Security Implications of Fog Computing on the Internet of Things

Recently, the use of IoT devices and sensors has been rapidly increased which also caused data generation (information and logs), bandwidth usage, and related phenomena to be increased. To our best knowledge, a standard definition for the integration of fog computing with IoT is emerging now. This integration will bring many opportunities for the researchers, especially while building cyber-security related solutions. In this study, we surveyed about the integration of fog computing with IoT and its implications. Our goal was to find out and emphasize problems, specifically security related problems that arise with the employment of fog computing by IoT. According to our findings, although this integration seems to be non-trivial and complicated, it has more benefits than the implications.Comment: 5 pages, conference paper, to appear in Proceedings of the ICCE 2019, IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11- 13, 2019, Las Vegas, NV, US

A Model Architecture to Combat Security Issues in Mobile Commerce

The security of transactions in mobile commerce is moving away from being just an IT concern to being a business concern because of the potential loss of revenue to businesses due to lack of privacy, integrity or confidentiality, system slowdown or downtime. While most security procedures are limited to corporate IT infrastructure, in mobile commerce, issues concerned with transaction security appear to have extended beyond the corporate network to embrace the complete business process. Any lapse in procedures that maintain the confidentiality of data or the violation of privacy could affect corporate image and hence would impact on customer relationships. In turn, any adverse effect on customer relationships would impact negatively on business revenue. In addition to existing security problems in a wired commerce environment, the emergence of mobile devices has renewed calls for addressing security threats to financial transactions. These problems are discussed in this paper as key issues in terms of an organization’s architectural and procedural approaches to the security, reliability and availability of business transactions

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Overview of the Course in “Wireless and Mobile Security”

This paper provides an overview of “Wireless and Mobile Security” course. The course offers practical study of security issues and features concerning wireless security. The program of the course effciently interleaves systematic theoretical knowledge and practical work. The theoretical part of the course includes basic information about the architecture of wireless networks, as well as available in this area to modern standards and protection mechanisms built into the equipment for wireless networks. It is also proposed an effective method for integrating a wireless network with the existing network infrastructure, taking into account all aspects of security. More than 50 percent of teaching time is devoted to practical work on the protection of wireless networks. During the course skills to work with software NetStumbler, Kismet, AirSnort, Aircrack, and other monitoring wireless and network tools will be acquired. Particular attention is paid to the use of the most common tools of audit wireless networks, both commercial, and open source. In conclusion, a comprehensive approach to wireless security will be offered for each wireless technology

First experiences with Personal Networks as an enabling platform for service providers

By developing demonstrators and performing small-scale user trials, we found various opportunities and pitfalls for deploying personal networks (PNs) on a commercial basis. The demonstrators were created using as many as possible legacy devices and proven technologies. They deal with applications in the health sector, home services, tourism, and the transportation sector. This paper describes the various architectures and our experiences with the end users and the technology. We conclude that context awareness, service discovery, and content management are very important in PNs and that a personal network provider role is necessary to realize these functions under the assumptions we made. The PNPay Travel demonstrator suggests that PN service platforms provide an opportunity to develop true trans-sector services

Security awareness by online banking users in Western Australian of phishing attacks

Phishing involves sending e-mails pretending to be from the legitimate financial institutions to recipients and asking for personal information such as username and password. It also redirects network traffic to malicious sites, deny network traffic to web services, and modify protection mechanisms in the targeted computer systems. Consequences of successful attacks can include identity and financial losses, and unauthorised information disclosure. The purpose of this study was to investigate the experiences of Western Australian bank users in using online banking. The study considered the relationship between the background of the Western Australian bank users and their experience in using online banking security. The research analysed phishing through case studies that highlighted some of the experiences of phishing attacks and how to deal with the problems. Emphasis was placed on knowledge of phishing and threats and how they were actually implemented, or may be used, in undermining the security of users’ online banking services. The preferences and perspectives of Western Australian bank users about the deployment of online banking security protection and about future online banking services, in order to safeguard themselves against phishing attacks, are presented. The aim was to assist such Australian bank users through exploring potential solutions and making recommendations arising from this study. Research respondents had positive attitudes towards using online banking. Overall, they were satisfied with the security protection offered by their banks. However, although they believed that they had adequate knowledge of phishing and other online banking threats, their awareness of phishing attacks was not sufficient to protect themselves. Essentially, the respondents who had experienced a phishing attack believed it was due to weak security offered by their banks, rather than understanding that they needed more knowledge about security protection of their personal computers. Further education is required if users are to become fully aware of the need for security within their personal online banking

SYSTEM AND METHOD FOR AUTHENTICATION USING MOBILE DEVICE

The methods and system disclosed in present disclosure is to perform authentication of a user device before provisioning card details in a digital wallet. In present disclosure, user taps user device on mobile device, upon tapping interaction data is sent to user device. The user device further generates cryptogram using interaction data and credentials of user device. The cryptogram generated is sent to server computer, which verifies whether card details can be provisioned by sending token request to token service computer which further sends authentication request to authentication server system. The authentication server system authenticates received cryptogram and generates validation result either to be successful or to be a failure. The validation result is sent to token service system which in turn sends token response to server computer. Further, server computer decides whether to provision and store the card details and the token received based on token response. Finally, result of provisioning is updated to the user through the mobile device. Hence, the method and the system of the present disclosure eases the provisioning process for cardholders by removing the need to manually enter card details or take a photo of the card and provides assurance that the genuine card is in the possession of individual initiating the provisioning request