In Things We Trust? Towards trustability in the Internet of Things

This essay discusses the main privacy, security and trustability issues with the Internet of Things

Enhancing trustability in MMOGs environments

Massively Multiplayer Online Games (MMOGs; e.g., World of Warcraft), virtual worlds (VW; e.g., Second Life), social networks (e.g., Facebook) strongly demand for more autonomic, security, and trust mechanisms in a way similar to humans do in the real life world. As known, this is a difficult matter because trusting in humans and organizations depends on the perception and experience of each individual, which is difficult to quantify or measure. In fact, these societal environments lack trust mechanisms similar to those involved in humans-to-human interactions. Besides, interactions mediated by compute devices are constantly evolving, requiring trust mechanisms that keep the pace with the developments and assess risk situations. In VW/MMOGs, it is widely recognized that users develop trust relationships from their in-world interactions with others. However, these trust relationships end up not being represented in the data structures (or databases) of such virtual worlds, though they sometimes appear associated to reputation and recommendation systems. In addition, as far as we know, the user is not provided with a personal trust tool to sustain his/her decision making while he/she interacts with other users in the virtual or game world. In order to solve this problem, as well as those mentioned above, we propose herein a formal representation of these personal trust relationships, which are based on avataravatar interactions. The leading idea is to provide each avatar-impersonated player with a personal trust tool that follows a distributed trust model, i.e., the trust data is distributed over the societal network of a given VW/MMOG. Representing, manipulating, and inferring trust from the user/player point of view certainly is a grand challenge. When someone meets an unknown individual, the question is “Can I trust him/her or not?”. It is clear that this requires the user to have access to a representation of trust about others, but, unless we are using an open source VW/MMOG, it is difficult —not to say unfeasible— to get access to such data. Even, in an open source system, a number of users may refuse to pass information about its friends, acquaintances, or others. Putting together its own data and gathered data obtained from others, the avatar-impersonated player should be able to come across a trust result about its current trustee. For the trust assessment method used in this thesis, we use subjective logic operators and graph search algorithms to undertake such trust inference about the trustee. The proposed trust inference system has been validated using a number of OpenSimulator (opensimulator.org) scenarios, which showed an accuracy increase in evaluating trustability of avatars. Summing up, our proposal aims thus to introduce a trust theory for virtual worlds, its trust assessment metrics (e.g., subjective logic) and trust discovery methods (e.g., graph search methods), on an individual basis, rather than based on usual centralized reputation systems. In particular, and unlike other trust discovery methods, our methods run at interactive rates.MMOGs (Massively Multiplayer Online Games, como por exemplo, World of Warcraft), mundos virtuais (VW, como por exemplo, o Second Life) e redes sociais (como por exemplo, Facebook) necessitam de mecanismos de confiança mais autónomos, capazes de assegurar a segurança e a confiança de uma forma semelhante à que os seres humanos utilizam na vida real. Como se sabe, esta não é uma questão fácil. Porque confiar em seres humanos e ou organizações depende da percepção e da experiência de cada indivíduo, o que é difícil de quantificar ou medir à partida. Na verdade, esses ambientes sociais carecem dos mecanismos de confiança presentes em interacções humanas presenciais. Além disso, as interacções mediadas por dispositivos computacionais estão em constante evolução, necessitando de mecanismos de confiança adequados ao ritmo da evolução para avaliar situações de risco. Em VW/MMOGs, é amplamente reconhecido que os utilizadores desenvolvem relações de confiança a partir das suas interacções no mundo com outros. No entanto, essas relações de confiança acabam por não ser representadas nas estruturas de dados (ou bases de dados) do VW/MMOG específico, embora às vezes apareçam associados à reputação e a sistemas de reputação. Além disso, tanto quanto sabemos, ao utilizador não lhe é facultado nenhum mecanismo que suporte uma ferramenta de confiança individual para sustentar o seu processo de tomada de decisão, enquanto ele interage com outros utilizadores no mundo virtual ou jogo. A fim de resolver este problema, bem como os mencionados acima, propomos nesta tese uma representação formal para essas relações de confiança pessoal, baseada em interacções avatar-avatar. A ideia principal é fornecer a cada jogador representado por um avatar uma ferramenta de confiança pessoal que segue um modelo de confiança distribuída, ou seja, os dados de confiança são distribuídos através da rede social de um determinado VW/MMOG. Representar, manipular e inferir a confiança do ponto de utilizador/jogador, é certamente um grande desafio. Quando alguém encontra um indivíduo desconhecido, a pergunta é “Posso confiar ou não nele?”. É claro que isto requer que o utilizador tenha acesso a uma representação de confiança sobre os outros, mas, a menos que possamos usar uma plataforma VW/MMOG de código aberto, é difícil — para não dizer impossível — obter acesso aos dados gerados pelos utilizadores. Mesmo em sistemas de código aberto, um número de utilizadores pode recusar partilhar informações sobre seus amigos, conhecidos, ou sobre outros. Ao juntar seus próprios dados com os dados obtidos de outros, o utilizador/jogador representado por um avatar deve ser capaz de produzir uma avaliação de confiança sobre o utilizador/jogador com o qual se encontra a interagir. Relativamente ao método de avaliação de confiança empregue nesta tese, utilizamos lógica subjectiva para a representação da confiança, e também operadores lógicos da lógica subjectiva juntamente com algoritmos de procura em grafos para empreender o processo de inferência da confiança relativamente a outro utilizador. O sistema de inferência de confiança proposto foi validado através de um número de cenários Open-Simulator (opensimulator.org), que mostrou um aumento na precisão na avaliação da confiança de avatares. Resumindo, a nossa proposta visa, assim, introduzir uma teoria de confiança para mundos virtuais, conjuntamente com métricas de avaliação de confiança (por exemplo, a lógica subjectiva) e em métodos de procura de caminhos de confiança (com por exemplo, através de métodos de pesquisa em grafos), partindo de uma base individual, em vez de se basear em sistemas habituais de reputação centralizados. Em particular, e ao contrário de outros métodos de determinação do grau de confiança, os nossos métodos são executados em tempo real

