Best Effort and Practice Activation Codes

Activation Codes are used in many different digital services and known by many different names including voucher, e-coupon and discount code. In this paper we focus on a specific class of ACs that are short, human-readable, fixed-length and represent value. Even though this class of codes is extensively used there are no general guidelines for the design of Activation Code schemes. We discuss different methods that are used in practice and propose BEPAC, a new Activation Code scheme that provides both authenticity and confidentiality. The small message space of activation codes introduces some problems that are illustrated by an adaptive chosen-plaintext attack (CPA-2) on a general 3-round Feis- tel network of size 2^(2n) . This attack recovers the complete permutation from at most 2^(n+2) plaintext-ciphertext pairs. For this reason, BEPAC is designed in such a way that authenticity and confidentiality are in- dependent properties, i.e. loss of confidentiality does not imply loss of authenticity.Comment: 15 pages, 3 figures, TrustBus 201

Peer to Peer Mobile Coupons: Adding Incentives without Sacrificing Security

Mobile commerce is flourishing today due to the advance of the mobile technology. Many conventional marketing activities are moving their ways to the mobile environment. Efficient marketing instruments such as the paper coupons and the electronic coupons are also evolving into the mobile coupons. In comparison with conventional coupons, mobile coupons are personalized and suitable for peer to peer delivery. Coupons are commonly issued by the merchants, used by the interested customers, and discarded by the uninterested receivers. Raising the redemption rate of the coupon will increase the sales of the promoted items. The raise can be accomplished by forwarding coupons from uninterested receivers to potentially interested customers. The ease-of-use exchange mechanism in mobile devices pushes the delivery in the peer to peer environment. Moreover, the characteristic of personalization inspires trust into mobile coupons. Thus, adding the incentives of coupon forwarding, such as a reward bonus, may activate the movement of stationary coupons and eventually increase the redemption rate of mobile coupons. Nevertheless, the incentives adding may bring the threats of alterations and forgery; if the adding mechanism is improperly made. Additionally, complicated security means are hindered by the limitations of storage space, computation power, and communication bandwidth of mobile devices. Therefore, we propose a scheme that uses digital signatures for verifying the incentive-added coupons and design a hash chain to detect possible forgery. The proposed scheme may increase the use of peer to peer mobile coupons without sacrificing the security

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

Defending against Sybil Devices in Crowdsourced Mapping Services

Real-time crowdsourced maps such as Waze provide timely updates on traffic, congestion, accidents and points of interest. In this paper, we demonstrate how lack of strong location authentication allows creation of software-based {\em Sybil devices} that expose crowdsourced map systems to a variety of security and privacy attacks. Our experiments show that a single Sybil device with limited resources can cause havoc on Waze, reporting false congestion and accidents and automatically rerouting user traffic. More importantly, we describe techniques to generate Sybil devices at scale, creating armies of virtual vehicles capable of remotely tracking precise movements for large user populations while avoiding detection. We propose a new approach to defend against Sybil devices based on {\em co-location edges}, authenticated records that attest to the one-time physical co-location of a pair of devices. Over time, co-location edges combine to form large {\em proximity graphs} that attest to physical interactions between devices, allowing scalable detection of virtual vehicles. We demonstrate the efficacy of this approach using large-scale simulations, and discuss how they can be used to dramatically reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio

Service Migration from Cloud to Multi-tier Fog Nodes for Multimedia Dissemination with QoE Support.

A wide range of multimedia services is expected to be offered for mobile users via various wireless access networks. Even the integration of Cloud Computing in such networks does not support an adequate Quality of Experience (QoE) in areas with high demands for multimedia contents. Fog computing has been conceptualized to facilitate the deployment of new services that cloud computing cannot provide, particularly those demanding QoE guarantees. These services are provided using fog nodes located at the network edge, which is capable of virtualizing their functions/applications. Service migration from the cloud to fog nodes can be actuated by request patterns and the timing issues. To the best of our knowledge, existing works on fog computing focus on architecture and fog node deployment issues. In this article, we describe the operational impacts and benefits associated with service migration from the cloud to multi-tier fog computing for video distribution with QoE support. Besides that, we perform the evaluation of such service migration of video services. Finally, we present potential research challenges and trends

Development of a Semi-Quantitative Methodology for Evaluation of Whole-Body Chemical, Biological, Radiological, and Nuclear Decontamination Using an Ultraviolet Fluorescent Aerosol

This work describes a literature review which was conducted on publicly available literature on chemical, biological, radiological, and nuclear (CBRN) decontamination to understand the body of knowledge and gaps in this body of knowledge, including the assumption that disrobing after a CBRN incident will remove 90% of contamination. Also included is a description of the design and characterization of an aerosol test chamber which was constructed for use in this research. Finally, the bulk of this work describes the development of a semi-quantitative methodology for visualizing contamination. This method uses an ultraviolet fluorescent aerosol (to simulate contamination by a chemical warfare agent) and leverages image analysis to determine the difference in contamination from one step to another. This method was shown to be highly repeatable, with deposition area variability being less than 40 in2 (total area 230 in2). The claim of 90% contamination removal by disrobing was evaluated using this method. Several experiments were conducted which concluded that disrobing can remove up to 95% (mean 93.9%, with 95% confidence intervals of 91.0-96.8%) of contamination in situations such as when Tyvek suits are well-sealed. In situations when Tyvek suits have open cuffs, it was shown that disrobing may only remove 70% of contamination (mean 69.2% (64.9-73.6%)). While disrobing may not always remove 90% of contamination, at least 65% removal was demonstrated

Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future