A privacy enhanced device access protocol for an IoT context

In this paper, we present the case for a device authentication protocol that authenticates a device/service class rather than an individual device. The devices in question are providing services available to the public. The proposed protocol is an online protocol, and it uses a pseudo-random temporary identity scheme to provide user privacy. This allows the Internet-of-Things device to have full assurance of the user, with respect to the request service, while permitting the user to remain anonymous with respect to the device. The user can then enjoy identity and location privacy in addition to untraceability with respect to device access. Copyright © 2013 John Wiley & Sons, Ltd.

Access Security and Personal Privacy in Public Cellular Communication Systems: The Past, the Present and Beyond 2020

In order to predict the future one needs to understand the past and then interpolate as best as possible. We expect this to work reasonably well for a “2020 Scenario”, but we do not expect this approach to be valid for a “Beyond 2020” scenario.

Mutual entity authentication for LTE

In this paper we outline the Authentication and Key Agreement protocol (EPS-AKA) found in Long-Term Evolution (LTE) systems. This architecture is the 3GPP version of a 4G access security architecture. The LTE security architecture is a mature evolved architecture, with both strengths and weaknesses. In this paper we propose an amendment to the EPS-AKA protocol to make it a full mutual (online) entity authentication protocol. We also analyze the proposal, highlighting both the improvements and the drawbacks of the new AKA protocol.

An Investigation of Security and Privacy for Human Bond Communications

Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks

Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well. Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT device…

Trust management in tactical coalition software defined networks

This paper reports from ongoing efforts related to trust management in tactical Software Defined Networks (SDN) when used with mobile nodes in a coalition operation. We analyze the problem space and suggests a set of security and contructional requirements, as well as an analysis on how existing technology may contribute to a solution. The proposed architecture serves as a guide for current and future experimentation on trust management and protection in SDN. The paper also reports from experimental investigations into the utility of these technology elements for the present purpose.

Privacy handling for critical information infrastructures

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identif…

A “Best Current Practice” for 3GPP-based cellular system security

This paper is an attempt at formulating a Best Current Practice (BCP) for access security and a baseline for core network security in the 3GPP-based systems. This encompasses the 2G circuit-switched GSM system, the 2.5G packet-switched GPRS system, the 3G UMTS system and the 4G LTE/LTE-A system. The 3GPP have defined several security standards, but many measures are optional and there are several areas deliberately not covered by the 3GPP standards. The present document is therefore an attempt at pointing out the best available options and providing advice on how to achieve an overall system hardening, which is badly needed as the cellular systems have undoubtedly become one of the most cri…

Security and privacy in the cloud a long-term view

In this paper we analyze security and privacy aspects of the cloud. We take a long-term view since the scope of privacy is potentially the lifetime of the privacy subject. We investigate trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. We also present promising solution for credible privacy in a cloud environment.

Sharing With Care - Multidisciplinary Teams and Secure Access to Electronic Health Records

Published: Proceedings of the 11th International Joint Conference on Biomedical Engineering Systems and Technologies Vol 5 2018

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0069-6 The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mob…

Security and privacy in the Internet of Things: Current status and open issues

The Internet of Things at large will foster billions of devices, people and services to interconnect and exchange information and useful data. As IoT systems will be ubiquitous and pervasive, a number of security and privacy issues will arise. Credible, economical, efficient and effective security and privacy for IoT are required to ensure exact and accurate confidentiality, integrity, authentication, and access control, among others. In this paper, the IoT vision, existing security threats, and open challenges in the domain of IoT are discussed. The current state of research on IoT security requirements is discussed and future research directions with respect to IoT security and privacy ar…

Access Control Model for Cooperative Healthcare Environments: Modeling and Verification

Integrated use of electronic health records (EHRs) seem both promising and necessary in improving the quality and delivery of health services. This allows healthcare providers access to information they require to provide rapid patient care. Of course, when sensitive information is shared among a group of people within or across organizations, enforceable security and privacy control over the information flow is a key aspect. In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role and modifying the user-role assignment model from previous work. Verification indic…

Towards Risk-aware Access Control Framework for Healthcare Information Sharing

Mobility and Spatio-Temporal Exposure Control

Modern risk assessment methods cover many issues and encompass both risk analysis and corresponding prevention/mitigation measures.However, there is still room for improvement and one aspect that may benefit from more work is “exposure control”.The “exposure” an asset experiences plays an important part in the risks facing the asset.Amongst the aspects that all too regularly get exposed is user identities and user location information,and in a context with mobile subscriber and mobility in the service hosting (VM migration/mobility) the problems associated with lost identity/location privacy becomes urgent.In this paper we look at “exposure control” as a way for analyzing and protecting use…

GPRS Security for Smart Meters

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2013); International audience; Many Smart Grid installations rely on General Packet Radio Service (GPRS) for wireless communication in Advanced Metering Infrastructures (AMI). In this paper we describe security functions available in GPRS, explaining authentication and encryption options, and evaluate how suitable it is for use in a Smart Grid environment. We conclude that suitability of GPRS depends on the chosen authentication and encryption functions, and on selecting a reliable and trustworthy mobile network operator.

Privacy Enhanced Device Access

In this paper we present the case for a device authentication protocol that authenticates a device/service class rather than an individual device. The devices in question are providing services available to the public. The proposed protocol is an online protocol and it uses a pseudo-random temporary identity scheme to provide user privacy.

Towards an Access Control Model for Collaborative Healthcare Systems

In this study, an access control model for collaborative healthcare systems is proposed. Collaboration requirements, patient data confidentiality and the need for flexible access for healthcare providers through the actual work they must fulfill as part of their duties are carefully addressed. The main goal is to provide an access control model that strikes a balance between collaboration and safeguarding sensitive patient information.

Privacy enhanced mutual authentication in LTE

In this paper we propose a way to enhance the identity privacy in LTE/LTE-Advanced systems. This is achieved while minimizing the impact on the existing E-UTRAN system. This is important since proposals to modify a widely deployed infrastructure must be cost effective, both in terms of design changes and in terms of deployment cost. In our proposal, the user equipment (UE) identifies itself with a dummy identity, consisting only of the mobile nation code and the mobile network code. We use the existing signalling mechanisms in a novel way to request a special encrypted identity information element. This element is protected using identity-based encryption (IBE), with the home network (HPLMN…