Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future

Why Do Developers Get Password Storage Wrong? A Qualitative Usability Study

Passwords are still a mainstay of various security systems, as well as the cause of many usability issues. For end-users, many of these issues have been studied extensively, highlighting problems and informing design decisions for better policies and motivating research into alternatives. However, end-users are not the only ones who have usability problems with passwords! Developers who are tasked with writing the code by which passwords are stored must do so securely. Yet history has shown that this complex task often fails due to human error with catastrophic results. While an end-user who selects a bad password can have dire consequences, the consequences of a developer who forgets to hash and salt a password database can lead to far larger problems. In this paper we present a first qualitative usability study with 20 computer science students to discover how developers deal with password storage and to inform research into aiding developers in the creation of secure password systems

Blown to Bits Project

The book, Blown to Bits, uncovers the many ways that the new digital world has changed and is changing our whole environment. Some changes are incremental but others are more revolutionary. Some of the changes that we welcome are slowly eroding our privacy and are changing the rules of ownership. This book illuminates the complexities of these changes. I have attempted to capture the central points in selected chapters, and in some cases I have added new material or new examples to replace dated material. I picked chapters to summarize that address the following topics (and more). There are many pieces of data that exist about each of us that aggregators can piece together often because we willingly give it up to receive some service. Because of that we have little privacy left. Ownership of digitized content is being redefined legally because digital copies are as good as the original and because those copies are difficult to control. The change from an analog world to a digital world is revolutionary, and the social customs and laws are slow to adapt to the change. Encryption now is generally accepted by legislators because it is necessary for banking transactions and other commercial activity, but it gives rise to activities such as the dark web (example, the Silk Road). How does the technology behind the dark web work? The pervasive nature of digital images, digital text, GPS data, metadata, and the nature of software applications makes inadvertent disclosure of information almost impossible to control. How can laws be fashioned to control predatory behavior on the web? The supplementary materials I have created unpacks the chapters that focus on these issues. In addition I have added other materials useful for instructors who choose to use the book (some technical material, assignments and rubrics).https://scholars.fhsu.edu/informatics_oer/1000/thumbnail.jp

A Behavioural Foundation for Natural Computing and a Programmability Test

What does it mean to claim that a physical or natural system computes? One answer, endorsed here, is that computing is about programming a system to behave in different ways. This paper offers an account of what it means for a physical system to compute based on this notion. It proposes a behavioural characterisation of computing in terms of a measure of programmability, which reflects a system's ability to react to external stimuli. The proposed measure of programmability is useful for classifying computers in terms of the apparent algorithmic complexity of their evolution in time. I make some specific proposals in this connection and discuss this approach in the context of other behavioural approaches, notably Turing's test of machine intelligence. I also anticipate possible objections and consider the applicability of these proposals to the task of relating abstract computation to nature-like computation.Comment: 37 pages, 4 figures. Based on an invited Talk at the Symposium on Natural/Unconventional Computing and its Philosophical Significance, Alan Turing World Congress 2012, Birmingham, UK. http://link.springer.com/article/10.1007/s13347-012-0095-2 Ref. glitch fixed in 2nd. version; Philosophy & Technology (special issue on History and Philosophy of Computing), Springer, 201

A .net based resource sharing framework

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2006.Includes bibliographical references (p. 121-124).This thesis presents an Internet resource sharing architecture. It allows users to access and utilize unused computer resources, such as CPU cycles and storage, without an expert's knowledge. It achieves this by providing a number of abstract services that hide some of the complexity inherent in distributed computing. In recent years, Grid Computing has been proposed as a solution for Internet resource sharing. However, Grid Computing as presently implemented does not address the need of the large majority of the users. In this thesis, we propose a different approach to achieve Internet resource sharing called the Realm. The Realm Framework offers a lightweight layer on top of the Microsoft .Net Framework so that the programs that can be migrated to .Net Framework can also utilize the shared resources through the Realm Framework. By leveraging the Microsoft .Net Framework, the Realm Framework avoids tedious re-working in this fast-paced world of technology by sitting on the top of the full-featured, coherent and up-to-date development platform. The Realm Framework applies current technologies such as Web Services, the Common Language Runtime (CLR) and popular encryption algorithms.(cont.) In this thesis a versatile runtime system and a set of extension interfaces in C# programming language is developed. The modularized software package offers a layered programming model for distributed-application developers with different levels of proficiency. Two utilities that are helpful for maintaining a distributed system are also developed, namely, a dynamic domain-name based inter-realm communication scheme and a distributed debugger. Examples of applying the Realm Framework to several typical scenarios are shown, including embarrassingly parallel problems that require little communication between computing nodes, parallel computing problems that require intensive message-passing between the computing nodes, and universal storage systems that are based on storage media and the messenger-like applications that require a sophisticated communication scheme.by Xiaohan LinPh.D