MACTANS: Injecting Malware into iOS Devices via Malicious ChargersJoon Young Park
Mactans is a proof-of-concept malicious charger that can inject malware into iOS devices via their charging port. It works by first obtaining the device's UDID to register it and generate a provisioning profile, allowing installation of apps signed by a non-Apple entity. The charger then replaces a legitimate app with a hidden, repackaged version containing malware. When launched, the malware executes before the original app. This attack highlights issues with iOS trusting any host device and the ease of provisioning profiles to install third-party apps without user interaction. Apple has since patched the vulnerabilities in iOS 7, but similar attacks may still target public charging stations or modified environments to infect devices stealthily.
This is about Location based SNS Flatform Business. It is for Travelers. Travelers can borrow tablet which has GPS, Maps and own SNS application. Many travelers can be helped by this tablet using GPS based map, Location based SNS information (such as place's view point, delicious foods..) and so on.
El documento habla sobre el deporte. Define el deporte como un juego o actividad reglamentada que mejora la condición física y mental de quien lo practica y tiene propiedades recreativas que lo diferencian del simple entretenimiento. Además, menciona algunos tipos de deportes como acuáticos, aéreos, extremos y de pelotas como béisbol, tenis de mesa y fútbol.
Este documento presenta el planteamiento del problema de una investigación cuyo objetivo general es analizar el rendimiento académico de los estudiantes que trabajan y estudian en la Facultad de Ciencias Económicas de la Universidad Nacional Autónoma de Honduras para determinar si las variables relacionadas al trabajo afectan su rendimiento positiva o negativamente. El documento plantea las preguntas de investigación, los objetivos específicos, la delimitación, justificación y viabilidad del estudio. La investigación tendrá un alcance descriptivo y causal
This document appears to be a student assignment from a university in Bolivia. It lists the student's name, the course subject of Learning Psychology, the instructor, and the topic of sensory registration. The document includes random letters that do not form words.
MACTANS: Injecting Malware into iOS Devices via Malicious ChargersJoon Young Park
Mactans is a proof-of-concept malicious charger that can inject malware into iOS devices via their charging port. It works by first obtaining the device's UDID to register it and generate a provisioning profile, allowing installation of apps signed by a non-Apple entity. The charger then replaces a legitimate app with a hidden, repackaged version containing malware. When launched, the malware executes before the original app. This attack highlights issues with iOS trusting any host device and the ease of provisioning profiles to install third-party apps without user interaction. Apple has since patched the vulnerabilities in iOS 7, but similar attacks may still target public charging stations or modified environments to infect devices stealthily.
This is about Location based SNS Flatform Business. It is for Travelers. Travelers can borrow tablet which has GPS, Maps and own SNS application. Many travelers can be helped by this tablet using GPS based map, Location based SNS information (such as place's view point, delicious foods..) and so on.
El documento habla sobre el deporte. Define el deporte como un juego o actividad reglamentada que mejora la condición física y mental de quien lo practica y tiene propiedades recreativas que lo diferencian del simple entretenimiento. Además, menciona algunos tipos de deportes como acuáticos, aéreos, extremos y de pelotas como béisbol, tenis de mesa y fútbol.
Este documento presenta el planteamiento del problema de una investigación cuyo objetivo general es analizar el rendimiento académico de los estudiantes que trabajan y estudian en la Facultad de Ciencias Económicas de la Universidad Nacional Autónoma de Honduras para determinar si las variables relacionadas al trabajo afectan su rendimiento positiva o negativamente. El documento plantea las preguntas de investigación, los objetivos específicos, la delimitación, justificación y viabilidad del estudio. La investigación tendrá un alcance descriptivo y causal
This document appears to be a student assignment from a university in Bolivia. It lists the student's name, the course subject of Learning Psychology, the instructor, and the topic of sensory registration. The document includes random letters that do not form words.
