Secure mobile RFID ownership transfer protocol to cover all transfer scenarios

Existing business models require RFID tag to transfer its ownership during its life cycle. As a result, a RFID tags might have many owners during its life cycle. However, the transfer of ownership should ensure that previous owners have no information about current owner's data. Physical ownership does not ensure digital ownership transfer given the wireless nature of communication with RFID tags. Most of the proposed protocol in this nature is implacable to address aU existing RFID tag ownership transfer scenarios. Moreover, they have many security concerns and vulnerabilities. In this paper, we have investigated and discussed all existing business cases and their transfer scenarios. To cover all ownership transfer scenarios, we have presented an ownership transfer protocol. The proposed protocol has used modified DiffieHellman algorithm to perform ownership request validation and authentication of involved parties. Performance comparison shows that our protocol is practical to implement passive low-cost RFID tags, securely performs tag ownership transfer and can be used for all existing ownership transfer scenarios.

Emerging wireless personal area networks(WPANs) : - An analysis of techniques, tools and threats

Wireless Personal Area Networks provide a pivotal role in local area network technology complementing traditional Wireless Local Area Network technologies. Bluetooth, ZigBee and NFC (Near Field Communications) have emerged as key WPAN technologies with UWB (Ultra Wide Band) standards currently evolving. They are however subject to the usual range of security vulnerabilities found in wireless LANs such as spoofing, snooping, man-in-the-middle, denial of service and other attacks. However security in WPANs is not as mature as it is in Wireless LANs and further work is needed in order to provide comparable protection. This paper examines a range of WPAN technologies and security issues and proposes protection mechanisms that can mitigate risk in each case. © 2012 IEEE.

Information security governance: the art of detecting hidden malware

Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.

Crime toolkits : the current threats to web applications

Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users. In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behaviour such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime.

Clonewise - detecting package-level clones using machine learning

Developers sometimes maintain an internal copy of another software or fork development of an existing project. This practice can lead to software vulnerabilities when the embedded code is not kept up to date with upstream sources. We propose an automated solution to identify clones of packages without any prior knowledge of these relationships. We then correlate clones with vulnerability information to identify outstanding security problems. This approach motivates software maintainers to avoid using cloned packages and link against system wide libraries. We propose over 30 novel features that enable us to use to use pattern classification to accurately identify package-level clones. To our knowledge, we are the first to consider clone detection as a classification problem. Our results show our system, Clonewise, compares well to manually tracked databases. Based on our work, over 30 unknown package clones and vulnerabilities have been identified and patched.

Security concerns and remedy in a cloud based e-learning system

Cloud computing is an emerging technology and it utilizes the cloud power to many technical solutions. The e-learning solution is one of those technologies where it implements the cloud power in its existing system to enhance the functionality providing to e-learners. Cloud technology has numerous advantages over the existing traditional e-learning systems. However security is a major concern in cloud based e-learning. Therefore security measures are unavoidable to prevent the loss of users’ valuable data from the security vulnerabilities. This paper investigates various security issues involved in cloud based e-learning technology with an aim to suggest remedial in the form of security measures and security management standards. These will help to overcome the security threats in cloud based e-learning technology. Solving the key problems will also encourage the widespread adoption of cloud computing in educational institutes.

Hybrid approach to ensure data confidentiality and tampered data recovery for RFID tag

Radio Frequency Identification (RFID) is an emerging wireless object identification technology with many potential applications such as supply chain management, personnel tracking and healthcare. However, security vulnerabilities of the RFID system have been a serious concern for its wide adoption in many applications. Although there are lots of work to provide privacy and anonymity, little focus has been given to ensure confidentiality and integrity of RFID tag data. To this end, we propose a lightweight hybrid approach based on stenographic and watermarking to ensure data confidentiality, linkability resistance and integrity on the RFID tags data. The proposed technique is capable of tampered data recovering and restoring for RFID tag. It has been validated and tested on EPC class 1 gen2 tags.

Risk, resistance and the neoliberal agenda: young people, health and well-being in the UK, Canada and Australia

In this article we describe how concepts of risk are both generated by and used to reinforce a neoliberal agenda in relation to the health and well-being of young people. We examine how risk may be used as a tool to advance ideals such as rational choice and individual responsibility, and how this can further disadvantage young people living within the contexts of structural disadvantage (such as geographic areas of long-term unemployment; communities that experience racial discrimination). We also identify the ways in which risk is applied in uneven ways within structurally disadvantaged contexts. To suggest a way forward, we articulate a set of principles and strategies that offer up a means of resisting neoliberal imperatives and suggest how these might play out at the micro-, meso- and macro-levels. To do this, we discuss examples from the UK, Canadian and Australian contexts to illustrate how young people resist being labelled as risky, and how it is possible to engage in health equity-enhancing actions, despite seemingly deterministic forces. The cases we describe reveal some of the vulnerabilities (and hence opportunities) within the seemingly impenetrable world view and powers of neoliberals, and point towards the potential to formulate an agenda of resistance and new directions for young people's health promotion.

