Device-based Secure Data Management Scheme in a Smart Home

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Device-based Secure Data Management Scheme in a Smart Home"

Transcription

1 Int'l Conf. Security and Management SAM' Device-based Secure Data Management Scheme in a Smart Home Ho-Seok Ryu 1, and Jin Kwak 2 1 ISAA Lab., Department of Computer Engineering, Ajou University, Suwon, Korea 2 Department of Information and Computer Engineering, Ajou University, Suwon, Korea Abstract - Due to the developments in IT, smart home services using network-based smart devices are becoming more diverse. A smart home provides users with numerous services, regardless of time and place, through interactions among users, objects, and services. However, there are security concerns such as data leakage, data forgery, and unidentified access. In case of smart home data is exposure at threats, smart home exist very danger into characteristic of smart home. This paper will examine smart home communication and analyze the security problems and security requirements. Based on this information, we will propose a device-based secure data management scheme for a smart home. Keywords: Smart home, Smart devices, Data management, Mobile. 1. Introduction The use of smart devices is increasing as information communication technology continues to develop. There is an increase in the types of available smart devices, smart home devises, and smart health devices. Accordingly, the ubiquitous society has become a part of our lives and is still developing. A smart home is an intelligent environment where users and home appliances send/receive information and data in real-time. The smart home can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Users can control devices in the home in real time through wired or wireless network technology[1]. Through smart home communication, users can access the smart home s meter reading system, boiler control, lighting control, appliance control, and various services in external[2,3]. However, smart home communication is not immune to security threats because it is equipped with network functionality. Security threats such as data forgery, illegal access, and privacy invasion are a real possibility if the smart home is accessed by a malignant device. In addition, new security threats are arising with technology convergence. In addition, smart home exist second danger into characteristic of smart home. In this paper, we propose a data management scheme that is secure and efficient for a smart home environment, overall reducing security concerns. This scheme can upload and download data to authenticated devices. We will analyze smart home security and propose a device-based, secure, data management scheme suitable for a smart home environment. This paper is organized as follows. Section 2 describes a smart home. Section 3 analyzes the security requirements of a smart home communication network, and the security issues such a network faces. Section 4 proposes a devicebased, secure, data management scheme suitable for a smart home. Section 5 presents a security analysis of our proposed scheme, and Section 6 concludes our findings. 2. The smart home With the development in information communication technology, mounted wireless devices have become an integral part of many appliances and electronic devices, creating a class of devices called smart devices.. With the appearance of these smart devices, came the concept of the "smart home. Technology and services for smart homes are developing rapidly and are diverse. A smart home makes tasks in the user life more convenient and easy to perform. In addition, smart devices are becoming increasingly automated. The communication system of a smart home is composed of a wired or wireless network connected to smart home devices. It provides various services allowing the user to supervise the smart home, regardless of the time and the location of the user. Therefore, a smart home is the collection of a set of automated, smart devices, connected and communicating on a common network[4]. Smart home technology can be divided into home platform technology, wired or wireless network technology, smart device technology, and green home technology. Because home platform technology links home technology to external networks, it includes home-server, gateway, and home middle ware technology. Green home technology provides comfortable and economic life, including green management technology, green home-network technology, and smart grid interlock technology. In addition, smart device technology can be described as making use of existing appliances and sensors. The most important technology among smart home technology is the networking technology[5]. The networking technology of a smart home provides the connection between smart devices. Among various networking technologies, wireless network technology is drawing more attention as it continues to evolve at a rapid

2 232 Int'l Conf. Security and Management SAM'15 pace and requires relatively low power. Some examples of such technologies are Wi-Fi, WPAN, 3G/4G/LTE, Bluetooth, Microwave, and Ethernet. Smart home devices provide remote control services by connecting the existing home appliances to a CPU and a wired, or wireless, network technology. Users can then be provided with smart home services by using a mobile device away from home. 3. Analysis of security problems and security requirements In this section, we will analyze the problems that arise from data management in a smart home environment. Based on these issues, we will analyze the security requirements for such an environment[6]. 3.1 Analysis of Security Problems Data leakage A user can download sharing so they can access their smart home externally through a wireless network. This makes it possible for an attacker to gain access to the home through an unauthenticated smart device. If the attacker leaks important information gained through access to the home, this is a breach of privacy and can lead to issues regarding confidentiality Data falsification A smart home transfers data to a user through a wireless network. Accordingly, an attacker can gain access to the home through the network, and falsify data before it reaches the user. In addition, the attacker can intercept user commands to the smart home and can control the smart home system instead. Therefore, the integrity of important data stored in the smart home cannot be ensured Unauthorized access When transmitted data is received via a wireless network in a smart home environment, an attacker is able to insert malignant code into smart devices, giving the attacker access to the home through an unauthenticated device. Smart devices that contain malignant code become zombies and can be used to send malignant mail and execute distributed denial of service (DDOS) attacks. In addition, cameras can be installed or activated in smart devices through malignant code, invading the smart home owner s privacy. These types of cyberattack are mounting continually, and pose serious security threats to users of smart homes. 3.2 Analysis of Security Requirements Data confidentiality Smart home data contains sensitive information such as private information, control messages, and confidential data, which is controlled through the network. Through unauthorized access, an attacker can obtain this information, leak private information and sensitive messages, and remotely control smart devices. To prevent these sorts of attacks, the device through which the user accesses the smart home should be authenticated and malicious the attacker hasn t to access to smart home Data integrity The data of smart devices can be falsified via malicious devices that gained access through the wireless network. Thus, transferred data and messages should not be prone to falsification from illegal smart devices in a smart home environment. Fig. 1. Proposed scheme

