Evaluation of Cryptography Usage in Android Applications

Mobile application developers are using cryptography in their products to protect sensitive data like passwords, short messages, documents etc. In this paper, we study whether cryptography and related techniques are employed in a proper way, in order to protect these private data. To this end, we downloaded 49 Android applications from the Google Play marketplace and performed static and dynamic analysis in an attempt to detect possible cryptographic misuses. The results showed that 87.8 % of the applications present some kind of misuse, while for the rest of them no cryptography usage was detected during the analysis. Finally, we suggest countermeasures, mainly intended for developers, to alleviate the issues identified by the analysis

Designing and generating prototype for E-Governance based election strategy using biometric authentication and smart card device

Not availabl

A HIGH SPEED VLSI ARCHITECTURE FOR DIGITAL SPEECH WATERMARKING WITH COMPRESSION

The need to provide a copy right protection on digital watermarking to multimedia data like speech, image or video is rapidly increasing with an intensification in the application in these areas. Digital watermarking has received a lot of attention in the past few years. A hardware system based solely on DSP processors are fast but may require more area, cost or power if the target application requires a large amount of parallel processing. An FPGA co-processor can provide as many as 550 parallel multiply and accumulate operations on a single device, but FPGAs excel at processing large amounts of data in parallel, as they are not optimized as processors for tasks such as periodic coefficient updates, decision- making control tasks. Combination of both the FPGA and DSP processor delivers an attractive solution for a wide range of applications. A hardware implementation of digital speech watermarking combined with speech compression, encryption on heterogeneous platform is made in this paper. It is observed that the proposed architecture is able to attain high speed while utilizing optimal resources in terms of area

Security for the signaling plane of the SIP protocol

VOIP protocols are gaining greater acceptance amongst both users and service providers. This thesis will aim to examine aspects related to the security of signaling plane of the SIP protocol, one of the most widely used VOIP protocols. Firstly, I will analyze the critical issues related to SIP, then move on to discuss both current and possible future solutions, and finally an assessment of the impact on the performance of HTTP digest authentication, IPsec and TLS, the three main methods use

Server-based and server-less BYOD solutions to support electronic learning

Over the past 10 years, bring your own device has become an emerging practice across the commercial landscape and has empowered employees to conduct work-related business from the comfort of their own phone, tablet, or other personal electronic device. Currently in the Department of Defense, and specifically the Department of the Navy, no viable solution exists for the delivery of eLearning content to a service member's personal device that satisfy existing policies. The purpose of this thesis is to explore two potential solutions: a server-based method and a server-less method, both of which would allow Marines and Sailors to access eLearning course material by way of their personal devices. This thesis will test the feasibility and functionality of our server-based and server-less solutions by implementing a basic proof of concept for each. The intent is to provide a baseline from which further research and development can be conducted, and to demonstrate how these solutions present a low-risk environment that preserves government network security while still serving as a professional military education force multiplier. Both solutions, while demonstrated with limited prototypes, have the potential to finally introduce bring your own device into the Department of the Navy's eLearning realm.http://archive.org/details/serverbasedndser1094549343Captain, United States Marine CorpsCaptain, United States Marine CorpsApproved for public release; distribution is unlimited

Awareness and adoption of university smart card: The case of UUM

Smart cards are widely used for several applications. Education environments offer the best opportunities for the adoption of smart cards technology.Therefore, this study is interested to assess the awareness and adoption towards the current and future of smart card applications in university.The study focused on Universiti Utara Malaysia (UUM) since UUM was the pioneer adopter and implementer of smart card among universities in Malaysia.This study was conducted to identify the awareness and adoption of the current applications of university smart cards. Additionally, this study distinguished respondents’ preferences for future applications of university smart cards in order to optimize the adoption process.Data were gathered through questionnaires that have been distributed to the UUM staffs.All the collected data were analyzed using descriptive analysis.Results have shown that most of the respondents were aware of the smart card applications and identified which application that is the most aware of. The results have shown that respondents were aware and adopt similar applications.Nevertheless, even though the respondents were aware of the smart card applications, they do not fully adopt and use them.This study has also identified what applications that respondents prefer to be enhanced and continued in the future smart card

A survey of IoT security based on a layered architecture of sensing and data analysis

The Internet of Things (IoT) is leading today’s digital transformation. Relying on a combination of technologies, protocols, and devices such as wireless sensors and newly developed wearable and implanted sensors, IoT is changing every aspect of daily life, especially recent applications in digital healthcare. IoT incorporates various kinds of hardware, communication protocols, and services. This IoT diversity can be viewed as a double-edged sword that provides comfort to users but can lead also to a large number of security threats and attacks. In this survey paper, a new compacted and optimized architecture for IoT is proposed based on five layers. Likewise, we propose a new classification of security threats and attacks based on new IoT architecture. The IoT architecture involves a physical perception layer, a network and protocol layer, a transport layer, an application layer, and a data and cloud services layer. First, the physical sensing layer incorporates the basic hardware used by IoT. Second, we highlight the various network and protocol technologies employed by IoT, and review the security threats and solutions. Transport protocols are exhibited and the security threats against them are discussed while providing common solutions. Then, the application layer involves application protocols and lightweight encryption algorithms for IoT. Finally, in the data and cloud services layer, the main important security features of IoT cloud platforms are addressed, involving confidentiality, integrity, authorization, authentication, and encryption protocols. The paper is concluded by presenting the open research issues and future directions towards securing IoT, including the lack of standardized lightweight encryption algorithms, the use of machine-learning algorithms to enhance security and the related challenges, the use of Blockchain to address security challenges in IoT, and the implications of IoT deployment in 5G and beyond

NETWORK TRAFFIC CHARACTERIZATION AND INTRUSION DETECTION IN BUILDING AUTOMATION SYSTEMS

The goal of this research was threefold: (1) to learn the operational trends and behaviors of a realworld building automation system (BAS) network for creating building device models to detect anomalous behaviors and attacks, (2) to design a framework for evaluating BA device security from both the device and network perspectives, and (3) to leverage new sources of building automation device documentation for developing robust network security rules for BAS intrusion detection systems (IDSs). These goals were achieved in three phases, first through the detailed longitudinal study and characterization of a real university campus building automation network (BAN) and with the application of machine learning techniques on field level traffic for anomaly detection. Next, through the systematization of literature in the BAS security domain to analyze cross protocol device vulnerabilities, attacks, and defenses for uncovering research gaps as the foundational basis of our proposed BA device security evaluation framework. Then, to evaluate our proposed framework the largest multiprotocol BAS testbed discussed in the literature was built and several side-channel vulnerabilities and software/firmware shortcomings were exposed. Finally, through the development of a semi-automated specification gathering, device documentation extracting, IDS rule generating framework that leveraged PICS files and BIM models.Ph.D

A Simple Cast-as-Intended E-Voting Protocol by Using Secure Smart Cards

We propose a simple cast-as-intended remote e-voting protocol where the security is based on the use of secure (and trusted) smart cards that incorporate incard numeric keyboards and LCD displays, and can perform a limited number of cryptographic operations (like encryption, signing, and random number generation). The protocol, while very simple, is significantly more secure (in the sense of ``cast-as-intended\u27\u27) and convenient to use than the e-voting protocol currently used in Norway. The protocol is developed primarily with the idea of deploying it in Estonia within the next $3$ to $10$ years. Since in Estonia, a vast majority of the population already has ID-cards with digital signing and authentication functionality, and the use of ID-cards is a required prerequisite to participate in Estonian e-voting anyway, our assumption of every voter having a secure hardware token makes sense in this concrete context