Security in Context-aware Mobile Business Applications

The support of location computation on mobile devices (e.g. mobile phones, PDAs) has enabled the development of context-aware and especially location-aware applications (e.g. Restaurant Finder, Friend Finder) which are becoming the new trend for future software applications. However, fears regarding security and privacy are the biggest barriers against their success. Especially, mobile users are afraid of the possible threats against their private identity and personal data. Within the M-Business research group at the University of Mannheim, various security and privacy aspects of context-aware mobile business applications are examined in this thesis. After providing a detailed introduction to context-aware applications, the security challenges of context-aware applications from the perspectives of different principals (i.e. mobile users, the broker, service providers) are analyzed. The privacy aspects, the challenges, the threats and legal directives regarding user privacy are explained and illustrated by real-life examples. The user-centric security architectures integrated within context-aware applications are introduced as anonymity and mobile identity management solutions. The M-Business security architecture providing security components for communication security, dynamic policy-based anonymity, secure storage on mobile devices, identity management for mobile users and cryptography libraries is explained in detail. The LaCoDa compiler which automatically generates final Java code from high level specifications of security protocols is introduced as a software-centric solution for preventing developer-specific security bugs in applications

Dynamic Mobile Anonymity with Mixing

Staying anonymous and not revealing real identity is highly desired in today's mobile business. Especially generic frameworks for different kinds of context-aware mobile business applications should provide communication anonymity of mobile users as a core security feature. For enabling communication anonymity, Mix-net based solutions are widely accepted and used. But directly deploying existing Mix-net clients on mobile devices with limited hardware capacity is not a realistic approach. In addition, different anonymity sensitivities of both applications and users require to enforce anonymity dynamically rather than on a fixed level. In this paper, we present an approach towards a solution that addresses the specific anonymity challenges in mobile business while exploiting the benefits of existing Mix-net frameworks

DR BACA: dynamic role based access control for Android

Thesis (M.S.)--Boston UniversityAndroid, as an open platform, dominates the booming mobile market. However, its permission mechanism is inflexible and often results in over-privileged applications. This in turn creates severe security issues. Aiming to support the Principle of Least Privilege, we propose a Dynamic Role Based Access Control for Android (DR BACA) model and implement the DR BACA system to address these problems. Our system offers multi-user management on Android mobile devices, comparable to traditional workstations, and provides fine-grained Role Based Access Control (RBAC) to en- hance Android security at both the application and permission level. Moreover, by leveraging context-aware capabilities of mobile devices and Near Field communication (NFC) technology, our solution supports dynamic RBAC that provides more flexible access control while still being able to mitigate some of the most serious security risks on mobile devices. The DR BACA system is highly scalable, suitable for both end- users and large business environments. It simplifies configuration and management of Android devices and can help enterprises to deal with security issues by implementing a uniform security policy. We show that our DR BACA system can be deployed and used with eet:se. With a proper security policy, our evaluation shows that DR BACA can effectively mitigate the security risks posed by both malicious and vulnerable non-malicious applications while incurring only a small overall system overhead

Surveillance and Securing the Mobile information on Context based approach

Abstract:-Context based Mobile Information Catalog Surveillance is a mobile phone based communication application.The Short Message Service (SMS) allows text-based messages to be send from mobile telephones on a GSM network. .Many applications need the ability to do real-time notification when events occur. Often the people who need to be kept aware of events are in a remote location. Here the same is to giving the notification to the user when ever they want to communicate with their mobile virtually.To find the contact log from the Android mobile devices whenever we required the contact and change the profile mode of the device for our convenient. This application proved to get the recent call logs details when you sent a message to the device. Then you may want to see contact list those which are think from your mind alphabetical contacts you can get from your mobile. And you change the profile mode for your mobile and if you want Switch off your mobile you can. It is used on Business point of view surveillance and Security. Real time example if the user forgot his mobile at his home and context is very important to access the last moment data received by his mobile. Here context is nothing but the surrounding situation. If you need business point of view you need to access the last moment message otherwise to access the recent call logs which may be important or you need to access the contacts in alphabetical order. In that situation you need to give a privacy to your mobile device you can change your mobile to change the profile mode or to lock the screen. If suppose in your mobile is in silent mode you need anybody to want to access your mobile in your mobile surroundings you can change the mobile device into the normal mode. DOI: 10.17762/ijritcc2321-8169.15031

