Wireless networks are vulnerable to Sybil attacks, in which a malicious node poses as many identities in order to gain disproportionate influence. Many defenses based on spatial variability of wireless channels exist, but depend either on detailed, multi-tap channel estimation-something not exposed on commodity 802.11 devices-or valid RSSI observations ...

The aim of this paper is to identify user errors, and the related potential design deficiencies, that contributed to participants failing to vote cast and vote verify across three end-to-end voting systems: Helios, Prêt à Voter, and Scantegrity II. To understand why voters could not cast a vote 42% of the time and verify that their ballots were cast ...

Memory analysis is slowly moving up the software stack. Early analysis efforts focused on core OS structures and services. As this field evolves, more information becomes accessible because analysis tools can build on foundational frameworks like Volatility and Rekall. This paper demonstrates and establishes memory analysis techniques for managed ...

In this paper we present analysis of the RC4 stream cipher and show that for each 2048-bit key there exists a family of related keys, differing in one of the byte positions. The keystreams generated by RC4 for a key and its related keys are substantially similar in the initial hundred bytes before diverging. RC4 is most commonly used with a 128-bit ...

A key subproblem in the construction of location-aware systems is the determination of the position of a mobile device. This paper describes the design, implementation and analysis of a system for determining position from measured RF signal strengths in the IEEE 802.11b wireless Ethernet network. Previous approaches in the location-aware field with ...

We present a new class of low-bandwidth denial of service attacks that exploit algorithmic deficiencies in many common applications' data structures. Frequently used data structures have "average-case'' expected running time that's far more efficient than the worst case. For example, both binary trees and hash tables can degenerate to linked lists ...

The November 2006 race for Florida’s 13th Congressional District resulted in a 369 vote margin of victory for the winning candidate with more than 18,000 undervotes recorded on the ES&S iVotronic touch-screen voting machines used in Sarasota County. Since then, the losing candidate and a coalition of local voters have filed suit against the state and ...

My.MP3.com is a service that streams audio in the MP3 format to its users. In order to resolve copyright concerns, the service first requires that a user prove he or she owns the right to listen to a particular CD. The mechanism used for the verification is a program called Beam-it which reads a random subset of an audio CD and interacts with the ...

Language runtime systems are increasingly being embedded in systems to support runtime extensibility via mobile code. Such systems raise a number of concerns when the code running in such systems is potentially buggy or untrusted. While sophisticated access controls have been designed for mobile code and are shipping as part of commercial systems ...

Puppeteer is a system for adapting component-based applications in mobile environments. Puppeteer takes advantage of the component-based nature of the applications to perform adaptation without modifying the applications. We illustrate the power of Puppeteer by demonstrating adaptations that would otherwise require significant modifications to the ...