Dynamic Mobile Cloud Eco System Security - A Review

Mobile cloud computing is the technique of using cloud technology and various rich mobile applications are intended to be able to run on a variety of mobile devices using the technique called mobile cloud computing. In recent years, huge amounts of data are stored by the clients which are much more easily to the integration of cloud platforms into mobile systems. The ways of security used in portable device settings are one of the key challenges in this respect as the number of people using smartphones continues to rise. None of the models that have been developed with confidence and privacy for precaution of data in mobile cloud systems are impervious to destructive attacks, despite countless attempts. While mobile cloud computing has great potential, security, privacy, viability, and accessibility concerns must still be considered by both consumers and businesses. Additionally, it emphasizes the use of Canny Card Web Services (CCWS) competition to enhance mobile cloud computing security with IOT. This paper has been presented with more than one user application: a smart house and a smart parking in an educational institution, in the inclusion of IOT with cloud computing for demonstrating various admittance control and endorsement requirement. A review regarding this paper concentrated on a little model that is intended the security and privacy ensureability of data in mobile clouds. Additionally, to manage mobile cloud security difficulties and challenges, it is important to look at the current situation with regard to cloud security breaches, the weaknesses of mobile cloud devices, and the best ways to address these issues in the near future with regard to mobile device management and mobile data protection

Arquitectura de PLN aplicada al contexto de la salud mental

At a global level, the situation caused by COVID-19 has created a worrying and discouraging reality, especially for governments, especially for the most vulnerable populations due to the fact that they do not know how to eradicate the pandemic, many have not been able to overcome the challenges mainly emerging from an infectious disease with implications for physical health and which has also profoundly affected people's mental health and well-being. Mental health affectations are problems that affect all of us at some point in our lives, either due to experiences we have experienced or even biological factors. Paying attention and providing the necessary support at an early stage is the key to preventing more severe effects. The discipline of natural language processing (NLP) is a sub-area of artificial intelligence (AI) that studies the interactions between computers and the language that humans speak. This research proposes the design and implementation of a comprehensive architecture based on AI, machine learning (ML) and PLN components, which will allow us to detect and analyze behavior patterns in people and generate possible early diagnoses of mental health diseases.A nivel global la situación acarreada por COVID-19, ha creado una realidad preocupante y desalentadora especialmente a los gobiernos en especialmente a las poblaciones más vulnerables por el hecho de desconocer como erradicar la pandemia, muchos no han podido superar los desafíos principalmente emergentes de una enfermedad infecciosa con implicaciones para la salud física y que también ha afectado profundamente la salud mental y el bienestar de las personas. Las afectaciones de salud mental son problemas que nos afectan a todos en algún momento de nuestras vidas, ya sea por experiencias que hemos vivido o incluso factores biológicos. Prestarle la atención y brindar el apoyo necesario en una etapa temprana es la clave para prevenir afectaciones más severas. La disciplina del procesamiento de lenguaje natural (PLN), es una sub área inteligencia artificial (IA) que estudia las interacciones entre las computadoras y el lenguaje que hablamos los humanos. En esta investigación se propone el diseño e implementación de una arquitectura integral basada en componentes de IA, aprendizaje automático (ML) y PLN, la cual nos permitirá detectar y analizar patrones de comportamiento en las personas y generar posibles diagnósticos tempranos a enfermedades de salud mental

Proactive extraction of IoT device capabilities for security applications

2020 Spring.Includes bibliographical references.Internet of Things (IoT) device adoption is on the rise. Such devices are mostly self-operated and require minimum user interventions. This is achieved by abstracting away their design complexities and functionalities from users. However, this abstraction significantly limits a user's insights on evaluating the true capabilities (i.e., what actions a device can perform) of a device and hence, its potential security and privacy threats. Most existing works evaluate the security of those devices by analyzing the environment data (e.g., network traffic, sensor data, etc.). However, such approaches entail collecting data from encrypted traffic, relying on the quality of the collected data for their accuracy, and facing difficulties in preserving both utility and privacy of the data. We overcome the above-mentioned challenges and propose a proactive approach to extract IoT device capabilities from their informational specifications to verify their potential threats, even before a device is installed. More specifically, we first introduce a model for device capabilities in the context of IoT. Second, we devise a technique to parse the vendor-provided materials of IoT devices and enumerate device capabilities from them. Finally, we apply the obtained capability model and extraction technique in a proactive access control model to demonstrate the applicability of our proposed solution. We evaluate our capability extraction approach in terms of its efficiency and enumeration accuracy on devices from three different vendors

