Exploring the Relationship Between IoT Security and Standardization

The adoption of the Internet of Things (IoT) technology across society presents new and unique challenges for security experts in maintaining uninterrupted services across the technology spectrum. A botnet implemented over 490,000 IoT connected devices to cripple the Internet services for major companies in one recent IoT attack. Grounded in Rogerâs diffusion of innovations theory, the purpose of this qualitative exploratory multiple-case study was to explore implementation strategies used by some local campus IT managers in educational institutions in the United States to secure the IoT environment. The participants were 10 IT local campus IT managers within educational institutions across the Southeast portion of the United States who have implemented strategies to secure IoT devices. The data were collected by interviewing 10 IT managers and collecting documentation available to the public from 4 institutions. Four themes emerged after analysis using data triangulation: restricting IoT access to the network, network isolation to secure IoT devices from the network, adoption by leadership to secure IoT inside the network, and strong shared partnership with peer organizations through observation. The research will benefit IT professionals and organizations through enhanced security and the community providing a more enhanced learning experience for all involved locally through IoT adoption. A secure IoT environment may contribute to positive social change by increasing IoT adoption to better serve societal needs

How do different devices impact users' web browsing experience?

The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile. The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed. Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions. A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development. By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targe­ted advertising perspe­ctives

How do different devices impact users' web browsing experience?

The digital world presents many interfaces, among which the desktop and mobile device platforms are dominant. Grasping the differential user experience (UX) on these devices is a critical requirement for developing user focused interfaces that can deliver enhanced satisfaction. This study specifically focuses on the user's web browsing experience while using desktop and mobile. The thesis adopts quantitative methodology. This amalgamation presents a comprehensive understanding of the influence of device specific variables, such as loading speed, security concerns and interaction techniques, which are critically analyzed. Moreover, various UX facets including usability, user interface (UI) design, accessibility, content organization, and user satisfaction on both devices were also discussed. Substantial differences are observed in the UX delivered by desktop and mobile devices, dictated by inherent device attributes and user behaviors. Mobile UX is often associated with personal, context sensitive use, while desktop caters more effectively to intensive, extended sessions. A surprising revelation is the existing discrepancy between the increasing popularity of mobile devices and the persistent inability of many websites and applications to provide a satisfactory mobile UX. This issue primarily arises from the ineffective adaptation of desktop-focused designs to the mobile, underscoring the necessity for distinct, device specific strategies in UI development. By furnishing pragmatic strategies for designing efficient, user-friendly and inclusive digital interfaces for both devices; the thesis contributes significantly to the existing body of literature. An emphasis is placed on a device-neutral approach in UX design, taking into consideration the unique capabilities and constraints of each device, thereby enriching the expanding discourse on multiservice user experience. As well as this study contributes to digital marketing and targe­ted advertising perspe­ctives

EVALUATING THE CYBER SECURITY IN THE INTERNET OF THINGS: SMART HOME VULNERABILITIES

The need for advanced cyber security measures and strategies is attributed to modern sophistication of cyber-attacks and intense media attention when attacks and breaches occur. In May 2014, a congressional report suggested that Americans used approximately 500 million Internet-capable devices at home, including, but not limited to Smartphones, tablets, and other Internet-connected devices, which run various unimpeded applications. Owing to this high level of connectivity, our home environment is not immune to the cyber-attack paradigm; rather, the home has evolved to become one of the most influenced markets where the Internet of Things has had extensive surfaces, vectors for attacks, and unanswered security concerns. Thus, the aim of the present research was to investigate behavioral heuristics of the Internet of Things by adopting an exploratory multiple case study approach. A controlled Internet of Things ecosystem was constructed consisting of real-life data observed during a typical life cycle of initial configuration and average use. The information obtained during the course of this study involved the systematic acquisition and analysis of Smart Home ecosystem link-layer protocol data units (PDUs). The methodology employed during this study involved a recursive multiple case study evaluation of the Smart Home ecosystem data-link layer PDUs and aligned the case studies to the existing Intrusion Kill Chain design model. The proposed solution emerging from the case studies builds the appropriate data collection template while concurrently developing a Security as a Service (SECaaS) capability to evaluate collected results

