Novel information sharing syntax for data sharing between police and community partners, using role-based security.

The exchange of information between the police and community partners forms a central aspect of effective community service provision. In the context of policing, a robust and timely communications mechanism is required between police agencies and community partner domains, including: Primary healthcare (such as a Family Physician or a General Practitioner); Secondary healthcare (such as hospitals); Social Services; Education; and Fire and Rescue services. Investigations into high-profile cases such as the Victoria Climbié murder in 2000, the murders of Holly Wells and Jessica Chapman in 2002, and, more recently, the death of baby Peter Connelly through child abuse in 2007, highlight the requirement for a robust information-sharing framework. This paper presents a novel syntax that supports information-sharing requests, within strict data-sharing policy definitions. Such requests may form the basis for any information-sharing agreement that can exist between the police and their community partners. It defines a role-based architecture, with partner domains, with a syntax for the effective and efficient information sharing, using SPoC (Single Point-of-Contact) agents to control in-formation exchange. The application of policy definitions using rules within these SPoCs is inspired by network firewall rules and thus define information exchange permissions. These rules can be imple-mented by software filtering agents that act as information gateways between partner domains. Roles are exposed from each domain to give the rights to exchange information as defined within the policy definition. This work involves collaboration with the Scottish Police, as part of the Scottish Institute for Policing Research (SIPR), and aims to improve the safety of individuals by reducing risks to the community using enhanced information-sharing mechanisms.

Wireless and Physical Security via Embedded Sensor Networks

Wireless Intrusion Detection Systems (WIDS) monitor 802.11 wireless frames (Layer-2) in an attempt to detect misuse. What distinguishes a WIDS from a traditional Network IDS is the ability to utilize the broadcast nature of the medium to reconstruct the physical location of the offending party, as opposed to its possibly spoofed (MAC addresses) identity in cyber space. Traditional Wireless Network Security Systems are still heavily anchored in the digital plane of "cyber space" and hence cannot be used reliably or effectively to derive the physical identity of an intruder in order to prevent further malicious wireless broadcasts, for example by escorting an intruder off the premises based on physical evidence. In this paper, we argue that Embedded Sensor Networks could be used effectively to bridge the gap between digital and physical security planes, and thus could be leveraged to provide reciprocal benefit to surveillance and security tasks on both planes. Toward that end, we present our recent experience integrating wireless networking security services into the SNBENCH (Sensor Network workBench). The SNBENCH provides an extensible framework that enables the rapid development and automated deployment of Sensor Network applications on a shared, embedded sensing and actuation infrastructure. The SNBENCH's extensible architecture allows an engineer to quickly integrate new sensing and response capabilities into the SNBENCH framework, while high-level languages and compilers allow novice SN programmers to compose SN service logic, unaware of the lower-level implementation details of tools on which their services rely. In this paper we convey the simplicity of the service composition through concrete examples that illustrate the power and potential of Wireless Security Services that span both the physical and digital plane.

Low-cost digital signature architecture suitable for radio frequency identification tags

Continuing achievements in hardware technology are bringing ubiquitous computing closer to reality. The notion of a connected, interactive and autonomous environment is common to all sensor networks, biosystems and radio frequency identification (RFID) devices, and the emergence of significant deployments and sophisticated applications can be expected. However, as more information is collected and transmitted, security issues will become vital for such a fully connected environment. In this study the authors consider adding security features to low-cost devices such as RFID tags. In particular, the authors consider the implementation of a digital signature architecture that can be used for device authentication, to prevent tag cloning, and for data authentication to prevent transmission forgery. The scheme is built around the signature variant of the cryptoGPS identification scheme and the SHA-1 hash function. When implemented on 130 nm CMOS the full design uses 7494 gates and consumes 4.72 mu W of power, making it smaller and more power efficient than previous low-cost digital signature designs. The study also presents a low-cost SHA-1 hardware architecture which is the smallest standardised hash function design to date.

Dynamic global security-aware synthesis using System-C

A dynamic global security-aware synthesis flow using the SystemC language is presented. SystemC security models are first specified at the system or behavioural level using a library of SystemC behavioural descriptions which provide for the reuse and extension of security modules. At the core of the system is incorporated a global security-aware scheduling algorithm which allows for scheduling to a mixture of components of varying security level. The output from the scheduler is translated into annotated nets which are subsequently passed to allocation, optimisation and mapping tools for mapping into circuits. The synthesised circuits incorporate asynchronous secure power-balanced and fault-protected components. Results show that the approach offers robust implementations and efficient security/area trade-offs leading to significant improvements in turnover.

