智能终端安全现状及发展趋势

首先描述了智能终端的发展现状、技术特点以及面临的安全威胁,在此基础上提出了涵盖智能终端硬件、操作系统、外围接口、应用软件、用户数据保护等层面的安全能力框架,并介绍了相关的标准化进展,最后给出了智能终端安全监管建议。     

Context-aware mobile computing: learning context- dependent personal preferences from a wearable sensor array

Context-aware computing describes the situation where a wearable/mobile computer is aware of its user's state and surroundings and modifies its behavior based on this information. We designed, implemented, and evaluated a wearable system which can learn context-dependent personal preferences by identifying individual user states and observing how the user interacts with the system in these states. This learning occurs online and does not require external supervision. The system relies on techniques from machine learning and statistical analysis. A case study integrates the approach in a context-aware mobile phone. The results indicate that the method is able to create a meaningful user context model while only requiring data from comfortable wearable sensor devices.     

User centric three‐factor authentication protocol for cloud‐assisted wearable devices

Wearable devices, which provide the services of collecting personal data, monitoring health conditions, and so on, are widely used in many fields, ranging from sports to healthcare. Although wearable devices bring convenience to people's lives, they bring about significant security concerns, such as personal privacy disclosure and unauthorized access to wearable devices. To ensure the privacy and security of the sensitive data, it is critical to design an efficient authentication protocol suitable for wearable devices. Recently, Das et al proposed a lightweight authentication protocol, which achieves secure communication between the wearable device and the mobile terminal. However, we find that their protocol is vulnerable to offline password guessing attack and desynchronization attack. Therefore, we put forward a user centric three‐factor authentication scheme for wearable devices assisted by cloud server. Informal security analysis and formal analysis using ProVerif is executed to demonstrate that our protocol not only remedies the flaws of the protocol of Das et al but also meets desired security properties. Comparison with related schemes shows that our protocol satisfies security and usability simultaneously.     

Wearable Computing and the Remembrance Agent

This paper gives an overview of the field of wearable computing. It covers the key differences between wearables and other portable computers, and discusses issues with the design and application for wearables. There then follows a specific example, the wearable remembrance agent — a proactive memory aid. The paper concludes with discussion of future directions for research and applications inspired by using the prototype.     

Advances on Emerging Materials for Flexible Supercapacitors: Current Trends and Beyond

The progressive size reduction of electronic components is experiencing bottlenecks in shrinking charge storage devices like batteries and supercapacitors, limiting their development into wearable and flexible zero‐pollution technologies. The inherent long cycle life, rapid charge–discharge patterns, and power density of supercapacitors rank them superior over other energy storage devices. In the modern market of zero‐pollution energy devices, currently the lightweight formula and shape adaptability are trending to meet the current requirement of wearables. Carbon nanomaterials have the potential to meet this demand, as they are the core of active electrode materials for supercapacitors and texturally tailored to demonstrate flexible and stretchable properties. With this perspective, the latest progress in novel materials from conventional carbons to recently developed and emerging nanomaterials toward lightweight stretchable active compounds for flexi‐wearable supercapacitors is presented. In addition, the limitations and challenges in realizing wearable energy storage systems and integrating the future of nanomaterials for efficient wearable technology are provided. Moreover, future perspectives on economically viable materials for wearables are also discussed, which could motivate researchers to pursue fabrication of cheap and efficient flexible nanomaterials for energy storage and pave the way for enabling a wide‐range of material‐based applications.     

A secure multifactor remote user authentication scheme for Internet of Multimedia Things environment

To attain ubiquitous connectivity of everything, Internet of Things (IoT) systems must include “multimedia things.” Internet of Multimedia Things (IoMT) is a heterogeneous network of smart multimedia things connected together and with other physical devices to the Internet so as to achieve globally available multimedia services and applications. Due to the ever increasing amount of multimedia data in IoT environments, securing these systems becomes crucial. This is because these systems are easily susceptible to attacks when information or any service is accessed by the users. In this paper, we propose a secure three‐factor remote user authentication scheme for IoMT systems using ECC. The formal security proof performed using ROR model and BAN logic confirms that an attacker will not be able to extract sensitive user information. Through informal security analysis, we justify the resistance of the scheme against several security attacks. The performance comparison shows that the scheme is efficient in terms of computational cost, security features, and attack resistance. Furthermore, simulation of the scheme using AVISPA and Proverif proves that the scheme is secure against all active and passive attacks.     

可穿戴设备归属权限转换协议研究

针对可穿戴环境下的信息安面临的巨大挑战,本文在考虑公共环境下可穿戴设备的用户转换的情景下,设计了一个适合可穿戴环境的用户权限转换协议框架,并对协议进行了详细设计.通过理论和实践分析得出,该协议可以满足可穿戴设备对安全性和实用性的要求,可以保障转换过程中的数据安全.     

