The paper investigates cyber threats and potential solutions for protecting industrial control systems (ICS). On the side, different off-the-shelf offensive solutions, both hardware software, are analysed tested. goal of is to increase threat awareness by showing how such well known IT security...

recently, baghery et al. [1, 2] presented some attacks on two rfid protocols, namely yoon and jung et al. protocols, and proposed the improved version of them. however, in this note, we show that the improved version of the jung et al. protocol suffers from desynchronization attack and the improved version of the yoon's protocol suffers from secret disclosure attack. the success probabilit...

In this paper, we present a systematic study of browser cache poisoning (BCP) attacks, wherein a network attacker performs a one-time Man-In-The-Middle (MITM) attack on a user’s HTTPS session, and substitutes cached resources with malicious ones. We investigate the feasibility of such attacks on five mainstream desktop browsers and 16 popular mobile browsers. We find that browsers are highly in...

This report describes an analysis of the Fitbit Flex ecosystem. Our objectives are to describe (1) the data Fitbit collects from its users, (2) the data Fitbit provides to its users, and (3) methods of recovering data not made available to device owners. Our analysis covers four distinct attack vectors. First, we analyze the security and privacy properties of the Fitbit device itself. Next, we ...

The Internet of things (IoT) has become a significant element of next generation. IoT is a proposed development of the internet in which the objects have network connectivity able to transmit and receive data. The IoT applications such as smart homes, smart cities and health care. WSN is an important technology of IoT. Typically sensor nodes are considered resource constrained device with limit...

Long Term Evolution (LTE) is the most recent generation of mobile communications promising increased transfer rates and enhanced security features. It is todays communication technology for mobile Internet as well as considered for the use in critical infrastructure, making it an attractive target to a wide range of attacks. We evaluate the implementation correctness of LTE security functions t...

Human activity recognition systems (HARSs) are vital in a wide range of real-life applications and vibrant academic research area. Although they adopted many fields, such as the environment, agriculture, healthcare considered assistive technology, seem to neglect aspects security privacy. This problem occurs due pervasive nature sensor-based HARSs. Sensors devices with low power computational c...

Security Socket Layer (SSL) / Transport (TLS) protocols are utilized to secure network communication (e.g., transmitting user data). Failing properly implement SSL/TLS configuration during the app development results in security risks. The weak implementations include trusting all host names, certificates, ignoring certificate verification errors, even lack of SSL public key pinning usage. Thes...

Smart Grid (SG) research and development has drawn much attention from academia, industry government due to the great impact it will have on society, economics environment. Securing SG is a considerably significant challenge increased dependency communication networks assist in physical process control, exposing them various cyber-threats. In addition attacks that change measurement values usin...

Phishing emails are now so convincing that even experts cannot tell what is or is not genuine; though one of my own quiz errors resulted from failing to believe that genuine marketeers could possibly be so clueless! Thus I believe that education of end users will be almost entirely ineffective and education of marketing departments – to remove “click on this” (and HTML generally) from the genui...