Context-based authentication and transport of cultural assets

We present a ubiquitous system that combines context information, security mechanisms and a transport infrastructure to provide authentication and secure transport of works of art. Authentication is provided for both auctions and exhibitions, where users can use their own mobile devices to authenticate works of art. Transport is provided by a secure protocol that makes use of position–time information and wireless sensors providing context information. The system has been used in several real case studies in the context of the CUSPIS project and continues to be used as a commercial product for the transportation and exhibition of cultural assets in Italy.     

以人为中心的感知

随着嵌入式技术、移动计算技术和无线传感器网络技术的发展,越来越多的可移动的通信和存储设备上嵌入了传感器,比如,手机上的方位传感器、震动传感器(实际上,手机的话筒和摄像头也是传感器),以及嵌入到MP3播放器中的脉搏传感器,等等.这些移动设备上的传感器可以采集与人们的行动、社会交往等息息相关的个人信息.此外,随着成本的下降,这些具有感知功能的移动通信设备的持有量不断提高,再加上Internet中社会网络软件的广泛使用,一类新的感知应用应运而生-以人为中心的感知(People-Centric Sensing,PCS).PCS不仅是一个新的研究领域,而且具有巨大的潜在应用价值,近几年来引起了学术界和工业界的高度关注.该文介绍了PCS的概念、特征以及重要的研究问题和挑战,并概述了PCS的研究现状.     

Mobile edge-enabled trust evaluation for the Internet of Things

The Internet of Things (IoT), including wireless sensors, is one of the highly anticipated contributors to big data; therefore, avoiding misleading or forged data gathering in cases of sensitive and critical data through secure communication is vital. However, due to the relatively long distance between remote cloud and end nodes, cloud computing cannot provide effective and direct management for end nodes, which leads to security vulnerabilities. In this paper, we propose a novel trust evaluation model based on the trust transitivity on a chain assisted by mobile edge nodes, which is used to ensure the reliability of nodes in the Internet of Things and prevent malicious attacks. The mobile edge nodes offer a new solution to solve the above problems with relatively strong computing and storage abilities. Firstly, we design calculation approaches to different trust chains to measure their trust degrees. Secondly, we propose an improved Dijkstra’s algorithm for collecting trust information of sensor nodes by mobile edge nodes. Finally, the experimental results show that our trust model based on mobile edge nodes can evaluate sensor nodes more precisely and enhance the security on the Internet of Things.     

Wireless MediaNets: application-driven next-generation wireless IP networks

Thanks to the explosive creation of multimedia contents, the pervasive adoption of multimedia coding standards and the ubiquitous access of multimedia services, multimedia networking is everywhere in our daily lives. Unfortunately, the existing best effort IP network infrastructure, originally designed with little real-time QoS requirement, has started to suffer from performance degradation on emerging multimedia networking applications. This inadequacy problem is further deepened by the prevalence of last/first-mile wireless networking, such as Wi-Fi, mobile WiMAX, and many wireless sensors and ad-hoc networks. This can be evidenced by more and more fragmentation of application-driven IP-based networks, such as for power grid distribution, networked security surveillance, intelligent transportation communication, and many other sensor networks. To overcome the QoS challenges, the next generation wireless IP networks have to be architected in a top-down manner, i.e., application-driven layered protocol design. More specifically, based on the application media data, compression schemes are applied, the subsequent Network, MAC- and PHY-layered protocols need to be accordingly or jointly enhanced to reach the optimal performance. This is the fundamental concept behind the design of Wireless MediaNets. In this survey paper, I will address the QoS challenges specifically encountered in video over heterogeneous wireless broadband networks and address several application-driven Wireless MediaNet solutions based on effective cross-layer integration of APP and MAC/PHY layers. More specifically, the congestion control for achieving airtime fairness of video streaming to maximize the link adaptation performance of Wi-Fi, the minimum latency event-driven data exchange for distributed wireless ad-hoc sensor networks, and the opportunistic multicast of scalable video live streaming over mobile WiMAX.     

Heterogeneous networking

In this article, security challenges related to a mobile heterogeneous networking environment, and the general access patterns are discussed. A novel, unified networking architecture that enables secure heterogeneous networking, both in terms of networks and user devices is discussed. A comprehensive security framework providing a generalized authentication scheme using the Extensible Authentication Protocol (EAP) is then presented, by taking into account existing methods for secure network and device access.     

