Context-aware systems represent extremely complex and heterogeneous systems. The need for middleware to bind components together is well recognized and many attempts to build middleware for context-aware systems have been made.
We provide a general introduction about the evolution of the middlewares and then we proceed with an analysis of the requirements and the issues for context-aware middleware.
A GENERIC FRAMEWORK FOR DEVICE PAIRING IN UBIQUITOUS COMPUTING ENVIRONMENTSIJNSA Journal
Recently secure device pairing has had significant attention from a wide community of academic as well as industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocols and schemes have different strengths and weaknesses – often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user’s point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allow automated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this research work is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. The contributions presented in this paper include the design and prototype implementation of the proposed framework along with a novel Co-Location protocol.
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...IJCNCJournal
With the growing usage of wireless sensors in a variety of applications including Internet of Things, the security aspects of wireless sensor networks have been on priority for the researchers. Due to the constraints of resources in wireless sensor networks, it has been always a challenge to design efficient security protocols for wireless sensor networks. An novel elliptic curve signcryption based security protocol for wireless sensor networks has been presented in this paper, which provides anonymity, confidentiality, mutual authentication, forward security, secure key establishment, and key privacy at the same time providing resistance from replay attack, impersonation attack, insider attack, offline dictionary attack, and stolen-verifier attack. Results have revealed that the proposed elliptic curve signcryption based protocol consumes the least time in comparison to other protocols while providing the highest level of security.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
Context-aware systems represent extremely complex and heterogeneous systems. The need for middleware to bind components together is well recognized and many attempts to build middleware for context-aware systems have been made.
We provide a general introduction about the evolution of the middlewares and then we proceed with an analysis of the requirements and the issues for context-aware middleware.
A GENERIC FRAMEWORK FOR DEVICE PAIRING IN UBIQUITOUS COMPUTING ENVIRONMENTSIJNSA Journal
Recently secure device pairing has had significant attention from a wide community of academic as well as industrial researchers and a plethora of schemes and protocols have been proposed, which use various forms of out-of-band exchange to form an association between two unassociated devices. These protocols and schemes have different strengths and weaknesses – often in hardware requirements, strength against various attacks or usability in particular scenarios. From ordinary user’s point of view, the problem then becomes which to choose or which is the best possible scheme in a particular scenario. We advocate that in a world of modern heterogeneous devices and requirements, there is a need for mechanisms that allow automated selection of the best protocols without requiring the user to have an in-depth knowledge of the minutiae of the underlying technologies. Towards this, the main argument forming the basis of this research work is that the integration of a discovery mechanism and several pairing schemes into a single system is more efficient from a usability point of view as well as security point of view in terms of dynamic choice of pairing schemes. In pursuit of this, we have proposed a generic system for secure device pairing by demonstration of physical proximity. The contributions presented in this paper include the design and prototype implementation of the proposed framework along with a novel Co-Location protocol.
A NOVEL SECURITY PROTOCOL FOR WIRELESS SENSOR NETWORKS BASED ON ELLIPTIC CURV...IJCNCJournal
With the growing usage of wireless sensors in a variety of applications including Internet of Things, the security aspects of wireless sensor networks have been on priority for the researchers. Due to the constraints of resources in wireless sensor networks, it has been always a challenge to design efficient security protocols for wireless sensor networks. An novel elliptic curve signcryption based security protocol for wireless sensor networks has been presented in this paper, which provides anonymity, confidentiality, mutual authentication, forward security, secure key establishment, and key privacy at the same time providing resistance from replay attack, impersonation attack, insider attack, offline dictionary attack, and stolen-verifier attack. Results have revealed that the proposed elliptic curve signcryption based protocol consumes the least time in comparison to other protocols while providing the highest level of security.
Comprehensive survey on security problems and key technologies of the interne...RSIS International
Internet of things (IoT) is a collection of many
interconnected objects, services, humans, and devices that can
communicate, share data, and information to achieve a common
goal in different areas and applications. The vision of IoT is to
enable devices to collaborate with each other on the Internet. IoT
security focuses on authentication and access control protocols.
IoT security is the area with protection connected devices and
networks. There are many key challenges in designing a secure
IoT: Privacy, Authentication, Access Control, Trust,
Confidentiality, Mobile Security, etc. Attacks on IoT security
devices are physical attacks, side channel attacks, cryptanalysis
attacks, software attacks, network attacks. This paper describes
Security Problems of IoT, Security issues and Key Technologies
of IoT.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Microsoft System Center 2012 Delivering better IT ManagementIntergen
Presentation at Intergen's event: Delivering IT Performance across Devices, Data Centres and Clouds.
Understand how Microsoft System Center helps you to empower your people to use their devices and theapplications they need to be productive, while maintaining corporate compliance and control. How do you managethe influx of devices, of various shapes, sizes, ownership and provenance all while maintaining the compliance anddata protection needs of your enterprise?
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
The comparing recent proposal for multimedia applications network security remains an important topic for researchers. The security deals with both wired and wireless communication. Network is defined as it is a large system consisting of many similar parts that are connected together to allow the movement or communication between or along the parts or between the parts and a control center. There are the main components of the network information system such as end systems (terminals, servers) and intermediate systems (hubs, switches, gateways). Every node has its own set of vulnerabilities that can be related to hardware, software, protocol stack etc. Nodes are interconnected by physical supports in a network for example connected with cables in wired Local Area Network (LAN) or radio waves (Wi-Fi) in Wireless Local Area Network (WLAN). Some nodes are able to provide services (FTP, HTTP browsing, database access). If two nodes want to communicate together, they must be interconnected physically and logically. Network security deals with also information hiding technique. Now day’s security deals with heterogeneous networks. The use of different wireless and wired network which are working on different platform is heterogeneous. So design of network security for such type of heterogeneous network is difficult task.
InfoSec Technology Management of User Space and Services Through Security Thr...ecarrow
The focus of this paper will demonstrate the need to clearly define
and segregate various user space environments in the enterprise
network infrastructure with controls ranging from administrative
to technical and still provide the various services needed to
facilitate the work space environment and administrative
requirements of an enterprise system. Standards assumed are
industry practices and associated regulatory requirements with
implementations as they apply to the various contextual
applications. This is a high level approach to understanding the
significance and application of an effective secure network
infrastructure. The focus is on end user needs and the associated
services to support those needs. Conceptually user space is a
virtual area allocated to the end user needs identified with specific
services to support those needs by creating a virtual playground.
