Secure Autonomous UAVs Fleets by Using New Specific Embedded Secure Elements

International audienc

After the Gold Rush: The Boom of the Internet of Things, and the Busts of Data-Security and Privacy

This Article addresses the impact that the lack of oversight of the Internet of Things has on digital privacy. While the Internet of Things is but one vehicle for technological innovation, it has created a broad glimpse into domestic life, thus triggering several privacy issues that the law is attempting to keep pace with. What the Internet of Things can reveal is beyond the control of the individual, as it collects information about every practical aspect of an individual’s life, and provides essentially unfettered access into the mind of its users. This Article proposes that the federal government and the state governments bend toward consumer protection while creating a cogent and predictable body of law surrounding the Internet of Things. Through privacy-by-design or self-help, it is imperative that the Internet of Things—and any of its unforeseen progeny—develop with an eye toward safeguarding individual privacy while allowing technological development

Privacy-Aware Architectures for NFC and RFID Sensors in Healthcare Applications

World population and life expectancy have increased steadily in recent years, raising issues regarding access to medical treatments and related expenses. Through last-generation medical sensors, NFC (Near Field Communication) and radio frequency identification (RFID) technologies can enable healthcare internet of things (H-IoT) systems to improve the quality of care while reducing costs. Moreover, the adoption of point-of-care (PoC) testing, performed whenever care is needed to return prompt feedback to the patient, can generate great synergy with NFC/RFID H-IoT systems. However, medical data are extremely sensitive and require careful management and storage to protect patients from malicious actors, so secure system architectures must be conceived for real scenarios. Existing studies do not analyze the security of raw data from the radiofrequency link to cloud-based sharing. Therefore, two novel cloud-based system architectures for data collected from NFC/RFID medical sensors are proposed in this paper. Privacy during data collection is ensured using a set of classical countermeasures selected based on the scientific literature. Then, data can be shared with the medical team using one of two architectures: in the first one, the medical system manages all data accesses, whereas in the second one, the patient defines the access policies. Comprehensive analysis of the H-IoT system can be useful for fostering research on the security of wearable wireless sensors. Moreover, the proposed architectures can be implemented for deploying and testing NFC/RFID-based healthcare applications, such as, for instance, domestic PoCs

Implementation of Middleware for Internet of Things in Asset Tracking Applications: In-lining Approach

ThesisInternet of Things (IoT) is a concept that involves giving objects a digital identity and limited artificial intelligence, which helps the objects to be interactive, process data, make decisions, communicate and react to events virtually with minimum human intervention. IoT is intensified by advancements in hardware and software engineering and promises to close the gap that exists between the physical and digital worlds. IoT is paving ways to address complex phenomena, through designing and implementation of intelligent systems that can monitor phenomena, perform real-time data interpretation, react to events, and swiftly communicate observations. The primary goal of IoT is ubiquitous computing using wireless sensors and communication protocols such as Bluetooth, Wireless Fidelity (Wi-Fi), ZigBee and General Packet Radio Service (GPRS). Insecurity, of assets and lives, is a problem around the world. One application area of IoT is tracking and monitoring; it could therefore be used to solve asset insecurity. A preliminary investigation revealed that security systems in place at Central University of Technology, Free State (CUT) are disjointed; they do not instantaneously and intelligently conscientize security personnel about security breaches using real time messages. As a result, many assets have been stolen, particularly laptops. The main objective of this research was to prove that a real-life application built over a generic IoT architecture that innovatively and intelligently integrates: (1) wireless sensors; (2) radio frequency identification (RFID) tags and readers; (3) fingerprint readers; and (4) mobile phones, can be used to dispel laptop theft. To achieve this, the researcher developed a system, using the heterogeneous devices mentioned above and a middleware that harnessed their unique capabilities to bring out the full potential of IoT in intelligently curbing laptop theft. The resulting system has the ability to: (1) monitor the presence of a laptop using RFID reader that pro-actively interrogates a passive tag attached to the laptop; (2) detect unauthorized removal of a laptop under monitoring; (3) instantly communicate security violations via cell phones; and (4) use Windows location sensors to track the position of a laptop using Googlemaps. The system also manages administrative tasks such as laptop registration, assignment and withdrawal which used to be handled manually. Experiments conducted using the resulting system prototype proved the hypothesis outlined for this research

