24,273 research outputs found

    Practical Schemes For Privacy & Security Enhanced RFID

    Full text link
    Proper privacy protection in RFID systems is important. However, many of the schemes known are impractical, either because they use hash functions instead of the more hardware efficient symmetric encryption schemes as a efficient cryptographic primitive, or because they incur a rather costly key search time penalty at the reader. Moreover, they do not allow for dynamic, fine-grained access control to the tag that cater for more complex usage scenarios. In this paper we investigate such scenarios, and propose a model and corresponding privacy friendly protocols for efficient and fine-grained management of access permissions to tags. In particular we propose an efficient mutual authentication protocol between a tag and a reader that achieves a reasonable level of privacy, using only symmetric key cryptography on the tag, while not requiring a costly key-search algorithm at the reader side. Moreover, our protocol is able to recover from stolen readers.Comment: 18 page

    A gap analysis of Internet-of-Things platforms

    Full text link
    We are experiencing an abundance of Internet-of-Things (IoT) middleware solutions that provide connectivity for sensors and actuators to the Internet. To gain a widespread adoption, these middleware solutions, referred to as platforms, have to meet the expectations of different players in the IoT ecosystem, including device providers, application developers, and end-users, among others. In this article, we evaluate a representative sample of these platforms, both proprietary and open-source, on the basis of their ability to meet the expectations of different IoT users. The evaluation is thus more focused on how ready and usable these platforms are for IoT ecosystem players, rather than on the peculiarities of the underlying technological layers. The evaluation is carried out as a gap analysis of the current IoT landscape with respect to (i) the support for heterogeneous sensing and actuating technologies, (ii) the data ownership and its implications for security and privacy, (iii) data processing and data sharing capabilities, (iv) the support offered to application developers, (v) the completeness of an IoT ecosystem, and (vi) the availability of dedicated IoT marketplaces. The gap analysis aims to highlight the deficiencies of today's solutions to improve their integration to tomorrow's ecosystems. In order to strengthen the finding of our analysis, we conducted a survey among the partners of the Finnish IoT program, counting over 350 experts, to evaluate the most critical issues for the development of future IoT platforms. Based on the results of our analysis and our survey, we conclude this article with a list of recommendations for extending these IoT platforms in order to fill in the gaps.Comment: 15 pages, 4 figures, 3 tables, Accepted for publication in Computer Communications, special issue on the Internet of Things: Research challenges and solution

    The New Grid

    Get PDF
    The New Grid seeks to provide mobile users with an additional method for off-grid communication, or communication without connection to Internet infrastructure. The motivation for this project was to find another alternative to Internet-dependent communication. Current Internet infrastructure is antiquated; it is expensive to maintain and expand, it has numerous vulnerabilities and high-impact points of failure, and can be rendered unusable for lengthy periods of time by natural disasters or other catastrophes. This current grid will eventually need to be replaced by a more modern, scalable, and adaptive infrastructure. The results of the projects research showed that implementing a library to allow for the creation of mobile peer-to-peer mesh networks could serve as a starting point for a transition from current Internet infrastructure to a more scalable, adaptive, and reliable Internet- independent network grid. Development of The New Grid largely followed the Rational Unified Process, in which the development process is split into four phases: requirements gathering, system design, implementation, and testing. Most of fall quarter was spent outlining functional requirements for the system, designing possible methods of implementation, and researching similar solutions that seek to transition mass mobile communication to a newer, more modern network grid. The New Grid differs from similar solutions because it has been implemented as a modular library. Current systems that allow for off-grid mobile connection exist as independent applications with a defined context and predetermined usability scope. We, the design team, found that implementing the system in the form of a modular library has multiple benefits. Primarily, this implementation would allow The New Grid to be deployed as widely as possible. Developers can both write applications around our library as well as include specific modules into existing applications without impacting other modules or introducing additional overhead into a system. Another benefit of deploying the system as a modular library is adaptability. The current, initial stable build of The New Grid uses Bluetooth Low Energy as its backbone for facilitating communication within large networks of mobile devices; however, this library could use any existing or future communication protocol to facilitate connection as long as a hook is written to allow The New Grid to interface with that protocol. Thus, The New Grid is not limited by which connection protocols currently exist, a property that other similar systems do not possess. The New Grid can be used in any application that requires connection between users. The most common applications would likely be messaging, file sharing, or social networking. While developers may find a variety of uses for The New Grid, its primary purpose is to facilitate reliable connection and secure data transfer in an environment with a large user base. Achieving this goal was proven feasible through research and testing the library with a small cluster of Android devices communicating solely with Bluetooth Low Energy. Expanding this group of a few phones to a larger mesh network of hundreds of devices was shown to be feasible through testing the librarys algorithms and protocols on a large network of virtual devices. As long as developers seek to create applications that allow users to communicate independent of Internet infrastructure, The New Grid will allow smartphone users to communicate off-grid and hopefully spur a switch from infrastructure-dependent mobile communication to user-centric, adaptive, and flexible connection

