Security in RFID devices

Aquest projecte inclou una aproximació als conceptes de RFID i targetes contactless centrant-se en l’ampliament usat MIFARE Classic chip. L’objectiu principal es mostrar el seu funcionament i les seves vulnerabilitats, així com alguns exemples pràctics fent una anàlisi de diferents serveis que les utilitzen.

The role of community and population ecology in applying mycorrhizal fungi for improved food security.

The global human population is expected to reach ∼9 billion by 2050. Feeding this many people represents a major challenge requiring global crop yield increases of up to 100%. Microbial symbionts of plants such as arbuscular mycorrhizal fungi (AMF) represent a huge, but unrealized resource for improving yields of globally important crops, especially in the tropics. We argue that the application of AMF in agriculture is too simplistic and ignores basic ecological principals. To achieve this challenge, a community and population ecology approach can contribute greatly. First, ecologists could significantly improve our understanding of the determinants of the survival of introduced AMF, the role of adaptability and intraspecific diversity of AMF and whether inoculation has a direct or indirect effect on plant production. Second, we call for extensive metagenomics as well as population genomics studies that are crucial to assess the environmental impact that introduction of non-local AMF may have on native AMF communities and populations. Finally, we plead for an ecologically sound use of AMF in efforts to increase food security at a global scale in a sustainable manner.

Wireless Technologies in e-Business; Services, Security and Management

Uusien mobiilien laitteiden ja palveluiden kehitys ovat herättäneet yritysten mielenkiinnon soveltaa langattomia sovelluksia omassa liiketoiminnassaan. Erilaisten tekniikoiden myötä myös mahdollisuuksien kirjo on laajentumassa, mikä johtaa erilaisten verkkojen ja laitteiden yhtenäiselle hallinnalle asetettavien vaatimusten kasvuun. Yritysten siirtyessä soveltamaan uusia langattomia palveluita ja sovelluksia on myös huomioon otettavaa sovellusten sekä palveluiden vaatima tietoturva ja sen hallittavuus. Tutkimuksessa esitetään langattoman sähköisen liiketoiminnan määritelmä sekä kyseisien teknologioiden käyttöä edistävät tekijät. Tutkimus luo viitekehyksen yrityksen langattomien teknologioiden käytölle ja siihen olennaisesti vaikuttavista tekijöistä. Viitekehystä on käytetty todelliseen esimerkkiin, liikkuva myyntihenkilö, kyseisten teknologioiden, palveluiden, tietoturvan ja hallittavuuden näkökulmasta. Johtopäätöksinä on arvioitu mobiilien ja langattomien teknologioiden sekä palveluiden, tietoturvan ja hallittavuuden tilaa ja analysoimalla niitä tulevaa ajatellen.

Security in multicast communication

Multicast is one method to transfer information in IPv4 based communication. Other methods are unicast and broadcast. Multicast is based on the group concept where data is sent from one point to a group of receivers and this remarkably saves bandwidth. Group members express an interest to receive data by using Internet Group Management Protocol and traffic is received by only those receivers who want it. The most common multicast applications are media streaming applications, surveillance applications and data collection applications. There are many data security methods to protect unicast communication that is the most common transfer method in Internet. Popular data security methods are encryption, authentication, access control and firewalls. The characteristics of multicast such as dynamic membership cause that all these data security mechanisms can not be used to protect multicast traffic. Nowadays the protection of multicast traffic is possible via traffic restrictions where traffic is allowed to propagate only to certain areas. One way to implement this is packet filters. Methods tested in this thesis are MVR, IGMP Filtering and access control lists which worked as supposed. These methods restrict the propagation of multicast but are laborious to configure in a large scale. There are also a few manufacturerspecific products that make possible to encrypt multicast traffic. These separate products are expensive and mainly intended to protect video transmissions via satellite. Investigation of multicast security has taken place for several years and the security methods that will be the results of the investigation are getting ready. An IETF working group called MSEC is standardizing these security methods. The target of this working group is to standardize data security protocols for multicast during 2004.

