Earticle

Under the convergence of fixed and mobile network systems, modern networked devices are often equipped with multiple connectivity modules so that users can access various information services, by means of portable information devices, anytime and anywhere over ubiquitous Internet access connectivity. In this paper, we present a novel secure mobile content delivery mechanism where networked devices in a vicinity can discover each other, transfer media contents in a convenient, networked method instead of ordinary transfer method that involves unfriendly manual operations of connection setup and file transfer. Its design integrates several significant components, including device discovery, mobile content delivery and double-key secure access control, which are able to alleviate several inherent limitations in wireless and mobile networks. It thus enables mobile handheld devices to escape from mobility confinement and to transfer media contents in an efficient, energy-saving and secure manner.

Network Coordinate (NC) System is an effective mechanism to predict network delay with limited measure overhead. As one of the representative NC systems, Practical Internet Coordinates (PIC) has proposed a security policy based on triangle inequality to defend malicious nodes in the system. However, there is a natural phenomena that nodes may violate triangle inequality in Internet. Thus, the performance of PIC security policy is worthy to be well researched under different attacks. In this paper, we analyze the security policy in PIC in three real network delay data sets and compare PIC with security to without security under four typical attacks. The experimental results in this paper demonstrate that PIC is vulnerable to attacks while more TIVs will cause higher relative error of PIC. Moreover, under attacks by more than 40% malicious nodes, the performance of PIC with security policy could barely be better than PIC without security. Even Colluding Isolate attack will result in worse performance in PIC having security policy.

Distributed Denial-of-Service (DDoS) attacks pose a serious threat to Internet security. Traditional detection methods rely on passively detecting an attacking signature and are inaccurate in the early stages of an attack. In this paper, we propose a novel defense mechanism that makes use of the edge routers that connect end hosts to the Internet to store and detect whether the outgoing SYN, ACK or incoming SYN/ACK segment is valid. This is accomplished by maintaining a mapping table of the outgoing SYN segments and incoming SYN/ACK segments and establishing the destination and source IP address database. From the result of simulation, the approach presented in this paper yields accurate DDoS alarms at early stage.

Many efforts have been done in the field of privacy preservation to devise algorithms for data k-anonymization and l-diversification trying to protect privacy, by modification of data, for example. Fewer efforts have been made for devising techniques, tools and methodologies for investigation and evaluation of privacy risks. We are concerned about privacy diagnosis before starting protection. Actually we show privacy leakages threaten data publication. We introduce a Privacy Diagnosis Centre for this purpose. In this paper toward this diagnosis centre we focus on anonymity and, in particular, k-anonymity. Then we aim at k-anonymity diagnosis system. Such a system explores various questions about k-anonymity of data. “For which k is my data k-anonymous?”, “is my data sufficiently k-anonymous?”, “which subset and projection of data can be safely published to guarantee given k?”, “which information, if available from an outside source, threatens the k-anonymity of my data?” are examples of questions can be answered. We leverage two properties of k-anonymity that we express in the form of two lemmas. The first lemma is a monotonicity property that enables us to adapt the a-priori algorithm for k-anonymity. The second lemma, however, is a determinism property that enables us to devise an efficient algorithm for δ-suppression. We illustrate and empirically analyze the performance of the proposed algorithms.

Radio frequency identification (RFID) is an emerging technology that is increasingly being used in business and industry, particularly in logistics, supply chain management and advanced applications. Their information storage capacity as well as their ability to transfer information through contact less means without line-of-sight creates significant advantage over other technologies. However, since those tags are bounded with constraints, with no foolproof method to manage the changing hands of the same-tagged item, and uncertainty in assuring of privacy and security in passive tags, none of the existing architecture or vender specific implementations could not solve this comprehensively by addressing the security risks and privacy threats arise in the domain of product lifecycle. Thus, there is a need to recognize a standard solution at least for a specific domain. Therefore we proposed the POP Architecture that comprehensively solves the problems arising in the domain of product lifecycle. In this paper, existing major solutions have been compared and distinguished against the POP architecture on protection against security attacks, privacy threats, and also with desired functionality of proposed solutions. Evaluation criteria have been provided, and then surveys of major proposed solutions, including ours are noted. Next, results of the evaluation are presented by addressing the security and privacy together with the functional aspects. Finally, the paper is concluded by realizing the best available solution for the product lifecycle with passive tags and discovering the position of POP architecture among them.

