Locking Out the Investigator: The Need to Circumvent Security in Embedded Systems

ABSTRACT

Embedded devices are becoming ubiquitous in both domestic and commercial environments. Although smartphones, tablets, and video game consoles are all labeled by their primary function, most of these devices offer additional features and are capable of additional interactivity. Given the proprietary nature of such devices in terms of hardware and software and the protection mechanisms incorporated into these systems, it is and will continue to be extremely difficult to use “traditional digital forensics” methodologies to access storage media and acquire data for analysis. This paper examines how consumer law may be stifling research that the forensic community could ultimately depend upon to examine devices.     

An evidential fusion approach for activity recognition in ambient intelligence environments

With the growing emergence of ambient intelligence, ubiquitous computing, sensor networks and wireless networking technologies, “ubiquitous networked robotics” is becoming an active research domain of intelligent autonomous systems. It targets new innovative applications in which robotic systems will become part of these networks of artifacts to provide novel capabilities and various assistive services anywhere and anytime, such as healthcare and monitoring services for elderly in Ambient Assisted Living (AAL) environments. Situation recognition, in general, and activity recognition, in particular, provide an added value on the contextual information that can help the ubiquitous networked robot to autonomously provide the best service that meet the needs of the elderly. Dempster–Shafer theory of evidence and its derivatives are an efficient tool to handle uncertainty and incompleteness in smart homes and ubiquitous computing environments. However, their combination rules yield counter-intuitive results in high conflicting activities. In this paper, we propose a new approach to support conflict resolution in activity recognition in AAL environments. This approach is based on a new mapping for conflict evidential fusion to increase the efficiency and accuracy of activity recognition. It gives intuitive interpretation for combining multiple sources in all conflicting situations. The proposed approach, evaluated on a real world smart home dataset, achieves 78% of accuracy in activity recognition. The obtained results outperform those obtained with the existing combination rules.     

A service gateway for networked sensor systems

An emerging area in ubiquitous computing is networked sensor systems. The typical approach is to connect sensor-actuator devices using classic network infrastructures at a low level. These networks can serve as infrastructures to dynamically integrate, sensors and actuators into complex interactive systems while providing convenient services and interfaces to users. A prominent scenario for ubiquitous computing and ad hoc networking is an in-house environment using smart sensor system. Shaman, an extendable Java-based service gateway for networked sensor systems, integrates small network-attached sensor-actuator modules (SAMs) into heterogeneous, high-level networking communities. The system unburdens its connected SAMs by transferring functionality from the SAMs to the gateway.     

Potential cyberterrorism via a multimedia smart phone based on a web 2.0 application via ubiquitous Wi-Fi access points and the corresponding digital forensics

Cyberterrorism has become a hotly debated research issue in the past decades because of the convergence of mobile computing powers and the fledging multimedia communication computing capabilities. Cyberterrorism is the exploitation of computer network tools to incur malfunction or shut down critical infrastructures with several keyboard punches, which is dramatically different from traditional terrorism. Due to the ubiquitous multimedia communication tools, they have radically transformed the ways concerning data transmission. Unfortunately, it also incurs unprecedented opportunities for committing cyber crimes that we were not able to foresee two decades ago. Undoubtedly, the mushrooming proliferation of mobile phones spectacularly triggers the information security leakage while most people heavily rely on mobile phones for daily communication. As cybercrime or cyberterrorism surges, digital forensics (DF) of mobile communication devices still enormously lags behind than computer forensics. Hence, in this research paper, we provide a hypothetical case review concerning the DF of a potential cyberterrorist attack that was triggered by a mobile multimedia smart phone utilizing a popular web 2.0 application program via ubiquitous Wi-Fi access points. The corresponding DF of the mobile device was conducted in a step-by-step manner as well as the crime scene reconstruction based on the digital evidence collected, analyzed, and preserved.     

