Technologies and solutions for location-based services in smart cities: past, present, and future

Location-based services (LBS) in smart cities have drastically altered the way cities operate, giving a new dimension to the life of citizens. LBS rely on location of a device, where proximity estimation remains at its core. The applications of LBS range from social networking and marketing to vehicle-toeverything communications. In many of these applications, there is an increasing need and trend to learn the physical distance between nearby devices. This paper elaborates upon the current needs of proximity estimation in LBS and compares them against the available Localization and Proximity (LP) finding technologies (LP technologies in short). These technologies are compared for their accuracies and performance based on various different parameters, including latency, energy consumption, security, complexity, and throughput. Hereafter, a classification of these technologies, based on various different smart city applications, is presented. Finally, we discuss some emerging LP technologies that enable proximity estimation in LBS and present some future research areas

Security Evaluation of Cyber-Physical Systems in Society- Critical Internet of Things

In this paper, we present evaluation of security awareness of developers and users of cyber-physical systems. Our study includes interviews, workshops, surveys and one practical evaluation. We conducted 15 interviews and conducted survey with 55 respondents coming primarily from industry. Furthermore, we performed practical evaluation of current state of practice for a society-critical application, a commercial vehicle, and reconfirmed our findings discussing an attack vector for an off-line societycritical facility. More work is necessary to increase usage of security strategies, available methods, processes and standards. The security information, currently often insufficient, should be provided in the user manuals of products and services to protect system users. We confirmed it lately when we conducted an additional survey of users, with users feeling as left out in their quest for own security and privacy. Finally, hardware-related security questions begin to come up on the agenda, with a general increase of interest and awareness of hardware contribution to the overall cyber-physical security. At the end of this paper we discuss possible countermeasures for dealing with threats in infrastructures, highlighting the role of authorities in this quest

Security threats from connecting mobile phones to connected vehicles

Abstract. Technical innovations and constantly expanding role of software has made modern cars more like computers than ever before. Software has introduced new features to cars. With the addition of new features, also new sensors have been added as well. Together with connecting user accounts and devices to the vehicle, vehicles have started to gather more and more information on their users. New connective technology has made cars more connected than ever. The large amounts of information that cars now collect can be accessed from all over the globe with the use of internet. It should now be carefully determined whether safety and security measures have kept pace with the influx of these new changes. This research was done as a literary review. Relevant material was collected by using search engines Google, Google Scholar and Scopus. IEEE Explore and Web of Science were used for searching for papers as well as for downloading them. ResearchGate was used for downloading the papers as well. Papers were also chosen by finding relevant papers from already chosen papers’ list of references. Papers were selected based on their relevance to the topic. Papers that were on the topic of vehicle information or electronic security or specifically about vehicle security regarding connections with mobile phones or other connective technology were selected. Cars were originally designed to be closed systems. There are technical weaknesses stemming from this original design idea, that now create holes in the security of connected vehicles. This research divided these threat categories to three parts. The first category is phones themselves. The second one is the threats that come from the main connection between phones and cars which is Bluetooth. The third category is the OBD-II port. Risks from phones come from the relatively fast product cycle they have. Malware also should be taken into consideration. Bluetooth risks come from pairing issues and discoverability, and there are several types of Bluetooth attacks that should be taken into consideration. The threats from OBD-II ports come from the access it gives to the internal network of the vehicle. Problems also rise from the way OBD-II port dongles are designed, as in the worst case their security features can be abysmal. Together with the access that the port provides, it should be critical to correct this issue. All of these threat categories could enable attackers to gain complete access to the vehicle’s systems. They can also collect information from the vehicle or control the vehicle’s different systems like telematics unit, or even go as far as controlling the safety critical systems like steering and braking. The main contribution of this research was presenting several studies that demonstrated reasons why the threat from connecting phones to connected vehicles is real and should be taken very seriously. A valuable contribution was also in showing several sources together on how serious these threats can be and how much control of the vehicle and its data attackers can achieve.Tiivistelmä. Tutkimus käsittelee turvallisuusuhkia, joita aiheutuu puhelimien yhdistämisestä autoihin. Uudet tekniset innovaatiot ja ohjelmiston kasvava rooli ovat tehneet moderneista autoista tietokoneiden kaltaisia. Ohjelmisto on mahdollistanut uusien ominaisuuksien lisäämisen autoihin. Lisäksi autoihin on lisätty myös uudenlaisia sensoreita. Nykyään autoihin voi yhdistää erilaisia käyttäjätilejä ja laitteita, minkä vuoksi autot keräävät käyttäjistään tietoa yhä enenevissä määrin. Autoihin on lisätty myös uudenlaista teknologiaa, jonka vuoksi autojen keräämät isot tietomäärät ovat saavutettavissa mistä tahansa maapallolla. Sen vuoksi olisikin tärkeä määrittää ovatko turvallisuus toimenpiteet pysyneet näiden uusien muutoksien mukana. Tutkimus toteutettiin kirjallisuuskatsauksena. Materiaali tutkimusta varten kerättiin käyttämällä Google, Google Scholar ja Scopus hakukoneita. Lisäksi hakuja tehtiin myös IEEE Explore ja Web of Science sivustoilla, joita käytettiin myös paperien lataamiseen ResearchGate sivuston lisäksi. Materiaalia etsittiin myös jo valmiiksi valittujen julkaisujen lähdeluetteloista. Lähdemateriaaliksi valittiin aiheeseen relevantit julkaisut. Julkaisu valittiin mukaan tutkimukseen, jos sen aiheena oli joko autojen tieto- tai elektroninen turvallisuus, tai se käsitteli nimenomaan autojen ja puhelimien tai autojen ja jonkin muun yhteysteknologian turvallisuutta. Autot suunniteltiin alun perin suljetuiksi järjestelmiksi, mistä aiheutuu turvallisuus uhkia moderneille yhteysteknologiaa sisältäville autoille. Tutkimuksessa uhkat jaettiin kolmeen eri kategoriaan. Ensimmäinen kategoria ovat puhelimet itse. Toinen kategoria on Bluetooth-yhteys, joka on pääasiallinen yhteystapa puhelimien ja autojen välillä. Kolmas kategoria on OBD-II-portti. Puhelimista aiheutuvat riskit tulevat niiden nopeasta tuotesyklistä ja lisäksi haittaohjelmat tulisi myös huomioida. Bluetooth riskit tulevat paritukseen ja löydettävyyteen liittyvistä ongelmista. On olemassa myös useita erilaisia Bluetooth hyökkäyksiä, jotka tulisi ottaa huomioon. OBD-II-porttiin liittyvät uhkat johtuvat siitä, että portista pääsee käsiksi autojen sisäiseen verkkoon. Uhkia aiheutuu myös OBD-II-portteihin liitettävistä lähettimistä ns. dongleista, joiden turvallisuusominaisuudet voivat pahimmassa tapauksessa olla olemattomia. Koska OBD-II-portista pääsee käsiksi autojen sisäiseen verkkoon, on näiden ongelmien korjaaminen äärimmäisen tärkeää. Kaikki nämä kolme uhkakategoriaa voi mahdollistaa sen, että hyökkääjä saa auton järjestelmät täydellisesti haltuunsa. Ne voivat myös mahdollistaa informaation keräämistä autosta tai auton eri järjestelmien kuten telematiikan hallinnoimista. Voi olla jopa mahdollista, että hyökkääjää saa haltuunsa turvallisuuden kannalta kriittisiä järjestelmiä, kuten ohjaus- ja jarrutusjärjestelmät. Tutkimuksen päämerkitys oli koota yhteen useita tutkimuksia, jotka osoittavat miksi puhelimien yhdistäminen yhteysteknologiaa sisältäviin autoihin sisältää uhkia, ja miksi nämä uhkat tulisi ottaa vakavasti. Tutkimus osoitti myös useita lähteitä sille kuinka isoja uhkia nämä voivat olla ja kuinka paljon hyökkääjät voivat saada autoa ja sen dataa hallintaansa

A Test Environment for Wireless Hacking in Domestic IoT Scenarios

Security is gaining importance in the daily life of every citizen. The advent of Internet of Things devices in our lives is changing our conception of being connected through a single device to a multiple connection in which the centre of connection is becoming the devices themselves. This conveys the attack vector for a potential attacker is exponentially increased. This paper presents how the concatenation of several attacks on communication protocols (WiFi, Bluetooth LE, GPS, 433 Mhz and NFC) can lead to undesired situations in a domestic environment. A comprehensive analysis of the protocols with the identification of their weaknesses is provided. Some relevant aspects of the whole attacking procedure have been presented to provide some relevant tips and countermeasures.This work has been partially supported by the Spanish Ministry of Science and Innovation through the SecureEDGE project (PID2019-110565RB-I00), and by the by the Andalusian FEDER 2014-2020 Program through the SAVE project (PY18-3724). // Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. // Funding for open access charge: Universidad de Málaga / CBU

PATH: Person Authentication using Trace Histories

In this paper, a solution to the problem of Active Authentication using trace histories is addressed. Specifically, the task is to perform user verification on mobile devices using historical location traces of the user as a function of time. Considering the movement of a human as a Markovian motion, a modified Hidden Markov Model (HMM)-based solution is proposed. The proposed method, namely the Marginally Smoothed HMM (MSHMM), utilizes the marginal probabilities of location and timing information of the observations to smooth-out the emission probabilities while training. Hence, it can efficiently handle unforeseen observations during the test phase. The verification performance of this method is compared to a sequence matching (SM) method , a Markov Chain-based method (MC) and an HMM with basic Laplace Smoothing (HMM-lap). Experimental results using the location information of the UMD Active Authentication Dataset-02 (UMDAA02) and the GeoLife dataset are presented. The proposed MSHMM method outperforms the compared methods in terms of equal error rate (EER). Additionally, the effects of different parameters on the proposed method are discussed.Comment: 8 pages, 9 figures. Best Paper award at IEEE UEMCON 201

Intrusion Detection in Mobile Phone Systems Using Data Mining Techniques

New security threats emerge against mobile devices as the devices\u27 computing power and storage capabilities evolve. Preventive mechanisms like authentication, encryption alone are not sufficient to provide adequate security for a system. There is a definite need for Intrusion detection systems that will improve security and use fewer resources on the mobile phone. In this work we proposed an intrusion detection method that efficiently detects intrusions in mobile phones using Data Mining techniques. We used network based approach that will remove the overhead processing from the mobile phones. A neural network classifier will be built and trained for each user based on his call logs .An application that runs on smart phone of the user collects certain information of the user and sends them over to the remote server. These logs then fed to the already trained classifier which analyzes the logs and sends back the feedback to the smart phones whenever abnormalities are found. Also we compared different neural classifiers to identify the classifier with better performance. Our results showed clearly the effectiveness of our method to detect intrusions and outperformed existing Intrusion detection methods with 95% detection rate

Implicit Smartphone User Authentication with Sensors and Contextual Machine Learning

Authentication of smartphone users is important because a lot of sensitive data is stored in the smartphone and the smartphone is also used to access various cloud data and services. However, smartphones are easily stolen or co-opted by an attacker. Beyond the initial login, it is highly desirable to re-authenticate end-users who are continuing to access security-critical services and data. Hence, this paper proposes a novel authentication system for implicit, continuous authentication of the smartphone user based on behavioral characteristics, by leveraging the sensors already ubiquitously built into smartphones. We propose novel context-based authentication models to differentiate the legitimate smartphone owner versus other users. We systematically show how to achieve high authentication accuracy with different design alternatives in sensor and feature selection, machine learning techniques, context detection and multiple devices. Our system can achieve excellent authentication performance with 98.1% accuracy with negligible system overhead and less than 2.4% battery consumption.Comment: Published on the IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) 2017. arXiv admin note: substantial text overlap with arXiv:1703.0352

Active User Authentication for Smartphones: A Challenge Data Set and Benchmark Results

In this paper, automated user verification techniques for smartphones are investigated. A unique non-commercial dataset, the University of Maryland Active Authentication Dataset 02 (UMDAA-02) for multi-modal user authentication research is introduced. This paper focuses on three sensors - front camera, touch sensor and location service while providing a general description for other modalities. Benchmark results for face detection, face verification, touch-based user identification and location-based next-place prediction are presented, which indicate that more robust methods fine-tuned to the mobile platform are needed to achieve satisfactory verification accuracy. The dataset will be made available to the research community for promoting additional research.Comment: 8 pages, 12 figures, 6 tables. Best poster award at BTAS 201