Every day people use their prepaid cards to pay for various goods, their smartphone apps for public transport tickets, and their bonus cards for supermarkets – all the while not realizing that by doing so, they’re giving away their privacy. Most of these payment systems disclose in detail what and when users buy, consume or which routes they’re taking. Thankfully, researchers of Karlsruhe Institute of Technology (KIT) have now developed a new, secure and anonymous payment system that doesn’t leave a trace.
If you’re wondering how and why our everyday payment systems can reveal so much about our activities, here is why: to protect us. Since manipulation of accounts by hackers and other criminals would happen regularly with no security measures applied, customer data and account balances of payment and bonus systems are administrated with the help of a central database. So, whenever you pay for something, your identity is revealed as well as the details of your transaction, which all get transmitted to the central database. This process creates a data trace that can easily be misused by the provider or third parties.
To improve the payment systems we all use, the KIT team has developed a black-box accumulation plus (BBA+) protocol that transfers all data guaranteeing user confidentiality with its cryptographic method. Furthermore, BBA+ also offers security guarantees for the operators as it’s mathematically constructed in a way that the user identity is revealed as soon as someone attempts to pay with a manipulated account.

Source:
Karlsruher Institut für Technologie via ScienceDaily (https://www.sciencedaily.com/releases/2017/10/171025122416.htm)

Nowadays, many websites provide a broad range of features, with capabilities being added every day. But new research shows that numerous browser functionalities are rarely used or even needed by websites; however, they pose significant privacy and security risks to users.
A team of researchers at the University of Illinois, Chicago (UIC), has shown that many unnecessary browser functionalities pose substantial security and privacy risks for users. “For example, browsers allow websites to perform low-level graphics calculations,” said Peter Snyder, a graduate student of computer science at UIC. “We found that this functionality is rarely used on honest websites, but that malicious sites can use it to harm users’ privacy and security.” Snyder adds that allowing websites to access this feature is a “bad cost-benefit tradeoff.”
Besides low-level graphic calculations, other examples of low-benefit, high-risk features include code that allows browsers detect light levels in a room, perform fine-grained timing operations and advanced audio synthesis operations.
The team used Firefox as their test browser, but they explain that the findings should generalize to other browsers, including Chrome and Internet Explorer.
If you want to improve your privacy and security levels, researchers advise blocking website access to unnecessary, risky browser functionality. To help users with this task, the team developed a browser extension that allows selective blocking of these features.

Source:
University of Illinois at Chicago via ScienceDaily (https://www.sciencedaily.com/releases/2017/10/171023181510.htm)

Researchers led by a team from Dartmouth College have developed an inexpensive device that could finally solve the problem of improving wireless signal strength for indoor spaces with multiple rooms. The same device also greatly improves wireless security.
As Xia Zhou, who is an assistant professor of computer science at Dartmouth College explains, this single solution manages to address some challenges that plague wireless users, including strengthening wireless signals and making them more secure.
It’s important to be able to customize the coverage of wireless networks inside buildings, homes, and offices because this enables users to improve their signal reception in desired areas and weaken it in others. By customizing the coverage, users can increase wireless efficiency through lessening the signal-deadening impact of various building materials.
And that’s exactly what the new device – a 3D reflector – enables users to do. Not only does it help improve wireless efficiency, but it also improves security. “With a simple investment of about $35 and specifying coverage requirements, a wireless reflector can be custom-built to outperform antennae that cost thousands of dollars,” said Zhou.
According to the team, the new device provides numerous benefits, including great wireless efficiency, strong physical security, ease of use for non-expert users, and low cost.

