Bringing Order into Things Decentralized and Scalable Ledgering for the Internet-of-Things

The Internet-of-Things (IoT) is simultaneously the largest and the fastest growing distributed system known to date. With the expectation of 50 billion of devices coming online by 2020, far surpassing the size of the human population, problems related to scale, trustability and security are anticipated. Current IoT architectures are inherently flawed as they are centralized on the cloud and explore fragile trust-based relationships over a plethora of loosely integrated devices, leading to IoT platforms being non-robust for every party involved and unable to scale properly in the near future. The need for a new architecture that addresses these concerns is urgent as the IoT is progressively more ubiquitous, pervasive and demanding regarding the integration of devices and processing of data increasingly susceptible to reliability and security issues. In this thesis, we propose a decentralized ledgering solution for the IoT, leveraging a recent concept: blockchains. Rather than replacing the cloud, our solution presents a scalable and fault-tolerant middleware for recording transactions between peers, under verifiable and decentralized trustability assumptions and authentication guarantees for IoT devices, cloud services and users. Following on the emergent trend in modern IoT architectures, we leverage smart hubs as blockchain gateways, aggregating, pre-processing and forwarding small amounts of data and transactions in proximity conditions, that will be verified and processed as transactions in the blockchain. The proposed middleware acts as a secure ledger and establishes private channels between peers, requiring transactions in the blockchain to be signed using threshold signature schemes and grouporiented verification properties. The approach improves the decentralization and robustness characteristics under Byzantine fault-tolerance settings, while preserving the blockchain distributed nature

SEE-TREND: SEcurE Traffic-Related EveNt Detection in Smart Communities

It has been widely recognized that one of the critical services provided by Smart Cities and Smart Communities is Smart Mobility. This paper lays the theoretical foundations of SEE-TREND, a system for Secure Early Traffic-Related EveNt Detection in Smart Cities and Smart Communities. SEE-TREND promotes Smart Mobility by implementing an anonymous, probabilistic collection of traffic-related data from passing vehicles. The collected data are then aggregated and used by its inference engine to build beliefs about the state of the traffic, to detect traffic trends, and to disseminate relevant traffic-related information along the roadway to help the driving public make informed decisions about their travel plans, thereby preventing congestion altogether or mitigating its nefarious effects

Approximate Data Analytics Systems

Today, most modern online services make use of big data analytics systems to extract useful information from the raw digital data. The data normally arrives as a continuous data stream at a high speed and in huge volumes. The cost of handling this massive data can be significant. Providing interactive latency in processing the data is often impractical due to the fact that the data is growing exponentially and even faster than Moore’s law predictions. To overcome this problem, approximate computing has recently emerged as a promising solution. Approximate computing is based on the observation that many modern applications are amenable to an approximate, rather than the exact output. Unlike traditional computing, approximate computing tolerates lower accuracy to achieve lower latency by computing over a partial subset instead of the entire input data. Unfortunately, the advancements in approximate computing are primarily geared towards batch analytics and cannot provide low-latency guarantees in the context of stream processing, where new data continuously arrives as an unbounded stream. In this thesis, we design and implement approximate computing techniques for processing and interacting with high-speed and large-scale stream data to achieve low latency and efficient utilization of resources. To achieve these goals, we have designed and built the following approximate data analytics systems: • StreamApprox—a data stream analytics system for approximate computing. This system supports approximate computing for low-latency stream analytics in a transparent way and has an ability to adapt to rapid fluctuations of input data streams. In this system, we designed an online adaptive stratified reservoir sampling algorithm to produce approximate output with bounded error. • IncApprox—a data analytics system for incremental approximate computing. This system adopts approximate and incremental computing in stream processing to achieve high-throughput and low-latency with efficient resource utilization. In this system, we designed an online stratified sampling algorithm that uses self-adjusting computation to produce an incrementally updated approximate output with bounded error. • PrivApprox—a data stream analytics system for privacy-preserving and approximate computing. This system supports high utility and low-latency data analytics and preserves user’s privacy at the same time. The system is based on the combination of privacy-preserving data analytics and approximate computing. • ApproxJoin—an approximate distributed joins system. This system improves the performance of joins — critical but expensive operations in big data systems. In this system, we employed a sketching technique (Bloom filter) to avoid shuffling non-joinable data items through the network as well as proposed a novel sampling mechanism that executes during the join to obtain an unbiased representative sample of the join output. Our evaluation based on micro-benchmarks and real world case studies shows that these systems can achieve significant performance speedup compared to state-of-the-art systems by tolerating negligible accuracy loss of the analytics output. In addition, our systems allow users to systematically make a trade-off between accuracy and throughput/latency and require no/minor modifications to the existing applications