Consumer buying behaviour in online legal services

Abstract. Online legal services refer to electronic or digital legal services (in the form of software, apps, web pages, etc.) that can increase common people understanding of legal issues, access to legal information and social participation in legal related matters. By automating tasks traditionally performed only by lawyers and by making legal services available on the Internet, online legal services make the access to justice more affordable and accessible to all. In this modern context, where common consumers have the opportunity buy and use legal services completely on the internet and without the help of a traditional lawyer, it is necessary to investigate how consumers behave when they shop for legal services online. In accordance, the purpose of the research is to understand the consumer buying behaviour in online legal services, based on empirical research, contributing to the literature about online legal services; and to provide managerial implications for legal services companies about how to improve their marketing strategies and build their consumer relationships, based on the empirical findings. Therefore, the study delves into the minds of consumers to uncover their needs, motivations and intentions about online legal services, and it is the first study to investigate the consumer buying behaviour in online legal services. The research is planned focusing on the theories of consumer buying behaviour, technology acceptance and on prior research of online legal services. The empirical research is conducted using a survey questionnaire, employing a mixed-method approach. Brazil was chosen as the field for the research, because it is the world’s fifth-largest country by area and the fifth most populous, where legal services are highly demanded and where online legal services have potential to be widely utilized, although not much is known about the consumer behaviour towards them. The sample studied is 419 potential consumers of online legal services. To process the data, the author makes statistical analysis of each quantitative reply, qualitative thematic content analysis for each qualitative answer, and deeply analyse the final results of the research, developing a framework for the consumer buying behaviour in online legal services. The empirical findings show that the consumers of online legal services behave motivated by Price, Legal problem-solving capability, Convenience (Perceived ease of use), Speed, Safety, Quality and Trustability and that consumers have an overall positive attitude about online legal services, even though negative attitudes were also identified. Utilitarian needs and motivations, behavioural intention, attitude, perceived usefulness, perceived ease of use, information search, evaluation of alternatives, social influence, facilitating conditions, trust, perceived risk, and price value; influence and characterize the buying behaviour in online legal services and lead to the consequent consumer purchase decision. Furthermore, the buying process in online legal services follows the Five-stage buying process, but the consumer might deviate during it, because of, among other reasons, social influence and the lack of trust

Enabling individually entrusted routing security for open and decentralized community networks

Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.Peer ReviewedPostprint (author's final draft

TWallet ARM TrustZone Enabled Trustable Mobile Wallet: A Case for Cryptocurrency Wallets

