Context-aware information in mobile devices

This paper describes a novel approach for indoor location and integration of other services in a university campus using Bluetooth Low Energy (BLE) devices. These BLE devices broadcast a Bluetooth signal in a limited and configured range/area, thus functioning as beacons that provide useful context-aware information to nearby devices operating with custom applications. Such applications can interpret the received signals as location and provide a range of useful services to the end user (students, events attendees), namely, indoor location and navigation or personalized complex workflows that require the interaction of the end user with multiple services within the university campus.info:eu-repo/semantics/acceptedVersio

Secure Mutual Self-Authenticable Mechanism for Wearable Devices

YesDue to the limited communication range of wearable devices, there is the need for wearable devices to communicate amongst themselves, supporting devices and the internet or to the internet. Most wearable devices are not internet enabled and most often need an internet enabled broker device or intermediate device in order to reach the internet. For a secure end to end communication between these devices security measures like authentication must be put in place in other to prevent unauthorised access to information given the sensitivity of the information collected and transmitted. Therefore, there are other existing authentication solutions for wearable devices but these solutions actively involve from time to time the user of the device which is prone to a lot of challenges. As a solution to these challenges, this paper proposes a secure point-to-point Self-authentication mechanism that involves device to device interaction. This work exploits existing standards and framework like NFC, PPP, EAP etc. in other to achieve a device compatible secure authentication protocol amongst wearable device and supporting devices.

A Clustering-based Location Privacy Protection Scheme for Pervasive Computing

In pervasive computing environments, Location- Based Services (LBSs) are becoming increasingly important due to continuous advances in mobile networks and positioning technologies. Nevertheless, the wide deployment of LBSs can jeopardize the location privacy of mobile users. Consequently, providing safeguards for location privacy of mobile users against being attacked is an important research issue. In this paper a new scheme for safeguarding location privacy is proposed. Our approach supports location K-anonymity for a wide range of mobile users with their own desired anonymity levels by clustering. The whole area of all users is divided into clusters recursively in order to get the Minimum Bounding Rectangle (MBR). The exact location information of a user is replaced by his MBR. Privacy analysis shows that our approach can achieve high resilience to location privacy threats and provide more privacy than users expect. Complexity analysis shows clusters can be adjusted in real time as mobile users join or leave. Moreover, the clustering algorithms possess strong robustness.Comment: The 3rd IEEE/ACM Int Conf on Cyber, Physical and Social Computing (CPSCom), IEEE, Hangzhou, China, December 18-20, 201

A Novel Privacy Preserving Authentication and Access Control Scheme for Pervasive Computing Environments

Abstract—Privacy and security are two important but seemingly contradictory objectives in a pervasive computing environment (PCE). On one hand, service providers want to authenticate legitimate users and make sure they are accessing their authorized services in a legal way. On the other hand, users want to maintain the necessary privacy without being tracked down for wherever they are and whatever they are doing. In this paper, a novel privacy preserving authentication and access control scheme to secure the interactions between mobile users and services in PCEs is proposed. The proposed scheme seamlessly integrates two underlying cryptographic primitives, namely blind signature and hash chain, into a highly flexible and lightweight authentication and key establishment protocol. The scheme provides explicit mutual authentication between a user and a service while allowing the user to anonymously interact with the service. Differentiated service access control is also enabled in the proposed scheme by classifying mobile users into different service groups. The correctness of the proposed authentication and key establishment protocol is formally verified based on Burrows–Abadi–Needham logic. Index Terms—Access control, authentication, pervasive computing environments (PCEs), security. I

Mobile personal authentication using fingerprint.