3 Int'l Conf. Security and Management SAM' Device authentication Many smart devices can be accessed by devices without regard for security, allowing unauthenticated smart devices to be accessed through the smart home s wireless network. Disposable and cloned smart home devices can access the smart home, allowing malignant code to be inserted into the smart device. This compromises the smart home communication and creates zombie smart devices. Also, a smart home system can become dangerous if the attacker can disguise the attack as though it is from a smart device within the home. Thus, the authentication of smart devices is essential to the smart home environment. 4. Proposed scheme In this section, a server safely stores and manages the data of the smart home. We proposed a data management scheme, in which this secure smart home server manages the data of all smart devices registered in the home. The server stores data that is divided by importance into public data and confidential data. This allows for secure and convenient data management. Confidential data can only be accessed through use of a password. Additionally, a security check tool scans the integrity of the data before it is saved to the server. Also, data be saved and download through an authenticated device, enhancing the safety and reliability of the data. However, even if the authentication device it that have not access authority can t download data. The proposed scheme is composed of three phases: the registration phase in which some rules need to be met by a smart device in order to register with the server; the data storage phase, in which a smart device saves data to the server; and the download phase, in which a user s smart device downloads data from the server. 4.1 Notations Table 1 shows the notations used to explain the process of the proposed scheme. Notation DeviceInfo DeviceInfo N TABLE I. NOTATIONS Description Smart home device s information Smart home device s information authentication requested Public key of a smart device Public key of a smart server Random number Time stamp from smart home server Time stamp from a smart home device Valid time interval for transmission delay Value access to confidential data Value access to public data 4.2 Registration Phase In the registration phase, new smart devices are registered to the smart home server and are divided into separate groups in order to separate public data and confidential data. The procedure is as follows. Fig. 2. Registration phase 1) A smart device requests to communicate with the smart home server. 2) The smart home server encrypts its time stamp and a random number into public key for the smart device in order to prevent reply attacks, and transfers this key to the device. 3) The smart device encrypts its information, its time stamp, and random number into the public key for the smart home server, and transfers this key to the server. 4) The smart home server validates the time interval for the transmission delay by comparing the differential between the time stamp of the smart home server and the time stamp of the smart device. 5) A user logs into the smart home server using their ID and password, and inputs the serial number and information of the device. 6) The smart home server authenticates that the smart device information received and user-input, smart device information are the same. 7) The authenticated smart device is classified into a device group and is granted access to the data, where it creates a value access to the data. This value consists of two things: a value access to public data, and a value access to confidential data. The smart home server creates values appropriate to the smart devices. 8) The smart home server encrypts the value access into the public key of the smart device and transfers it to the smart device. 9) The smart device saves the value access to the data, and communicates with the server that it is ready to exit.

4 234 Int'l Conf. Security and Management SAM' Data Storage Phase This section describes the procedure for data generating or data acquired smart device connecting to the smart home server, verification data. In addition, we will discuss the rules used to store the data security level. When storing confidential data, the smart home server stores the hash of the value access to confidential data and the data itself. 6) The data is stored in the database, disconnects from the server. 4.4 Data Download Phase This section describes the download procedure using a user s smart device to request necessary data. The user connects to the smart home server through a smart device and can download data if they have appropriate authorization. Fig. 3. Data storage phase 1) The smart device requests a connection to the smart home server in order to generate/acquire synchronized data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device and communication will be released. 3) Authenticated smart devices can access the smart home server. Smart device are sorted into either common devices, which are used together, or personal devices, which are personally used. 4) Data safety is verified by a security check tool in the assorted smart device. If a virus is found, the data storage is cancelled and communication is released. 5) Data verified by the security check tool as fit for storage, is divided into either public data or confidential data for secure and convenient data management. When storing public data, the smart home server stores the hash of the value access to public data and the data itself. Fig. 4. Data download phase 1) The smart device requests to connect to the smart home server in order to download the necessary data. 2) The smart home server authenticates the device by comparing the smart device information registered during the registration phase to the information of the requesting smart device. If this smart device is not an authenticated device, the server will cancel communication with the unauthorized device, and communication will be released. 3) Authenticated smart devices can access the smart home server. The user is now able to request to download the necessary data through the smart device. 4) The smart home server confirms that the requesting smart device has download permission. If the device does not have permission, then the server rejects the data download and returns to step 3).

