417 research outputs found
Caveat (IoT) Emptor: Towards Transparency of IoT Device Presence (Full Version)
As many types of IoT devices worm their way into numerous settings and many
aspects of our daily lives, awareness of their presence and functionality
becomes a source of major concern. Hidden IoT devices can snoop (via sensing)
on nearby unsuspecting users, and impact the environment where unaware users
are present, via actuation. This prompts, respectively, privacy and
security/safety issues. The dangers of hidden IoT devices have been recognized
and prior research suggested some means of mitigation, mostly based on traffic
analysis or using specialized hardware to uncover devices. While such
approaches are partially effective, there is currently no comprehensive
approach to IoT device transparency. Prompted in part by recent privacy
regulations (GDPR and CCPA), this paper motivates and constructs a
privacy-agile Root-of-Trust architecture for IoT devices, called PAISA:
Privacy-Agile IoT Sensing and Actuation. It guarantees timely and secure
announcements about IoT devices' presence and their capabilities. PAISA has two
components: one on the IoT device that guarantees periodic announcements of its
presence even if all device software is compromised, and the other that runs on
the user device, which captures and processes announcements. Notably, PAISA
requires no hardware modifications; it uses a popular off-the-shelf Trusted
Execution Environment (TEE) -- ARM TrustZone. This work also comprises a fully
functional (open-sourced) prototype implementation of PAISA, which includes: an
IoT device that makes announcements via IEEE 802.11 WiFi beacons and an Android
smartphone-based app that captures and processes announcements. Both security
and performance of PAISA design and prototype are discussed.Comment: 17 pages, 11 figures. To appear at ACM CCS 202
Trust for Location-based Authorisation
We propose a concept for authorisation using the location of a mobile device
and the enforcement of location-based policies. Mobile devices enhanced by
Trusted Computing capabilities operate an autonomous and secure location
trigger and policy enforcement entity. Location determination is two-tiered,
integrating cell-based triggering at handover with precision location
measurement by the device.Comment: To appear in: Proceedings of the Wireless Communications and
Networking Conference, IEEE WCNC 2008, Las Vegas, USA, 31 March - 2 April
200
Presence attestation: The missing link in dynamic trust bootstrapping
National Research Foundation (NRF) Singapor
A Survey on Security for Mobile Devices
Nowadays, mobile devices are an important part of our everyday lives since they enable us to access a large variety of ubiquitous services. In recent years, the availability of these ubiquitous and mobile services has signicantly increased due to the dierent form of connectivity provided by mobile devices, such as GSM, GPRS, Bluetooth and Wi-Fi. In the same trend, the number and typologies of vulnerabilities exploiting these services and communication channels have increased as well. Therefore, smartphones may now represent an ideal target for malware writers. As the number of vulnerabilities and, hence, of attacks increase, there has been a corresponding rise of security solutions proposed by researchers. Due to the fact that this research eld is immature and still unexplored in depth, with this paper we aim to provide a structured and comprehensive overview of the research on security solutions for mobile devices. This paper surveys the state of the art on threats, vulnerabilities and security solutions over the period 2004-2011. We focus on high-level attacks, such those to user applications, through SMS/MMS, denial-of-service, overcharging and privacy. We group existing approaches aimed at protecting mobile devices against these classes of attacks into dierent categories, based upon the detection principles, architectures, collected data and operating systems, especially focusing on IDS-based models and tools. With this categorization we aim to provide an easy and concise view of the underlying model adopted by each approach
Privacy in the Smart City - Applications, Technologies, Challenges and Solutions
Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities
- …