ZigBee/ZigBee PRO security assessment based on compromised cryptographic keys

Sensor networks have many applications in monitoring and controlling of environmental properties such as sound, acceleration, vibration and temperature. Due to limitedresources in computation capability, memory and energy, they are vulnerable to many kinds of attacks. The ZigBee specification based on the 802.15.4 standard, defines a set of layers specifically suited to sensor networks. These layers support secure messaging using symmetric cryptographic. This paper presents two different ways for grabbing the cryptographic key in ZigBee: remote attack and physical attack. It also surveys and categorizes some additional attacks which can be performed on ZigBee networks: eavesdropping, spoofing, replay and DoS attacks at different layers. From this analysis, it is shown that some vulnerabilities still in the existing security schema in ZigBee technology.

A Security Framework for JXTA-Overlay

En l'actualitat, la maduresa del camp de la investigaci�� P2P emp��s a trav��s de nous problemes, relacionats amb la seguretat. Per aquesta ra��, la seguretat comen��a a convertir-se en una de les q��estions clau en l'avaluaci�� d'un sistema P2P, i ��s important proporcionar mecanismes de seguretat per a sistemes P2P. El projecte JXTAOverlay fa un esfor�� per utilitzar la tecnologia JXTA per proporcionar un conjunt gen��ric de funcions que poden ser utilitzades pels desenvolupadors per desplegar aplicacions P2P. No obstant aix��, encara que el seu disseny es va centrar en q��estions com ara l'escalabilitat o el rendiment general, no va tenir en compte la seguretat. Aquest treball proposa un marc de seguretat, adaptat espec��ficament a la idiosincr��sia del JXTAOverlay.

JXTA security in mobile constrained devices

JXME is the JXTA protocols implementation formobile devices using J2ME. Two different flavors of JXME have been implemented, each one specific for a particular set of devices, according to their capabilities. The main value of JXME is its simplicity to create peer-to-peer (P2P) applications in limited devices. In addition to assessing JXME functionalities, it is also important to realize the default security level provided. This paper presents a brief analysis of the current state of security in JXME, focusing on the JXME-Proxied version, identifies existing vulnerabilities and proposes further improvements in this field.

Security in RFID devices

Aquest projecte inclou una aproximaci�� als conceptes de RFID i targetes contactless centrant-se en l���ampliament usat MIFARE Classic chip. L���objectiu principal es mostrar el seu funcionament i les seves vulnerabilitats, aix�� com alguns exemples pr��ctics fent una an��lisi de diferents serveis que les utilitzen.

Wireless Technologies in e-Business; Services, Security and Management

Uusien mobiilien laitteiden ja palveluiden kehitys ovat her��tt��neet yritysten mielenkiinnon soveltaa langattomia sovelluksia omassa liiketoiminnassaan. Erilaisten tekniikoiden my��t�� my��s mahdollisuuksien kirjo on laajentumassa, mik�� johtaa erilaisten verkkojen ja laitteiden yhten��iselle hallinnalle asetettavien vaatimusten kasvuun. Yritysten siirtyess�� soveltamaan uusia langattomia palveluita ja sovelluksia on my��s huomioon otettavaa sovellusten sek�� palveluiden vaatima tietoturva ja sen hallittavuus. Tutkimuksessa esitet����n langattoman s��hk��isen liiketoiminnan m����ritelm�� sek�� kyseisien teknologioiden k��ytt���� edist��v��t tekij��t. Tutkimus luo viitekehyksen yrityksen langattomien teknologioiden k��yt��lle ja siihen olennaisesti vaikuttavista tekij��ist��. Viitekehyst�� on k��ytetty todelliseen esimerkkiin, liikkuva myyntihenkil��, kyseisten teknologioiden, palveluiden, tietoturvan ja hallittavuuden n��k��kulmasta. Johtop����t��ksin�� on arvioitu mobiilien ja langattomien teknologioiden sek�� palveluiden, tietoturvan ja hallittavuuden tilaa ja analysoimalla niit�� tulevaa ajatellen.

Development of an investor relations strategy - Case SSH Communications Security Corp. Communications Security Corp.

