Security in Context-aware Mobile Business Applications

The support of location computation on mobile devices (e.g. mobile phones, PDAs) has enabled the development of context-aware and especially location-aware applications (e.g. Restaurant Finder, Friend Finder) which are becoming the new trend for future software applications. However, fears regarding security and privacy are the biggest barriers against their success. Especially, mobile users are afraid of the possible threats against their private identity and personal data. Within the M-Business research group at the University of Mannheim, various security and privacy aspects of context-aware mobile business applications are examined in this thesis. After providing a detailed introduction to context-aware applications, the security challenges of context-aware applications from the perspectives of different principals (i.e. mobile users, the broker, service providers) are analyzed. The privacy aspects, the challenges, the threats and legal directives regarding user privacy are explained and illustrated by real-life examples. The user-centric security architectures integrated within context-aware applications are introduced as anonymity and mobile identity management solutions. The M-Business security architecture providing security components for communication security, dynamic policy-based anonymity, secure storage on mobile devices, identity management for mobile users and cryptography libraries is explained in detail. The LaCoDa compiler which automatically generates final Java code from high level specifications of security protocols is introduced as a software-centric solution for preventing developer-specific security bugs in applications

Authorized keyword search over outsourced encrypted data in cloud environment

For better data availability and accessibility while ensuring data secrecy, end-users often tend to outsource their data to the cloud servers in an encrypted form. However, this brings a major challenge to perform the search for some keywords over encrypted content without disclosing any information to unintended entities. This paper proposes a novel expressive authorized keyword search scheme relying on the concept of ciphertext-policy attribute-based encryption. The originality of the proposed scheme is multifold. First, it supports the generic and convenient multi-owner and multi-user scenario, where the encrypted data are outsourced by several data owners and searchable by multiple users. Second, the formal security analysis proves that the proposed scheme is semantically secure against chosen keyword and outsider's keyword guessing attacks. Third, an interactive protocol is introduced which avoids the need of any secure channels between users and service provider. Fourth, due to the concept of bilinear-map accumulator, the system can efficiently revoke users and/or their attributes, and authenticate them prior to launching any expensive search operations. Fifth, conjunctive keyword search is provided thus enabling to search for multiple keywords simultaneously, with minimal cost. Sixth, the performance analysis shows that the proposed scheme outperforms closely-related works

The Design of a Multimedia-Forensic Analysis Tool (M-FAT)

Digital forensics has become a fundamental requirement for law enforcement due to the growing volume of cyber and computer-assisted crime. Whilst existing commercial tools have traditionally focused upon string-based analyses (e.g., regular expressions, keywords), less effort has been placed towards the development of multimedia-based analyses. Within the research community, more focus has been attributed to the analysis of multimedia content; they tend to focus upon highly specialised specific scenarios such as tattoo identification, number plate recognition, suspect face recognition and manual annotation of images. Given the everincreasing volume of multimedia content, it is essential that a holistic Multimedia-Forensic Analysis Tool (M-FAT) is developed to extract, index, analyse the recovered images and provide an investigator with an environment with which to ask more abstract and cognitively challenging questions of the data. This paper proposes such a system, focusing upon a combination of object and facial recognition to provide a robust system. This system will enable investigators to perform a variety of forensic analyses that aid in reducing the time, effort and cognitive load being placed on the investigator to identify relevant evidence

Intranet of the future: functional study, comparison of products and practical implementation

Future intranet: functional study, comparison of products and practical implementation 1. Introduction The project has fulfilled three goals: 1) To perform a study of the functionalities which have to be covered in a modern intranet (web 2.0, unified communication, collaboration, etc) 2) To perform a comparison of tools of the market which can be used to implement intranets (commercial and open source products) 3) To test three of these tools (Oracle WebCenter, Liferay Portal and Microsoft SharePoint) and develop a prototype with Oracle WebCenter. In addition, it includes a research about the evolution of the Intranets among the time, as well as a work to discover the current state of this kind of platforms over the entire world. In this introductory research it is also convenient to include other topics which are not strictly technical involving the use of this Intranet. To be more concrete, there is an analysis of the importance of the human role and management of the Intranet, the process of deploying a new Intranet in an organization and methods to evaluate the performance of this new system.   2. Functional study The approach taken to fulfil this goal is to develop a theoretical model describing the relationship between the Intranet and its users, and a complete set of functionalities which could be covered in the Intranet of the future. These functionalities are categorized in groups. The project describes these groups and the functionalities included on them. 3. Comparison of products The project will describe and compare several technologies which can be used to develop an Intranet that we have previously modelled. The purpose here is to discover the strong points and weaknesses of each technology if it was used to develop the Intranet we desire. After having done such a review, the project focuses on three technologies and performs an extensive evaluation of them. Finally, an extensive comparison between these three technologies is done, highlighting where they offer better solutions and performance compared to the other possibilities. 4. Practical implementation The project focuses on three technologies: Oracle WebCenter, Liferay Portal and Microsoft SharePoint. Then, a prototype which covers a set of functionalities of the modelled Intranet has been built with Oracle WebCenter

