Data Mobility as a Service

© 2016 IEEE. Cloud computing and cloud services provide an alternative IT infrastructure and service models for users. The users use cloud to store their data, delegate the management of the data, and deploy their services cost-effectively. This usage model, however, raised a number of concerns relating to data control, data protection and data mobility: 1) users may lose control of their resource, 2) data protection schemes are not adequate when data is moved to a new cloud, 3) tracking and tracing changes of data location as well as accountability of data operations are not well supported. To address these issues, this paper proposes a novel cloud service for data mobility from two aspects: data mobility and data protection. A data mobility service is designed and implemented to manage data mobility and data traceability. A Location Register Database (LRD) is also developed to support the service. Furthermore, data is protected by a data security service CPRBAC (Cloud-based Privacy-Aware Role Based Access Control) and an Auditing service that are capable of verifying data operations and triggering alarms on data violations in the Cloud environment

User Controlled Privacy Protection in Location-Based Services

The rapid development of location-determining technologies has enabled tracking of people or objects more accurately than ever before and the volume and extent of tracking has increased dramatically over time. Within the broader domain of tracking technologies, location-based services (LBS) are a subset of capabilities that allow users to access information relative to their own physical location. However, the personal location information generated by such technologies is at risk of being misused or abused unless protection capabilities are built into the design of such systems. These concerns may ultimately prevent society from achieving the broad range of benefits that otherwise would be available to consumers. The assumption of the emerging location-based industry is that corporations will own and control location and other information about individuals. Traditionally, privacy has been addressed through minimum standard approaches. However, regulatory and technological approaches focused on one size fits all standards are ill equipped to accommodate the interests of individuals or broad groups of users. This research explores the possibility of developing an approach for protecting privacy in the use of location-based services that supports the autonomy of an individual through a combined technological and legal model that places the power to protect location privacy in the hands of consumers. A proof of concept user interface to illustrate how personal information privacy could be protected in the conceptual model is demonstrated. A major goal of this project is to create an operational vision supporting user controlled protection of privacy that can help direct technological efforts along appropriate paths

An architecture and protocol, an access control model, and a sighting blurring algorithm for improving users' security in the context of location based services operating over the internet

A new type of service, known as a Location Based Service (LBS), is emerging that incorporates users' location information, and many of these LBSs operate over the Internet. However, the potential misuse of this location information is a serious concern. Therefore, the main goal of this thesis is to develop techniques, which increase users' security and privacy, for use with these LBSs. The �rst technique that we propose is a three-party protocol that is used to mutually identify and authenticate users, LBSs, and a trusted middleware infrastructure that is responsible for managing the users' identity and location information. This protocol enables users to simultaneously identify and authenticate themselves to the infrastructure using real identities, and to the LBSs using pseudonyms. This protocol can be subsequently used to securely exchange messages containing location information. The second technique that we propose is an access control model that enables users to create permissions that specify which users and LBSs are entitled to obtain location information about which other users, under what circumstances the location information is released to the users and LBSs, and the accuracy of any location information that is released to the users and LBSs. The third technique that we propose is a blurring algorithm that performs spatial blurring on users' location information. It does not perform temporal blurring, because this reduces an LBS's ability to �offer a useful service. Instead, our blurring algorithm introduces a new parameter that speci�es the frequency with which location information is released for a particular user. This frequency parameter is a function of the size of the blurred location. These three techniques can be used as part of an overall solution for providing users with increased security while using LBSs that operate over the Internet

Analysis of access control model for data security and privacy on multi-tenant SaaS

Cloud computing has become most trending and emerging technology in recent years and has changed the way of computation and services delivered to customer. Despite all the advantages that cloud provides, users still feel insecure to adopt cloud computing and having major concern over the data security and privacy. This is due to the data of numerous tenants are being located in the same location or database. In this environment data access by unauthorized user is possible. To overcome this issue, there should be a clear boundary for each tenant. Access control model is used to grant the right level of permission to the user in order to carry out their duties, to prevent unauthorized access and to protect assets of organizations and systems. Access control model also can prevent unauthorized user from accessing protected data, ensure authorized users can access protected data and prevent authorized users from performing illegal actions on protected data. There are many types of access control model available in the industry. However, not all the models can be applied in cloud environment due to various reasons. This paper presents an analysis of existing role based access control models. We use evaluation criteria that outlined by NIST for access control system. First, we identified a list of criteria that are suitable to apply in cloud environment specifically on data security and privacy of multi-tenant SaaS application in public cloud. Then, we analysed the existing access control models against the identified evaluation criteria. The analysis outlines the important gaps and missing elements of an access control model that can be extended into an access control model based testing