To manage risk, the concept of creating a "security threat gateway
(STG)" isolates and secures each user space with its associated
services. Emphasis will be placed on the functional managerial
process and application of the STG, safeguarding one user space
from another, to facilitate the use of the needed services to
perform the operational tasks of the organization. When user’s
needs and associated components are clearly identified, then it is
possible for anyone to use this model as a template, to guide them
in creating an effective strategy for their own network security.
This approach is practical in orientation and application, focusing
on a high level perspective and assumes the reader already has a
low level technical background for a tactical implementation in
mitigating risk to the enterprise network infrastructure.
Cloud computing is a distributed computing system that offers managed, scalable and secured and high available computation resources and software as a service. Mobile computing is the combination of the heterogeneous domains like Mobile computing, Cloud computing & wireless networks.This paper mainly discusses the literature review on Cloud and the Mobile cloud computing. Here in this paper we analyse existing security challenges and issues involved in the cloud computing and Mobile cloud environment. This paper identifies key issues, which are believed to have long-term significance in cloud computing & mobile cloud security and privacy, based on documented problems and exhibited weaknesses.
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
SUMMARY - Current power grids increasingly emerging into smart networked grids and are more accessible from the public internet which poses new cyber threats in the grid. More computer based systems are introduced into power networks in order to monitor and control the network. Future model smart grid and micro grid systems will be based on data flows for communication of system status, usage and control throughout the network infrastructure in addition to the power flow. This creates new security threats on the power grid. Instead of relying mainly on power plants for power generation, there will be a combination of multiple generation sources and at the same time wider use of electrical computer based equipment by consumers. Both increase the amount of data flows in the network as well as introduce additional vulnerable spots. Vulnerability of the power grid to cyber-attacks increases even more because of the wide use of SCADA networks. SCADA networks are more accessible to the internet and lack authentication and authorization mechanisms therefore expose the grid to threats such as DDOS, Data interception, Data alteration and additional hacking threats.
The transition from present to future model has already begun and rapidly growing while it already poses new security challenges which must be attended immediately. It is essential to introduce immediately a single comprehensive security solution which will provide fast detection and prevention tools to cope with a variety of threats with different nature and from multiple sources. The solution should not be tightly coupled with each device in the network so it won’t require upgrade of the devices inside the grid.
The Cyber defense solution should be versatile using variety of cyber technologies such as Firewalls, anomaly detection, Big Data analytics, machine learning and more in a network wise combination.
An IOT Based Low Power Health Monitoring with Active Personal Assistanceijtsrd
Among sensible goals of active and assisted living paradigm is the unobtrusive monitoring of daily living activities. A lot of research has been going on continuous home and personal monitoring applications. There are many solutions were adapted by these technologies to make better remote monitoring applications. The traditional continuous home and personal monitoring systems which are implemented with traditional client server architecture which may fail in factors like low power consumption, un deterministic data delivery time, More sensitive to external connectivity issues temporary failures of servers , adhoc networks using ZigBee and Z wave etc. and also increase the cost of implementation. However, when dealing with the home environment, and especially with older adults, obtrusiveness, usability, and cost concerns are of the utmost relevance for active and assisted Living AAL joint program. With advent of cloud services, the continuous remote monitoring based applications became truly plug and play' approach implementation and also reduce the problems of temporary failures. One of the biggest challenges in this area is to make such application devices work with low power battery based applications . The main drawback comes from the higher power consumption, inherently needed to sustain much higher data rates. In this project, a solution is proposed to improve the low power consumption in Wi Fi sensors by making use of advanced RF based Microprocessor from Texas instruments CC3200 . Bed Occupancy sensor automation has been designed and implemented to test the feasibility of the approach. The TI CC3200 comes with ARM Cortex M4 as a core and inbuilt Wi Fi subsystem. The CC3200 provides different power modes to make the device enter into sleep or hibernate mode. This device will only enter only in work phase when the sensor is active state. During this phase, the processor sample and processes the sensor data and uploads to the cloud using REST API. Thing speak is an IoT cloud service used to present the sensory data as graphs, bar charts, and dashboards on the cloud remaining time it will enter into sleep phase to save the power of the device, so that it will extend the battery life time of the device. B. N. Meenakshi | Mrs. N. V. Durga "An IOT Based Low Power Health Monitoring with Active Personal Assistance" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29603.pdfPaper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/29603/an-iot-based-low-power-health-monitoring-with-active-personal-assistance/b-n-meenakshi
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
IoT (Internet of Things) expands the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level.IoT today has a wide scope and researches say that IoT will definitely be a huge reason in the change of human lifestyle. But irrespective of the scope of IoT, we cannot be sure enough to implement it due to the security concerns. There is a genuine need to secure IoT, which has therefore resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper discusses about the flaws in the security structure of IoT, it is a study about the various layers of IoT and how differentattacks are possible in those layers.
Design and development of non server peer 2 peer secure communication using j...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
Over the past 2 decades, the information technology infrastructure has gone through an exponential change with the introduction and evolution of new technologies and trends. Organizations previously having their data on-premise and their infrastructure comprising of multiple server machines on multiple server racks and dedicated client personal computers (PCs) are moving towards cloud computing & virtualization to Smartphone and tablets. This rapid advancement and constant change, although increasing productivity for the organizations is resulting in a rising number of challenges and security issues for the organizations, their managers, IT administrators and technology architects. This paper discusses the future IT infrastructure components and the challenges & security issues that arise after their implementation that needs to be taken care of in order to get the full advantage of IT.
Pervasive Computing Applications And Its Security Issues & Challengesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Il Patto che illumina l'Abruzzo - Marco Santarelli - Polo analisi delle retiProvincia Di Teramo
L’obiettivo è quello di sviluppare, attraverso la collaborazione con Centri di Ricerca Internazionali, Professionisti del mondo della cultura e dell’innovazione, nuovi concetti e metodi ispirati alla teoria della complessità che permettano di definire una nuova prospettiva al problema del rischio sistemico nei sistemi sociali. Per questo obiettivo è necessaria la convergenza di competenze diversificate e di elevato profilo scientifico. Un importante aspetto di questo progetto sarà anche la formazione di una generazione di giovani scienziati di nuovo tipo con specifico orientamento interdisciplinare.