Steps towards adaptive situation and context-aware access: a contribution to the extension of access control mechanisms within pervasive information systems

L'évolution des systèmes pervasives a ouvert de nouveaux horizons aux systèmes d'information classiques qui ont intégré des nouvelles technologies et des services qui assurent la transparence d'accès aux resources d'information à n'importe quand, n'importe où et n'importe comment. En même temps, cette évolution a relevé des nouveaux défis à la sécurité de données et à la modélisation du contrôle d'accès. Afin de confronter ces challenges, differents travaux de recherche se sont dirigés vers l'extension des modèles de contrôles d'accès (en particulier le modèle RBAC) afin de prendre en compte la sensibilité au contexte dans le processus de prise de décision. Mais la liaison d'une décision d'accès aux contraintes contextuelles dynamiques d'un utilisateur mobile va non seulement ajouter plus de complexité au processus de prise de décision mais pourra aussi augmenter les possibilités de refus d'accès. Sachant que l'accessibilité est un élément clé dans les systèmes pervasifs et prenant en compte l'importance d'assurer l'accéssibilité en situations du temps réel, nombreux travaux de recherche ont proposé d'appliquer des mécanismes flexibles de contrôle d'accès avec des solutions parfois extrêmes qui depassent les frontières de sécurité telle que l'option de "Bris-de-Glace". Dans cette thèse, nous introduisons une solution modérée qui se positionne entre la rigidité des modèles de contrôle d'accès et la flexibilité qui expose des risques appliquées pendant des situations du temps réel. Notre contribution comprend deux volets : au niveau de conception, nous proposons PS-RBAC - un modèle RBAC sensible au contexte et à la situation. Le modèle réalise des attributions des permissions adaptatives et de solution de rechange à base de prise de décision basée sur la similarité face à une situation importanteÀ la phase d'exécution, nous introduisons PSQRS - un système de réécriture des requêtes sensible au contexte et à la situation et qui confronte les refus d'accès en reformulant la requête XACML de l'utilisateur et en lui proposant une liste des resources alternatives similaires qu'il peut accéder. L'objectif est de fournir un niveau de sécurité adaptative qui répond aux besoins de l'utilisateur tout en prenant en compte son rôle, ses contraintes contextuelles (localisation, réseau, dispositif, etc.) et sa situation. Notre proposition a été validé dans trois domaines d'application qui sont riches des contextes pervasifs et des scénarii du temps réel: (i) les Équipes Mobiles Gériatriques, (ii) les systèmes avioniques et (iii) les systèmes de vidéo surveillance.The evolution of pervasive computing has opened new horizons to classical information systems by integrating new technologies and services that enable seamless access to information sources at anytime, anyhow and anywhere. Meanwhile this evolution has opened new threats to information security and new challenges to access control modeling. In order to meet these challenges, many research works went towards extending traditional access control models (especially the RBAC model) in order to add context awareness within the decision-making process. Meanwhile, tying access decisions to the dynamic contextual constraints of mobile users would not only add more complexity to decision-making but could also increase the possibilities of access denial. Knowing that accessibility is a key feature for pervasive systems and taking into account the importance of providing access within real-time situations, many research works have proposed applying flexible access control mechanisms with sometimes extreme solutions that depass security boundaries such as the Break-Glass option. In this thesis, we introduce a moderate solution that stands between the rigidity of access control models and the riskful flexibility applied during real-time situations. Our contribution is twofold: on the design phase, we propose PS-RBAC - a Pervasive Situation-aware RBAC model that realizes adaptive permission assignments and alternative-based decision-making based on similarity when facing an important situation. On the implementation phase, we introduce PSQRS - a Pervasive Situation-aware Query Rewriting System architecture that confronts access denials by reformulating the user's XACML access request and proposing to him a list of alternative similar solutions that he can access. The objective is to provide a level of adaptive security that would meet the user needs while taking into consideration his role, contextual constraints (location, network, device, etc.) and his situation. Our proposal has been validated in three application domains that are rich in pervasive contexts and real-time scenarios: (i) Mobile Geriatric Teams, (ii) Avionic Systems and (iii) Video Surveillance Systems

