Novel framework for secure mobile financial services

The financial sector is always looking for new services delivery platforms to improve customer confidence and satisfaction. To achieve this, the banking service delivery platform must provide end-to-end security to safeguard the financial information exchanged between the bank and the customer. Today a number of banks offer mobile banking service to their customers. However, still banks have been adopting the generic user authentication systems that were developed for the desktop environment based on two-factor authentication with a number of user intrusive activities. This paper presents a novel authentication and authorization framework for secure mobile banking applications based on the user SIM and mobile credentials

Hide-and-seek: face recognition in private

Recent trend towards cloud computing and outsourcing has led to the requirement for face recognition (FR) to be performed remotely by third-party servers. When outsourcing the FR, client's test image and classification result will be revealed to the servers. Within this context, we propose a novel privacy-preserving (PP) FR algorithm based on randomization. Existing PP FR algorithms are based on homomorphic encryption (HE) which requires higher computational power and communication bandwidth. Since we use randomization, the proposed algorithm outperforms the HE based algorithm in terms of computational and communication complexity. We validated our algorithm using popular ORL database. Experimental results demonstrate that accuracy of the proposed algorithm is the same as the accuracy of existing algorithms, while improving the computational efficiency by 120 times and communication complexity by 2.5 times against the existing HE based approach

Efficient privacy-preserving facial expression classification

This paper proposes an efficient algorithm to perform privacy-preserving (PP) facial expression classification (FEC) in the client-server model. The server holds a database and offers the classification service to the clients. The client uses the service to classify the facial expression (FaE) of subject. It should be noted that the client and server are mutually untrusted parties and they want to perform the classification without revealing their inputs to each other. In contrast to the existing works, which rely on computationally expensive cryptographic operations, this paper proposes a lightweight algorithm based on the randomization technique. The proposed algorithm is validated using the widely used JAFFE and MUG FaE databases. Experimental results demonstrate that the proposed algorithm does not degrade the performance compared to existing works. However, it preserves the privacy of inputs while improving the computational complexity by 120 times and communication complexity by 31 percent against the existing homomorphic cryptography based approach

Vehicular Internet: Security & Privacy Challenges and Opportunities

The vehicular internet will drive the future of vehicular technology and intelligent transportation systems (ITS). Whether it is road safety, infotainment, or driver-less cars, the vehicular internet will lay the foundation for the future of road travel. Governments and companies are pursuing driver-less vehicles as they are considered to be more reliable than humans and, therefore, safer. The vehicles today are not just a means of transportation but are also equipped with a wide range of sensors that provide valuable data. If vehicles are enabled to share data that they collect with other vehicles or authorities for decision-making and safer driving, they thereby form a vehicular network. However, there is a lot at stake in vehicular networks if they are compromised. With the stakes so high, it is imperative that the vehicular networks are secured and made resilient to any attack or attempt that may have serious consequences. The vehicular internet can also be the target of a cyber attack, which can be devastating. In this paper, the opportunities that the vehicular internet offers are presented and then various security and privacy aspects are discussed and some solutions are presented

Human-Centric AI for Trustworthy IoT Systems With Explainable Multilayer Perceptrons

[EN] Internet of Things (IoT) widely use analysis of data with artificial intelligence (AI) techniques in order to learn from user actions, support decisions, track relevant aspects of the user, and notify certain events when appropriate. However, most AI techniques are based on mathematical models that are difficult to understand by the general public, so most people use AI-based technology as a black box that they eventually start to trust based on their personal experience. This article proposes to go a step forward in the use of AI in IoT, and proposes a novel approach within the Human-centric AI field for generating explanations about the knowledge learned by a neural network (in particular a multilayer perceptron) from IoT environments. More concretely, this work proposes two techniques based on the analysis of artificial neuron weights, and another technique aimed at explaining each estimation based on the analysis of training cases. This approach has been illustrated in the context of a smart IoT kitchen that detects the user depression based on the food used for each meal, using a simulator for this purpose. The results revealed that most auto-generated explanations made sense in this context (i.e. 97.0%), and the execution times were low (i.e. 1.5 ms or lower) even considering the common configurations varying independently the number of neurons per hidden layer (up to 20), the number of hidden layers (up to 20) and the number of training cases (up to 4,000).This work was supported in part by the U.K. Engineering and Physical Sciences Research under Grant EP/N028155/1, in part by the Programa Iberoamericano de Ciencia y Tecnologia para el Desarrollo (CYTED) through the CITIES: Ciudades inteligentes totalmente integrales, eficientes y sotenibles under Grant 518RT0558, and in part by the Spanish council of Science, Innovation and Universities from the Spanish Government through the Diseno colaborativo para la promocion del bienestar en ciudades inteligentes inclusivas under Grant TIN2017-88327-R.García-Magariño, I.; Muttukrishnan, R.; Lloret, J. (2019). Human-Centric AI for Trustworthy IoT Systems With Explainable Multilayer Perceptrons. IEEE Access. 7:125562-125574. https://doi.org/10.1109/ACCESS.2019.2937521S125562125574