Middleware Technologies for Cloud of Things - a survey

The next wave of communication and applications rely on the new services provided by Internet of Things which is becoming an important aspect in human and machines future. The IoT services are a key solution for providing smart environments in homes, buildings and cities. In the era of a massive number of connected things and objects with a high grow rate, several challenges have been raised such as management, aggregation and storage for big produced data. In order to tackle some of these issues, cloud computing emerged to IoT as Cloud of Things (CoT) which provides virtually unlimited cloud services to enhance the large scale IoT platforms. There are several factors to be considered in design and implementation of a CoT platform. One of the most important and challenging problems is the heterogeneity of different objects. This problem can be addressed by deploying suitable "Middleware". Middleware sits between things and applications that make a reliable platform for communication among things with different interfaces, operating systems, and architectures. The main aim of this paper is to study the middleware technologies for CoT. Toward this end, we first present the main features and characteristics of middlewares. Next we study different architecture styles and service domains. Then we presents several middlewares that are suitable for CoT based platforms and lastly a list of current challenges and issues in design of CoT based middlewares is discussed.Comment: http://www.sciencedirect.com/science/article/pii/S2352864817301268, Digital Communications and Networks, Elsevier (2017

Middleware Technologies for Cloud of Things - a survey

The next wave of communication and applications rely on the new services provided by Internet of Things which is becoming an important aspect in human and machines future. The IoT services are a key solution for providing smart environments in homes, buildings and cities. In the era of a massive number of connected things and objects with a high grow rate, several challenges have been raised such as management, aggregation and storage for big produced data. In order to tackle some of these issues, cloud computing emerged to IoT as Cloud of Things (CoT) which provides virtually unlimited cloud services to enhance the large scale IoT platforms. There are several factors to be considered in design and implementation of a CoT platform. One of the most important and challenging problems is the heterogeneity of different objects. This problem can be addressed by deploying suitable "Middleware". Middleware sits between things and applications that make a reliable platform for communication among things with different interfaces, operating systems, and architectures. The main aim of this paper is to study the middleware technologies for CoT. Toward this end, we first present the main features and characteristics of middlewares. Next we study different architecture styles and service domains. Then we presents several middlewares that are suitable for CoT based platforms and lastly a list of current challenges and issues in design of CoT based middlewares is discussed.Comment: http://www.sciencedirect.com/science/article/pii/S2352864817301268, Digital Communications and Networks, Elsevier (2017

Modeling IoT-aware Business Processes - A State of the Art Report

This research report presents an analysis of the state of the art of modeling Internet of Things (IoT)-aware business processes. IOT links the physical world to the digital world. Traditionally, we would find information about events and processes in the physical world in the digital world entered by humans and humans using this information to control the physical world. In the IoT paradigm, the physical world is equipped with sensors and actuators to create a direct link with the digital world. Business processes are used to coordinate a complex environment including multiple actors for a common goal, typically in the context of administrative work. In the past few years, we have seen research efforts on the possibilities to model IoT- aware business processes, extending process coordination to real world entities directly. This set of research efforts is relatively small when compared to the overall research effort into the IoT and much of the work is still in the early research stage. To create a basis for a bridge between IoT and BPM, the goal of this report is to collect and analyze the state of the art of existing frameworks for modeling IoT-aware business processes.Comment: 42 page

Management and Service-aware Networking Architectures (MANA) for Future Internet Position Paper: System Functions, Capabilities and Requirements

Future Internet (FI) research and development threads have recently been gaining momentum all over the world and as such the international race to create a new generation Internet is in full swing: GENI, Asia Future Internet, Future Internet Forum Korea, European Union Future Internet Assembly (FIA). This is a position paper identifying the research orientation with a time horizon of 10 years, together with the key challenges for the capabilities in the Management and Service-aware Networking Architectures (MANA) part of the Future Internet (FI) allowing for parallel and federated Internet(s)

Technical considerations towards mobile user QoE enhancement via Cloud interaction

This paper discusses technical considerations of a Cloud infrastructure which interacts with mobile devices in order to migrate part of the computational overhead from the mobile device to the Cloud. The aim of the interaction between the mobile device and the Cloud is the enhancement of parameters that affect the Quality of Experience (QoE) of the mobile end user through the offloading of computational aspects of demanding applications. This paper shows that mobile user’s QoE can be potentially enhanced by offloading computational tasks to the Cloud which incorporates a predictive context-aware mechanism to schedule delivery of content to the mobile end-user using a low-cost interaction model between the Cloud and the mobile user. With respect to the proposed enhancements, both the technical considerations of the cloud infrastructure are examined, as well as the interaction between the mobile device and the Cloud

Context Aware Adaptable Applications - A global approach

Actual applications (mostly component based) requirements cannot be expressed without a ubiquitous and mobile part for end-users as well as for M2M applications (Machine to Machine). Such an evolution implies context management in order to evaluate the consequences of the mobility and corresponding mechanisms to adapt or to be adapted to the new environment. Applications are then qualified as context aware applications. This first part of this paper presents an overview of context and its management by application adaptation. This part starts by a definition and proposes a model for the context. It also presents various techniques to adapt applications to the context: from self-adaptation to supervised approached. The second part is an overview of architectures for adaptable applications. It focuses on platforms based solutions and shows information flows between application, platform and context. Finally it makes a synthesis proposition with a platform for adaptable context-aware applications called Kalimucho. Then we present implementations tools for software components and a dataflow models in order to implement the Kalimucho platform