0000000000049505

AUTHOR

Geir M. Køien

showing 19 related works from this author

A privacy enhanced device access protocol for an IoT context

2013

In this paper, we present the case for a device authentication protocol that authenticates a device/service class rather than an individual device. The devices in question are providing services available to the public. The proposed protocol is an online protocol, and it uses a pseudo-random temporary identity scheme to provide user privacy. This allows the Internet-of-Things device to have full assurance of the user, with respect to the request service, while permitting the user to remain anonymous with respect to the device. The user can then enjoy identity and location privacy in addition to untraceability with respect to device access. Copyright © 2013 John Wiley & Sons, Ltd.

Service (business)Challenge-Handshake Authentication ProtocolAuthenticationComputer Networks and CommunicationsComputer science020206 networking & telecommunicationsContext (language use)02 engineering and technologyComputer securitycomputer.software_genreAuthentication protocol0202 electrical engineering electronic engineering information engineeringIdentity (object-oriented programming)020201 artificial intelligence & image processingKey derivation functionProtocol (object-oriented programming)computerInformation SystemsSecurity and Communication Networks
researchProduct

Access Security and Personal Privacy in Public Cellular Communication Systems: The Past, the Present and Beyond 2020

2010

In order to predict the future one needs to understand the past and then interpolate as best as possible. We expect this to work reasonably well for a “2020 Scenario”, but we do not expect this approach to be valid for a “Beyond 2020” scenario.

Information privacyWork (electrical)Security serviceOrder (exchange)business.industryPolitical scienceInternet privacyMessage authentication codeCellular communication systemsComputer securitycomputer.software_genrebusinesscomputer
researchProduct

Mutual entity authentication for LTE

2011

In this paper we outline the Authentication and Key Agreement protocol (EPS-AKA) found in Long-Term Evolution (LTE) systems. This architecture is the 3GPP version of a 4G access security architecture. The LTE security architecture is a mature evolved architecture, with both strengths and weaknesses. In this paper we propose an amendment to the EPS-AKA protocol to make it a full mutual (online) entity authentication protocol. We also analyze the proposal, highlighting both the improvements and the drawbacks of the new AKA protocol.

Challenge-Handshake Authentication ProtocolKey-agreement protocolAuthenticationbusiness.industryComputer scienceAuthorizationMutual authenticationEnterprise information security architectureCryptographic protocolComputer securitycomputer.software_genreDistributed System Security ArchitectureGSMAuthentication protocolLightweight Extensible Authentication ProtocolbusinesscomputerAKAComputer network2011 7th International Wireless Communications and Mobile Computing Conference
researchProduct

An Investigation of Security and Privacy for Human Bond Communications

2017

Cloud computing securityPrivacy softwarebusiness.industry020204 information systemsBondInternet privacy0202 electrical engineering electronic engineering information engineering020206 networking & telecommunications02 engineering and technologyBusinessComputer securitycomputer.software_genrecomputerHuman Bond Communication
researchProduct

Cyber Security and the Internet of Things: Vulnerabilities, Threats, Intruders and Attacks

2015

Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well. Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT device…

Cyber defenseComputer Networks and CommunicationsHardware and Architecturebusiness.industryComputer scienceInternet privacyCyber-attackInternet of ThingsbusinessComputer securitycomputer.software_genrecomputerJournal of Cyber Security and Mobility
researchProduct

Trust management in tactical coalition software defined networks

2018

This paper reports from ongoing efforts related to trust management in tactical Software Defined Networks (SDN) when used with mobile nodes in a coalition operation. We analyze the problem space and suggests a set of security and contructional requirements, as well as an analysis on how existing technology may contribute to a solution. The proposed architecture serves as a guide for current and future experimentation on trust management and protection in SDN. The paper also reports from experimental investigations into the utility of these technology elements for the present purpose.

Set (abstract data type)AuthenticationComputer scienceTrust management (information system)ArchitectureSoftware-defined networkingComputer securitycomputer.software_genrecomputerProblem space2018 International Conference on Military Communications and Information Systems (ICMCIS)
researchProduct

Privacy handling for critical information infrastructures

2013

This paper proposes an architecture and a methodology for privacy handling in Critical Information Infrastructures. Privacy is in this respect considered as both the risk of revealing person-sensitive information, for example from critical infrastructures in health institutions, but also to identify and avoid leakage of confidential information from the critical information infrastructures themselves. The architecture integrates privacy enhancing technologies into an enterprise service bus, which allows for policy-controlled authorisation, anonymisation and encryption of information in XML elements or attributes in messages on the service bus. The proposed methodology can be used to identif…

Information privacyPrivacy by DesignComputer sciencebusiness.industryPrivacy softwareComputer securitycomputer.software_genreEncryptionInformation sensitivityEnterprise service busPrivacy-enhancing technologiesbusinessResilience (network)computer2013 11th IEEE International Conference on Industrial Informatics (INDIN)
researchProduct