The concept of establishment of electronic archive in public administration

Cilj ove doktorske disertacije je izrada modela informacijskog sustava za dugotrajnu pohranu elektroniĉki potpisanih dokumenata u podruĉju javne uprave. Za potrebe izrade modela obraĊen je referentni teorijski model za dugotrajnu pohranu elektroniĉkih informacijskih objekata – OAIS. Opisane su odgovornosti i sastavnice te funkcionalni entiteti navedenog modela. ObraĊena su teorijska saznanja s podruĉju infrastrukture javnog kljuĉa (PKI) zbog tehnologija i koncepata koji podrţavaju povjerenje u elektroniĉke zapise: digitalni certifikat, elektroniĉki potpis, napredni elektroniĉki potpis, certifikacijski (CA) i registracijski autoritet (RA), elektroniĉki vremenski ţig i dr. Uredbom eIDAS (Uredba (EU) br. 910/2014) je za podruĉje Europske Unije stavljena van snage do tada vaţeća EU Direktiva 1999/93/EC o okviru Zajednice za elektroniĉke potpise. Utjecaj Uredbe eIDAS je vrlo dalekoseţan za pravno reguliranje elemenata za dugotrajno oĉuvanje elektroniĉki potpisanih zapisa. Navedena uredba je propisala i koncept kvalificiranog pruţatelj usluga povjerenja (za izdavanje certifikata, vremenskih ţigova i dr.). Posebno su detaljno obraĊeni formati naprednog elektroniĉkog potpisa: XAdES, CAdES i PADES. Takvi formati potpisa omogućavaju oĉuvanje u dugom roku pa su iz tog razloga posebno zanimljivi. Detaljno su obraĊeni procesi izraĊivanja i validacije naprednog elektroniĉkog potpisa. Prepoznat je pojam dokaza postojanja, tj. PoE (engl. Proof of Existence) elektroniĉkog potpisa kao kljuĉan za ovaj rad. U prouĉavanju podruĉja dugoroĉnog oĉuvanja integriteta i autentiĉnosti elektroniĉkih zapisa s elektroniĉkim potpisima obraĊene su ĉetiri strategije oĉuvanja: uklanjanje elektroniĉkih potpisa, biljeţenje traga o elektroniĉkim potpisima u metapodacima, biljeţenje valjanosti o elektroniĉkim potpisima u blokchainu te oĉuvanje elektroniĉkih potpisa. Oĉuvanje elektroniĉkih potpisa je ĉesto implicitno definirano u zakonskim propisima te je stoga bilo i izazov za ovaj istraţivaĉki rad. Detaljno je obraĊena tematika elektroniĉke javne uprave (pojam, faze, mobilna javna uprava i sektori). Da bi se bolje shvatila vaţnost arhiva u elektroniĉkoj javnoj upravi obraĊen je kontekst elektroniĉke javne uprave u Europskoj Uniji i Republici Hrvatskoj. Sudjelovao sam na InterPARES Trust istraţivaĉkom projektu na temu analize elektroniĉkih javnih usluga. Analizirani su razliĉiti aspekti javnih e-usluga, a sa stanovišta ovog rada su posebno zanimljivi rezultati s podruĉja dugoroĉnog oĉuvanja elektroniĉkih zapisa te su i izneseni u ovom radu. Osim toga, istraţena je dostupnost servisa i komponenata temeljenih na infrastrukturi javnog kljuĉa u RH koji se mogu uĉinkovito iskoristiti za izgradnju infrastrukture za potpisivanje i dugotrajnu pohranu elektroniĉki potpisanih dokumenata. Konaĉno je dana i analiza uspješnosti elektroniĉkih javnih uprava po više metodologija. Napravljena je detaljna analiza razliĉitih aspekata elektroniĉki potpisanih dokumenata (interoperabilnost, pravna ureĊenost, rokovi ĉuvanja, norme za dugotrajnu pohranu). ObraĊen je i pojam elektroniĉke isprave u smislu zamjene za papirnate sluţbene dokumente izdane od javne uprave. Analizirani su hrvatski i strani zakoni s tog podruĉja. Kao priprema za izradu modela dugotrajne pohrane elektroniĉki potpisanih dokumenata obavljena je analiza uspješnih implementacija e-arhiva iz