Lightweight mutual authentication and privacy preservation schemes for IOT systems.

Internet of Things (IoT) presents a holistic and transformative approach for providing services in different domains. IoT creates an atmosphere of interaction between humans and the surrounding physical world through various technologies such as sensors, actuators, and the cloud. Theoretically, when everything is connected, everything is at risk. The rapid growth of IoT with the heterogeneous devices that are connected to the Internet generates new challenges in protecting and preserving user’s privacy and ensuring the security of our lives. IoT systems face considerable challenges in deploying robust authentication protocols because some of the IoT devices are resource-constrained with limited computation and storage capabilities to implement the currently available authentication mechanism that employs computationally expensive functions. The limited capabilities of IoT devices raise significant security and privacy concerns, such as ensuring personal information confidentiality and integrity and establishing end-to-end authentication and secret key generation between the communicating device to guarantee secure communication among the communicating devices. The ubiquity nature of the IoT device provides adversaries more attack surfaces which can lead to tragic consequences that can negatively impact our everyday connected lives. According to [1], authentication and privacy protection are essential security requirements. Therefore, there is a critical need to address these rising security and privacy concerns to ensure IoT systems\u27 safety. This dissertation identifies gaps in the literature and presents new mutual authentication and privacy preservation schemes that fit the needs of resource-constrained devices to improve IoT security and privacy against common attacks. This research enhances IoT security and privacy by introducing lightweight mutual authentication and privacy preservation schemes for IoT based on hardware biometrics using PUF, Chained hash PUF, dynamic identities, and user’s static and continuous biometrics. The communicating parties can anonymously communicate and mutually authenticate each other and locally establish a session key using dynamic identities to ensure the user’s unlinkability and untraceability. Furthermore, virtual domain segregation is implemented to apply security policies between nodes. The chained-hash PUF mechanism technique is implemented as a way to verify the sender’s identity. At first, this dissertation presents a framework called “A Lightweight Mutual Authentication and Privacy-Preservation framework for IoT Systems” and this framework is considered the foundation of all presented schemes. The proposed framework integrates software and hardware-based security approaches that satisfy the NIST IoT security requirements for data protection and device identification. Also, this dissertation presents an architecture called “PUF Hierarchal Distributed Architecture” (PHDA), which is used to perform the device name resolution. Based on the proposed framework and PUF architecture, three lightweight privacy-preserving and mutual authentication schemes are presented. The Three different schemes are introduced to accommodate both stationary and mobile IoT devices as well as local and distributed nodes. The first scheme is designed for the smart homes domain, where the IoT devices are stationary, and the controller node is local. In this scheme, there is direct communication between the IoT nodes and the controller node. Establishing mutual authentication does not require the cloud service\u27s involvement to reduce the system latency and offload the cloud traffic. The second scheme is designed for the industrial IoT domain and used smart poultry farms as a use case of the Industrial IoT (IIoT) domain. In the second scheme, the IoT devices are stationary, and the controller nodes are hierarchical and distributed, supported by machine-to-machine (M2M) communication. The third scheme is designed for smart cities and used IoV fleet vehicles as a use case of the smart cities domain. During the roaming service, the mutual authentication process between a vehicle and the distributed controller nodes represented by the Roadside Units (RSUs) is completed through the cloud service that stores all vehicle\u27s security credentials. After that, when a vehicle moves to the proximity of a new RSU under the same administrative authority of the most recently visited RSU, the two RSUs can cooperate to verify the vehicle\u27s legitimacy. Also, the third scheme supports driver static and continuous authentication as a driver monitoring system for the sake of both road and driver safety. The security of the proposed schemes is evaluated and simulated using two different methods: security analysis and performance analysis. The security analysis is implemented through formal security analysis and informal security analysis. The formal analysis uses the Burrows–Abadi–Needham logic (BAN) and model-checking using the automated validation of Internet security protocols and applications (AVISPA) toolkit. The informal security analysis is completed by: (1) investigating the robustness of the proposed schemes against the well-known security attacks and analyze its satisfaction with the main security properties; and (2) comparing the proposed schemes with the other existing authentication schemes considering their resistance to the well-known attacks and their satisfaction with the main security requirements. Both the formal and informal security analyses complement each other. The performance evaluation is conducted by analyzing and comparing the overhead and efficiency of the proposed schemes with other related schemes from the literature. The results showed that the proposed schemes achieve all security goals and, simultaneously, efficiently and satisfy the needs of the resource-constrained IoT devices

