1,688 research outputs found
System Design of Internet-of-Things for Residential Smart Grid
Internet-of-Things (IoTs) envisions to integrate, coordinate, communicate,
and collaborate real-world objects in order to perform daily tasks in a more
intelligent and efficient manner. To comprehend this vision, this paper studies
the design of a large scale IoT system for smart grid application, which
constitutes a large number of home users and has the requirement of fast
response time. In particular, we focus on the messaging protocol of a universal
IoT home gateway, where our cloud enabled system consists of a backend server,
unified home gateway (UHG) at the end users, and user interface for mobile
devices. We discuss the features of such IoT system to support a large scale
deployment with a UHG and real-time residential smart grid applications. Based
on the requirements, we design an IoT system using the XMPP protocol, and
implemented in a testbed for energy management applications. To show the
effectiveness of the designed testbed, we present some results using the
proposed IoT architecture.Comment: 10 pages, 6 figures, journal pape
SGXIO: Generic Trusted I/O Path for Intel SGX
Application security traditionally strongly relies upon security of the
underlying operating system. However, operating systems often fall victim to
software attacks, compromising security of applications as well. To overcome
this dependency, Intel introduced SGX, which allows to protect application code
against a subverted or malicious OS by running it in a hardware-protected
enclave. However, SGX lacks support for generic trusted I/O paths to protect
user input and output between enclaves and I/O devices.
This work presents SGXIO, a generic trusted path architecture for SGX,
allowing user applications to run securely on top of an untrusted OS, while at
the same time supporting trusted paths to generic I/O devices. To achieve this,
SGXIO combines the benefits of SGX's easy programming model with traditional
hypervisor-based trusted path architectures. Moreover, SGXIO can tweak insecure
debug enclaves to behave like secure production enclaves. SGXIO surpasses
traditional use cases in cloud computing and makes SGX technology usable for
protecting user-centric, local applications against kernel-level keyloggers and
likewise. It is compatible to unmodified operating systems and works on a
modern commodity notebook out of the box. Hence, SGXIO is particularly
promising for the broad x86 community to which SGX is readily available.Comment: To appear in CODASPY'1
A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery
Digital rights management (DRM) solutions aim to prevent the copying or
distribution of copyrighted material. On mobile devices, a variety of DRM
technologies have become widely deployed. However, a detailed security study
comparing their internal workings, and their strengths and weaknesses, remains
missing in the existing literature. In this paper, we present the first
detailed security analysis of mobile DRM systems, addressing the modern
paradigm of cloud-based content delivery followed by major platforms, such as
Netflix, Disney+, and Amazon Prime. We extensively analyse the security of
three widely used DRM solutions -- Google Widevine, Apple FairPlay, and
Microsoft PlayReady -- deployed on billions of devices worldwide. We then
consolidate their features and capabilities, deriving common features and
security properties for their evaluation. Furthermore, we identify some
design-level shortcomings that render them vulnerable to emerging attacks
within the state of the art, including micro-architectural side-channel
vulnerabilities and an absence of post-quantum security. Lastly, we propose
mitigations and suggest future directions of research
A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery
Digital rights management (DRM) solutions aim to prevent the copying or distribution of copyrighted material. On mobile devices, a variety of DRM technologies have become widely deployed. However, a detailed security study comparing their internal workings, and their strengths and weaknesses, remains missing in the existing literature. In this paper, we present the first detailed security analysis of mobile DRM systems, addressing the modern paradigm of cloud-based content delivery followed by major platforms, such as Netflix, Disney+, and Amazon Prime. We extensively analyse the security of three widely used DRM solutions -- Google Widevine, Apple FairPlay, and Microsoft PlayReady -- deployed on billions of devices worldwide. We then consolidate their features and capabilities, deriving common features and security properties for their evaluation. Furthermore, we identify some design-level shortcomings that render them vulnerable to emerging attacks within the state of the art, including micro-architectural side-channel vulnerabilities and an absence of post-quantum security. Lastly, we propose mitigations and suggest future directions of research
IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing
These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc.) capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second
- …