基于大数据分析的电话手表用户画像及应用研究

智能穿戴设备逐渐走进用户的生活,目前儿童电话手表领跑智能穿戴市场。超过1亿人规模的幼儿园儿童及小学生群体是儿童电话手表的受众群体,可作为运营商新用户发展的目标人群。基于用户侧计费账单、计费详单及终端库等数据,对儿童电话手表用户的画像进行了深入研究,并基于研究结果在儿童电话手表及智能穿戴市场的发展和网络方面提出了建议。     

NFC安全通信架构的研究

随着数字信息的使用越来越广泛,信息遭受攻击的次数和种类也越来越多,现阶段的智能卡身份验证架构在安全性和性能上,依然有一定程度的提升空间。在基于智能卡安全性的前提下,增加智能卡进行身份认证时的计算性能,加入了NFC近距离无线通信技术,以目前个人式手持设备中使用率最高的手机为例,模拟NFC手机在ATM上进行用户身份认证的沟通流程,以期能为用户提供一个崭新、可靠、便利性高的安全通信机制。     

Smartphone Applications for Providing Ubiquitous Healthcare Over Cloud with the Advent of Embeddable Implants

The world we live in today has been defined by the rise of the smartphone and smartphone apps. There is a huge potential for these apps to have an impact in healthcare via the use of the emerging field of biosensor technology in the form of wearables and implants. This paper discusses the future of healthcare from a technological standpoint, looking specifically at the use of these wearables and implants in conjunction with the power of cloud computing to provision healthcare in efficient and effective ways. There is also a discussion involving a specific example of how an app currently in development can be augmented with biosensor technology in the near future.     

A Study on Financing Security for Smartphones Using Text Mining

With the emergence of smartphones, our lives have considerably changed. A smartphone has not only conventional calling, text-messaging, and photo-taking functions, but also performs many other functions by executing apps. In particular, more financial transactions using smartphone have recently become possible. With the global rapid rise in smartphone users and an ever-growing time and frequency of smartphone use, smartphones have become a target of malicious attacks. As a result, the damage caused by personal information leakage, phishing, and pharming has occurred more frequently. In this respect, however, very few studies have previously used crawling and text mining techniques, which have been actively studied quite recently; furthermore, network analysis has rarely been conducted. In this context, the present study collected the data from 2014 to the first half of 2016 on the trends of safe financing via smartphone with the crawling technique and analyzed the collected data with the text mining Technique. Our results suggest that there was a difference in the use of important keywords related to smartphone financial security, on the year-on-year basis. This suggests that an increasing number of financial services provided using smartphones should be accompanied by the elaboration of safe smartphone financial security services. In addition, for the sake smartphone financial security, not only manufacturers, but also banks, i.e. service providers, and users must pay specific attention to security issues.     

A survey of indoor positioning systems for wireless personal networks

Recently, indoor positioning systems (IPSs) have been designed to provide location information of persons and devices. The position information enables location-based protocols for user applications. Personal networks (PNs) are designed to meet the users' needs and interconnect users' devices equipped with different communications technologies in various places to form one network. Location-aware services need to be developed in PNs to offer flexible and adaptive personal services and improve the quality of lives. This paper gives a comprehensive survey of numerous IPSs, which include both commercial products and research-oriented solutions. Evaluation criteria are proposed for assessing these systems, namely security and privacy, cost, performance, robustness, complexity, user preferences, commercial availability, and limitations.We compare the existing IPSs and outline the trade-offs among these systems from the viewpoint of a user in a PN.     

移动设备加密流量的用户信息探测研究展望

移动设备加密流量分析可以用主动或被动的方式获取多种类型的用户信息,为网络安全管理和用户隐私保护提供保障.重点分析、归纳了用户信息探测所涉及的数据采集、特征选择、模型与方法以及评价体系的基本原理和关键方法.总结了现有方案中存在的问题,以及未来研究方向和面临的挑战.     

SoCs security: a war against side-channels

This article presents the state-of-the-art of the physical security of smart devices. Electronic devices are getting ubiquitous and autonomous: their security is thus becoming a predominant feature. Attacks targeting the physical layer are all the more serious as hardware is not naturally protected against them. The attacks typically consist in either tampering with the device so as to make it malfunction or in spying at some information it leaks. Those attacks, either active or passive, belong to the side-channel attack class. Active attacks operate by writing on an ad hoc side-channel: a degree a freedom normally not available to the end-user is modified by force. Passive attacks consist in listening to a side-channel: the attacker is thus able to gain more information about the device operation than it is supposed to. Counter-measures against both types of attacks have been proposed and we show that only some of them are relevant. Active attacks are forfeited by an appropriate detection mechanism and passive attacks by the removal of all sorts of information leakage. As a consequence, securing hardware consists in watching side-channels or removing them if possible. The increase of security is mainly driven by two trends: integration of the system (on a SoC) for improved discretion and development of a dedicated symptom-free electroniccad. SoCs security is thus foreseen to become a discipline in itself.     