Agent-based IoT Coordination for Smart Cities Considering Security and Privacy

The interest in Internet of Things (IoT) is increasing steeply, and the use of their smart objects and their composite services may become widespread in the next few years increasing the number of smart cities. This technology can benefit from scalable solutions that integrate composite services of multiple-purpose smart objects for the upcoming large-scale use of integrated services in IoT. This work proposes an agent-based approach for supporting large-scale use of IoT for providing complex integrated services. Its novelty relies in the use of distributed blackboards for implicit communications, decentralizing the storage and management of the blackboard information in the smart objects, which are accessed by nearby requests. This avoids (a) the common bottlenecks of implicit communications based on centralized blackboards and (b) the overload of bandwidth due to explicit peer-to-peer communications. This solution raises challenges in privacy and security, and some potential solutions are discussed in this paper. Simulations based on a region in Dublin city shows the potential utility of this approach illustrated in the domain of coordination of electric vehicles in selecting paths and charging stations

Variable rate adaptive modulation (VRAM) for introducing small-world model into WSNs

Data communication has a strong impact on the design of a Wireless Sensor Network (WSN), since the data transmission energy cost is typically higher than the data processing cost. In order to reduce the data transmission cost, small world phenomenon is introduced into WSNs. Networks that do not have the small world structure can be converted to achieve a small world property by the addition of few extra links. The problem is that most large scale WSNs are inherently unstructured and a node has no precise information of the overall model of the network and thus has to rely on the knowledge of its neighbor. For this reason, in most unstructured networks, information is propagated using gossiping. In this paper, we exploit this information propagation mechanism and use Neighbor Avoiding Walk (NAW), where the information is propagated to node that has not been visited previously and which is not the neighbor of a previously visited node. Using this, a novel approach is presented, in which nodes with highest betweenness centrality form a long distance relay path by using a lower order modulation scheme and therefore resulting in a relatively reduced data rate, but maintaining the same bit error rate. Our empirical and analytical evaluations demonstrate that this leads to a significant reduction in average path length and an increase in node degree

Smart, secure and seamless access control scheme for mobile devices

Smart devices capture users' activity such as unlock failures, application usage, location and proximity of devices in and around their surrounding environment. This activity information varies between users and can be used as digital fingerprints of the users' behaviour. Traditionally, users are authenticated to access restricted data using long term static attributes such as password and roles. In this paper, in order to allow secure and seamless data access in mobile environment, we combine both the user behaviour captured by the smart device and the static attributes to develop a novel access control technique. Security and performance analyses show that the proposed scheme substantially reduces the computational complexity while enhances the security compared to the conventional schemes

Robust access control framework for mobile cloud computing network

Unified communications has enabled seamless data sharing between multiple devices running on various platforms. Traditionally, organizations use local servers to store data and employees access the data using desktops with predefined security policies. In the era of unified communications, employees exploit the advantages of smart devices and 4G wireless technology to access the data from anywhere and anytime. Security protocols such as access control designed for traditional setup are not sufficient when integrating mobile devices with organization's internal network. Within this context, we exploit the features of smart devices to enhance the security of the traditional access control technique. Dynamic attributes in smart devices such as unlock failures, application usage, location and proximity of devices can be used to determine the risk level of an end-user. In this paper, we seamlessly incorporate the dynamic attributes to the conventional access control scheme. Inclusion of dynamic attributes provides an additional layer of security to the conventional access control. We demonstrate that the efficiency of the proposed algorithm is comparable to the efficiency of the conventional schemes