A model and architecture for situation determination

Automatically determining the situation of an ad-hoc group of people and devices within a smart environment is a significant challenge in pervasive computing systems. Current approaches often rely on an environment expert to correlate the situations that occur with the available sensor data, while other machine learning based approaches require long training periods before the system can be used. Furthermore, situations are commonly recognised at a low-level of granularity, which limits the scope of situation-aware applications. This paper presents a novel approach to situation determination that attempts to overcome these issues by providing a reusable library of general situation specifications that can be easily extended to create new specific situations, and immediately deployed without the need of an environment expert. A proposed architecture of an accompanying situation determination middleware is provided, as well as an analysis of a prototype implementation

Towards self-protecting ubiquitous systems : monitoring trust-based interactions

The requirement for spontaneous interaction in ubiquitous computing creates security issues over and above those present in other areas of computing, deeming traditional approaches ineffective. As a result, to support secure collaborations entities must implement self-protective measures. Trust management is a solution well suited to this task as reasoning about future interactions is based on the outcome of past ones. This requires monitoring of interactions as they take place. Such monitoring also allows us to take corrective action when interactions are proceeding unsatisfactorily. In this vein, we first present a trust-based model of interaction based on event structures. We then describe our ongoing work in the development of a monitor architecture which enables self-protective actions to be carried out at critical points during principal interaction. Finally, we discuss some potential directions for future work

A formal model of trust lifecycle management

The rapid development of collaborative environments over the internet has highlighted new concerns over security and trust in such global computing systems. The global computing infrastructure poses an issue of uncertainty about the potential collaborators. Reaching a trusting decision in such environments encompasses both risk and trust assessments. While much work has been done in terms of modelling trust, the investigation of the management of trust lifecycle issues with consideration of both trust and risk is less examined. Our previous work addressed the dynamic aspects of trust lifecycle with a consideration of trust formation, exploitation, and evolution. In this paper we provide an approach for formalizing these aspects. As part of the formalization of the trust lifecycle,we introduce a notion of attraction to model the effect of new pieces of evidence on our opinion. The formalization described in this paper constitutes the basis of ongoing work to investigate the properties of the model

Security models for trusting network appliances

A significant characteristic of pervasive computing is the need for secure interactions between highly mobile entities and the services in their environment. Moreover,these decentralised systems are also characterised by partial views over the state of the global environment, implying that we cannot guarantee verification of the properties of the mobile entity entering an unfamiliar domain. Secure in this context encompasses both the need for cryptographic security and the need for trust, on the part of both parties, that the interaction is functioning as expected. In this paper we make a broad assumption that trust and cryptographic security can be considered as orthogonal concerns (i.e. cryptographic measures do not ensure transmission of correct information). We assume the existence of reliable encryption techniques and focus on the characteristics of a model that supports the management of the trust relationships between two devices during ad-hoc interactions

VD-PSI : verifiable delegated private set intersection on outsourced private datasets

Private set intersection (PSI) protocols have many real world applications. With the emergence of cloud computing the need arises for PSI protocols on outsourced datasets where the computation is delegated to the cloud. However, due to the possibility of cloud misbehaviors, it is essential to verify the correctness of any delegated computation, and the integrity of any outsourced datasets. Verifiable Computation on private datasets that does not leak any information about the data is very challenging, especially when the datasets are outsourced independently by different clients. In this paper we present VD-PSI, a protocol that allows multiple clients to outsource their private datasets and delegate computation of set intersection to the cloud, while being able to verify the correctness of the result. Clients can independently prepare and upload their datasets, and with their agreement can verifiably delegate the computation of set intersection an unlimited number of times, without the need to download or maintain a local copy of their data. The protocol ensures that the cloud learns nothing about the datasets and the intersection. VD-PSI is efficient as its verification cost is linear to the intersection cardinality, and its computation and communication costs are linear to the dataset cardinality. Also, we provide a formal security analysis in the standard model

Trust dynamics for collaborative global computing

Recent advances in networking technology have increased the potential for dynamic enterprise collaborations between an open set of entities on a global scale. The security of these collaborations is a major concern, and requires novel approaches suited to this new environment to be developed. Trust management appears to be a promising approach. Due to the dynamic nature of these collaborations,dynamism in the formation, evolution and exploitation of trust is essential. In this paper we explore the properties of trust dynamics in this context. Trust is formed and evolves according to personal experience and recommendations. The properties of trust dynamics are expressed through a formal model of trust. Specific examples, based on an e-purse application scenario are used to demonstrate these properties

Detecting web server take-over attacks through objective verification actions

Attacks targeting web servers pose a major security threat. Typically prone to a mix of infrastructure and application-level security vulnerabilities, they serve as the lowest hanging fruit for intruders wanting to gain unauthorized access to the entire host network. This is specifically the case for ‘server take- over’ attacks, whose immediate objective is to gain unauthorized remote access to the host server, for example through shell-spawning, backdooring or botnet joining.peer-reviewe

Getting users to click : a content analysis of phishers’ tactics and techniques in mobile instant messaging phishing

Purpose: This study aims to investigate how phishers apply persuasion principles and construct deceptive URLs in mobile instant messaging (MIM) phishing. Design/methodology/approach: In total, 67 examples of real-world MIM phishing attacks were collected from various online sources. Each example was coded using established guidelines from the literature to identify the persuasion principles, and the URL construction techniques employed. Findings: The principles of social proof, liking and authority were the most widely used in MIM phishing, followed by scarcity and reciprocity. Most phishing examples use three persuasion principles, often a combination of authority, liking and social proof. In contrast to email phishing but similar to vishing, the social proof principle was the most commonly used in MIM phishing. Phishers implement the social proof principle in different ways, most commonly by claiming that other users have already acted (e.g. crafting messages that indicate the sender has already benefited from the scam). In contrast to email, retail and fintech companies are the most commonly targeted in MIM phishing. Furthermore, phishers created deceptive URLs using multiple URL obfuscation techniques, often using spoofed domains, to make the URL complex by adding random characters and using homoglyphs. Originality/value: The insights from this study provide a theoretical foundation for future research on the psychological aspects of phishing in MIM apps. The study provides recommendations that software developers should consider when developing automated anti-phishing solutions for MIM apps and proposes a set of MIM phishing awareness training tips

Quality factors impacting e-learning within the mobile environment in Saudi Arabia universities : an interview study

Mobile e-learning within the education domain is now an integral part in education technology. However, there has been little discussion about the benefits and the challenges of the use of M-learning in the higher education system in KSA. Interviews were the primary instruments used for data collection in identifying the enabling and deterring the quality attributes of mobile e-learning use in the context in Saudi Arabia higher education. The research results revealed that learning content/information quality, system quality, service quality and instructional quality were the primary antecedents of Blackboard as a Learning Management System (LMS) in general and within the mobile devices, and this situation can enhance user’s attitude towards the use of E-learning. Data were analyzed and results were discussed. Recommendations were made based on the findings