Malware threat analysis techniques and approaches for IoT applications: a reviewjournalBEEI
Internet of things (IoT) is a concept that has been widely used to improve business efficiency and customer’s experience. It involves resource constrained devices connecting to each other with a capability of sending data, and some with receiving data at the same time. The IoT environment enhances user experience by giving room to a large number of smart devices to connect and share information. However, with the sophistication of technology has resulted in IoT applications facing with malware threat. Therefore, it becomes highly imperative to give an understanding of existing state-of-the-art techniques developed to address malware threat in IoT applications. In this paper, we studied extensively the adoption of static, dynamic and hybrid malware analyses in proffering solution to the security problems plaguing different IoT applications. The success of the reviewed analysis techniques were observed through case studies from smart homes, smart factories, smart gadgets and IoT application protocols. This study gives a better understanding of the holistic approaches to malware threats in IoT applications and the way forward for strengthening the protection defense in IoT applications.
Microsoft System Center 2012 Delivering better IT ManagementIntergen
Presentation at Intergen's event: Delivering IT Performance across Devices, Data Centres and Clouds.
Understand how Microsoft System Center helps you to empower your people to use their devices and theapplications they need to be productive, while maintaining corporate compliance and control. How do you managethe influx of devices, of various shapes, sizes, ownership and provenance all while maintaining the compliance anddata protection needs of your enterprise?
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
The comparing recent proposal for multimedia applications network security remains an important topic for researchers. The security deals with both wired and wireless communication. Network is defined as it is a large system consisting of many similar parts that are connected together to allow the movement or communication between or along the parts or between the parts and a control center. There are the main components of the network information system such as end systems (terminals, servers) and intermediate systems (hubs, switches, gateways). Every node has its own set of vulnerabilities that can be related to hardware, software, protocol stack etc. Nodes are interconnected by physical supports in a network for example connected with cables in wired Local Area Network (LAN) or radio waves (Wi-Fi) in Wireless Local Area Network (WLAN). Some nodes are able to provide services (FTP, HTTP browsing, database access). If two nodes want to communicate together, they must be interconnected physically and logically. Network security deals with also information hiding technique. Now day’s security deals with heterogeneous networks. The use of different wireless and wired network which are working on different platform is heterogeneous. So design of network security for such type of heterogeneous network is difficult task.
InfoSec Technology Management of User Space and Services Through Security Thr...ecarrow
The focus of this paper will demonstrate the need to clearly define
and segregate various user space environments in the enterprise
network infrastructure with controls ranging from administrative
to technical and still provide the various services needed to
facilitate the work space environment and administrative
requirements of an enterprise system. Standards assumed are
industry practices and associated regulatory requirements with
implementations as they apply to the various contextual
applications. This is a high level approach to understanding the
significance and application of an effective secure network
infrastructure. The focus is on end user needs and the associated
services to support those needs. Conceptually user space is a
virtual area allocated to the end user needs identified with specific
services to support those needs by creating a virtual playground.
To manage risk, the concept of creating a "security threat gateway
(STG)" isolates and secures each user space with its associated
services. Emphasis will be placed on the functional managerial
process and application of the STG, safeguarding one user space
from another, to facilitate the use of the needed services to
perform the operational tasks of the organization. When user’s
needs and associated components are clearly identified, then it is
possible for anyone to use this model as a template, to guide them
in creating an effective strategy for their own network security.
This approach is practical in orientation and application, focusing
on a high level perspective and assumes the reader already has a
low level technical background for a tactical implementation in
mitigating risk to the enterprise network infrastructure.
Cloud computing is a distributed computing system that offers managed, scalable and secured and high available computation resources and software as a service. Mobile computing is the combination of the heterogeneous domains like Mobile computing, Cloud computing & wireless networks.This paper mainly discusses the literature review on Cloud and the Mobile cloud computing. Here in this paper we analyse existing security challenges and issues involved in the cloud computing and Mobile cloud environment. This paper identifies key issues, which are believed to have long-term significance in cloud computing & mobile cloud security and privacy, based on documented problems and exhibited weaknesses.
CYBER SECURITY TRANDS FOR FUTURE SMART GRID SYSTEMSGeorge Wainblat
SUMMARY - Current power grids increasingly emerging into smart networked grids and are more accessible from the public internet which poses new cyber threats in the grid. More computer based systems are introduced into power networks in order to monitor and control the network. Future model smart grid and micro grid systems will be based on data flows for communication of system status, usage and control throughout the network infrastructure in addition to the power flow. This creates new security threats on the power grid. Instead of relying mainly on power plants for power generation, there will be a combination of multiple generation sources and at the same time wider use of electrical computer based equipment by consumers. Both increase the amount of data flows in the network as well as introduce additional vulnerable spots. Vulnerability of the power grid to cyber-attacks increases even more because of the wide use of SCADA networks. SCADA networks are more accessible to the internet and lack authentication and authorization mechanisms therefore expose the grid to threats such as DDOS, Data interception, Data alteration and additional hacking threats.
The transition from present to future model has already begun and rapidly growing while it already poses new security challenges which must be attended immediately. It is essential to introduce immediately a single comprehensive security solution which will provide fast detection and prevention tools to cope with a variety of threats with different nature and from multiple sources. The solution should not be tightly coupled with each device in the network so it won’t require upgrade of the devices inside the grid.
The Cyber defense solution should be versatile using variety of cyber technologies such as Firewalls, anomaly detection, Big Data analytics, machine learning and more in a network wise combination.