5 Int'l Conf. Security and Management SAM' ) If the smart device has download permission, then user authentication is required through a request for the user to enter their password. Hashed data will be downloaded by decrypting the value access to the data. If the user authentication fails, the data download is rejected and returns to step 3). 6) If the user authentication succeeds, then the smart home server has permission to download the data. The data is downloaded by accessing the device record in the database, and then disconnects from the server. 5. Security analysis of the proposed scheme In this section, we analyze the security of our proposed device-based, secure, data management scheme in smart home environment. 5.1 Confidentiality A smart device must ensure confidentiality because it has important data such as private information, control messages, and sense information. This paper s proposed scheme is to authentication smart device before allowing access to the smart home server. Unauthenticated smart devices are not allowed to store and download data because they do not have access to the smart home server. Even if a user loses a device, or device information is leaked, an attacker cannot access the data on the smart home server because they must have password. In addition, if the smart device was authenticated, the user cannot access the data on the smart home server if they do not know password because the data is divided into encrypted public data and encrypted confidential data. 5.2 Integrity Data is prone to risks such as data and message falsification by the access of malicious smart devices through the wireless network in a smart home communication environment. This paper proposes a scheme in which data is stored in a hash with a value access when the data is stored to the smart home server. When smart devices download the data, value access that has authority with data will be encrypt. Therefore, this proposed scheme prevents data falsification. 5.3 Device Authentication Smart devices can insert malignant code through unauthenticated device access. In this situation, the smart device will become a zombie device. It is able to send malignant mail and execute distributed denial of service (DDOS) attack. Our proposed scheme prevents the change of smart device information because the smart home server saves the information of each smart device during the initial registration phase, saving hash values of this information. By using the hash values for communication, the information of the smart devices cannot be changed. In addition, because the smart home server supervises all of the smart devices of the home, access of unauthorized devices can be prevented and authentication of smart devices can be provided. 6. Conclusions Smart home technology continues to develop and provides various services through open network communication among smart devices. However, there are still security concerns such as data forgery, unidentified access, and invasion of privacy, and new security threats continue to arise. In order to address this, we need a safe data-management method to prevent these security threats. In this paper, we analyzed the security concerns and security requirements and suggested a safe data management method based on the devices in the smart home environment. This suggested method can block unauthorized access through device verification. Research regarding smart homes is currently booming, both nationally and worldwide. Safe data management is very important because the smart home contains sensitive data. Finally, we expect that the suggestions made in this paper will be helpful to future studies and developments regarding a safe smart home environment. 7. Acknowledgment This work was supported by the ICT R&D program of MSIP/IITP, Republic of Korea. [ , Development of Mobile S/W Security Testing Tools for Detecting New Vulnerabilities of Android] 8. References [1] Gao Chong, Ling Zhihao, Yuan Yifeng, The research and implement of smart home system based on Internet of Things, pp , Sept [2] Hwa-jeong Suh, Dong-gun Lee, Jong-seok Choe, Ho-won Kim, IoT security technology trends The Korea Institute of Electromagnetic Engineering and Science, Vol. 24, No. 4, pp , July [3] Tae-woong Lee, Cheol-su Son, Won-jung Kim, The Implement of Intelligent Home Network System on Smart Phone, The Korea Institute of Electronic Communication Sciences, Vol. 6, No. 4, pp , Aug [4] Ji-Yean Son, Ji-Hyun Lee, Jeu-Young Kim, Jun-Hee Park, Young-Hee Lee, RAFD: Resource-aware fault diagnosis system for home environment with smart devices, Consumer Electronics, IEEE Transactions on, Vol. 58, No. 4, pp , Jan [5] Seong-gu Sim, Ho-jin Park, Jun-hee Park, Smart home standardization construction and strategy, The Korea Institute of Information Scientists & Engineers, Vol. 30, No. 8, pp , Aug [6] A. Wright, Cyber security for the power grid: cyber security issues & Securing control systems, ACMCCS, Nov. 2009

Security Threats on National Defense ICT based on IoT

Security Threats on National Defense ICT based on IoT , pp.94-98 http://dx.doi.org/10.14257/astl.205.97.16 Security Threats on National Defense ICT based on IoT Jin-Seok Yang 1, Ho-Jae Lee 1, Min-Woo Park 1 and Jung-ho Eom 2 1 Department of Computer Engineering,

More information

Studying Security Weaknesses of Android System

Studying Security Weaknesses of Android System , pp. 7-12 http://dx.doi.org/10.14257/ijsia.2015.9.3.02 Studying Security Weaknesses of Android System Jae-Kyung Park* and Sang-Yong Choi** *Chief researcher at Cyber Security Research Center, Korea Advanced

More information

A Digital Door Lock System for the Internet of Things with Improved Security and Usability

A Digital Door Lock System for the Internet of Things with Improved Security and Usability , pp.33-38 http://dx.doi.org/10.14257/astl.2015.109.08 A Digital Door Lock System for the Internet of Things with Improved Security and Usability Ohsung Doh 1, Ilkyu Ha 1 1 Kyungil University, Gyeongsan,

More information

Secure cloud access system using JAR ABSTRACT:

Secure cloud access system using JAR ABSTRACT: Secure cloud access system using JAR ABSTRACT: Cloud computing enables highly scalable services to be easily consumed over the Internet on an as-needed basis. A major feature of the cloud services is that

More information

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME

CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME CRYPTANALYSIS OF A MORE EFFICIENT AND SECURE DYNAMIC ID-BASED REMOTE USER AUTHENTICATION SCHEME Mohammed Aijaz Ahmed 1, D. Rajya Lakshmi 2 and Sayed Abdul Sattar 3 1 Department of Computer Science and

More information

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望 Agenda Information Security Trends Year 2014 in Review Outlook for 2015 Advice to the Public Hong Kong Computer Emergency Response Team Coordination

More information

Technical Standards for Information Security Measures for the Central Government Computer Systems

Technical Standards for Information Security Measures for the Central Government Computer Systems Technical Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 2.1 General...

