A context‐aware approach to defend against unauthorized reading and relay attacks in RFID systems

Radio frequency identification (RFID) systems are becoming increasingly ubiquitous in both public and private domains. However, because of the inherent weaknesses of underlying wireless radio communications, RFID systems are plagued with a wide variety of security and privacy threats. A large number of these threats arise because of the tag's promiscuous response to any reader requests. This renders sensitive tag information easily subject to unauthorized reading . Promiscuous tag response also incites different forms of relay attacks whereby a malicious colluding pair, relaying messages between a tag and a reader, can successfully impersonate the tag without actually possessing it. Because of the increasing ubiquity of RFID devices, there is a pressing need for the development of security primitives and protocols to defeat unauthorized reading and relay attacks. However, currently deployed or proposed solutions often fail to satisfy the constraints and requirements of the underlying RFID applications in terms of (one or more of) efficiency, security, and usability. This paper proposes a novel research direction, one that utilizes sensing technologies, to tackle the problems of unauthorized reading and relay attacks with a goal of reconciling the requirements of efficiency, security, and usability. The premise of the proposed work is based on a current technological advancement that enables many RFID tags with low‐cost sensing capabilities. The on‐board tag sensors will be used to acquire useful contextual information about the tag's environment (or its owner, or the tag itself). For defense against unauthorized reading and relay attacks, such context information can be leveraged in two ways. First, contextual information can be used to design context‐aware selective unlocking mechanisms so that tags can selectively respond to reader interrogations and thus minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information can be used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers. Copyright © 2011 John Wiley & Sons, Ltd. This paper proposes a novel research direction, one that utilizes sensing technologies to tackle the challenging problems of unauthorized reading and relay attacks in radio frequency identification systems. First, contextual information is used to design context‐aware selective unlocking mechanisms, so that tags can selectively respond to reader interrogations and, thus, minimize the likelihood of unauthorized reading and “ghost‐and‐leech” relay attacks. Second, contextual information is used as a basis for context‐aware secure transaction verification to defend against special types of relay attacks involving malicious readers.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/109577/1/sec404.pd

PrivacEye: Privacy-Preserving Head-Mounted Eye Tracking Using Egocentric Scene Image and Eye Movement Features

Eyewear devices, such as augmented reality displays, increasingly integrate eye tracking but the first-person camera required to map a user's gaze to the visual scene can pose a significant threat to user and bystander privacy. We present PrivacEye, a method to detect privacy-sensitive everyday situations and automatically enable and disable the eye tracker's first-person camera using a mechanical shutter. To close the shutter in privacy-sensitive situations, the method uses a deep representation of the first-person video combined with rich features that encode users' eye movements. To open the shutter without visual input, PrivacEye detects changes in users' eye movements alone to gauge changes in the "privacy level" of the current situation. We evaluate our method on a first-person video dataset recorded in daily life situations of 17 participants, annotated by themselves for privacy sensitivity, and show that our method is effective in preserving privacy in this challenging setting.Comment: 10 pages, 6 figures, supplementary materia

THaW publications

In 2013, the National Science Foundation\u27s Secure and Trustworthy Cyberspace program awarded a Frontier grant to a consortium of four institutions, led by Dartmouth College, to enable trustworthy cybersystems for health and wellness. As of this writing, the Trustworthy Health and Wellness (THaW) project\u27s bibliography includes more than 130 significant publications produced with support from the THaW grant; these publications document the progress made on many fronts by the THaW research team. The collection includes dissertations, theses, journal papers, conference papers, workshop contributions and more. The bibliography is organized as a Zotero library, which provides ready access to citation materials and abstracts and associates each work with a URL where it may be found, cluster (category), several content tags, and a brief annotation summarizing the work\u27s contribution. For more information about THaW, visit thaw.org