BUSINESS VALUE OF SMART CONTRACT: CASE OF INVENTORY INFORMATION DISCREPANCIES

Firms are increasingly interested in Blockchain Smart Contracts as a solution for the visibility of the digital supply chain. Blockchain can help realize the cost reductions by providing a “single version of the truth” for a firm and its trading partners. By sharing important information such as inventory levels, manufacturing performance and operations indicators, and order and shipment information, firms can eliminate the delays and uncertainties in the information that contributes to “the bullwhip effect” and inflates required buffer stock. This paper focuses on the impact of blockchain in an inventory operation to cope up with information discrepancies. We present and compare the cost differences between an existing technology (like EDI) and blockchain. Using technologies like blockchain and smart contracts will enable a more transparent, sustainable, and resilient supply chain

Automatic student attendance registration using radio frequency identification (RFID)

Thesis (M. Tech.) - Central University of Technology, Free State, 2010The main aim of this research was to automate student attendance registration, thereby reducing human involvement in the whole process. This was made possible using Radio Frequency Identification (RFID) technology. The Central University of Technology uses student cards that are compatible for use with RFID technology. As a result, no initial investment (except for the existing personal computer’s and the constructed RFID reader) in infrastructure was required for this project. The basic working of the project was as follows. The students belonging to a specific class had their vital educational data (Student number, Name) entered into a database table at the time of registration. A student card containing a serial number, with reference to the data contained in the database table, was given to the students after registration. The students walk into their respective classes and scan their student cards with the RFID reader. The serial number stored in the student card is transferred to the reader and from there wirelessly to the main server using ZigBee technology. In the main server, using Java programming language, the card serial number is sent to the Integrated Development Environment (IDE). In this project the Netbeans IDE (Java platform) was used. The Netbeans IDE is connected to the Apache Derby database using Java Database Connector (JDBC), so the serial number (which is referenced to the educational data of the students) from the student card is automatically compared with the original database created at the time of registration. Once a match is confirmed between the two entries, the data is entered into a separate database table which serves as the basic attendance sheet for a specific day

The Applicability of Ambient Sensors as Proximity Evidence for NFC Transactions

Near Field Communication (NFC) has enabled mobile phones to emulate contactless smart cards. Similar to contactless smart cards, they are also susceptible to relay attacks. To counter these, a number of methods have been proposed that rely primarily on ambient sensors as a proximity detection mechanism (also known as an anti-relay mechanism). In this paper, we empirically evaluate a comprehensive set of ambient sensors for their effectiveness as a proximity detection mechanism for NFC contactless-based applications like banking, transport and high-security access controls. We selected 17 sensors available via the Google Android platform. Each sensor, where feasible, was used to record the measurements of 1,000 contactless transactions at four different physical locations. A total of 252 users, a random sample from the university student population, were involved during the field trials. After careful analysis, we conclude that no single evaluated mobile ambient sensor is suitable for proximity detection in NFC-based contactless applications in realistic deployment scenarios. Lastly, we identify a number of potential avenues that may improve their effectiveness

