System Design of Internet-of-Things for Residential Smart Grid

Internet-of-Things (IoTs) envisions to integrate, coordinate, communicate, and collaborate real-world objects in order to perform daily tasks in a more intelligent and efficient manner. To comprehend this vision, this paper studies the design of a large scale IoT system for smart grid application, which constitutes a large number of home users and has the requirement of fast response time. In particular, we focus on the messaging protocol of a universal IoT home gateway, where our cloud enabled system consists of a backend server, unified home gateway (UHG) at the end users, and user interface for mobile devices. We discuss the features of such IoT system to support a large scale deployment with a UHG and real-time residential smart grid applications. Based on the requirements, we design an IoT system using the XMPP protocol, and implemented in a testbed for energy management applications. To show the effectiveness of the designed testbed, we present some results using the proposed IoT architecture.Comment: 10 pages, 6 figures, journal pape

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

Open-TEE - An Open Virtual Trusted Execution Environment

Hardware-based Trusted Execution Environments (TEEs) are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. Recent standardization of TEE interfaces by GlobalPlatform (GP) promises to partially address this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors. Nevertheless ordinary developers wishing to develop trusted applications face significant challenges. Access to hardware TEE interfaces are difficult to obtain without support from vendors. Tools and software needed to develop and debug trusted applications may be expensive or non-existent. In this paper, we describe Open-TEE, a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications. It allows developers to develop and debug trusted applications with the same tools they use for developing software in general. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE. Through performance measurements and a user study we demonstrate that Open-TEE is efficient and easy to use. We have made Open- TEE freely available as open source.Comment: Author's version of article to appear in 14th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, TrustCom 2015, Helsinki, Finland, August 20-22, 201

Human Aspects in Digital Rights Management: the Perspective of Content Developers.

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security and law. Most importantly, understanding the perspectives behind the circumvention of content security may have a significant impact on DRM effectiveness and acceptance at the same time. While there has been valuable research on consumer acceptability, (The INDICARE project, Bohle 2008, Akester 2009) there is hardly any work on the human perspective of content creators. Taking video games as a case study, this paper employs qualitative socio-legal analysis and an interdisciplinary approach to explore this particular aspect of content protection

DRM and Privacy

Interrogating the relationship between copyright enforcement and privacy raises deeper questions about the nature of privacy and what counts, or ought to count, as privacy invasion in the age of networked digital technologies. This Article begins, in Part II, by identifying the privacy interests that individuals enjoy in their intellectual activities and exploring the different ways in which certain implementations of DRM technologies may threaten those interests. Part III considers the appropriate scope of legal protection for privacy in the context of DRM, and argues that both the common law of privacy and an expanded conception of consumer protection law have roles to play in protecting the privacy of information users. As Parts II and III demonstrate, consideration of how the theory and law of privacy should respond to the development and implementation of DRM technologies also raises the reverse question: How should the development and implementation of DRM technologies respond to privacy theory and law? As artifacts designed to regulate user behavior, DRM technologies already embody value choices. Might privacy itself become one of the values embodied in DRM design? Part IV argues that with some conceptual and procedural adjustments, DRM technologies and related standard-setting processes could be harnessed to preserve and protect privacy

Human aspects of digital rights management: the perspective of content developers. [Conference Paper]

Legal norms and social behaviours are some of the human aspects surrounding the effectiveness and future of DRM security. Further exploration of these aspects would help unravel the complexities of the interaction between rights protection security and law. Most importantly, understanding the perspectives behind the circumvention of content security may have a significant impact on DRM effectiveness and acceptance at the same time. While there has been valuable research on consumer acceptability (The INDICARE project, Bohle 2008, Akester 2009), there is hardly any work on the human perspective of content creators. Taking video games as a case study, this paper employs qualitative socio-legal analysis and an interdisciplinary approach to explore this particular aspect of content protection

Digital Rights Management, Fair Use, and Privacy: Problems for Copyright Enforcement through Technology

This article discusses the nature of Digital Rights Management (DRM) systems with regard to the problems they pose to traditional exceptions to copyright restrictions. Problems of fair use and the copying of material for preservation are examined in the context of the architecture of digital rights management systems, and the limitations of current DRM systems in accommodating these policies are examined. The monitoring of usage by the licensing modules of these systems is also criticized for its lack of protection of user privacy and the potential chilling of intellectual freedom. Various potential solutions to these are briefly surveyed with a view of improving DRM and preserving traditional library values

Securing Mobile Access of Confidential Documents by Integrating Trusted Computing Platforms with Digital Rights Managements

The mature mobile network today empowers mobile employees to access Intranet documents via mobile devices and increases the productivity of company workers. Internal documents transmitted without encryption through the open mobile networks undoubtedly creates security holes for eavesdroppers. A common way to provide preliminary protections for an important document to be accessed outside the Intranet is to transmit the document after encryption. Such mechanisms, however, cannot assure the security of documents because the documents can be decrypted and then forwarded without protections once the ciphering keys were known. Therefore, we propose an approach to enhance the security of transmitted mobile documents, using the idea from digital rights managements. A confidential document is encrypted so that, except the targeted mobile user, none can read the confidential document without proper rights. The proposed approach utilizes the trusted computing platforms (TPM) technology to protect the rights object of a confidential document. A rights object can be as simple as a ciphering key of the document or as complicated as the usage-rules of the document. We use the public key in TPM to encrypt the rights object so that only the dedicated mobile device, i.e. the mobile user, may decrypt the rights object using the private key of the device. A malicious user can never decrypt the rights to access the transmitted document, which is encrypted. Moreover, the usage-rules in the rights object may specify whether the document can be further forwarded or be read more than once, and so on. Therefore, the proposed scheme provides maximum flexibilities for mobile employees to access confidential documents without compromising the security, in addition to the mobility and timeliness of mobile environments