Privacy, security, and trust issues in smart environments

Recent advances in networking, handheld computing and sensor technologies have driven forward research towards the realisation of Mark Weiser's dream of calm and ubiquitous computing (variously called pervasive computing, ambient computing, active spaces, the disappearing computer or context-aware computing). In turn, this has led to the emergence of smart environments as one significant facet of research in this domain. A smart environment, or space, is a region of the real world that is extensively equipped with sensors, actuators and computing components [1]. In effect the smart space becomes a part of a larger information system: with all actions within the space potentially affecting the underlying computer applications, which may themselves affect the space through the actuators. Such smart environments have tremendous potential within many application areas to improve the utility of a space. Consider the potential offered by a smart environment that prolongs the time an elderly or infirm person can live an independent life or the potential offered by a smart environment that supports vicarious learning

Security Issues in mGovernment

E-government is one of the most rapidly evolving service domains in the contemporary information society. Many governments have already developed and provided e-government services to businesses and citizens. Nowadays actors in the government domain attempt to take the next step and exploit the latest wireless technologies in order to provide ubiquitous services for mobile users. However, this approach involves some hidden risks mainly due to the inherent insecurity of the air medium and the vulnerabilities of the wireless systems. Thus, in this paper we investigate the security gaps and considerations which should be taken into account for an m-government system. Finally, we provide a list of security guidelines and policies, which the users of the system should be aware of and follow in order to avoid security attacks

Encrypted CDMA audio network

We present a secure LAN using sound as the physical layer for low speed applications. In particular, we show a real implementation of a point-to-point or point-to-multipoint secure acoustic network, having a short range, consuming a negligible amount of power, and requiring no specific hardware on mobile clients. The present acoustic network provides VPN-like private channels to multiple users sharing the same medium. It is based on Time-hopping CDMA, and makes use of an encrypted Bloom filter. An asymmetrical error-correction is used to supply data integrity, even in the presence of strong interference. Simulations and real experiments show its feasibility. We also provide some theoretical analysis on the principle of operation.Fil: Ortega, Alfredo A.. Instituto Tecnológico de Buenos Aires; ArgentinaFil: Bettachini, Victor. Instituto Tecnológico de Buenos Aires; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; ArgentinaFil: Fierens, Pablo Ignacio. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentina. Instituto Tecnológico de Buenos Aires; ArgentinaFil: Alvarez Hamelin, Jose Ignacio. Instituto Tecnológico de Buenos Aires; Argentina. Consejo Nacional de Investigaciones Científicas y Técnicas; Argentin

Potential Bluetooth vulnerabilities in smartphones

Smartphone vendors have been increasingly integrating Bluetooth technology into their devices to increase accessible and convenience for users. As the current inclination of integrating PDA and telephony increase, the likelihood of sensitive information being stored on such a device is also increased. Potential Bluetooth vulnerabilities could provide alternative means to compromise Bluetooth-enable smartphones, leading to severe data breaches. This paper gives an insight on potential security vulnerabilities in Bluetooth-enabled smartphones and how these vulnerabilities may affect smartphone users. This paper is discussed from the viewpoint of Bluetooth weaknesses and implementation flaws, which includes pairing, weak key storage, key disclosure, key database modification, unit key weaknesses, manipulating sent data, locating tracking, implementation flaws, disclosure of undiscoverable devices, denial of service, device-based authentication, and uncontrolled propagation of Bluetooth waves, as well as Blueprinting and relay attacks

Secret key extraction using Bluetooth wireless signal strength measurements

pre-printBluetooth has found widespread adoption in phones, wireless headsets, stethoscopes, glucose monitors, and oximeters for communication of, at times, very critical information. However, the link keys and encryption keys in Bluetooth are ultimately generated from a short 4 digit PIN, which can be cracked off-line. We develop an alternative for secure communication between Bluetooth devices using the symmetric wireless channel characteristics. Existing approaches to secret key extraction primarily use measurements from a fixed, single channel (e.g., a 20 MHzWiFi channel); however in the presence of heavy WiFi traffic, the packet exchange rate in such approaches can reduce as much as 200. We build and evaluate a new method, which is robust to heavy WiFi traffic, using a very wide bandwidth (B 20 MHz) in conjunction with random frequency hopping. We implement our secret key extraction on two Google Nexus One smartphones and conduct numerous experiments in indoor-hallway and outdoor settings. Using extensive real-world measurements, we show that outdoor settings are best suited for secret key extraction using Bluetooth. We also show that even in the absence of heavy WiFi traffic, the performance of secret key generation using Bluetooth is comparable to that of WiFi while using much lower transmit power

Group Diffie-Hellman Key Exchange Secure against Dictionary Attacks

Group Diffie-Hellman schemes for password-based key exchange are designed to provide a pool of players communicating over a public network, and sharing just a human-memorable password, with a session key (e.g, the key is used for multicast data integrity and confidentiality) . The fundamental security goal to achieve in this scenario is security against dictionary attacks. While solutions have been proposed to solve this problem no formal treatment has ever been suggested. In this paper, we define a security model and then present a protocol with its security proof in both the random oracle model and the ideal-cipher model

Desarrollo de capacidades de defensa y seguridad cibernética

Es poco probable que cuando en EEUU se creó el proyecto de la DARPA (Defense Advanced Research Projects Agency) cuyo fin era buscar e intercambiar información entre los investigadores, científicos y militares, ubicados en distintos sitios distantes hubieran pensado en las dimensiones que hoy tiene Internet. Sin lugar a dudas han sido varios los factores que han permitido el crecimiento de esta gran red: conectividad, prestadoras de internet y dispositivos tales como computadoras, tablet, celulares, etc. Es probable que el Smartphone sea el dispositivo para tener una conexión constante e ininterrumpida a Internet. Muchos de los logros sobre esta red suelen verse empañados por vulnerabilidades que permiten el robo de información que maliciosamente suelen cometerse sobre datos, equipos, etc. Los Smartphone generalmente poseen tecnología Bluetooth, cuya tecnología cobró protagonismo con una sofisticada ciberarma llamada Flame, descubierta por Kaspersky. Una de sus funciones era robar, desde una computadora, información de celulares que pasaban dentro de su rango de cobertura. El crecimiento de ciberarmas está propiciando en distintos países ciberataques a infraestructuras críticas. Por ello es necesario que nuestro país tenga la capacidad de desarrollar ciberamas que permitan contrarrestar este flagelo.Eje: Seguridad InformáticaRed de Universidades con Carreras en Informática (RedUNCI