Security testing in Android networks : a practical case study

Android is a new generation of an open operating system directed at mobile devices that are carried every day. The openness of this architecture is leading to new applications and opportunities including a host of multimedia services, new interfaces and browsers, multitasking including support for wireless local, personal and wide area networking services. Security with mobility and wireless connectivity thus becomes even more important with all these exciting developments. Vital security issues such as leakage of private information, file stealing and spambots abound in networks in practice and Android networks continue to be subject to these same families of vulnerabilities. This paper provides a demonstration of such vulnerabilities in spite of the best efforts of designers and implementers. In particular it describes examples of data leakage and file stealing (address books, contact lists, SMS messages, pictures) as well as demonstrating how Android devices can create spambots. © 2013 IEEE.

Scalable RFID security framework and protocol supporting Internet of Things

Radio-frequency identification (RFID) is seen as one of the requirements for the implementation of the Internet-of-Things (IoT). However, an RFID system has to be equipped with a holistic security framework for a secure and scalable operation. Although much work has been done to provide privacy and anonymity, little focus has been given to performance, scalability and customizability issues to support robust implementation of IoT. Also, existing protocols suffer from a number of deficiencies such as insecure or inefficient identification techniques, throughput delay and inadaptability. In this paper, we propose a novel identification technique based on a hybrid approach (group-based approach and collaborative approach) and security check handoff (SCH) for RFID systems with mobility. The proposed protocol provides customizability and adaptability as well as ensuring the secure and scalable deployment of an RFID system to support a robust distributed structure such as the IoT. The protocol has an extra fold of protection against malware using an incorporated malware detection technique. We evaluated the protocol using a randomness battery test and the results show that the protocol offers better security, scalability and customizability than the existing protocols. © 2014 Elsevier B.V. All rights reserved.

Security and privacy of users' personal Information on smartphones

 This research investigated the proliferation of malicious applications on smartphones and a framework that can efficiently detect and classify such applications based on behavioural patterns was proposed. Additionally the causes and impact of unauthorised disclosure of personal information by clean applications were examined and countermeasures to protect smartphone users’ privacy were proposed.

A Security Framework for Wireless Sensor Networks Utilizing a Unique Session Key

Key management is a core mechanism to ensure the security of applications and network services in wireless sensor networks. It includes two aspects: key distribution and key revocation. Many key management protocols have been specifically designed for wireless sensor networks. However, most of the key management protocols focus on the establishment of the required keys or the removal of the compromised keys. The design of these key management protocols does not consider the support of higher level security applications. When the applications are integrated later in sensor networks, new mechanisms must be designed. In this paper, we propose a security framework, uKeying, for wireless sensor networks. This framework can be easily extended to support many security applications. It includes three components: a security mechanism to provide secrecy for communications in sensor networks, an efficient session key distribution scheme, and a centralized key revocation scheme. The proposed framework does not depend on a specific key distribution scheme and can be used to support many security applications, such as secure group communications. Our analysis shows that the framework is secure, efficient, and extensible. The simulation and results also reveal for the first time that a centralized key revocation scheme can also attain a high efficiency.

Homeland security: IgA immunity at the frontiers of the body

IgA is the most abundant immunoglobulin produced in mammals, and is mostly secreted across mucous membranes. At these frontiers, which are constantly assaulted by pathogenic and commensal microbes, IgA provides part of a layered system of immune protection. In this review, we describe how IgA induction occurs through both T-dependent and T-independent mechanisms, and how IgA is generated against the prodigious load of commensal microbes after mucosal dendritic cells (DCs) have sampled a tiny fraction of the microbial consortia in the intestinal lumen. To function in this hostile environment, IgA must be induced behind the 'firewall' of the mesenteric lymph nodes to generate responses that integrate microbial stimuli, rather than the classical prime-boost effects characteristic of systemic immunity.

CONVERSION OF DOMAIN TYPE ENFORCEMENT LANGUAGE TO THE JAVA SECURITY MANAGER

With today's prevalence of Internet-connected systems storing sensitive data and the omnipresent threat of technically skilled malicious users, computer security remains a critically important field. Because of today's multitude of vulnerable systems and security threats, it is vital that computer science students be taught techniques for programming secure systems, especially since many of them will work on systems with sensitive data after graduation. Teaching computer science students proper design, implementation, and maintenance of secure systems is a challenging task that calls for the use of novel pedagogical tools. This report describes the implementation of a compiler that converts mandatory access control specification Domain-Type Enforcement Language to the Java Security Manager, primarily for pedagogical purposes. The implementation of the Java Security Manager was explored in depth, and various techniques to work around its inherent limitations were explored and partially implemented, although some of these workarounds do not appear in the current version of the compiler because they would have compromised cross-platform compatibility. The current version of the compiler and implementation details of the Java Security Manager are discussed in depth.

An integral security kernel

As the user base of the Internet has grown tremendously, the need for secure services has increased accordingly. Most secure protocols, in digital business and other fields, use a combination of symmetric and asymmetric cryptography, random generators and hash functions in order to achieve confidentiality, integrity, and authentication. Our proposal is an integral security kernel based on a powerful mathematical scheme from which all of these cryptographic facilities can be derived. The kernel requires very little resources and has the flexibility of being able to trade off speed, memory or security; therefore, it can be efficiently implemented in a wide spectrum of platforms and applications, either software, hardware or low cost devices. Additionally, the primitives are comparable in security and speed to well known standards.

