Security in Pervasive Computing: Current Status and Open Issues

Million of wireless device users are ever on the move, becoming more dependent on their PDAs, smart phones, and other handheld devices. With the advancement of pervasive computing, new and unique capabilities are available to aid mobile societies. The wireless nature of these devices has fostered a new era of mobility. Thousands of pervasive devices are able to arbitrarily join and leave a network, creating a nomadic environment known as a pervasive ad hoc network. However, mobile devices have vulnerabilities, and some are proving to be challenging. Security in pervasive computing is the most critical challenge. Security is needed to ensure exact and accurate confidentiality, integrity, authentication, and access control, to name a few. Security for mobile devices, though still in its infancy, has drawn the attention of various researchers. As pervasive devices become incorporated in our day-to-day lives, security will increasingly becoming a common concern for all users - - though for most it will be an afterthought, like many other computing functions. The usability and expansion of pervasive computing applications depends greatly on the security and reliability provided by the applications. At this critical juncture, security research is growing. This paper examines the recent trends and forward thinking investigation in several fields of security, along with a brief history of previous accomplishments in the corresponding areas. Some open issues have been discussed for further investigation

Comments on Five Smart Card Based Password Authentication Protocols

In this paper, we use the ten security requirements proposed by Liao et al. for a smart card based authentication protocol to examine five recent work in this area. After analyses, we found that the protocols of Juang et al.'s , Hsiang et al.'s, Kim et al.'s, and Li et al.'s all suffer from offline password guessing attack if the smart card is lost, and the protocol of Xu et al.'s is subjected to an insider impersonation attack.Comment: 4 pages

A cooperative cellular and broadcast conditional access system for Pay-TV systems

This is the author's accepted manuscript. The final published article is available from the link below. Copyright @ 2009 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other users, including reprinting/ republishing this material for advertising or promotional purposes, creating new collective works for resale or redistribution to servers or lists, or reuse of any copyrighted components of this work in other works.The lack of interoperability between Pay-TV service providers and a horizontally integrated business transaction model have compromised the competition in the Pay-TV market. In addition, the lack of interactivity with customers has resulted in high churn rate and improper security measures have contributed into considerable business loss. These issues are the main cause of high operational costs and subscription fees in the Pay-TV systems. As a result, this paper presents the Mobile Conditional Access System (MICAS) as an end-to-end access control solution for Pay-TV systems. It incorporates the mobile and broadcasting systems and provides a platform whereby service providers can effectively interact with their customers, personalize their services and adopt appropriate security measurements. This would result in the decrease of operating expenses and increase of customers' satisfaction in the system. The paper provides an overview of state-of-the-art conditional access solutions followed by detailed description of design, reference model implementation and analysis of possible MICAS security architectures.Strategy & Technology (S&T) Lt

State of Alaska Election Security Project Phase 2 Report

A laska’s election system is among the most secure in the country, and it has a number of safeguards other states are now adopting. But the technology Alaska uses to record and count votes could be improved— and the state’s huge size, limited road system, and scattered communities also create special challenges for insuring the integrity of the vote. In this second phase of an ongoing study of Alaska’s election security, we recommend ways of strengthening the system—not only the technology but also the election procedures. The lieutenant governor and the Division of Elections asked the University of Alaska Anchorage to do this evaluation, which began in September 2007.Lieutenant Governor Sean Parnell. State of Alaska Division of Elections.List of Appendices / Glossary / Study Team / Acknowledgments / Introduction / Summary of Recommendations / Part 1 Defense in Depth / Part 2 Fortification of Systems / Part 3 Confidence in Outcomes / Conclusions / Proposed Statement of Work for Phase 3: Implementation / Reference

Present State and Future Directions of Digital Payments System: A Historical and Bibliographic Examination

