1,580 research outputs found
Service discovery at home
Service discovery is a fairly new field that kicked off since the advent of ubiquitous computing and has been found essential in the making of intelligent networks by implementing automated discovery and remote control between devices. This paper provides an overview and comparison of several prominent service discovery mechanisms currently available. It also introduces the at home anywhere service discovery protocol (SDP@HA) design which improves on the current state of the art by accommodating resource lean devices, implementing a dynamic leader election for a central cataloguing device and embedding robustness to the service discovery architecture as an important criterion
Reliable and Secure Drone-assisted MillimeterWave Communications
The next generation of mobile networks and wireless communication, including the fifth-generation (5G) and beyond, will provide a high data rate as one of its fundamental requirements. Providing high data rates can be accomplished through communication over high-frequency bands such as the Millimeter-Wave(mmWave) one. However, mmWave communication experiences short-range communication, which impacts the overall network connectivity. Improving network connectivity can be accomplished through deploying Unmanned Ariel Vehicles(UAVs), commonly known as drones, which serve as aerial small-cell base stations. Moreover, drone deployment is of special interest in recovering network connectivity in the aftermath of disasters. Despite the potential advantages, drone-assisted networks can be more vulnerable to security attacks, given their limited capabilities. This security vulnerability is especially true in the aftermath of a disaster where security measures could be at their lowest. This thesis focuses on drone-assisted mmWave communication networks with their potential to provide reliable communication in terms of higher network connectivity measures, higher total network data rate, and lower end-to-end delay. Equally important, this thesis focuses on proposing and developing security measures needed for drone-assisted networksâ secure operation. More specifically, we aim to employ a swarm of drones to have more connection, reliability, and secure communication over the mmWave band. Finally, we target both the cellular 5Gnetwork and Ad hoc IEEE802.11ad/ay in typical network deployments as well as in post-disaster circumstances
A study on security grade assignment model for mobile users in urban computing
The relation between the information/knowledge expression and the physical expression can be involved as one of items for an ambient intelligent computing [2],[3]. Moreover, because there are so many contexts around user/spaces during a user movement, all appplcation which are using AmI for users are based on the relation between user devices and environments. In these situations, it is possible that the AmI may output the wrong result from unreliable contexts by attackers. Recently, establishing a server have been utilizes, so finding secure contexts and make contexts of higher security level for save communication have been given importance. Attackers try to put their devices on the expected path of all users in order to obtain users informationillegally or they may try to broadcast their SPAMS to users. This paper is an extensionof [11] which studies the Security Grade Assignment Model (SGAM) to set Cyber-Society Organization (CSO)
A personal networking solution
This paper presents an overview of research being conducted on Personal Networking Solutions within the Mobile VCE Personal Distributed Environment Work Area. In particular it attempts to highlight areas of commonality with the MAGNET initiative. These areas include trust of foreign devices and service providers, dynamic real-time service negotiation to permit context-aware service delivery, an automated controller algorithm for wireless ad hoc networks, and routing protocols for ad hoc networking environments. Where possible references are provided to Mobile VCE publications to enable further reading
A Note About the Semantics of Delegation
In many applications, mobile agents are used by a client to delegate a task. This task is usually performed by the agent on behalf of the client, by visiting various service provider's sites distributed over a network. This use of mobile agents raises many interesting security issues concerned with the trust relationships established through delegation mechanisms between client and agent, agent and service provider and client and service provider. In this paper we will explain why the traditional semantics of delegation used by existing access control mechanisms, either centralised or distributed, are generally not satisfactory to prevent and detect deception and why these problems are even more critical when these semantics are used in mobile agent paradigms.Non peer reviewe
Anonymity and trust in the electronic world
Privacy has never been an explicit goal of authorization mechanisms. The traditional
approach to authorisation relies on strong authentication of a stable identity
using long term credentials. Audit is then linked to authorization via the same
identity. Such an approach compels users to enter into a trust relationship with
large parts of the system infrastructure, including entities in remote domains. In
this dissertation we advance the view that this type of compulsive trust relationship
is unnecessary and can have undesirable consequences. We examine in some
detail the consequences which such undesirable trust relationships can have on
individual privacy, and investigate the extent to which taking a unified approach
to trust and anonymity can actually provide useful leverage to address threats to
privacy without compromising the principal goals of authentication and audit. We
conclude that many applications would benefit from mechanisms which enabled
them to make authorization decisions without using long-term credentials. We
next propose specific mechanisms to achieve this, introducing a novel notion of
