Achieving Compositional Security and Privacy in IoT Environments

Muslum Ozgur Ozmen (18870154)

11 September 2024

<p dir="ltr">The Internet of Things (IoT) systems include sensors that measure the physical world, actuators that influence it, and IoT apps that automate these sensors and actuators. Although IoT environments have revolutionized our lives by integrating digital connectivity into physical processes, they also introduce unique security and privacy concerns. Particularly, these systems include multiple components that are unified through the cyber and physical domains. For instance, smart homes include various devices and multiple IoT apps that control these devices. Thus, attacks against any single component can have rippling effects, amplifying due to the composite behavior of sensors, actuators, apps, and the physical environment.</p><p dir="ltr">In this dissertation, I explore the emerging security and privacy issues that arise from the complex physical interactions in IoT environments. To discover and mitigate these emerging issues, there is a need for composite reasoning techniques that consider the interplay between digital and physical domains. This dissertation addresses these challenges to build secure IoT environments and enhance user privacy with new formal techniques and systems.</p><p dir="ltr">To this end, I first describe my efforts in ensuring the safety and security of IoT en- vironments. Particularly, I introduced IoTSeer, a security service that discovers physical interaction vulnerabilities among IoT apps. I then proposed attacks that evade prior event verification systems by exploiting the complex physical interactions between IoT sensors and actuators. To address them, I developed two defenses, software patching and sensor placement, to make event verification systems robust against evasion attacks. These works provide a suite of tools to achieve compositional safety and security in IoT environments. </p><p dir="ltr">Second, I discuss my work that identifies the privacy risks of emerging IoT devices. I designed DMC-Xplorer to find vulnerabilities in voice assistant platforms and showed that an adversary can eavesdrop on privacy-sensitive device states and prevent users from controlling devices. I then developed a remote side-channel attack against intermittent devices to infer privacy-sensitive information about the environment in which they are deployed. These works highlight new privacy issues in emerging commodity devices used in IoT environments.</p>

Data and information privacy

System and network security

IoT Security

Cyber-physical systems security

Internet of Things

Privacy

Formal Methods

Applying an information system framework to the Army's simulation support plan process

Boerjan, Robert A.

01 April 2003

No description available.

Engineering

Industrial Engineering

Relax the Reliance on Honesty in Distributed Cryptographic Protocols

Tiantian Gong (19838595)

14 October 2024

<p dir="ltr">Distributed cryptographic protocols typically assume a bounded number of malicious parties (who behave arbitrarily) in the system---and in turn, a lower bound on the number of <i>honest</i> parties (who follow and only follow a protocol faithfully/honestly without performing unspecified computations)---for their respective security guarantees to hold. However, when deploying these protocols in practice, the nature of computing parties does not necessarily align nicely with the protocols' assumptions. Specifically, there may be only a few honest/compliant parties, or none exists. Instead, non-malicious parties may be <i>semi-honest</i> (who follow the protocol specifications but are curious to learn as much information as possible from semi-honest parties' transcripts) or <i>rational</i> (who take actions that maximize their utilities instead of actions benefiting the protocol the most, e.g., performing extra computations or not following protocols). In such cases, the security guarantees of such protocols may deviate greatly in real life from what is theoretically promised, leaving a huge gap between theory and practice. </p><p dir="ltr">In this thesis, I bridge such a gap by enhancing the fault tolerance of various distributed cryptographic primitives by <i>relaxing the assumption on the existence of honest parties</i>.</p><p dir="ltr">First, in the context of <b>secure multi-party computations</b>, without honest parties, my goal is to induce honest (i.e., not compromising correctness) and non-curious (i.e., not harming privacy) behaviors from rational participants via game theoretic and cryptographic techniques. In particular, I first demonstrate how to ensure protocol correctness and deter collusion among parties to recover secrets---which also breaks privacy---in multiserver private information retrieval with a singleton access structure. Then for primitives with more general (non-singleton) access structures, I introduce a distinct treatment through the lens of verifiable secret sharing. The two solutions are designed with a public bulletin board, commitment schemes, digital signature schemes, zkSNARKs (zero-knowledge succinct non-interactive arguments of knowledge), and distinct incentive structures tailored for varying access structures underlying the schemes.</p><p dir="ltr">Second, in <b>permissionless blockchain systems</b>, for protocols without privacy guarantees like computation outsourcing and consensus, my goal is to incentivize rational parties to behave correctly. This means to act according to the protocol specifications or as implied by the security requirements of the primitive, e.g., fairly distribute rewards to participants based on contributions in proof-of-work (PoW) blockchains. Specifically, I present a defense against an undercutting attack in PoW blockchains from a game theory perspective and propose a decentralized computation outsourcing protocol built on permissionless blockchain systems based on multi-unit auctions.</p>