Lattice-based Public Key Encryption with Authorized Keyword Search: Construction, Implementation, and Applications

Public key encryption with keyword search (PEKS), formalized by Boneh et al. [EUROCRYPT\u27 04], enables secure searching for specific keywords in the ciphertext. Nevertheless, in certain scenarios, varying user tiers are granted disparate data searching privileges, and administrators need to restrict the searchability of ciphertexts to select users exclusively. To address this concern, Jiang et al. [ACISP\u27 16] devised a variant of PEKS, namely public key encryption with authorized keyword search (PEAKS), wherein solely authorized users possess the ability to conduct targeted keyword searches. Nonetheless, it is vulnerable to resist quantum computing attacks. As a result, research focusing on authorizing users to search for keywords while achieving quantum security is far-reaching. In this work, we present a novel construction, namely lattice-based PEAKS (L-PEAKS), which is the first mechanism to permit the authority to authorize users to search different keyword sets while ensuring quantum-safe properties. Specifically, the keyword is encrypted with a public key, and each authorized user needs to obtain a search privilege from an authority. The authority distributes an authorized token to a user within a time period and the user will generate a trapdoor for any authorized keywords. Technically, we utilize several lattice sampling and basis extension algorithms to fight against attacks from quantum adversaries. Moreover, we leverage identity-based encryption (IBE) to alleviate the bottleneck of public key management. Furthermore, we conduct parameter analysis, rigorous security reduction, and theoretical complexity comparison of our scheme and perform comprehensive evaluations at a commodity machine for completeness. Our L-PEAKS satisfies IND-sID-CKA and T-EUF security and is efficient in terms of space and computation complexity compared to other existing primitives. Finally, we provide two potential applications to show its versatility

A review of the state of the art in privacy and security in the eHealth cloud

The proliferation and usefulness of cloud computing in eHealth demands high levels of security and privacy for health records. However, eHealth clouds pose serious security and privacy concerns for sensitive health data. Therefore, practical and effective methods for security and privacy management are essential to preserve the privacy and security of the data. To review the current research directions in security and privacy in eHealth clouds, this study has analysed and summarized the state of the art technologies and approaches reported in security and privacy in the eHealth cloud. An extensive review covering 132 studies from several peer-reviewed databases such as IEEE Xplore was conducted. The relevant studies were reviewed and summarized in terms of their benefits and risks. This study also compares several research works in the domain of data security requirements. This paper will provide eHealth stakeholders and researchers with extensive knowledge and information on current research trends in the areas of privacy and security

Interactive Web Portal Application for Ambalta School for Children with Autism

Abalta is a school, based in Galway, designed to educate children who suffer from autism. The school was borne out of the identified need for children with autism to get a specific focused education. In July, 2001, four sets of parents came together, using their own personal funds, to establish the school and had it up and running by September, 2001. It took months of hard work, political negotiating, and lobbying, culminating with a high court case to attain funding from the state. In today\u27s Internet-oriented world, a web application is essential for businesses, organiiations and individuals to optimiie their impact on the world: to reach more people, be more efficient, learn more and achieve their goals. As Abalta School is ever expanding, there is an extensive need for a web portal for the school. A web portal will provide the school with a means of sharing information on autism and answering questions that people may have. Currently, when a person requires information, they contact the school and the school principle is the person who answers questions. The principle can spend at any one time, up to an hour answering questions on the telephone, sending brochures to people and explaining the methodologies used by the school. Having a web portal would enable the staff and employees of Abalta to save time and effort by directing people to the web portal where questions can be answered and sought-after information can be found

Privacy and confidentiality issues in cloud computing architectures

Cloud computing is a computing paradigm in which organizations can store their data remotely in the cloud (Internet) and access applications, services and infrastructure on-demand from a shared pool of computing resources. It is clear that cloud technologies have proven a major commercial success over recent years (since the appearance of products and cloud offerings like Amazon EC2 and Microsoft Azure). According to Gardner, Cloud Computing will play a large part in the ICT (Information and Communication Technologies) domain over the next 10 years or more, since it provides cost-savings to enterprises thanks to virtualization technologies, opening gates for new business opportunities as well. However, Cloud Computing has to face several challenges and issues. Storing and processing data out of the boundaries of your company raises security and privacy concerns by itself. Nowadays information is the commodity of XXI century, and certain information can mean power and market advantage. As pointed out by Andreas Weiss, Director of the EuroCloud, in an interview we held with him, data is one of the most important and valuable resource any company has. Therefore, security mechanisms to protect this data are necessary to make the right choices and decisions for the company without worrying about data safety. In the paradigm of Cloud Computing we will have to trust a Cloud Service Provider (CSP), creating an extra dependency to a third party which some customers, depending on the value of their data, will inevitably feel uncomfortable. Outsourcing business data in a place not owned by oneself can scare organizations from using the benefits of Cloud Computing in an optimal way

Security architecture for Fog-To-Cloud continuum system

Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version