Enhanced Password Security on Mobile Devices

<p>Sleek and powerful touchscreen devices with continuous access to high-bandwidth wireless data networks have transformed mobile into a first-class development platform. Many applications (i.e., "apps") written for these platforms rely on remote services such as Dropbox, Facebook, and Twitter, and require users to provide one or more passwords upon installation. Unfortunately, today's mobile platforms provide no protection for users' passwords, even as mobile devices have become attractive targets for password-stealing malware and other phishing attacks.</p><p>This dissertation explores the feasibility of providing strong protections for passwords input on mobile devices without requiring large changes to existing apps.</p><p>We propose two approaches to secure password entry on mobile devices: ScreenPass and VeriUI. ScreenPass is integrated with a device's operating system and continuously monitors the device's screen to prevent malicious apps from spoofing the system's trusted software keyboard. The trusted keyboard ensures that ScreenPass always knows when a password is input, which allows it to prevent apps from sending password data to the untrusted servers. VeriUI relies on trusted hardware to isolate password handling from a device's operating system and apps. This approach allows VeriUI to prove to remote services that a relatively small and well-known code base directly handled a user's password data.</p>Dissertatio

Little Things and Big Challenges: Information Privacy and the Internet of Things

The Internet of Things (loT), the wireless connection of devices to ourselves, each other, and the Internet, has transformed our lives and our society in unimaginable ways. Today, billions of electronic devices and sensors collect, store, and analyze personal information from how fast we drive, to how fast our hearts beat, to how much and what we watch on TV. Even children provide billions of bits of personal information to the cloud through smart toys that capture images, recognize voices, and more. The unprecedented and unbridled new information flow generated from the little things of the loT is creating big challenges for privacy regulators. Traditional regulators are armed with conventional tools not fully capable of handling the privacy challenges of the loT. A critical review of recent Federal Trade Commission (FTC) enforcement decisions sheds light on a recommended path for the future regulation of the loT. This Article first examines the pervasiveness of the loT and the data it collects in order to clarify the challenges facing regulators. It also highlights traditional privacy laws, principles, and regulations and explains why those rules do not fit the novel challenges and issues resulting from the loT. Then it presents an in-depth analysis of four key FTC enforcement decisions to highlight how the FTC has and can regulate the loT without undermining the innovation and benefits that this technology-and the data it providesbrings to our society. Specifically, the Article describes how the FTC, faced with the privacy challenge that accompanies the interconnected world of the loT, has managed to apply traditional standards of unfairness and deceptive practices to protect private information. The FTC has been flexible and nimble with its interpretations of such standards and, in its most recent loT case, FTC v. VIZIO, established a new tool in its toolkit for regulating loT devices: an unfair tracking standard. As the de facto data protection authority in the United States, the FTC can use this new tool to work toward standardizing its treatment of loT privacy issues instead of trying to fit those concerns neatly under the deception authority of section 5 of the FFC Act. However, this new tool also means that the FTC has the opportunity-and responsibility-to provide guidance on how it will wield that authority. To assure that innovation is not stifled and that this new rule is fairly applied (whether by the FFC or other agencies that may follow suit), it is imperative that the FFC diligently address concerns about the scope of this new rule and communicate that guidance to businesses, other regulators, and consumers alike. The new FTC administration should, as the primary regulator of information privacy and the loT, continue the strong practice established by the previous administration, which is to provide guidance to businesses, consumers, and other regulators navigating the big challenges caused by the little things in the loT

An Examination of Factors That Influence Teacher Adoption of Bring Your Own Device in the Classroom

The purpose of this research is to examine if and how Bring Your Own Device (BYOD) is implemented in secondary public schools by focusing on teacher adoption of BYOD in the classroom. Given the newness of BYOD, there is little research on how school districts have implemented this policy or why and how teachers have adopted the practice in their classroom. Using both Innovation Diffusion Theory (IDT) and the Technology Acceptance Model (TAM), this research investigated several key elements that could influence teacher adoption of BYOD: teacher characteristics, school culture, and professional development. The population for this mixed method study was teachers in three middle schools and three high schools located in a large suburban school district in Virginia. The mixed method study was divided into two parts: focus groups and web survey. Selecting schools for both parts of the study was based on three variables: student ethnicity, percentage of the student body considered economically disadvantaged, and teacher experience. Data collected from the focus groups was used to create the web survey. The results from this study revealed that five predictor variables were statistically significant concerning teacher adoption of BYOD in middle and high schools: perceived usefulness of BYOD, school culture, professional development, the secondary school level middle or high school, and the type of school program whether a traditional program at a zoned school or a specialized program such as an academy. The strongest predictor of the five variables was perceived usefulness. Findings from this study will contribute to policy makers understanding of which factors influence a teacher\u27s decision to adopt or reject an innovation (such as BYOD) and may influence development and implementation of policies regarding such innovations

