Indeterminacy-aware prediction model for authentication in IoT.

The Internet of Things (IoT) has opened a new chapter in data access. It has brought obvious opportunities as well as major security and privacy challenges. Access control is one of the challenges in IoT. This holds true as the existing, conventional access control paradigms do not fit into IoT, thus access control requires more investigation and remains an open issue. IoT has a number of inherent characteristics, including scalability, heterogeneity and dynamism, which hinder access control. While most of the impact of these characteristics have been well studied in the literature, we highlighted “indeterminacy” in authentication as a neglected research issue. This work stresses that an indeterminacy-resilient model for IoT authentication is missing from the literature. According to our findings, indeterminacy consists of at least two facets: “uncertainty” and “ambiguity”. As a result, various relevant theories were studied in this work. Our proposed framework is based on well-known machine learning models and Attribute-Based Access Control (ABAC). To implement and evaluate our framework, we first generate datasets, in which the location of the users is a main dataset attribute, with the aim to analyse the role of user mobility in the performance of the prediction models. Next, multiple classification algorithms were used with our datasets in order to build our best-fit prediction models. Our results suggest that our prediction models are able to determine the class of the authentication requests while considering both the uncertainty and ambiguity in the IoT system

Reliable and secure low energy sensed spectrum communication for time critical cloud computing applications

Reliability and security of data transmission and access are of paramount importance to enhance the dependability of time critical remote monitoring systems (e.g. tele-monitoring patients, surveillance of smart grid components). Potential failures for data transmissions include wireless channel unavailability and delays due to the interruptions. Reliable data transmission demands seamless channel availability with minimum delays in spite of interruptions (e.g. fading, denial-of-service attacks). Secure data transmissions require sensed data to be transmitted over unreliable wireless channels with sucient security using suitable encryption techniques. The transmitted data are stored in secure cloud repositories. Potential failures for data access include unsuccessful user authentications due to mis-management of digital identities and insucient permissions to authorize situation specic data access requests. Reliable and secure data access requires robust user authentication and context-dependent authorization to fulll situation specic data utility needs in cloud repositories. The work herein seeks to enhance the dependability of time critical remote monitoring applications, by reducing these failure conditions which may degrade the reliability and security of data transmission or access. As a result of an extensive literature survey, in order to achieve the above said security and reliability, the following areas have been selected for further investigations. The enhancement of opportunistic transmissions in cognitive radio networks to provide greater channel availability as opposed to xed spectrum allocations in conventional wireless networks. Delay sensitive channel access methods to ensure seamless connectivity in spite of multiple interruptions in cognitive radio networks. Energy ecient encryption and route selection mechanisms to enhance both secure and reliable data transmissions. Trustworthy digital identity management in cloud platforms which can facilitate ecient user authentication to ensure reliable access to the sensed remote monitoring data. Context-aware authorizations to reliably handle the exible situation specic data access requests. Main contributions of this thesis include a novel trust metric to select non-malicious cooperative spectrum sensing users to reliably detect vacant channels, a reliable delaysensitive cognitive radio spectrum hand-o management method for seamless connectivity and an energy-aware physical unclonable function based encryption key size selection method for secure data transmission. Furthermore, a trust based identity provider selection method for user authentications and a reliable context-aware situation specic authorization method are developed for more reliable and secure date access in cloud repositories. In conclusion, these contributions can holistically contribute to mitigate the above mentioned failure conditions to achieve the intended dependability of the timecritical remote monitoring applications

Access Control In and For the Real World

Access control is a core component of any information-security strategy. Researchers have spent tremendous energy over the past forty years defining abstract access-control models and proving various properties about them. However, surprisingly little attention has been paid to how well these models work in real socio-technical systems (i.e., real human organizations). This dissertation describes the results of two qualitative studies (involving 52 participants from four companies, drawn from the financial, software, and healthcare sectors) and observes that the current practice of access control is dysfunctional at best. It diagnoses the broken assumptions that are at the heart of this dysfunction, and offers a new definition of the access-control problem that is grounded in the requirements and limitations of the real world

Granular Data Access Control with a Patient-Centric Policy Update for Healthcare

Healthcare is a multi-actor environment that requires independent actors to have a different view of the same data, hence leading to different access rights. Ciphertext Policy-Attribute-based Encryption (CP-ABE) provides a one-to-many access control mechanism by defining an attribute’s policy over ciphertext. Although, all users satisfying the policy are given access to the same data, this limits its usage in the provision of hierarchical access control and in situations where different users/actors need to have granular access of the data. Moreover, most of the existing CP-ABE schemes either provide static access control or in certain cases the policy update is computationally intensive involving all non-revoked users to actively participate. Aiming to tackle both the challenges, this paper proposes a patient-centric multi message CP-ABE scheme with efficient policy update. Firstly, a general overview of the system architecture implementing the proposed access control mechanism is presented. Thereafter, for enforcing access control a concrete cryptographic construction is proposed and implemented/tested over the physiological data gathered from a healthcare sensor: shimmer sensor. The experiment results reveal that the proposed construction has constant computational cost in both encryption and decryption operations and generates constant size ciphertext for both the original policy and its update parameters. Moreover, the scheme is proven to be selectively secure in the random oracle model under the q-Bilinear Diffie Hellman Exponent (q-BDHE) assumption. Performance analysis of the scheme depicts promising results for practical real-world healthcare applications

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse

Bioinspired metaheuristic algorithms for global optimization

This paper presents concise comparison study of newly developed bioinspired algorithms for global optimization problems. Three different metaheuristic techniques, namely Accelerated Particle Swarm Optimization (APSO), Firefly Algorithm (FA), and Grey Wolf Optimizer (GWO) are investigated and implemented in Matlab environment. These methods are compared on four unimodal and multimodal nonlinear functions in order to find global optimum values. Computational results indicate that GWO outperforms other intelligent techniques, and that all aforementioned algorithms can be successfully used for optimization of continuous functions

Experimental Evaluation of Growing and Pruning Hyper Basis Function Neural Networks Trained with Extended Information Filter

In this paper we test Extended Information Filter (EIF) for sequential training of Hyper Basis Function Neural Networks with growing and pruning ability (HBF-GP). The HBF neuron allows different scaling of input dimensions to provide better generalization property when dealing with complex nonlinear problems in engineering practice. The main intuition behind HBF is in generalization of Gaussian type of neuron that applies Mahalanobis-like distance as a distance metrics between input training sample and prototype vector. We exploit concept of neuron’s significance and allow growing and pruning of HBF neurons during sequential learning process. From engineer’s perspective, EIF is attractive for training of neural networks because it allows a designer to have scarce initial knowledge of the system/problem. Extensive experimental study shows that HBF neural network trained with EIF achieves same prediction error and compactness of network topology when compared to EKF, but without the need to know initial state uncertainty, which is its main advantage over EKF