The Disrupted Space: Safety and Security in traditional contexts

One of the core elements of successful planning is the individuals’ experience of their shared open spaces. This paper attributes to the relationship between safety and urban design by means of natural surveillance and security in the city’s shared spaces. It examines how political claims over space reassembled alternative definitions of security in one of Cairo’s oldest quarters, and how ambitious planning schemes were mostly driven by problems of insecurity, chaos and disorder. The main crux to this account is based on original documents, interviews and maps which reveals considerable insights and accounts of how this vision affected the quarter’s spatial quality and the user’s reactions to his new spatial formula. It also reveals conflicting conceptions of safety and security between the planning ambitions and the users experiences, which not only lacked reliable visions for securing the quarter, but also resulted further disruption to their everyday living spaces.

Electronic health records for mobile citizens: a secure and collaborative architecture

Durante as ultimas décadas, os registos de saúde eletrónicos (EHR) têm evoluído para se adaptar a novos requisitos. O cidadão tem-se envolvido cada vez mais na prestação dos cuidados médicos, sendo mais pró ativo e desejando potenciar a utilização do seu registo. A mobilidade do cidadão trouxe mais desafios, a existência de dados dispersos, heterogeneidade de sistemas e formatos e grande dificuldade de partilha e comunicação entre os prestadores de serviços. Para responder a estes requisitos, diversas soluções apareceram, maioritariamente baseadas em acordos entre instituições, regiões e países. Estas abordagens são usualmente assentes em cenários federativos muito complexos e fora do controlo do paciente. Abordagens mais recentes, como os registos pessoais de saúde (PHR), permitem o controlo do paciente, mas levantam duvidas da integridade clinica da informação aos profissionais clínicos. Neste cenário os dados saem de redes e sistemas controlados, aumentando o risco de segurança da informação. Assim sendo, são necessárias novas soluções que permitam uma colaboração confiável entre os diversos atores e sistemas. Esta tese apresenta uma solução que permite a colaboração aberta e segura entre todos os atores envolvidos nos cuidados de saúde. Baseia-se numa arquitetura orientada ao serviço, que lida com a informação clínica usando o conceito de envelope fechado. Foi modelada recorrendo aos princípios de funcionalidade e privilégios mínimos, com o propósito de fornecer proteção dos dados durante a transmissão, processamento e armazenamento. O controlo de acesso _e estabelecido por políticas definidas pelo paciente. Cartões de identificação eletrónicos, ou certificados similares são utilizados para a autenticação, permitindo uma inscrição automática. Todos os componentes requerem autenticação mútua e fazem uso de algoritmos de cifragem para garantir a privacidade dos dados. Apresenta-se também um modelo de ameaça para a arquitetura, por forma a analisar se as ameaças possíveis foram mitigadas ou se são necessários mais refinamentos. A solução proposta resolve o problema da mobilidade do paciente e a dispersão de dados, capacitando o cidadão a gerir e a colaborar na criação e manutenção da sua informação de saúde. A arquitetura permite uma colaboração aberta e segura, possibilitando que o paciente tenha registos mais ricos, atualizados e permitindo o surgimento de novas formas de criar e usar informação clínica ou complementar.

Layered smart grid architecture approach and field tests by ZigBee technology

This paper presents a layered Smart Grid architecture enhancing security and reliability, having the ability to act in order to maintain and correct infrastructure components without affecting the client service. The architecture presented is based in the core of well design software engineering, standing upon standards developed over the years. The layered Smart Grid offers a base tool to ease new standards and energy policies implementation. The ZigBee technology implementation test methodology for the Smart Grid is presented, and provides field tests using ZigBee technology to control the new Smart Grid architecture approach. (C) 2014 Elsevier Ltd. All rights reserved.

The Court of Justice of the European Union as a fundamental rights tribunal: challenges for the effective delivery of fundamental rights in the area of freedom, security and justice. CEPS Paper in Liberty and Security in Europe No. 49, 29 August 2012

This paper reflects on the challenges facing the effective implementation of the new EU fundamental rights architecture that emerged from the Lisbon Treaty. Particular attention is paid to the role of the Court of Justice of the European Union (CJEU) and its ability to function as a ‘fundamental rights tribunal’. The paper first analyses the praxis of the European Court of Human Rights in Strasbourg and its long-standing experience in overseeing the practical implementation of the European Convention for the Protection of Human Rights and Fundamental Freedoms. Against this analysis, it then examines the readiness of the CJEU to live up to its consolidated and strengthened mandate on fundamental rights as one of the prime guarantors of the effective implementation of the EU Charter of Fundamental Rights. We specifically review the role of ‘third-party interventions’ by non-governmental organisations, international and regional human rights actors as well as ‘interim relief measures’ when ensuring effective judicial protection of vulnerable individuals in cases of alleged violations of fundamental human rights. To flesh out our arguments, we rely on examples within the scope of the relatively new and complex domain of EU legislation, the Area of Freedom, Security and Justice (AFSJ), and its immigration, external border and asylum policies. In view of the fundamental rights-sensitive nature of these domains, which often encounter shifts of accountability and responsibility in their practical application, and the Lisbon Treaty’s expansion of the jurisdiction of the CJEU to interpret and review EU AFSJ legislation, this area can be seen as an excellent test case for the analyses at hand. The final section puts forth a set of policy suggestions that can assist the CJEU in the process of adjusting itself to the new fundamental rights context in a post-Lisbon Treaty setting.