Hrvatske, Njemaĉke, Italije, Austrije, Litve i Estonije. ObraĊeni je i jedan referentni model za dugotrajnu pohranu te su analizirani rezultati istraţivaĉkog EARK projekta. S obzirom na saznanja iz analize uspješnih praksi i referentnih modela izradio sam model informacijskog sustava za pohranu elektroniĉki potpisanih dokumenta. RazraĊeni model se temelji na OAIS referentnom modelu. Vrlo bitan dio u izradi navedenog modela je razrada pojma oĉuvanja dokaza postojanja. Predlaţe se korištenje standarda RFC 6283 (XMLERS) za zapis oĉuvanja dokaza postojanja. Osim toga, kljuĉno u izradi modela je korištenje usluga kvalificiranih pruţatelja usluga povjerenja za certifikate i za vremenske ţigove. Kvalificirani vremenski ţig poprima i znaĉenje arhivskog vremenskog ţiga. IzraĊeni model podrazumijeva produţenje potpisa prije isteka prikladnosti korištenih algoritama. Osnovna namjera produţenja potpisa jest osigurati provjerljivost cjelovitosti i autentiĉnosti već potpisanih dokumenata. Osim toga i vremenski ţigovi s vremenom mogu izgubiti svoju prikladnost pa se pravovremeno treba dohvaćati novi vremenski ţig. Predloţeno je rješenje i za dugotrajno oĉuvanje elektroniĉke isprave na naĉin da tehnološka implementacija podrţi pravni okvir. Predloţeni su i formati dokumenata za ovaj model te korištenje formata naprednog elektroniĉkog potpisa. Predloţeni su formati iz AdES obitelji potpisa: XAdES, CAdES i PAdES. Na kraju rada je dan prijedlog uspostave infrastrukture za dugotrajno oĉuvanje potpisanih elektroniĉkih dokumenata u Republici Hrvatskoj.The aim of this PhD thesis is to develop a model of the information system for the long term storage of electronically signed documents within public administration domain. For the purpose of building the model, the referent theoretical model for the long term storage of electronic information objects - OAIS is elaborated. The responsibilities, components and the functional entities of the mentioned model are described. Theoretical findings in connection with public key infrastructure (PKI) are covered because of the technologies and concepts that support the confidence in electronic records: digital certificate, electronic signature, advanced electronic signature, certificate authority (CA), registration authority (RA), electronic timestamp etc. The EU Directive 1999/93/EC on a Community framework for electronic signatures was derrogated in the EU area by eIDAS regulation (EU Regulation no. 910/2014). The influence of the eIDAS regulation is far-reaching for the legal regulation of the elements for the longterm preservation of electronically signed records. The regulation laid out the concept of the qualified trust server provider (for the certificate issuance, timestamps, etc.). Certain formats of advanced electronic signature are thoroughly covered. Such signature formats enable longterm preservation what makes these formats particularly interesting. The processes of development and validation of advanced electronic signature are described in detail. The term Proof of Existence (PoE) of electronic signature is recognized as key for this thesis. Studying the area of the long-term integrity and authenticity preservation of electronic records with electronic signatures four strategies of preservation are covered: the removal of electronic signatures, keeping track of electronic signatures within the metadata, recording electronic signature validity