Guest editors' introduction : Special issue on trust, security, and privacy in parallel and distributed systems

In modern computing paradigms, most computing systems, e.g., cluster computing, grid computing, cloud computing, the Internet, telecommunication networks, Cyber- Physical Systems (CPS), and Machine-to-Machine communication networks (M2M), are parallel and distributed systems. While providing improved expandability, manageability, efficiency, and reliability, parallel and distributed systems increase their security weaknesses to an unprecedented scale. As the system devices are widely connected, their vulnerabilities are shared by the entire system. Because tasks are allocated to, and information is exchanged among the system devices that may belong to different users, trust, security, and privacy issues have yet to be resolved. This special issue of the IEEE Transactions on Parallel and Distributed Systems (TPDS) highlights recent advances in trust, security, and privacy for emerging parallel and distributed systems. This special issue was initiated by Dr. Xu Li, Dr. Patrick McDaniel, Dr. Radha Poovendran, and Dr. Guojun Wang. Due to a large number of submissions, Dr. Zhenfu Cao, Dr. Keqiu Li, and Dr. Yang Xiang were later invited to the editorial team. Dr. Xu Li was responsible for coordinating the paper review process. In response to the call for papers, we received 150 effective submissions, out of which 24 are included in this special issue after rigorous review and careful revision, presenting an acceptance ratio of 16 percent. The accepted papers are divided into three groups, covering issues related to trust, security, and privacy, respectively.

Google hacking defence based on honey pages

 Many web servers contain some dangerous pages (we name them eigenpages) that can indicate their vulnerabilities. Therefore, some worms such as Santy locate their targets by searching for these eigenpages in search engines with well-crafted queries. In this paper, we focus on the modeling and containment of these special worms targeting web applications. We propose a containment system based on honey pots. We make search engines randomly insert a few honey pages that will induce visitors to the pre-established honey pots among the search results for the arriving queries. And then infectious can be detected and reported to the search engines when their malicious scans hit the honey pots. We find that the Santy worm can be well stopped by inserting no more than two honey pages in every one hundred search results. We also solve the challenging issue to dynamically generate matching honey pages for those dynamically arriving queries. Finally, a prototype is implemented to prove the technical feasibility of this system. © 2013 by CESER Publications.

Software similarity and classification

This thesis analyses software programs in the context of their similarity to other software programs. Applications proposed and implemented include detecting malicious software and discovering security vulnerabilities.

Matrix-based pairwise key establishment with pre and post deployment knowledge for wireless mesh networks

The nature of wireless transmission leads to vulnerabilities to many malicious activities, and communication in wireless mesh networks (WMNs) must be protected by proper security measures. This paper focuses on symmetric pair wise key establishment and presents a new matrix-based pair wise key establishment scheme for mesh clients. In WMNs, mesh routers are much more powerful than mesh clients, both in communication and computation. By taking advantage of this heterogeneity, our new scheme delegates energy-consuming operations to mesh routers when establishing pair wise keys for mesh clients. Additionally, neighbor mesh clients in our scheme can directly establish pair wise keys with significantly reduced communication and storage costs, due to the use of both pre and post deployment knowledge.

Psychopathology in police custody: The role of importation, deprivation and interaction models

People experiencing mental illness are over-represented among police cell detainees, however limited work has sought to investigate the occurrence of psychopathology in police custody. The present study sought to examine the predictive power of personal factors (e.g., history of psychiatric hospitalisation), situational factors (e.g., police cell conditions), and their interactive effects to explain the occurrence of psychopathology in police custody. A total of 150 detainees were recruited from two metropolitan police stations in Melbourne, Australia. Personal factors were significantly associated with psychiatric symptomatology, with situational factors and interaction terms yielding no association. Detainees with preexisting vulnerabilities and those unsatisfied with police cell conditions demonstrated the highest levels of psychopathology. While all detainees experience some difficulties in police cells, it is those with pre-existing vulnerabilities that suffer the most. This may be due to the exacerbation of vulnerabilities by police cell conditions. The implications of these findings for provision of health care services in police cells are discussed.

Security testing in Android networks : a practical case study

Android is a new generation of an open operating system directed at mobile devices that are carried every day. The openness of this architecture is leading to new applications and opportunities including a host of multimedia services, new interfaces and browsers, multitasking including support for wireless local, personal and wide area networking services. Security with mobility and wireless connectivity thus becomes even more important with all these exciting developments. Vital security issues such as leakage of private information, file stealing and spambots abound in networks in practice and Android networks continue to be subject to these same families of vulnerabilities. This paper provides a demonstration of such vulnerabilities in spite of the best efforts of designers and implementers. In particular it describes examples of data leakage and file stealing (address books, contact lists, SMS messages, pictures) as well as demonstrating how Android devices can create spambots. © 2013 IEEE.

Further observations on smart-card-based password-authenticated key agreement in distributed systems

This paper initiates the study of two specific security threats on smart-card-based password authentication in distributed systems. Smart-card-based password authentication is one of the most commonly used security mechanisms to determine the identity of a remote client, who must hold a valid smart card and the corresponding password to carry out a successful authentication with the server. The authentication is usually integrated with a key establishment protocol and yields smart-card-based password-authenticated key agreement. Using two recently proposed protocols as case studies, we demonstrate two new types of adversaries with smart card: 1) adversaries with pre-computed data stored in the smart card, and 2) adversaries with different data (with respect to different time slots) stored in the smart card. These threats, though realistic in distributed systems, have never been studied in the literature. In addition to point out the vulnerabilities, we propose the countermeasures to thwart the security threats and secure the protocols. © 2013 IEEE.