Leave me alone; app level protection against runtime information gathering on...Joon Young Park
This document discusses runtime information gathering (RIG) attacks on Android and proposes an app-level protection called AppGuardian. It describes challenges in protecting against RIG attacks due to vague Android permissions and information leaked via /proc files. AppGuardian monitors app behavior and permissions to detect suspicious RIG attacks like phone call recording. It kills suspicious apps and restricts their actions until the user confirms them. Evaluation shows AppGuardian defeats known RIG attacks with minimal overhead on CPU, memory, and battery usage. The document concludes RIG is a serious threat and AppGuardian provides effective app-level protection.
SPINS: Security Protocols for Sensor NetworksJoon Young Park
This document summarizes a master's thesis on security protocols for sensor networks. It introduces SPINS, which defines requirements for data confidentiality, authentication, integrity, and freshness. It describes the SNEP, counter-exchanging, and μTESLA protocols. SNEP provides semantic security, authentication, and replay protection with low overhead. Counter-exchanging handles bootstrapping and re-synchronizing counters with nonces. μTESLA allows for authenticated broadcast from a base station to sensor nodes in an efficient way by disclosing authentication keys. The thesis evaluates the implementation and performance of these protocols.
MoLe: Motion Leaks through Smartwatch SensorsJoon Young Park
MoLe is a system that uses sensors in smartwatches to detect keystrokes by analyzing motion data during typing. It identifies keystroke-related movements using a bagged decision tree classifier and fits point clouds to determine centroids of typed characters. A Bayesian inference model incorporates sequential typing patterns and speed factors to assign probabilities to candidate words based on sensor observations. An evaluation with 8 subjects typing 300 words showed MoLe could guess words within the top 30% for 5 candidates and top 50% for 24 candidates. While sensor data leaks information, sampling rates can be reduced to mitigate these attacks. Wearables present both benefits and security risks that require consideration.
The document is a project report submitted by five students for their Bachelor of Technology degree in Mechanical Engineering. It details the design, construction and testing of a refrigeration system that uses waste heat from an internal combustion engine as its energy source, instead of electrical power. The system employs an Electrolux vapor absorption refrigeration cycle, which is suitable for operating on low-grade heat. Diagrams and descriptions of the key components, such as the compressor, condenser and evaporator, are provided. The report also includes photographs documenting the building process.
This document defines electronic signatures and discusses how they work using public key infrastructure (PKI). It explains that electronic signatures involve hashing document contents, encrypting the hash with a private key, and including the encrypted hash and public key in a digital certificate. It describes risks like man-in-the-middle attacks and the role of certificate authorities in verifying identities and signatures. The document also outlines standard certificate formats, details the components of a certificate, and explains how improved signing procedures provide non-repudiation of signed documents.
Document de présentation d'un atelier à la Réunion nationale 2008 de la Société GRICS sur nos services de e-learning et d'apprentissage à distance avec la plate-forme Moodle.
Créer un site internet efficace aujourd'hui !Odomia
Support pour la présentation de l'atelier "Créer un site internet efficace aujourd'hui" dans le cadre des ateliers ENP Bourgogne pour la CCI de Saône et Loire.
La communication interne à l'heure : des mutations de l'intranet, de la culture web social (2.0) et de l'évolution générale de l'entreprise. Quels sont les constats, les tendances et les règles à retenir.
Rédaction web et référencement naturel - la Licence Pro de MulhouseYellow Dolphins
L'Institut universitaire de technologie de Mulhouse (IUT) a compris l'enjeu de la rédaction web et du référencement en lançant la Licence professionnelle "Référenceur et Rédacteur Web (search marketing)" en 2008. Le parrain de la promotion 2008 était Olivier Andrieu. Les responsables de cette formation m'avait demandé d'être la marraine de la promotion 2009-2010. Un grand honneur pour moi. Pour la promotion 2010-2011, Sébastien Billard qui a signé la préface de mon livre "Bien rédiger pour le Web et améliorer son référencement naturel" prend la relève ! Á tous les futurs référenceurs et rédacteurs : très bonne année !
Voici ma présentation : à propos des qualités du rédacteur web et la stratégie éditoriale.