Security in peer-to-peer communication systems

P2PSIP (Peer-to-Peer Session Initiation Protocol) is a protocol developed by the IETF (Internet Engineering Task Force) for the establishment, completion and modi¿cation of communication sessions that emerges as a complement to SIP (Session Initiation Protocol) in environments where the original SIP protocol may fail for technical, ¿nancial, security, or social reasons. In order to do so, P2PSIP systems replace all the architecture of servers of the original SIP systems used for the registration and location of users, by a structured P2P network that distributes these functions among all the user agents that are part of the system. This new architecture, as with any emerging system, presents a completely new security problematic which analysis, subject of this thesis, is of crucial importance for its secure development and future standardization. Starting with a study of the state of the art in network security and continuing with more speci¿c systems such as SIP and P2P, we identify the most important security services within the architecture of a P2PSIP communication system: access control, bootstrap, routing, storage and communication. Once the security services have been identi¿ed, we conduct an analysis of the attacks that can a¿ect each of them, as well as a study of the existing countermeasures that can be used to prevent or mitigate these attacks. Based on the presented attacks and the weaknesses found in the existing measures to prevent them, we design speci¿c solutions to improve the security of P2PSIP communication systems. To this end, we focus on the service that stands as the cornerstone of P2PSIP communication systems¿ security: access control. Among the new designed solutions stand out: a certi¿cation model based on the segregation of the identity of users and nodes, a model for secure access control for on-the-¿y P2PSIP systems and an authorization framework for P2PSIP systems built on the recently published Internet Attribute Certi¿cate Pro¿le for Authorization. Finally, based on the existing measures and the new solutions designed, we de¿ne a set of security recommendations that should be considered for the design, implementation and maintenance of P2PSIP communication systems.Postprint (published version

Access control systems for geo-spatial data and applications

Data security is today an important requirement in various applications because of the stringent need to ensure confidentiality, integrity, and availability of information. Comprehensive solutions to data security are quite complicated and require the integration of different tools and techniques as well as specific organizational processes. In such a context, a fundamental role is played by the access control system (ACS) that establishes which subjects are authorized to perform which operations on which objects. Subjects are individuals or programs or other entities requiring access to the protected resources. When dealing with protection of information, the resources of interest are typically objects that record information, such as files in an operating system, tuples in a relational database, or a complex object in an object database. Because of its relevance in the context of solutions for information security, access control has been extensively investigated for database management systems (DBMSs) [6], digital libraries [3, 14], and multimedia applications [24]. Yet, the importance of the spatial dimension in access control has been highlighted only recently. We say that access control has a spatial dimension when the authorization to access a resource depends on position information.We broadly categorize spatially aware access control as object-driven, subject-driven, and hybrid based on whether the position information concerns objects, subjects, or both, respectively. In the former case, the spatial dimension is introduced because of the spatial nature of resources. For example, if the resources are georeferenced Earth images, then we can envisage an individual be allowed to only display images covering a certain region. The spatial dimension may also be required because of the spatial nature of subjects. This is the case of mobile individuals allowed to access a resource when located in a given area. For example, an individual may be authorized to view secret information only within a military base. Finally, position information may concern both objects and subjects like in the case of an individual authorized to display images of a region only within a military office. There is a wide range of applications which motivate spatially aware access control. The two challenging and contrasting applications we propose as examples 190 Maria Luisa Damiani and Elisa Bertino are the spatial data infrastructures (SDI) and location-based services (LBS). An SDI consists of the technological and organizational infrastructure which enables the sharing and coordinated maintenance of spatial data among multiple heterogeneous organizations, primarily public administrations, and government agencies. On the other side, LBS enable mobile users equipped with location-aware terminals to access information based on the position of terminals. These applications have different requirements on access control. In an SDI, typically, there is the need to account for various complex structured spatial data that may have multiple representations across different organizations. In an SDI, the access control is thus object-driven. Conversely, in LBS, there is the need to account for a dynamic and mobile user population which may request diversified services based on position. Access control is thus subject-driven or hybrid. However, despite the variety of requirements and the importance of spatial data protection in these and other applications, very few efforts have been devoted to the investigation of spatially aware access control models and systems. In this chapter, we pursue two main goals: the first is to present an overview of this emerging research area and in particular of requirements and research directions; the second is to analyze in more detail some research issues, focusing in particular on access control in LBS. We can expect LBS to be widely deployed in the near future when advanced wireless networks, such as mobile geosensor networks, and new positioning technologies, such as the Galileo satellite system will come into operation. In this perspective, access control will become increasingly important, especially for enabling selective access to services such as Enterprise LBS, which provide information services to mobile organizations, such as health care and fleet management enterprises. An access control model targeting mobile organizations is GEO-RBAC [4]. Such a model is based on the RBAC (role-based access control) standard and is compliant with Open Geospatial Consortium (OGC) standards with respect to the representation of the spatial dimension of the model. The main contributions of the chapter can be summarized as follows: \u2022 We provide an overview of the ongoing research in the field of spatially aware access control. \u2022 We show how the spatial dimension is interconnected with the security aspects in a specific access control model, that is, GEO-RBAC. \u2022 We outline relevant architectural issues related to the implementation of an ACS based on the GEO-RBAC model. In particular, we present possible strategies for security enforcement and the architecture of a decentralized ACS for large-scale LBS applications. The chapter is organized as follows. The next section provides some background knowledge on data security and in particular access control models. The subsequent section presents requirements for geospatial data security and then the state of the art. Afterward the GEO-RBAC model is introduced. In particular, we present the main concepts of the model defined in the basic layer of the model, the Core GEO-RBAC. Hence, architectural approaches supporting GEO-RBAC are presented. Open issues are finally reported in the concluding section along with directions for future work