Cheng Po Sum.Thesis submitted in: July 2003.Thesis (M.Phil.)--Chinese University of Hong Kong, 2004.Includes bibliographical references (leaves 64-67).Abstracts in English and Chinese.List of Figures --- p.iList of Tables --- p.iiiAcknowledgments --- p.iv摘要 --- p.vThesis Abstract --- p.viChapter 1. --- Mobile Commerce --- p.1Chapter 1.1 --- Introduction to Mobile Commerce --- p.1Chapter 1.2 --- Mobile commence payment systems --- p.2Chapter 1.3 --- Security in mobile commerce --- p.5Chapter 2. --- Mobile authentication using Fingerprint --- p.10Chapter 2.1 --- Authentication basics --- p.10Chapter 2.2 --- Fingerprint basics --- p.12Chapter 2.3 --- Fingerprint authentication using mobile device --- p.15Chapter 3. --- Design of Mobile Fingerprint Authentication Device --- p.19Chapter 3.1 --- Objectives --- p.19Chapter 3.2 --- Hardware and software design --- p.21Chapter 3.2.1 --- Choice of hardware platform --- p.21Chapter 3.3 --- Experiments --- p.25Chapter 3.3.1 --- Design methodology I - DSP --- p.25Chapter 3.3.1.1 --- Hardware platform --- p.25Chapter 3.3.1.2 --- Software platform --- p.26Chapter 3.3.1.3 --- Implementation --- p.26Chapter 3.3.1.4 --- Experiment and result --- p.27Chapter 3.3.2 --- Design methodology II ´ؤ SoC --- p.28Chapter 3.3.2.1 --- Hardware components --- p.28Chapter 3.3.2.2 --- Software components --- p.29Chapter 3.3.2.3 --- Implementation Department of Computer Science and Engineering --- p.29Chapter 3.3.2.4 --- Experiment and result --- p.30Chapter 3.4 --- Observation --- p.30Chapter 4. --- Implementation of the Device --- p.31Chapter 4.1 --- Choice of platforms --- p.31Chapter 4.2 --- Implementation Details --- p.31Chapter 4.2.1 --- Hardware implementation --- p.31Chapter 4.2.1.1 --- Atmel FingerChip --- p.32Chapter 4.2.1.2 --- Gemplus smart card and reader --- p.33Chapter 4.2.2 --- Software implementation --- p.33Chapter 4.2.2.1 --- Operating System --- p.33Chapter 4.2.2.2 --- File System --- p.33Chapter 4.2.2.3 --- Device Driver --- p.35Chapter 4.2.2.4 --- Smart card --- p.38Chapter 4.2.2.5 --- Fingerprint software --- p.41Chapter 4.2.2.6 --- Graphical user interface --- p.41Chapter 4.3 --- Results and observations --- p.44Chapter 5. --- An Application Example 一 A Penalty Ticket Payment System (PTPS) --- p.47Chapter 5.1 --- Requirement --- p.47Chapter 5.2 --- Design Principles --- p.48Chapter 5.3 --- Implementation --- p.52Chapter 5.4 --- Results and Observation --- p.57Chapter 6. --- Conclusions and future work --- p.62Chapter 7. --- References --- p.6

A Flexible, Privacy-Preserving Authentication Framework for Ubiquitous Computing Environments

The proliferation of smart gadgets, appliances, mobile devices, PDAs and sensors has enabled the construction of ubiquitous computing environments, transforming regular physical spaces into “Active Information Spaces” augmented with intelligence and enhanced with services. This new exciting computing paradigm promises to revolutionize the way we interact with computers, services, and the surrounding physical spaces, yielding higher productivity and more seamless interaction between users and computing services. However, the deployment of this computing paradigm in real-life is hindered by poor security, particularly, the lack of proper authentication and access control techniques and privacy preserving protocols. We propose an authentication framework that addresses this problem through the use of different wearable and embedded devices. These devices authenticate entities with varied levels of confidence, in a transparent, convenient, and private manner, allowing the framework to blend nicely into ubiquitous computing environments

