10,912 research outputs found
IPv6 Multihoming Support in the Mobile Internet
Fourth-generation mobile devices incorporate multiple interfaces with diverse access technologies. The current Mobile IPv6 protocol fails to support the enhanced fault tolerance capabilities that are enabled by the availability of multiple interfaces. In particular, established MIPv6 communications cannot be preserved through outages affecting the home address. In this article,
we describe an architecture for IPv6 mobile host multihoming that enables transport layer survivability through multiple failure modes. The proposed approach relies on the cooperation between the MIPv6 and the SHIM6 protocols.Publicad
A Study of the Feasibility of Co-located App Attacks against BLE and a Large-Scale Analysis of the Current Application-Layer Security Landscape
Bluetooth Low Energy (BLE) is a fast-growing wireless technology with a large
number of potential use cases, particularly in the IoT domain. Increasingly,
these use cases require the storage of sensitive user data or critical device
controls on the BLE device, as well as the access of this data by an
augmentative mobile application. Uncontrolled access to such data could violate
user privacy, cause a device to malfunction, or even endanger lives. The BLE
standard provides security mechanisms such as pairing and bonding to protect
sensitive data such that only authenticated devices can access it. In this
paper we show how unauthorized co-located Android applications can access
pairing-protected BLE data, without the user's knowledge. We discuss mitigation
strategies in terms of the various stakeholders involved in this ecosystem, and
argue that at present, the only possible option for securing BLE data is for
BLE developers to implement remedial measures in the form of application-layer
security between the BLE device and the Android application. We introduce
BLECryptracer, a tool for identifying the presence of such application-layer
security, and present the results of a large-scale static analysis over 18,900+
BLE-enabled Android applications. Our findings indicate that over 45% of these
applications do not implement measures to protect BLE data, and that
cryptography is sometimes applied incorrectly in those that do. This implies
that a potentially large number of corresponding BLE peripheral devices are
vulnerable to unauthorized data access.Comment: The % Downloads line graph (Fig-7) in v2 of this paper is inaccurate,
as we do not have install counts per version of an application. It has been
removed in this version [v3] of the pape
Applications of Context-Aware Systems in Enterprise Environments
In bring-your-own-device (BYOD) and corporate-owned, personally enabled (COPE) scenarios, employees’ devices store both enterprise and personal data, and have the ability to remotely access a secure enterprise network. While mobile devices enable users to access such resources in a pervasive manner, it also increases the risk of breaches for sensitive enterprise data as users may access the resources under insecure circumstances. That is, access authorizations may depend on the context in which the resources are accessed. In both scenarios, it is vital that the security of accessible enterprise content is preserved. In this work, we explore the use of contextual information to influence access control decisions within context-aware systems to ensure the security of sensitive enterprise data. We propose several context-aware systems that rely on a system of sensors in order to automatically adapt access to resources based on the security of users’ contexts. We investigate various types of mobile devices with varying embedded sensors, and leverage these technologies to extract contextual information from the environment. As a direct consequence, the technologies utilized determine the types of contextual access control policies that the context-aware systems are able to support and enforce. Specifically, the work proposes the use of devices pervaded in enterprise environments such as smartphones or WiFi access points to authenticate user positional information within indoor environments as well as user identities
Internet of Things-aided Smart Grid: Technologies, Architectures, Applications, Prototypes, and Future Research Directions
Traditional power grids are being transformed into Smart Grids (SGs) to
address the issues in existing power system due to uni-directional information
flow, energy wastage, growing energy demand, reliability and security. SGs
offer bi-directional energy flow between service providers and consumers,
involving power generation, transmission, distribution and utilization systems.
SGs employ various devices for the monitoring, analysis and control of the
grid, deployed at power plants, distribution centers and in consumers' premises
in a very large number. Hence, an SG requires connectivity, automation and the
tracking of such devices. This is achieved with the help of Internet of Things
(IoT). IoT helps SG systems to support various network functions throughout the
generation, transmission, distribution and consumption of energy by
incorporating IoT devices (such as sensors, actuators and smart meters), as
well as by providing the connectivity, automation and tracking for such
devices. In this paper, we provide a comprehensive survey on IoT-aided SG
systems, which includes the existing architectures, applications and prototypes
of IoT-aided SG systems. This survey also highlights the open issues,
challenges and future research directions for IoT-aided SG systems
H2B: Heartbeat-based Secret Key Generation Using Piezo Vibration Sensors
We present Heartbeats-2-Bits (H2B), which is a system for securely pairing
wearable devices by generating a shared secret key from the skin vibrations
caused by heartbeat. This work is motivated by potential power saving
opportunity arising from the fact that heartbeat intervals can be detected
energy-efficiently using inexpensive and power-efficient piezo sensors, which
obviates the need to employ complex heartbeat monitors such as
Electrocardiogram or Photoplethysmogram. Indeed, our experiments show that
piezo sensors can measure heartbeat intervals on many different body locations
including chest, wrist, waist, neck and ankle. Unfortunately, we also discover
that the heartbeat interval signal captured by piezo vibration sensors has low
Signal-to-Noise Ratio (SNR) because they are not designed as precision
heartbeat monitors, which becomes the key challenge for H2B. To overcome this
problem, we first apply a quantile function-based quantization method to fully
extract the useful entropy from the noisy piezo measurements. We then propose a
novel Compressive Sensing-based reconciliation method to correct the high bit
mismatch rates between the two independently generated keys caused by low SNR.
We prototype H2B using off-the-shelf piezo sensors and evaluate its performance
on a dataset collected from different body positions of 23 participants. Our
results show that H2B has an overwhelming pairing success rate of 95.6%. We
also analyze and demonstrate H2B's robustness against three types of attacks.
Finally, our power measurements show that H2B is very power-efficient
- …