new niche of densely populated, unprotected networks is becoming more prevalent in public areas such as Shopping Malls, defined here as independent open-access networks, which have attributes that make attack detection more challenging than in typical enterprise networks. To address these challenges, new detection systems which do not rely on knowledge of internal device state are investigated here. This paper shows that this lack of state information requires an additional metric (The exchange timeout window) for detection of WLAN Denial of Service Probe Flood attacks. Variability in this metric has a significant influence on the ability of a detection system to reliably detect the presence of attacks. A parameter selection method is proposed which is shown to provide reliability and repeatability in attack detection in WLANs. Results obtained from ongoing live trials are presented that demonstrate the importance of accurately estimating probe request and probe response timeouts in future Independent Intrusion Detection Systems.
Resumo:
The preferences of users are important in route search and planning. For example, when a user plans a trip within a city, their preferences can be expressed as keywords shopping mall, restaurant, and museum, with weights 0.5, 0.4, and 0.1, respectively. The resulting route should best satisfy their weighted preferences. In this paper, we take into account the weighted user preferences in route search, and present a keyword coverage problem, which finds an optimal route from a source location to a target location such that the keyword coverage is optimized and that the budget score satisfies a specified constraint. We prove that this problem is NP-hard. To solve this complex problem, we pro- pose an optimal route search based on an A* variant for which we have defined an admissible heuristic function. The experiments conducted on real-world datasets demonstrate both the efficiency and accu- racy of our proposed algorithms.
Resumo:
Masked implementations of cryptographic algorithms are often used in commercial embedded cryptographic devices to increase their resistance to side channel attacks. In this work we show how neural networks can be used to both identify the mask value, and to subsequently identify the secret key value with a single attack trace with high probability. We propose the use of a pre-processing step using principal component analysis (PCA) to significantly increase the success of the attack. We have developed a classifier that can correctly identify the mask for each trace, hence removing the security provided by that mask and reducing the attack to being equivalent to an attack against an unprotected implementation. The attack is performed on the freely available differential power analysis (DPA) contest data set to allow our work to be easily reproducible. We show that neural networks allow for a robust and efficient classification in the context of side-channel attacks.
Resumo:
In the last decade, many side channel attacks have been published in academic literature detailing how to efficiently extract secret keys by mounting various attacks, such as differential or correlation power analysis, on cryptosystems. Among the most efficient and widely utilized leakage models involved in these attacks are the Hamming weight and distance models which give a simple, yet effective, approximation of the power consumption for many real-world systems. These leakage models reflect the number of bits switching, which is assumed proportional to the power consumption. However, the actual power consumption changing in the circuits is unlikely to be directly of that form. We, therefore, propose a non-linear leakage model by mapping the existing leakage model via a transform function, by which the changing power consumption is depicted more precisely, hence the attack efficiency can be improved considerably. This has the advantage of utilising a non-linear power model while retaining the simplicity of the Hamming weight or distance models. A modified attack architecture is then suggested to yield the correct key efficiently in practice. Finally, an empirical comparison of the attack results is presented.
Resumo:
This report summarizes our results from security analysis covering all 57 competitions for authenticated encryption: security, applicability, and robustness (CAESAR) first-round candidates and over 210 implementations. We have manually identified security issues with three candidates, two of which are more serious, and these ciphers have been withdrawn from the competition. We have developed a testing framework, BRUTUS, to facilitate automatic detection of simple security lapses and susceptible statistical structures across all ciphers. From this testing, we have security usage notes on four submissions and statistical notes on a further four. We highlight that some of the CAESAR algorithms pose an elevated risk if employed in real-life protocols due to a class of adaptive-chosen-plaintext attacks. Although authenticated encryption with associated data are often defined (and are best used) as discrete primitives that authenticate and transmit only complete messages, in practice, these algorithms are easily implemented in a fashion that outputs observable ciphertext data when the algorithm has not received all of the (attacker-controlled) plaintext. For an implementor, this strategy appears to offer seemingly harmless and compliant storage and latency advantages. If the algorithm uses the same state for secret keying information, encryption, and integrity protection, and the internal mixing permutation is not cryptographically strong, an attacker can exploit the ciphertext–plaintext feedback loop to reveal secret state information or even keying material. We conclude that the main advantages of exhaustive, automated cryptanalysis are that it acts as a very necessary sanity check for implementations and gives the cryptanalyst insights that can be used to focus more specific attack methods on given candidates.