Access Control Within MQTT-based IoT environments

IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations.IoT applications, which allow devices, companies, and users to join the IoT ecosystems, are growing in popularity since they increase our lifestyle quality day by day. However, due to the personal nature of the managed data, numerous IoT applications represent a potential threat to user privacy and data confidentiality. Insufficient security protection mechanisms in IoT applications can cause unauthorized users to access data. To solve this security issue, the access control systems, which guarantee only authorized entities to access the resources, are proposed in academic and industrial environments. The main purpose of access control systems is to determine who can access specific resources under which circumstances via the access control policies. An access control model encapsulates the defined set of access control policies. Access control models have been proposed also for IoT environments to protect resources from unauthorized users. Among the existing solutions, the proposals which are based on Attribute-Based Access Control (ABAC) model, have been widely adopted in the last years. In the ABAC model, authorizations are determined by evaluating attributes associated with the subject, object, and environmental properties. ABAC model provides outstanding flexibility and supports fine-grained, context-based access control policies. These characteristics perfectly fit the IoT environments. In this thesis, we employ ABAC to regulate the reception and the publishing of messages exchanged within MQTT-based IoT environments. MQTT is a standard application layer protocol that enables the communication of IoT devices. Even though the current access control systems tailored for IoT environments in the literature handle data sharing among the IoT devices by employing various access control models and mechanisms to address the challenges that have been faced in IoT environments, surprisingly two research challenges have still not been sufficiently examined. The first challenge that we want to address in this thesis is to regulate data sharing among interconnected IoT environments. In interconnected IoT environments, data exchange is carried out by devices connected to different environments. The majority of proposed access control frameworks in the literature aimed at regulating the access to data generated and exchanged within a single IoT environment by adopting centralized enforcement mechanisms. However, currently, most of the IoT applications rely on IoT devices and services distributed in multiple IoT environments to satisfy users’ demands and improve their functionalities. The second challenge that we want to address in this thesis is to regulate data sharing within an IoT environment under ordinary and emergency situations. Recent emergencies, such as the COVID-19 pandemic, have shown that proper emergency management should provide data sharing during an emergency situation to monitor and possibly mitigate the effect of the emergency situation. IoT technologies provide valid support to the development of efficient data sharing and analysis services and appear well suited for building emergency management applications. Additionally, IoT has magnified the possibility of acquiring data from different sensors and employing these data to detect and manage emergencies. An emergency management application in an IoT environment should be complemented with a proper access control approach to control data sharing against unauthorized access. In this thesis, we do a step to address two open research challenges related to data protection in IoT environments which are briefly introduced above. To address these challenges, we propose two access control frameworks rely on ABAC model: the first one regulates data sharing among interconnected MQTT-based IoT environments, whereas the second one regulates data sharing within MQTT-based IoT environment during ordinary and emergency situations

Grundlagen des Autonomen Rechnens

Das vegetative Nervensystem (engl. autonomous nervous system) des Menschen kann das, wovon in der IT-Industrie noch geträumt wird. Abhängig von der aktuellen Umgebung und Tätigkeit reguliert das vegetative Nervensystem mandatorische Körperfunktionen wie Herzfrequenz und Atmung. Reflexe, die dem Selbstschutz dienen, werden automatisch ausgelöst. Verletzungen heilen von selbst, ohne dass man seine normalen Tätigkeiten dafür unterbrechen müsste. Im Rahmen des Seminars „Autonomic Computing“ im Sommersemester 2003 am Institut für Programmstrukturen und Datenorganisation der Universität Karlsruhe wurden Grundlagen dieses Autonomen Rechnens besprochen. Als Basis für Selbstkonfiguration und Selbstoptimierung werden in „Kontextbewusstsein: Ein Überblick“ Techniken zur Erfassung des physischen und sozialen Kontexts einer Anwendung erläutert. Die dienstorientierte Architektur und konkrete Implementierungen wie z.B. UPnP, Jini oder Bluetooth werden in „Aktuelle Technologien zur Realisierung dienstorientierter Architekturen“ behandelt. Die Arbeit „Service- Orientierung und das Semantic Web“ beschreibt, wie Semantic Web Technologien zur Beschreibung von Web Services verwendet werden können mit dem Ziel der automatischen Dienstfindung. Danach wird der Begriff „Selbstbewusstsein“ in bezug auf Software anhand zweier komplementärer Forschungsprojekte definiert. Technologien zur Überwachung des Laufzeitverhaltens von Rechnersystemen mit dem Ziel der selbstständigen Optimierung sind Gegenstand der Arbeit „Selbst-Überwachung und Selbst-Optimierung“. Der Artikel „Selbst-Schutz“ fasst die Sicherheitsanforderungen zusammen, die an ein autonomes Computersystem gestellt werden müssen und die Techniken, um solche Anforderungen zu erfüllen. Ansätze aus dem Bereich wiederherstellungsorientiertes- und fehlertolerantes Rechnen werden in „Selbst-Heilung“, „ROC – Recovery Oriented Computing“ und „Recovery Oriented Computing: Modularisierung und Redundanz“ vorgestellt. Alle Ausarbeitungen und Präsentationen sind auch elektronisch auf der diesem Band beiliegenden CD oder unter www.autonomic-computing.org verfügbar

The usability of knowledge based authentication methods on mobile devices

Mobile devices are providing ever increasing functionality to users, and the risks associated with applications storing personal details are high. Graphical authentication methods have been shown to provide better security in terms of password space than traditional approaches, as well as being more memorable. The usability of any system is important since an unusable system will often be avoided. This thesis aims to investigate graphical authentication methods based on recall, cued recall and recognition memory in terms of their usability and security