Distributed EaaS simulation using TEEs: A case study in the implementation and practical application of an embedded computer cluster

Internet of Things (IoT) devices with limited resources struggle to generate the high-quality entropy required for high-quality randomness. This results in weak cryptographic keys. As keys are a single point of failure in modern cryptography, IoT devices performing cryptographic operations may be susceptible to a variety of attacks. To address this issue, we develop an Entropy as a Service (EaaS) simulation. The purpose of EaaS is to provide IoT devices with high-quality entropy as a service so that they can use it to generate strong keys. Additionally, we utilise Trusted Execution Environments (TEEs) in the simulation. TEE is a secure processor component that provides data protection, integrity, and confidentiality for select applications running on the processor by isolating them from other system processes (including the OS). TEE thereby enhances system security. The EaaS simulation is performed on a computer cluster known as the Magi cluster. Magi cluster is a private computer cluster that has been designed, built, configured, and tested as part of this thesis to meet the requirements of Tampere University's Network and Information Security Group (NISEC). In this thesis, we explain how the Magi cluster is implemented and how it is utilised to conduct a distributed EaaS simulation utilising TEEs.Esineiden internetin (Internet of Things, IoT) laitteilla on tyypillisesti rajallisten resurssien vuoksi haasteita tuottaa tarpeeksi korkealaatuista entropiaa vahvan satunnaisuuden luomiseen. Tämä johtaa heikkoihin salausavaimiin. Koska salausavaimet ovat modernin kryptografian heikoin lenkki, IoT-laitteilla tehtävät kryptografiset operaatiot saattavat olla haavoittuvaisia useita erilaisia hyökkäyksiä vastaan. Ratkaistaksemme tämän ongelman kehitämme simulaation, joka tarjoaa IoT-laitteille vahvaa entropiaa palveluna (Entropy as a Service, EaaS). EaaS-simulaation ideana on jakaa korkealaatuista entropiaa palveluna IoT-laitteille, jotta ne pystyvät luomaan vahvoja salausavaimia. Hyödynnämme simulaatiossa lisäksi luotettuja suoritusympäristöjä (Trusted Execution Environment, TEE). TEE on prosessorilla oleva erillinen komponentti, joka tarjoaa eristetyn ja turvallisen ajoympäristön valituille ohjelmille. TEE:tä hyödyntämällä ajonaikaiselle ohjelmalle voidaan taata datan suojaus, luottamuksellisuus sekä eheys eristämällä se muista järjestelmällä ajetuista ohjelmista (mukaan lukien käyttöjärjestelmä). Näin ollen TEE parantaa järjestelmän tietoturvallisuutta. EaaS-simulaatio toteutetaan Magi-nimisellä tietokoneklusterilla. Magi on Tampereen Yliopiston Network and Information Security Group (NISEC) -tutkimusryhmän oma yksityinen klusteri, joka on suunniteltu, rakennettu, määritelty ja testattu osana tätä diplomityötä. Tässä diplomityössä käymme läpi, kuinka Magi-klusteri on toteutettu ja kuinka sillä toteutetaan hajautettu EaaS-simulaatio hyödyntäen TEE:itä

Hydropedological digital mapping: machine learning applied to spectral VIS-IR and radiometric data dimensionality reduction.

Pedosphere-hydrosphere interface accounts for the association between soil hydrology and landscape, represented by topographic and Remote Sensing data support and integration. This study aimed to analyze different statistical radiometric and spectral data selection methods and dimensionality reduce environment-related data to support the classification of soil physical-hydric properties, such as soil basic infiltration rate (bir) and saturated hydraulic conductivity (Ksat); as well as to act in data mining processes applied to hydropedological properties digital mapping. Accordingly, research integrated information from Visible to Infrared (VIS-IR) spectral indices and Sentinel's 2A mission Multispectral Instrument (MSI) sensor bands, terrain numerical modeling and aerogeophysics set to model soil-water content in two soil layers (0.00-0.20 m and 0.20-0.40 m). Pre-processed data were subjected to statistical analysis (multivariate and hypothesis tests); subsequently, the methods were applied (variation inflation factor - VIF, Stepwise Akaike information criterion - Stepwise AIC, and recursive feature elimination - RFE) to mine covariates used for Random Forest modeling. Based on the results, there were distinctions and singularities in spectral and radiometric data selection for each adopted method; the importance degree, and contribution of each one to soil physical-hydric properties have varied. According to the applied statistical metrics and decision-making criteria (highest R2 and lowest RMSE / MAE), the chosen methods were RFE (0.00-0.20 m layers) and Stepwise AIC (0.20-0.40 m layers) - both concerned with the assessed variables (bir and Ksat). This approach captured the importance of environmental variables and highlighted their potential use in hydropedological digital mapping at Guapi-Macacu watershed