within the blokchain and the preservation of electronic signatures. The preservation of electronic signatures was a challenge for this thesis because it is often implicitly defined within legal regulations. The concept of electronic public administration is thoroughly covered (the term, phases, mobile public administration, sectors). To have a better understanding of the importance of archives in the electronic public administration the context of electronic public administration in the European Union and in the Republic of Croatia is described. The author took part at InterPARES Trust research project that was based on the analysis of electronic public services. Different aspects of public e-services are analyzed, form the point of this work the results from the area of electronic records long-term preservation are especially interesting and as such are elaborated in this thesis. Furthermore, the availability of services and components based on the public key infrastructure in the Republic of Croatia that can be efficiently used for signing and long term-storage of electronically signed document infrastructure development is investigated. Finally the analysis of efficacy of electronic public administrations according to numerous methodologies is presented. A detailed analysis of different aspects of electronically signed documents (interoperability, legal regulation, preservation time period, long-term storage standards) is made. The term electronic document as a substitute for official paper documents issued by public administration is elaborated. Croatian and foreign legal regulations are analyzed. As a preparation for the long-term storage of electronically signed documents model an analysis of successful e-archive implementations from Croatia, Germany, Italy, Austria, Lithuania and Estonia is made. One referent model for the long-term storage is elaborated and the results of the E-ARK research project are analyzed. Based on the findings from the analysis of successful practices and referent models the author built a model of the information system for storage of electronically signed documents. The developed model is based on OAIS reference model. An important part of the above mentioned model development is the elaboration of preservation of the proof of existence term. The use of RFC 6283 (XMLERS) standard for the Evidence Record Syntax is recommended. On top of that the use of qualified trust service providers for certificates and for timestamps is key for this model development. Qualified timestamp also takes the meaning of an archive timestamp. The developed model implies signature renewal before an expiration of the validity of the algorithms used. The main purpose of the signature renewal is to insure the verification of completeness of already signed documents. Additionally, timestamps can lose their validity as time passes so new timestamps must be acquired in time. The solution for the electronic document long-term preservation is suggested so that technological implementation supports legal regulation. Document formats for this model are suggested as well as the usage of the advanced electronic signature format. The formats from the AdES family of signatures are proposed: XAdES, CAdES, PAdES. At the end of this thesis the suggestion to set up an infrastructure for the long-term storage of electronically signed documents in the Republic of Croatia is given