Epidemiology and injury patterns of patients consulting following assault by nightclub security agents in a university hospital emergency service and an associated specialised forensic consultation

Introduction: The Violence Medical Unit (VMU), a specialised forensic medical consultation, was created at the Lausanne university Hospital in 2006. All patients consulting at the ED for interpersonal violencerelated injury are referred to the VMU, which provides forensic documentation of the injury and referral to the relevant community based victim-support organisations within 48 hours of the ED visit. This frees the ED medical staff from forensic injury documentation and legal/social referral, tasks for which they lack both time and training. Among community violence, assaults by nightclub security agents against patrons have increased from 6% to 10% between 2007 and 2009. We set out to characterise the demographics, assault mechanisms, subsequent injuries, prior alcohol intake and ED & VMU costs incurred by this group of patients. Methods: We retrospectively included all patients consulting at the VMU due to assault by nightclub security agents from January 2007 to December 2009. Data was obtained from ED & VMU medical, nursing and administrative records. Results: Our sample included 70 patients, of which 64 were referred by the CHUV ED. The victims were typically young (median age 29) males (93%). 77% of assaults occurred on the weekend between 12 PM and 4 AM, and 73% of the victims were under the influence of alcohol. 83% of the patients were punched, kicked and/or head-butted; 9% had been struck with a blunt instrument. 80% of the injuries were in the head and neck area and 19% of the victims sustained fractures. 21% of the victims were prescribed medical leave. Total ED & VMU costs averaged 1048 SFr. Conclusion: Medical staff treating this population of assault victims must be aware of the assault mechanisms and injury patterns, in particular the high probability of fractures, in order to provide adequate diagnosis and care. Associated inebriation mandates liberal use of radiology, as delayed or missed diagnosis may have medical, medicolegal and legal implications. Emergency medical services play an important role in detecting and reporting of such incidents. Centralised management of the forensic documentation facilitates referral to victim support organisations and epidemiological data collection. Magnitudes and trends of the different types of violence can be determined, and this information can be then impact public safety management policies.

Security and Privacy in a Ubiquitous Information Screen

We expose the ubiquitous interaction between an information screen and its’ viewers mobile devices, highlights the communication vulnerabilities, suggest mitigation strategies and finally implement these strategies to secure the communication. The screen infers information preferences’ of viewers within its vicinity transparently from their mobile devices over Bluetooth. Backend processing then retrieves up-to-date versions of preferred information from content providers. Retrieved content such as sporting news, weather forecasts, advertisements, stock markets and aviation schedules, are systematically displayed on the screen. To maximise users’ benefit, experience and acceptance, the service is provided with no user interaction at the screen and securely upholding preferences privacy and viewers anonymity. Compelled by the personal nature of mobile devices, their contents privacy, preferences confidentiality, and vulnerabilities imposed by screen, the service’s security is fortified. Fortification is predominantly through efficient cryptographic algorithms inspired by elliptic curves cryptosystems, access control and anonymity mechanisms. These mechanisms are demonstrated to attain set objectives within reasonable performance.

Security, Privacy and Anonymity in Legal Distribution of Copyrighted Multimedia Content over Peer-to-Peer Networks: A Brief Overview

Peer-reviewed

Software Security Vulnerabilities in Mobile Peer-to-peer Environment

Increase of computational power and emergence of new computer technologies led to popularity of local communications between personal trusted devices. By-turn, it led to emergence of security problems related to user data utilized in such communications. One of the main aspects of the data security assurance is security of software operating on mobile devices. The aim of this work was to analyze security threats to PeerHood, software intended for performing personal communications between mobile devices regardless of underlying network technologies. To reach this goal, risk-based software security testing was performed. The results of the testing showed that the project has several security vulnerabilities. So PeerHood cannot be considered as a secure software. The analysis made in the work is the first step towards the further implementation of PeerHood security mechanisms, as well as taking into account security in the development process of this project.