Resumo:
The home visit is at the heart of social work practice with children and families; it is what children and families' social workers do more than any other single activity (except for recording), and it is through the home visit that assessments are made on a daily basis about risk, protection and welfare of children. And yet it is, more than any other activity, an example of what Pithouse has called an ‘invisible trade’: it happens behind closed doors, in the most secret and intimate spaces of family life. Drawing on conceptual tools associated with the work of Foucault, this article sets out to provide a critical, chronological review of research, policy and practice on home visiting. We aim to explain how and in what ways changing discourses have shaped the emergence, legitimacy, research and practice of the social work home visit to children and families at significant time periods and in a UK context. We end by highlighting the importance for the social work profession of engagement and critical reflection on the identified themes as part of their daily practice.
Resumo:
Most cryptographic devices should inevitably have a resistance against the threat of side channel attacks. For this, masking and hiding schemes have been proposed since 1999. The security validation of these countermeasures is an ongoing research topic, as a wider range of new and existing attack techniques are tested against these countermeasures. This paper examines the side channel security of the balanced encoding countermeasure, whose aim is to process the secret key-related data under a constant Hamming weight and/or Hamming distance leakage. Unlike previous works, we assume that the leakage model coefficients conform to a normal distribution, producing a model with closer fidelity to real-world implementations. We perform analysis on the balanced encoded PRINCE block cipher with simulated leakage model and also an implementation on an AVR board. We consider both standard correlation power analysis (CPA) and bit-wise CPA. We confirm the resistance of the countermeasure against standard CPA, however, we find with a bit-wise CPA that we can reveal the key with only a few thousands traces.
Resumo:
Channel randomness can be exploited to generate secret keys. However, to ensure secrecy, it is necessary that the channel response of any eavesdropping party remain sufficiently de-correlated with that of the legitimate users'. In this paper, we investigate whether such de-correlation occurs for a body area network (BAN) operating in an indoor environment at 2.45 GHz. The hypothetical BAN configuration consisted of two legitimate transceivers, one situated on the user's left wrist and the other on the user's waist. The eavesdroppers were positioned in either a co-located or distributed manner in the area surrounding the BAN user. Using the simultaneous channel response measured at the legitimate BAN nodes and the eavesdropper positions for stationary and mobile scenarios, we analyze the localized correlation coefficient. This allows us to determine if it is possible to generate secret keys in the presence of multiple eavesdroppers in an indoor environment. Our experimental results show that although channel reciprocity was observed for both the stationary and the mobile scenarios, a higher de-correlation between the legitimate users' channels was observed for the stationary case. This indicates that mobile scenarios are better suited for secret key generation.
Resumo:
Mutual variation of the received signal which occurs as a consequence of the channel reciprocity property has recently been proposed as a viable method for secret key generation. However, this cannot be strictly maintained in practice as the property is applicable only in the absence of interference. To ensure the propagation defined key remains secret, one requirement is that there remain high degrees of uncertainty between the legitimate users channel response and that of any eavesdropper's. In this paper, we investigate whether such de-correlation occurs for an indoor point-to-point link at 2.45 GHz. This is achieved by computing the localized correlation coefficient between the simultaneous channel response measured by the legitimate users and that of multiple distributed eavesdroppers for static and dynamic scenarios.
Resumo:
They’re cheap. They’re in every settlement of significance in Britain, Ireland and elsewhere. We all use them but perhaps do not always admit to it. Especially, if we are architects.
Over the past decades Aldi/Lidl low cost supermarkets have escaped from middle Europe to take over large tracts of the English speaking world remaking them according to a formula of mass-produced sheds, buff-coloured cobble-lock car parks, logos in primary colours, bare-shelves and eclectic special offers. Response within architectural discourse to this phenomenon has been largely one of indifference and such places remain, perhaps reiterating Pevsner’s controversial insights into the bicycle shed, on the peripheries of what we might term architecture. This paper seeks to explore the spatial complexities of the discount supermarket and in doing so open up a discussion on the architecture of cheapness. As a road-map, it takes former managing director Dieter Brandes’ treatise on the Aldi formula, Bare Essentials: the Aldi Way to Retailing, and investigates the strategies through which economic exigencies manifest themselves in a series of spatial tactics which involve building. Central to this is the idea of architecture as system rather than form and, in Aldi/Lidl’s case, the result of a spatial network of flows. To understand the architecture of the supermarket, then, it is necessary to measure the times and spaces of supply across the scales of intersection between global and local.