A Framework for Facilitating Secure Design and Development of IoT Systems

The term Internet of Things (IoT) describes an ever-growing ecosystem of physical objects or things interconnected with each other and connected to the Internet. IoT devices consist of a wide range of highly heterogeneous inanimate and animate objects. Thus, a thing in the context of the IoT can even mean a person with blood pressure or heart rate monitor implant or a pet with a biochip transponder. IoT devices range from ordinary household appliances, such as smart light bulbs or smart coffee makers, to sophisticated tools for industrial automation. IoT is currently leading a revolutionary change in many industries and, as a result, a lot of industries and organizations are adopting the paradigm to gain a competitive edge. This allows them to boost operational efficiency and optimize system performance through real-time data management, which results in an optimized balance between energy usage and throughput. Another important application area is the Industrial Internet of Things (IIoT), which is the application of the IoT in industrial settings. This is also referred to as the Industrial Internet or Industry 4.0, where Cyber- Physical Systems (CPS) are interconnected using various technologies to achieve wireless control as well as advanced manufacturing and factory automation. IoT applications are becoming increasingly prevalent across many application domains, including smart healthcare, smart cities, smart grids, smart farming, and smart supply chain management. Similarly, IoT is currently transforming the way people live and work, and hence the demand for smart consumer products among people is also increasing steadily. Thus, many big industry giants, as well as startup companies, are competing to dominate the market with their new IoT products and services, and hence unlocking the business value of IoT. Despite its increasing popularity, potential benefits, and proven capabilities, IoT is still in its infancy and fraught with challenges. The technology is faced with many challenges, including connectivity issues, compatibility/interoperability between devices and systems, lack of standardization, management of the huge amounts of data, and lack of tools for forensic investigations. However, the state of insecurity and privacy concerns in the IoT are arguably among the key factors restraining the universal adoption of the technology. Consequently, many recent research studies reveal that there are security and privacy issues associated with the design and implementation of several IoT devices and Smart Applications (smart apps). This can be attributed, partly, to the fact that as some IoT device makers and smart apps development companies (especially the start-ups) reap business value from the huge IoT market, they tend to neglect the importance of security. As a result, many IoT devices and smart apps are created with security vulnerabilities, which have resulted in many IoT related security breaches in recent years. This thesis is focused on addressing the security and privacy challenges that were briefly highlighted in the previous paragraph. Given that the Internet is not a secure environ ment even for the traditional computer systems makes IoT systems even less secure due to the inherent constraints associated with many IoT devices. These constraints, which are mainly imposed by cost since many IoT edge devices are expected to be inexpensive and disposable, include limited energy resources, limited computational and storage capabilities, as well as lossy networks due to the much lower hardware performance compared to conventional computers. While there are many security and privacy issues in the IoT today, arguably a root cause of such issues is that many start-up IoT device manufacturers and smart apps development companies do not adhere to the concept of security by design. Consequently, some of these companies produce IoT devices and smart apps with security vulnerabilities. In recent years, attackers have exploited different security vulnerabilities in IoT infrastructures which have caused several data breaches and other security and privacy incidents involving IoT devices and smart apps. These have attracted significant attention from the research community in both academia and industry, resulting in a surge of proposals put forward by many researchers. Although research approaches and findings may vary across different research studies, the consensus is that a fundamental prerequisite for addressing IoT security and privacy challenges is to build security and privacy protection into IoT devices and smart apps from the very beginning. To this end, this thesis investigates how to bake security and privacy into IoT systems from the onset, and as its main objective, this thesis particularly