Role based trust management uses distributed role hierarchies (DRH) to provide flexible and scalable authorization in multi-domain environments, but DRH are inherently transitive and may easily lead to unexpected or even illegal authorization. In this paper, we propose TS-DRH, a generalized extension of DRH based on a novel trust scope model of distributed roles. TS-DRH introduces the notion of scoped roles with four kinds of structural trust scopes, and uses scoped roles to control the member scopes of senior roles and the permission scopes of junior roles, and thus helps to control the propagation of role memberships and permissions in DRH. This paper also designs rule based semantics and a compliance checking algorithm to compute authorization decisions for TS-DRH.

A multi-service smart card system enables users to access di®erent services over an open network with a single smart card. Due to its highly economic and social benets, the multi-service smart card system has drawn much attention in industrial and academic areas. However, the big hindrance to its wide employment is the risk of breaching users' privacy and their service con¯dentiality across di®erent service systems. This paper proposes a secure multi-service system model to overcome such problems. The model allows users to access di®erent services with a single password. The privacy and service con¯dentiality are achieved through a set of protections|password protection, user identity protection, and service transaction protection|to guarantee the user's anonymity to all service systems and ensure high unlinkability between di®erent services.

Transformation of a source schema with its conforming data to a target schema is an important activity in data integration with any data model. In last decade, with the advent of XML as an widely used and adopted data representation and storage format over the web, the task of data transformation for the purpose of data integration solely in XML is getting much attention to the database researchers and application developers. In XML data transformation, when an XML source schema with its conforming data is transformed to the target XML schema, one of the important XML constraints, XML keys that are defined on the source schema for expressive semantics can also be transformed. Thus, whether keys should be transformed and preserved, and if not preserved, whether keys can be captured in another form of XML constraints are important research questions. To answer these questions, first, we define XML keys and XML Functional Dependencies(XFD) on Document Type Definition(DTD). Second, we show key preservation in transformation. If keys are not preserved, we then show how to capture them as XFDs. We term this as key transition. Our research on XML key preservation and transition is towards handling the issues of integrity constraints in XML data integration.

Cooperation among nodes is important in ad hoc networks since in such networks nodes depend on each other for forwarding packets. However, cooperation in such operations consumes nodes energy and recourses. Therefore, it is necessary to design incentive mechanisms to enforce nodes to forward packets when the source and destination of the packet are other nodes in the network. We study routing in ad hoc and wireless networks from a game theoretic view point. Based on this view, the network consists of selfish and greedy nodes who accept payments for forwarding data for other nodes if the payments cover their individual costs incurred by forwarding data. Also, route falsification attacks are easy to launch by malicious nodes in ad hoc networks. These nodes falsify data and routes in the network. Thus, mitigating this attack is vital for the performance of the whole network. Previous routing protocols in ad hoc networks inspired by game theory just consider that network consists of selfish nodes. In this work, we consider that the network consists of malicious nodes too. Here we present a truthful and secure mechanism for routing in ad hoc networks that cope malicious and selfish nodes.

In this paper we propose a new biometric-based Iris feature extraction system. The system automatically acquires the biometric data in numerical format (Iris Images) by using a set of properly located sensors. We are considering camera as a high quality sensor. Iris Images are typically color images that are processed to gray scale images. Then the Feature extraction algorithm is used to detect “IRIS Effective Region (IER)” and then extract features from “IRIS Effective Region (IER)” that are numerical characterization of the underlying biometrics. Later on this work will be helping to identify an individual by comparing the feature obtained from the feature extraction algorithm with the previously stored feature by producing a similarity score. This score will be indicating the degree of similarity between a pair of biometrics data under consideration. Depending on degree of similarity, individual can be identified. Authentication is also a major concern area of this thesis. By considering Biological characteristics of IRIS Pattern we use Statistical Correlation Coefficient for this ‘IRIS Pattern’ recognition where Statistical Estimation Theory can play a big role.