Reference:
Dartmouth College via ScienceDaily (https://www.sciencedaily.com/releases/2017/11/171108091338.htm)

According to new research conducted by Nottingham Trent University, it’s possible to identify the author of an email by analyzing small sequences of words they use. In fact, by analyzing as little as two words, you could reveal the person’s identity.
In a new research, Dr. David Wright, who is an expert in forensic linguistics, examined thousands of emails from 12 employees from American company Enron, to show that it’s possible to identify someone by analyzing their emails. Using his technique which consists of analyzing small sequences of words, Dr. Wright was able to correctly identify authors 95% of the time.
The word sequences used were between two and six words long and pretty basic (e.g., “Please review and let’s discuss.”). Dr. Wright found that the way people join small words together is unique to them, so it’s entirely possible to identify anyone based on their writing. When people type emails, for example, they have no choice but to express their unique writing style which is influenced by their speech.
According to Dr. Wright, the repetitiveness of the certain phrases shows that a person has developed their own tried and tested method which works (get the job done), so they use it all the time. Being able to identify someone based on this may lead to “improving the reliability of evidence given to the courts, and ultimately the delivery of justice.”

Source:
Phys.org (https://phys.org/news/2017-10-small-words-email-reveal-person.html)

Engineers at the Rutgers University have created a new security system that uses finger vibrations to verify users. The technology, called VibWrite, is a low-cost security system that could be used to gain access to anything with a solid surface, including access to homes, apartment buildings, appliances, and cars.
As Yingying (Jennifer) Chen, a professor in the Department of Electrical and Computer Engineering at Rutgers University-New Brunswick explains since everyone has different finger bone structure and everyone applies different pressure on surfaces, sensors that detect physiological and behavioral differences are ideal for identification and authentication.
VibWrite integrates behavioral and physiological characteristics with passcodes. In essence, this system uses touch-sensing techniques, password-based approaches, and behavioral biometric solutions, but also builds on all of these techniques. And equally important, VibWrite is low-cost and uses minimal power.
“Smart access systems that use fingerprinting and iris-recognition are very secure, but they’re probably more than ten times as expensive as our VibWrite system, especially when you want to widely deploy them,” said Chen.
The new system allows users to choose from lock pattern and gestures as well as from PINs to gain secure access. But what makes VibWrite truly unique is that it can be used on any solid surface beyond touch screens and any screen size.

Source:
Rutgers University via Tech Xplore (https://techxplore.com/news/2017-10-vibwrite-finger-vibration-based.html)

Researchers at the University of Michigan have developed a wearable that could eliminate vulnerabilities in voice authentication and therefore boost the security of voice-based log-ins.
Today, when talking to electronics has become perfectly normal and even essential in the Internet of Things world, it’s more important than ever to stay safe. Through our spoken interactions we send texts, place calls, check our emails, control our appliances and even access our bank accounts. If someone managed to exploit our voice (impersonators and hackers), it’s clear we’d be in serious trouble.
And as Kang Shin, the Kevin and Nancy O’Connor Professor of Computer Science and professor of electrical engineering and computer science at U-M explain, although voice is being increasingly used as a security feature, it has huge holes. “If a system is using only your voice signature, it can be very dangerous. We believe you have to have a second channel to authenticate the owner of the voice.”
To boost the security, Shin and colleagues have developed a wearable device called VAuth. This technology can be worn as a necklace, as earbuds or as a small attachment to eye-glasses. VAuth registers speech-induced vibrations on the wearer’s body and pairs them with the sound of that person’s voice. This way, VAuth creates a completely unique and therefore secure signature.

Source:
University of Michigan via ScienceDaily (https://www.sciencedaily.com/releases/2017/10/171017124400.htm)

Recently, at an international conference about digital identities at Karlstad University, scientists have presented research about methods digital services use to collect personal data about users that may encroach their privacy.
The research showed that digital services that require users to log in with a personal account often collect more than users are aware of and more than is in reality needed. “We have for instance seen that some service providers ask for information that they do not need for the main purpose of the service they offer,” said Lothar Fritsch, a researcher in IT-security at Karlstad University.
Fritsch explains that such services often ask for details while assuring the user that they will not be shown publicly or that they are protected by a user policy. However, these services then use personal data to find out as much as possible about users so that they can enhance their business opportunities. This is something that the users are not made aware of.
Besides websites, apps are also used to access personal information about users. Once installed, apps require access to certain information, and many studies have shown that it’s difficult for users to understand what they agree to.
Nurul Momen, a doctoral student in Computer Science at Karlstad University, says that the researchers are now working on finding ways to make users more aware of what it means when services ask for their information.

