Music-4you.com - digital music e-commerce case study

During the past couple of years a new business has arise on the Internet – digital music e-commerce. Web-sites such as Apple iTunes, Real Rhapsody and most recently the renewed version of Napster with Microsoft support have attracted a lot of attention to this new business. This paper introduces and describes an example of a digital music e-commerce web-site – Music-4You.com – developed in the framework of a European project called MOSES. However, Music-4you isn’t just another digital music e-commerce site. It introduces some new concepts in the electronic trading of digital music, such as the negotiation of rights licensing conditions, the usage of new media formats and the possibility of music providers add their own music to the web-site and to define their own business models and rights management.info:eu-repo/semantics/acceptedVersio

Open secure infrastructure to control user access to multimedia content

This paper will start by describing OpenSDRM an open-source framework developed for the IST project MOSES., OpenSDRM is used to control the multimedia content consumption in conjunction with the new IPMPX MPEG-4 proposed standard. This architecture, composed by several building blocks, protects the content flow from creation to final user consumption on a specific device. This paper devotes a special attention to the security aspects of the OpenSDRM processes and functions, describing its communication protocols and message exchanges as well as it introduces the security details about the user's digital wallet.info:eu-repo/semantics/acceptedVersio

MAC, a system for automatically IPR identification, collection and distribution

Controlling Intellectual Property Rights (IPR) in the Digital World is a very hard challenge. The facility to create multiple bit-by-bit identical copies from original IPR works creates the opportunities for digital piracy. One of the most affected industries by this fact is the Music Industry. The Music Industry has supported huge losses during the last few years due to this fact. Moreover, this fact is also affecting the way that music rights collecting and distributing societies are operating to assure a correct music IPR identification, collection and distribution. In this article a system for automating this IPR identification, collection and distribution is presented and described. This system makes usage of advanced automatic audio identification system based on audio fingerprinting technology. This paper will present the details of the system and present a use-case scenario where this system is being used.info:eu-repo/semantics/acceptedVersio

Using PTES and open-source tools as a way to conduct external footprinting security assessments for intelligence gathering

The first phase in a security assessment activity (legitimate or not) consists in the information gathering procedures that need to be conducted about a specific target. Information gathering, also known as footprinting, is the process of collecting all available and accessible information about a specific target to assess. While conducting a security assessment, this is one of the most important stages and usually involves the examination, collection and classification of large volumes of data from the target. The Penetration Testing Execution Standard (PTES), provides the description of the processes that are necessary to conduct penetration-testing assessments in a generic and integrated manner in all the different stages that compose such penetration testing process. However, the particular focus of this article consists in the analysis of the standard and its recommendations on what concerns footprinting processes and how to provide some contributions in terms of the practical applicability, namely on the usage of open-source footprinting applications, in the implementation of PTES recommendations.info:eu-repo/semantics/publishedVersio

Secure Javascript Object Notation (SecJSON): Enabling granular confidentiality and integrity of JSON documents

Currently, web and mobile-based systems exchange information with other services, mostly through APIs that extend the functionality and enable multipart interoperable information exchange. Most of this is accomplished through the usage of RESTful APIs and data exchange that is conducted using JSON over the HTTP or HTTPS protocol. In the case of the exchange requires some specific security requirements, SSL/TLS protocol is used to create a secure authenticated channel between the two communication end-points. This is a scenario where all the content of the channels is encrypted and is useful if the sender and the receptor are the only communicating parties, however this may not be the case. The authors of this paper, present a granular mechanism for selectively offering confidentiality and integrity to JSON documents, through the usage of public-key cryptography, based on the mechanisms that have been used also to provide XML security. The paper presents the proposal of the syntax for the SecJSON mechanism and an implementation that was created to offer developers the possibility to offer this security mechanism into their own services and applications.info:eu-repo/semantics/acceptedVersio

Wi-Fi network testing using an integrated Evil-Twin framework

This work intends to present a newly developed Wi- Fi vulnerability analysis and exploitation framework with the objective of increasing Wi-Fi security. The developed framework focuses primarily on client-side vulnerabilities, currently a weak- ness on Wi-Fi connections, but can be extended to support any type of Wi-Fi attack. The framework was designed and is in- tended to be used by security auditors when performing intrusion tests on Wi-Fi networks. It can also be used as a proof-of-concept tool meant to teach and raise awareness of the risks involved when using Wi-Fi technologies. The developed framework is based on open-source software and is also available as open- source software, allowing developers to extend its functionality.info:eu-repo/semantics/acceptedVersio

Enabling content and rights transmission in the educational field with ARMS

Authorship and content integrity are the most basic rights that academic authors want to preserve in the educational field. In order to preserve these author rights a special adapted DRM platform, ARMS, was developed. This platform is oriented to the educational domain and we must to highlight the web services interface with a generic educational Academic Management System platform of the educational institution, established in order to verify the user eligibility in this domain before issuance of the license. To guarantee content and rights protection, cryptographic techniques and mechanisms are applied in a fashion where content, rights, protection keys and related metadata are packaged in special containers obeying the MPEG-21 standard. The resulting objects describe here, obeys a special structure where protected objects may only be used by the user of the educational domain to whom the respective license was issued embedded in one of these objects. These neutral resulting objects can then be easily transmissible in open communications channels in a way that enable their management in order to achieve a controlled access and usage. They are the main data transport bodies that enable content protection and rights transmission among participants in content protection lifecycle.info:eu-repo/semantics/submittedVersio

A low-cost smart parking solution for smart cities based on open software and hardware

Traffic management and car parking on modern cities continues to be a problem both for citizens and for city officials. The increasing number of vehicles flowing into the city drain the existing scarce parking resources, and the increase in time spent looking for a parking spot leads to more congestions, parasitic traffic, whilst augmenting fuel consumption and air pollution. In this paper we present an integrated flexible solution developed to help address this issue, using open hardware and software components to develop a low-cost smart parking system suitable for contemporary metropolitan cities. The smart parking solution is based on Arduino boards for the sensors network and on Raspberry Pi single-board computers for the gateway devices, integrated through specific developed software components and a mobile application for the end-users.info:eu-repo/semantics/acceptedVersio

Vulnerability assessment of Angolan university web applications

Vulnerability assessment is one of the technical procedures that can help prevent serious security breaches, which, when exploited, can undermine brand credibility and or the continuity of a business. Universities hold and process important relevant and sensitive student and staff information appealing to attackers and might affect the organisations' credibility if such information is disclosed. This work presents a study conducted to assess the security status of the Angolan universities' web applications, identifying the most frequent security vulnerabilities and their criticality, based on OWASP Top 10 and CWE Top 25 references to identify and validate the findings discovered during the automatic vulnerability assessment process.info:eu-repo/semantics/acceptedVersio

Handling confidentiality and privacy on cloud-based health information systems

Health-related data include not only the patient’s personal information, but also specific information about the patient health problems, supplementary diagnostic examination results, and much more. All this information is extremely sensitive and should only be accessed by the proper entities and actors, for special specific purposes. Described herein is an approach to address security and privacy of health-related data based on rights management technologies, with an architecture to minimize security risks and privacy conerns. This approach consists of the reutilisation of an open-source and open-specifications rights management system, and designing and adapting the necessary components to address the specific security and privacy requirements that must be faced when managing health and patient data.info:eu-repo/semantics/acceptedVersio