10 research outputs found
Evaluating location based privacy in wireless networks
Research into the use of Location Based Services (LBS) that can pinpoint the exact
location of users using wireless networks is the fastest growing area in Information Technology (IT)
today. This is because of the need to transform the radio waves which act as a wireless networks
data’s transmission medium into a private location. Contemporary research on LBS suggests that
indoor location can be difficult as the geo positional satellites (GPS) cannot give an accurate positional
computation due to insulation provided by physical barriers like the walls and furniture of a house.
Previous research however suggests a way around this by making use of wireless fidelity (WiFi)
cards
signal strength but acknowledges limitations on the range which doesn’t exceed 50 meters. Other
researchers have suggested that using LBS technology would allow hackers to track the user’s
movement over time and so proposed that the user identity be kept secret by disposing the identifiers.
Against this backdrop, some researchers have championed the call for a framework in LBS privacy in
order to curtail the security risks that come with using wireless networks and suggested using a
transactionbased
wireless communication system in which transactions were unlinkable. This would
in effect camouflage the movement of users as their location would not be able to be tracked. This
paper aims to review contemporary issues on location based privacy in wireless technology and proposes
a model for optimising LBS privacy and describes the initial stages of a research project aimed at
filling the research void through the application of a hybrid research methodolog
Security strategy models (SSM)
The aim of this research paper is to analyse the individual and collective information
security risks which could arise from using a security strategy model (SSM); the objective of creating
the SSM was so as to protect a wireless local area network (WLAN). As such the focus of this paper
shall be on the individual operational components used to create the SSM and the information security
risks which stem from their being part of the SSM. In order to review the components of the SSM the
paper shall use the BS ISO/IEC 17799:2005 which is the British Standard, International Standard and
also the European Standard for using Information Communication Technology (ICT) correctly in
order to effectively mitigate against the exposure of an organizations data to unauthorized access. The
general idea of using the BS ISO/IEC 17799:2005 is so that the SSM is created based on best practice
within the ICT industry of protecting confidential data or at least that the possible risks that stem from
using the SSM are mitigated against; this is also known as risk based auditing. Against this backdrop
the paper shall review each component of the SSM and use the risks to create a ‘Threat’ model which
would then be used to create a ‘Trust model in order to strengthen the confidentiality of any data that
passes through the SSM
Geofencing Components and Existing Models
This paper describes the various Geofencing Components and Existing Models in terms of their Information Security Control Attribute Profiles. The profiles will dictate the security attributes that should accompany each and every Geofencing Model used for Wi-Fi network security control in an organization, thus minimizing the likelihood of malfunctioning security controls. Although it is up to an organization to investigate the best way of implementing information security for itself, by looking at the related models that have been used in the past this paper will present models commonly used to implement information security controls in the organizations. Our findings will highlight the strengths and weaknesses of the various models and present what our experiment and prototype consider as a robust Geofencing Security Model for securing Wi-Fi Network
Geofencing as a Security Strategy Model
This thesis presents a Wireless Security Model (WSM) to the security risks caused by the leakage of electromagnetic radio waves in wireless networks. The WSM is divided into two parts.
The first part uses a robust security strategy model which enables the Information Security management of the WSM to be continuously improved. The context here is continual improvement of the WSM and takes into consideration those factors both internal and external to the WSM that affects
its behaviour.
The second part of the WSM uses the geographic limitation inherent in location based services to contain the access of an authorised wireless network user within a predefined parameter. The context here is access based on geographic limitation and takes into consideration the exact position of a mobile device using indoor positioning technology on a single radio frequency to obtain network access. The security strategy model uses the International Standard Organisations (ISO), Information Security Management Systems (ISMS) requirements (27001:2005) and Information Technology Infrastructure Library (ITIL) Version 3 as a governance framework which makes it suitable for use in
any organisation of the 162 member countries who have signed up to and adopted the ISO 27001:2005. The positioning technology uses a Wireless Location Appliance (WLA) to identify the location of a mobile device before allowing it to access the network, it then continues to monitor the location at time intervals which are preset using the WLA and then maintains the connection to the
network for the duration that the mobile device complies with the preset rules based on its location and any other of the organisations internal information security policies. The security strategy model was evaluated using a questionnaire to collect data from Small Medium Enterprises (SME) which use wireless networks to understand the kind of infrastructure they use and the kind of information security
policies they have in place to protect them.
The results were compared with surveys undertaken by PricewaterhouseCoopers (PwC) on behalf of the United Kingdom's Government office of Commerce (GOC) which produced the ISO 27001:2005 and ITIL V3 documents. The positioning technology was experimentally evaluated using
a laboratory owned by a company that provides Location Based Services to the National Health Service (NHS). The results were compared with a predetermined route marked out on the architectural plan of a room in the laboratories building which was used as a test bed. The security solution model achieved 95% confidence levels for accuracy and precision, with the security strategy model achieving
95% confidence levels for compliance and implementation