Source:
Karlstad University via ScienceDaily (https://www.sciencedaily.com/releases/2017/10/171009092926.htm)

f you thought that hacking personal computers, companies, and banks is awful, wait ‘till you hear about the hospitals. Hackers who hold a hospital’s computer system hostage as they did in the recent WannaCry attack, know that lives are on the line. Patients can suffer severe health effects when a hospital’s system is held hostage, and some may even die. To help hospitals protect themselves against such attacks, three medical and legal experts explain what steps should be taken.
In the article Annals of Internal Medicine, authors Dr. Eli Adashi, professor of medical science and former dean of medicine and biological sciences at Brown University; I. Glenn Cohen, professor of law at Harvard University; and Sharona Hoffman, professor of law and bioethics at Case Western Reserve University, explain that there are things hospitals can do to reduce the risk, but that these attacks are probably inevitable, even if everything functions “perfectly”.
The authors list some simple as well as some complex steps that hospitals can take to prevent or mitigate attacks including:
workforce training,
retaining cybersecurity expertise,
patching operating systems,
reporting attacks promptly to authorities.
There are also nationwide steps that can be taken, although these are harder to accomplish. The authors note that we need a coordinated national effort to truly stop ransomware attacks.

Reference:
Brown University via ScienceDaily (https://www.sciencedaily.com/releases/2017/09/170919144821.htm)

It may seem like we’re moving away from logins and complex passwords and are going towards fingerprint and retinal identification, but in fact, we’re already over that! Thanks to a team of researchers at the University of Buffalo (UB), we’re now moving towards heart scan computer identifications.
The UB team has developed a new computer security system using dimensions of the user’s heart as the identifier. Their system uses low-level Doppler radar to measure the person’s heart and then continually monitors their heart to make sure it is that particular person and no one else trying to run the computer.
“We would like to use it for every computer because everyone needs privacy,” said Wenyao Xu, Ph.D., who is the new study’s lead author, and an assistant professor in the Department of Computer Science and Engineering in UB’s School of Engineering and Applied Sciences. Besides, logging-ins and logging-outs are tedious, says Xu.
If you’re worried about the radar’s effects on your health, the researchers explain that the signal strength is much less than WiFi. And since nowadays we live in a WiFi surrounding world every day, the system does not pose any health threat.
Besides computer security, the new system could also improve smartphone security as well as airport screening barricades.

Reference:
University at Buffalo via ScienceDaily (https://www.sciencedaily.com/releases/2017/09/170925133000.htm)

According to experts, in just eight years quantum computers will be among us, and then, our world will change. Yes, quantum computers will help us solve many problems much faster than ever before, they will also be useful for developing advanced medicine and for calculating super-accurate weather forecasts, but they will also quite possibly destroy internet security as we know it. Cryptographers Tanja Lange of the Eindhoven University of Technology, the Netherlands, and Daniel J. Bernstein of the University of Illinois at Chicago, USA, explain how we can protect internet security in the future.
With the arrival of quantum computers, a lot of sensitive data will be in the open, and that includes even data from years back. This is because a hacker could record our secure communication today and then use a quantum computer years later to break it. The main concerns are obviously state secrets, bank and health records and private data.
To avoid these huge problems, Lange is trying to create awareness on the issue and develop new systems. She is leading the research consortium PQCRYPTO consisting of eleven universities and companies, which is developing new cryptographic techniques. Lang cautions that it’s important to strengthen research in cryptography, but that this is something that takes time. “Bringing cryptographic techniques to the end user often takes another 15 to 20 years, after development and standardization.”
Lange and Bernstein, as well as other experts, are hard at work trying to find the best ways to protect internet security and privacy from future quantum computer attacks.

Reference:
ScienceDaily (https://www.sciencedaily.com/releases/2017/09/170913192957.htm)