An IOT Based Low Power Health Monitoring with Active Personal Assistanceijtsrd
Among sensible goals of active and assisted living paradigm is the unobtrusive monitoring of daily living activities. A lot of research has been going on continuous home and personal monitoring applications. There are many solutions were adapted by these technologies to make better remote monitoring applications. The traditional continuous home and personal monitoring systems which are implemented with traditional client server architecture which may fail in factors like low power consumption, un deterministic data delivery time, More sensitive to external connectivity issues temporary failures of servers , adhoc networks using ZigBee and Z wave etc. and also increase the cost of implementation. However, when dealing with the home environment, and especially with older adults, obtrusiveness, usability, and cost concerns are of the utmost relevance for active and assisted Living AAL joint program. With advent of cloud services, the continuous remote monitoring based applications became truly plug and play' approach implementation and also reduce the problems of temporary failures. One of the biggest challenges in this area is to make such application devices work with low power battery based applications . The main drawback comes from the higher power consumption, inherently needed to sustain much higher data rates. In this project, a solution is proposed to improve the low power consumption in Wi Fi sensors by making use of advanced RF based Microprocessor from Texas instruments CC3200 . Bed Occupancy sensor automation has been designed and implemented to test the feasibility of the approach. The TI CC3200 comes with ARM Cortex M4 as a core and inbuilt Wi Fi subsystem. The CC3200 provides different power modes to make the device enter into sleep or hibernate mode. This device will only enter only in work phase when the sensor is active state. During this phase, the processor sample and processes the sensor data and uploads to the cloud using REST API. Thing speak is an IoT cloud service used to present the sensory data as graphs, bar charts, and dashboards on the cloud remaining time it will enter into sleep phase to save the power of the device, so that it will extend the battery life time of the device. B. N. Meenakshi | Mrs. N. V. Durga "An IOT Based Low Power Health Monitoring with Active Personal Assistance" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-1 , December 2019, URL: https://www.ijtsrd.com/papers/ijtsrd29603.pdfPaper URL: https://www.ijtsrd.com/engineering/electronics-and-communication-engineering/29603/an-iot-based-low-power-health-monitoring-with-active-personal-assistance/b-n-meenakshi
Security Issues & Threats in IoT InfrastructureIJAEMSJORNAL
IoT (Internet of Things) expands the future Internet, and has drawn much attention. As more and more gadgets (i.e. Things) connected to the Internet, the huge amount of data exchanged has reached an unprecedented level.IoT today has a wide scope and researches say that IoT will definitely be a huge reason in the change of human lifestyle. But irrespective of the scope of IoT, we cannot be sure enough to implement it due to the security concerns. There is a genuine need to secure IoT, which has therefore resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper discusses about the flaws in the security structure of IoT, it is a study about the various layers of IoT and how differentattacks are possible in those layers.
Design and development of non server peer 2 peer secure communication using j...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Establishing applications on on-demand infrastructures rather of building applica-tions on fixed and rigid infrastructures was provided by cloud computing provides. By merely exploiting into the cloud, initiatives can gain fast access to business applications or infrastructure resources with decreased Capital Expenditure (CAPEX). The more and more information is placed into the cloud by someone and initiatives, security issues begins to develop and raised. This paper discusses the different security issues that rise up about how secure the mo-bile cloud computing environment.
Challenges and Security Issues in Future IT Infrastructure ComponentsMubashir Ali
Over the past 2 decades, the information technology infrastructure has gone through an exponential change with the introduction and evolution of new technologies and trends. Organizations previously having their data on-premise and their infrastructure comprising of multiple server machines on multiple server racks and dedicated client personal computers (PCs) are moving towards cloud computing & virtualization to Smartphone and tablets. This rapid advancement and constant change, although increasing productivity for the organizations is resulting in a rising number of challenges and security issues for the organizations, their managers, IT administrators and technology architects. This paper discusses the future IT infrastructure components and the challenges & security issues that arise after their implementation that needs to be taken care of in order to get the full advantage of IT.
Pervasive Computing Applications And Its Security Issues & Challengesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
Il Patto che illumina l'Abruzzo - Marco Santarelli - Polo analisi delle retiProvincia Di Teramo
L’obiettivo è quello di sviluppare, attraverso la collaborazione con Centri di Ricerca Internazionali, Professionisti del mondo della cultura e dell’innovazione, nuovi concetti e metodi ispirati alla teoria della complessità che permettano di definire una nuova prospettiva al problema del rischio sistemico nei sistemi sociali. Per questo obiettivo è necessaria la convergenza di competenze diversificate e di elevato profilo scientifico. Un importante aspetto di questo progetto sarà anche la formazione di una generazione di giovani scienziati di nuovo tipo con specifico orientamento interdisciplinare.
Il Patto che illumina l'Abruzzo - Comune di Manfredonia - Cofely GDF SuezProvincia Di Teramo
L'esperienza dell'attivazione del servizio integrato di gestione calore degli impianti termici e degli impianti di pubblica illuminazione comunale presso il Comune di Manfredonia
Trust based Mechanism for Secure Cloud Computing Environment: A Surveyinventionjournals
Ubiquitous computing has revolutionized interaction of humans and machines. Cloud computing has been mainly used for storing data and various computational purposes. It has changed the face of using the internet. But, as we know every technology has its pros and cons. Securing cloud environment is the most challenging issue for the researchers and developers. Main aspects which cloud security should cover are authentication, authorization, data protection etc. Establishing trust between cloud service providers (CSP) is the biggest challenge, when someone is discussing about cloud security. Trust is a critical factor which mainly depends on perception of reputation and self-assessment done by both user and CSP. The trust model can act as security strength evaluator and ranking service for cloud application and services. For establishing trust relationship between two parties, mutual trust mechanism is reliable, as it does verification from both sides. There are various trust models which mainly focuses on securing one party i.e., they validate either user or service node. In this survey paper, the study of various trust models and their various parameters are discussed.
Never Compromise Your Mission: 5 Ways to Strengthen Data and Network Security...Unisys Corporation
To learn more visit: http://www.unisys.com/stealth
For years, security involved layering perimeter defenses and physical technology infrastructure that drove up operations and IT costs. But advanced, innovative technologies are driving public sector leaders to step outside the conventional Band-Aid approach. A new breed of public sector security opportunities around software-defined networking has emerged – one that strengthens security and cuts costs. The key – hide all endpoints completely from attackers so there’s no vector to target. There are five ways public sector leaders can increase security and decrease costs:
Cloak your endpoints and go undetectable;
Segment your data center by using communities of interest;
Isolate disparate networks;
Move mission-critical workloads to a more secure cloud;
Convert existing computing devices into secure communications tools.
What is Ubiquitous Computing?
Ubiquitous computing (alias: Pervasive Computing) is a paradigm in which the processing of information is linked with each activity or object as encountered. It involves connecting electronic devices, including embedding microprocessors to communicate information. Devices that use ubiquitous computing have constant availability and are completely connected.
Ubiquitous computing focuses on learning by removing the complexity of computing and increases efficiency while using computing for different daily activities.
Ubiquitous computing is also known as pervasive computing, everyware and ambient intelligence.
Dashboard of intelligent transportation system (ITS) using mobile agents stra...IJECEIAES
Extracting accurate information from huge Transportation Database need to build efficiency Intelligent Transportation Systems ITS-Dashboard that should allow making correct decisions. The quality of decision and the achievement of performance depend on the quality of the information supplied. This information must be reliable, complete, pertinent and more to care about external attacks. Distributed Mobile Agent consists of autonomy of entities with capacities of perception, cooperation and action on their own environment. One of Agent function is the security of Authentication process by activation of notification system on Mobile Device. The main purpose of this paper is to make it consisting of an Agent Based Framework. The strategy is to exploit Mobile Agent capabilities in a Strict Notification Process when user validates his authentication request.
