On the security of an anonymous roaming protocol in UMTS mobile networks

In this communication, we first show that the privacy-preserving roaming protocol recently proposed for mobile networks cannot achieve the claimed security level. Then we suggest an improved protocol to remedy its security problems

MAN-IN-THE-MIDDLE-ATTACK: UNDERSTANDING IN SIMPLE WORDS

These days cyber-attack is a serious criminal offense and it is a hot debated issue moreover. A man-in-the-middle-attack is a kind of cyberattack where an unapproved outsider enters into an online correspondence between two users, remains escaped the two parties. The malware that is in the middle-attack often monitors and changes individual/classified information that was just realized by the two users. A man-in-the-middle-attack as a protocol is subjected to an outsider inside the system, which can access, read and change secret information without keeping any tress of manipulation. This issue is intense, and most of the cryptographic systems without having a decent authentication security are threatened to be hacked by the malware named ‘men-in-the-middle-attack’ (MITM/MIM). This paper essentially includes the view of understanding the term of ‘men-in-the-middle-attack’; the current work is mainly emphasized to accumulate related data/information in a single article so that it can be a reference to conduct research further on this topic at college/undergraduate level. This paper likewise audits most cited research and survey articles on ‘man-in-the-middle-attack’ recorded on 'Google Scholar'. The motivation behind this paper is to help the readers for understanding and familiarizing the topic 'man-in-the-middle attack'

QoS-Aware Frequency-Based 4G+Relative Authentication Model for Next Generation LTE and Its Dependent Public Safety Networks

Increasing demands for high-speed broadband wireless communications with voice over long term evolution (LTE), video on demand, multimedia, and mission-critical applications for public safety motivate 4th-generation (4G) and 5G communication development. The flat IP-based LTE and LTE-Advanced technologies are the expected key drivers for 5G. However, LTE, with its elapsed security mechanism and open nature, leaves a huge loophole for intruders to jeopardize the entire communication network. The timeand bandwidth-consuming authentication procedure in LTE leads to service disruptions and makes it unfit for public safety applications. To cater the prevailing LTE security and service requirements, we propose the 4G plus relative authentication model (4G+RAM), which is composed of two dependent protocols: 1) Privacy-protected evolved packet system authentication and key agreement protocol for the initial authentication (PEPS-AKA) and 2) 4G plus frequency-based re-authentication protocol for the re-authentication of known and frequent users (4G+FRP). The 4G+RAM supports seamless communication with a minimum signaling load on core elements and conceals users' permanent identifiers to ensure user privacy. We simulate the proposed protocols for formal security verification with the widely accepted automated validation of Internet security protocols and applications tool. A comparative analysis of bandwidth consumption is also performed and proved that the proposed 4G+RAM outperforms the existing solutions

RFID: Prospects for Europe: Item-level Tagging and Public Transportation

This report, which is part of the COMPLETE series of studies, investigates the current and future competitiveness of the European industry in RFID applications in general and in two specific cases: item-level tagging and public transportation. It analyses its constituent technologies, drivers and barriers to growth, actual and potential markets and economic impacts, the industrial position and innovative capabilities, and it concludes with policy implicationsJRC.DDG.J.4-Information Societ

Cyber-Physical Threat Intelligence for Critical Infrastructures Security

Modern critical infrastructures comprise of many interconnected cyber and physical assets, and as such are large scale cyber-physical systems. Hence, the conventional approach of securing these infrastructures by addressing cyber security and physical security separately is no longer effective. Rather more integrated approaches that address the security of cyber and physical assets at the same time are required. This book presents integrated (i.e. cyber and physical) security approaches and technologies for the critical infrastructures that underpin our societies. Specifically, it introduces advanced techniques for threat detection, risk assessment and security information sharing, based on leading edge technologies like machine learning, security knowledge modelling, IoT security and distributed ledger infrastructures. Likewise, it presets how established security technologies like Security Information and Event Management (SIEM), pen-testing, vulnerability assessment and security data analytics can be used in the context of integrated Critical Infrastructure Protection. The novel methods and techniques of the book are exemplified in case studies involving critical infrastructures in four industrial sectors, namely finance, healthcare, energy and communications. The peculiarities of critical infrastructure protection in each one of these sectors is discussed and addressed based on sector-specific solutions. The advent of the fourth industrial revolution (Industry 4.0) is expected to increase the cyber-physical nature of critical infrastructures as well as their interconnection in the scope of sectorial and cross-sector value chains. Therefore, the demand for solutions that foster the interplay between cyber and physical security, and enable Cyber-Physical Threat Intelligence is likely to explode. In this book, we have shed light on the structure of such integrated security systems, as well as on the technologies that will underpin their operation. We hope that Security and Critical Infrastructure Protection stakeholders will find the book useful when planning their future security strategies