30th International Conference on Condition Monitoring and Diagnostic Engineering Management (COMADEM 2017)

Proceedings of COMADEM 201

Impact of assistive technologies in supporting people with dementia.

In recent decades, many Assistive Technologies (ATs) have been developed to promote independence among people with dementia (PWD). Although there is a high rate of AT abandonment, only a handful of studies have focused on AT usability evaluation from the user point of view. The aim of this thesis is to empirically investigate the usability of ATs from the PWD and to measure its impacts on their lives. Following the Multi-methods research approach, the first part of the thesis uses secondary research methods including literature review and systematic mapping studies. The second part uses primary research methods including interviews (N=20) and questionnaire (N=327) based surveys for data collection and requirements elicitation. The third part is based on the design, development, and testing of an assistive software application through case studies (N=8). The first mapping study categorised existing general ATs into five major categories: robotics, monitoring, reminders, communication, and software. The second mapping study categorised software-based ATs into nine categories: cognitive help, reminders, health/activity monitoring, socialization, leisure, travel help, dementia detection, dementia prevention, and rehabilitation. The qualitative results showed that most of the PWD use ATs for socialization, and highlighted user interface efficacy, tailoring individual needs, and simplified functions as the major limitations of existing ATs. The quantitative results identified eleven factors for ATs usage: operational support, physical support, psychological support, social support, cultural match, reduced external help, affordability, travel help, compatibility, effectiveness, and retention. The statistical analysis showed that improved (social, psychological and travel) support and reduced need of external help for operating ATs, greatly impact AT effectiveness and retention. Based on PWD requirements, an assistive software application named E-Community for Dementia (ECD) was developed and tested through case studies involving 8 PWD and 40 volunteers. The participants were able to get their daily needed items in less time and with a friendlier manner through the help of their neighbours. The involvement of the caregivers for medication, meals, prayers etc. reduced significantly. The painting function helped evoke their memories, and encouraged them to perform activities from their youth. The news and weather functions kept them updated about the world around them. The travel tutor guided them in safe travel outside home and made sure that they got back home independently. The enhanced interaction between the PWD and their neighbours significantly reduced their social isolation. The results support the idea to create dementia-friendly communities at street levels, which is a cost-effective and reliable solution. The major outcomes from this thesis are AT categorization, evaluation of user experiences, factor identification and ranking, user requirements elicitation, assistive software application development, and case studies. This thesis helps considerably towards empirical investigation of the impact of ATs in supporting the PWD. The implementation of the ECD contributes towards the wellbeing of the PWD and saves costs spent on caregivers and carer companies. In future, the same study could be conducted in other settings to analyse the role of culture in AT acceptance

An intelligent intrusion detection system for external communications in autonomous vehicles