A Word Cloud Model based on Hate Speech in an Online Social Media Environment

تُعرف وسائل التواصل الاجتماعي باسم منصة الكاشفات التي تُستخدم لقياس أنشطة المستخدمين في العالم الحقيقي. ومع ذلك ، فإن التغذية الضخمة وغير المصفاة للرسائل المنشورة على وسائل التواصل الاجتماعي تثير تحذيرات اجتماعية ، لا سيما عندما تحتوي هذه الرسائل على خطاب كراهية تجاه فرد أو مجتمع معين. التأثير السلبي لهذه الرسائل على الأفراد أو المجتمع ككل يشكل مصدر قلق كبير للحكومات والمنظمات غير الحكومية. توفر سحابات الكلمات وسيلة بسيطة وفعالة لنقل الكلمات الأكثر شيوعًا من المستندات النصية بصريًا. يهدف هذا البحث إلى تطوير نموذج سحابة الكلمات بناءً على الكلمات البغيضة في بيئة الوسائط الاجتماعية عبر الإنترنت مثل أخبار كوكل. وقد تم اتخاذ عدة خطوات بما في ذلك الحصول على البيانات والمعالجة المسبقة واستخراج الميزات وتطوير النموذج والتصور وعرض نتيجة نموذج سحابة الكلمات. تعرض النتائج صورة في سلسلة نصية تصف أهم الكلمات. ويمكن اعتبار هذا النموذج طريقة بسيطة لتبادل المعلومات عالية المستوى دون زيادة تحميل تفاصيل المستخدم.Social media is known as detectors platform that are used to measure the activities of the users in the real world. However, the huge and unfiltered feed of messages posted on social media trigger social warnings, particularly when these messages contain hate speech towards specific individual or community. The negative effect of these messages on individuals or the society at large is of great concern to governments and non-governmental organizations. Word clouds provide a simple and efficient means of visually transferring the most common words from text documents. This research aims to develop a word cloud model based on hateful words on online social media environment such as Google News. Several steps are involved including data acquisition and pre-processing, feature extraction, model development, visualization and viewing of word cloud model result. The results present an image in a series of text describing the top words. This model can be considered as a simple way to exchange high-level information without overloading the user's details

A case study of agent programmability in an online learning environment

Software agents are well-suited to assisting users with routine, repetitive, and time-consuming tasks in various educational environments. In order to achieve complex tasks effectively, humans and agents sometimes need to work together. However, some issues in human agent interaction have not been solved properly, such as delegation, trust and privacy. The agent research community has focused on technologies for constructing autonomous agents and techniques for collaboration among agents. Little attention has been paid to supporting interactions between humans and agents. p* The objectives of this research are to investigate how easy it might be for a user to program his/her agent, how users behave when given the ability to program their agents, whether access to necessary help resources can be improved, and whether such a system can facilitate collaborative learning. Studying users’ concerns about their privacy and how an online learning environment can be built to protect users’ privacy are also interesting issues to us. In this thesis two alternative systems were developed for programmable agents in which a human user can define a set of rules to direct an agent’s activities at execution time. The systems were built on top of a multi-agent collaborative learning environment that enables a user to program his or her agent to communicate with other agents and to monitor the activities of other users and their agents. These systems for end user programmable agents were evaluated and compared. The result demonstrated that an end-user programming environment is able to meet users’ individual needs on awareness information, facilitate the information exchange among the users, and enhance the communication between users within a virtual learning environment. This research provides a platform for investigating concerns over user privacy caused by agent programmability

Navigating Risk in Vendor Data Privacy Practices: An Analysis of Elsevier\u27s ScienceDirect