    Decentralized Identity and Access Management Framework for Internet of Things Devices

    Get PDF
    The emerging Internet of Things (IoT) domain is about connecting people and devices and systems together via sensors and actuators, to collect meaningful information from the devices surrounding environment and take actions to enhance productivity and efficiency. The proliferation of IoT devices from around few billion devices today to over 25 billion in the next few years spanning over heterogeneous networks defines a new paradigm shift for many industrial and smart connectivity applications. The existing IoT networks faces a number of operational challenges linked to devices management and the capability of devices’ mutual authentication and authorization. While significant progress has been made in adopting existing connectivity and management frameworks, most of these frameworks are designed to work for unconstrained devices connected in centralized networks. On the other hand, IoT devices are constrained devices with tendency to work and operate in decentralized and peer-to-peer arrangement. This tendency towards peer-to-peer service exchange resulted that many of the existing frameworks fails to address the main challenges faced by the need to offer ownership of devices and the generated data to the actual users. Moreover, the diversified list of devices and offered services impose that more granular access control mechanisms are required to limit the exposure of the devices to external threats and provide finer access control policies under control of the device owner without the need for a middleman. This work addresses these challenges by utilizing the concepts of decentralization introduced in Distributed Ledger (DLT) technologies and capability of automating business flows through smart contracts. The proposed work utilizes the concepts of decentralized identifiers (DIDs) for establishing a decentralized devices identity management framework and exploits Blockchain tokenization through both fungible and non-fungible tokens (NFTs) to build a self-controlled and self-contained access control policy based on capability-based access control model (CapBAC). The defined framework provides a layered approach that builds on identity management as the foundation to enable authentication and authorization processes and establish a mechanism for accounting through the adoption of standardized DLT tokenization structure. The proposed framework is demonstrated through implementing a number of use cases that addresses issues related identity management in industries that suffer losses in billions of dollars due to counterfeiting and lack of global and immutable identity records. The framework extension to support applications for building verifiable data paths in the application layer were addressed through two simple examples. The system has been analyzed in the case of issuing authorization tokens where it is expected that DLT consensus mechanisms will introduce major performance hurdles. A proof of concept emulating establishing concurrent connections to a single device presented no timed-out requests at 200 concurrent connections and a rise in the timed-out requests ratio to 5% at 600 connections. The analysis showed also that a considerable overhead in the data link budget of 10.4% is recorded due to the use of self-contained policy token which is a trade-off between building self-contained access tokens with no middleman and link cost

