Distributed Smart City Services for Urban Ecosystems

A Smart City is a high-performance urban context, where citizens live independently and are more aware of the surrounding opportunities, thanks to forward-looking development of economy politics, governance, mobility and environment. ICT infrastructures play a key-role in this new research field being also a mean for society to allow new ideas to prosper and new, more efficient approaches to be developed. The aim of this work is to research and develop novel solutions, here called smart services, in order to solve several upcoming problems and known issues in urban areas and more in general in the modern society context. A specific focus is posed on smart governance and on privacy issues which have been arisen in the cellular age

Trusted and Privacy-preserving Embedded Systems: Advances in Design, Analysis and Application of Lightweight Privacy-preserving Authentication and Physical Security Primitives

Radio Frequency Identification (RFID) enables RFID readers to perform fully automatic wireless identification of objects labeled with RFID tags and is widely deployed to many applications, such as access control, electronic tickets and payment as well as electronic passports. This prevalence of RFID technology introduces various risks, in particular concerning the privacy of its users and holders. Despite the privacy risk, classical threats to authentication and identification systems must be considered to prevent the adversary from impersonating or copying (cloning) a tag. This thesis summarizes the state of the art in secure and privacy-preserving authentication for RFID tags with a particular focus on solutions based on Physically Unclonable Functions (PUFs). It presents advancements in the design, analysis and evaluation of secure and privacy-preserving authentication protocols for RFID systems and PUFs. Formalizing the security and privacy requirements on RFID systems is essential for the design of provably secure and privacy-preserving RFID protocols. However, existing RFID security and privacy models in the literature are often incomparable and in part do not reflect the capabilities of real-world adversaries. We investigate subtle issues such as tag corruption aspects that lead to the impossibility of achieving both mutual authentication and any reasonable notion of privacy in one of the most comprehensive security and privacy models, which is the basis of many subsequent works. Our results led to the refinement of this privacy model and were considered in subsequent works on privacy-preserving RFID systems. A promising approach to enhance the privacy in RFID systems without lifting the computational requirements on the tags are anonymizers. These are special devices that take off the computational workload from the tags. While existing anonymizer-based protocols are subject to impersonation and denial-of-service attacks, existing RFID security and privacy models do not include anonymizers. We present the first security and privacy framework for anonymizer-enabled RFID systems and two privacy-preserving RFID authentication schemes using anonymizers. Both schemes achieve several appealing features that were not simultaneously achieved by any previous proposal. The first protocol is very efficient for all involved entities, achieves privacy under tag corruption. It is secure against impersonation attacks and forgeries even if the adversary can corrupt the anonymizers. The second scheme provides for the first time anonymity and untraceability of tags against readers as well as secure tag authentication against collisions of malicious readers and anonymizers using tags that cannot perform public-key cryptography (i.e., modular exponentiations). The RFID tags commonly used in practice are cost-efficient tokens without expensive hardware protection mechanisms. Physically Unclonable Functions (PUFs) promise to provide an effective security mechanism for RFID tags to protect against basic hardware attacks. However, existing PUF-based RFID authentication schemes are not scalable, allow only for a limited number of authentications and are subject to replay, denial-of-service and emulation attacks. We present two scalable PUF-based authentication schemes that overcome these problems. The first protocol supports tag and reader authentication, is resistant to emulation attacks and highly scalable. The second protocol uses a PUF-based key storage and addresses an open question on the feasibility of destructive privacy, i.e., the privacy of tags that are destroyed during tag corruption. The security of PUFs relies on assumptions on physical properties and is still under investigation. PUF evaluation results in the literature are difficult to compare due to varying test conditions and different analysis methods. We present the first large-scale security analysis of ASIC implementations of the five most popular electronic PUF types, including Arbiter, Ring Oscillator, SRAM, Flip-Flop and Latch PUFs. We present a new PUF evaluation methodology that allows a more precise assessment of the unpredictability properties than previous approaches and we quantify the most important properties of PUFs for their use in cryptographic schemes. PUFs have been proposed for various applications, including anti-counterfeiting and authentication schemes. However, only rudimentary PUF security models exist, limiting the confidence in the security claims of PUF-based security mechanisms. We present a formal security framework for PUF-based primitives, which has been used in subsequent works to capture the properties of image-based PUFs and in the design of anti-counterfeiting mechanisms and physical hash functions

Security and Privacy of Radio Frequency Identification

Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor

Mobile Authentication with NFC enabled Smartphones

Smartphones are becoming increasingly more deployed and as such new possibilities for utilizing the smartphones many capabilities for public and private use are arising. This project will investigate the possibility of using smartphones as a platform for authentication and access control, using near field communication (NFC). To achieve the necessary security for authentication and access control purposes, cryptographic concepts such as public keys, challenge-response and digital signatures are used. To focus the investigation a case study is performed based on the authentication and access control needs of an educational institutions student ID. To gain a more practical understanding of the challenges mobile authentication encounters, a prototype has successfully been developed on the basis of the investigation. The case study performed in this project argues that NFC as a standalone technology is not yet mature to support the advanced communication required by this case. However, combining NFC with other communication technologies such as Bluetooth has proven to be effective. As a result, a general evaluation has been performed on several aspects of the prototype, such as cost-effectiveness, usability, performance and security to evaluate the viability of mobile authentication

