Phone features, e.g., 911 call, voicemail, and Do Not Disturb, are critical and necessary for all deployed VoIP systems. In this paper, we empirically investigate the security of these phone features. We have implemented a number of attacks and experimented with VoIP services by leading VoIP service providers Vonage, AT&T and Gizmo. Our experimental results demonstrate that a man-in-the-middle ...

This paper describes a declarative framework for representing and reasoning about truthfulness of agents using Answer Set Programming. The paper illustrates how, starting from observations, knowledge about the actions of the agents, and the normal behavior of agents, one can evaluate the statements made by agents against a set of observations over time. The paper presents an ASP program for com...

Unconditionally secure authentication codes with arbitration (A 2-codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. We rst show that an optimal A 2-code implies an orthogonal array and an aane-resolvable design. Next we deene a new design, an aane-resolvable + BIBD, and prove that optimal A 2-codes are equivalent to this new design. From ...

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping. We have analysed several exis...

Security providing devices that are used to protect against multiple threats like man-in-the-middle attack and phishing are known as ―security keys‖. With the help of security keys, user can register himself with any kind of online services that works with this protocol. If we install these security keys in some devices, deployment, implementation and use becomes very easy. We can also see the ...

The protocol is, however, susceptible to a man-in-the-middle attack [3], in which the adversary (Eve) intercepts a message from Alice and creates a new message to send to Bob (Fig.1). Eve performs the exchange with Alice using the original message, while Bob performs the exchange using the newly created message. At the final stage, Eve has the original message in decrypted form, while Bob has t...

In this paper, we investigate the current state of practice about mixed-content websites, websites that are accessed using the HTTPS protocol, yet include some additional resources using HTTP. Through a large-scale experiment, we show that about half of the Internet’s most popular websites are currently using this practice and are thus vulnerable to a wide range of attacks, including the steali...

The integration of Near Field Communication (NFC) into consumer electronics devices has opened up opportunities for the internet of things applications such as electronic payment, electronic ticketing and sharing contacts, etc.. Meanwhile, various security risks should not be ignored. Therefore, all kinds of different protocols have been released with the purposing of securing NFC communication...

Unconditionally secure authentication codes with arbitration (A 2-codes) protect against deceptions from the transmitter and the receiver as well as that from the opponent. In this paper, we present combinatorial lower bounds on the cheating probabilities and the sizes of keys of A 2-codes. Especially, our bounds for A 2-codes without secrecy are all tight for small size of source states. Our m...

We present new physical bounds on quantum information, and use them to prove the security of quantum cryptography against a large class of collective attacks. Such attacks are directed against the final key, and security against them suggests that quantum cryptography is ultimately secure.