Executive Summary As libraries transitioned from buying materials to licensing content, serious threats to privacy followed. This change shifted more control over library user data (and whether it is collected or kept at all) from the local library to third-party vendors, including personal data about what people search for and what they read. This transition has further reinforced the move by some of the largest academic publishers to move beyond content and become data analytics businesses that provide platforms of tools used throughout the research lifecycle that can collect user data at each stage. These companies have an increasing incentive to collect and monetize the rich streams of data that these platforms can generate from users. As a result, user privacy depends on the strength of privacy protections guaranteed by vendors (e.g., negotiated for in contracts), and a growing body of evidence indicates that this should be a source of concern. User tracking that would be unthinkable in a physical library setting now happens routinely through such platforms. The potential integration of this tracking with other lines of business, including research analytics tools and data brokering services, raises pressing questions for users and institutions. Elsevier provides an important case study in this dynamic. Elsevier is many academic libraries’ largest vendor for collections, and its platforms span the knowledge production process, from discovery and idea generation to publication to evaluation. Furthermore, Elsevier’s parent company, RELX, is a leading data broker. Its “risk” business, which provides services to corporations, governments, and law enforcement agencies based on expansive databases of personal data, has surpassed its Elsevier division in revenue and profitability. For these reasons, it is important to carefully consider Elsevier’s privacy practices, the risks they may pose, and proactive steps to protect users. This analysis focuses on ScienceDirect due to its position as a leading discovery platform for research as well as the Elsevier product that researchers are most likely to interact with regularly. Based on our findings, many of ScienceDirect\u27s data privacy practices directly conflict with library privacy standards and guidelines. The data privacy practices identified in our analysis are like the practices found in many businesses and organizations that track and harvest user data to sustain privacy-intrusive data-driven business models. The widespread data collection, user tracking and surveillance, and disclosure of user data inherent to these business models run counter to the library\u27s commitment to user privacy as specified in the ALA Code of Ethics, Library Bill of Rights, and the IFLA Statement on Privacy in the Library Environment. Examples of current ScienceDirect practices found in our analysis that conflict with these standards include: • Use of web beacons, cookies, and other invasive web surveillance methods to track user behavior outside and beyond the ScienceDirect website • Extensive collection of a broad range of personal data (e.g., behavioral and location data) from ScienceDirect combined with personal data harvested from sources beyond ScienceDirect (i.e., third parties in and outside of RELX and data brokers as stated in Elsevier’s Privacy Policy and U.S. Consumer Privacy Notice) • Collection of personal data by third parties, including search engines, social media platforms, and other personal-data aggregators and profilers such as Google, Adobe, Cloudflare, and New Relic, through extensive use of third-party trackers on the ScienceDirect site • Disclosure of personal data to other Elsevier products and the potential for disclosure of personal data to other business units within RELX, including risk products and services sold to corporations, governments, and law enforcement agencies • Processing and disclosure of personal data (and personal data inferred from personal data) for targeted, personalized advertising and marketing In particular, ScienceDirect’s U.S. Consumer Privacy Notice, posted and updated in 2023, raises important concerns. The notice describes the disclosure of detailed user data—including geolocation data, sensitive personal information, and inference data used to create profiles on individuals—both for wide-ranging internal use and to external third parties, including “affiliates” and “business and joint venture partners.” The collection and disclosure of data about who someone is, where they are, and what they search for and read by the same overarching company that provides sophisticated surveillance and data brokering products to corporations, governments, and law enforcement should be alarming. These practices raise the question of whether simultaneous ownership of key academic infrastructure alongside sophisticated surveillance and data brokering businesses should be permitted at all—by users, by institutions, or by policymakers and regulatory authorities. Our analysis cannot definitively confirm whether personal data derived from academic products is currently being used in data brokering or “risk” products. Nevertheless, ScienceDirect’s privacy practices highlight the need to be aware of this risk, which is not mitigated by privacy policy revisions or potential verbal assurances concerning specific data uses. Privacy policies can be changed unilaterally, and denials are not legally binding. To be meaningful, any privacy guarantee a vendor makes must be durable, verifiable, and not limited to a particular jurisdiction. As many of the largest publishers reinvent themselves as platform businesses, users and institutions should actively evaluate and address the potential privacy risks as this transition occurs rather than after it is complete. In closely analyzing the privacy practices of the leading vendor in this transition, this report highlights the need for institutions to be proactive in responding to these risks and provides initial steps for doing so. This report underscores the significant expertise and capacity required for any institution to understand even one vendor’s privacy practices—and the power asymmetry this creates between vendors and libraries. Collaborative efforts, such as SPARC’s Privacy & Surveillance Community of Practice, can plan a key role in supporting future action to address the real privacy risks posed by vendors’ platforms. This report closes with options that institutions may consider to mitigate these risks over the short and longer term