a short-lived electronic identity, which we call a surrogate. This approach allows
a localisation of trust and entities are not compelled to transitively trust other entities
in remote domains. In particular, resolution of stable identities needs only
ever to be done locally to the entity named. Our surrogates allow delegation, enable
role-based access control policies to be enforced across multiple domains,
and permit the use of non-anonymous payment mechanisms, all without compromising
the privacy of a user. The localisation of trust resulting from the approach
proposed in this dissertation also has the potential to allow clients to control the
risks to which they are exposed by bearing the cost of relevant countermeasures
themselves, rather than forcing clients to trust the system infrastructure to protect
them and to bear an equal share of the cost of all countermeasures whether or not
effective for them. This consideration means that our surrogate-based approach
and mechanisms are of interest even in Kerberos-like scenarios where anonymity
is not a requirement, but the remote authentication mechanism is untrustworthy
Strong Customer Authentication : Security Issues and Solution Evaluation
In October 2015 PSD2 first adopted by the European Parliament to initiate a new method of payment system. Since then, it receives several amendment time to time. Strong Customer Authentication (SCA), one of the major requirements of PSD2 came into force from September 2019. However, European Banking Authority EBA found it is challenging to comply with this requirement fully, before the given deadline. Technical implementation challenge, complex payment systems across EU, bring-in all related actors under SCA needs to be resolved with profound solution to achieve the PSD2 success. Moreover, contradictory terms of the PSD2 with GDPR and inadequate protection for the userâs privacy prevails account access issues that can be circumvented by the payment service providers. This article investigated the pros and cons of the PSD2, finds feasible solutions for SCA that seamlessly involves all actors in payment system. Despite the fact of technical implementation details, a leading PSPâs SCA compliant solution integrated into an e-invoicing system as an specimen of an SCA compliant model. The model showcases the SCA conformity then test and verifies security of data and privacy of the user
Understanding Federation: An Analytical Framework for the Interoperability of Social Networking Sites
Although social networking has become a remarkable feature in the Web, full
interoperability has not arrived. This work explores the main 5 paradigms of
interoperability across social networking sites, corresponding to the layers in
which we an find interoperability. Building on those, a novel analytical
framework for SNS interoperability is introduced. Seven representative
interoperability SNS technologies are compared using the proposed framework.
The analysis exposes an overwhelming disparity and fragmentation in the
solutions for tackling the same problems. Although there are a few solutions
where consensus is reached and are widely adopted (e.g. in object IDs), there
are multiple central issues that are still far from being widely standarized
(e.g. in profile representation). In addition, several areas have been
identified where there is clear room for improvement, such as privacy controls
or data synchronization
Formal verification of authentication and service authorization protocols in 5G-enabled device-to-device communications using ProVerif
Device-to-Device (D2D) communications will be used as an underlay technology in the Fifth Generation mobile network (5G), which will make network services of multiple Service Providers (SP) available anywhere. The end users will be allowed to access and share services using their User Equipments (UEs), and thus they will require seamless and secured connectivity. At the same time, Mobile Network Operators (MNOs) will use the UE to offload traffic and push contents closer to users relying on D2D communications network. This raises security concerns at different levels of the system architecture and highlights the need for robust authentication and authorization mechanisms to provide secure services access and sharing between D2D users. Therefore, this paper proposes a D2D level security solution that comprises two security protocols, namely, the D2D Service security (DDSec) and the D2D Attributes and Capability security (DDACap) protocols, to provide security for access, caching and sharing data in network-assisted and non-network-assisted D2D communications scenarios. The proposed solution applies Identity-based Encryption (IBE), Elliptic Curve Integrated Encryption Scheme (ECIES) and access control mechanisms for authentication and authorization procedures. We formally verified the proposed protocols using ProVerif and applied pi calculus. We also conducted a security analysis of the proposed protocols
Adapting Kerberos for a browser-based environment
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2013.Cataloged from PDF version of thesis.Includes bibliographical references (pages 63-65).This thesis presents Webathena, a browser-centric implementation of the Kerberos network authentication protocol. It consists of a JavaScript Kerberos client, paired with a simple, untrusted, server-side proxy to wrap the protocol in HTTP. This is used to implement a trusted credential manager with a cross-origin protocol to delegate credentials to untrusted Web applications. To evaluate Webathena, we present Roost, a Web-based client for the Zephyr messaging and notification in use at MIT, along with a host of proof-of-concept applications. We find that it is possible to build Web-based clients for Kerberized services similar to or better than existing native ones with no modifications to either the Kerberos KDCs or the services themselves. Finally, we discuss possible modifications to Kerberos to better support this kind of credential delegation.by David Benjamin.M. Eng
- âŠ