RF Localization in Indoor Environment

In this paper indoor localization system based on the RF power measurements of the Received Signal Strength (RSS) in WLAN environment is presented. Today, the most viable solution for localization is the RSS fingerprinting based approach, where in order to establish a relationship between RSS values and location, different machine learning approaches are used. The advantage of this approach based on WLAN technology is that it does not need new infrastructure (it reuses already and widely deployed equipment), and the RSS measurement is part of the normal operating mode of wireless equipment. We derive the Cramer-Rao Lower Bound (CRLB) of localization accuracy for RSS measurements. In analysis of the bound we give insight in localization performance and deployment issues of a localization system, which could help designing an efficient localization system. To compare different machine learning approaches we developed a localization system based on an artificial neural network, k-nearest neighbors, probabilistic method based on the Gaussian kernel and the histogram method. We tested the developed system in real world WLAN indoor environment, where realistic RSS measurements were collected. Experimental comparison of the results has been investigated and average location estimation error of around 2 meters was obtained

Lime: Data Lineage in the Malicious Environment

Intentional or unintentional leakage of confidential data is undoubtedly one of the most severe security threats that organizations face in the digital era. The threat now extends to our personal lives: a plethora of personal information is available to social networks and smartphone providers and is indirectly transferred to untrustworthy third party and fourth party applications. In this work, we present a generic data lineage framework LIME for data flow across multiple entities that take two characteristic, principal roles (i.e., owner and consumer). We define the exact security guarantees required by such a data lineage mechanism toward identification of a guilty entity, and identify the simplifying non repudiation and honesty assumptions. We then develop and analyze a novel accountable data transfer protocol between two entities within a malicious environment by building upon oblivious transfer, robust watermarking, and signature primitives. Finally, we perform an experimental evaluation to demonstrate the practicality of our protocol

Privacy in the Smart City - Applications, Technologies, Challenges and Solutions

Many modern cities strive to integrate information technology into every aspect of city life to create so-called smart cities. Smart cities rely on a large number of application areas and technologies to realize complex interactions between citizens, third parties, and city departments. This overwhelming complexity is one reason why holistic privacy protection only rarely enters the picture. A lack of privacy can result in discrimination and social sorting, creating a fundamentally unequal society. To prevent this, we believe that a better understanding of smart cities and their privacy implications is needed. We therefore systematize the application areas, enabling technologies, privacy types, attackers and data sources for the attacks, giving structure to the fuzzy term “smart city”. Based on our taxonomies, we describe existing privacy-enhancing technologies, review the state of the art in real cities around the world, and discuss promising future research directions. Our survey can serve as a reference guide, contributing to the development of privacy-friendly smart cities

DIGITAL RIGHTS MANAGEMENT AND CANADIAN PRIVACY: ALTERNATIVES FOR DIGITAL RIGHTS MANAGEMENT IMPLEMENTATION IN CANADA

Canada has signed, but not ratified, either the World Intellectual Property Organization Copyright Treaty (WCT) or the World Intellectual Property Organization Performances and Phonograms Treaty (WPPT). This thesis examines the current state of privacy and personal data protection law if Digital Rights Management system technologies were legally implemented today in Canada, in compliance with these treaties. This study emphasises in two jurisdictions: Federal and Ontario. It will be demonstrated that functionalities present in Digital Rights Management, like fingerprinting, watermarking and authentication technologies, violate privacy and personal data protection law. The idea to issue a number of alternatives for implementation of Digital Rights Management in the legal and technological fields that could enhance privacy and personal data protection. This thesis concludes that there are alternatives for implementation of Digital Rights Management in Canada that, do not require a direct implementation of the WCT and the WPPT

Unpicking PLAID: a cryptographic analysis of an ISO-standards-track authentication protocol

The Protocol for Lightweight Authentication of Identity (PLAID) aims at secure and private authentication between a smart card and a terminal. Originally developed by a unit of the Australian Department of Human Services for physical and logical access control, PLAID has now been standardized as an Australian standard AS-5185-2010 and is currently in the fast track standardization process for ISO/IEC 25182-1.2. We present a cryptographic evaluation of PLAID. As well as reporting a number of undesirable cryptographic features of the protocol, we show that the privacy properties of PLAID are significantly weaker than claimed: using a variety of techniques we can fingerprint and then later identify cards. These techniques involve a novel application of standard statistical and data analysi

Biometric Technology: The Impact on Privacy

The introduction of biometric technology has resulted in a significant shift, which defies tradition and some of the very values that we cherish as a society. Additionally, there have been numerous recent developments, which have facilitated a fundamental global re-assessment of the safety and security needs of our communities. Other challenges, like the delivery of government-granted social services, have resulted in governments looking for ways to ensure entitlement prior to the provision of finite resources to individuals. As technology is increasing in sophistication, it is being deployed in novel and creative ways to meet some of these new demands. However, where technology collides with individual rights and freedoms, we are required to examine the utilization of technologies to determine whether the use is proportionate to the alleged benefits. We are similarly compelled to decide whether there are less intrusive means to achieving the stated ends. This inquiry is even more relevant in the face of the new, seemingly global employment of biometric technology and the rationale behind governments developing dependence on this new machinery. This paper will examine (i) what biometric technology is, (ii) why it has become so popular, (iii) how biometric technology is being applied in every day use, and, (iv) the advantages and disadvantages of biometric technology. This assessment will occur in the context of the impact that this new technology is having on privacy and the privacy rights of individuals

A survey of secure middleware for the Internet of Things

The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area

Systematic Classification of Side-Channel Attacks: A Case Study for Mobile Devices

Contains fulltext : 187230.pdf (preprint version ) (Open Access