社交网络用户浏览轨迹信息隐私保护方法仿真

随着网络应用的广泛普及,QQ、微信、YY语音、陌陌等社交软件走进千家万户,但社交网络用户浏览轨迹信息隐私保护问题也随之而来。由于社交网络平台安全机制存在漏洞,抵御网络攻击性能不强,使社交网络用户信息纷纷泄露。针对问题根源,提出ACP用户隐私信息防护系统,建立社交网络用户真空登陆模块(VM)、通讯信息密码文模块(RDT)及信息储存保护墙模块(LDM)一体化ACP用户隐私信息防护系统,从根源保护社交网络用户浏览轨迹信息的隐私安全。通过数据模拟仿真实验证明提出的ACP用户隐私信息防护系统,对社交网络用户浏览轨迹信息隐私保护具有可用性与有效性。     

Providing user context for mobile and social networking applications

The processing capabilities of mobile devices coupled with portable and wearable sensors provide the basis for new context-aware services and applications tailored to the user environment and daily activities. In this article, we describe the approach developed within the UPCASE project, which makes use of sensors available in the mobile device as well as sensors externally connected via Bluetooth to provide user contexts. We describe the system architecture from sensor data acquisition to feature extraction, context inference and the publication of context information in web-centered servers that support well-known social networking services. In the current prototype, context inference is based on decision trees to learn and to identify contexts dynamically at run-time, but the middleware allows the integration of different inference engines if necessary. Experimental results in a real-world setting suggest that the proposed solution is a promising approach to provide user context to local mobile applications as well as to network-level applications such as social networking services.     

Performance assessment of intelligent distributed systems through software performance ontology engineering (SPOE)

In the computer science community there is a growing interest in the field of Ambient Intelligent Systems. This systems surround their human users with computing and networking technology unobtrusively embedded in their environment. This technology is aimed to provide the users with useful information and to take action to make the environment more convenient for them. As the number of users increases the resources that make Ambient Intelligence possible can be easily saturated making the system unstable and projecting an image of poor QoS to the users. The main goal of this paper is to provide the means for the Ambient Intelligent Systems to monitor themselves and take corrective action automatically if performance starts to drop. Our approach uses a Performance Ontology that structures the knowledge about Software Performance Engineering, and a reasoning engine that acts like an expert system with the Performance Ontology as its foundation. The case study at the end shows the applicability of the developed techniques.     

Secure key management scheme for dynamic hierarchical access control based on ECC

An access control mechanism in a user hierarchy is used to provide the management of sensitive information for authorized users. The users and their own information can be organized into a number of disjoint sets of security classes according to their responsibilities. Each security class in a user hierarchy is assigned an encryption key and can derive the encryption keys of all lower security classes according to predefined partially ordered relation. In 2006, Jeng and Wang proposed an efficient key management scheme based on elliptic curve cryptosystems. This paper, however, pointed out that Jeng-Wang scheme is vulnerable to the so-called compromising attack that the secret keys of some security classes can be compromised by any adversary if some public information modified. We further proposed a secure key management scheme based on elliptic curve cryptosystems to eliminate the pointed out the security leak and provide better security requirements. As compared with Jeng and Wang's scheme (Jeng and Wang, 2006), the proposed scheme has the following properties. (i) It is simple to execute the key generation and key derivation phases. (ii) It is easily to address dynamic access control when a security class is added into or deleted from the hierarchy. (iii) It is secure against some potential attacks. (iv) The required storage of the public/secret parameters is constant.     

基于TrustZone的可信移动终端云服务安全接入方案

可信云架构为云计算用户提供了安全可信的云服务执行环境,保护了用户私有数据的计算与存储安全. 然而在移动云计算高速发展的今天, 仍然没有移动终端接入可信云服务的安全解决方案. 针对上述问题, 提出了一种可信移动终端云服务安全接入方案, 方案充分考虑了移动云计算应用背景, 利用ARM TrustZone硬件隔离技术构建可信移动终端, 保护云服务客户端及安全敏感操作在移动终端的安全执行, 结合物理不可克隆函数技术, 给出了移动终端密钥与敏感数据管理机制. 在此基础之上, 借鉴可信计算技术思想, 设计了云服务安全接入协议, 协议兼容可信云架构, 提供云服务端与移动客户端间的端到端认证. 分析了方案具备的6种安全属性, 给出了基于方案的移动云存储应用实例, 实现了方案的原型系统. 实验结果表明, 可信移动终端TCB较小, 方案具有良好的可扩展性和安全可控性, 整体运行效率较高.     

基于DICE的证明存储方案

信息技术的不断发展和智能终端设备的普及导致全球数据存储总量持续增长,数据面临的威胁挑战也随着其重要性的凸显而日益增加,但目前部分计算设备和存储设备仍存在缺乏数据保护模块或数据保护能力较弱的问题.现有数据安全存储技术一般通过加密的方式实现对数据的保护,但是数据的加解密操作即数据保护过程通常都在应用设备上执行,导致应用设备遭受各类攻击时会对存储数据的安全造成威胁.针对以上问题,本文提出了一种基于DICE的物联网设备证明存储方案,利用基于轻量级信任根DICE构建的可信物联网设备为通用计算设备(统称为主机)提供安全存储服务,将数据的加解密操作移至可信物联网设备上执行,消除因主机遭受内存攻击等风险对存储数据造成的威胁.本文工作主要包括以下3方面:(1)利用信任根DICE构建可信物联网设备,为提供可信服务提供安全前提.(2)建立基于信任根DICE的远程证明机制和访问控制机制实现安全认证和安全通信信道的建立.(3)最终利用可信物联网设备为合法主机用户提供可信的安全存储服务,在实现数据安全存储的同时,兼顾隔离性和使用过程的灵活性.实验结果表明,本方案提供的安全存储服务具有较高的文件传输速率,并具备较高...     

基于SM2算法的密钥安全存储系统设计与实现

目前,密钥成为用户进行身份验证的重要凭据,密钥安全存储在保证用户信息安全中起着重要作用。SM2算法具有高安全性、密钥管理简单等特点,本文首先对SM2算法作简要分析,通过引入USB Key硬件加密技术,提出了一种基于SM2算法的混合USB Key加密算法,通过引入多个变量生成复合多维度SM2密钥,提高了用户进行密钥存储的数据安全性。本文基于Windows 8操作系统,选用USB Key3000D作为开发平台,设计并实现了基于SM2硬件加密算法的用户密钥安全存储系统。经测试,该算法方便可行,加密、解密速度较快且安全性高,使用方便,具有良好的应用效果。     

Proof of Activity Protocol for IoMT Data Security

The Internet of Medical Things (IoMT) is an online device that senses and transmits medical data from users to physicians within a time interval. In, recent years, IoMT has rapidly grown in the medical field to provide healthcare services without physical appearance. With the use of sensors, IoMT applications are used in healthcare management. In such applications, one of the most important factors is data security, given that its transmission over the network may cause obtrusion. For data security in IoMT systems, blockchain is used due to its numerous blocks for secure data storage. In this study, Blockchain-assisted secure data management framework (BSDMF) and Proof of Activity (PoA) protocol using malicious code detection algorithm is used in the proposed data security for the healthcare system. The main aim is to enhance the data security over the networks. The PoA protocol enhances high security of data from the literature review. By replacing the malicious node from the block, the PoA can provide high security for medical data in the blockchain. Comparison with existing systems shows that the proposed simulation with BSD-Malicious code detection algorithm achieves higher accuracy ratio, precision ratio, security, and efficiency and less response time for Blockchain-enabled healthcare systems.     

Secure Encrypted Steganography Graphical Password scheme for Near Field Communication smartphone access control system

The revolutionary development of smartphone which offers compelling computing and storage capabilities has radically changed the digital lifestyles of users. The integration of Near Field Communication (NFC) into smartphone has further opened up opportunities for new applications and business models such as in industry for payment, electronic ticketing and access control systems. NFC and graphical password scheme are two imperative technologies that can be used to achieve secure and convenient access control system. One of the potential uses of such technologies is the integration of steganography graphical password scheme into NFC-enabled smartphone to transcend conventional digital key/tokens access control systems into a more secure and convenient environment. Smartphone users would have more freedom in customizing the security level and how they interact with the access control system. As such, this paper presents a secure two-factor authentication NFC smartphone access control system using digital key and the proposed Encrypted Steganography Graphical Password (ESGP). This paper also validates the user perception and behavioral intention to use NFC ESGP smartphone access control system through an experiment and user evaluation survey. Results indicated that users weigh security as a dominant attribute for their behavioral intention to use NFC ESGP smartphone access control system. Our findings offer a new insight for security scholars, mobile device service providers and expert systems to leverage on the two-factor authentication with the use of NFC-enabled smartphone.     