More information

Security Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT

Security Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT , pp.347-356 http://dx.doi.org/10.14257/ijsia.2015.9.7.32 Security Threats Recognition and Countermeasures on Smart Battlefield Environment based on IoT Jung ho Eom Military Studies, Daejeon University,

More information

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014

86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 86 Int. J. Engineering Systems Modelling and Simulation, Vol. 6, Nos. 1/2, 2014 Dual server-based secure data-storage system for cloud storage Woong Go ISAA Lab, Department of Information Security Engineering,

More information

In the pursuit of becoming smart

In the pursuit of becoming smart WHITE PAPER In the pursuit of becoming smart The business insight into Comarch IoT Platform Introduction Businesses around the world are seeking the direction for the future, trying to find the right solution

More information

An Innovative Two Factor Authentication Method: The QRLogin System

An Innovative Two Factor Authentication Method: The QRLogin System An Innovative Two Factor Authentication Method: The QRLogin System Soonduck Yoo*, Seung-jung Shin and Dae-hyun Ryu Dept. of IT, University of Hansei, 604-5 Dangjung-dong Gunpo city, Gyeonggi do, Korea,

More information

Research on Situation and Key Issues of Smart Mobile Terminal Security

Research on Situation and Key Issues of Smart Mobile Terminal Security Research on Situation and Key Issues of Smart Mobile Terminal Security Hao-hao Song, Jun-bing Zhang, Lei Lu and Jian Gu Abstract As information technology continues to develop, smart mobile terminal has

More information

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Appendix A. 1 Copyright 2012, Oracle and/or its affiliates. All rights reserved. Appendix A Cyber Security 1 Copyright 2012, Oracle and/or its affiliates. All rights Overview This lesson covers the following topics: Define cyber security. List the risks of cyber security. Identify

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Whitepaper on AuthShield Two Factor Authentication with ERP Applications

Whitepaper on AuthShield Two Factor Authentication with ERP Applications Whitepaper on AuthShield Two Factor Authentication with ERP Applications By INNEFU Labs Pvt. Ltd Table of Contents 1. Overview... 3 2. Threats to account passwords... 4 2.1 Social Engineering or Password

More information

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University Computer Networks Network Security and Ethics Week 14 College of Information Science and Engineering Ritsumeikan University Security Intro for Admins l Network administrators can break security into two

More information

Security Assessment through Google Tools -Focusing on the Korea University Website

Security Assessment through Google Tools -Focusing on the Korea University Website , pp.9-13 http://dx.doi.org/10.14257/astl.2015.93.03 Security Assessment through Google Tools -Focusing on the Korea University Website Mi Young Bae 1,1, Hankyu Lim 1, 1 Department of Multimedia Engineering,

More information

Wireless Network Security

Wireless Network Security Wireless Network Security Bhavik Doshi Privacy and Security Winter 2008-09 Instructor: Prof. Warren R. Carithers Due on: February 5, 2009 Table of Contents Sr. No. Topic Page No. 1. Introduction 3 2. An

More information

Energy Monitoring and Management Technology based on IEEE 802.15. 4g Smart Utility Networks and Mobile Devices

Energy Monitoring and Management Technology based on IEEE 802.15. 4g Smart Utility Networks and Mobile Devices Monitoring and Management Technology based on IEEE 802.15. 4g Smart Utility Networks and Mobile Devices Hyunjeong Lee, Wan-Ki Park, Il-Woo Lee IT Research Section IT Convergence Technology Research Laboratory,

More information

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard

The Impact of Wireless LAN Technology on Compliance to the PCI Data Security Standard The Impact of Wireless LAN Technology on to the PCI Data Security Standard 339 N. Bernardo Avenue, Suite 200 Mountain View, CA 94043 www.airtightnetworks.net Wireless LANs and PCI Retailers today use computers

More information

The Benefits of SSL Content Inspection ABSTRACT

The Benefits of SSL Content Inspection ABSTRACT The Benefits of SSL Content Inspection ABSTRACT SSL encryption is the de-facto encryption technology for delivering secure Web browsing and the benefits it provides is driving the levels of SSL traffic

More information

Responsible Access and Use of Information Technology Resources and Services Policy

Responsible Access and Use of Information Technology Resources and Services Policy Responsible Access and Use of Information Technology Resources and Services Policy Functional Area: Information Technology Services (IT Services) Applies To: All users and service providers of Armstrong

More information

Unified Security Management

Unified Security Management Unified Security Reduce the Cost of Compliance Introduction In an effort to achieve a consistent and reliable security program, many organizations have adopted the standard as a key compliance strategy