focuses on providing a solution that can foster the design and development of secure IoT devices and smart apps, namely the IoT Hardware Platform Security Advisor (IoT-HarPSecA) framework. The security framework is expected to provide support to designers and developers in IoT start-up companies during the design and implementation of IoT systems. IoT-HarPSecA framework is also expected to facilitate the implementation of security in existing IoT systems. To accomplish the previously mentioned objective as well as to affirm the aforementioned assertion, the following step-by-step problem-solving approach is followed. The first step is an exhaustive survey of different aspects of IoT security and privacy, including security requirements in IoT architecture, security threats in IoT architecture, IoT application domains and their associated cyber assets, the complexity of IoT vulnerabilities, and some possible IoT security and privacy countermeasures; and the survey wraps up with a brief overview of IoT hardware development platforms. The next steps are the identification of many challenges and issues associated with the IoT, which narrowed down to the abovementioned fundamental security/privacy issue; followed by a study of different aspects of security implementation in the IoT. The remaining steps are the framework design thinking process, framework design and implementation, and finally, framework performance evaluation. IoT-HarPSecA offers three functionality features, namely security requirement elicitation security best practice guidelines for secure development, and above all, a feature that recommends specific Lightweight Cryptographic Algorithms (LWCAs) for both software and hardware implementations. Accordingly, IoT-HarPSecA is composed of three main components, namely Security Requirements Elicitation (SRE) component, Security Best Practice Guidelines (SBPG) component, and Lightweight Cryptographic Algorithms Recommendation (LWCAR) component, each of them servicing one of the aforementioned features. The author has implemented a command-line tool in C++ to serve as an interface between users and the security framework. This thesis presents a detailed description, design, and implementation of the SRE, SBPG, and LWCAR components of the security framework. It also presents real-world practical scenarios that show how IoT-HarPSecA can be used to elicit security requirements, generate security best practices, and recommend appropriate LWCAs based on user inputs. Furthermore, the thesis presents performance evaluation of the SRE, SBPG, and LWCAR components framework tools, which shows that IoT-HarPSecA can serve as a roadmap for secure IoT development.O termo Internet das coisas (IoT) é utilizado para descrever um ecossistema, em expansão, de objetos físicos ou elementos interconetados entre si e à Internet. Os dispositivos IoT consistem numa gama vasta e heterogénea de objetos animados ou inanimados e, neste contexto, podem pertencer à IoT um indivíduo com um implante que monitoriza a frequência cardíaca ou até mesmo um animal de estimação que tenha um biochip. Estes dispositivos variam entre eletrodomésticos, tais como máquinas de café ou lâmpadas inteligentes, a ferramentas sofisticadas de uso na automatização industrial. A IoT está a revolucionar e a provocar mudanças em várias indústrias e muitas adotam esta tecnologia para incrementar as suas vantagens competitivas. Este paradigma melhora a eficiência operacional e otimiza o desempenho de sistemas através da gestão de dados em tempo real, resultando num balanço otimizado entre o uso energético e a taxa de transferência. Outra área de aplicação é a IoT Industrial (IIoT) ou internet industrial ou Indústria 4.0, ou seja, uma aplicação de IoT no âmbito industrial, onde os sistemas ciberfísicos estão interconectados a diversas tecnologias de forma a obter um controlo de rede sem fios, bem como fabricações avançadas e automatização fabril. As aplicações da IoT estão a crescer e a tornarem-se predominantes em muitos domínios de aplicação inteligentes como sistemas de saúde, cidades, redes, agricultura e sistemas de fornecimento. Da mesma forma, a IoT está a transformar estilos de vida e de trabalho e assim, a procura por produtos inteligentes está constantemente a aumentar. As grandes indústrias e startups competem entre si de forma a dominar o mercado com os seus novos serviços e produtos IoT, desbloqueando o valor de negócio da IoT. Apesar da sua crescente popularidade, benefícios e capacidades comprovadas, a IoT está ainda a dar os seus primeiros passos e é confrontada com muitos desafios. Entre eles, problemas de conectividade, compatibilidade/interoperabilidade entre dispositivos e sistemas, falta de padronização, gestão das enormes quantidades de dados e ainda falta de ferramentas para investigações forenses. No entanto, preocupações