Cryptography

Data and information privacy

Data security and protection

Private information retrieval

Multiparty computation

Secret sharing

Decentralized computation outsourcing

Collusion deterrence

Mechanism design

Metodologie a problémy při transformaci dat a určení jejího významu v rámci integrace heterogenních informačních zdrojů / Methodology and problems of data transformation and determine its importance in the integration of heterogeneous information sources

Bartoš, Ivan

January 2012

Methodology and issues of data transformation and its information value estimation during the integration of the heterogenous information sources PhDr. Ivan BARTOŠ Abstract This study focuses mainly on the data and information transformation issue. This topic is currently critical in several scientific and commercial areas. Information value, information quality and the quality of the source data differs between the various systems. This is not only due to the different topologies of the information sources but also because of its different understanding and a manner of storing the information describing the entity of the enterprise. Such information systems, respectively database systems in the scope of the thesis, could perform well as the stand alone systems. The issue appears in the moment when such heterogeneous systems are required to be integrated and the information shall be migrated between each other. The thesis is logically divided into four major parts based on these issues. The first part describes the methods that can be used to classify the data quality of the source system (the one to be integrated) from which the information can be extracted. Based on assumption of the common lack of project and system documentation hereby introduced methods can be used for such qualification even when the...

Qualitätssicherung von Datenpublikationen bei Data Journals und Forschungsdatenrepositorien

Kindling, Maxi

22 February 2023

Die Qualitätssicherung von Forschungsdaten ist im Kontext offener Wissenschaft ein wichtiges Thema. Sollen geteilte Daten dabei unterstützen, Forschungsergebnisse nachzuvollziehen und die Nachnutzung von Daten ermöglicht werden, bestehen entsprechende Anforderungen an ihre Qualität. Bei Datenqualität und Qualitätssicherung im Kontext von Datenpublikationen handelt es sich allerdings um komplexe und divers verwendete Konzepte. Bislang wird die Qualitätssicherung von Datenpublikationen punktuell ausführlich beschrieben, jedoch fehlt eine Betrachtung, die die möglichen Maßnahmen systematisch beschreibt. Darüber, wie einzelne Maßnahmen bei Repositorien verbreitet sind, ist ebenfalls kaum etwas bekannt. In der Dissertation wird herausgearbeitet, wie Qualität und Qualitätssicherung für Forschungsdaten definiert und systematisiert werden können. Auf dieser Basis wird ein theoretischer Ansatz für die Systematisierung qualitätssichernder Maßnahmen erarbeitet. Er dient als Grundstruktur für die Untersuchung von Data Journals und Repositorien. Dazu werden Guidelines von 135 Data Journals und Zertifizierungsdokumente von 99 Repositorien analysiert, die das Zertifikat CoreTrustSeal in der Version 2017–2019 erhalten haben. Die Analysen zeigen, wie Datenqualität in Data Journal Guidelines und durch Repositorien definiert wird und geben einen Einblick in die Praxis der Qualitätssicherung bei Repositorien. Die Ergebnisse bilden die Grundlage für eine Umfrage zur Verbreitung qualitätssichernder Maßnahmen, die auch offene Prozesse der Qualitätssicherung, Verantwortlichkeiten und die transparente Dokumentation der Datenqualität berücksichtigt. An der Umfrage im Jahr 2021 nahmen 332 Repositorien teil, die im Verzeichnis re3data indexiert sind. Die Ergebnisse der Untersuchungen zeigen den Status quo der Qualitätssicherung und die Definition von Datenqualität bei Data Journals und Forschungsdatenrepositorien auf. Sie zeigen außerdem, dass Repositorien mit vielfältigen Maßnahmen zur Qualitätssicherung von Datenpublikationen beitragen. Die Ergebnisse fließen in ein Framework für die Qualitätssicherung von Datenpublikationen in Repositorien ein. / Quality assurance of research data is an important issue in open science. To enable transparency in research and data reuse, shared data have to meet quality requirements. However, the concepts of data quality and quality assurance are ubiquitous, yet elusive. Quality assurance practices have been researched for data publications in Data Journals, but not systematically for research data repositories. This dissertation elaborates how quality and quality assurance for research data can be defined and systematized. On this basis, a theoretical approach for quality assurance is developed. It is used for the analysis of quality assurance practices at data journals and research data repositories. For this purpose, guidelines of 135 data journals and certification documents of 99 repositories that have received the CoreTrustSeal certificate 2017–2019 are investigated. The analyses show how data quality is defined in data journal guidelines and by repositories and provide insight into repository quality assurance practices. The results informed a questionnaire that aims at analyzing prevalence of data quality assurance at research data repositories. The survey also covered aspects such open measures of quality assurance, responsibilities and transparent quality documentation. 332 repositories indexed in the re3data registry participated in the 2021 online survey. The results of this dissertations analyses indicate the status quo of quality assurance measures and definitions of data quality at data journals and research data repositories. Furthermore, they also show that repositories contribute to the quality assurance of data publications with a variety of measures. The results are incorporated into a framework for quality assurance of data publications at research data repositories.