More information

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER

SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER SECURITY ANALYSIS OF PASSWORD BASED MUTUAL AUTHENTICATION METHOD FOR REMOTE USER Mrs. P.Venkateswari Assistant Professor / CSE Erode Sengunthar Engineering College, Thudupathi ABSTRACT Nowadays Communication

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to Health Information Risks vary based on the mobile device and its use. Some risks include:

More information

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information. Mobile Devices: Risks to to Health Mobile Information Devices: Risks to Health Information Risks vary based on the

More information

Fujitsu s Approach to Cloud-related Information Security

Fujitsu s Approach to Cloud-related Information Security Fujitsu s Approach to Cloud-related Information Security Masayuki Okuhara Takuya Suzuki Tetsuo Shiozaki Makoto Hattori Cloud computing opens up a variety of possibilities but at the same time it raises

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

Privacy Threats in RFID Group Proof Schemes

Privacy Threats in RFID Group Proof Schemes Privacy Threats in RFID Group Proof Schemes HyoungMin Ham, JooSeok Song Abstract RFID tag is a small and inexpensive microchip which is capable of transmitting unique identifier through wireless network

More information

RFID based Bill Generation and Payment through Mobile

RFID based Bill Generation and Payment through Mobile RFID based Bill Generation and Payment through Mobile 1 Swati R.Zope, 2 Prof. Maruti Limkar 1 EXTC Department, Mumbai University Terna college of Engineering,India Abstract Emerging electronic commerce

More information

E-BUSINESS THREATS AND SOLUTIONS

E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-BUSINESS THREATS AND SOLUTIONS E-business has forever revolutionized the way business is done. Retail has now a long way from the days of physical transactions that were

More information

A Practical Analysis of Smartphone Security*

A Practical Analysis of Smartphone Security* A Practical Analysis of Smartphone Security* Woongryul Jeon 1, Jeeyeon Kim 1, Youngsook Lee 2, and Dongho Won 1,** 1 School of Information and Communication Engineering, Sungkyunkwan University, Korea

More information

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities

IT Infrastructure Services. White Paper. Cyber Risk Mitigation for Smart Cities IT Infrastructure Services White Paper Cyber Risk Mitigation for Smart Cities About the Author Abhik Chaudhuri Abhik Chaudhuri is a Domain Consultant with the Information Technology Infrastructure Services

More information

Information Security. Be Aware, Secure, and Vigilant. https://www.gosafeonline.sg/ Be vigilant about information security and enjoy using the internet

Information Security. Be Aware, Secure, and Vigilant. https://www.gosafeonline.sg/ Be vigilant about information security and enjoy using the internet Be Aware, Secure, and Vigilant Information Security Use the Internet with Confidence Be vigilant about information security and enjoy using the internet https://www.gosafeonline.sg/ The Smartphone Security

More information

Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations

Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations Development of Integrated Management System based on Mobile and Cloud service for preventing various dangerous situations Ryu HyunKi, Moon ChangSoo, Yeo ChangSub, and Lee HaengSuk Abstract In this paper,

More information

How to Secure Your Environment

How to Secure Your Environment End Point Security How to Secure Your Environment Learning Objectives Define Endpoint Security Describe most common endpoints of data leakage Identify most common security gaps Preview solutions to bridge

More information

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack

Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack Vulnerability Analysis on Mobile VoIP Supplementary Services and MITM Attack You Joung Ham Graduate School of Computer Engineering, Hanshin University, 411, Yangsan-dong, Osan, Gyeonggi, Rep. of Korea

More information

ISO 27001 Controls and Objectives

ISO 27001 Controls and Objectives ISO 27001 s and Objectives A.5 Security policy A.5.1 Information security policy Objective: To provide management direction and support for information security in accordance with business requirements

More information

A Study on User Access Control Method using Multi-Factor Authentication for EDMS

A Study on User Access Control Method using Multi-Factor Authentication for EDMS , pp.327-334 http://dx.doi.org/10.14257/ijsia.2013.7.6.33 A Study on User Access Control Method using Multi-Factor Authentication for EDMS Keunwang Lee 1* 1 Dept.of Multimedia Science, Chungwoon University

More information

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER

Achieving Universal Secure Identity Verification with Convenience and Personal Privacy A PRIVARIS BUSINESS WHITE PAPER with Convenience and Personal Privacy version 0.2 Aug.18, 2007 WHITE PAPER CONTENT Introduction... 3 Identity verification and multi-factor authentication..... 4 Market adoption... 4 Making biometrics

More information

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key

A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key International Journal of Network Security, Vol.18, No.6, PP.1060-1070, Nov. 2016 1060 A Stubborn Security Model Based on Three-factor Authentication and Modified Public Key Trung Thanh Ngo and Tae-Young

More information

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story Healthcare organizations planning to protect themselves from breach notification should implement data encryption in their

More information

Dynamic Query Updation for User Authentication in cloud Environment

Dynamic Query Updation for User Authentication in cloud Environment Dynamic Query Updation for User Authentication in cloud Environment Gaurav Shrivastava 1, Dr. S. Prabakaran 2 1 Research Scholar, Department of Computer Science, SRM University, Kattankulathur, Tamilnadu,