The mobile information access experience - A user perspective

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Mobile technologies, such as mobile phones, smartphones and Palmtop computers, are in an upwards trend and earliest models of such devices are already available to end-users to communicate and access multimedia content on-the-move. As a logical outcome of this development in mobile technologies and devices, content provider companies have already started investing and piloting mobile multimedia content distribution and broadcasting technologies. Nevertheless, no matter how cutting-edge technology is and no matter how stylish the mobile devices are, the ultimate success of wireless communication technologies and devices are directly associated with the user adoption and embrace of these new equipment and technologies. In this perspective, since multimedia content, for mobile or not, is ultimately produced for the education and/or enjoyment of viewers, the user's perspective concerning the presentation quality is surely of equal importance as objective Quality of Service (QoS) technical parameters, to defining distributed multimedia quality. In order to comprehensively understand user experiences whilst accessing information using mobile devices and technologies, we investigate user-mobile device interaction and look into the surrounding issues in a uniform manner by combining multiple aspects: user initial device experience (Out-of-Box Experience), mobile information access in a real-world context, device impact on user information access and perceptually tailored multimedia content impact on user information assimilation and satisfaction. Accordingly, an extensive experimental investigation has been undertaken to see how user experiences varied based on device familiarity, device type, real-world context and variable locations. The findings has shown that the overall perception, and effectively the user information access experience, is affected and improved when multimedia content is tailored according to user device type and context. Thus highlights that the future of mobile computing necessitates two-faceted research, which should combine both a user as well as a technical perspective

Exploring Blockchain Data Analysis and Its Communications Architecture: Achievements, Challenges, and Future Directions: A Review Article

Blockchain technology is relatively young but has the potential to disrupt several industries. Since the emergence of Bitcoin, also known as Blockchain 1.0, there has been significant interest in this technology. The introduction of Ethereum, or Blockchain 2.0, has expanded the types of data that can be stored on blockchain networks. The increasing popularity of blockchain technology has given rise to new challenges, such as user privacy and illicit financial activities, but has also facilitated technical advancements. Blockchain technology utilizes cryptographic hashes of user input to record transactions. The public availability of blockchain data presents a unique opportunity for academics to analyze it and gain a better understanding of the challenges in blockchain communications. Researchers have never had access to such an opportunity before. Therefore, it is crucial to highlight the research problems, accomplishments, and potential trends and challenges in blockchain network data analysis and communications. This article aims to examine and summarize the field of blockchain data analysis and communications. The review encompasses the fundamental data types, analytical techniques, architecture, and operations related to blockchain networks. Seven research challenges are addressed: entity recognition, privacy, risk analysis, network visualization, network structure, market impact, and transaction pattern recognition. The latter half of this section discusses future research directions, opportunities, and challenges based on previous research limitations

Conceptualizing the Electronic Word-of-Mouth Process: What We Know and Need to Know About eWOM Creation, Exposure, and Evaluation

Electronic word of mouth (eWOM) is a prevalent consumer practice that has undeniable effects on the company bottom line, yet it remains an over-labeled and under-theorized concept. Thus, marketers could benefit from a practical, science-based roadmap to maximize its business value. Building on the consumer motivation–opportunity–ability framework, this study conceptualizes three distinct stages in the eWOM process: eWOM creation, eWOM exposure, and eWOM evaluation. For each stage, we adopt a dual lens—from the perspective of the consumer (who sends and receives eWOM) and that of the marketer (who amplifies and manages eWOM for business results)—to synthesize key research insights and propose a research agenda based on a multidisciplinary systematic review of 1050 academic publications on eWOM published between 1996 and 2019. We conclude with a discussion of the future of eWOM research and practice

Third International Symposium on Space Mission Operations and Ground Data Systems, part 2