quanto ao estado de segurança e privacidade ainda estão entre os fatores adversos à adesão universal desta tecnologia. Estudos recentes revelaram que existem questões de segurança e privacidade associadas ao design e implementação de vários dispositivos IoT e aplicações inteligentes (smart apps.), isto pode ser devido ao facto, em parte, de que alguns fabricantes e empresas de desenvolvimento de dispositivos (especialmente startups) IoT e smart apps., recolham o valor de negócio dos grandes mercados IoT, negligenciando assim a importância da segurança, resultando em dispositivos IoT e smart apps. com carências e violações de segurança da IoT nos últimos anos. Esta tese aborda os desafios de segurança e privacidade que foram supra mencionados. Visto que a Internet e os sistemas informáticos tradicionais são por vezes considerados inseguros, os sistemas IoT tornam-se ainda mais inseguros, devido a restrições inerentes a tais dispositivos. Estas restrições são impostas devido ao custo, uma vez que se espera que muitos dispositivos de ponta sejam de baixo custo e descartáveis, com recursos energéticos limitados, bem como limitações na capacidade de armazenamento e computacionais, e redes com perdas devido a um desempenho de hardware de qualidade inferior, quando comparados com computadores convencionais. Uma das raízes do problema é o facto de que muitos fabricantes, startups e empresas de desenvolvimento destes dispositivos e smart apps não adiram ao conceito de segurança por construção, ou seja, logo na conceção, não preveem a proteção da privacidade e segurança. Assim, alguns dos produtos e dispositivos produzidos apresentam vulnerabilidades na segurança. Nos últimos anos, hackers maliciosos têm explorado diferentes vulnerabilidades de segurança nas infraestruturas da IoT, causando violações de dados e outros incidentes de privacidade envolvendo dispositivos IoT e smart apps. Estes têm atraído uma atenção significativa por parte das comunidades académica e industrial, que culminaram num grande número de propostas apresentadas por investigadores científicos. Ainda que as abordagens de pesquisa e os resultados variem entre os diferentes estudos, há um consenso e pré-requisito fundamental para enfrentar os desafios de privacidade e segurança da IoT, que buscam construir proteção de segurança e privacidade em dispositivos IoT e smart apps. desde o fabrico. Para esta finalidade, esta tese investiga como produzir segurança e privacidade destes sistemas desde a produção, e como principal objetivo, concentra-se em fornecer soluções que possam promover a conceção e o desenvolvimento de dispositivos IoT e smart apps., nomeadamente um conjunto de ferramentas chamado Consultor de Segurança da Plataforma de Hardware da IoT (IoT-HarPSecA). Espera-se que o conjunto de ferramentas forneça apoio a designers e programadores em startups durante a conceção e implementação destes sistemas ou que facilite a integração de mecanismos de segurança nos sistemas préexistentes. De modo a alcançar o objetivo proposto, recorre-se à seguinte abordagem. A primeira fase consiste num levantamento exaustivo de diferentes aspetos da segurança e privacidade na IoT, incluindo requisitos de segurança na arquitetura da IoT e ameaças à sua segurança, os seus domínios de aplicação e os ativos cibernéticos associados, a complexidade das vulnerabilidades da IoT e ainda possíveis contramedidas relacionadas com a segurança e privacidade. Evolui-se para uma breve visão geral das plataformas de desenvolvimento de hardware da IoT. As fases seguintes consistem na identificação dos desafios e questões associadas à IoT, que foram restringidos às questões de segurança e privacidade. As demais etapas abordam o processo de pensamento de conceção (design thinking), design e implementação e, finalmente, a avaliação do desempenho. O IoT-HarPSecA é composto por três componentes principais: a Obtenção de Requisitos de Segurança (SRE), Orientações de Melhores Práticas de Segurança (SBPG) e a recomendação de Componentes de Algoritmos Criptográficos Leves (LWCAR) na implementação de software e hardware. O autor implementou uma ferramenta em linha de comandos usando linguagem C++ que serve como interface entre os utilizadores e a IoT-HarPSecA. Esta tese apresenta ainda uma descrição detalhada, desenho e implementação das componentes SRE, SBPG, e LWCAR. Apresenta ainda cenários práticos do mundo real que demostram como o IoT-HarPSecA pode ser utilizado para elicitar requisitos de segurança, gerar boas práticas de segurança (em termos de recomendações de implementação) e recomendar algoritmos criptográficos leves apropriados com base no contributo dos utilizadores. De igual forma, apresenta-se a avaliação do desempenho destes três componentes, demonstrando que o IoT-HarPSecA pode servir como um roteiro para o desenvolvimento seguro da IoT