Pool it, share it, use it: the European Council on defence. Security Policy Brief No. 44, March 2013

Three major geopolitical events are putting the stability of the Eastern Mediterranean at risk. Most of the region is in a deep monetary and economic crisis. The Arab Spring is causing turmoil in the Levant and the Maghreb. Gas and oil discoveries, if not well managed, could further destabilise the region. At the same time, Russia and Turkey are staging a comeback. In the face of these challenges, the EU approaches the Greek sovereign debt crisis nearly exclusively from a financial and economic viewpoint. This brief argues that the EU has to develop a comprehensive strategy for the region, complementing its existing multilateral regional framework with bilateral agreements in order to secure its interests in the Eastern Mediterranean.

Why come here if I can go there? Assessing the ‘Attractiveness’ of the EU’s Blue Card Directive for ‘Highly Qualified’ Immigrants. Paper on Liberty and Security in Europe No. 60, 14 October 2013

This paper analyses the attractiveness of the EU’s Blue Card Directive – the flagship of the EU’s labour immigration policy – for so-called ‘highly qualified’ immigrant workers from outside the EU. For this purpose, the paper deconstructs the understanding of ‘attractiveness’ in the Blue Card Directive as shaped by the various EU decision-making actors during the legislative process. It is argued that the Blue Card Directive sets forth minimum standards providing for a common floor – not a common ceiling: the Directive did not, as originally envisaged by the European Commission, create one European highly skilled admission scheme. This raises questions regarding its concrete use. A critical focus is placed on the personal scope of the Blue Card Directive and the level of rights offered, and a first comparative perspective on the implementation of the Directive in five member states is provided.

Hostages to Moscow, clients of Beijing. Security in Central Asia as the role of the West diminishes. OSW Study 10/2014

The goal of this publication is to attempt to assess the thirteen years (2001- -2014) of the West’s military presence in the countries of post-Soviet Central Asia, closely associated with the ISAF and OEF-A (Operation Enduring Freedom – Afghanistan) missions in Afghanistan. There will also be an analysis of the actual challenges for the region’s stability after 2014. The current and future security architecture in Central Asia will also be looked at closely, as will the actual capabilities to counteract the most serious threats within its framework. The need to separately handle the security system in Central Asia and security as such is dictated by the particularities of political situation in the region, the key mechanism of which is geopolitics understood as global superpower rivalry for influence with a secondary or even instrumental role of the five regional states, while ignoring their internal problems. Such an approach is especially present in Russia’s perception of Central Asia, as it views security issues in geopolitical categories. Because of this, security analysis in the Central Asian region requires a broader geopolitical context, which was taken into account in this publication. The first part investigates the impact of the Western (primarily US) military and political presence on the region’s geopolitical architecture between 2001 and 2014. The second chapter is an attempt to take an objective look at the real challenges to regional security after the withdrawal of the coalition forces from Afghanistan, while the third chapter is dedicated to analysing the probable course of events in the security dimension following 2014. The accuracy of predictions time-wise included in the below publication does not exceed three to five years due to the dynamic developments in Central Asia and its immediate vicinity (the former Soviet Union, Afghanistan, Pakistan, Iran), and because of the large degree of unpredictability of policies of one of the key regional actors – Russia (both in the terms of its activity on the international arena, and its internal developments).

An EU mechanism on Democracy, the Rule of Law and Fundamental Rights. CEPS Paper in Liberty and Security in Europe No. 91/April 2016 Thursday, 21 April 2016

The European Union is founded on a set of common principles of democracy, the rule of law, and fundamental rights, as enshrined in Article 2 of the Treaty on the European Union. Whereas future Member States are vetted for their compliance with these values before they accede to the Union, no similar method exists to supervise adherence to these foundational principles after accession. EU history proved that this ‘Copenhagen dilemma’ was far from theoretical. EU Member State governments’ adherence to foundational EU values cannot be taken for granted. Violations may happen in individual cases, or in a systemic way, which may go as far as overthrowing the rule of law. Against this background the European Parliament initiated a Legislative Own-Initiative Report on the establishment of an EU mechanism on democracy, the rule of law and fundamental rights and proposed among others a Scoreboard on the basis of common and objective indicators by which foundational values can be measured. This Research Paper assesses the need and possibilities for the establishment of an EU Scoreboard, as well as its related social, economic, legal and political ‘costs and benefits’.

Airport Security: Passenger's Perception and Design Issues

The main goal of this thesis is to report patterns of perceived safety in the context of airport infrastructure, taking the airport of Bologna as reference. Many personal and environmental attributes are investigated to paint the profile of the sensitive passenger and to understand why precise factors of the transit environment are so impactful on the individual. The main analyses are based on a 2014-2015 passengers’ survey, involving almost six thousand of incoming and outgoing passengers. Other reports are used to implement and support the resource. The analysis is carried out by using a combination of Chi-square tests and binary logistic regressions. Findings shows that passengers result to be particularly affected by the perception of airport’s environment (e.g., state and maintenance of facilities, clarity and efficacy of information system, functionality of elevators and escalators), but also by the way how the passenger reaches the airport and the quality of security checks. In relation to such results, several suggestions are provided for the improvement of passenger satisfaction with safety. The attention is then focused on security checkpoints and related operations, described on a theoretical and technical ground. We present an example of how to realize a proper model of the security checks area of Bologna’s airport, with the aim to assess present performances of the system and consequences of potential variations. After a brief introduction to Arena, a widespread simulation software, the existing model is described, pointing out flaws and limitations. Such model is finally updated and changed in order to make it more reliable and more representative of the reality. Different scenarios are tested and results are compared using graphs and tables.

Transit System Security Program planning guide. Final report.

Federal Transit Administration, Washington, D.C.

ATM safety and security : report to the 91st General Assembly, Senate Resolution Number 134 /

A report and recommendations by the Illinois Office of Banks and Real Estate in response to Illinois Senate Resolution No. 134, adopted May 26, 1999, which requested the Office to study safety and security issues regarding the use of automated teller machines by consumers--particularly, the merits of the reverse PIN warning system.