A “Best Current Practice” for 3GPP-based cellular system security

2014

This paper is an attempt at formulating a Best Current Practice (BCP) for access security and a baseline for core network security in the 3GPP-based systems. This encompasses the 2G circuit-switched GSM system, the 2.5G packet-switched GPRS system, the 3G UMTS system and the 4G LTE/LTE-A system. The 3GPP have defined several security standards, but many measures are optional and there are several areas deliberately not covered by the 3GPP standards. The present document is therefore an attempt at pointing out the best available options and providing advice on how to achieve an overall system hardening, which is badly needed as the cellular systems have undoubtedly become one of the most cri…

GPRS core networkCustomised Applications for Mobile networks Enhanced LogicSecurity serviceComputer scienceGSMNetwork Access ControlGeneral Packet Radio ServiceComputer securitycomputer.software_genreBest current practicecomputerUMTS frequency bands2014 4th International Conference on Wireless Communications, Vehicular Technology, Information Theory and Aerospace & Electronic Systems (VITAE)
researchProduct

Security and privacy in the cloud a long-term view

2011

In this paper we analyze security and privacy aspects of the cloud. We take a long-term view since the scope of privacy is potentially the lifetime of the privacy subject. We investigate trust issues and privacy aspects for cloud service users, using subjective logic as a primary tool. We also present promising solution for credible privacy in a cloud environment.

Information privacyCloud computing securityScope (project management)Privacy by DesignComputer sciencebusiness.industryPrivacy softwareData_MISCELLANEOUSInternet privacyCloud computingComputer securitycomputer.software_genreTerm (time)ComputingMilieux_COMPUTERSANDSOCIETYSubjective logicbusinesscomputer2011 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE)
researchProduct

Sharing With Care - Multidisciplinary Teams and Secure Access to Electronic Health Records

2018

Published: Proceedings of the 11th International Joint Conference on Biomedical Engineering Systems and Technologies Vol 5 2018

EngineeringMedical education020205 medical informaticsbusiness.industryMultidisciplinary approach0202 electrical engineering electronic engineering information engineering020201 artificial intelligence & image processingJoint (building)02 engineering and technologyHealth recordsbusinessProceedings of the 11th International Joint Conference on Biomedical Engineering Systems and Technologies
researchProduct

Location-Aware Mobile Intrusion Detection with Enhanced Privacy in a 5G Context

2010

Published version of an article from the journal: Wireless Personal Communications. The original publication is available at Spingerlink. http://dx.doi.org/10.1007/s11277-010-0069-6 The paper proposes a location-aware mobile Intrusion Prevention System (mIPS) architecture with enhanced privacy that is integrated in Managed Security Service (MSS). The solution is envisaged in a future fifth generation telecommunications (5G) context with increased but varying bandwidth, a virtualised execution environment and infrastructure that allows threads, processes, virtual machines and storage to be migrated to cloud computing services on demand, to dynamically scale performance and save power. 5G mob…

business.industryComputer scienceVDP::Technology: 500::Information and communication technology: 550Context (language use)Cloud computingIntrusion detection systemManaged security servicecomputer.software_genreComputer securityComputer Science ApplicationsInformation sensitivityVirtual machineMalwareElectrical and Electronic EngineeringIntrusion prevention systembusinesscomputerMobile deviceComputer networkWireless Personal Communications
researchProduct

Security and privacy in the Internet of Things: Current status and open issues

2014

The Internet of Things at large will foster billions of devices, people and services to interconnect and exchange information and useful data. As IoT systems will be ubiquitous and pervasive, a number of security and privacy issues will arise. Credible, economical, efficient and effective security and privacy for IoT are required to ensure exact and accurate confidentiality, integrity, authentication, and access control, among others. In this paper, the IoT vision, existing security threats, and open challenges in the domain of IoT are discussed. The current state of research on IoT security requirements is discussed and future research directions with respect to IoT security and privacy ar…

Information privacyCloud computing securityPrivacy by DesignComputer sciencePrivacy softwarebusiness.industryInternet privacyData securityAccess controlComputer securitycomputer.software_genreInternet securitybusinessPersonally identifiable informationcomputer2014 International Conference on Privacy and Security in Mobile Systems (PRISMS)
researchProduct

Access Control Model for Cooperative Healthcare Environments: Modeling and Verification

2016

Integrated use of electronic health records (EHRs) seem both promising and necessary in improving the quality and delivery of health services. This allows healthcare providers access to information they require to provide rapid patient care. Of course, when sensitive information is shared among a group of people within or across organizations, enforceable security and privacy control over the information flow is a key aspect. In this study, an access control model for cooperative healthcare environments is presented. A work-based access control (WBAC) model is proposed by introducing the concept of team role and modifying the user-role assignment model from previous work. Verification indic…