An ICT framework to support a patient-centric approach in public healthcare : A case study of Malawi

vital:59285The proliferation of Information and Communication Technologies (ICTs) worldwide has enhanced the amelioration of the quality of healthcare services. There is evidence that the adoption of electronic health (e-health) and mobile health (m-health) technologies has transformed the healthcare domain by improving the efficiency of healthcare service delivery. Digitising health ecosystems has culminated in increased access to healthcare services, even for remote rural areas. The application of ICTs in the healthcare sector has reduced the overall costs of healthcare services. However, developing countries, such as Malawi, face a plethora of challenges in implementing ICT initiatives in the public health sector. Although Malawi deploys several e-health systems, most are fragmented and, therefore, not interoperable. In addition, many m-health interventions are still in the pilot phase, and the Government does not manage them centrally. These challenges are further exacerbated by a lack of appropriate policy and regulatory framework, insufficient human capacity and development, inadequate financial resources, and poor ICT governance in the public healthcare sector. Furthermore, the current provider-centred approach to healthcare service delivery does not fully meet the needs of health consumers. It is, therefore, not surprising that the dearth of an ICT framework for patient-centric healthcare services has made coordination and management of ICT interventions less sustainable, less health consumer-centric and less cost-effective. Unlike the provider-centred approach, patient-centric healthcare empowers health consumers with health information to control their own health and well-being. A patient-centric healthcare approach provides treatment and care to health consumers based on their preferences, values, and beliefs. It is, therefore, cost-effective as it takes a preventive approach rather than a curative one. An ICT framework is proposed to support patient-centric healthcare services in the public healthcare sector in Malawi. A comprehensive literature review and analysis was succinctly conducted to gain an understanding of the Malawi health landscape and patient healthcare approaches. Semi-structured interviews were also undertaken to solicit information from various key v stakeholders such as policymakers, software developers, health consumers, and healthcare providers. Design science research paradigm coupled with pragmatism was then followed to develop the ICT framework, which will ultimately support patient-centric healthcare services in the public sector in Malawi. This methodology assists in solving social problems in a specific context by providing technology-based solutions in the form of an artefact. Experts in various disciplines domiciled in Malawi validated the ICT framework, as an artefact, for its relevance and applicability. The results showed that the framework is appropriate and relevant in the public healthcare sector in Malawi. This study contributes to design science research methodology as it addressed the improvement quadrant described by Gregor and Hevner. It also contributes to the existing body of knowledge by providing a design science artefact in the form of an ICT framework. It is envisaged that the proposed ICT framework will assist the Ministry of Health and other key stakeholders in providing quality patient-centric healthcare services in the public healthcare in Malawi.Thesis (PhD) -- Faculty of Engineering, the Built Environment, and Technology, 202

An ICT framework to support a patient-centric approach in public healthcare : A case study of Malawi

The proliferation of Information and Communication Technologies (ICTs) worldwide has enhanced the amelioration of the quality of healthcare services. There is evidence that the adoption of electronic health (e-health) and mobile health (m-health) technologies has transformed the healthcare domain by improving the efficiency of healthcare service delivery. Digitising health ecosystems has culminated in increased access to healthcare services, even for remote rural areas. The application of ICTs in the healthcare sector has reduced the overall costs of healthcare services. However, developing countries, such as Malawi, face a plethora of challenges in implementing ICT initiatives in the public health sector. Although Malawi deploys several e-health systems, most are fragmented and, therefore, not interoperable. In addition, many m-health interventions are still in the pilot phase, and the Government does not manage them centrally. These challenges are further exacerbated by a lack of appropriate policy and regulatory framework, insufficient human capacity and development, inadequate financial resources, and poor ICT governance in the public healthcare sector. Furthermore, the current provider-centred approach to healthcare service delivery does not fully meet the needs of health consumers. It is, therefore, not surprising that the dearth of an ICT framework for patient-centric healthcare services has made coordination and management of ICT interventions less sustainable, less health consumer-centric and less cost-effective. Unlike the provider-centred approach, patient-centric healthcare empowers health consumers with health information to control their own health and well-being. A patient-centric healthcare approach provides treatment and care to health consumers based on their preferences, values, and beliefs. It is, therefore, cost-effective as it takes a preventive approach rather than a curative one. An ICT framework is proposed to support patient-centric healthcare services in the public healthcare sector in Malawi. A comprehensive literature review and analysis was succinctly conducted to gain an understanding of the Malawi health landscape and patient healthcare approaches. Semi-structured interviews were also undertaken to solicit information from various key v stakeholders such as policymakers, software developers, health consumers, and healthcare providers. Design science research paradigm coupled with pragmatism was then followed to develop the ICT framework, which will ultimately support patient-centric healthcare services in the public sector in Malawi. This methodology assists in solving social problems in a specific context by providing technology-based solutions in the form of an artefact. Experts in various disciplines domiciled in Malawi validated the ICT framework, as an artefact, for its relevance and applicability. The results showed that the framework is appropriate and relevant in the public healthcare sector in Malawi. This study contributes to design science research methodology as it addressed the improvement quadrant described by Gregor and Hevner. It also contributes to the existing body of knowledge by providing a design science artefact in the form of an ICT framework. It is envisaged that the proposed ICT framework will assist the Ministry of Health and other key stakeholders in providing quality patient-centric healthcare services in the public healthcare in Malawi.Thesis (PhD) -- Faculty of Engineering, the Built Environment, and Technology, 202