Purpose: The purpose of this research is to conduct a bibliographic analysis of digital payment systems.   Theoretical framework:  The digital payments system is a technologically advanced payment system that enables individuals, businesses, and nations to become self-sufficient, contactless, and tap-less when conducting transactions. Understanding the significance of the digital payment system is crucial.  There remains much to investigate and discover.   Design/methodology/approach:  The using of an academic search method on the Scopus database, a bibliometric study of 714 publications on digital payment systems from the year 2000 to 2022 was conducted. For this experiment, we made use of Biblioshiny, an R-based web application available in the Bibliometrix package. We were able to identify significant publications, authors, nations, and article themes by using the software's automatic technique. We studied the citations, co-citations, and social networks.   Findings:  The results were able to identify significant publications, authors, nations, and article themes by using the software's automatic technique. We studied the citations, co-citations, and social networks. The statistics revealed that the number of publications increased gradually in the early years, followed by a sharp rise between the years 2005 and 2022. These years correspond to the political attempts to recover from the 2008 global financial crisis. India conducts the most significant scientific research in this field, followed by United States and China.   Research, Practical & Social implications:  This study not only identifies the research fields in digital payment systems, but also identifies the central key themes with possible research directions, in the area of electronic money, mobile money, authentication, security, Internet of things, blockchain, FinTech, mobile banking and Covid – 19.   Originality/value:  The findings of this study may be used by policymakers to inform the design of digital payment systems, policy initiatives, and other policy measures. Banking, financial planning, and investment management professionals would understand the rising concerns completely. Therefore, researchers, practitioners, and policymakers will use the current literature while doing fresh research on the Payments system's strengths and weaknesses

Payment Terminal Emulator

Atualmente, os pagamentos em dinheiro estão a tornar-se menos populares. No entanto, poucas pessoas conhecem a complexidade que se encontra por detrás da inserção do cartão no terminal PoS (ponto de venda), introdução do PIN e recolha do recibo). Esse processo de pagamento é implementado pelas empresas FinTech, que fornecem aos bancos e comerciantes terminais PoS prontos para uso. A fase mais cara e demorada da integração da solução de pagamento é a certificação do software do terminal. Neste trabalho, consideramos o protocolo de comunicação entre um cartão inteligente e um terminal PoS baseado nas especificações internacional EMV (Europay Mastercard Visa), juntamente com suas vulnerabilidades conhecidas. Para melhorar o processo de certificação numa empresa FinTech em Portugal, um software independente foi sugerido para emulação do fluxo de pagamento de EMV completo. Neste trabalho, apresentamos os detalhes sobre a implementação da aplicação 3C Emulator.Nowadays, cash payments are becoming less popular and few understand, what a complicated process stands behind the habitual inserting the card into PoS (Point-of-Sale) terminal. This payment process are implemented by FinTech companies, that provide banks and merchants with ready-to-use PoS terminals. And the most expensive and time-consuming phase of payment solution integration is is the certification of terminal software. In this work we consider communication protocol between a smart card and a PoS terminal based on EMV (Europay Mastercard Visa) international standard, together with its known vulnerabilities. In order to improve the certification process in one Portuguese FinTech company, standalone software for emulation of full EMV transaction workflow is suggested. We present details about implementation of 3C Emulator application

Enhanced three-factor security protocol for consumer USB mass storage devices

The Universal Serial Bus (USB) is an extremely popular interface standard for computer peripheral connections and is widely used in consumer Mass Storage Devices (MSDs). While current consumer USB MSDs provide relatively high transmission speed and are convenient to carry, the use of USB MSDs has been prohibited in many commercial and everyday environments primarily due to security concerns. Security protocols have been previously proposed and a recent approach for the USB MSDs is to utilize multi-factor authentication. This paper proposes significant enhancements to the three-factor control protocol that now makes it secure under many types of attacks including the password guessing attack, the denial-of-service attack, and the replay attack. The proposed solution is presented with a rigorous security analysis and practical computational cost analysis to demonstrate the usefulness of this new security protocol for consumer USB MSDs