Personalised privacy in pervasive and ubiquitous systems

Our world is edging closer to the realisation of pervasive systems and their integration in our everyday life. While pervasive systems are capable of offering many benefits for everyone, the amount and quality of personal information that becomes available raise concerns about maintaining user privacy and create a real need to reform existing privacy practices and provide appropriate safeguards for the user of pervasive environments. This thesis presents the PERSOnalised Negotiation, Identity Selection and Management (PersoNISM) system; a comprehensive approach to privacy protection in pervasive environments using context aware dynamic personalisation and behaviour learning. The aim of the PersoNISM system is twofold: to provide the user with a comprehensive set of privacy protecting tools and to help them make the best use of these tools according to their privacy needs. The PersoNISM system allows users to: a) configure the terms and conditions of data disclosure through the process of privacy policy negotiation, which addresses the current “take it or leave it” approach; b) use multiple identities to interact with pervasive services to avoid the accumulation of vast amounts of personal information in a single user profile; and c) selectively disclose information based on the type of information, who requests it, under what context, for what purpose and how the information will be treated. The PersoNISM system learns user privacy preferences by monitoring the behaviour of the user and uses them to personalise and/or automate the decision making processes in order to unburden the user from manually controlling these complex mechanisms. The PersoNISM system has been designed, implemented, demonstrated and evaluated during three EU funded projects

Actas da 10ª Conferência sobre Redes de Computadores

Universidade do MinhoCCTCCentro AlgoritmiCisco SystemsIEEE Portugal Sectio

Leverage viral growth inherent in mobile peer-to-peer telematics to strategic advantage

Thesis (M.B.A.)--Massachusetts Institute of Technology, Sloan School of Management; and, (S.M.)--Massachusetts Institute of Technology, Dept. of Mechanical Engineering; in conjunction with the Leaders for Manufacturing Program at MIT, 2004.Includes bibliographical references (p. 136-139).Telematics, defined as the vehicle features and services made available through a wireless connection to data or other resources not onboard the vehicle, provides one of the most promising areas of innovation and value creation in the automobile market today. However, up to now the US market has only experienced successful telematics businesses in the quazi-insurance field of Safety and Security. In contrast, Consumer Telematics, defined as the confluence of consumer electronics and vehicle telematics, presents a much more exciting market opportunity. In spite of this, inadequate bandwidth, poor usability, fragmented standards and excessive cost have together created sufficient barriers so as to deter any automakers from entering the market. In this thesis, we argue that the viral growth inherent in Wi-Fi class mobile peer-to-peer (mP2P) telematics presents an opportunity for an automotive OEM with significant marketshare to transcend these barriers, and thus capture significant value from this up-to-now elusive market. To do so, we analyze the proposed business through the filters of technology, value chain, applications and market dynamics in order to craft a comprehensive strategy for entering the market and insuring sustained return through its maturation. The technology analysis both presents the potential benefits and limitations of mP2P as well as likely competitors and substitutes. It suggests that mP2P has a sustainable cost and bandwidth advantage over other architectures. Our examination of the Telematics value chain indicates that the wireless connectivity and IP backhaul segments of the chain are predisposed towards commodization and thus should be outsourced in a manner that retains flexibility to switch carriers and even technologies as the market(cont.) evolves. By segmenting the most promising applications according to their connectivity demands, we plot out how service offerings should evolve in concert with the quality of wireless connectivity and market adoption. Finally, analyzing the market dynamics indicates the critical mass threshold where customer willingness-to-pay exceeds the cost, and thus the trade-offs between investment and strategy necessary for success. We conclude that this critical mass where viral growth ensues exists at only 3-5% market penetration, a target easily achieved by an Automotive OEM with dominant marketshare such as General Motors. The proposed strategy resulting from this analysis endeavors to ensure sustained return by embracing an evolving business model. While initial value is captured through vehicle differentiation, it then shifts to primarily service revenue. Eventually, if the business is successful in garnering widespread adoption, value would eventually be principally derived through hardware licensing and operating system revenue. In the end, the key to success for the OEM is to set aside its traditional ways of doing business in order to leverage the complementary market forces that drive viral growth. Without this, this business is daunting and risky ...by Erik C. Bue.S.M.M.B.A