This document summarizes research on inferring a driver's route using accelerometer data collected from their Apple Watch. The researchers designed a system with an application to collect accelerometer data from the watch and send it to an attacker's server. The extractor filters the raw data and calculates distance traveled. A turning detector uses machine learning algorithms to identify turns. A route drawer connects the locations to reconstruct the driver's route. Their experiments achieved 76-84% accuracy in inferring routes. The researchers conclude this is a privacy risk that shows sensitive information can be inferred through side-channel attacks using sensors.
Delegation-based Authentication and Authorization for the IP-based IoTJoon Young Park
This paper proposes a delegation-based authentication and authorization scheme for IP-based IoT devices. It describes the DTLS protocol and its requirements that are challenging for resource-constrained devices. The paper presents a design where a delegation server performs the resource-intensive public-key operations during handshake and distributes session tickets for future authentication. Evaluation shows the design reduces computation, memory, and transmission overhead on IoT devices compared to directly using DTLS.
Lithe: Lightweight Secure CoAP for the Internet of ThingsJoon Young Park
Paper Survey.
Secure CoAP scheme for Internet of Things.
DTLS, 6LoWPAN
constrained environment.
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6576185
The document discusses security challenges for IoT devices and what is needed to secure them. It outlines the OWASP IoT top 10 vulnerabilities, including issues like lack of encryption, authentication, and insecure interfaces. Key challenges are devices having critical functions, long lifecycles, proprietary protocols, and operation outside typical security perimeters. The conclusion states security must be designed into IoT devices from the start.
This document discusses the RSA cryptosystem, including an overview of symmetric and asymmetric key algorithms, the founders of RSA, the RSA key generation algorithm in 5 steps, estimated times to crack RSA keys of different sizes, possible side-channel attacks on RSA, tutorials on implementing RSA, and references for further reading. It provides information on the basic concepts and implementation of the RSA cryptosystem.
Leave me alone; app level protection against runtime information gathering on...Joon Young Park
This document discusses runtime information gathering (RIG) attacks on Android and proposes an app-level protection called AppGuardian. It describes challenges in protecting against RIG attacks due to vague Android permissions and information leaked via /proc files. AppGuardian monitors app behavior and permissions to detect suspicious RIG attacks like phone call recording. It kills suspicious apps and restricts their actions until the user confirms them. Evaluation shows AppGuardian defeats known RIG attacks with minimal overhead on CPU, memory, and battery usage. The document concludes RIG is a serious threat and AppGuardian provides effective app-level protection.
SPINS: Security Protocols for Sensor NetworksJoon Young Park
This document summarizes a master's thesis on security protocols for sensor networks. It introduces SPINS, which defines requirements for data confidentiality, authentication, integrity, and freshness. It describes the SNEP, counter-exchanging, and μTESLA protocols. SNEP provides semantic security, authentication, and replay protection with low overhead. Counter-exchanging handles bootstrapping and re-synchronizing counters with nonces. μTESLA allows for authenticated broadcast from a base station to sensor nodes in an efficient way by disclosing authentication keys. The thesis evaluates the implementation and performance of these protocols.
MoLe: Motion Leaks through Smartwatch SensorsJoon Young Park
MoLe is a system that uses sensors in smartwatches to detect keystrokes by analyzing motion data during typing. It identifies keystroke-related movements using a bagged decision tree classifier and fits point clouds to determine centroids of typed characters. A Bayesian inference model incorporates sequential typing patterns and speed factors to assign probabilities to candidate words based on sensor observations. An evaluation with 8 subjects typing 300 words showed MoLe could guess words within the top 30% for 5 candidates and top 50% for 24 candidates. While sensor data leaks information, sampling rates can be reduced to mitigate these attacks. Wearables present both benefits and security risks that require consideration.
The document is a project report submitted by five students for their Bachelor of Technology degree in Mechanical Engineering. It details the design, construction and testing of a refrigeration system that uses waste heat from an internal combustion engine as its energy source, instead of electrical power. The system employs an Electrolux vapor absorption refrigeration cycle, which is suitable for operating on low-grade heat. Diagrams and descriptions of the key components, such as the compressor, condenser and evaporator, are provided. The report also includes photographs documenting the building process.