EdgeSense: Edge-Mediated Spatial-Temporal Crowdsensing

Edge computing recently is increasingly popular due to the growth of data size and the need of sensing with the reduced center. Based on Edge computing architecture, we propose a novel crowdsensing framework called Edge-Mediated Spatial-Temporal Crowdsensing. This algorithm targets on receiving the environment information such as air pollution, temperature, and traffic flow in some parts of the goal area, and does not aggregate sensor data with its location information. Specifically, EdgeSense works on top of a secured peer-To-peer network consisted of participants and propose a novel Decentralized Spatial-Temporal Crowdsensing framework based on Parallelized Stochastic Gradient Descent. To approximate the sensing data in each part of the target area in each sensing cycle, EdgeSense uses the local sensor data in participants\u27 mobile devices to learn the low-rank characteristic and then recovers the sensing data from it. We evaluate the EdgeSense on the real-world data sets (temperature [1] and PM2.5 [2] data sets), where our algorithm can achieve low error in approximation and also can compete with the baseline algorithm which is designed using centralized and aggregated mechanism

The survey on Near Field Communication

PubMed ID: 26057043Near Field Communication (NFC) is an emerging short-range wireless communication technology that offers great and varied promise in services such as payment, ticketing, gaming, crowd sourcing, voting, navigation, and many others. NFC technology enables the integration of services from a wide range of applications into one single smartphone. NFC technology has emerged recently, and consequently not much academic data are available yet, although the number of academic research studies carried out in the past two years has already surpassed the total number of the prior works combined. This paper presents the concept of NFC technology in a holistic approach from different perspectives, including hardware improvement and optimization, communication essentials and standards, applications, secure elements, privacy and security, usability analysis, and ecosystem and business issues. Further research opportunities in terms of the academic and business points of view are also explored and discussed at the end of each section. This comprehensive survey will be a valuable guide for researchers and academicians, as well as for business in the NFC technology and ecosystem.Publisher's Versio

Performance Evaluation of Mobile Sensor for Context Awareness User Authentication

With the increase of smart devices and their capacities, their use for different services have also increased. As much as this is an advantage, it has posed additional risks because of the confidential information stored on them. This has increased the need for additional security on these systems. Most of the methods used for user authentication pose certain drawbacks that are either easy to circumvent or cumbersome to use. As a result, multi-level means of authentication is needed to improve the security of mobile devices. Sensors are playing a vital role in the mobile ecosystem to enhance different services. These sensors can be leveraged upon as a solution for user authentication. This research analyzed and evaluated different mobile device sensors for continuous and transparent user authentication. The mobile data used includes gyroscope, accelerometer, linear accelerometer, proximity, gravity, and magnetometer sensors’ data. Using a Feedforward Neural network for data classification after extracting features from the different sensors available in the mobile device; the most effective was selected by evaluating performance of the different sensors. The best sensor, the accelerometer was further experimented on. The experiment showed that smartphone accelerometer sensor exhibits sufficient discriminability, stability, and reliability for active and continuous authentication, by achieving a performance of 6.55% for the best overall EER.With the increase of smart devices and their capacities, their use for different services have also increased. As much as this is an advantage, it has posed additional risks because of the confidential information stored on them. This has increased the need for additional security on these systems. Most of the methods used for user authentication pose certain drawbacks that are either easy to circumvent or cumbersome to use. As a result, multi-level means of authentication is needed to improve the security of mobile devices. Sensors are playing a vital role in the mobile ecosystem to enhance different services. These sensors can be leveraged upon as a solution for user authentication. This research analyzed and evaluated different mobile device sensors for continuous and transparent user authentication. The mobile data used includes gyroscope, accelerometer, linear accelerometer, proximity, gravity, and magnetometer sensors’ data. Using a Feedforward Neural network for data classification after extracting features from the different sensors available in the mobile device; the most effective was selected by evaluating performance of the different sensors. The best sensor, the accelerometer was further experimented on. The experiment showed that smartphone accelerometer sensor exhibits sufficient discriminability, stability, and reliability for active and continuous authentication, by achieving a performance of 6.55% for the best overall EER