Understanding the protection of privacy when counting subway travelers through anonymization

Public transportation, especially in large cities, is critical for livability. Counting passengers as they travel between stations is crucial to establishing and maintaining effective transportation systems. Various information and communication technologies, such as GPS, Bluetooth, and Wi-Fi, have been used to measure people's movements automatically. Regarding public transportation applications, the automated fare collection (AFC) system has been widely adopted as a convenient method for measuring passengers, mainly because it is relatively easy to identify card owners uniquely and, as such, the movements of their card holders. However, there are serious concerns regarding privacy infringements when deploying such technologies, to the extent that Europe's General Data Protection Regulation has forbidden straightforward deployment for measuring pedestrian dynamics unless explicit consent has been provided. As a result, privacy-preservation techniques (e.g., anonymization) must be used when deploying such systems. Against this backdrop, we investigate to what extent a recently developed anonymization technique, known as detection k-anonymity, can be adapted to count public transportation travelers while preserving privacy. In the case study, we tested our methods with data from Beijing subway trips. Results show different scenarios when detection k-anonymity can be effectively applied and when it cannot. Due to the complicated relationship between the detection k-anonymity parameters, setting the proper parameter values can be difficult, leading to inaccurate results. Furthermore, through detection k-anonymity, it is possible to count travelers between two locations with high accuracy. However, counting travelers from more than two locations leads to more inaccurate results

Enabling Things to Talk

Information Systems Applications (incl. Internet); Business IT Infrastructure; Computer Appl. in Administrative Data Processing; Operations Management; Software Engineering; Special Purpose and Application-Based Systems; Business Information Systems; Ubiquitous Computing; Reference Architecture; Spatio-Temporal Systems; Smart Objects; Supply Chain Management; IoT; SCM; Web Applications; Internet of Things; Smart Homes; RFI

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Forecasting and strategic planning for emerging technologies : a case for RFID

Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 2006.Includes bibliographical references (p. 140-144).The RFID industry is going through a sea of change and at different levels within the industry. Forecasts have been done on different facets of the RFID/EPC industry like the market size or the possible financial returns. However, the forecasts to date are not based on a collective view on the evolving, dynamic and inter-relating nature of such technology covering Retailers, Suppliers and Industry experts on the same landscape. The EPC Peloton Forecasting and Strategic Planning Tool was developed out of a need to collaborate and form consensus around the events and milestones that are critical for the widespread adoption of EPC for the Fast Moving Consumer Goods ("FMCG") industry. Though developed around its need in the RFID space, this tool can be used for decision making around any emerging technology. We are at a critical juncture in the history of RFID where there is excitement among stakeholders and the technology's promise needs to be harnessed by providing the stakeholders with a clear idea of (a) where the technology's future lies and (b) how consensus on how to achieve such a future can be facilitated.(cont.) The Peloton Approach deals with how to identify or develop a technology forecasting methodology that could capture inputs from all dimensions of the industry and lay down a range of possible future paths. To address the latter issue of collaboration, the Peloton aids in identifying the various stakeholders and their stages of adoption and provide a platform for people at a similar level of adoption to collaborate or enable those seeking information to be able to get into the bandwagon and adopt relevant strategies.by Vineet Thuvara.S.M

Supply chain visibility and sustainable competitive advantage: An integrated model

Lack of visibility of the assets in a product supply chain compromises attempts to optimise supply chain management. Increasing the visibility of these assets presents a relatively unexplored frontier in operations and supply where organisations can create competitive advantage through the opportunities asset visibility offer. This research aims at investigating the key capabilities of asset visibility specifically those associated with returnable transport assets that travel across supply chains carrying material and products e.g. cages, boxes, trays, trolleys and pallet bins. In addition, how these capabilities may influence supply chain visibility and firm performance in a way that might lead to sustainable competitive advantage is examined. To achieve these objectives, the research develops a two-stage model that is theoretically grounded in the extended resource-based view. Philosophically, the research adopts a critical realist approach using abductive logic. Methodologically, a sequential exploratory strategy for data collection is implemented. A qualitative, indepth site-based case study supported by field expert interviews was conducted as a pilot study. The pilot study findings refined the initial conceptual model derived from literature and informed the next stage of the research. The quantitative phase focused on refining the factors constituting asset visibility capabilities and then testing the relationship between these capabilities and supply chain visibility, performance and sustainable competitive advantage. Key findings are that asset visibility capabilities are shaped through three key capabilities: (1) an asset management capability formed by both core technological aspects related to tracking and tracing technology, and non-technological ones focusing on logistic-related capability; (2) a complementary technological capability comprising of IT infrastructure for supply chain integration; and (3) a complementary nontechnological capability represented through three sub-capabilities: (a) supply chain process integration; (b) focal firm-3PL relational orientation; and (c) internal firm integration. The research findings prove a positive relationship between asset visibility capabilities and supply chain visibility. In addition, a positive relationship between these capabilities and sustainable competitive advantage through the mediated effect of supply chain visibility and firm performance, is confirmed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo