20,980 research outputs found
Secure Identification in Social Wireless Networks
The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices.
The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPPâs Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future
Giving You back Control of Your Data: Digital Signing Practical Issues and the eCert Solution
As technologies develop rapidly, digital signing is commonly used in eDocument security. However, unaddressed issues exist. An eCertificate system represents the problem situation, and therefore is being used as case study, in a project called eCert, to research for the solution. This paper addresses these issues, explores the gap between current tools and the desired system, through analysis of the existing services and eCertificate use cases, and the identified requirements, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future study of solving digital signing issues
Bitcoin: the wrong implementation of the right idea at the right time
This paper is a study into some of the regulatory implications of cryptocurrencies using the CAMPO research framework (Context, Actors, Methods, Methods, Practice, Outcomes). We explain in CAMPO format why virtual currencies are of interest, how self-regulation has failed, and what useful lessons can be learned. We are hopeful that the full paper will produce useful and semi-permanent findings into the usefulness of virtual currencies in general, block chains as a means of mining currency, and the profundity of current âmedia darlingâ currency Bitcoin as compared with the development of block chain generator Ethereum.
While virtual currencies can play a role in creating better trading conditions in virtual communities, despite the risks of non-sovereign issuance and therefore only regulation by code (Brown/Marsden 2013), the methodology used poses significant challenges to researching this âcommunityâ, if BitCoin can even be said to have created a single community, as opposed to enabling an alternate method of exchange for potentially all virtual community transactions. First, BitCoin users have transparency of ownership but anonymity in many transactions, necessary for libertarians or outright criminals in such illicit markets as #SilkRoad. Studying community dynamics is therefore made much more difficult than even such pseudonymous or avatar based communities as Habbo Hotel, World of Warcraft or SecondLife. The ethical implications of studying such communities raise similar problems as those of Tor, Anonymous, Lulzsec and other anonymous hacker communities. Second, the journalistic accounts of BitCoin markets are subject to sensationalism, hype and inaccuracy, even more so than in the earlier hype cycle for SecondLife, exacerbated by the first issue of anonymity. Third, the virtual currency area is subject to slowly emerging regulation by financial authorities and police forces, which appears to be driving much of the early adopter community âundergroundâ. Thus, the community in 2016 may not bear much resemblance to that in 2012. Fourth, there has been relatively little academic empirical study of the community, or indeed of virtual currencies in general, until relatively recently. Fifth, the dynamism of the virtual currency environment in the face of the deepening mistrust of the financial system after the 2008 crisis is such that any research conclusions must by their nature be provisional and transient.
All these challenges, particularly the final three, also raise the motivation for research â an alternative financial system which is separated from the real-world sovereign and which can use code regulation with limited enforcement from offline policing, both returns the study to the libertarian self-regulated environment of early 1990s MUDs, and offers a tantalising prospect of a tool to evade the perils of âprivate profit, socialized riskâ which existing large financial institutions created in the 2008-12 disaster. The need for further research into virtual currencies based on blockchain mining, and for their usage by virtual communities, is thus pressing and should motivate researchers to solve the many problems in methodology for exploring such an environment
SECMACE: Scalable and Robust Identity and Credential Management Infrastructure in Vehicular Communication Systems
Several years of academic and industrial research efforts have converged to a
common understanding on fundamental security building blocks for the upcoming
Vehicular Communication (VC) systems. There is a growing consensus towards
deploying a special-purpose identity and credential management infrastructure,
i.e., a Vehicular Public-Key Infrastructure (VPKI), enabling pseudonymous
authentication, with standardization efforts towards that direction. In spite
of the progress made by standardization bodies (IEEE 1609.2 and ETSI) and
harmonization efforts (Car2Car Communication Consortium (C2C-CC)), significant
questions remain unanswered towards deploying a VPKI. Deep understanding of the
VPKI, a central building block of secure and privacy-preserving VC systems, is
still lacking. This paper contributes to the closing of this gap. We present
SECMACE, a VPKI system, which is compatible with the IEEE 1609.2 and ETSI
standards specifications. We provide a detailed description of our
state-of-the-art VPKI that improves upon existing proposals in terms of
security and privacy protection, and efficiency. SECMACE facilitates
multi-domain operations in the VC systems and enhances user privacy, notably
preventing linking pseudonyms based on timing information and offering
increased protection even against honest-but-curious VPKI entities. We propose
multiple policies for the vehicle-VPKI interactions, based on which and two
large-scale mobility trace datasets, we evaluate the full-blown implementation
of SECMACE. With very little attention on the VPKI performance thus far, our
results reveal that modest computing resources can support a large area of
vehicles with very low delays and the most promising policy in terms of privacy
protection can be supported with moderate overhead.Comment: 14 pages, 9 figures, 10 tables, IEEE Transactions on Intelligent
Transportation System
Defending against Sybil Devices in Crowdsourced Mapping Services
Real-time crowdsourced maps such as Waze provide timely updates on traffic,
congestion, accidents and points of interest. In this paper, we demonstrate how
lack of strong location authentication allows creation of software-based {\em
Sybil devices} that expose crowdsourced map systems to a variety of security
and privacy attacks. Our experiments show that a single Sybil device with
limited resources can cause havoc on Waze, reporting false congestion and
accidents and automatically rerouting user traffic. More importantly, we
describe techniques to generate Sybil devices at scale, creating armies of
virtual vehicles capable of remotely tracking precise movements for large user
populations while avoiding detection. We propose a new approach to defend
against Sybil devices based on {\em co-location edges}, authenticated records
that attest to the one-time physical co-location of a pair of devices. Over
time, co-location edges combine to form large {\em proximity graphs} that
attest to physical interactions between devices, allowing scalable detection of
virtual vehicles. We demonstrate the efficacy of this approach using
large-scale simulations, and discuss how they can be used to dramatically
reduce the impact of attacks against crowdsourced mapping services.Comment: Measure and integratio
- âŠ