More information

Course Title: Penetration Testing: Network Threat Testing, 1st Edition

Course Title: Penetration Testing: Network Threat Testing, 1st Edition Course Title: Penetration Testing: Network Threat Testing, 1st Edition Page 1 of 6 Course Description: The Security Analyst Series from EC-Council Press is comprised of five books covering a broad base

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

The Internet of Things (IoT) Opportunities and Risks

The Internet of Things (IoT) Opportunities and Risks Session No. 744 The Internet of Things (IoT) Opportunities and Risks David Loomis, CSP Risk Specialist Chubb Group of Insurance Companies Brian Wohnsiedler, CSP Risk Specialist Chubb Group of Insurance

More information

PCI Solution for Retail: Addressing Compliance and Security Best Practices

PCI Solution for Retail: Addressing Compliance and Security Best Practices PCI Solution for Retail: Addressing Compliance and Security Best Practices Executive Summary The Payment Card Industry (PCI) Data Security Standard has been revised to address an evolving risk environment

More information

PineApp TM Mail Encryption Solution TM

PineApp TM Mail Encryption Solution TM PineApp TM Mail Encryption Solution TM How to keep your outgoing messages fully secured. October 2008 Modern day challenges in E-Mail Security Throughout the years, E-Mail has evolved significantly, emerging

More information

Best Practices Guide to Electronic Banking

Best Practices Guide to Electronic Banking Best Practices Guide to Electronic Banking City Bank & Trust Company offers a variety of services to our customers. As these services have evolved over time, a much higher percentage of customers have

More information

Biometric Authentication Platform for a Safe, Secure, and Convenient Society

Biometric Authentication Platform for a Safe, Secure, and Convenient Society 472 Hitachi Review Vol. 64 (2015), No. 8 Featured Articles Platform for a Safe, Secure, and Convenient Society Public s Infrastructure Yosuke Kaga Yusuke Matsuda Kenta Takahashi, Ph.D. Akio Nagasaka, Ph.D.

More information

A Study on the Security of RFID with Enhancing Privacy Protection

A Study on the Security of RFID with Enhancing Privacy Protection A Study on the Security of RFID with Enhancing Privacy Protection *Henry Ker-Chang Chang, *Li-Chih Yen and *Wen-Chi Huang *Professor and *Graduate Students Graduate Institute of Information Management

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

How we keep harmful apps out of Google Play and keep your Android device safe

How we keep harmful apps out of Google Play and keep your Android device safe How we keep harmful apps out of Google Play and keep your Android device safe February 2016 Bad apps create bad experiences, so we work hard to keep them off your device and out of Google Play. In 2015,

More information

The Google Android Security Team s Classifications for Potentially Harmful Applications

The Google Android Security Team s Classifications for Potentially Harmful Applications The Google Android Security Team s Classifications for Potentially Harmful Applications April 2016 Overview This document covers the Android Security Team s taxonomy for classifying apps that pose a potential

More information

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE

AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE AIRDEFENSE SOLUTIONS PROTECT YOUR WIRELESS NETWORK AND YOUR CRITICAL DATA SECURITY AND COMPLIANCE THE CHALLENGE: SECURE THE OPEN AIR Wirelesss communication lets you take your business wherever your customers,

More information

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875

OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 OCT Training & Technology Solutions Training@qc.cuny.edu (718) 997-4875 Understanding Information Security Information Security Information security refers to safeguarding information from misuse and theft,

More information

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens.

Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. Secure Data transfer in Cloud Storage Systems using Dynamic Tokens. P.Srinivas *,K. Rajesh Kumar # M.Tech Student (CSE), Assoc. Professor *Department of Computer Science (CSE), Swarnandhra College of Engineering

More information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information

INFORMATION SECURITY POLICY DOCUMENT. The contents of this document are classified as DC 1 Private information 6 th Floor, Tower A, 1 CyberCity, Ebene, Mauritius T + 230 403 6000 F + 230 403 6060 E ReachUs@abaxservices.com INFORMATION SECURITY POLICY DOCUMENT Information Security Policy Document Page 2 of 15 Introduction

More information

A Proxy-Based Data Security Solution in Mobile Cloud

A Proxy-Based Data Security Solution in Mobile Cloud , pp. 77-84 http://dx.doi.org/10.14257/ijsia.2015.9.5.08 A Proxy-Based Data Security Solution in Mobile Cloud Xiaojun Yu 1,2 and Qiaoyan Wen 1 1 State Key Laboratory of Networking and Switching Technology,

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

Preventing Resource Exhaustion Attacks in Ad Hoc Networks

Preventing Resource Exhaustion Attacks in Ad Hoc Networks Preventing Resource Exhaustion Attacks in Ad Hoc Networks Masao Tanabe and Masaki Aida NTT Information Sharing Platform Laboratories, NTT Corporation, 3-9-11, Midori-cho, Musashino-shi, Tokyo 180-8585

More information

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE WHITE PAPER MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE 1. OVERVIEW Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is both. But it s