Advancements in computing, electronics and mechanical systems have resulted in the creation of a new class of vehicles called autonomous vehicles. These vehicles function using sensory input with an on-board computation system. Self-driving vehicles use an ad hoc vehicular network called VANET. The network has ad hoc infrastructure with mobile vehicles that communicate through open wireless channels. This thesis studies the design and implementation of a novel intelligent intrusion detection system which secures the external communication of self-driving vehicles. This thesis makes the following four contributions: It proposes a hybrid intrusion detection system to protect the external communication in self-driving vehicles from potential attacks. This has been achieved using fuzzification and artificial intelligence. The second contribution is the incorporation of the Integrated Circuit Metrics (ICMetrics) for improved security and privacy. By using the ICMetrics, specific device features have been used to create a unique identity for vehicles. Our work is based on using the bias in on board sensory systems to create ICMetrics for self-driving vehicles. The incorporation of fuzzy petri net in autonomous vehicles is the third contribution of the thesis. Simulation results show that the scheme can successfully detect denial-of-service attacks. The design of a clustering based hierarchical detection system has also been presented to detect worm hole and Sybil attacks. The final contribution of this research is an integrated intrusion detection system which detects various attacks by using a central database in BusNet. The proposed schemes have been simulated using the data extracted from trace files. Simulation results have been compared and studied for high levels of detection capability and performance. Analysis shows that the proposed schemes provide high detection rate with a low rate of false alarm. The system can detect various attacks in an optimised way owing to a reduction in the number of features, fuzzification

Computational Methods for Medical and Cyber Security

Over the past decade, computational methods, including machine learning (ML) and deep learning (DL), have been exponentially growing in their development of solutions in various domains, especially medicine, cybersecurity, finance, and education. While these applications of machine learning algorithms have been proven beneficial in various fields, many shortcomings have also been highlighted, such as the lack of benchmark datasets, the inability to learn from small datasets, the cost of architecture, adversarial attacks, and imbalanced datasets. On the other hand, new and emerging algorithms, such as deep learning, one-shot learning, continuous learning, and generative adversarial networks, have successfully solved various tasks in these fields. Therefore, applying these new methods to life-critical missions is crucial, as is measuring these less-traditional algorithms' success when used in these fields

Unmanned Aerial Vehicle (UAV)-Enabled Wireless Communications and Networking

The emerging massive density of human-held and machine-type nodes implies larger traffic deviatiolns in the future than we are facing today. In the future, the network will be characterized by a high degree of flexibility, allowing it to adapt smoothly, autonomously, and efficiently to the quickly changing traffic demands both in time and space. This flexibility cannot be achieved when the network’s infrastructure remains static. To this end, the topic of UAVs (unmanned aerial vehicles) have enabled wireless communications, and networking has received increased attention. As mentioned above, the network must serve a massive density of nodes that can be either human-held (user devices) or machine-type nodes (sensors). If we wish to properly serve these nodes and optimize their data, a proper wireless connection is fundamental. This can be achieved by using UAV-enabled communication and networks. This Special Issue addresses the many existing issues that still exist to allow UAV-enabled wireless communications and networking to be properly rolled out

Tackling the barriers to achieving Information Assurance

A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of Philosophy.This original, reflective practitioner study researched whether professionalising IA could be successfully achieved, in line with the UK Cyber Security Strategy expectations. The context was an observed changing dominant narrative from IA to cybersecurity. The research provides a dialectical relationship with the past to improve IA understanding. The Academic contribution: Using archival and survey data, the research traced the origins of the term IA and its practitioner usage, in the context of the increasing use of the neologism of cybersecurity, contributing to knowledge through historical research. Discourse analysis of predominantly UK government reports, policy direction, legislative and regulatory changes, reviewing texts to explore the functions served by specific constructions, mainly Information Security (Infosec) vs IA. The Researcher studied how accounts were linguistically constructed in terms of the descriptive, referential and rhetorical language used, and the function that serves. The results were captured in a chronological review of IA ontology. The Practitioner contribution: Through an initial Participatory Action Research (PAR) public sector case study, the researcher sought to make sense of how the IA profession operates and how it was maturing. Data collection from self-professed IA practitioners provided empirical evidence. The researcher undertook evolutionary work analysing survey responses and developed theories from the analysis to answer the research questions. The researcher observed a need to implement a unified approach to Information Governance (IG) on a large organisation-wide scale. Using a constructivist grounded theory the researcher developed a new theoretical framework - i3GRC™ (Integrated and Informed Information Governance, Risk, and Compliance) - based on what people actually say and do within the IA profession. i3GRC™ supports the required Information Protection (IP) through maturation from IA to holistic IG. Again, using PAR, the theoretical framework was tested through a private sector case study, the resultant experience strengthening the bridge between academia and practitioners