This ebook is the first authorized digital version of Kernighan and Ritchie's 1988 classic, The C Programming Language (2nd Ed.). One of the best-selling programming books published in the last fifty years, "K&R" has been called everything from the "bible" to "a landmark in computer science" and it has influenced generations of programmers. Available now for all leading ebook platforms, this concise and beautifully written text is a "must-have" reference for every serious programmers digital library.

As modestly described by the authors in the Preface to the First Edition, this "is not an introductory programming manual; it assumes some familiarity with basic programming concepts like variables, assignment statements, loops, and functions. Nonetheless, a novice programmer should be able to read along and pick up the language, although access to a more knowledgeable colleague will help."

The C programming language

ONAG, as the book is commonly known, is one of those rare publications that sprang to life in a moment of creative energy and has remained influential for over a quarter of a century. Originally written to define the relation between the theories of transfinite numbers and mathematical games, the resulting work is a mathematically sophisticated but eminently enjoyable guide to game theory. By defining numbers as the strengths of positions in certain games, the author arrives at a new class, the surreal numbers, that includes both real numbers and ordinal numbers. These surreal numbers are applied in the author's mathematical analysis of game strategies. The additions to the Second Edition present recent developments in the area of mathematical game theory, with a concentration on surreal numbers and the additive theory of partizan games.

On numbers and games, by J. H. Conway. Pp ix, 238. £6·50. 1976. SBN 0 12 186350 6 (Academic Press)

Password patterns, as used on current Android phones, and other shape-based authentication schemes are highly usable and memorable. In terms of security, they are rather weak since the shapes are easy to steal and reproduce. In this work, we introduce an implicit authentication approach that enhances password patterns with an additional security layer, transparent to the user. In short, users are not only authenticated by the shape they input but also by the way they perform the input. We conducted two consecutive studies, a lab and a long-term study, using Android applications to collect and log data from user input on a touch screen of standard commercial smartphones. Analyses using dynamic time warping (DTW) provided first proof that it is actually possible to distinguish different users and use this information to increase security of the input while keeping the convenience for the user high.

/pdf/touch-me-once-and-i-know-it-s-you-implicit-authentication-w8bvr9i466.pdf

Touch me once and i know it's you!: implicit authentication based on touch screen patterns

Touch me once and I know it's you! Implicit Authentication Based on Touch Screen

Near Field Communication (NFC) as a promising short range wireless communication technology facilitates mobile phone usage of billions of people throughout the world that offers diverse services ranging from payment and loyalty applications to access keys for offices and houses. Eventually NFC technology integrates all such services into one single mobile phone. NFC technology has emerged lately, and consequently not much academic source is available yet. On the contrary, due to its promising business case options, there will be an increasing amount of work to be studied in the very close future. This paper presents the concept of NFC technology in a holistic approach with different perspectives, including communication essentials with standards, ecosystem and business issues, applications, and security issues. Open research areas and further recommended studies in terms of academic and business point of view are also explored and discussed at the end of each major subject's subsection. This comprehensive survey will be a valuable guide for researchers and academicians as well as for business world interested in NFC technology.

A Survey on Near Field Communication (NFC) Technology

NFC is a standardised technology providing short-range RFID communication channels for mobile devices Peer-to-peer applications for mobile devices are receiving increased interest and in some cases these services are relying on NFC communication It has been suggested that NFC systems are particularly vulnerable to relay attacks, and that the attacker's proxy devices could even be implemented using off-the-shelf NFC-enabled devices This paper describes how a relay attack can be implemented against systems using legitimate peer-to-peer NFC communication by developing and installing suitable MIDlets on the attacker's own NFC-enabled mobile phones The attack does not need to access secure program memory nor use any code signing, and can use publicly available APIs We go on to discuss how relay attack countermeasures using device location could be used in the mobile environment These countermeasures could also be applied to prevent relay attacks on contactless applications using 'passive' NFC on mobile phones

Practical NFC peer-to-peer relay attack using mobile phones

/pdf/practical-relay-attack-on-contactless-transactions-by-using-2k6drrospk.pdf

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones.

Contactless technology is widely used in security sensitive applications, including identification, payment and access-control systems. Near Field Communication (NFC) is a short-range contactless technology allowing mobile devices to act primarily as either a reader or a token. Relay attacks exploit the assumption that a contactless token within communication range is in close proximity, by placing a proxy-token in range of a contactless reader and relaying communication over a greater distance to a proxy-reader communicating with the authentic token. It has been theorised that NFC-enabled mobile phones could be used as a generic relay attack platform without any additional hardware, but this has not been successfully demonstrated in practice. We present a practical implementation of an NFC-enabled relay attack, requiring only suitable mobile software applications. This implementation reduces the complexity of relay attacks and therefore has potential security implications for current contactless systems. We also discuss countermeasures to mitigate the attack.

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

In this paper we investigate the possibility that a Near Field Communication (NFC) enabled mobile phone, with an embedded Secure Element (SE), could be used as a mobile token cloning and skimming platform. We show how an attacker could use a NFC mobile phone as such an attack platform by exploiting the existing security controls of the embedded SE and the available contactless APIs. To illustrate the feasibility of these actions we also show how to practically skim and emulate certain tokens typically used in payment and access control applications with a NFC mobile phone. Although such attacks can also be implemented on other contactless platforms, such as custom-built card emulators and modified readers, the NFC-enabled mobile phone has a legitimate form factor, which would be accepted by merchants and arouse less suspicion in public. Finally, we propose several security countermeasures for NFC phones that could prevent such misuse.

http://proxmark.nl/files/Documents/NFC/Potential_misuse_of_NFC_enabled_mobile_phones_with_embedded_security_elements_as_contactless_attack_platforms.pdf

Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms

Digital content providers seek to restrict usage by implementing conditional access. One such scenario is the security aspects of digital video broadcast (DVB-S). There has been a history of attacks on this technology to circumvent any security measures and some techniques have been countered by the deployment of customised/provider specific receivers. However, this leads to less choice and the duplication of equipment at the customer level. Open satellite receivers have been introduced to allow a single user to access several different services from a single piece of receiver equipment. These boxes provide a highly configurable environment with software emulations of conditional access systems that is open to abuse. The internet has allowed communities with in-depth expertise to grow up around open receiver equipment; effectively communicating attack methods as they evolve. A new level of emerging attack is a card sharing by which one legitimate user colludes to provide protected content to a larger group of illegitimate users. In this paper we propose countermeasures to protect DVB-S content against this species of attack by enforcing behavioural contracts and correct usage guidelines within the smart card.

/pdf/countermeasures-for-attacks-on-satellite-tv-cards-using-open-uctd5snzok.pdf

Lishoy Francis

Papers

Practical NFC peer-to-peer relay attack using mobile phones

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones.

Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones

Potential misuse of NFC enabled mobile phones with embedded security elements as contactless attack platforms

Countermeasures for attacks on satellite TV cards using open receivers