Evaluating the energy, economy and precision of such systems challenges the liminal position of the commercial, the placeless and especially the cheap within architectural discourse. As is well known, architectures of mass-production and prefabrication and their origins exercised modernist thinkers such as Sigfried Giedion and Walter Gropius in the early twentieth century and has undergone a resurgence in recent times. Meanwhile, the mapping of the hitherto overlooked forms and iconography of commerce in Learning from Las Vegas (1971) was extended by Rem Koolhaas et al into an investigation of the technologies, systems and precedents of retail in the Harvard Design School Guide to Shopping, thirty years later in 2001. While obviously always a criteria for building, to find writings on architecture which explicitly celebrate cheapness as a design virtue or, indeed, even iterate the word cheap is more difficult. Walter Gropius’ essay ‘How can we build cheaper, better, more attractive houses?’ (1927), however, situates the cheap within the discussions – articulated, amongst others, by Karl Teige and Bruno Taut – surrounding the minimal dwelling and the moral benefits of absence of the 1920s and 30s.
In our contemporary age of heightened consumption, it is perhaps fitting that an architecture of bare essentials is defined in retail rather than in housing, a commercial existenzminimum where the Miesian paradox of ‘less is more’ is resold as a paradigm of ‘more for less’ in the ubiquitous yet overlooked architectures of the discount supermarket.
Resumo:
Key generation from the randomness of wireless channels is a promising technique to establish a secret cryptographic key securely between legitimate users. This paper proposes a new approach to extract keys efficiently from channel responses of individual orthogonal frequency-division multiplexing (OFDM) subcarriers. The efficiency is achieved by (i) fully exploiting randomness from time and frequency domains and (ii) improving the cross-correlation of the channel measurements. Through the theoretical modelling of the time and frequency autocorrelation relationship of the OFDM subcarrier's channel responses, we can obtain the optimal probing rate and use multiple uncorrelated subcarriers as random sources. We also study the effects of non-simultaneous measurements and noise on the cross-correlation of the channel measurements. We find the cross-correlation is mainly impacted by noise effects in a slow fading channel and use a low pass filter (LPF) to reduce the key disagreement rate and extend the system's working signal-to-noise ratio range. The system is evaluated in terms of randomness, key generation rate, and key disagreement rate, verifying that it is feasible to extract randomness from both time and frequency domains of the OFDM subcarrier's channel responses.
Resumo:
Cryptographic algorithms have been designed to be computationally secure, however it has been shown that when they are implemented in hardware, that these devices leak side channel information that can be used to mount an attack that recovers the secret encryption key. In this paper an overlapping window power spectral density (PSD) side channel attack, targeting an FPGA device running the Advanced Encryption Standard is proposed. This improves upon previous research into PSD attacks by reducing the amount of pre-processing (effort) required. It is shown that the proposed overlapping window method requires less processing effort than that of using a sliding window approach, whilst overcoming the issues of sampling boundaries. The method is shown to be effective for both aligned and misaligned data sets and is therefore recommended as an improved approach in comparison with existing time domain based correlation attacks.
Resumo:
Side channel attacks permit the recovery of the secret key held within a cryptographic device. This paper presents a new EM attack in the frequency domain, using a power spectral density analysis that permits the use of variable spectral window widths for each trace of the data set and demonstrates how this attack can therefore overcome both inter-and intra-round random insertion type countermeasures. We also propose a novel re-alignment method exploiting the minimal power markers exhibited by electromagnetic emanations. The technique can be used for the extraction and re-alignment of round data in the time domain.
Resumo:
O presente estudo tem por objetivo compreender, no contexto geopolítico de Timor-Leste, quais as imagens, funções e estatutos das línguas que aí circulam e, simultaneamente, percecionar de que modo a Escola gere essa pluralidade linguística. Para o efeito, tivemos em conta as representações/imagens relativamente às línguas, às suas funções e estatutos, não só dos alunos e dos diferentes atores educativos (professores, diretores de escola e formadores do 1.º e 2.º ciclo), mas também aquelas que circulam em contexto social alargado, onde incluímos os intervenientes e os responsáveis pelas políticas educativas e outros elementos da população. Foi deste modo que procurámos perceber de que forma tais representações se influenciam reciprocamente e se refletem na Escola. O estudo realizado foi de cariz etnográfico. Assim, o investigadorobservador, colocado no terreno, foi produzindo um diário do observador e recolhendo informação etnográfica, através da sua convivência com a sociedade timorense (escritos do quotidiano, questionário à polícia, observação de aula, entre outros), auscultando as “vozes” quer dos alunos (por meio de biografias linguísticas e desenhos), quer dos atores educativos (através de biografias linguísticas e entrevistas), quer ainda dos intervenientes nas políticas educativas (com recurso a entrevistas) e de alguns jovens