With the increasing popularity of Blockchains supporting virtual cryptocurrencies it has become more important to have secure devices supporting operations in trustable cryp- tocurrency wallets. These wallets, currently implemented as mobile Apps or components of mobile Apps must be protected from possible intrusion attacks. ARM TrustZone technology has made available an extension of the ARM processor ar- chitecture, allowing for the isolation of trusted and non-trusted execution environments. Critical components and their runtime support can be "booted" and loaded to run in the isolated execution environment, backed by the ARM processor. The ARM TrustZone solution provides the possible enforcement of security and privacy conditions for applica- tions, ensuring the containment of sensitive software components and data-management facilities, isolating them from OS-level intrusion attacks. The idea is that sensitive compo- nents and managed data are executed with a trust computing base supported at hardware and firmware levels, not affected by intrusions against non-protected OS-level runtime components. In this dissertation we propose TWallet: a solution designed as a generic model to sup- port secure and trustable Mobile Client Wallets (implemented as mobile Apps), backed by the ARM TrustZone technology. The objective is to manage local sensitive stored data and processing components in a trust execution environment isolated from the Android OS. We believe that the proposed TWallet framework model can also inspire other specific solutions that can benefit from the isolation of sensitive components in mobile Android Apps. As a proof-of-concept, we used the TWallet framework model to implement a trusted wallet application used as an Ethereum wallet, to operate with the Ethereum Blockchain. To achieve our goals, we also conducted different experimental observations to analyze and validate the solution, with the implemented wallet integrated, tested and validated with the Rinkeby Ethereum Test Network.Com o aumento da popularidade de Blockchains e utilização de sistemas de criptomoedas, tornou-se cada vez mais importante a utilização de dispositivos seguros para suportar aplicações de carteiras móveis (vulgarmente conhecidas por mobile wallets ou mobile cryptowallets). Estas aplicações permitem aos utilizadores uma gestão local, cómoda, confiável e segura de dados e operações integradas com sistemas de Blockchains. Estas carteiras digitais, como aplicações móveis completas ou como componentes de outras aplicações, têm sido desenvolvidas de forma generalizada para diferentes sistemas operativos convencionais, nomeadamente para o sistema operativo Android e para diferentes sistemas de criptomoedas. As wallets devem permitir processar e armazenar informação sensível associada ao controlo das operações realizadas, incluindo gestão e consulta de saldos de criptomoedas, realização e consultas de históricos de movimentos de transações ou consolidação do estado destas operações integradas com as Blockchains remotas. Devem também garantir o controlo seguro e confiável do processamento criptográfico envolvido, bem como a segurança das respetivas chaves criptográficas utilizadas. A Tecnologia ARM TrustZone disponibiliza um conjunto de extensões para as arquiteturas de processadores ARM, possibilitando o isolamento e execução de código num ambiente de execução suportado ao nível do hardware do próprio processador ARM. Isto possibilita que componentes críticos de aplicações ou de sistemas operativos suportados em processadores ARM, possam executar em ambientes isolados com minimização propiciada pelo isolamento da sua Base de Computação Confiável (ou Trusted Computing Base). A execução em ambiente seguro suportado pela solução TrustZone pode oferecer assim um reforço adicional de propriedades de confiabilidade, segurança e privacidade. Isto possibilita isolar componentes e dados críticos de possíveis ataques ou intrusões ao nível do processamento e gestão de memória ou armazenamento suportados pelo sistema operativo ou bibliotecas middleware, como é usual no caso de aplicações móveis, executando em ambiente Android OS ou noutros sistemas operativos de dispositivos móveis. Nesta dissertação propomos a solução TWallet, uma aproximação genérica para suporte de wallets utilizadas como aplicações móveis confiáveis em ambiente Android OS e fortalecidas pela utilização da tecnologia ARM TrustZone. O objetivo é possibilitar o isolamento de dados e componentes sensíveis deste tipo de aplicações, tornando-as mais seguras e confiáveis. Acreditamos que o modelo de desenho e implementação da solução TWallet, visto como uma framework de referência, poderá também ser utilizada no desenvolvimento de outras aplicações móveis em que o isolamento e segurança de componentes e dados críticos são requisitos semelhantes aos endereçados. Este pode ser o caso de aplicações de pagamento móvel, aplicações bancárias na área de mobile banking ou aplicações de bilhética na área vulgarmente chamada como mobile e-ticketing, entre outras. Como prova de conceito, utilizámos a TWallet framework para implementar um protótipo de uma wallet confiável, suportável em Android OS, para gestão de operações e criptomoedas na Blockchain Ethereum. A implementação foi integrada, testada e validada na rede Rinkeby Test Network - uma rede de desenvolvimento e testes utilizada como primeiro estágio de validação de aplicações e componentes para a rede Ethereum em operação real. Para validação da solução TWallet foi realizada uma avaliação experimen- tal. Esta avaliação envolveu a observação de indicadores de operação com verificação e comparação de diferentes métricas de operação e desempenho, bem como de alocação de recursos da aplicação protegida no modelo TWallet, comparando esses mesmo indicadores com o caso da mesma aplicação sem essa proteção

Design practices for SME’s sustainable innovation.

