A Middleware for the Internet of Things

The Internet of Things (IoT) connects everyday objects including a vast array of sensors, actuators, and smart devices, referred to as things to the Internet, in an intelligent and pervasive fashion. This connectivity gives rise to the possibility of using the tracking capabilities of things to impinge on the location privacy of users. Most of the existing management and location privacy protection solutions do not consider the low-cost and low-power requirements of things, or, they do not account for the heterogeneity, scalability, or autonomy of communications supported in the IoT. Moreover, these traditional solutions do not consider the case where a user wishes to control the granularity of the disclosed information based on the context of their use (e.g. based on the time or the current location of the user). To fill this gap, a middleware, referred to as the Internet of Things Management Platform (IoT-MP) is proposed in this paper.Comment: 20 pages, International Journal of Computer Networks & Communications (IJCNC) Vol.8, No.2, March 201

The Internet of Things: New Interoperability, Management and Security Challenges

The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It extends connectivity to everyday objects. From connected fridges, cars and cities, the IoT creates opportunities in numerous domains. However, this increase in connectivity creates many prominent challenges. This paper provides a survey of some of the major issues challenging the widespread adoption of the IoT. Particularly, it focuses on the interoperability, management, security and privacy issues in the IoT. It is concluded that there is a need to develop a multifaceted technology approach to IoT security, management, and privacy.Comment: 18 pages, International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.2, March 201

The Application of Deep Learning for Classification of Alzheimer's Disease Stages by Magnetic Resonance Imaging Data

Detecting Alzheimer’s disease (AD) in its early stages is essential for effective management, and screening for Mild Cognitive Impairment (MCI) is common practice. Among many deep learning techniques applied to assess brain structural changes, Magnetic Resonance Imaging (MRI) and Convolutional Neural Networks (CNN) have grabbed research attention because of their excellent efficiency in automated feature learning of a variety of multilayer perceptron. In this study, various CNNs are trained to predict AD on three different views of MRI images, including Sagittal, Transverse, and Coronal views. This research use T1-Weighted MRI data of 3 years composed of 2182 NIFTI files. Each NIFTI file presents a single patient's Sagittal, Transverse, and Coronal views. T1-Weighted MRI images from the ADNI database are first preprocessed to achieve better representation. After MRI preprocessing, large slice numbers require a substantial computational cost during CNN training. To reduce the slice numbers for each view, this research proposes an intelligent probabilistic approach to select slice numbers such that the total computational cost per MRI is minimized. With hyperparameter tuning, batch normalization, and intelligent slice selection and cropping, an accuracy of 90.05% achieve with the Transverse, 82.4% with Sagittal, and 78.5% with Coronal view, respectively. Moreover, the views are stacked together and an accuracy of 92.21% is achived for the combined views. In addition, results are compared with other studies to show the performance of the proposed approach for AD detection

RFID Localisation For Internet Of Things Smart Homes: A Survey

The Internet of Things (IoT) enables numerous business opportunities in fields as diverse as e-health, smart cities, smart homes, among many others. The IoT incorporates multiple long-range, short-range, and personal area wireless networks and technologies into the designs of IoT applications. Localisation in indoor positioning systems plays an important role in the IoT. Location Based IoT applications range from tracking objects and people in real-time, assets management, agriculture, assisted monitoring technologies for healthcare, and smart homes, to name a few. Radio Frequency based systems for indoor positioning such as Radio Frequency Identification (RFID) is a key enabler technology for the IoT due to its costeffective, high readability rates, automatic identification and, importantly, its energy efficiency characteristic. This paper reviews the state-of-the-art RFID technologies in IoT Smart Homes applications. It presents several comparable studies of RFID based projects in smart homes and discusses the applications, techniques, algorithms, and challenges of adopting RFID technologies in IoT smart home systems.Comment: 18 pages, 2 figures, 3 table

Technology, privacy, and user opinions of COVID-19 mobile apps for contact tracing : systematic search and content analysis