SECURITY APPREHENSIONS IN DIFFERENT REGIONS OF CLOUD CAPTIOUS GROUNDSIJNSA Journal
Cloud computing is a new innovative model for enterprise in which information is permanently stored on the servers and also manage how and when different resources are allocate to the requested users. It provides distributed approach through which resources are allocated dynamically to the users without investing in the infrastructure or licensing the software’s on the client side. Using the cloud makes processing of information is more commodious but it also present them with new security problems about reliability.This phenomenon introduces serious problems regarding access mechanism to any information stored in the database and resources in the cloud. For the successful implementation of cloud computing it is necessary that we must know different areas where the security is needed. For this there should also governess strategy needed for secure communication between multi-clouds located in different geographical areas or in different countries. In this paper we discuss how to safely utilizing the benefit of cloud computing through the network where data security, provide authentication, integration, recovery, IP spoofing and Virtual Servers are the most captiousfields in the cloud.
Unique Security Challenges in the Datacenter Demand Innovative SolutionsJuniper Networks
The ability to leverage attacker intelligence across the infrastructure can improve security and simplify enforcement. Find out how to secure the network at campus edge, data center edge and data center core.
Cloud centric multi-level authentication as a service for secure public safet...ieeepondy
Cloud centric multi-level authentication as a service for secure public safety device networks
+91-9994232214,7806844441, ieeeprojectchennai@gmail.com,
www.projectsieee.com, www.ieee-projects-chennai.com
IEEE PROJECTS 2016-2017
-----------------------------------
Contact:+91-9994232214,+91-7806844441
Email: ieeeprojectchennai@gmail.com
SURVEY OF TRUST BASED BLUETOOTH AUTHENTICATION FOR MOBILE DEVICEEditor IJMTER
Practical requirements for securely demonstrating identities between two handheld
devices are an important concern. The adversary can inject a Man-In- The-Middle (MITM) attack to
intrude the protocol. Protocols that employ secret keys require the devices to share private
information in advance, in which it is not feasible in the above scenario. Apart from insecurely
typing passwords into handheld devices or comparing long hexadecimal keys displayed on the
devices’ screen, many other human-verifiable protocols have been proposed in the literature to solve
the problem. Unfortunately, most of these schemes are unsalable to more users. Even when there are
only three entities attempt to agree a session key, these protocols need to be rerun for three times.
So, in the existing method a bipartite and a tripartite authentication protocol is presented using a
temporary confidential channel. Besides, further extend the system into a transitive authentication
protocol that allows multiple handheld devices to establish a conference key securely and efficiently.
But this method detects only the outsider attacks. Method does not consider the insider attacks. So,
in the proposed method trust score based method is introduced which computes the trust values for
the nodes and provide the security. The trust score is computed has a positive influence on the
confidence with which an entity conducts transactions with that node. Network the behavior of the
node will be monitored periodically and its trust value is also updated .So depending on the behavior
of the node in the network trust relation will be established between two nodes.
Cloud technology to ensure the protection of fundamental methods and use of i...SubmissionResearchpa
A comparative analysis of attacks carried out in cloud technologies, the main methods and methods of information protection, the possibilities of using hardware and software, and methods to combat threats when eliminating them, ensuring data protection were carried out by Mamarajabov Odil Elmurzayevich 2020. Cloud technology to ensure the protection of fundamental methods and use of information. International Journal on Integrated Education. 3, 10 (Oct. 2020), 313-315. DOI:https://doi.org/10.31149/ijie.v3i10.780 https://journals.researchparks.org/index.php/IJIE/article/view/780/750 https://journals.researchparks.org/index.php/IJIE/article/view/780
Similar to Security Attacks And Solutions On Ubiquitous Computing Networks (20)
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Security Attacks And Solutions On Ubiquitous Computing Networks
1. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
40
Abstract— Ubiquitous computing evolved tremendously and
became an integral part of many fields and application domains.
It not only causes maximized availability for users with wired or
wireless networks but also supports any information technology
equipment such as cell phones, PDAs, car navigation terminals
and consumer information appliances as well as desktop
computers and mobile PCs. This new computing paradigm also
brings along modern and unique security challenges regarding
vulnerabilities and appropriate solutions. Possible solutions for
threats of ubiquitous environment to address these security issues
are highlighted.
Index Terms— Ubiquitous, Network, Security, Mobile,
Solution
I. INTRODUCTION
In conventional computing environments, users actively
prefer to interact with computers. Ubiquitous computing
applications are feasible to be different, they will be
embedded in the users physical environment and integrate
smoothly with their everyday tasks. This new technology,
involving elimination of time and position barriers are
extremely inexpensive products that provide availability for
users anytime and anywhere. The users are encircled with an
easy and reliable information vicinity merging physical and
computational basis into an integrated manner. Various
human abilities in daily tasks, medicine, business,
entertainment and education are enhanced to perform by this
scenario using cellular phones, Personal Digital Assistants
(PDAs) and other built in intelligent appliances related to
different tools. Ubiquitous environment guarantees the
accessibility of users to the Internet in multiple places with a
variety of connection media and aware adoptability of service
to the user status [1,9]. This facility is due to context implying
computing context, user context, physical context, temporal
context and context history. In other hands, this type of
computing is broader than mobile computing considering that
it interests not just mobility of computers but, more
significant, mobility of the people. Context-aware computing
instruments and implementations acknowledge to alterations
in the environment in an intelligent manner to improve the
computing environment for the user noticing the mobility of
user and its context and requirement of context-aware
behavior in mobile environment. The context includes:
Who (social): Identification of people near the user
What (functional): Tasks the user is running
Where (location): The geographical position of user
When (temporal): Temporal context defined
Why (motivating): The reason of running task
The realization of ubiquitous computing desires obtaining
seamless service provisioning for users and devices
everywhere. Users in ubiquitous computing environment can
access to variety of networks with high probability, reliability
and availability whereas the security risk will increase as well.
Some of ubiquitous applications are:
Smart tool box: They are instruments with RFID tags;
they have built-in antenna integrated with the box. Time
usage and frequencies are used to inform suitable
reconfiguration or status.