Exploring the role and transformative potential of human rights in development practice and food security : case study from Malawi

Avhandlingen är en analys av den roll som mänskliga rättigheter spelar i utvecklingssamarbete i allmänhet och tre matsäkerhetsprojekt i Malawi i synnerhet. Författaren undersöker huruvida mänskliga rättigheter kan bidra till samhälleliga förändringsprocesser. Undersökningen har en diskursiv syn på mänskliga rättigheter; rättigheter ses som sociala konstruktioner skapade av människor, konstruktioner som förändras i takt med att aktörerna ger dem ny mening. Människorättsbaserade utvecklingsstrategier riktar uppmärksamheten mot olika aktörers skyldigheter samt vikten av att mänskliga rättigheter inte kränks genom utvecklingspolitiska beslut. En analys som utgår från mänskliga rättigheter kan leda till att nya frågor lyfts fram: vem har skyldigheter, vem har rättigheter, och varför förverkligas inte dessa? Fokus flyttas till hur politiska, ekonomiska och juridiska strukturer kan förändras så att de främjar mänskliga rättigheter. Författaren använder empiriskt material från Malawi för att visa vilken roll mänskliga rättigheter och så kallade människorättsprinciper spelar inom tre projekt: (1) ett mathjälpsprojekt; (2) ett rättighetsbaserat projekt med fokus på att stärka strategier för livsuppehälle; (3) ett juridiskt projekt inom ramen för vilket man skapat ett lagförslag om rätten till föda. Analysen visar att det rättighetsbaserade projektet strävade efter den mest djupgående samhälleliga förändringen. Människorättsprinciperna ansvarighet och deltagande handlade inte endast om verksamheten inom projektet utan man strävade även efter att stärka dessa principer mellan medborgare och myndigheter. Rättigheter, som ett sätt att tala, tänka och handla, inte som abstrakta juridiska normer, påverkade de lokala aktörernas sätt att kräva bl.a. tjänster av lokala myndigheter. Teoretiskt kan man säga att det rättighetsbaserade projektet representerar ett aktörsperspektiv på mänskliga rättigheter där aktörernas egna uppfattningar om vad de är berättigade till samt krav på myndigheters ansvar formade vilken mening rättigheterna kom att få.

Developing customer need based services in personal security service industry

The purpose of this thesis is to examine how services can be developed and how the voice of the customer can be incorporated to the strategic planning of services. Furthermore, the objective is to investigate the methods of customer need analysis and service bundling. The data is collected from secondary and primary sources by reviewing the existing academic literature and by conducting in-depth interviews and surveys. The main findings of this research indicate that the service development in personal security service industry should be conducted through a formalized process and the process should begin with setting the strategic objectives. Moreover, the voice of the customer should be incorporated into all stages of the development process, especially into the front-end of the process. Furthermore, the information on customer needs should be gathered in a manner tailored for the purposes of service development.

New threats - old routines : bureaucratic adaptability in the security policy environment

Within the framework of state security policy, the focus of this dissertation are the relations between how new security threats are perceived and the policy planning and bureaucratic implementation that are designed to address them. In addition, this thesis explores and studies some of the inertias that might exist in the core of the state apparatus as it addresses new threats and how these could be better managed. The dissertation is built on five thematic and interrelated articles highlighting different aspects of when new significant national security threats are detected by different governments until the threats on the policy planning side translate into protective measures within the society. The timeline differs widely between different countries and some key aspects of this process are also studied. One focus concerns mechanisms for adaptability within the Intelligence Community, another on the policy planning process within the Cabinet Offices/National Security Councils and the third focus is on the planning process and how policy is implemented within the bureaucracy. The issue of policy transfer is also analysed, revealing that there is some imitation of innovation within governmental structures and policies, for example within the field of cyber defence. The main findings of the dissertation are that this context has built-in inertias and bureaucratic seams found in most government bureaucratic machineries. As much of the information and planning measures imply security classification of the transparency and internal debate on these issues, alternative assessments become limited. To remedy this situation, the thesis recommends ways to improve the decision-making system in order to streamline the processes involved in making these decisions. Another special focus of the thesis concerns the role of the public policy think tanks in the United States as an instrument of change in the country’s national security decision-making environment, which is viewed from the perspective as being a possible source of new ideas and innovation. The findings in this part are based on unique interviews data on how think tanks become successful and influence the policy debate in a country such as the United States. It appears clearly that in countries such as the United States think tanks smooth the decision making processes, and that this model with some adaptations also might be transferrable to other democratic countries.