EU Home Affairs Agencies and the Construction of EU Internal Security. CEPS Paper in Liberty and Security No. 53/December 2012

Regulatory agencies such as Europol, Frontex, Eurojust, CEPOL as well as bodies such as OLAF, have over the past decade become increasingly active within the institutional architecture constituting the EU’s Area of Freedom, Security and Justice and are now placed at the forefront of implementing and developing the EU’s internal security model. A prominent feature of agency activity is the large-scale proliferation of ‘knowledge’ on security threats via the production of policy tools such as threat assessments, risk analyses, periodic and situation reports. These instruments now play a critical role in providing the evidence-base that supports EU policymaking, with agency-generated ‘knowledge’ feeding political priority setting and decision-making within the EU’s new Internal Security Strategy (ISS). This paper examines the nature and purpose of knowledge generated by EU Home Affairs agencies. It asks where does this knowledge originate? How does it measure against criteria of objectivity, scientific rigour, reliability and accuracy? And how is it processed in order to frame threats, justify actions and set priorities under the ISS?

Multi-modal fingerprinting for multimedia assets: optimisation of media security protection in online distribution environments

Since the advent of the internet in every day life in the 1990s, the barriers to producing, distributing and consuming multimedia data such as videos, music, ebooks, etc. have steadily been lowered for most computer users so that almost everyone with internet access can join the online communities who both produce, consume and of course also share media artefacts. Along with this trend, the violation of personal data privacy and copyright has increased with illegal file sharing being rampant across many online communities particularly for certain music genres and amongst the younger age groups. This has had a devastating effect on the traditional media distribution market; in most cases leaving the distribution companies and the content owner with huge financial losses. To prove that a copyright violation has occurred one can deploy fingerprinting mechanisms to uniquely identify the property. However this is currently based on only uni-modal approaches. In this paper we describe some of the design challenges and architectural approaches to multi-modal fingerprinting currently being examined for evaluation studies within a PhD research programme on optimisation of multi-modal fingerprinting architectures. Accordingly we outline the available modalities that are being integrated through this research programme which aims to establish the optimal architecture for multi-modal media security protection over the internet as the online distribution environment for both legal and illegal distribution of media products.

Real-time context-aware network security policy enforcement system (RC-NSPES)

The major technical objectives of the RC-NSPES are to provide a framework for the concurrent operation of reactive and pro-active security functions to deliver efficient and optimised intrusion detection schemes as well as enhanced and highly correlated rule sets for more effective alerts management and root-cause analysis. The design and implementation of the RC-NSPES solution includes a number of innovative features in terms of real-time programmable embedded hardware (FPGA) deployment as well as in the integrated management station. These have been devised so as to deliver enhanced detection of attacks and contextualised alerts against threats that can arise from both the network layer and the application layer protocols. The resulting architecture represents an efficient and effective framework for the future deployment of network security systems.

Security Issues in a SOA-based Provenance System

Recent work has begun exploring the characterization and utilization of provenance in systems based on the Service Oriented Architecture (such as Web Services and Grid based environments). One of the salient issues related to provenance use within any given system is its security. In a broad sense, security requirements arise within any data archival and retrieval system, however provenance presents unique requirements of its own. These requirements are additionally dependent on the architectural and environmental context that a provenance system operates in. We seek to analyze the security considerations pertaining to a Service Oriented Architecture based provenance system. Towards this end, we describe the components of such a system and illustrate the security considerations that arise within it. Concurrently, we outline possible approaches to address them.

From Money Storage to Money Store: Openness and Transparency in Bank Architecture

In the middle of the twentieth century, banks changed from ‘closed’ designs signifying wealth, security, and safety to ‘open’ designs signifying hospitality, honesty, and transparency as the perception of money changed from a passive physical substance to be slowly accumulated to an active notational substance to be kept in motion. If money is saved, customers must trust that the bank is secure and their money will be there when they want it; if money is invested, customers must trust that it is being done openly and honestly and they are being well-advised. Architecture visually communicates that the institution can be trusted in the requisite way.