Tutkimuksen tavoitteena oli muodostaa viitekehys sijoittajaviestinn��n strategian muodostamiseen ja soveltaa viitekehyst�� k��yt��nn��ss��. Tutkimusongelma nousi case-yrityksest��, SSH Communications Security Oyj:st��, joka listautui vuoden 2000 lopussa. Teoreettinen viitekehys perustuu aikaisempaan kirjallisuuteen sijoittajaviestinn��st��, strategian kehitt��misest�� ja rahoitusteoriasta. Rahoitusteorian alueet, joita k��siteltiin tutkimuksessa ovat; vapaaehtoinen tiedottaminen, markkinatehokkuus ja agenttiteoria. Tutkimuksen empiirinen osa toteutettiin soveltamalla teoreettista viitekehyst�� case yritykseen. Empiirisess�� osuudessa k��ytiin l��pi seuraavat vaiheet; nykyisen tilan ulkoinen ja sis��inen analyysi, tavoitteiden asettaminen ja sijoittajaviestint�� strategia ehdotuksen muodostaminen case yritykseen. Tutkielman viimeinen kappale kokoaa t��rkeimm��t l��yd��kset, pohtii ty��n teoreettista kontribuutiota ja liikkeenjohdollisia kytk��ksi�� sek�� esitt���� tutkimuksen her��tt��mi�� ehdotuksia jatkotutkimuksille

Police work and new 'security devices' : a tale from the beat

Mobile technologies have brought about major changes in police equipment and police work. If a utopian narrative remains strongly linked to the adoption of new technologies, often formulated as 'magic bullets' to real occupational problems, there are important tensions between their 'imagined' outcomes and the (unexpected) effects that accompany their daily 'practical' use by police officers. This article offers an analysis of police officers' perceptions and interactions with security devices. In so doing, it develops a conceptual typology of strategies for coping with new technology inspired by Le Bourhis and Lascoumes: challenging, neutralizing and diverting. To that purpose, we adopt an ethnographic approach that focuses on the discourses, practices and actions of police officers in relation to three security devices: the mobile digital terminal, the mobile phone and the body camera. Based on a case study of a North American municipal police department, the article addresses how these technological devices are perceived and experienced by police officers on the beat.

Security Authentication using Phase-Encoded Nanoparticle Structures and Polarized Light

Phase encoded nano structures such as Quick Response (QR) codes made of metallic nanoparticles are suggested to be used in security and authentication applications. We present a polarimetric optical method able to authenticate random phase encoded QR codes. The system is illuminated using polarized light and the QR code is encoded using a phase-only random mask. Using classification algorithms it is possible to validate the QR code from the examination of the polarimetric signature of the speckle pattern. We used Kolmogorov-Smirnov statistical test and Support Vector Machine algorithms to authenticate the phase encoded QR codes using polarimetric signatures.

Security and Privacy in a Ubiquitous Information Screen

We expose the ubiquitous interaction between an information screen and its��� viewers mobile devices, highlights the communication vulnerabilities, suggest mitigation strategies and finally implement these strategies to secure the communication. The screen infers information preferences��� of viewers within its vicinity transparently from their mobile devices over Bluetooth. Backend processing then retrieves up-to-date versions of preferred information from content providers. Retrieved content such as sporting news, weather forecasts, advertisements, stock markets and aviation schedules, are systematically displayed on the screen. To maximise users��� benefit, experience and acceptance, the service is provided with no user interaction at the screen and securely upholding preferences privacy and viewers anonymity. Compelled by the personal nature of mobile devices, their contents privacy, preferences confidentiality, and vulnerabilities imposed by screen, the service���s security is fortified. Fortification is predominantly through efficient cryptographic algorithms inspired by elliptic curves cryptosystems, access control and anonymity mechanisms. These mechanisms are demonstrated to attain set objectives within reasonable performance.