Datenpublikationen

Qualitätssicherung

Datenqualität

Data Journals

Data Papers

Repositorien

Data Review

Data Quality Information

Open Science

Data Puclications

Quality Assurance

Data Quality

Data Journals

Data Papers

Repositories

Data Review

Data Quality Information

Open Science

AN 73800

AK 54530

ddc:020

O compartilhamento de informações positivas como instrumento de redução da assimetria de informação na concessão do crédito bancário no Brasil

Mendonça, Daniel Henrique de

21 May 2012

Made available in DSpace on 2016-04-26T20:48:36Z (GMT). No. of bitstreams: 1 Daniel Henrique de Mendonca.pdf: 648601 bytes, checksum: 65cf6cc99fbe5f4d508f0c8760990e40 (MD5) Previous issue date: 2012-05-21 / The main aim of this study is to analyze the new legislation adopted in Brazil (Law nº 12,414/2011), which regulates the functioning of the credit positive information sharing market in the light of the asymmetric information theory and the international experience, highlighting similarities and differences as well as their possible impact on performance of the bank loans local market. For this, it was performed an intensive bibliography review on the literature existent about asymmetric information, with special attention to the role played by sharing data on individuals and companies, and the role of credit bureaus as a tool developed to reduce adverse selection and moral hazard problems. A presentation of the international experience is used as a way of highlighting the empirical aspect of the theory as well as serve as a comparison model to analyze the main points of the new Brazilian legislation in the light of the results already measurable in other economies. Special attention is given to the experience of Hong Kong, whose the creation of an effective information sharing framework is considered a recent international benchmarking. One of the main conclusions is that the implementation of this mechanism is an important step forward in structuring the national financial system, but its impact in reducing interest rates, reducing delinquency rates and increasing of the credit amount available must occur in the medium and long term / O objetivo principal do presente trabalho é analisar a nova legislação aprovada no Brasil (Lei nº 12.414/2011) que regulamenta o funcionamento do mercado de compartilhamento de informações positivas de crédito à luz da teoria sobre assimetria de informações e da experiência internacional, destacando similaridades e diferenças, bem como seus possíveis impactos no desempenho do mercado de empréstimos bancários local. Para isso, foi realizada uma pesquisa bibliográfica intensa sobre a literatura existente que trata da assimetria de informações, com especial atenção ao papel desempenhado pelo compartilhamento de dados sobre pessoas físicas e jurídicas, e a atuação dos birôs de crédito como instrumentos desenvolvidos para reduzir os problemas de seleção adversa e risco moral. Uma apresentação da experiência internacional é utilizada como forma de ressaltar o aspecto empírico da teoria, bem como servir de modelo de comparação para analisar os principais pontos da nova legislação brasileira à luz de resultados já mensuráveis em outras economias. É dada uma especial atenção na experiência de Hong Kong por ser considerado benchmarking internacional recente na criação de uma estrutura de compartilhamento de informações eficiente. Uma das principias conclusões diz respeito ao fato de que a implantação desse mecanismo é um avanço estruturante importante dentro do sistema financeiro nacional, porém, seus impactos na redução das taxas de juros, na redução da inadimplência e no aumento do volume de crédito disponível devem ocorrer no médio e longo prazo

Assimetria de informação

Birô de crédito

Cadastro positivo

Crédito bancário no Brasil

Risco moral

Seleção adversa

Adverse selection

Asymmetric information

Brazilian banking credit

Credit bureau

Data and information sharing

Positive data

Moral hazard

Détection de dysfonctionements et d'actes malveillants basée sur des modèles de qualité de données multi-capteurs / Detection of dysfunctions and malveillant acts based on multi-sensor data quality models