Smart supply chain: With applying ubiquitous
computing error level on companies can be reduced and
tasks can be performed quickly.
Context-aware application: They support to mobility,
physiology of users. Data is gathered by sensors then it
will be analyzed as well as a suitable decision will be
made to satisfy the purpose.
Ubiquitous healthcare: Management of chronic
diseases via technology based ubiquitous patient
monitoring services has been widely proposed as a viable
option for economizing healthcare resources, and
providing efficient, quality healthcare. They can monitor
health status and perform appropriate designs.
Smart home: Bringing ubiquitous computing
applications to home environments is a great challenge. It
enables occupants to remotely control or program an
array of automated home electronic devices. They
provide for owners comfort, security, energy efficiency
(low operating costs) and convenience at all times,
regardless of whether anyone is home.
II. SECURITY CHALLENGES AND NECESSITIES
A. Security
Security design must consider principles of time and
location whereas ubiquitous computing is increased in
multiple- environment openly [6]. Eavesdropping of
communication media, Denial Of Service (DOS) and
modification of information are patterns of attacks performed
by a hacker due to obtaining control of user instruments.
Moving across various networks smoothly without
user-aware of what network is passing forms main objective
to carry out reliable services without more insist on
infrastructure. Protection from unauthorized user (security),
prevention of access by an attacker through unauthorized
techniques (integrity), providing accessibility for user entirely
(availability) and avoiding an entity from refusing former
actions (non-repudiation) are important factors in the security
model. Noticing type of transferring data, possible distortion
or misuse, weaknesses and features, the security issues in
Security Attacks and Solutions On Ubiquitous
Computing Networks
Ahmad Sharifi, Mohsen Khosravi, Dr. Asadullah Shah
2. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
41
wireless network infrastructure for ubiquitous environments
can be illustrated.
Lack of authentication
Recent flaws due to former attacks
Unplanned growth to improve
Lack of suitable security solution
Weak control
Elements interaction issues regarding upgrades
Weak application
Although technical capability in the side of users maybe relies
on distributed security mechanism, some circumstances
require more security to address and ubiquitous computing
enlist security in different approaches.
Fig 1- Ubiquitous environment and issues
Particular security requirements and solutions [1,3,4] can be
determined as below:
Interoperability: Every domain in ubiquitous
environment is addressed by its proper security solution
so it needs to be matching with existing local security
solution.
Availability: Whereas the environment is dynamic,
incoming and outgoing entries affect networks entirely,
so proper operation named Ubiquitous Device
Management (UDM) act against alteration of
environment to maintain availability.
Protection: Credential in environment can be existed at
different layers using IP Security (IPSec) and Secure
Socket Layer (SSL). Different security protocols exist in
different network infrastructure and unified protocols are
required at the ubiquitous network level.
Delegation: A running service regarding different
networks and their mobile parts can change the network
so it is necessary for users to authorize alterations and
delegate their right to a management function running on
their behalf.
Platform safety: Ubiquitous networks are enhanced
with capability to download application securely that
allow proportional update or reconfigure. If there is no
limitation on downloadable source for application so
malicious applications may penetrate and reconfigure an
instrument. For this reason, it is urgent to protect the
platform from this kind of attacks.
Single sign on (SSO): Whereas, users often need to
access multiple service providers getting involved with
multiple authentications and various devices, services
and networks, so it is required to implement a single
sign-on solution which reforms the initiation for entries
to authenticate once in all network domains to include
reliable leaving and joining of ubiquitous networks
without disturbances.
Content safety: While significant capability of
delivering multiple services by ubiquitous computing to
users is noticed, assurance of being secure for providers
in digital environment is guaranteed using a Digital Right
Management (DRM) system to implement in ubiquitous
instruments.
A. Challenges
The further aspects and the extended functionality that
ubiquitous computing offers make it inclined to more
vulnerabilities and disclosures concluding an extra
responsibility to the security subsystem.
The extended computing boundary: The new
computing environment indicates the intangible
conventional computing with related constraints of user
locations. On this environment traditional methods
concentrating solely on digital security are insufficient.
Privacy issues: Because of physical outreach of
ubiquitous computing, privacy of users is become as a
perverse task. More intelligent spaces and computing
capabilities that are openly extensive supplied by natural
construction. These spaces can be captured and utilize
context information. So the system forms a distributed
observation system that can capture too much
information about users and donates confidence of track
prevention for users.
Trust security: Trust is an association between two
entities such that one entity credits other trusted entity
and also is a representation of being reliable, secure and
trustworthy in any interaction with the node. A trust
security task will supply implements qualifying to utilize
and doing performance of security related decisions
autonomously.
Social issues: Social cues can be extremely important
for building models of security, privacy, and trust in a
system. Knowing what other people think, talking with
other people affected by the system (or responsible of it),
and the general social pressures of belonging to a group
can all affect people’s perceptions of technology.
Individual, group and behaviours are categorized as
social issues. New ways of communicate, technologies,
interaction and also human behaviour is considered.
User interaction issues: Because of the nature of group
interactions between users in the space, it is not easily
possible to deny seeing or hearing of user information,
thus consideration to overcome due to this issue must be
taken into security plan by jointing physical and virtual
aspects of access control with each other.
3. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
42
Information operation: It is a serious concern in the
network in the networks that is over new types of threats.
It can be defined as actions taken that affect adversary
information and information systems while defecting
one's own information and information systems. In this
way cyber terrorists and other techno-villains can exploit
computer networks, inject misleading information, steal
electronic assets or disrupt critical services monitor to
prevent.
Security policies: Implying a flexible and convenient
approach to define and manage security policies in a
dynamic context-aware form is dominant for ubiquitous
computing. Policy Management tools provide
administrators the capability to specify, implements, and
imposes rules to exercise greater control over the
behaviour of entities in their systems. The policy
management software maintains an exhaustive database
of corresponding device and resource interfaces. With
the increase of heterogeneous device-specific and
vendor-specific interfaces, these tools may need to be
updated frequently to accommodate new hardware or
software, and the system normally becomes difficult to
manage. As a result, general purpose low-level
management tools are limited in their functionality, and
are forced to implement only generic or coarse-grained
policies.
III. SECURITY ATTACK AND SOLUTIONS
A. Security attacks
Some famous security attacks on ubiquitous environments
can be illustrated as below [7,10]:
Fig 2- Attacks on different nodes
Man-in-the-middle attack: Authentication of
appliances in delivering services is very important.
A user must authenticate the artefact mandatorily,
while using a secret, i.e., password or PIN code. The
Man-in-the-middle attack happens when artifacts or
users forward challenges and responses to simulate
the existence of other actors. When a client uses his
credit card through terminal, even though proper
security protocols are tangent, a masquerade attack
is a probability. In other words, an attacker has the
ability to modify the transaction without tampering
with terminal and needless to steal the card. So this
kind of attack cannot be verified to plug in the right
terminal in any way due to not occurring in a virtual
context. This kind of attack allows the impersonation
of artifacts and users.
Access network attack: Home gateway and outside
service provider connect together through the access
network. Obviously, if the attacker gathers the
sensitive data form network packet at the household
network connection point, critical information such
as: financial data, user ID and other information can
be exposed.
Illegal connection attack: Whereas household
appliances are connected to multiple networks
through the home gateway which is normally
controlled by web based management, the problem
arises when the attacker can obtain this
administration. Then it can attack against the rest of
network easily. In addition may be an attacker
pretends own as one internal legitimate user and
control the home appliances. Leakage of information
can lead to misuse of it that is not interested by users.
Capturing sensitive data: Electronic sensors are
commonly used in the ubiquitous systems and
because of their poor computational opportunity in
the monitoring procedure, while an attacker can use
this reality with putting a receiver close to the sensor
to achieve sensitive information from the
implemented sensor directly. In these sensors,
usually focus is about sensing tasks instead of
cryptographic affairs.
Stealing Intermediary device: An intermediary
device gathers sensor data. If it goes in hand of an
attacker, the device cannot be reused where it is
counted as a breached source for network
information to an attack purpose. In other words, this
forms a potential vulnerability. In many cases, a
device contains a maintenance interface.
Data manipulation: Because of computational
restrictions on sensors, they cannot authenticate the
passing data directly. Record logs of traversing
sensor data is kept on an intermediary device.
Encryption and decryption techniques can be used to
increase the authentication, although the how to use
with poor intrinsic infrastructure on a computational
manner is a challenge as well.
Impersonating and insiders: A monitoring
instrument can be deceived by an attacker
pretending to be a technician. In this way, devices
can be replaced with fake ones by the attacker. So an
impersonating attacker is able to use free services
form the network.
Denial Of Service (DOS): This kind of attack
occurs in high chances on the poor protected
monitoring system while, batteries through
intermediary devices could be drained or jamming
appears on transmission links. This attack can cause
to overload on the communication interfaces of the
4. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
43
medical objectives and intensive computational
process on centers processing plants. So identifying
these situations in advance is important to take the
appropriate steps.
B. Security solution
Security has a significant role for ubiquitous computing. In
fact, it arises for many people as a primarily practical concern.
In these kinds of environments and networks, some solutions
to face with probable issues are proposed.[5]
IV. REAL TIME INTRUSION DETECTION
Available intrusion detection system (IDS), have varying
weaknesses leading to tough deployment due to lack of
considerations about heterogeneity, flexibility and resource
limitation of ubiquitous networks. To figure out this problem
a service-oriented and user-centric intrusion detection system
(SUIDS) is suggested which record events and logs to imply
protection mechanisms on different network appliances
against intrusions. A user-centric approach is proposed to
spontaneously compose a protection against malicious users.
In SUDIS behaviour of users in long time by potential
distributions are represented, which displays the expected
result and relationship to any kind of actions for a user. In
brief, the stages can be indicated as:
Long term behaviors of users are accumulated.
Possible distributions for services are developed.
Normal and current behaviour of users are achieved.
Statistical deviation between established behaviors
and current ones are counted.
If it is intrusion or not is recognized
V. ROLE BASED ACCESS CONTROL
Role based access control system (RBAC), is based on
different roles on an individual occurring as part of an
organization. In this method, each role is assigned to a set of
permission to hold a place as a hierarchy among other entities.
It includes two kinds of mappings, which are user role
assignment (URA) and role permission assignment (RPA).
These are updated separately. Users can be supplemented to
the URA without changing RPA, providing new users a
predefined role. And also RPA assigns users to acceptable
behaviors that are restricted. The purpose of RBAC is that
URA and PRA change less frequency than the permission of
individual users. It has been adapted for use in ubiquitous
computing environments. These steps are:
The user role is achieved.
The privileges related their role, are listed.
Normal action of user is obtained.
Privileges under role are controlled for allowance.
In acceptable situation, a user is authenticated.
VI. TRUST BASED SECURITY SOLUTION
This proposal improves a security policy and assigning
credentials to entities. Delegation of trust to third parties is
focused in this mechanism. The solution has idea on
extending of SPKI and RBAC for accessibility of smart
devices connected together i.e., using Bluetooth. These steps
are:
Assigning credentials for a given entity is
performed.
Security policies are defined.
Trusted entities are listed, then giving assigns to
entities are initiated.
Trust over user from trusted entities is achieved.
A trust on a new user based on the feedback taken
from trusted entities is established.
Trust based authentication or access control is
performed.
VII. LOCAL PROOF OF SECRET
It is a procedure [2] which can verify that a secret is locally
known in order to prohibit man-in-the middle attacks in
ubiquitous computing. It indicates how a user A can
authenticates a virtual entity B. The trusted third party can
certify some properties involving verification of an attribute.
VIII. RFID BASED AUTHENTICATION PROTOCOL
A radio frequency Identification (RFID) [8] is a microchip
that is able of transmitting a unique serial number and other
additional data through RF (radio frequency) signals.
Ubiquitous computing involves computers and technology
that blend seamlessly into day to day living. The purpose of
RFID is to identify objects remotely by embedding tags into
the objects. RFID tags are useful tools in manufacturing,
supply chain management, inventory control, etc. In
ubiquitous computing environment, components or RFID
systems can exist anywhere. In tag’s ID state, dynamic value
means the tag only communicates with a fixed back-end
database and the tag holding static ID indicates it can
communicate with any reader in ubiquitous computing
environment. RFID system must be formed to be secure
against attacks such as eavesdropping, traffic analysis,
message interception and impersonation, i.e., spoofing and
replay. Even though RFID technology is known to be
well-suited to linking the physical and virtual world, but
before it could become a truly ubiquitous technology, there is
still many researches challenges to be faced. Such challenges
include security, privacy, deployment challenges such as
health and safety and aesthetics, as well as technical
challenges such as system failures and input data errors.