On User Privacy for Location-based Services

This thesis investigates user privacy concerns associated with the use of location based services. We begin by introducing various privacy schemes relevant to the use of location based services. We introduce the notion of constraints, i.e. statements limiting the use and dis tribution of Location Information (LI), i.e. data providing information regarding a subject's location. Constraints can be securely bound to LI, and are designed to reduce threats to privacy by controlling its dissemination and use. The various types of constraint which may be required are also considered. The issues and risks with the possible use of constraints are discussed, as are possible solutions to these hazards. To address some of the problems that have been identified with the use of constraints, we introduce the notion of an LI Preference Authority (LIPA). A LIPA is a trusted party which can examine LI constraints and make decisions about LI distribution without revealing the constraints to the entity requesting the LI. This is achieved by encrypting both the LI and the constraints with a LIPA encryption key, ensuring that the LI is only revealed at the discretion of the LIPA. We further show how trusted computing can be used to enhance privacy for LI. We focus on how the mechanisms in the Trusted Computing Group specifications can be used to enable the holder of LI to verify the trustworthiness of a remote host before transferring the LI to that remote device. This provides greater assurance to end users that their expressed preferences for the handling of personal information will be respected. The model for the control of LI described in this thesis has close parallels to models controlling the dissemination and use of other personal information. In particular, Park and Sandhu have developed a general access control model intended to address issues such as Digital Rights Management, code authorisation, and the control of personal data. We show how our model for LI control fits into this general access control model. We present a generic service which allows a device to discover the location of other devices in ad hoc networks. The advantages of the service are discussed in several scenarios, where the reliance on an infrastructure such as GPS satellites or GSM cellular base stations is not needed. An outline of the technology which will be needed to realise the service is given, along with a look at the security issues which surround the use of this location discovery service. Finally, we provide conclusions and suggestions for future work

Net Neutrality Value Pack using Network Data Analytics

The advent of mobile internet and the phenomenal growth of the use of smart phones has brought data onto the forefront, creating newer revenue streams for the operators. The data/Internet connection now needs to cater to diverse traffic, just as a city must manage the flow of various vehicles and pedestrians on its streets. In the data world, usage of data ranges across various applications like streaming-video, real time gaming, B2B & M2M applications. Such diverse customers often blame their operators for throttling data flows to the phones or computers. This causes significant delays and losses in data transmission. Any lapses of providing connectivity and continuity to network will create a large number of dissatisfied customers and unwarranted reduction of customer base. Network neutrality is an idea, that all operators should treat all data that travel over their networks fairly, without improper discrimination in favor of particular apps, sites or services. However it is a complex, controversial topic and is an important part of a free and open Internet. It aims at enabling access, choice, and transparency of Internet offerings, there by empowering users to benefit from full access to services, applications, and content available on the Internet. Implementing network neutrality legitimately without discrimination in favor of particular applications, sites or services have been a challenge faced by operators globally. This paper describes a Net Neutrality value pack using the Smart Profile Server (SPS). SPS is an enterprise application which forms the middleware to collect & analyze the network data to build and expose a data model having network traffic info w.r.t. session throughput, speed classification, page reloads etc. for a given customer/subscriber at a given time & location using the analytic database (DB). This data model can be either exposed as a REST [1] based interface as a smart profile view with fine grain access control or tied to 3rd party dashboard tools to act as a window to subscribers & regulation agencies to determine if the operator is truly net neutral

