Prevention of cross-site scripting attacks in web applications

Cross-site scripting is a vulnerability in Web applications that can be exploited by injecting malicious script codes such as JavaScript into a Web application. A cross-site scripting technique allows an authorised user to inject malicious codes into a Web application and perform malicious activities. This paper analyses the traditional methods used in preventing cross-site scripting. A security framework is then proposed to improve the security of Web applications against Web-scripting attacks. This framework defines a security checklist, which comprises a set of rules. These rules contribute towards strengthening the security of Web applications and making them more robust to cross-site scripting attacks

A semantic obfuscation technique for the Internet of Things

Although some people might willingly reveal their location information in order to obtain location-based services, few would be comfortable having their locations collected and profiled by the billions of things envisioned in the Internet of Things (IoT), at all time and in all situations. The diffusion of wireless communication networks and the technical advancements of location positioning techniques, power things of the IoT with the capabilities of automatically sensing, communicating, and processing the information about a person's location, with a high degree of spatial and temporal precision. In this work, we address the location privacy issue by introducing the Semantic Obfuscation technique (S-Obfuscation). This technique, compared to classical geometric-based obfuscation techniques, relies on geographic knowledge to produce obfuscated locations that are harder to be detected as fake or obfuscated by an adversary. The obfuscation process is supported by our novel use of ontological classification of locations based on a geographical knowledge

Emerging wireless technologies in the internet of things : a comparative study

The Internet of Things (IoT) incorporates multiple long-range, short-range, and personal area wireless networks and technologies into the designs of IoT applications. This enables numerous business opportunities in fields as diverse as e-health, smart cities, smart homes, among many others. This research analyses some of the major evolving and enabling wireless technologies in the IoT. Particularly, it focuses on ZigBee, 6LoWPAN, Bluetooth Low Energy, LoRa, and the different versions of Wi-Fi including the recent IEEE 802.11ah protocol. The studies evaluate the capabilities and behaviours of these technologies regarding various metrics including the data range and rate, network size, RF Channels and Bandwidth, and power consumption. It is concluded that there is a need to develop a multifaceted technology approach to enable interoperable and secure communications in the IoT

Networks of the Future: Architectures, Technologies, and Implementations

With the ubiquitous diffusion of the IoT, Cloud Computing, 5G and other evolved wireless technologies into our daily lives, the world will see the Internet of the future expand ever more quickly. Driving the progress of communications and connectivity are mobile and wireless technologies, including traditional WLANs technologies and low, ultra-power, short and long-range technologies. These technologies facilitate the communication among the growing number of connected devices, leading to the generation of huge volumes of data. Processing and analysis of such "big data" brings about many opportunities, as well as many challenges, such as those relating to efficient power consumptions, security, privacy, management, and quality of service. This book is about the technologies, opportunities and challenges that can drive and shape the networks of the future. Written by established international researchers and experts, Networks of the Future answers fundamental and pressing research challenges in the field, including architectural shifts, concepts, mitigation solutions and techniques, and key technologies in the areas of networking. The book starts with a discussion on Cognitive Radio (CR) technologies as promising solutions for improving spectrum utilization, and also highlights the advances in CR spectrum sensing techniques and resource management methods. The second part of the book presents the latest developments and research in the areas of 5G technologies and Software Defined Networks (SDN). Solutions to the most pressing challenges facing the adoption of 5G technologies are also covered, and the new paradigm known as Fog Computing is examined in the context of 5G networks. The focus next shifts to efficient solutions for future heterogeneous networks. It consists of a collection of chapters that discuss self-healing solutions, dealing with Network Virtualization, QoS in heterogeneous networks, and energy efficient techniques for Passive Optical Networks and Wireless Sensor Networks. Finally, the areas of IoT and Big Data are discussed, including the latest developments and future perspectives of Big Data and the IoT paradigms

