Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Design of secure mobile payment protocols for restricted connectivity scenarios

The emergence of mobile and wireless networks made posible the extensión of electronic commerce to a new area of research: mobile commerce called m-commerce, which includes mobile payment), that refers to any e-commerce transaction made from a mobile device using wireless networks. Most of the mobile payment systems found in the literatura are based on the full connectivity scenario where all the entities are directly connected one to another but do not support business models with direct communication restrictions between the entities of the system is not a impediment to perform comercial transactions. It is for this reason that mobile payment systems that consider those situations where direct communications between entities of the system is not posible (temporarily or permanently) basically due to the impossibility of one of the entities connected to the Internet are required. In order to solve the current shortage in the scientific world of previous research works that address the problema of on-line payment from mobile devices in connectivity restricted scenarios, in this thesis we propose a set of secure payment protocols (that use both symmetric and non-traditional asymmetric cryptography), which have low computational power requirements, are fit for scenarios with communications restrictions (where at least two of the entities of the system cannot exchange information in a direct way and must do it through another entity) and offer the same security capabilities as those protocols designed for full connectivity scenarios. The proposed protocols are applicable to other types of networks, such as vehicular ad hoc network (VANETs), where services exist which require on-line payment and scenarios with communication restrictions.On the other hand, the implementation (in a multiplatform programming language) of the designed protocols shows that their performance is suitable for devices with limited computational power.Postprint (published version

HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

Examining consumers perceptions on water supply and sanitation services : a case study of Ohlange Township, Durban, South Africa.

Thesis (M.A.)-University of KwaZulu-Natal, Durban, 2008.Governments in many developing countries have stepped up efforts to provide water and sanitation services sustainably to as many people as possible. In some instances, time frames for provision of services to all of their citizens have been set. While these are commendable efforts, the question whether these services are provided efficiently remains unanswered. In South Africa, although the government conducts consumer satisfaction surveys, seldom are citizens consulted for their views. While its efforts have been hailed as a success in the postapartheid era, there have been many obstacles in the supply process. The assumption has been that the government knows what the citizens want and gives it them, irrespective of their concerns. This study interrogated this assumption as its overall research objective, aiming to evaluate whether a supply-driven approach is effective in satisfying the demands of the consumers. As such the study sought to gain insight into the perceptions of Ohlange Township residents in Inanda, Durban, regarding water supply and sanitation services. The study found out that many of these residents could not afford to pay for basic services, although they are currently expected to pay for some of the costs of service provision. However, in a resource-constrained environment, the government can no longer sustainably provide these services without recovering costs. In this case, the government faces the challenge of balancing its constitutional mandate of providing all citizens with basic services and the demand by the poor for improved services they cannot afford. In this case, supply-led delivery system is severely limited in fully addressing consumer demands. This approach also results in poor service delivery due to inefficient resource management. It also disempowers communities because they are not involved in decision-making processes. Based on the study findings, the demand-led approach, one that is consumer-driven, is recommended. This approach puts the consumer at the centre of the delivery of basic services; allows consumers to participate in decision-making processes and encourages them to honour their obligations by paying for the services received. 1

HIV/AIDS health care challenges for cross-country migrants in low- and middle-income countries: a scoping review.

INTRODUCTION: HIV/AIDS has been one of the world's most important health challenges in recent history. The global solidarity in responding to HIV/AIDS through the provision of antiretroviral therapy (ART) and encouraging early screening has been proved successful in saving lives of infected populations in past decades. However, there remain several challenges, one of which is how HIV/AIDS policies keep pace with the growing speed and diversity of migration flows. This study therefore aimed to examine the nature and the extent of HIV/AIDS health services, barriers to care, and epidemic burdens among cross-country migrants in low-and middle-income countries. METHODS: A scoping review was undertaken by gathering evidence from electronic databases and gray literature from the websites of relevant international initiatives. The articles were reviewed according to the defined themes: epidemic burdens of HIV/AIDS, barriers to health services and HIV/AIDS risks, and the operational management of the current health systems for HIV/AIDS. RESULTS: Of the 437 articles selected for an initial screening, 35 were read in full and mapped with the defined research questions. A high HIV/AIDS infection rate was a major concern among cross-country migrants in many regions, in particular sub-Saharan Africa. Despite a large number of studies reported in Africa, fewer studies were found in Asia and Latin America. Barriers of access to HIV/AIDS services comprised inadequate management of guidelines and referral systems, discriminatory attitudes, language differences, unstable legal status, and financial hardship. Though health systems management varied across countries, international partners consistently played a critical role in providing support for HIV/AIDS services to uninsured migrants and refugees. CONCLUSION: It was evident that HIV/AIDS health care problems for migrants were a major concern in many developing nations. However, there was little evidence suggesting if the current health systems effectively addressed those problems or if such management would sustainably function if support from global partners was withdrawn. More in-depth studies were recommended to further explore those knowledge gaps

What is a Blockchain? A Definition to Clarify the Role of the Blockchain in the Internet of Things

The use of the term blockchain is documented for disparate projects, from cryptocurrencies to applications for the Internet of Things (IoT), and many more. The concept of blockchain appears therefore blurred, as it is hard to believe that the same technology can empower applications that have extremely different requirements and exhibit dissimilar performance and security. This position paper elaborates on the theory of distributed systems to advance a clear definition of blockchain that allows us to clarify its role in the IoT. This definition inextricably binds together three elements that, as a whole, provide the blockchain with those unique features that distinguish it from other distributed ledger technologies: immutability, transparency and anonimity. We note however that immutability comes at the expense of remarkable resource consumption, transparency demands no confidentiality and anonymity prevents user identification and registration. This is in stark contrast to the requirements of most IoT applications that are made up of resource constrained devices, whose data need to be kept confidential and users to be clearly known. Building on the proposed definition, we derive new guidelines for selecting the proper distributed ledger technology depending on application requirements and trust models, identifying common pitfalls leading to improper applications of the blockchain. We finally indicate a feasible role of the blockchain for the IoT: myriads of local, IoT transactions can be aggregated off-chain and then be successfully recorded on an external blockchain as a means of public accountability when required

Are RNGs Achilles’ heel of RFID Security and Privacy Protocols ?

Security and privacy concerns have been growing with the increased usage of the RFID technology in our daily lives. To mitigate these issues, numerous privacy-friendly authentication protocols have been published in the last decade. Random number generators (RNGs) are commonly used in RFID tags to provide security and privacy of RFID protocols. RNGs might be weak spot of a protocol scheme and misusing of RNGs causes security and privacy problems. However, having a secure RNG with large entropy might be a trade-off between security and cost for low-cost RFID tags. Furthermore, a RNG used in RFID tag may not work properly in time. Therefore, we claim that vulnerability of using a RNG may deeply influence the security and privacy level of the system. To the best of our knowledge, this concern has not been considered in RFID literature. Motivated by this need, in this study, we first revisit Vaudenay\u27s privacy model which combines the early models and presents a new mature and elegant privacy model with different adversary classes. Then, we enhance the model by introducing a new oracle, which allows analyzing the usage of RNGs in RFID protocols. We also analyze a couple of proposed protocols under our improved model

Security of Ubiquitous Computing Systems

The chapters in this open access book arise out of the EU Cost Action project Cryptacus, the objective of which was to improve and adapt existent cryptanalysis methodologies and tools to the ubiquitous computing framework. The cryptanalysis implemented lies along four axes: cryptographic models, cryptanalysis of building blocks, hardware and software security engineering, and security assessment of real-world systems. The authors are top-class researchers in security and cryptography, and the contributions are of value to researchers and practitioners in these domains. This book is open access under a CC BY license