IX. INFORMATION LEAKAGE
Whereas there are sensitive information especially in
expensive products, and concerning of users due to their
information security, this matter is critical to solve. In other
hand, RFID systems only response with distinguished
emitting signals to a query which is related to neighborhood
domain. Leakage of information can be occurred without
awareness of users. Information leakage by insiders is more
problematic while the asset value of information is higher. In
situations of information sharing and information
accessibility the problem is more serious. Therefore, it is most
5. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
44
important to develop security technology that applies more
strict control to inside information leakage while enabling
staff inside the company to access inside information at any
time in any place supporting high work efficiency.
X. TRACEABILITY
An opponent can record the transmitted message from a
response of a target tag and establish a link between them. By
this link, the location information of user can be detected to an
opponent. In the authentication situations stages include:
Reading RFID-tag from a product
Transform of RFID-tag to the database server
Check for validity of RFID-tag
Match RFID-tag with an entity indicates
authentication.
XI. BIOMETRICS
It implicates good properties to provide seamless and
automated mechanisms for determining and confirming
identity while, being less prominent. Finger print recognition,
or face recognition techniques are faster than entering secure
passwords and no need to carry special devices like PDA.
Accuracy and seamless of biometric authentication
techniques are very dependent on hardware. The principal
concern focuses around the biometric template and sample. In
whichever biometric technique that is used, these elements
represent unique personal information. Unfortunately, unlike
other forms of authentication (such as secret knowledge or
tokens, which can be simply changed if lost or stolen), it is not
possible (or necessarily easy) to change or replace biometric
characteristics – they are an inherent part of the person.
Therefore, once lost or stolen, they remain compromised and
can no longer be reliably used. Also, biometric authentication
techniques still lack a good and secure method of storing
biometric features in a way that prevents compromise of
sensitive data and preserves anonymity while providing
enough flexibility to accommodate partial matches and reduce
a suitable confidence level.
XII. CONCLUSION
Security and privacy are one of the most important issues
on ubiquitous computing. The nature of the ubiquitous
environment allows communications and devices traverse
openly, anytime and anywhere, so modern computing
networks have become increasingly ubiquitous. When
services are provided easily for all various networks and their
users, obviously the major concern of users due their critical
information become a dominant point. In this paper the
security challenges and attacks over the applications
developed on ubiquitous computing environment and some
security schemes have presented.
REFERENCES
[1] Adelstein. F., Gupta. S.K.S., Richard G.G., Schwiebert. L.,
“Fundamentals of mobile and pervasive computing”, TATA
McGRAW-HILL (Fourth reprint 2008)
[2] BUSSARD. L., ROUDIER. Y., “Authentication in Ubiquitous
Computing”, Workshop on Security in Ubiquitous Computing
UBICOMP 2002, Göteborg Sweden.
[3] Campbell. R., Al-Muhtadi. J., Naldurg .P, Sampemane. G.,
Mickunas.M.D.,“ Towards Security and Privacy for Pervasive
Computing”.
[4] Forne. J., Hinarejos. F., Marin .A., Almena rez. F., Lopez. J.,
Montenegro.J.A, Lacoste, M., Diaz.D., “Pervasive
authentication and authorization infrastructures for mobile
users”, ELSEVIER, information security technical report 12.
162-171, (2007).
[5] Kulkarni. D., Tripathi.,“Context-Aware Role-based Access
Control in Pervasive Computing Systems”, Dept. of Computer
Science, University of Minnesota Twin Cities, MN 55455,
USA (dkulk,tripathi)@cs.umn.edu.
[6] Leung. A., Sheng. Y., Cruickshank.H., “The security
challenges for mobile ubiquitous services”, ELSEVIER,
information security technical report 12. 162-171, (2007).
[7] Hayat. Z., Reeve. J., Boutle. C., “Ubiquitous security for
ubiquitous computing”, ELSEVIER, information security
technical report 12. 172-178, (2007).
[8] O'Driscoll. C., Cormac. D.M, Deegan. M., Mtenzi. F., O’Shea.
B, “RFID: an Ideal Technology for Ubiquitous”, Dublin
Institute of Technology ARROW@DIT School of Electronic
and Communications Engineering. Conference papers (2008)
[9] Pierre. S., “Mobile computing and ubiquitous networking:
concepts, technologies and challenges”, ELSEVIER,
Telematics and informatics 18 (2001) 109-131
[10] Shinozuka. K., “Ubiquitous Security - Towards Realization of
a Safe and Secure Digital World ”, Oki Technical Review April
2007/Issue 210 Vol.74 No.2
AUTHOR’S PROFILE
Ahmad Sharifi. He has received M.Tech in Computer Networks and
Information Security from Jawaharlal Nehru Technological University
(JNTU), Hyderabad, India. In addition, he has received his bachelor in
Electronic engineering from industrial university of Shahroud, Iran. Ahmad
has professional experiences on technical engineering on ISP and network
designs for many years. In addition, he is involving with teaching in
universities. He interests in Cryptography, WSN, ADHOC, MATLAB,
OPNET and other related issues. His personal website is
www.ahmadsharifi.com. Furthermore, he cooperates with RIPE NCC
www.ripe.net via www.sharifisp.com that is Internet Service Provider.
Mohsen Khosravi. He is PhD student in the Information Technology
department of Information and Communication Technology (KICT) of
International Islamic University Malaysia (IIUM). He has received his
6. ISSN: 2277-3754
ISO 9001:2008 Certified
International Journal of Engineering and Innovative Technology (IJEIT)
Volume 3, Issue 4, October 2013
45
master of Information Technology from Jawaharlal Nehru Technological
University (JNTU), Hyderabad, India. His bachelor is software engineering
from Azad university of Lahijan, Iran. His fields of interests are ADHOC,
WSN and RFID that he works on it specially.
PROF. DR. ASADULAH SHAH.
He is Professor at Department of Information System, Kulliyyah of
Information and Communication Technology, IIU Malaysia. Dr. Shah has a
total of 28 years teaching and research experience. He has 105 research
publications and 12 books published by International press. Dr. Shah has
done his undergraduate degree in Electronics, Master’s degree in Computer
Technology from the University of Sindh, and PhD in Multimedia
Communication, from the University of Surrey, England, UK. His areas of
interest are multimedia compression techniques, research methodologies,
speech packetization and statistical multiplexing. He has been teaching
courses in the fields of electronics, computers, telecommunications and
management sciences.