A proposal to improve the security of mobile banking applications

Mobile banking (m-banking) is considered to be one of the most important mobile commerce applications currently available. The ubiquitous access to data with no place restrictions helps to promote this technology. The security and privacy of sensitive financial data is one of the main concerns in acceptance of these systems in Australia. It is specifically important to secure the transmission of the financial data between the financial institutions' server and the mobile device used by consumers, as their communications are via unsecured networks such as the Internet. In this paper, a trust negotiation approach is proposed to address these security concerns. Trust negotiation is combined with the Transport Layer Security (TLS) as the underlying protocol. This combination of technology aims to maximize the existing security of m-banking applications. It results in significant improvements in security compared to the traditional identity-based only access control techniques. The proposed approach is implemented as a mobile application. It demonstrates that the developed application is easy to use and deploy in typical mobile environments

Securing ubiquitous access in U-health monitoring systems

There are clear advantages in using ubiquitous health (U-health) monitoring systems. They help with improving the quality of care and the availability of data. In such a system, healthcare professionals can remotely access a patient's Electronic Health Records (EHR), over the Internet, anywhere and anytime using various communication devices. Amongst the main challenges that this U-health technology faces, security is considered as one of the major obstacles to its adaptation. This work reports an authentication approach, referred as Health Authentication Approach (HAA), which aims at minimizing the security risk associated with the use of a U-health monitoring system. The proposed approach allows healthcare professionals to ubiquity access patients' EHRs, using their mobile devices in a secure way. For verification purposes, HAA is implemented in an Android mobile application which demonstrates a successful integration of the proposed approach in a mobile environment

Internet of Things applications : current and future development

The Internet of Things (IoT) brings connectivity to about every objects found in the physical space. It extends connectivity not only to computer and mobile devices but also to everyday objects. From connected fridges, cars and cities, the IoT creates opportunities in numerous domains. This chapter briefly surveys some IoT applications and the impact the IoT could have on societies. It shows how the various application of the IoT enhances the overall quality of life and reduces management and costs in various sectors

Enhancing the security of mobile health monitoring systems through trust negotiations

There are clear advantages in using remote monitoring systems for elderly care. They help with improving the efficiency in providing higher quality of care. These systems collect relevant data and transmit them to the healthcare provider, to be stored on their servers in the form of patients' Electronic Health Records (EHRs). The EHR may then be used by healthcare professional, either at provider locations or remotely through mobile devices. Among of the main concerns in acceptance of these systems, ensuring the privacy of personally sensitive information and securing EHRs during the transmission can be named. This paper, reports a trust negotiation approach that we have developed to address these concerns. It complements the strengths of the Transport Layer Security (TLS) as the underlying protocol. This combination results in significant improvements in overcoming security related concerns compared to the traditional identity-based only access control techniques. We also report the experimental works that demonstrate the ease of application of the proposed approach in typical mobile environments

The Internet of Things : vision & challenges

The Internet of Things (IoT) was of a vision in which all physical objects are tagged and uniquely identified using RFID transponders or readers. Nowadays, research into the IoT has extended this vision to the connectivity of Things to anything, anyone, anywhere and at anytime. The IoT has grown into multiple dimensions, which encompasses various networks of applications, computers, devices, as well as physical and virtual objects, referred to as things or objects, that are interconnected together using communication technologies such as, wireless, wired and mobile networks, RFID, Bluetooth, GPS systems, and other evolving technologies. This paradigm is a major shift from an essentially computer-based network model to a fully distributed network of smart objects. This change poses serious challenges in terms of architecture, connectivity, efficiency, security and provision of services among many others. This paper studies the state-of-the art of the IoT. In addition, some major security and privacy issues are described and a new attack vector is introduced, referred to as the “automated invasion attack”

Wireless enabling technologies for the Internet of Things

This Chapter provides several comparable studies of some of the major evolving and enabling wireless technologies in the Internet of Things (IoT). Particularly, it focuses on the ZigBee, 6lowpan, Bluetooth Low Energy, LTE, and the different versions of Wi-Fi protocols including the IEEE 802.11ah. The studies, reported in this chapter, evaluate the capabilities and behaviors of these technologies in terms of various metrics including the data range and rate, network size, RF Channels and Bandwidth, Antenna design considerations, Power Consumption, and their Ecosystem. It is concluded that the requirements of each IoT application play a significant role in the selection of a suitable wireless technology