Carlton Shepherd
YOU?
Author Swipe
View article: Practical <scp>PFAS</scp> Immobilization in the Vadose Zone by Extreme Soil Vapor Extraction: Conceptual Understanding, Modeling, and Cost Analysis
Practical <span>PFAS</span> Immobilization in the Vadose Zone by Extreme Soil Vapor Extraction: Conceptual Understanding, Modeling, and Cost Analysis Open
Practical and cost‐effective technologies are needed for per‐ and polyfluoroalkyl substance (PFAS) sources in the vadose zone to prevent continued migration of these contaminants from soil to groundwater. Many PFAS are characterized by hig…
View article: Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security
Entropy Collapse in Mobile Sensors: The Hidden Risks of Sensor-Based Security Open
Mobile sensor data has been proposed for security-critical applications such as device pairing, proximity detection, and continuous authentication. However, the foundational premise that these signals provide sufficient entropy remains und…
View article: Generative AI Misuse Potential in Cyber Security Education: A Case Study of a UK Degree Program
Generative AI Misuse Potential in Cyber Security Education: A Case Study of a UK Degree Program Open
Recent advances in generative artificial intelligence (AI), such as ChatGPT, Google Gemini, and other large language models (LLMs), pose significant challenges to upholding academic integrity in higher education. This paper investigates th…
View article: Addressing Network Packet-based Cheats in Multiplayer Games: A Secret Sharing Approach
Addressing Network Packet-based Cheats in Multiplayer Games: A Secret Sharing Approach Open
Multiplayer online gaming has witnessed an explosion in popularity over the past two decades. However, security issues continue to give rise to in-game cheating, deterring honest gameplay, detracting from user experience, and ultimately br…
View article: CO-TSM: A Flexible Model for Secure Embedded Device Ownership and Management
CO-TSM: A Flexible Model for Secure Embedded Device Ownership and Management Open
The Consumer-Oriented Trusted Service Manager (CO-TSM) model has been recognised as a significant advancement in managing applications on Near Field Communication (NFC)-enabled mobile devices and multi-application smart cards. Traditional …
View article: Control-Flow Attestation: Concepts, Solutions, and Open Challenges
Control-Flow Attestation: Concepts, Solutions, and Open Challenges Open
Control-flow attestation unifies the worlds of control-flow integrity and platform attestation by measuring and reporting a target's run-time behaviour to a verifier. Trust assurances in the target are provided by testing whether its execu…
View article: Using Ambient Sensors for Proximity and Relay Attack Detection in NFC Transactions: A Reproducibility Study
Using Ambient Sensors for Proximity and Relay Attack Detection in NFC Transactions: A Reproducibility Study Open
Near-Field Communication (NFC) has enabled mobile devices to emulate contactless smart cards, which has also rendered them susceptible to relay attacks. Numerous countermeasures have been proposed that use ambient sensors as an anti-relay …
View article: A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery
A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery Open
Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their …
View article: Investigating Black-Box Function Recognition Using Hardware Performance Counters
Investigating Black-Box Function Recognition Using Hardware Performance Counters Open
This paper presents new methods and results for recognising black-box program functions using hardware performance counters (HPC), where an investigator can invoke and measure function calls. Important use cases include analysing compiled …
View article: A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Profiling on Mobile Devices
A Side-channel Analysis of Sensor Multiplexing for Covert Channels and Application Profiling on Mobile Devices Open
Mobile devices often distribute measurements from physical sensors to multiple applications using software multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications, even if others request m…
View article: Exploiting Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices.
Exploiting Sensor Multiplexing for Covert Channels and Application Fingerprinting on Mobile Devices. Open
Mobile devices often distribute measurements from a single physical sensor to multiple applications using software-based multiplexing. On Android devices, the highest requested sampling frequency is returned to all applications even if oth…
View article: A New Approach to Complex Dynamic Geofencing for Unmanned Aerial Vehicles
A New Approach to Complex Dynamic Geofencing for Unmanned Aerial Vehicles Open
The anticipated widespread use of unmanned aerial vehicles (UAVs) raises significant safety and security concerns, including trespassing in restricted areas, colliding with other UAVs, and disrupting high-traffic airspaces. To mitigate the…
View article: Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Survey
Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Survey Open
Today's mobile devices contain densely packaged system-on-chips (SoCs) with multi-core, high-frequency CPUs and complex pipelines. In parallel, sophisticated SoC-assisted security mechanisms have become commonplace for protecting device da…
View article: A DLT-based Smart Contract Architecture for Atomic and Scalable Trading
A DLT-based Smart Contract Architecture for Atomic and Scalable Trading Open
Distributed Ledger Technology (DLT) has an enormous potential but also downsides. One downside of many DLT systems, such as blockchain, is their limited transaction throughput that hinders their adoption in many use cases (e.g., real-time …
View article: LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices
LIRA-V: Lightweight Remote Attestation for Constrained RISC-V Devices Open
This paper presents LIRA-V, a lightweight system for performing remote attestation between constrained devices using the RISC-V architecture. We propose using read-only memory and the RISC-V Physical Memory Protection (PMP) primitive to bu…
View article: Privacy-Enhancing Fall Detection from Remote Sensor Data Using Multi-Party Computation
Privacy-Enhancing Fall Detection from Remote Sensor Data Using Multi-Party Computation Open
Motion-based fall detection systems are concerned with detecting falls from vulnerable users, which is typically performed by classifying measurements from a body-worn inertial measurement unit (IMU) using machine learning. Such systems, h…
View article: Privacy-Enhancing Context Authentication from Location-Sensitive Data
Privacy-Enhancing Context Authentication from Location-Sensitive Data Open
This paper proposes a new privacy-enhancing, context-aware user authentication system, ConSec, which uses a transformation of general location-sensitive data, such as GPS location, barometric altitude and noise levels, collected from the u…
View article: Providing Confidential Cloud-based Fall Detection from Remote Sensor Data Using Multi-Party Computation.
Providing Confidential Cloud-based Fall Detection from Remote Sensor Data Using Multi-Party Computation. Open
Fall detection systems are concerned with rapidly detecting the occurrence of falls from elderly and disabled users using data from a body-worn inertial measurement unit (IMU), which is typically used in conjunction with machine learning-b…
View article: Enhancing the Privacy and Computability of Location-Sensitive Data for Context Authentication.
Enhancing the Privacy and Computability of Location-Sensitive Data for Context Authentication. Open
This paper proposes a new privacy-enhancing, context-aware user authentication system, ConSec, which uses a transformation of general location-sensitive data, such as GPS location, barometric altitude and noise levels, collected from the u…
View article: Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs.
Secure Remote Credential Management with Mutual Attestation for Constrained Sensing Platforms with TEEs. Open
Trusted Execution Environments (TEEs) are rapidly emerging as the go-to root of trust for protecting sensitive applications and data using hardware-backed isolated worlds of execution -- surpassing related initiatives, such as Secure Eleme…
View article: On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks
On the Effectiveness of Ambient Sensing for Detecting NFC Relay Attacks Open
Smartphones with Near-Field Communication (NFC) may emulate contactless smart cards, which has resulted in the deployment of various access control, transportation and payment services, such as Google Pay and Apple Pay. Like contactless ca…