Cyber-Physical Systems (CPSs) are complex systems comprising computation, physical, and networking assets. Used in various domains such as manufacturing, agriculture, vehicles, etc., they blend the control of the virtual and physical worlds. Smart homes are a peculiar type of CPS where the local networking fundamentals have seen little evolution in the past decades, while the context in which home networks operate has drastically evolved. With the advent of the Internet of Things (IoT), the number and diversity of devices connected to our home networks are exploding. Some of those devices are poorly secured and put users’ data privacy and security at risk. At the same time, administrating a home network has remained a tedious chore, requiring skills from un-savvy users. We present Future Spaces, an end-to-end hardware-software prototype providing fine-grained control over IoT connectivity to enable easy and secure management of smart homes. Relying on Software-Defined Networking-enabled home gateways and the virtualization of network functions in the cloud, we achieve advanced networking security and automation through the definition of isolated, usage-oriented slices. This disrupts how users discover, control and share their connected assets across multiple domains, smoothly adapting to various usage contexts.
More and more people dive into Virtual Worlds, experiencing the reality of parallel universes in almost every sector. Moreover, these virtual environments actually generate "real money" directly but also indirectly by selling virtual goods. Yet the current landscape consists in a huge number of siloed Virtual Worlds. We believe that addressing this lack of interoperability could greatly improve the user experience, ease the deployment of new worlds and open up market opportunities.Bell Labs' Applications domain is contributing with Virtual Hybrid Communications, a mature Web technology based on communication hyperlinks that enables the bridging of real and virtual worlds. This technology allows people to remain connected to legacy telecom infrastructures wherever they are (in real or virtual) and to safely expose their communication means without disclosing any personal detail (name, phone number, etc). Thanks to open and standard API, it will also allow virtual service providers and Telecom operators to provide efficient communication solutions and innovative services.
With the success of Web applications, most of our data is now stored on various third-party servers where they are processed to deliver personalized services. Naturally, we must be authenticated to access this personal information, but the use of personalized services only restricted by identification could indirectly and silently leak sensitive data. We analyzed Google Web Search access mechanisms and found that the current policy applied to session cookies could be used to retrieve users' personal data. We describe two attack schemes based on the Google's "sid cookie". First, we show that it permits a session fixation attack in which the victim's searches are recorded in the attacker's Google Web Search History. The second attack leverages the search personalization (based on the same sid cookie) to retrieve a part of the victim's click history and even some of her contacts. We implemented a proof of concept of the latter attack on the Firefox Web browser and conducted an experiment with ten volunteers. Thanks to this prototype we were able to recover up to 80% of the user's search click history.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.