An Evaluation of Chromium OS:the Next Generation Operating System

操作系统是计算机系统中的一个重要部分,是用户应用程序与计算机硬件的接口,为用户执行I/O任务,保持对文件系统的跟踪,负责系统安全并只允许授权用户进入。传统的操作系统不需要网络功能,但大多数支持网络协议。Chromium操作系统是一个基于互联网的操作系统,为网民提供一种可选择的、更快和更安全的方式访问互联网及基于互联网的应用程序。Chromium操作系统的设计从固件级到应用程序级都注重安全意识。Chromium操作系统作为一种辅助计算设备,为利用网络进行工作的用户提供跨不同物理设备的稳定的计算体验。     

Behavior-Based Intrusion Detection in Mobile Phone Systems

The field of mobile and wireless networking is reemerging amid unprecedented growth in the scale and diversity of computer networking. However, further increases in network security are necessary before the promise of mobile communication can be fulfilled. In this paper, we describe how neural networks and tools can be applied against frauds in analog mobile telecommunication networks. To the best of our knowledge there has been a lot of work done to secure the usage of mobile phones at the hardware level, but very little at the software level. In this paper, we present an on-line security system for fraud detection of impostors and improper use of mobile phone operations based on a neural network (NN) classifier. It acts solely on the recent information and past history of the mobile phone owner activities, and classifies the telephone users into classes according to their usage logs. Such logs contain the relevant characteristics for every call made by the user. As soon as the system identifies a fraud, it notifies both the carrier telecom and the victim about it immediately and not at the end of the monthly bill cycle. In our implementation, we make use of the radial basis function (RBF) model because of its simplicity and its flexibility to adapt to pattern changes, i.e., it encompasses the important characteristic of learning. By learning, a RBF NN can discover some regular patterns and the relation across them, and organize itself for making these associations. As a consequence it is widely used for solving classification and pattern recognition problems. Our results indicate that our system reduces significantly the telecom carriers's profit losses as well as the damage that might be passed to the clients. This might help the carriers to reduce the cost of phone calls and will, in turn, benefit the users.     

采用VPN实现专用商网传输安全方法研究

VPN虚拟专网是近年来随着Internet的广泛应用而迅速发展起来的一种新技术,用以在公共网络上构建私人专用网络。虚拟专网可以帮助远程用户之间建立可信的安全连接,并保证数据的安全传输。对于采用IP Sec安全协议方式构建虚拟专用商网的方法进行了说明,提出了QoS将是VPN需要持续研究的方向。     

移动IPv6与网络安全

当前，移动互联网业务发展迅猛，从而要求更高的网络安全保证。现有的IPv4协议已渐渐不能适应这种需求。介绍了一种具有更高网络安全性的协议-移动IPv6及其安全机制-IPsec。由于其在移动性、安全性和其他一些特性的优点，移动IPv6将在未来替代IPv4。另外，也讨论了一些在移动IPv6中存在的问题及其解决办法。     

基于移动端协助的硬口令认证密钥交换协议

针对现有口令认证密钥交换协议易受各种网络攻击,影响用户私密信息安全的问题,提出一种基于移动端协助的硬口令认证密钥交换协议,在移动端的辅助下,允许用户使用单一口令建立与服务器之间的安全会话。协议中,用户无须记忆任何复杂的私钥信息,即使移动设备丢失、被盗或遭受恶意软件侵袭,也不会损害用户信息。安全性和性能分析表明,协议明显降低了服务器的计算消耗,大大提高了用户私密信息的安全性,可以抵御字典攻击、中间人攻击等的影响,减轻用户记忆负担,缓解存储压力,易于部署。     

Optimizing security and quality of service in a Real-time database system using Multi-objective genetic algorithm

Both network security and quality of service (QoS) consume computational resource of IT system and thus may evidently affect the application services. In the case of limited computational resource, it is important to model the mutual influence between network security and QoS, which can be concurrently optimized in order to provide a better performance under the available computational resource. In this paper, an evaluation model is accordingly presented to describe the mutual influence of network security and QoS, and then a multi-objective genetic algorithm NSGA-II is revised to optimize the multi-objective model. Using the intrinsic information from the target problem, a new crossover approach is designed to further enhance the optimization performance. Simulation results validate that our algorithm can find a set of Pareto-optimal security policies under different network workloads, which can be provided to the potential users as the differentiated security preferences. These obtained Pareto-optimal security policies not only meet the security requirement of the user, but also provide the optimal QoS under the available computational resource.