More information

Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3

Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3 4th International Conference on Mechatronics, Materials, Chemistry and Computer Engineering (ICMMCCE 2015) Enterprise Network Virus Protection Research Yanjie Zhou 1, Li Ma 2 Min Wen3 1,2College of Mathematical

More information

Ten Deadly Sins in Wireless Security

Ten Deadly Sins in Wireless Security Ten Deadly Sins in Wireless Security The emergence and popularity of wireless devices and wireless networks has provided a platform for real time communication and collaboration. This emergence has created

More information

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline

Overview. Summary of Key Findings. Tech Note PCI Wireless Guideline Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the

More information

Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System

Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System , pp.97-108 http://dx.doi.org/10.14257/ijseia.2014.8.6.08 Designing and Embodiment of Software that Creates Middle Ware for Resource Management in Embedded System Suk Hwan Moon and Cheol sick Lee Department

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Best Practices: Corporate Online Banking Security

Best Practices: Corporate Online Banking Security Best Practices: Corporate Online Banking Security These Best Practices assume that your organization has a commercially-reasonable security infrastructure in place. These Best Practices are not comprehensive

More information

Remote Monitoring and Controlling System Based on ZigBee Networks

Remote Monitoring and Controlling System Based on ZigBee Networks Remote Monitoring and Controlling System Based on ZigBee Networks Soyoung Hwang and Donghui Yu* Department of Multimedia Engineering, Catholic University of Pusan, South Korea {soyoung, dhyu}@cup.ac.kr

More information

Study on the Vulnerability Level of Physical Security And Application of the IP-Based Devices

Study on the Vulnerability Level of Physical Security And Application of the IP-Based Devices , pp. 63-68 http://dx.doi.org/10.14257/ijsh.2015.9.10.07 Study on the Vulnerability Level of Physical Security And Application of the IP-Based Devices Kwang-Hyuk Park 1, Il-Kyeun Ra 2 and Chang-Soo Kim

More information

Five PCI Security Deficiencies of Restaurants

Five PCI Security Deficiencies of Restaurants WHITE PAPER Five PCI Security Deficiencies of Restaurants Five PCI Security Deficiencies of Restaurants The Most Common PCI Compliance Mistakes of Brick-and-Mortar Locations By Bradley K. Cyprus - Chief

More information

Critical Information Infrastructures Management System and Security Issues

Critical Information Infrastructures Management System and Security Issues Critical Information Infrastructures Management System and Security Issues Focusing on the Public Administrative Sector Jun Heo Internet Service Protection Team Korea Internet & Security Agency Seoul,

More information

Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones

Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones 보안공학연구논문지 (Journal of Security Engineering), 제 8권 제 3호 2011년 6월 Scheme to Secure Communication of SCADA Master Station and Remote HMI s through Smart Phones Rosslin John Robles 1) and Tai-hoon Kim 2) Abstract

More information

10 best practice suggestions for common smartphone threats

10 best practice suggestions for common smartphone threats 10 best practice suggestions for common smartphone threats Jeff R Fawcett Dell SecureWorks Security Practice Executive M Brandon Swain Dell SecureWorks Security Practice Executive When using your Bluetooth

More information

Open Access Research and Design for Mobile Terminal-Based on Smart Home System

Open Access Research and Design for Mobile Terminal-Based on Smart Home System Send Orders for Reprints to reprints@benthamscience.ae The Open Automation and Control Systems Journal, 2015, 7, 479-484 479 Open Access Research and Design for Mobile Terminal-Based on Smart Home System

More information

Abstract. 1. Introduction

Abstract. 1. Introduction 보안공학연구논문지 Journal of Security Engineering Vol.12, No.2 (2015), pp.181-190 http://dx.doi.org/10.14257/jse.2015.04.07 Abstract E-health is the delivery of health information, for health professionals and

More information

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme

On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme On the Security Vulnerabilities of a Hash Based Strong Password Authentication Scheme Manoj Kumar Department of Mathematics R. K. College Shamli-Muzaffarnagar,.P.-India - 247776 E-mail: yamu balyan@yahoo.co.in

More information

Chapter 6: Fundamental Cloud Security

Chapter 6: Fundamental Cloud Security Chapter 6: Fundamental Cloud Security Nora Almezeini MIS Department, CBA, KSU From Cloud Computing by Thomas Erl, Zaigham Mahmood, and Ricardo Puttini(ISBN: 0133387526) Copyright 2013 Arcitura Education,

More information

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram. Protection of Vulnerable Virtual machines from being compromised as zombies during DDoS attacks using a multi-phase distributed vulnerability detection & counter-attack framework Ashok Kumar Gonela MTech

More information

Modern Accounting Information System Security (AISS) Research Based on IT Technology

Modern Accounting Information System Security (AISS) Research Based on IT Technology , pp.163-170 http://dx.doi.org/10.14257/astl.2016. Modern Accounting Information System Security (AISS) Research Based on IT Technology Jiamin Fang and Liqing Shu Accounting Branch, Jilin Business and

More information

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment

Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment Distributed auditing mechanism in order to strengthen user s control over data in Cloud computing Environment Chandra Sekhar Murakonda M.Tech Student, Department of Computer Science Engineering, NRI Institute