Securing the Internet of Healthcare

Cybersecurity, including the security of information technology (IT), is a critical requirement in ensuring society trusts, and therefore can benefit from, modern technology. Problematically, though, rarely a day goes by without a news story related to how critical data has been exposed, exfiltrated, or otherwise inappropriately used or accessed as a result of supply chain vulnerabilities. From the Russian government\u27s campaign to influence the 2016 U.S. presidential election to the September 2017 Equifax breach of more than 140-million Americans\u27 credit reports, mitigating cyber risk has become a topic of conversation in boardrooms and the White House, on Wall Street and Main Street. But oftentimes these discussions miss the problems replete in the often-expansive supply chains on which many of these products and services we depend on are built; this is particularly true in the medical device context. The problem recently made national news with the FDA-mandated recall of more than 400,000 pacemakers that were found to be vulnerable to hackers necessitating a firmware update. This Article explores the myriad vulnerabilities in the supply chain for medical devices, investigates existing FDA cybersecurity and privacy regulations to identify any potential governance gaps, and suggests a path forward to boost cybersecurity due diligence for manufacturers by making use of new approaches and technologies, including blockchain

Environmental impact assessment of online advertising

There are no commonly agreed ways to assess the total energy consumption of the Internet. Estimating the Internet's energy footprint is challenging because of the interconnectedness associated with even seemingly simple aspects of energy consumption. The first contribution of this paper is a common modular and layered framework, which allows researchers to assess both energy consumption and CO2e emissions of any Internet service. The framework allows assessing the energy consumption depending on the research scope and specific system boundaries. Further, the proposed framework allows researchers without domain expertise to make such an assessment by using intermediate results as data sources, while analyzing the related uncertainties. The second contribution is an estimate of the energy consumption and CO2e emissions of online advertising by utilizing our proposed framework. The third contribution is an assessment of the energy consumption of invalid traffic associated with online advertising. The second and third contributions are used to validate the first. The online advertising ecosystem resides in the core of the Internet, and it is the sole source of funding for many online services. Therefore, it is an essential factor in the analysis of the Internet's energy footprint. As a result, in 2016, online advertising consumed 20–282 TWh of energy. In the same year, the total infrastructure consumption ranged from 791 to 1334 TWh. With extrapolated 2016 input factor values without uncertainties, online advertising consumed 106 TWh of energy and the infrastructure 1059 TWh. With the emission factor of 0.5656 kg CO2e/kWh, we calculated the carbon emissions of online advertising, and found it produces 60 Mt CO2e (between 12 and 159 Mt of CO2e when considering uncertainty). The share of fraudulent online advertising traffic was 13.87 Mt of CO2e emissions (between 2.65 and 36.78 Mt of CO2e when considering uncertainty). The global impact of online advertising is multidimensional. Online advertising affects the environment by consuming significant amounts of energy, leading to the production CO2e emissions. Hundreds of billions of ad dollars are exchanged yearly, placing online advertising in a significant role economically. It has become an important and acknowledged component of the online-bound society, largely due to its integration with the Internet and the amount of revenue generated through it

Data security in mobile healthcare

Introduction/purpose: The digitization of healthcare has gained particular importance in the years since the emergence of COVID-19 and also has become one of the primary goals of the Government of the Republic of Serbia. Telemedicine is a good solution when the patient cannot come to a healthcare facility. Mobile healthcare applications are already widely used, but in both fields the important challenge is data security. The aim of this paper is to review solutions for data security in mobile healthcare from the technical side and possible challenges in the process of digitization of the healthcare system in Serbia. Methods: This review is based on current papers in this area, on the available relevant literature and the authors' many years of experience in this field. Experiences in the process of digitization of healthcare in Serbia are based on available articles and regulations. Finally, possible challenges are presented from the authors' perspective based on everything presented in the field of data security in mobile healthcare. Results: The analysis of the papers reviewed from the point of view of data security showed that users are often ready to sacrifice their privacy for the sake of convenience provided by mobile applications. Conclusion: Based on the review of the papers and clear data security requirements that include the presented safeguards, one of the main tasks of the entire community is to raise awareness of information security and awareness of the need for cyber hygiene of each individual, which is the basis for the safe use of e-health services