Managing Mortgage Credit Risk: What Went Wrong With the Subprime and Alt-A Markets?

The purpose of this study is two-fold: first, to explain the demise of subprime and Alt-A mortgage markets in the U.S. from the viewpoint of measuring and managing mortgage credit risk; and secondly, to discuss several policy lessons that can be learned from the market meltdown. To that end, three tiers of mortgage credit models are elaborated, including the scoring (or risk rank-ordering), risk-based pricing, and ¡§sizing¡¨ (or the analytics used in determining subordination levels of credit-sensitive mortgage backed security (MBS) deals) models. Using these as conceptual underpinning, empirical evidence is surveyed to document key contributing factors to the market demise. Those that are identified include the non-availability of reliable mortgage performance data, lack of theory as well as industry best-practices in performing simulation-based mortgage risk assessments, complex and arcane structures of mortgage backed securities, and information asymmetry among the parties involved in the security transactions. The overall conclusion derived is that the participants to these market segments surpass their risk management capabilities in globalizing funding for subprime and Alt-A mortgages. The policy lessons emphasized are the importance of the infrastructure of proper risk assessment and risk-based pricing, as well as prudent and transparent MBS products along with periodic information disclosure.Subprime mortgage; Mortgage-backed securities; Mortgage default; Credit risk management

Authenticated Key Agreement with Rekeying for Secured Body Sensor Networks

Many medical systems are currently equipped with a large number of tiny, non-invasive sensors, located on, or close to, the patient’s body for health monitoring purposes. These groupings of sensors constitute a body sensor network (BSN). Key management is a fundamental service for medical BSN security. It provides and manages the cryptographic keys to enable essential security features such as confidentiality, integrity and authentication. Achieving key agreement in BSNs is a difficult task. Many key agreement schemes lack sensor addition, revocation, and rekeying properties, which are very important. Our proposed protocol circumvents these shortcomings by providing node rekeying properties, as well as node addition and revocation. It proposes a key distribution protocol based on public key cryptography—the RSA (Rivest, Shamir and Adleman) algorithm, and the DHECC (Diffie-Hellman Elliptic Curve Cryptography) algorithm. The proposed protocol does not trust individual sensors, and partially trusts the base station (hospital). Instead of loading full pair-wise keys into each node, after installation our protocol establishes pair-wise keys between nodes according to a specific routing algorithm. In this case, each node doesn’t have to share a key with all of its neighbors, only those involved in the routing path; this plays a key role in increasing the resiliency against node capture attacks and the network storage efficiency. Finally we evaluate our algorithm from the BSN security viewpoint and evaluate its performance in comparison with other proposals

A data taxonomy for adaptive multifactor authentication in the internet of health care things

The health care industry has faced various challenges over the past decade as we move toward a digital future where services and data are available on demand. The systems of interconnected devices, users, data, and working environments are referred to as the Internet of Health Care Things (IoHT). IoHT devices have emerged in the past decade as cost-effective solutions with large scalability capabilities to address the constraints on limited resources. These devices cater to the need for remote health care services outside of physical interactions. However, IoHT security is often overlooked because the devices are quickly deployed and configured as solutions to meet the demands of a heavily saturated industry. During the COVID-19 pandemic, studies have shown that cybercriminals are exploiting the health care industry, and data breaches are targeting user credentials through authentication vulnerabilities. Poor password use and management and the lack of multifactor authentication security posture within IoHT cause a loss of millions according to the IBM reports. Therefore, it is important that health care authentication security moves toward adaptive multifactor authentication (AMFA) to replace the traditional approaches to authentication. We identified a lack of taxonomy for data models that particularly focus on IoHT data architecture to improve the feasibility of AMFA. This viewpoint focuses on identifying key cybersecurity challenges in a theoretical framework for a data model that summarizes the main components of IoHT data. The data are to be used in modalities that are suited for health care users in modern IoHT environments and in response to the COVID-19 pandemic. To establish the data taxonomy, a review of recent IoHT papers was conducted to discuss the related work in IoHT data management and use in next-generation authentication systems. Reports, journal articles, conferences, and white papers were reviewed for IoHT authentication data technologies in relation to the problem statement of remote authentication and user management systems. Only publications written in English from the last decade were included (2012-2022) to identify key issues within the current health care practices and their management of IoHT devices. We discuss the components of the IoHT architecture from the perspective of data management and sensitivity to ensure privacy for all users. The data model addresses the security requirements of IoHT users, environments, and devices toward the automation of AMFA in health care. We found that in health care authentication, the significant threats occurring were related to data breaches owing to weak security options and poor user configuration of IoHT devices. The security requirements of IoHT data architecture and identified impactful methods of cybersecurity for health care devices, data, and their respective attacks are discussed. Data taxonomy provides better understanding, solutions, and improvements of user authentication in remote working environments for security features