More information

SCADA SYSTEMS AND SECURITY WHITEPAPER

SCADA SYSTEMS AND SECURITY WHITEPAPER SCADA SYSTEMS AND SECURITY WHITEPAPER Abstract: This paper discusses some of the options available to companies concerned with the threat of cyber attack on their critical infrastructure, who as part of

More information

Strengthen RFID Tags Security Using New Data Structure

Strengthen RFID Tags Security Using New Data Structure International Journal of Control and Automation 51 Strengthen RFID Tags Security Using New Data Structure Yan Liang and Chunming Rong Department of Electrical Engineering and Computer Science, University

More information

Top tips for improved network security

Top tips for improved network security Top tips for improved network security Network security is beleaguered by malware, spam and security breaches. Some criminal, some malicious, some just annoying but all impeding the smooth running of a

More information

Management Standards for Information Security Measures for the Central Government Computer Systems

Management Standards for Information Security Measures for the Central Government Computer Systems Management Standards for Information Security Measures for the Central Government Computer Systems April 21, 2011 Established by the Information Security Policy Council Table of Contents Chapter 1.1 General...

More information

Safe Authentication Protocol for Secure USB Memories

Safe Authentication Protocol for Secure USB Memories Kyungroul Lee 1, Hyeungjun Yeuk 1, Youngtae Choi 1, Sitha Pho 1, Ilsun You 2 and Kangbin Yim 1 1 Soonchunhyang Univeristy, Dept. of Information Security Engineering, 646 Eupnae, Shinchang, Asan, Korea

More information

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker

PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker PCI-DSS and Application Security Achieving PCI DSS Compliance with Seeker www.quotium.com 1/14 Summary Abstract 3 PCI DSS Statistics 4 PCI DSS Application Security 5 How Seeker Helps You Achieve PCI DSS

More information

Overview of the Internet of things

Overview of the Internet of things Overview of the Internet of things Tatiana Kurakova, International Telecommunication Union Place des Nations CH-1211 Geneva, Switzerland Abstract. This article provides an overview of the Internet of things

More information

Application-Specific Biometric Templates

Application-Specific Biometric Templates Application-Specific Biometric s Michael Braithwaite, Ulf Cahn von Seelen, James Cambier, John Daugman, Randy Glass, Russ Moore, Ian Scott, Iridian Technologies Inc. Introduction Biometric technologies

More information

Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service

Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service , pp. 195-204 http://dx.doi.org/10.14257/ijsh.2015.9.5.19 Smart Integrated Multiple Tracking System Development for IOT based Target-oriented Logistics Location and Resource Service Ju-Su Kim, Hak-Jun

More information

National Cyber Security Month 2015: Daily Security Awareness Tips

National Cyber Security Month 2015: Daily Security Awareness Tips National Cyber Security Month 2015: Daily Security Awareness Tips October 1 New Threats Are Constantly Being Developed. Protect Your Home Computer and Personal Devices by Automatically Installing OS Updates.

More information

A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory

A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory A Study on Behavior Patternize in BYOD Environment Using Bayesian Theory Dongwan Kang, Myoungsun Noh, Chaetae Im Abstract Since early days, businesses had started introducing environments for mobile device

More information

ONE Mail Direct for Mobile Devices

ONE Mail Direct for Mobile Devices ONE Mail Direct for Mobile Devices User Guide Version: 2.0 Document ID: 3292 Document Owner: ONE Mail Product Team Copyright Notice Copyright 2014, ehealth Ontario All rights reserved No part of this document

More information

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics

Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Security Enhanced Anonymous Multi-Server Authenticated Key Agreement Scheme using Smart Card and Biometrics Younsung Choi College of Information and Communication Engineering, Sungkyunkwan University,

More information

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats

Achieving Truly Secure Cloud Communications. How to navigate evolving security threats Achieving Truly Secure Cloud Communications How to navigate evolving security threats Security is quickly becoming the primary concern of many businesses, and protecting VoIP vulnerabilities is critical.

More information

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants

Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Cyber Security Evaluation of the Wireless Communication for the Mobile Safeguard Systems in uclear Power Plants Sooill Lee a*, Yong Sik Kim a, Song Hae Ye a a Central Research Institute, Korea Hydro and

More information

Your use of the website indicates agreement with the following: Section 1: Information for Nurses taking the courses for continuing education.

Your use of the website indicates agreement with the following: Section 1: Information for Nurses taking the courses for continuing education. Course Policies for cultureadvantage.org and culture-advantage.com Websites. For Continuing Education for Nurses: Please refer to Section 1 and Section 2 For all other users and participants to the Medical

More information

Internet threats: steps to security for your small business

Internet threats: steps to security for your small business Internet threats: 7 steps to security for your small business Proactive solutions for small businesses A restaurant offers free WiFi to its patrons. The controller of an accounting firm receives a confidential

More information

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK Prepared By: Raghda Zahran, Msc. NYIT-Jordan campus. Supervised By: Dr. Lo ai Tawalbeh. November 2006 Page 1 of 8 THE WAR AGAINST BEING AN INTERMEDIARY

More information