Tracking RFID

RFID-Radio Frequency Identification-is a powerful enabling technology with a wide range of potential applications. Its proponents initially overhyped its capabilities and business case: RFID deployment is proceeding along a much slower and less predictable trajectory than was initially thought. Nonetheless, in the end it is plausible that we will find ourselves moving in the direction of a world with pervasive RFID: a world in which objects\u27 wireless self-identification will become much more nearly routine, and networked devices will routinely collect and process the resulting information. RFID-equipped goods and documents present privacy threats: they may reveal information about themselves, and hence about the people carrying them, wirelessly to people whom the subjects might not have chosen to inform. That information leakage follows individuals, and reveals how they move through space. Not only does the profile that RFID technology helps construct contain information about where the subject is and has been, but RFID signifiers travel with the subject in the physical world, conveying information to devices that otherwise would not recognize it and that can take actions based on that information. RFID implementations, thus, can present three related privacy threats, which this article categorizes as surveillance, profiling, and action. RFID privacy consequences will differ in different implementations. It would be a mistake to conclude that an RFID implementation will pose no meaningful privacy threat because a tag does not directly store personally identifiable information, instead containing only a pointer to information contained in a separate database. Aside from any privacy threats presented by the database proprietor, privacy threats from third parties will depend on the extent to which those third parties can buy, barter, or otherwise gain database access. Where a tag neither points to nor carries personal identifying information, the extent of the privacy threat will depend in part on the degree to which data collectors will be able to link tag numbers with personally identifying information. Yet as profiling accelerates in the modem world, aided by the automatic, networked collection of information, information compiled by one data collector will increasingly be available to others as well; linking persistent identifiers to personally identifying information may turn out to be easy. Nor are sophisticated access controls and other cryptographic protections a complete answer to RFID privacy threats. The cost of those protections will make them impractical for many applications, though, and even with more sophisticated technology, security problems will remain. This article suggests appropriate government and regulatory responses to two important categories of RFID implementation. It concludes with a way of looking at, and an agenda for further research on, wireless identification technology more generally

Transiently Powered Computers

Demand for compact, easily deployable, energy-efficient computers has driven the development of general-purpose transiently powered computers (TPCs) that lack both batteries and wired power, operating exclusively on energy harvested from their surroundings. TPCs\u27 dependence solely on transient, harvested power offers several important design-time benefits. For example, omitting batteries saves board space and weight while obviating the need to make devices physically accessible for maintenance. However, transient power may provide an unpredictable supply of energy that makes operation difficult. A predictable energy supply is a key abstraction underlying most electronic designs. TPCs discard this abstraction in favor of opportunistic computation that takes advantage of available resources. A crucial question is how should a software-controlled computing device operate if it depends completely on external entities for power and other resources? The question poses challenges for computation, communication, storage, and other aspects of TPC design. The main idea of this work is that software techniques can make energy harvesting a practicable form of power supply for electronic devices. Its overarching goal is to facilitate the design and operation of usable TPCs. This thesis poses a set of challenges that are fundamental to TPCs, then pairs these challenges with approaches that use software techniques to address them. To address the challenge of computing steadily on harvested power, it describes Mementos, an energy-aware state-checkpointing system for TPCs. To address the dependence of opportunistic RF-harvesting TPCs on potentially untrustworthy RFID readers, it describes CCCP, a protocol and system for safely outsourcing data storage to RFID readers that may attempt to tamper with data. Additionally, it describes a simulator that facilitates experimentation with the TPC model, and a prototype computational RFID that implements the TPC model. To show that TPCs can improve existing electronic devices, this thesis describes applications of TPCs to implantable medical devices (IMDs), a challenging design space in which some battery-constrained devices completely lack protection against radio-based attacks. TPCs can provide security and privacy benefits to IMDs by, for instance, cryptographically authenticating other devices that want to communicate with the IMD before allowing the IMD to use any of its battery power. This thesis describes a simplified IMD that lacks its own radio, saving precious battery energy and therefore size. The simplified IMD instead depends on an RFID-scale TPC for all of its communication functions. TPCs are a natural area of exploration for future electronic design, given the parallel trends of energy harvesting and miniaturization. This work aims to establish and evaluate basic principles by which TPCs can operate

Cyber-crime Science = Crime Science + Information Security

Cyber-crime Science is an emerging area of study aiming to prevent cyber-crime by combining security protection techniques from Information Security with empirical research methods used in Crime Science. Information security research has developed techniques for protecting the confidentiality, integrity, and availability of information assets but is less strong on the empirical study of the effectiveness of these techniques. Crime Science studies the effect of crime prevention techniques empirically in the real world, and proposes improvements to these techniques based on this. Combining both approaches, Cyber-crime Science transfers and further develops Information Security techniques to prevent cyber-crime, and empirically studies the effectiveness of these techniques in the real world. In this paper we review the main contributions of Crime Science as of today, illustrate its application to a typical Information Security problem, namely phishing, explore the interdisciplinary structure of Cyber-crime Science, and present an agenda for research in Cyber-crime Science in the form of a set of suggested research questions