Privacy-Enhancing Group Signcryption Scheme

In the last decades, several signcryption schemes have been developed for different privacy-enhancing purposes. In this paper, we propose a new privacy-enhancing group signcryption schemethat provides: unforgeability, confidentiality, ciphertext and sender anonymity, traceability, unlinkability,exculpability, coalition-resistance, and unforgeable tracing verification. It is important to notice that theproposed scheme allows a signer to anonymously signcrypt a message on the group’s behalf (i.e., sender’sanonymity). The security analysis of the scheme is also provided. Our proposal is proven to be stronglyexistentially unforgeable under an adaptive chosen message attack, indistinguishable under an adaptivechosen ciphertext attack, and to provide ciphertext anonymity under an adaptive chosen ciphertext attack.Furthermore, the scheme is extended to work in a multi-receiver scenario, where an authorized group ofreceivers is able to unsigncrypt the ciphertext. The experimental results show that our scheme is efficienteven on computationally restricted devices and can be therefore used in many IoT applications. TheSigncryptprotocol on smart cards takes less than 1 s (including communication overhead). The timeof theUnsigncryptprotocol on current ARM devices is negligible (less than 40 ms)

Selected Computing Research Papers Volume 6 June 2017

Critical Analysis of Online Transaction Verification Technologies in Financial Industries (Baboni Mmaopinkie Beleng) .............................................................................. 1 Improving the Effectiveness of Network Security Training Using Experimental Programmes (John Bolam) ................................................................................................... 9 A Critical Evaluation of the Effectiveness of Animation within Education (Frances Byers) .................................................................................................................................. 15 Evaluating Current Research on the Educational Effectiveness of Augmented Reality (Michael Jopling) ................................................................................................................ 21 A Critical Evaluation of Current Research in DDoS Filtering Techniques within Cloud Computing Environments (Dean Richard McKinnel) ............................................. 27 An Evaluation of Security Strategies Aimed At Improving Cloud Computing (Gofaone Oatile) ................................................................................................................. 35 An Evaluation of Current Research into the Potential Negative Impact from Violent Video Games on Teenagers’ Aggression (Christopher Riddell) ........................................ 43 Evaluation of Current Computing Research Aimed at Improving Fingerprint Recognition Systems (Shaun Nkgasapane) ........................................................................ 49 A Critical Evaluation of Current Research into Improving Botnet Detection Rates (Andrew Thompson) ........................................................................................................... 5

Analysis and coding of visual objects: new concepts and new tools

Video coding has been under intense scrutiny during the last years. The published international standards rely on low-level vision concepts, thus being first-generation. Recently standardization started in second-generation video coding, supported on mid-level vision concepts such as objects. This thesis presents new architectures for second-generation video codecs and some of the required analysis and coding tools. The graph theoretic foundations of image analysis are presented and algorithms for generalized shortest spanning tree problems are proposed. In this light, it is shown that basic versions of several region-oriented segmentation algorithms address the same problem. Globalization of information is studied and shown to confer different properties to these algorithms, and to transform region merging in recursive shortest spanning tree segmentation (RSST). RSST algorithms attempting to minimize global approximation error and using affine region models are shown to be very effective. A knowledge-based segmentation algorithm for mobile videotelephony is proposed. A new camera movement estimation algorithm is developed which is effective for image stabilization and scene cut detection. A camera movement compensation technique for first-generation codecs is also proposed. A systematization of partition types and representations is performed with which partition coding tools are overviewed. A fast approximate closed cubic spline algorithm is developed with applications in partition coding.A codificação de vídeo tem sido intensamente estudada nos últimos anos. As normas internacionais já publicadas baseiam-se em conceitos da visão de baixo nível, sendo portanto de primeira geração. Começou recentemente a normalização de técnicas de codificação de segunda geração, suportada em conceitos da visão de médio nível tais como objectos. Esta tese apresenta novas arquitecturas para codificadores de vídeo de segunda geração e algumas das correspondentes ferramentas de análise e codificação. Apresentam-se fundamentos de teoria dos grafos aplicada à análise de imagem e propõem-se algoritmos para generalizações do problema da árvore abrangente mínima. Mostra-se que versões básicas de vários algoritmos de segmentação orientados para a região resolvem o mesmo problema. Estuda-se a globalização de informação e mostra-se que confere propriedades diferentes a esses algoritmos, transformando o algoritmo de fusão de regiões no algoritmo de árvores abrangentes mínimas recursivas (RSST). Mostra-se a eficácia de algoritmos RSST que tentam minimizar o erro global de aproximação e que usam modelos de região afins. Propõe-se um algoritmo baseado em conhecimento prévio para segmentação em vídeo-telefonia móvel. Desenvolve-se um algoritmo de estimação de movimentos de câmara eficaz na estabilização de imagem e na detecção de mudanças de cena. Propõe-se também uma técnica de compensação de movimentos de câmara para codificadores de primeira-geração. Sistematizam-se os tipos e as representações de regiões, revendo-se depois técnicas de codificação de partições. Desenvolve-se um algoritmo rápido e aproximado para cálculo de splines cúbicas fechadas.Programas Ciência e Praxis - JNICT Projecto RACE MAVT - CEC ISCT