Operation and Maintenance Security Service for OSS-RC networks

Security issues in telecommunication networks have become more important due to the development of the industry. The number of network elements and services has increased in the radio network as in the core network side, which has increased the number of security related issues. Ericsson has developed an OSS-RC product for operation and maintenance porpoises into the telecommunication networks. OSS-RC is used in a number of telecommunications operators, which have Ericsson's products used in their telecommunication networks. Ericsson provides product installation and maintenance support and guidance, but despite this, the product may have security related issues, either due to lack of following the instructions, human error or defect in the product itself or in a third party products attached. Ericsson���s Operation and Maintenance Security Service for OSS-RC networks aims to provide tools for checking the security level of the O&M product so that it meets all requirements and Ericsson���s own security related rules. Each customer has a unique telecommunications network structure and services, and so the security service has to be to create individually depending on the customer. The purpose of this thesis is to define the basic instructions for creating the security service for different customers.

Promoting peace and security in Africa : is the European Union up to the challenge?

The ninth annual Suomenlinna seminar, organised by the Department of Strategic and Defence Studies, Finnish National Defence College, was held in May 2006. It brought together a representative group of specialists in security studies for two days of presentations and discussion about the most pressing issues of today ��� the challenges facing European Union���s crisis management in Africa.

Enhancing human security through crisis management : opportunities and challenges for learning

Inhimilliseen turvallisuuteen kriisinhallinnan kautta ��� oppimisen mahdollisuuksia ja haasteita Kylm��n sodan j��lkeen aseelliset konfliktit ovat yleens�� alkaneet niin sanotuissa hauraissa valtioissa ja k��yhiss�� maissa, ne ovat olleet valtioiden sis��isi�� ja niihin on osallistunut ei-valtiollisia aseellisia ryhmittymi��. Usein ne johtavat konfliktikierteeseen, jossa sota ja vakaammat olot vaihtelevat. Koska kuolleisuus konflikteissa voi j����d�� alle kansainv��lisen m����ritelm��n (1000 kuollutta vuodessa), kutsun t��llaisia konflikteja ���uusiksi konflikteiksi���. Kansainv��linen yhteis�� on pyrkinyt kehitt��m����n kriisinhallinnan ja rauhanrakentamisen malleja, jotta pysyv�� rauhantila saataisiin aikaiseksi. Inhimillinen turvallisuus perustuu n��kemykseen, jossa kunnioitetaan jokaisen yksil��n ihmisoikeuksia ja jolla on vaikutusta my��s kriisinhallinnan ja rauhanrakentamisen toteuttamiseen. Tutkimukseen kuuluu kaksi empiirist�� osaa: Delfoi tulevaisuuspaneeliprosessin sek�� kriisinhallintahenkil��st��n haastattelut. Viisitoista eri alojen kriisinhallinta-asiantuntijaa osallistui paneeliin, joka toteutettiin vuonna 2008. Paneelin tulosten mukaan tulevat konfliktit usein ovat uusien konfliktien kaltaisia. Lis��ksi kriisinhallintahenkil��st��lt�� edellytet����n vuorovaikutus- ja kommunikaatiokyky�� ja luonnollisesti my��s varsinaisia ammatillisia valmiuksia. Tulevaisuuspaneeli korosti vuorovaikutus- ja kommunikaatiotaitoja erityisesti siviilikriisinhallintahenkil��st��n kompetensseissa, mutta samat taidot painottuivat sotilaallisen kriisinhallinnan henkil��st��n kompetensseissakin. Kriisinhallinnassa tarvitaan my��s selv���� ty��njakoa eri toimijoiden kesken. Kosovossa ty��skennelleen henkil��st��n haastatteluaineisto koostui yhteens�� 27 teemahaastattelusta. Haastateltavista 9 oli ammattiupseeria, 10 reservist�� rekrytoitua rauhanturvaajaa ja 8 siviilikriisinhallinnassa ty��skennellytt�� henkil����. Haastattelut toteutettiin helmi- ja kes��kuun v��lisen�� aikana vuonna 2008. Haastattelutuloksissa korostui vuorovaikutus- ja kommunikaatiotaitojen merkitys, sill�� monissa k��yt��nn��n tilanteissa haastateltavat olivat ratkoneet ongelmia yhteisty��ss�� muun kriisinhallintahenkil��st��n tai paikallisten asukkaiden kanssa. Kriisinhallinnassa toteutui oppimisprosesseja, jotka usein olivat luonteeltaan my��nteisi�� ja informaalisia. T��llaisten onnistumisten vaikutus yksil��n min��kuvaan oli my��nteinen. T��llaisia prosesseja voidaan kuvata ���itse�� koskeviksi oivalluksiksi���. Kriisinhallintateht��viss�� oppimisella on erityinen merkitys, jos halutaan kehitt���� toimintoja inhimillisen turvallisuuden edist��miseksi. Siksi on t��rke����, ett�� kriisinhallintakoulutusta ja kriisinhallintaty��ss�� oppimista kehitet����n ottamaan huomioon oppimisen eri tasot ja ulottuvuudet sek�� niiden merkitys. Informaaliset oppimisen muodot olisi otettava paremmin huomioon kriisinhallintakoulutusta ja kriisinhallintateht��viss�� oppimista kehitett��ess��. Palautej��rjestelm���� olisi kehitett��v�� eri tavoin. Koko kriisinhallintaoperaation on saatava tarvittaessa my��s kriittist�� palautetta onnistumisista ja ep��onnistumisista. Monet kriisinhallinnassa ty��skennelleet kaipaavat kunnollista palautetta ty��rupeamastaan. Liian rutiininomaiseksi koettu palaute ei edist�� yksil��n oppimista. Spontaanisti monet haastatellut pitiv��t t��rke��n��, ett�� kriisinhallinnassa ty��skennelleill�� olisi mahdollisuus debriefing- tyyppiseen kotiinpaluukeskusteluun. Pelkk�� t��llainen mahdollisuus ilmeisesti voisi olla monelle my��nteinen uutinen, vaikka tilaisuutta ei hy��dynnett��isik����n. Paluu kriisinhallintateht��vist�� Suomeen on monelle haasteellisempaa kuin n��iss�� teht��viss�� ty��skentelyn aloittaminen ulkomailla. Tutkimuksen tulokset kannustavat tutkimaan kriisinhallintaa oppimisen n��k��kulmasta. On my��s olennaista, ett�� kriisinhallinnan palautej��rjestelmi�� kehitet����n mahdollisimman hyvin edist��m����n sek�� yksil��llist�� ett�� organisatorista oppimista kriisinhallinnassa. Kriisinhallintaoperaatio on oppimisymp��rist��. Kriisinhallintahenkil��st��n kommunikaatio- ja vuorovaikutustaitojen kehitt��minen on olennaista tavoiteltaessa kest��v���� rauhanprosessia, jossa konfliktialueen asukkaatkin ovat mukana.

A cyber security architecture for military networks using a cognitive network approach

Cyber security is one of the main topics that are discussed around the world today. The threat is real, and it is unlikely to diminish. People, business, governments, and even armed forces are networked in a way or another. Thus, the cyber threat is also facing military networking. On the other hand, the concept of Network Centric Warfare sets high requirements for military tactical data communications and security. A challenging networking environment and cyber threats force us to consider new approaches to build security on the military communication systems. The purpose of this thesis is to develop a cyber security architecture for military networks, and to evaluate the designed architecture. The architecture is described as a technical functionality. As a new approach, the thesis introduces Cognitive Networks (CN) which are a theoretical concept to build more intelligent, dynamic and even secure communication networks. The cognitive networks are capable of observe the networking environment, make decisions for optimal performance and adapt its system parameter according to the decisions. As a result, the thesis presents a five-layer cyber security architecture that consists of security elements controlled by a cognitive process. The proposed architecture includes the infrastructure, services and application layers that are managed and controlled by the cognitive and management layers. The architecture defines the tasks of the security elements at a functional level without introducing any new protocols or algorithms. For evaluating two separated method were used. The first method is based on the SABSA framework that uses a layered approach to analyze overall security of an organization. The second method was a scenario based method in which a risk severity level is calculated. The evaluation results show that the proposed architecture fulfills the security requirements at least at a high level. However, the evaluation of the proposed architecture proved to be very challenging. Thus, the evaluation results must be considered very critically. The thesis proves the cognitive networks are a promising approach, and they provide lots of benefits when designing a cyber security architecture for the tactical military networks. However, many implementation problems exist, and several details must be considered and studied during the future work.