Wireless Network Design and Optimization: From Social Awareness to Security

abstract: A principal goal of this dissertation is to study wireless network design and optimization with the focus on two perspectives: 1) socially-aware mobile networking and computing; 2) security and privacy in wireless networking. Under this common theme, this dissertation can be broadly organized into three parts. The first part studies socially-aware mobile networking and computing. First, it studies random access control and power control under a social group utility maximization (SGUM) framework. The socially-aware Nash equilibria (SNEs) are derived and analyzed. Then, it studies mobile crowdsensing under an incentive mechanism that exploits social trust assisted reciprocity (STAR). The efficacy of the STAR mechanism is thoroughly investigated. Next, it studies mobile users' data usage behaviors under the impact of social services and the wireless operator's pricing. Based on a two-stage Stackelberg game formulation, the user demand equilibrium (UDE) is analyzed in Stage II and the optimal pricing strategy is developed in Stage I. Last, it studies opportunistic cooperative networking under an optimal stopping framework with two-level decision-making. For both cases with or without dedicated relays, the optimal relaying strategies are derived and analyzed. The second part studies radar sensor network coverage for physical security. First, it studies placement of bistatic radar (BR) sensor networks for barrier coverage. The optimality of line-based placement is analyzed, and the optimal placement of BRs on a line segment is characterized. Then, it studies the coverage of radar sensor networks that exploits the Doppler effect. Based on a Doppler coverage model, an efficient method is devised to characterize Doppler-covered regions and an algorithm is developed to find the minimum radar density required for Doppler coverage. The third part studies cyber security and privacy in socially-aware networking and computing. First, it studies random access control, cooperative jamming, and spectrum access under an extended SGUM framework that incorporates negative social ties. The SNEs are derived and analyzed. Then, it studies pseudonym change for personalized location privacy under the SGUM framework. The SNEs are analyzed and an efficient algorithm is developed to find an SNE with desirable properties.Dissertation/ThesisDoctoral Dissertation Electrical Engineering 201

Ethical use of information technology and cyber cafe among Malaysian youth

This report is based on a research study under the Ministry of Higher Education’s Fundamental Research Grant Scheme (FRGS) involving 6 researchers from the Graduate Department of Information Technology, College of Arts and Sciences, Universiti Utara Malaysia. The aim of the research is to investigate ethical use of information technology and cyber café among Malaysian youths and to propose a framework for ethical usage of public access ICT services. With the proliferation of the Internet, there has been an unprecedented trend in public access to information and digital content.This has brought about a new kind of social challenge particularly among the youth, who based on their nature are inquisitive and tend to look for explicit and exciting endeavor to satisfy their youthful lust. Public Internet access facilities such as cyber cafés have been at the forefront as avenues in attracting youths to perform anti-social and unethical activities.This study intends to gather empirical data on the activities performed at cyber cafés and propose an ethical cyber café model as guidelines for ethical usage of ICT services at public access centres. To meet the objectives of the study, surveys were carried out involving users and operators of cyber cafes. Feedbacks from communities and parents were also sought using the Theory of Planned Behavior to operationalise the research variables.In addition, relevant enforcement and regulatory bodies were also interviewed to provide inputs and experiences in enforcing and monitoring the cyber cafés. Appropriate sample sizes were used to represent the populations for each unit of analysis following the principle of statistics.For cyber café users and communities of infinite population, the sample size taken was 650, whilst sampling for cyber café operators is based on a sampling frame from the Companies Commission of Malaysia.Questionnaires were designed using items constructed from the Theory of Planned Behavior. Four factors representing the independent variables were identified: Attitude, Subjective Norm, Perceived Behavioral Control and External Factors determining the dependent variables represented by Behavioral Intention.The questionnaires were tested and found to be valid and reliable.Data collection involved administration of the questionnaire to the respective respondents and field works in the form of interviews to the respective regulatory authorities.Among the main findings of the study are that there was no clear regulations and consistent enforcement of cyber café operations.Whilst peers and teachers do influence ethical use of cyber cafés, parents appear not to be a significant factor.The study also found that the use of CCTV is an effective behavioral control, however the imposition of rules and regulations were found to have no significant influence.Similarly, external factors such as internal environment of cyber café and location are found not to be significantly related to ethical use.Results of this study indicate positive implication to the operation of cyber cafés in Malaysia if efforts are made to focus attention to education and good personal values, with clear visibility to discourage unethical acts as a form of behavioral control. Based on the findings of the study, an ethical cyber café model is suggested which comprises of three main components namely people, facilities, and governance