A gap analysis of Internet-of-Things platforms

We are experiencing an abundance of Internet-of-Things (IoT) middleware solutions that provide connectivity for sensors and actuators to the Internet. To gain a widespread adoption, these middleware solutions, referred to as platforms, have to meet the expectations of different players in the IoT ecosystem, including device providers, application developers, and end-users, among others. In this article, we evaluate a representative sample of these platforms, both proprietary and open-source, on the basis of their ability to meet the expectations of different IoT users. The evaluation is thus more focused on how ready and usable these platforms are for IoT ecosystem players, rather than on the peculiarities of the underlying technological layers. The evaluation is carried out as a gap analysis of the current IoT landscape with respect to (i) the support for heterogeneous sensing and actuating technologies, (ii) the data ownership and its implications for security and privacy, (iii) data processing and data sharing capabilities, (iv) the support offered to application developers, (v) the completeness of an IoT ecosystem, and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims to highlight the deficiencies of today's solutions to improve their integration to tomorrow's ecosystems. In order to strengthen the finding of our analysis, we conducted a survey among the partners of the Finnish IoT program, counting over 350 experts, to evaluate the most critical issues for the development of future IoT platforms. Based on the results of our analysis and our survey, we conclude this article with a list of recommendations for extending these IoT platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer Communications, special issue on the Internet of Things: Research challenges and solution

Multi-service management in a multi-provider environment

As the spread of digital networks makes access to data communications globally available, the interest of communication service providers is switching away from the provision of these bearer networks and towards the provision of the value added services that will operate over them. At the same time the liberalisation of telecommunication markets is precipitating a dramatic change in the profile of communication service providers. In this complex telecommunications markets the open management, not only of the networks, but of the services themselves will become increasingly important. The large number and diversity of roles of the market players makes the management of inter-organisational relationships fundamentally important to the management of services. The ITU's series of recommendations on the telecommunication management network (TMN) provides a basis for inter-domain management, however, this and other standards have so far concentrated on the management of individual network components and of networks operated by single organisations. This paper provides an initial example of how the management of multiple services in a complex multi-player market can be modelled using TMN techniques for implementation on existing management platforms. The paper begins by briefly outlining current work in this field before describing aspects of this multi-player multi-service management problem and how they can be modelled and implemented in a real system

A metaobject architecture for fault-tolerant distributed systems : the FRIENDS approach

The FRIENDS system developed at LAAS-CNRS is a metalevel architecture providing libraries of metaobjects for fault tolerance, secure communication, and group-based distributed applications. The use of metaobjects provides a nice separation of concerns between mechanisms and applications. Metaobjects can be used transparently by applications and can be composed according to the needs of a given application, a given architecture, and its underlying properties. In FRIENDS, metaobjects are used recursively to add new properties to applications. They are designed using an object oriented design method and implemented on top of basic system services. This paper describes the FRIENDS software-based architecture, the object-oriented development of metaobjects, the experiments that we have done, and summarizes the advantages and drawbacks of a metaobject approach for building fault-tolerant system

Identifying attack surfaces in the evolving space industry using reference architectures

The space environment is currently undergoing a substantial change and many new entrants to the market are deploying devices, satellites and systems in space; this evolution has been termed as NewSpace. The change is complicated by technological developments such as deploying machine learning based autonomous space systems and the Internet of Space Things (IoST). In the IoST, space systems will rely on satellite-to-x communication and interactions with wider aspects of the ground segment to a greater degree than existing systems. Such developments will inevitably lead to a change in the cyber security threat landscape of space systems. Inevitably, there will be a greater number of attack vectors for adversaries to exploit, and previously infeasible threats can be realised, and thus require mitigation. In this paper, we present a reference architecture (RA) that can be used to abstractly model in situ applications of this new space landscape. The RA specifies high-level system components and their interactions. By instantiating the RA for two scenarios we demonstrate how to analyse the attack surface using attack trees

Towards a Layered Architectural View for Security Analysis in SCADA Systems

Supervisory Control and Data Acquisition (SCADA) systems support and control the operation of many critical infrastructures that our society depend on, such as power grids. Since SCADA systems become a target for cyber attacks and the potential impact of a successful attack could lead to disastrous consequences in the physical world, ensuring the security of these systems is of vital importance. A fundamental prerequisite to securing a SCADA system is a clear understanding and a consistent view of its architecture. However, because of the complexity and scale of SCADA systems, this is challenging to acquire. In this paper, we propose a layered architectural view for SCADA systems, which aims at building a common ground among stakeholders and supporting the implementation of security analysis. In order to manage the complexity and scale, we define four interrelated architectural layers, and uses the concept of viewpoints to focus on a subset of the system. We indicate the applicability of our approach in the context of SCADA system security analysis.Comment: 7 pages, 4 figure