timorenses, recorrendo de novo às entrevistas. Simultaneamente, foi feita uma recolha documental, ao longo de todo o período em que o estudo decorreu, que integrou fontes escritas (documentos oficiais, como sejam os documentos reguladores das políticas linguísticas e os manuais, fontes não oficiais, incluindo documentos vários e testemunhos e fontes estatísticas, como os Censos) e fontes não escritas (imagens e sons registados, estes posteriormente transcritos). Todos estes dados foram classificados em dados primários e secundários, em função da sua relevância para o estudo. Para a sua análise socorremo-nos da análise de conteúdo para as biografias, as entrevistas e os manuais de língua portuguesa, estes no quadro de uma abordagem para a diversidade linguística e cultural, de uma análise documental para os documentos reguladores do Sistema Educativa e outros documentos oficiais relativos às línguas e, finalmente, recorremos a uma análise biográfica (Molinié, 2011) para os desenhos realizados pelos alunos. Os resultados obtidos vieram evidenciar o multilinguismo social e escolar que se vive no país, as imagens e as funções que as línguas desempenham nestes dois contextos, o escolar e o da sociedade alargada, permitindo-nos compreender que a Escola não é apenas um microcosmos dentro da sociedade, mas um espaço de encontro, por vezes de confronto, entre diversas línguas, culturas e identidades. Ela é também espaço onde as questões do plurilinguismo são mais desafiantes na medida em que as línguas não são apenas objeto de ensino aprendizagem, mas desempenham igualmente funções importantes na aquisição dos saberes escolares, na interação social e no desenvolvimento cognitivo dos alunos. Nestes contextos, ocorrem duas situações relevantes, uma é o facto de a Escola ser um lugar onde os repertórios linguísticos plurilingues dos alunos entram em contacto com as línguas de escolarização, o português, o tétum e o malaio indonésio e outra é que saberes escolares e saberes culturais utilizam línguas diferentes, isto é, os primeiros são veiculados em tétum e português, eventualmente em malaio indonésio, mas os saberes culturais são expressos nas línguas autóctones, ameaçadas, porém, por uma crescente expansão do tétum. Contudo, estas línguas criam também espaços privados, identitários e de coesão social dentro da grande cidade que é Díli. São línguas “secretas” e “de defesa.” Por fim, referiremos a urgência para que se tomem medidas no sentido de se criar um consenso sobre a normalização do tétum, que conduza à sua aplicação em contexto educativo e ao seu desenvolvimento funcional, isto é, que leve à planificação do seu estatuto. Visa-se, com este estudo, contribuir para que os atores, acima referidos, possam «repensar» a Escola, em Timor Leste, e, em particular, no que diz respeito à gestão das línguas que nela circulam, através de uma política linguística (educativa) que beneficie o Sistema Educativo, com eventuais repercussões no âmbito do currículo, da produção de materiais e da formação de professores. Face aos resultados obtidos, ainda que consideremos este estudo como parcelar, pelo facto de ter decorrido, sobretudo, na capital timorense, permitimo-nos sugerir a necessidade de esbater fronteiras entre o espaço escolar e as realidades dos alunos, encontrando uma gestão escolar deste plurilinguismo que crie um currículo mais integrador dos saberes linguísticos dos alunos.
Resumo:
Online travel shopping has attracted researchers due to its significant growth and there is a growing body of literature in this field. However, research on what drives consumers to purchase travel online has typically been fragmented. In fact, existing studies have largely concentrated on examining consumers’ online travel purchases either grounded on Davis’s Technology Acceptance Model, on the Theory of Reasoned Action and its extension, the Theory of Planned Behaviour or on Roger’s model of perceived innovation attributes, the Innovation Diffusion Theory. A thorough literature review has revealed that there is a lack of studies that integrate all theories to better understand online travel shopping. Therefore, based on relevant literature in tourism and consumer behaviour, this study proposes and tests an integrated model to explore which factors affect intentions to purchase travel online. Furthermore, it proposes a new construct, termed social media involvement, defined as a person’s level of interest or emotional attachment with social media, and examines its relationship with intentions to purchase travel online. To test the 18 hypotheses, a quantitative approach was followed by first collecting data through an online survey. With a sample of 1,532 Worldwide Internet users, Partial Least Squares analysis was than conducted to assess the validity and reliability of the data and empirically test the hypothesized relationships between the constructs. The results indicate that intentions to purchase travel online is mostly determined by attitude towards online shopping, which is influenced by perceived relative advantages of online travel shopping and trust in online travel shopping. In addition, the findings indicate that the second most important predictor of intentions to purchase travel online is compatibility, an attribute from the Innovation Diffusion Theory. Furthermore, even though online shopping is nowadays a common practice, perceived risk continues to negatively affect intentions to purchase travel online. The most surprising finding of this study was that Internet users more involved with social media for travel purposes did not have higher intentions to purchase travel online. The theoretical contributions of this study and the practical implications are discussed and future research directions are detailed.