Background: Many countries across the globe have released their own COVID-19 contact tracing apps. This has resulted in the proliferation of several apps that used a variety of technologies. With the absence of a standardized approach used by the authorities, policy makers, and developers, many of these apps were unique. Therefore, they varied by function and the underlying technology used for contact tracing and infection reporting. Objective: The goal of this study was to analyze most of the COVID-19 contact tracing apps in use today. Beyond investigating the privacy features, design, and implications of these apps, this research examined the underlying technologies used in contact tracing apps. It also attempted to provide some insights into their level of penetration and to gauge their public reception. This research also investigated the data collection, reporting, retention, and destruction procedures used by each of the apps under review. Methods: This research study evaluated 13 apps corresponding to 10 countries based on the underlying technology used. The inclusion criteria ensured that most COVID-19-declared epicenters (ie, countries) were included in the sample, such as Italy. The evaluated apps also included countries that did relatively well in controlling the outbreak of COVID-19, such as Singapore. Informational and unofficial contact tracing apps were excluded from this study. A total of 30,000 reviews corresponding to the 13 apps were scraped from app store webpages and analyzed. Results: This study identified seven distinct technologies used by COVID-19 tracing apps and 13 distinct apps. The United States was reported to have released the most contact tracing apps, followed by Italy. Bluetooth was the most frequently used underlying technology, employed by seven apps, whereas three apps used GPS. The Norwegian, Singaporean, Georgian, and New Zealand apps were among those that collected the most personal information from users, whereas some apps, such as the Swiss app and the Italian (Immuni) app, did not collect any user information. The observed minimum amount of time implemented for most of the apps with regard to data destruction was 14 days, while the Georgian app retained records for 3 years. No significant battery drainage issue was reported for most of the apps. Interestingly, only about 2% of the reviewers expressed concerns about their privacy across all apps. The number and frequency of technical issues reported on the Apple App Store were significantly more than those reported on Google Play; the highest was with the New Zealand app, with 27% of the reviewers reporting technical difficulties (ie, 10% out of 27% scraped reviews reported that the app did not work). The Norwegian, Swiss, and US (PathCheck) apps had the least reported technical issues, sitting at just below 10%. In terms of usability, many apps, such as those from Singapore, Australia, and Switzerland, did not provide the users with an option to sign out from their apps. Conclusions: This article highlighted the fact that COVID-19 contact tracing apps are still facing many obstacles toward their widespread and public acceptance. The main challenges are related to the technical, usability, and privacy issues or to the requirements reported by some users

Preservation and management of location privacy in the Internet of Things

The Internet of Things (IoT) connects everyday objects including a vast array of sensors, actuators, and smart devices, referred to as “things” to the Internet, in an intelligent and pervasive fashion. This connectivity gives rise to the possibility of using the tracking capabilities of things to impinge on the location privacy of users. Most of the existing management and location privacy protection solutions do not consider the low-cost and low-power requirements of things; or, they do not account for the heterogeneity, scalability, or autonomy of communications supported in the IoT. Moreover, many traditional location privacy preserving techniques anonymize location information so that adversaries cannot infer or relate location information to specific users. However, these techniques do not consider the case where a user wishes to control the granularity of the disclosed information based on the context of their use (e.g., based on the time or the current location of the user). To fill this gap, a middleware referred to as the Internet of Things Management Platform (IoT-MP) is proposed in this thesis. The IoT-MP provides users with fine-grained control over the granularity and disclosure settings of their location information in the IoT. It is based on a distributed architecture that utilises an agent, a manager, and a manager of managers paradigm. The IoT-MP adopts an extensible design where things are represented as attributes in a management database located at the manager. In this way, IoT applications can access things transparently over the Internet, irrespective of the underlying used communication technologies. The IoT-MP’s manager comprises several modules. The Privacy Module (PM), which consists of a Context Analysis Component, Privacy Manager Component, and Semantic Obfuscation Component, enables the user to alter the location of things and to control the granularity of the produced location based on a context-aware and policy enforcement mechanism. The obfuscation process is supported by a novel ontological classification of locations based on a geographical knowledge, which takes into account both the user’s informed consent and preferences. Furthermore, the proposed Semantic Obfuscation approach improves the performance of two major classical location protection methods by making it harder on an adversary to infer the actual location of a device from a received obscured location.. To confirm the effectiveness of the proposed management platform in preserving location privacy in the IoT, a diverse range of experimental and simulation studies are carried out. The experimental studies aimed to demonstrate the capability of the proposed platform in preserving the location privacy of users in an IoT setup which uses physical low-power sensor devices. The setup involved the utilisation of several Bluetooth Low Energy (BLE) sensor devices, the implementations of two mobile applications and a web application. The results collected from the experimental works validate the IoT-MP approach in providing the user with a method that can be used to control to whom, when, and in which context the location information of their sensors is revealed. They further show that the proposed Obfuscation approach has outperformed the performance of the classic Dispersion method. For instance, using “Obfuscation level 3”, it is found that the S-Obfuscation has produced better-obscured location by 60% than that of the Dispersion technique and by 50% than that of the Rand technique. The simulation studies, conducted using the Opnet and NS2 simulation tools, combined several wireless network scenarios which utilise the low-power wireless ZigBee and IEEE 802.11ah protocols as a practical example of a heterogeneous communication network in the IoT. In these scenarios, as per the IoT-MP approach, privacy policies were defined for a group of sensors which took turns in requesting the location of each other. By observing and analysing the traffic stored in the log file of the simulation, specifically, the location information exchanged between the sensors, the privacy-preserving capabilities of the proposed platform in a large-scale heterogeneous network were demonstrated and verified. Additionally, it was found that the application end-to-end delay experienced by the ZigBee network is low. Furthermore, the average consumed energy to send a packet across the network by a ZigBee and 802.11ah node was also within acceptable levels. These performance results clearly show that the approaches of the IoT-MP in preserving the location privacy of things in the IoT has no noticeable impact on the power consumptions and network performance of both ZigBee and IEEE 802.11ah end devices