Under the theme of 'Opportunities in Ground Data Systems for High Efficiency Operations of Space Missions,' the SpaceOps '94 symposium included presentations of more than 150 technical papers spanning five topic areas: Mission Management, Operations, Data Management, System Development, and Systems Engineering. The symposium papers focus on improvements in the efficiency, effectiveness, and quality of data acquisition, ground systems, and mission operations. New technology, methods, and human systems are discussed. Accomplishments are also reported in the application of information systems to improve data retrieval, reporting, and archiving; the management of human factors; the use of telescience and teleoperations; and the design and implementation of logistics support for mission operations. This volume covers expert systems, systems development tools and approaches, and systems engineering issues

Development of Criteria for Mobile Device Cybersecurity Threat Classification and Communication Standards (CTC&CS)

The increasing use of mobile devices and the unfettered access to cyberspace has introduced new threats to users. Mobile device users are continually being targeted for cybersecurity threats via vectors such as public information sharing on social media, user surveillance (geolocation, camera, etc.), phishing, malware, spyware, trojans, and keyloggers. Users are often uninformed about the cybersecurity threats posed by mobile devices. Users are held responsible for the security of their device that includes taking precautions against cybersecurity threats. In recent years, financial institutions are passing the costs associated with fraud to the users because of the lack of security. The purpose of this study was to design, develop, and empirically test new criteria for a Cybersecurity Threats Classification and Communication Standard (CTC&CS) for mobile devices. The conceptual foundation is based on the philosophy behind the United States Occupational Safety and Health Administration (OSHA)’s Hazard Communication Standard (HCS) of Labels and Pictograms that is mainly focused on chemical substances. This study extended the HCS framework as a model to support new criteria for cybersecurity classification and communication standards. This study involved three phases. The first phase conducted two rounds of the Delphi technique and collected quantitative data from 26 Subject Matter Experts (SMEs) in round one and 22 SMEs in round two through an anonymous online survey. Results of Phase 1 emerged with six threats categories and 62 cybersecurity threats. Phase 2 operationalized the elicited and validated criteria into pictograms, labels, and safety data sheets. Using the results of phase one as a foundation, two to three pictograms, labels, and safety data sheets (SDSs) from each of the categories identified in phase one were developed, and quantitative data were collected in two rounds of the Delphi technique from 24 and 19 SMEs respectively through an online survey and analyzed. Phase 3, the main data collection phase, empirically evaluated the developed and validated pictograms, labels, and safety data sheets for their perceived effectiveness as well as performed an analysis of covariance (ANCOVA) with 208 non-IT professional mobile device users. The results of this study showed that pictograms were highly effective; this means the participants were satisfied with the characteristics of the pictograms such as color, shapes, visual complexity, and found these characteristics valuable. On the other hand, labels and Safety Data Sheets (SDS) did not show to be effective, meaning the participants were not satisfied or lacked to identify importance with the characteristics of labels and SDS. Furthermore, the ANCOVA results showed significant differences in perceived effectiveness with SDSs with education and a marginal significance level with labels when controlled for the number of years of mobile device use. Based on the results, future research implications can observe discrepancies of pictogram effectiveness between different educational levels and reading levels. Also, research should focus on identifying the most effective designs for pictograms within the cybersecurity context. Finally, longitudinal studies should be performed to understand the aspects that affect the effectiveness of pictograms

Database Principles and Technologies – Based on Huawei GaussDB

This open access book contains eight chapters that deal with database technologies, including the development history of database, database fundamentals, introduction to SQL syntax, classification of SQL syntax, database security fundamentals, database development environment, database design fundamentals, and the application of Huawei’s cloud database product GaussDB database. This book can be used as a textbook for database courses in colleges and universities, and is also suitable as a reference book for the HCIA-GaussDB V1.5 certification examination. The Huawei GaussDB (for MySQL) used in the book is a Huawei cloud-based high-performance, highly applicable relational database that fully supports the syntax and functionality of the open source database MySQL. All the experiments in this book can be run on this database platform. As the world’s leading provider of ICT (information and communication technology) infrastructure and smart terminals, Huawei’s products range from digital data communication, cyber security, wireless technology, data storage, cloud computing, and smart computing to artificial intelligence