SensoTrust: trustworthy domains in wireless sensor networks

Wireless sensor networks (WSNs) based on wearable devices are being used in a growing variety of applications, many of them with strict privacy requirements: medical, surveillance, e-Health, and so forth. Since private data is being shared (physiological measures, medical records, etc.), implementing security mechanisms in these networks has become a major challenge. The objective of deploying a trustworthy domain is achieving a nonspecific security mechanism that can be used in a plethora of network topologies and with heterogeneous application requirements. Another very important challenge is resilience. In fact, if a stand-alone and self-configuring WSN is required, an autosetup mechanism is necessary in order to maintain an acceptable level of service in the face of security issues or faulty hardware. This paper presents SensoTrust, a novel security model for WSN based on the definition of trustworthy domains, which is adaptable to a wide range of applications and scenarios where services are published as a way to distribute the acquired data. Security domains can be deployed as an add-on service to merge with any service already deployed, obtaining a new secured service

Platform Embedded Security Technology Revealed

Computer scienc

A novel mechanism for anonymizing Global System for Mobile Communications calls using a resource-based Session Initiation Protocol community network

Considering the widespread adoption of smartphones in mobile communications and the well-established resource sharing use in the networking community, we present a novel mechanism to achieve anonymity in the Global System for Mobile Communications (GSM). We propose a Voice over Internet Protocol infrastructure using the Session Initiation Protocol (SIP) where a smartphone registers on a SIP registrar and can start GSM conversation through another smartphone acting as a GSM gateway, by using a SIP intermediate without an extra cost. The testbed that we developed for empirical evaluation revealed no significant quality of service degradation

Plataforma de gestão M2M

Mestrado em Engenharia de Computadores e TelemáticaThe Internet of Things is still a fast growing area and topic of interest. New solutions and implementations keep emerging, both in service oriented solutions or device oriented solutions with M2M communications, therefore promoting the creation of new business models. Thus, as a natural evolution, came the possibility to abstract sensor management from service creation. Allowing a delegation of sensor management from the sensor providers, to focus on content creation through services. However, this delegation brings new concerns regarding access control. Consequently, this dissertation proposes a possible solution to this problem, enclosed in a service oriented platform interconnected with an ETSI M2M solution. Promoting interoperability between sensors and allowing a great elasticity in service creation.A Internet das Coisas continua a ser uma área em grande crescimento e de grande interesse. Estão constantemente a surgir novas soluções e inplementações, tanto ao nível dos serviços como ao nível das comunicações Máquina-a-Máquina, promovendo assim o aparecimento de novos modelos de negócio. Desta forma surgiu naturalmente a possibilidade de abstrair a gestão de sensores da criação de serviços. Permitindo assim, uma delagação da gestão por parte de empresas detentoras de sensores, para se focarem no conteúdo com a criação de serviços. Contudo esta divisão acarreta algumas preocupações de segurança quanto ao controlo de acesso. Nesse sentido, esta dissertação propõe uma possível solução para o mesmo, englobada numa plataforma orientada ao serviços interligada com uma solução ETSI M2M. Promovendo a interoperabilidade entre sensores e permitindo assim uma grande elasticidade na criação de serviços

A composable approach to design of newer techniques for large-scale denial-of-service attack attribution

Since its early days, the Internet has witnessed not only a phenomenal growth, but also a large number of security attacks, and in recent years, denial-of-service (DoS) attacks have emerged as one of the top threats. The stateless and destination-oriented Internet routing combined with the ability to harness a large number of compromised machines and the relative ease and low costs of launching such attacks has made this a hard problem to address. Additionally, the myriad requirements of scalability, incremental deployment, adequate user privacy protections, and appropriate economic incentives has further complicated the design of DDoS defense mechanisms. While the many research proposals to date have focussed differently on prevention, mitigation, or traceback of DDoS attacks, the lack of a comprehensive approach satisfying the different design criteria for successful attack attribution is indeed disturbing. Our first contribution here has been the design of a composable data model that has helped us represent the various dimensions of the attack attribution problem, particularly the performance attributes of accuracy, effectiveness, speed and overhead, as orthogonal and mutually independent design considerations. We have then designed custom optimizations along each of these dimensions, and have further integrated them into a single composite model, to provide strong performance guarantees. Thus, the proposed model has given us a single framework that can not only address the individual shortcomings of the various known attack attribution techniques, but also provide a more wholesome counter-measure against DDoS attacks. Our second contribution here has been a concrete implementation based on the proposed composable data model, having adopted a graph-theoretic approach to identify and subsequently stitch together individual edge fragments in the Internet graph to reveal the true routing path of any network data packet. The proposed approach has been analyzed through theoretical and experimental evaluation across multiple metrics, including scalability, incremental deployment, speed and efficiency of the distributed algorithm, and finally the total overhead associated with its deployment. We have thereby shown that it is realistically feasible to provide strong performance and scalability guarantees for Internet-wide attack attribution. Our third contribution here has further advanced the state of the art by directly identifying individual path fragments in the Internet graph, having adopted a distributed divide-and-conquer approach employing simple recurrence relations as individual building blocks. A detailed analysis of the proposed approach on real-life Internet topologies with respect to network storage and traffic overhead, has provided a more realistic characterization. Thus, not only does the proposed approach lend well for simplified operations at scale but can also provide robust network-wide performance and security guarantees for Internet-wide attack attribution. Our final contribution here has introduced the notion of anonymity in the overall attack attribution process to significantly broaden its scope. The highly invasive nature of wide-spread data gathering for network traceback continues to violate one of the key principles of Internet use today - the ability to stay anonymous and operate freely without retribution. In this regard, we have successfully reconciled these mutually divergent requirements to make it not only economically feasible and politically viable but also socially acceptable. This work opens up several directions for future research - analysis of existing attack attribution techniques to identify further scope for improvements, incorporation of newer attributes into the design framework of the composable data model abstraction, and finally design of newer attack attribution techniques that comprehensively integrate the various attack prevention, mitigation and traceback techniques in an efficient manner