Improving e-health security through trust negotiation

In Australia, home and community aged care has been a growing sector for the past two decades. To achieve higher levels of efficiency and improve the quality of care, remote monitoring systems for elderly offer interesting solutions. The data collected by the monitoring system are transmitted to the healthcare provider and stored on the healthcare provider’s server in the form of patients’ Electronic Health Records (EHR). With such a system, healthcare professionals can remotely access each patient’s EHR on their mobile devices, for instance when they are at the patients’ homes. They may need to access patients’ EHR for obtaining the history of the patient’s medical records or modifying the patient’s EHR. It is important to secure the transmission of the patient’s EHR between the healthcare provider server and the mobile device being used by the healthcare professional, as communication is via unsecure networks, such as the Internet. It is also important to ensure that a patient’s EHR is only disclosed to the authorized entities. Therefore, obviously, security services, such as privacy protection during transmission of data and remote authorized access to patients’ EHR are of paramount importance. Other security requirements that need to be addressed relate to the nature of mobile devices and their vulnerabilities to loss and theft. The approaches proposed in this study ensure that patients’ EHR are only disclosed to the authorized healthcare professional, on the registered device, at the appropriate locations. They ensure the confidentiality of information by securing its transmission, using Transport Layer Security (TLS) as the underlying protocol. Building on the strengths of this protocol, a trust negotiation approach is developed. This approach authenticates the person receiving the care, the person administering it, the mobile device used in accessing the health information, as well as the location where the healthcare is administered. This combination results in significant improvements in overcoming security related concerns compared to the traditional identity-based only access control techniques. The improvements in the security of the remote monitoring systems are achieved by providing extra protective features to the access control and authorization process before the release of any data over unsecured networks. For verification purposes, a mobile application is developed. This application gives healthcare professionals secure remote access to the EHR of the monitored elderly patients. These experimental works confirm that by applying the proposed trust negotiation approach, the expected analysis results can be achieved. The developed application is also practical and easy to adopt, as users are not required to have any additional knowledge or expertise in the use of the underlying technologies. This is also important, as in general, most healthcare professionals cannot be considered as experts in network security areas

A privacy risk assessment for the Internet of Things in healthcare

Beyond the massive technological opportunities and benefits the IoT offers, important challenges such as trust, security, and privacy should be considered [8]. In the IoT, things, such as sensor devices, will be integrated into streets, homes, work and recreation places, buildings, shopping centres, cars, and other public environments. They will also be carried by people or mounted on mobile vehicles. As a result, things may communicate with each other locally within personal area network (PAN) setups or in a peer-to-peer fashion. They may also interact with IoT applications remotely over the Internet. In a typical IoT application, IoT devices may have the capabilities of automatically sensing, communicating, and processing the information collected from their environments and their users [14], with a high degree of spatial and temporal precision. This information may comprise the exchange of users’ personal and contextual information, including their sensitive or personal information. Therefore, it is likely that new privacy issues will arise with such a deep penetration of technology in our life [13]. This paper attempts to highlight the privacy issues derived from the adoption of the Internet of Things technologies in healthcare. Section 2 discusses the various IoT developments in healthcare, such as remote health monitoring systems and assistive technologies. The associated and derived privacy issues and challenges are then discussed in Sect. 3. This section ends with a brief privacy risk assessment. Concluding remarks are provided in Sect. 4

Covert timing channels detection based on image processing using deep learning

With the development of the Internet, covert timing channel attacks have increased exponentially and ranking as a critical threat to Internet security. Detecting such channels is essential for protection against security breaches, data theft, and other dangers. Current methods of CTC detection have shown low detection speeds and poor accuracy. This paper proposed a novel approach that used deep neural networks to improve the accuracy of CTC detection. The traffic inter-arrival times are converted into colored images; then, the images are classified using a CNN that automatically extracts the image’s features. The experimental results demonstrated that the proposed CNN model achieved better performance than other detection models

Prevention of cross-site scripting attacks in web applications

Cross-site scripting is a vulnerability in Web applications that can be exploited by injecting malicious script codes such as JavaScript into a Web application. A cross-site scripting technique allows an authorised user to inject malicious codes into a Web application and perform malicious activities. This paper analyses the traditional methods used in preventing cross-site scripting. A security framework is then proposed to improve the security of Web applications against Web-scripting attacks. This framework defines a security checklist, which comprises a set of rules. These rules contribute towards strengthening the security of Web applications and making them more robust to cross-site scripting attacks