China
Africa
Explore chapters and articles related to this topic
Network Threats
Published in Nicholas Kolokotronis, Stavros Shiaeles, Cyber-Security Threats, Actors, and Dynamic Mitigation, 2021
Panagiotis Radoglou Grammatikis, Panagiotis Sarigiannidis
Session hijacking is a term that can be used for describing many attacks. In general, any attack aiming to exploit a particular session between two devices is called session hijacking. This section focuses mainly on HTTP session hijacking; however, similarly, this method can be performed with other protocols. In particular, session hijacking refers to the malicious activities that allow a potential attacker to impersonate a party of a session by sniffing the network traffic behind it. Focusing on HTTP, when a client enters with his/her credentials a website, an HTTP session is created between the user and web server. Typically, the web servers utilize a cookie in order to track the session and check that they are active and the client has still the permissions to access specific resources. When the cookie expires, the session is terminated, and the credentials are cleared. Therefore, in this case, a potential attacker could capture the cookie of a session and sent it to the web server, thus imitating the one endpoint of the session.
DNS and ENUM in SIP
Published in Radhika Ranjan Roy, Handbook on Session Initiation Protocol, 2018
The process of the previous sections is highly stateful. When a server is contacted successfully, all retransmissions of the request for the transaction, as well as ACK for a non-2xx fi nal response, and CANCEL requests for that transaction, must go to the same server. The identity of the successfully contacted server is a form of transaction state. This presents a challenge for stateless proxies, which still need to meet the requirement for sending all requests in the transaction to the same server. The problem is similar, but different, to the problem of HTTP transactions within a cookie session getting routed to different servers based on DNS randomization. There, such distribution is not a problem. Farms of servers generally have common back-end data stores, where the session data is stored. Whenever a server in the farm receives an HTTP request, it takes the session identifier, if present, and extracts the needed state to process the request. A request without a session identifier creates a new one. The problem with stateless proxies is at a lower layer; it is retransmitted requests within a transaction that are being potentially spread across servers.
A systematic classification scheme for cyber-attack taxonomy
Published in Stein Haugen, Anne Barros, Coen van Gulijk, Trond Kongsvik, Jan Erik Vinnem, Safety and Reliability – Safe Societies in a Changing World, 2018
S. Kim, J. Shin, G. Heo, J.G. Song
Foot printing & scanning is the preliminary task of gathering information about the system to be attacked. Password cracking is the attack that extracts passwords through various methods and means, and can gain full access rights to the system through password cracking. Spoofing is the word meaning cheat, which allows spoofing on any connection that exists on the Internet or locally. Sniffing is an act of peeping packets exchanged by other parties on the network, similar to the dictionary meaning of ‘sniff’. Session hijacking is a cyberattack technique that steals and accesses another person’s session state. MITM is the way of intercepting and exchanging information between two parties communicating with each other. A computer virus is a type of malicious software program that can replicate itself by modifying other computer programs and inserting its own code.
On improving the memorability of system-assigned recognition-based passwords
Published in Behaviour & Information Technology, 2022
Mahdi Nasrullah Al-Ameen, Sonali T. Marne, Kanis Fatema, Matthew Wright, Shannon Scielzo
The training effect was most prominent for login time as shown in Figure 9. A given point in Figure 9 represents the average login performance (y) of the participants calculated over the login session of each individual. Note that the login session of any given participant likely occurred at a different time than that of other participants. The number of participants varied for different values of x (login session), since the participants performed different numbers of logins. Table 4 represents the number of participants in each of login sessions.
IoT based multi-purpose smart fabric curtain
Published in Australian Journal of Electrical and Electronics Engineering, 2022
R. Sriharini, N Edna Elizabeth, D. Supriya, V. S Surenther, S. Sneha
The idea of remotely connecting, controlling, and monitoring real-world things is brought to reality by the concept of the Internet of Things (IoT) using the Internet. Smart home is the latest trend in the residential domain that is capable of a revolution in the future. The proposed home automation system not only provides the user with safety, security, and sophistication but also allows them to utilise the electricity efficiently. The primary requirements of a home, like lights and AC, can now be automated by just using a curtain. It also sends alerts to the owner’s phone in case of intrusion or fire detection. The advantage of this system over other similar systems is that it is compact, affordable, and the devices’ status and alerts can be received on the users’ phone from any distance. In the future, the system may be designed to automatically extinguish the fire, if detected. The device can be set up in different rooms and ThingSpeak channels for each of the rooms may be created, all of which can be monitored from the same application. Also, VoIP (Voice over Internet Protocol) can be integrated with IoT to control the curtains using voice commands through the phone (YITSOL , n.d.). Both IoT and VoIP work on the protocol, IP which makes the integration feasible. Session Initiation Protocol (SIP) is the underlying protocol commonly used by VoIP using which VoIP presence system can be improvised to include information sensed by sensors. Apart from these, the other improvisations mentioned in the paper may also be implemented.
Comparison of QoS optimisation techniques in adaptive smart device peer-to-peer overlay networks
Published in International Journal of Parallel, Emergent and Distributed Systems, 2021
Ananda Maiti, Andrew Maxwell, Alexander Kist
NDCs are used to create Content delivery networks. For content delivery, a number of replication servers can be installed in geographically diverse locations to minimize latency with respect to geographical location [14]. NDCs allow saving considerable energy, still maintaining required scalability. Such systems are more spread apart geographically than conventional data centers and are often larger in numbers to make up for their lower performance. In the context of establishing an end-to-end connection between users, NDCs may play a role in relaying data as well as in addressing communication issues such as firewalls. Traversal Using Relays around NAT (TURN) [15] protocol uses this principle to operate. A significant impact of protocols like Interactive Connectivity Establishment [16] (ICE), STUN, and TURN protocols on delays in operation of Peer-to-Peer Session Initiation Protocol is presented in [17]. These factors further necessitate correct positioning of the relay NDC servers. The following sections describes several ways to choose the optimal positions of the nodes in the network architecture.