An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration

The delivery of healthcare relies on the sharing of patients information among a group of healthcare professionals (so-called multidisciplinary teams (MDTs)). At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among MDTs. While it is necessary to provide healthcare professionals with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This thesis highlights the access control matters in collaborative healthcare domain. Focus is mainly on the collaborative activities that are best accomplished by organized MDTs within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment). Initially, we investigate the importance and challenges of effective MDTs treatment, the sharing of patient healthcare records in healthcare delivery, patient data confidentiality and the need for flexible access of the MDTs corresponding to the requirements to fulfill their duties. Also, we discuss access control requirements in the collaborative environment with respect to EHRs and usage scenario of MDTs collaboration. Additionally, we provide summary of existing access control models along with their pros and cons pertaining to collaborative health systems. Second, we present a detailed description of the proposed access control model. In this model, the MDTs is classified based on Belbin’s team role theory to ensure that privileges are provided to the actual needs of healthcare professionals and to guarantee confidentiality as well as protect the privacy of sensitive patient information. Finally, evaluation indicates that our access control model has a number of advantages including flexibility in terms of permission management, since roles and team roles can be updated without updating privilege for every user. Moreover, the level of fine-grained control of access to patient EHRs that can be authorized to healthcare providers is managed and controlled based on the job required to meet the minimum necessary standard and need-to-know principle. Additionally, the model does not add significant administrative and performance overhead.publishedVersio

Like a Bad Neighbor, Hackers Are There: The Need for Data Security Legislation and Cyber Insurance in Light of Increasing FTC Enforcement Actions

Privacy has come to the forefront of the technology world as third party hackers are constantly attacking companies for their customers’ data. With increasing instances of compromised customer information, the Federal Trade Commission (FTC) has been bringing suit against companies for inadequate data security procedures. The FTC’s newfound authority to bring suit regarding cybersecurity breaches, based on the Third Circuit’s decision in FTC v. Wyndham Worldwide Corp., is a result of inaction—Congress has been unable to pass sufficient cybersecurity legislation, causing the FTC to step in and fill the void in regulation. In the absence of congressional action, this self-proclaimed authority is improper. This Note proposes that Congress enact a law giving the FTC actual authority to regulate data breaches. Thereafter, the FTC should use its rulemaking authority to establish procedural data security guidelines for companies to follow; this Note offers procedural guidelines for the FTC to enforce. It is necessary for companies to know how to protect themselves against FTC enforcement actions. As cyber risk is burgeoning, as self-regulation has proven insufficient, and as the FTC is continuously bringing suit against companies for inadequate data security, it is further necessary for companies to obtain stand-alone cyber insurance to protect themselves in the modern marketplace

Managing Identity Management Systems

Although many identity management systems have been proposed, in- tended to improve the security and usability of user authentication, major adoption problems remain. In this thesis we propose a range of novel schemes to address issues acting as barriers to adoption, namely the lack of interoper- ation between systems, simple adoption strategies, and user security within such systems. To enable interoperation, a client-based model is proposed supporting in- terworking between identity management systems. Information Card systems (e.g. CardSpace) are enhanced to enable a user to obtain a security token from an identity provider not supporting Information Cards; such a token, after en- capsulation at the client, can be processed by an Information Card-enabled relying party. The approach involves supporting interoperation at the client, while maximising transparency to identity providers, relying parties and iden- tity selectors. Four specific schemes conforming to the model are described, each of which has been prototyped. These schemes enable interoperation be- tween an Information Card-enabled relying party and an identity provider supporting one of Liberty, Shibboleth, OpenID, or OAuth. To facilitate adoption, novel schemes are proposed that enable Informa- tion Card systems to support password management and single sign on. The schemes do not require any changes to websites, and provide a simple, intu- itive user experience through use of the identity selector interface. They fa- miliarise users with Information Card systems, thereby potentially facilitating their future adoption. To improve user security, an enhancement to Information Card system user authentication is proposed. During user authentication, a one-time pass- word is sent to the user's mobile device which is then entered into the com- puter by the user. Finally, a universal identity management tool is proposed, designed to support a wide range of systems using a single user interface. It provides a consistent user experience, addresses a range of security issues (e.g. phishing), and provides greater user control during authentication.EThOS - Electronic Theses Online ServiceGBUnited Kingdo