Knowledge managementComputer sciencebusiness.industrymedia_common.quotation_subjectControl (management)Access control02 engineering and technologyInformation sensitivityWork (electrical)020204 information systemsHealth care0202 electrical engineering electronic engineering information engineeringKey (cryptography)020201 artificial intelligence & image processingQuality (business)Information flow (information theory)businessmedia_common2016 IEEE International Conference on Healthcare Informatics (ICHI)
researchProduct

Towards Risk-aware Access Control Framework for Healthcare Information Sharing

2018

business.industryComputer scienceInformation sharingInternet privacyHealth care0202 electrical engineering electronic engineering information engineering020206 networking & telecommunications020201 artificial intelligence & image processingAccess control02 engineering and technologybusinessProceedings of the 4th International Conference on Information Systems Security and Privacy
researchProduct

Mobility and Spatio-Temporal Exposure Control

2013

Modern risk assessment methods cover many issues and encompass both risk analysis and corresponding prevention/mitigation measures.However, there is still room for improvement and one aspect that may benefit from more work is “exposure control”.The “exposure” an asset experiences plays an important part in the risks facing the asset.Amongst the aspects that all too regularly get exposed is user identities and user location information,and in a context with mobile subscriber and mobility in the service hosting (VM migration/mobility) the problems associated with lost identity/location privacy becomes urgent.In this paper we look at “exposure control” as a way for analyzing and protecting use…

Risk analysisService (systems architecture)Cover (telecommunications)Computer Networks and Communicationsbusiness.industryInternet privacyContext (language use)Cloud computingComputer securitycomputer.software_genreAsset (computer security)Hardware and ArchitectureRoamingbusinesscomputerVulnerability (computing)Journal of Cyber Security and Mobility
researchProduct

GPRS Security for Smart Meters

2013

Part 1: Cross-Domain Conference and Workshop on Multidisciplinary Research and Practice for Information Systems (CD-ARES 2013); International audience; Many Smart Grid installations rely on General Packet Radio Service (GPRS) for wireless communication in Advanced Metering Infrastructures (AMI). In this paper we describe security functions available in GPRS, explaining authentication and encryption options, and evaluate how suitable it is for use in a Smart Grid environment. We conclude that suitability of GPRS depends on the chosen authentication and encryption functions, and on selecting a reliable and trustworthy mobile network operator.

GPRSComputer science[SHS.INFO]Humanities and Social Sciences/Library and information sciences02 engineering and technology[INFO] Computer Science [cs]Encryption[SHS.INFO] Humanities and Social Sciences/Library and information sciencesGPRS core networkAMI0202 electrical engineering electronic engineering information engineeringWirelessMetering mode[INFO]Computer Science [cs]General Packet Radio ServiceSmartgridMobile network operatorAuthenticationbusiness.industryComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS020208 electrical & electronic engineering020206 networking & telecommunicationsSmart gridSecuritybusinessSmart MeteringComputer network
researchProduct

Privacy Enhanced Device Access

2012

In this paper we present the case for a device authentication protocol that authenticates a device/service class rather than an individual device. The devices in question are providing services available to the public. The proposed protocol is an online protocol and it uses a pseudo-random temporary identity scheme to provide user privacy.

Service (business)AuthenticationIntegrated access deviceComputer scienceAuthentication protocolNetwork Access DeviceNetwork block deviceCryptographic protocolComputer securitycomputer.software_genreProtocol (object-oriented programming)computer
researchProduct

Towards an Access Control Model for Collaborative Healthcare Systems

2016

In this study, an access control model for collaborative healthcare systems is proposed. Collaboration requirements, patient data confidentiality and the need for flexible access for healthcare providers through the actual work they must fulfill as part of their duties are carefully addressed. The main goal is to provide an access control model that strikes a balance between collaboration and safeguarding sensitive patient information.

Knowledge managementWork (electrical)business.industryComputer sciencePatient informationAccess controlConfidentialityPatient dataSafeguardingbusinessHealthcare providersHealthcare systemProceedings of the 9th International Joint Conference on Biomedical Engineering Systems and Technologies
researchProduct

Privacy enhanced mutual authentication in LTE

2013

In this paper we propose a way to enhance the identity privacy in LTE/LTE-Advanced systems. This is achieved while minimizing the impact on the existing E-UTRAN system. This is important since proposals to modify a widely deployed infrastructure must be cost effective, both in terms of design changes and in terms of deployment cost. In our proposal, the user equipment (UE) identifies itself with a dummy identity, consisting only of the mobile nation code and the mobile network code. We use the existing signalling mechanisms in a novel way to request a special encrypted identity information element. This element is protected using identity-based encryption (IBE), with the home network (HPLMN…

AuthenticationInformation privacybusiness.industryComputer scienceMutual authenticationEncryptionComputer securitycomputer.software_genrePublic-key cryptographyIdentifierUser equipmentMessage authentication codebusinesscomputerComputer network2013 IEEE 9th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob)
researchProduct