    Bitproperty

    Full text link
    Property is the law of lists and ledgers. County land records, stock certificate entries, mortgage registries, UCC filings on personal property, United States Copyright and Patent registries of interests in intellectual property, bank accounts, domain name systems, and consumers’ Kindle eBook collections in the cloud — all are merely entries in a list, determining who owns what.Each such list has suffered under a traditional limitation. To prevent falsification or duplication, a single entity must maintain the list, and users must trust (and pay) that entity. As a result, transactions must proceed at significant expense and delay. Yet zero or near-zero expense is the fuel of internet scalability. Until technologies get cheap and fast enough, they cannot benefit from the full power of the internet. Property transactions have not yet truly seen an internet revolution because they are constrained by the cost of creating centralized trusted authorities.This article retheorizes the contours of digital property if that central constraint were removed. There is every reason to believe it can be. A spate of interest in cryptocurrencies has driven the development of a series of technologies for creating public, cryptographically secure ledgers of property interests that do not rely on trust in a specific entity to curate the list. Previously, the digital objects that users could buy and sell online were not rivalrous in the same way as offline physical objects, unless some centralized entity such as a social network, digital currency issuer, or game company served the function of trusted list curator. Trustless public ledgers change this dynamic. Counterparties can hand one another digital, rivalrous objects in the same way that they used to hand each other gold bars or dollar bills. No intermediary or curator is needed.Trustless public ledgers can help to reshape property law online. They offer the kind of near-zero transaction costs that have provoked radical disruptive innovation across the internet. With near-zero transaction costs, online property transactions can finally benefit from the huge scaling effects of internet technologies.In addition, the advent of this disruptive technology provides an opportunity to more deeply theorize property interests in information environments. Property online is anemic. Consumers control few online resources and own even less. This is in no small part due to antiquated notions of property as the law of physical, tangible resources. With the advent of new technology that can create digital, scarce, and rival intangible assets, these basic assumptions should be reexamined, discarded, and replaced with a theory of property as an information communication and storage system. That is the project of this piece

    FinBook: literary content as digital commodity

    Get PDF
    This short essay explains the significance of the FinBook intervention, and invites the reader to participate. We have associated each chapter within this book with a financial robot (FinBot), and created a market whereby book content will be traded with financial securities. As human labour increasingly consists of unstable and uncertain work practices and as algorithms replace people on the virtual trading floors of the worlds markets, we see members of society taking advantage of FinBots to invest and make extra funds. Bots of all kinds are making financial decisions for us, searching online on our behalf to help us invest, to consume products and services. Our contribution to this compilation is to turn the collection of chapters in this book into a dynamic investment portfolio, and thereby play out what might happen to the process of buying and consuming literature in the not-so-distant future. By attaching identities (through QR codes) to each chapter, we create a market in which the chapter can ‘perform’. Our FinBots will trade based on features extracted from the authors’ words in this book: the political, ethical and cultural values embedded in the work, and the extent to which the FinBots share authors’ concerns; and the performance of chapters amongst those human and non-human actors that make up the market, and readership. In short, the FinBook model turns our work and the work of our co-authors into an investment portfolio, mediated by the market and the attention of readers. By creating a digital economy specifically around the content of online texts, our chapter and the FinBook platform aims to challenge the reader to consider how their personal values align them with individual articles, and how these become contested as they perform different value judgements about the financial performance of each chapter and the book as a whole. At the same time, by introducing ‘autonomous’ trading bots, we also explore the different ‘network’ affordances that differ between paper based books that’s scarcity is developed through analogue form, and digital forms of books whose uniqueness is reached through encryption. We thereby speak to wider questions about the conditions of an aggressive market in which algorithms subject cultural and intellectual items – books – to economic parameters, and the increasing ubiquity of data bots as actors in our social, political, economic and cultural lives. We understand that our marketization of literature may be an uncomfortable juxtaposition against the conventionally-imagined way a book is created, enjoyed and shared: it is intended to be

    Tag Ownership Transfer in Radio Frequency Identification Systems: A Survey of Existing Protocols and Open Challenges

    Get PDF
    Radio frequency identification (RFID) is a modern approach to identify and track several assets at once in a supply chain environment. In many RFID applications, tagged items are frequently transferred from one owner to another. Thus, there is a need for secure ownership transfer (OT) protocols that can perform the transfer while, at the same time, protect the privacy of owners. Several protocols have been proposed in an attempt to fulfill this requirement. In this paper, we provide a comprehensive and systematic review of the RFID OT protocols that appeared over the years of 2005-2018. In addition, we compare these protocols based on the security goals which involve their support of OT properties and their resistance to attacks. From the presented comparison, we draw attention to the open issues in this field and provide suggestions for the direction that future research should follow. Furthermore, we suggest a set of guidelines to be considered in the design of new protocols. To the best of our knowledge, this is the first comprehensive survey that reviews the available OT protocols from the early start up to the current state of the art
    • …
    corecore