An Efficient Network Attack Visualization Using Security Quad and Cube

Security quad and cube (SQC) is a network attack analyzer that is capable of aggregating many different events into a single significant incident and visualizing these events in order to identify suspicious or illegitimate behavior. A network administrator recognizes network anomalies by analyzing the traffic data and alert messages generated in the security devices; however, it takes a lot of time to inspect and analyze them because the security devices generate an overwhelming amount of logs and security events. In this paper, we propose SQC, an efficient method for analyzing network security through visualization. The proposed method monitors anomalies occurring in an entire network and displays detailed information of the attacks. In addition, by providing a detailed analysis of network attacks, this method can more precisely detect and distinguish them from normal events.     

Analysis of attacks against the security of keyless-entry systems for vehicles and suggestions for improved designs

Remote control of vehicle functions using a handheld electronic device became a popular feature for vehicles. Such functions include, but are not limited to, locking, unlocking, remote start, window closures, and activation of an alarm. As consumers enjoy the remote access and become more comfortable with the remote functions, original equipment manufacturers (OEMs) have started looking for new features to simplify and reduce the user interface for vehicle access. These new features will provide users with an additional level of comfort without requiring them to touch or press any button on any remote devices to gain access to the vehicle. While this extra level of comfort is a desirable feature, it introduces several security threats against the vehicle's keyless-entry system. This paper describes a number of attacks against the security of keyless-entry systems of vehicles and also presents analyzes of several attacks and compares the vulnerability of the system under different attacks. At the end, some suggestions for improved design are proposed.     

A Comprehensive Survey on Machine Learning-Based Big Data Analytics for IoT-Enabled Smart Healthcare System

The outbreak of chronic diseases such as COVID-19 has made a renewed call for providing urgent healthcare facilities to the citizens across the globe. The recent pandemic exposes the shortcomings of traditional healthcare system, i.e., hospitals and clinics alone are not capable to cope with this situation. One of the major technology that aids contemporary healthcare solutions is the smart and connected wearables. The advancement in Internet of Things (IoT) has enabled these wearables to collect data on an unprecedented scale. These wearables gather context-oriented information related to our physical, behavioural and psychological health. The big data generated by wearables and other healthcare devices of IoT is a challenging task to manage that can negatively affect the inference process at the decision centres. Applying big data analytics for mining information, extracting knowledge and making predictions/inferences has recently attracted significant attention. Machine learning is another area of research that has successfully been applied to solve various networking problems such as routing, traffic engineering, resource allocation, and security. Recently, we have seen a surge in the application of ML-based techniques for the improvement of various IoT applications. Although, big data analytics and machine learning are extensively researched, there is a lack of study that exclusively focus on the evolution of ML-based techniques for big data analysis in the IoT healthcare sector. In this paper, we have presented a comprehensive review on the application of machine learning techniques for big data analysis in the healthcare sector. Furthermore, strength and weaknesses of existing techniques along with various research challenges are highlighted. Our study will provide an insight for healthcare practitioners and government agencies to keep themselves well-equipped with the latest trends in ML-based big data analytics for smart healthcare.

     

Two-factor wearable device authentication protocol based on PUF and IPI

Wearable device is pushing the rapid development of mobile health,however,the open architecture of wireless body area network has brought challenges for the security of user data.In order to protect the security of user data,a two-factor authentication protocol between device note and data hub was proposed based on physically unclonable function and interpulse interval.Using dual uniqueness of device physical characteristic and user biometric trait,the protocol can resist compromise and impersonation attacks and was specially suitable for resource constrained wearable devices under body area network.Compared with the existing authentication schemes,the security of the proposed protocol was enhanced.The practicability and effectiveness of the protocol are confirmed by hardware implementation on FPGA.     

RS Codes with Filtered-OFDM: A Waveform Contender for 5G Mobile Communication Systems

In recent years, the proportion of elderly population in various countries has gradually increased. Increasing with age, it can entail illness. When these diseases are sudden, the elderly often die because there is no immediate treatment. Elderly care has become an important issue. According to this issue, we want to monitor the physiological data of the elderly, such as heartbeat, blood pressure, etc., through wearable devices. Once an abnormal condition is detected, the wearable device can be used to immediately request treatment from a nearby clinic or hospital. In order to improve the network quality of this service, we use the architecture of the mobile edge computing. The mobile edge computing provides features such as immediacy, low latency, proximity etc. However, the process of data transmission on the mobile edge computing has the risk of being stolen and identity authentication is also an important issue. Therefore, we propose a secure protocol based on cryptography to protect personal information with lightweight authentication. The proposed scheme aims to achieve mutual authentication, non-repudiation, integrity, user privacy, and defend against known attacks.