This document defines electronic signatures and discusses how they work using public key infrastructure (PKI). It explains that electronic signatures involve hashing document contents, encrypting the hash with a private key, and including the encrypted hash and public key in a digital certificate. It describes risks like man-in-the-middle attacks and the role of certificate authorities in verifying identities and signatures. The document also outlines standard certificate formats, details the components of a certificate, and explains how improved signing procedures provide non-repudiation of signed documents.
Document de présentation d'un atelier à la Réunion nationale 2008 de la Société GRICS sur nos services de e-learning et d'apprentissage à distance avec la plate-forme Moodle.
Créer un site internet efficace aujourd'hui !Odomia
Support pour la présentation de l'atelier "Créer un site internet efficace aujourd'hui" dans le cadre des ateliers ENP Bourgogne pour la CCI de Saône et Loire.
La communication interne à l'heure : des mutations de l'intranet, de la culture web social (2.0) et de l'évolution générale de l'entreprise. Quels sont les constats, les tendances et les règles à retenir.
Rédaction web et référencement naturel - la Licence Pro de MulhouseYellow Dolphins
L'Institut universitaire de technologie de Mulhouse (IUT) a compris l'enjeu de la rédaction web et du référencement en lançant la Licence professionnelle "Référenceur et Rédacteur Web (search marketing)" en 2008. Le parrain de la promotion 2008 était Olivier Andrieu. Les responsables de cette formation m'avait demandé d'être la marraine de la promotion 2009-2010. Un grand honneur pour moi. Pour la promotion 2010-2011, Sébastien Billard qui a signé la préface de mon livre "Bien rédiger pour le Web et améliorer son référencement naturel" prend la relève ! Á tous les futurs référenceurs et rédacteurs : très bonne année !
Voici ma présentation : à propos des qualités du rédacteur web et la stratégie éditoriale.
This document summarizes research on inferring a driver's route using accelerometer data collected from their Apple Watch. The researchers designed a system with an application to collect accelerometer data from the watch and send it to an attacker's server. The extractor filters the raw data and calculates distance traveled. A turning detector uses machine learning algorithms to identify turns. A route drawer connects the locations to reconstruct the driver's route. Their experiments achieved 76-84% accuracy in inferring routes. The researchers conclude this is a privacy risk that shows sensitive information can be inferred through side-channel attacks using sensors.
Delegation-based Authentication and Authorization for the IP-based IoTJoon Young Park
This paper proposes a delegation-based authentication and authorization scheme for IP-based IoT devices. It describes the DTLS protocol and its requirements that are challenging for resource-constrained devices. The paper presents a design where a delegation server performs the resource-intensive public-key operations during handshake and distributes session tickets for future authentication. Evaluation shows the design reduces computation, memory, and transmission overhead on IoT devices compared to directly using DTLS.
Lithe: Lightweight Secure CoAP for the Internet of ThingsJoon Young Park
Paper Survey.
Secure CoAP scheme for Internet of Things.
DTLS, 6LoWPAN
constrained environment.
http://ieeexplore.ieee.org/xpl/articleDetails.jsp?arnumber=6576185
The document discusses security challenges for IoT devices and what is needed to secure them. It outlines the OWASP IoT top 10 vulnerabilities, including issues like lack of encryption, authentication, and insecure interfaces. Key challenges are devices having critical functions, long lifecycles, proprietary protocols, and operation outside typical security perimeters. The conclusion states security must be designed into IoT devices from the start.
This document discusses the RSA cryptosystem, including an overview of symmetric and asymmetric key algorithms, the founders of RSA, the RSA key generation algorithm in 5 steps, estimated times to crack RSA keys of different sizes, possible side-channel attacks on RSA, tutorials on implementing RSA, and references for further reading. It provides information on the basic concepts and implementation of the RSA cryptosystem.
MiTumb is a future technology Tumbler that makes people drink much more water in every life. It is just small Idea so this is just an proto type about this product.