Search for: All records

Mobile tracking has long been a privacy problem, where the geographic data and timestamps gathered by mobile network operators (MNOs) are used to track the locations and movements of mobile subscribers. Additionally, selling the geolocation information of subscribers has become a lucrative business. Many mobile carriers have violated user privacy agreements by selling users’ location history to third parties without user consent, exacerbating privacy issues related to mobile tracking and profiling. This paper presents AAKA, an anonymous authentication and key agreement scheme designed to protect against mobile tracking by honest-but-curious MNOs. AAKA leverages anonymous credentials and introduces a novel mobile authentication protocol that allows legitimate subscribers to access the network anonymously, without revealing their unique (real) IDs. It ensures the integrity of user credentials, preventing forgery, and ensures that connections made by the same user at different times cannot be linked. While the MNO alone cannot identify or profile a user, AAKA enables identification of a user under legal intervention, such as when the MNOs collaborate with an authorized law enforcement agency. Our design is compatible with the latest cellular architecture and SIM standardized by 3GPP, meeting 3GPP’s fundamental security requirements for User Equipment (UE) authentication and key agreement processes. A comprehensive security analysis demonstrates the scheme’s effectiveness. The evaluation shows that the scheme is practical, with a credential presentation generation taking∼ 52 ms on a constrained host device equipped with a standard cellular SIM. 

Recent studies have shown that compromising Bitcoin’s peer-to-peer network is an effective way to disrupt the Bitcoin service. While many attack vectors have been uncovered such as BGP hijacking in the network layer and eclipse attack in the application layer, one significant attack vector that resides in the transport layer is largely overlooked. In this paper, we investigate the TCP vulnerabilities of the Bitcoin system and their consequences. We present Bijack, an off-path TCP hijacking attack on the Bitcoin network that is able to terminate Bitcoin connections or inject malicious data into the connections with only a few prior requirements and a limited amount of knowledge. This results in the Bitcoin network topology leakage, and the Bitcoin nodes isolation. 

Single sign-on (SSO) has provided convenience to users in the web domain as it can authorize a user to access various resource providers (RPs) using the identity provider (IdP)'s unified authentication portal. However, SSO also faces security problems including IdP single-point failure and the privacy associated with identity linkage. In this paper, we present the initial design of an alternative SSO solution called VC-SSO to address the security and privacy problems while preserving SSO's usability. VC-SSO leverages the recently emerged decentralized identifier (DID) and verifiable credential (VC) framework in that a user only needs to authenticate with the IdP once to obtain a VC and then may generate multiple verifiable presentations (VPs) from the VC to access different RPs. This is based on the design that each RP has established a smart contract with the IdP specifying the service agreement and the VP schema for user authorization. We hope the proposed VC-SSO design marks the first step toward a future SSO system that provides strong reliability and privacy to users under adversarial conditions. 

Abstract Developing an eco-friendly, efficient, and highly selective gold-recovery technology is urgently needed in order to maintain sustainable environments and improve the utilization of resources. Here we report an additive-induced gold recovery paradigm based on precisely controlling the reciprocal transformation and instantaneous assembly of the second-sphere coordinated adducts formed between β-cyclodextrin and tetrabromoaurate anions. The additives initiate a rapid assembly process by co-occupying the binding cavity of β-cyclodextrin along with the tetrabromoaurate anions, leading to the formation of supramolecular polymers that precipitate from aqueous solutions as cocrystals. The efficiency of gold recovery reaches 99.8% when dibutyl carbitol is deployed as the additive. This cocrystallization is highly selective for square-planar tetrabromoaurate anions. In a laboratory-scale gold-recovery protocol, over 94% of gold in electronic waste was recovered at gold concentrations as low as 9.3 ppm. This simple protocol constitutes a promising paradigm for the sustainable recovery of gold, featuring reduced energy consumption, low cost inputs, and the avoidance of environmental pollution. 

Telephone users are receiving more and more unwanted calls including spam and scam calls because of the transfer-without-verification nature of global telephone networks, which allows anyone to call any other numbers. To avoid unwanted calls, telephone users often ignore or block all incoming calls from unknown numbers, resulting in the missing of legitimate calls from new callers. This paper takes an end-to-end perspective to present a solution to block unwanted calls while allowing users to define the policies of acceptable calls. The proposed solution involves a new infrastructure based on anonymous credentials, which enables anonymous caller authentication and policy definition. Our design decouples caller authentication and call session initiation and introduces a verification code to interface and bind the two processes. This design minimizes changes to telephone networks, reduces latency to call initiation, and eliminates the need for a call-time data channel. A prototype of the system is implemented to evaluate its feasibility.