The optimal split method of large integer multiplication for smart low-end devices on P2P ubiquitous networks

This paper proposes an optimal method for large integer multiplication when implementing modern cryptographic applications on Peer-to-Peer ubiquitous networks. P2P ubiquitous networks are usually composed of smart low-end devices, which operate on the limited battery power. To maximize the lifetime of P2P networks, the power consumption rate of each node must be quite careful, and an efficient and energy-saving large integer multiplication makes the cryptographic protocols possible to be executed on such nodes. The proposed method first recursively bisections multiplier and multiplicand in threshold times. Subsequently, classical multiplication calculates the products of the split multiplier and multiplicand blocks. Finally, the products of the blocks are gradually integrated to obtain the product of the large integers. This study demonstrates that the n-times recursive-balanced-2-way split method, where n is the floor of log₂(0.13515?×?s), obtains the optimal performance in multiplying two s-words based on classical multiplication. The experiment results show that modular exponentiation combined with other modular multiplication methods uses 1.28×–2.10× the computational cost required in the proposed method. The energy consumption of software is closely related to the execution time. The proposed scheme is an energy-saving method to maximize the lifetime of P2P ubiquitous networks when implementing security protocols in smart low-end devices on P2P networks. It is suitable for realizing robust security protocol on smart low-end devices, in which the framework is based on modular exponentiation and modular multiplication. Smart low-end devices based on the proposed method perform security protocols in satisfying the security recommendations of NIST.     

Usability classification for spontaneous device association

As wireless devices increasingly becoming ubiquitous, spontaneous interaction opportunities are accordingly becoming common. Although spontaneous interaction research has been ongoing for many years, a key question of spontaneous interaction still remains open: how can users associate devices in a natural, intuitive and secure manner. Over the past decade, researchers have demonstrated a plethora of device association techniques. Nonetheless, users were often neglected during design or they were only involved in a later stage, like testing. We argue that since device association is performed by end-users, usability factors need to be considered in the early stage of design. In this article, we present a categorisation of factors that influence the usability of device association. This paper aims at providing a framework that informs researchers and system designers of the considerations needed when designing or adopting an association technique.     

Energy-efficient deployment of Intelligent Mobile sensor networks

Many visions of the future include people immersed in an environment surrounded by sensors and intelligent devices, which use smart infrastructures to improve the quality of life and safety in emergency situations. Ubiquitous communication enables these sensors or intelligent devices to communicate with each other and the user or a decision maker by means of ad hoc wireless networking. Organization and optimization of network resources are essential to provide ubiquitous communication for a longer duration in large-scale networks and are helpful to migrate intelligence from higher and remote levels to lower and local levels. In this paper, distributed energy-efficient deployment algorithms for mobile sensors and intelligent devices that form an Ambient Intelligent network are proposed. These algorithms employ a synergistic combination of cluster structuring and a peer-to-peer deployment scheme. An energy-efficient deployment algorithm based on Voronoi diagrams is also proposed here. Performance of our algorithms is evaluated in terms of coverage, uniformity, and time and distance traveled until the algorithm converges. Our algorithms are shown to exhibit excellent performance.     

Websigns: hyperlinking physical locations to the Web

HP researchers are developing handheld devices that combine wireless technology and ubiquitous computing to provide a transparent linkage between physical entities in the environment and resources available on the Web. First-generation mobile computing technologies typically use protocols such as WAP and i-mode to let PDAs, smart phones, and other wireless devices with Web browsers access the Internet, thereby freeing users from the shackles of their desktops. We believe, in addition, users would benefit from having access to devices that combine the advantages of wireless technology and ubiquitous computing to provide a transparent linkage between the physical world around them and the resources available on the Web. We are developing devices that augment users' reality with Web services related to the physical objects they see     

新型智能终端取证技术研究

随着移动互联网的广泛应用,智能手机、平板等新型智能终端设备在各种各样的违法犯罪活动中开始扮演越来越重要的角色,从涉案手机中提取的数据常常包含与违法犯罪行为相关的重要线索和证据。然而,移动智能终端设备不断提升的安全设计可能使得取证人员无法从设备中提取数据,给电子数据取证鉴定工作提出了新的挑战。本文详细分析当前主流的iOS、Android和Windows Phone等平台下的移动设备的安全机制,研究了主要的安全机制破解和取证技术及其在目前电子数据取证工作中的应用。最后,对未来面向新型移动智能终端电子数据取证技术研究发展方向进行了探讨。     

A survey on cyber attacks against nonlinear state estimation in power systems of ubiquitous cities

It is well-known that critical infrastructures would be targets for cyber attacks. In this paper, we focus on the power systems (i.e. smart grids) in ubiquitous cities, where every meter is linked to an information network through wireless networking. In a smart grid system, information from smart meters would be used to perform a state estimation in real time to maintain the stability of the system. A wrong estimation may lead to disastrous consequences (e.g. suspension of electricity supply or a big financial loss). Unfortunately, quite a number of recent results showed that attacks on this estimation process are feasible by manipulating readings of only a few meters. In this paper, we focus on nonlinear state estimation which is a more realistic model and widely employed in a real power grid environment. We category cyber attacks against nonlinear state estimation, and review the mechanisms behind. State-of-the-art security measures to detect these attacks are discussed via sensor protection. Hope that the community would be able to come up with a secure system architecture for ubiquitous cities.     

基于IEEE 1451 的无线网络化智能传感器探讨􀀁

传感器技术和网络技术的结合产生了网络化智能传感器 ,由此制订了 IEEE14 5 1网络化智能传感器标准。随着技术的发展 ,根据应用的需要 ,人们又提出研制无线网络化智能传感器。本文介绍无线网络化智能传感器的提出背景和研究现状 ,分析无线网络化智能传感器的技术可行性 ,设计一种基于嵌入式网络模块的、用于机器人手爪的无线网络化智能传感器的实现方案。     

The disclosure of an Android smartphone’s digital footprint respecting the Instant Messaging utilizing Skype and MSN

As Android Operating System (OS) for mobile computing devices become one of the major trends, the utilization of smartphones set the record for global users and they are taking advantages of the contemporary Instant Messaging (IM) as a convenient tool to communicate with global users in real time because of its competitive rate, high availability, robust reliability, and agile mobility. Undoubtedly, as IM has gradually become one of the channels to commit the cybercrime, the digital evidence collection, analysis, and preservation of the non-volatile data from the Random Access Memory (RAM) of the computing device in terms of cyber trails that were unknowingly left on the crime scene. Hence, this research conducts the design of the experiments to fulfill the essence of contribution of the paper. The Skype Chat and MSN are the popular IM tools, which are widely utilized in contemporary digital era. This paper provides a generic paradigm for the digital forensics specialists and law enforcement agencies to ponder if similar situations are faced.     

When sensing goes pervasive

In line with the pervasive vision, pervasive sensing allows the provision of ubiquitous and pervasive monitoring and heterogeneous data collection. In the past decade, two dominant pervasive sensing paradigms have emerged: a mostly human-free paradigm centered around wireless sensor networks and a human-centric paradigm fueled by the rise of personal smart devices (smartphones and wearables). In this paper, we review the key advances in these areas and outline our vision for future directions and developments.     

嵌入式设备的网络化方法研究

网络化的嵌入式设备是构建网络控制系统的基础。通过分析嵌入式设备网络化的需求，提出了一种基于Web的网络化设备模型。结合智能型液体泄漏检测仪和水质环境自动监测仪的研制，详细讨论了设备网络化体系结构和网络化平台，并指出嵌入式设备网络化应注意的一些关键问题。     

Pervasive computing at scale: Transforming the state of the art

The remarkable recent progress in computing power, sensors and embedded devices, smart phones, wireless communications and networking technologies, combined with emerging data mining techniques, cloud computing and social networking paradigms has enabled us to create pervasive computing systems and services with diverse applications and global accessibility. In this paper, we assess the current state of the art of pervasive computing at scale (PeCS) and look ahead to future directions the field can pursue together with challenges it will need to overcome.     

Facing the challenge of wireless security

Increasingly, companies and individuals are using wireless technology for important communications they want to keep private, such as mobile e-commerce transactions, email, and corporate data transmissions. At the same time, as wireless platforms mature, grow in popularity, and store valuable information, hackers are stepping up their attacks on these new targets. This is a particular problem because wireless devices, including smart cellular phones and personal digital assistants (PDAs) with Internet access, were not originally designed with security as a top priority. Now, however, wireless security is becoming an important area of product research and development. As in the wired world, wireless security boils down to protecting information and preventing unauthorized system access. However, it is challenging to implement security in small-footprint devices with low processing power and small memory capacities and that use unreliable, low bandwidth wireless networks. Vendors and others have developed several security approaches for the various wireless technologies, although each of these early efforts has some shortcomings. Security researchers are thus busy developing new technologies and fixing holes in existing ones. The paper discusses wireless security technology and its shortcomings     

UbiPhone: Human-Centered Ubiquitous Phone System

Emerging rich wireless networking modalities facilitate the development of new intelligent, innovative services on smart phones. The authors propose a ubiquitous phone (UbiPhone) system that demonstrates innovative context-aware human-centric phone services, which could become available on smart phones. UbiPhone's features include UbiCall, AnyCall, and an emergency contact service.     

Improving electronic health records retrieval using contexts

This paper aims to solve a recently arose problem, related to the access to the Electronic Health Records (EHR) in the Hospitals. Due to the digitalization of the information contained in the medical records, and the growing availability of devices that directly generate digital documents to include in it, the EHR are becoming unmanageable. Even more, to find a concrete item of information relevant for a given assistance act is a very hard, difficult and time-consuming task. To solve it we propose here the definition of contexts of access to the EHR, to exploit the logical division of the information inside each document in the EHR into data groups, and the computation of the pertinence of each data group to each context. It allows us to prioritize, the information in the EHR, even at a concrete data item level, according to the situation from which it is acceded. This way when the medical personnel is involved in an assistance act, the most relevant information for it is the one first showed, being able to widen the search but always according to the relevance. With it we not only improve the accessibility to the EHR and make easier the work of the doctors, but also enable other applications like the ubiquitous computation or the mobility, using devices like tablet PC’s and PDA’s.     

A review study on blockchain-based IoT security and forensics

The term Internet of Things (IoT) represents all communicating countless heterogeneous devices to share data and resources via the internet. The speedy advance of IoT devices proposes limitless benefits, but it also brings new challenges regarding security and forensics. Likewise, IoT devices can generate a massive amount of data that desires integrity and security during its handling and processing in an efficient way. IoT devices and data can be vulnerable to various types of cyber-crimes at each IoT layer. For combating these cyber-crimes in IoT infrastructure, IoT forensic term has shown up. The IoT forensic is the process of performing digital forensic investigation in the IoT environment in a forensically sound and timely fashion manner. Sundry challenges face the IoT forensics that requires urgent solutions and mitigation methods; digital evidence needs to be collected, preserved, analyzed, processed, and reported in a trusted manner to be acceptable for presenting in the court of law. Preserving the evidence unchanged or tampered with is the most critical challenge in digital forensics. Authentication is another challenge facing digital forensics; who is allowed to deal with the evidence? One of the most recent solutions for supporting IoT forensics is the use of Blockchain. Using Blockchain in digital forensics guarantees data integrity, immutability, scalability, and security. Therefore, this paper presents a comprehensive review of IoT security and forensics with the integration with Blockchain technology. It begins by providing an inclusive discussion of IoT security, as well as the need for IoT forensics, and the concepts of Blockchain. Then, a review of Blockchain-based IoT security and forensics issues is presented. Finally, a discussion of open research directions is provided.

     

数字取证技术及其发展趋势

数字取证技术已经成为信息安全领域研究热点之一。本文首先分析了数字取证的定义以及数字证据的特性。然后从取证过程模型、取证分析技术以及取证产品、标准和法规方面重点阐述了数字取证技术的研究现状,讨论了数字取证分析技术的分类方法以及文件雕刻取证分析技术。分析了数字取证领域中存在的难点问题,探讨了数字取证技术研究的发展趋势。