Merino Laso, Pedro

07 December 2017

Les systèmes navals représentent une infrastructure stratégique pour le commerce international et les activités militaires. Ces systèmes sont de plus en plus informatisés afin de réaliser une navigation optimale et sécurisée. Pour atteindre cet objectif, une grande variété de systèmes embarqués génèrent différentes informations sur la navigation et l'état des composants, ce qui permet le contrôle et le monitoring à distance. Du fait de leur importance et de leur informatisation, les systèmes navals sont devenus une cible privilégiée des pirates informatiques. Par ailleurs, la mer est un environnement rude et incertain qui peut produire des dysfonctionnements. En conséquence, la prise de décisions basée sur des fausses informations à cause des anomalies, peut être à l'origine de répercussions potentiellement catastrophiques.Du fait des caractéristiques particulières de ces systèmes, les méthodologies classiques de détection d'anomalies ne peuvent pas être appliquées tel que conçues originalement. Dans cette thèse nous proposons les mesures de qualité comme une potentielle alternative. Une méthodologie adaptée aux systèmes cyber-physiques a été définie pour évaluer la qualité des flux de données générés par les composants de ces systèmes. À partir de ces mesures, une nouvelle approche pour l'analyse de scénarios fonctionnels a été développée. Des niveaux d'acceptation bornent les états de normalité et détectent des mesures aberrantes. Les anomalies examinées par composant permettent de catégoriser les détections et de les associer aux catégories définies par le modèle proposé. L'application des travaux à 13 scénarios créés pour une plate-forme composée par deux cuves et à 11 scénarios pour deux drones aériens a servi à démontrer la pertinence et l'intérêt de ces travaux. / Naval systems represent a strategic infrastructure for international commerce and military activity. Their protection is thus an issue of major importance. Naval systems are increasingly computerized in order to perform an optimal and secure navigation. To attain this objective, on board vessel sensor systems provide navigation information to be monitored and controlled from distant computers. Because of their importance and computerization, naval systems have become a target for hackers. Maritime vessels also work in a harsh and uncertain operational environments that produce failures. Navigation decision-making based on wrongly understood anomalies can be potentially catastrophic.Due to the particular characteristics of naval systems, the existing detection methodologies can't be applied. We propose quality evaluation and analysis as an alternative. The novelty of quality applications on cyber-physical systems shows the need for a general methodology, which is conceived and examined in this dissertation, to evaluate the quality of generated data streams. Identified quality elements allow introducing an original approach to detect malicious acts and failures. It consists of two processing stages: first an evaluation of quality; followed by the determination of agreement limits, compliant with normal states to identify and categorize anomalies. The study cases of 13 scenarios for a simulator training platform of fuel tanks and 11 scenarios for two aerial drones illustrate the interest and relevance of the obtained results.

Qualité de données et de l'information

Monitoring

Réseau multi-source

Système cyberphysique

Système naval

Pyramide DIKW

Détection d’anomalies

Catégorisation d’anomalies

Data and information quality

Monitoring

Multi-source network

Cyberphysical system

Naval systems

DIKW pyramid

Anomaly detection

Anomaly categorization

004

ZABEZPEČENÍ A OCHRANA DAT PŘI ČINNOSTI HASIČSKÉHO ZÁCHRANNÉHO SBORU JIHOČESKÉHO KRAJE / Data security of the fire department of the South Bohemian region

REMIÁŠ, František

January 2012

The thesis is focused on work with the data and information for the Fire and Rescue Service of South Bohemia Region, and its goal is to determine whether the data and information faced by members and employees of Fire and Rescue Service in their work are treated in accordance with applicable legislation, and whether they are adequately secured and protected against misuse and loss. Based on the organizational structure of qualitative research are mapped in detail the security and protection of data on individual departments and workplaces. These information compile risk areas for different types of data and due to this is prepared the risk map for these areas. Due to the findings the specific measures are designed to mitigate the risks for certain fields of work with data and information. The first part explains the basic concepts and definitions of words data, information and knowledge. The next section discusses the historical context of the mapped datastorage and handling of data in paper and electronic form, including the development of information systemsand technologies. Further are described the possible threats by varius effects on these data. Another chapter focuseson describing the current state ofwork with data and description oftechnologies used to it at the Fire and Rescue Service. Afterwards is elaborated an organizational structure focused on work with data. In following part the risk map is prepared for each area and proposesseveral solutions and particular measures to reducethe greatest of the resultingrisks. The benefit of this work is the implementation of several specific solutions to eliminate and reduce the threat of risks when working with dataat Fire and Rescue Service of South Bohemia Region, and several otherproposal measures and stepsfor additional security and data protection.

Informační společnost v Evropské unii / Information Society in the European Union

Šusteková, Eva

January 2008

On the topic of development of information society in Europe with emphases on activities performed by the European Union. A short remark on origin and development of the concept of information society and general economic impact of using information and communication technologies. It brings together a summary of policies and strategies encouraging the development of information society carried out in between the years 2000-2010. A note on preparation of strategy on information society for 2011-2015. Financing programmes using assets of the budget of the European Union for financial period 2007-2013. European Commission and the Information Society and Media Directorate General provide the administrative process support and the background of the preparation for information society policies. An overview of the European statistical data on information society. A list of the European legislation concerning information society with an aim to support use of information and communication technologies.

Ein empirischer Zugang zur Ermittlung von Kompetenzprofilen in der Digitalen Wirtschaft

Ziebarth, Sabrina, Malzahn, Nils, Zeini, Sam, Hoppe, Ulrich

January 2008

No description available.

info:eu-repo/classification/ddc/330

ddc:330