The thesis focuses on an Italian micro-enterprise specialised in woodworking in the building industry, specifically for the manufacture and commercialisation of doors and windows. There are two main challenges: to promote a culture of sustainable innovation, and to design meaningful solutions to deliver and compete in the market. The target market is both at the national and international level. In order to achieve such a goal, the design project develops in three steps: by conducting interviews at the company to identify and define case-SME’s sustainable innovation needs, by conducting desk research to identify and rank existing design methods and tools to then create a new set of tools and processes that allow to propose meaningful solutions to the market. The process results in the creation of two types of outcomes: the first is a design toolkit with processes, methods and tools designed and tailored to better fit with the case-SME’s innovation needs. Specifically, the toolkit consists of a combination of two models, which are the Ten Type of Innovation and Double-Diamond, and a new adaptation of four different tools which are desk Research, Customer Journey Map, Affinity Diagram and Business Model Canvas. The second deliverable results in five new customised innovations to add and bring into the market. Specifically, solutions and innovations belong in the areas of Profit Model, Product System, Service, Brand and Customer Engagement. There are four main impacts that this project has on the company: -Improvement of the company’s offer and the company’s brand. -Growth of the company’s market competitiveness. -Development of the company’s culture of innovation. -Improvement of the company’s sustainable impact. Closing thoughts of this thesis come from a careful reflection of the role of the designer in three different environments: in the design community, businesses and human society

Digital Transformation in Design: Processes and Practices

What does it take to create innovative tech-savvy designs that are usable, appealing, and good for society? The contributions to this volume introduce contemporary research on the digitization and "datafication" of products, exploring topics like user experience, artificial intelligence, and virtual environments in design. Coming from varied backgrounds in product design, interaction design, service design, game design, architecture, and graphic design, they emphasize that digital transformation is not just a technical process, but also a social and learning process that fundamentally changes the way we understand information

Cybersecurity issues in software architectures for innovative services

The recent advances in data center development have been at the basis of the widespread success of the cloud computing paradigm, which is at the basis of models for software based applications and services, which is the "Everything as a Service" (XaaS) model. According to the XaaS model, service of any kind are deployed on demand as cloud based applications, with a great degree of flexibility and a limited need for investments in dedicated hardware and or software components. This approach opens up a lot of opportunities, for instance providing access to complex and widely distributed applications, whose cost and complexity represented in the past a significant entry barrier, also to small or emerging businesses. Unfortunately, networking is now embedded in every service and application, raising several cybersecurity issues related to corruption and leakage of data, unauthorized access, etc. However, new service-oriented architectures are emerging in this context, the so-called services enabler architecture. The aim of these architectures is not only to expose and give the resources to these types of services, but it is also to validate them. The validation includes numerous aspects, from the legal to the infrastructural ones e.g., but above all the cybersecurity threats. A solid threat analysis of the aforementioned architecture is therefore necessary, and this is the main goal of this thesis. This work investigate the security threats of the emerging service enabler architectures, providing proof of concepts for these issues and the solutions too, based on several use-cases implemented in real world scenarios

BIOLOGICAL INSPIRED INTRUSION PREVENTION AND SELF-HEALING SYSTEM FOR CRITICAL SERVICES NETWORK

With the explosive development of the critical services network systems and Internet, the need for networks security systems have become even critical with the enlargement of information technology in everyday life. Intrusion Prevention System (IPS) provides an in-line mechanism focus on identifying and blocking malicious network activity in real time. This thesis presents new intrusion prevention and self-healing system (SH) for critical services network security. The design features of the proposed system are inspired by the human immune system, integrated with pattern recognition nonlinear classification algorithm and machine learning. Firstly, the current intrusions preventions systems, biological innate and adaptive immune systems, autonomic computing and self-healing mechanisms are studied and analyzed. The importance of intrusion prevention system recommends that artificial immune systems (AIS) should incorporate abstraction models from innate, adaptive immune system, pattern recognition, machine learning and self-healing mechanisms to present autonomous IPS system with fast and high accurate detection and prevention performance and survivability for critical services network system. Secondly, specification language, system design, mathematical and computational models for IPS and SH system are established, which are based upon nonlinear classification, prevention predictability trust, analysis, self-adaptation and self-healing algorithms. Finally, the validation of the system carried out by simulation tests, measuring, benchmarking and comparative studies. New benchmarking metrics for detection capabilities, prevention predictability trust and self-healing reliability are introduced as contributions for the IPS and SH system measuring and validation. Using the software system, design theories, AIS features, new nonlinear classification algorithm, and self-healing system show how the use of presented systems can ensure safety for critical services networks and heal the damage caused by intrusion. This autonomous system improves the performance of the current intrusion prevention system and carries on system continuity by using self-healing mechanism