The 3rd EAI International Conference on Industrial Networks and Intelligent Systems (INISCom 2017) will take place on September 4 September 2017 in Thanh Pho Moi Binh Duong, Vietnam.
The 2017 edition of the INISCom Conference series will have as a central theme the Smart Cities, striving to provides an excellent forum for researchers, engineers, and practitioners to present and discuss the latest technology, advancement, and future directions and trends in industrial networks and applications, intelligent systems and applications, information processing and data analysis, hardware and software design and development and Security & Privacy.
Authors are invited to submit full papers describing original research or innovative practical applications in areas including, but not limited to:
Telecommunications Systems and Networks
Industrial networks and applications
Intelligent systems and applications
Information processing and data analysis
Hardware and software design and development
Security & Privacy
All accepted papers will be published by Springer and made available through SpringerLink Digital Library, one of the world’s largest scientific libraries. Proceedings are submitted for inclusion to the leading indexing services: EI, ISI Thomson’s Scientific and Technical Proceedings at Web of Science, Scopus, CrossRef, Google Scholar, DBLP, as well as EAI’s own EU Digital Library (EUDL). Important dates:
Camera-ready Deadline: 2 July 2017
If you need further information about INISCOM 2017, visit the conference official website.
QShine 2017, 13th EAI International Conference on Heterogeneous Networking for Quality, Reliability, Security and Robustness, will take place in Dalian, the People’s Republic Of China on 22-23 September 2017.
The Conference has been established as the primary venue for researchers and practitioners to disseminate exchange and discuss all recent advances related to heterogeneous networking, particularly for quality, experience, reliability, security and robustness.
Original submissions, not under any concurrent reviews, are solicited in all areas related to heterogeneous wired, wireless and hybrid networks.
All accepted papers will be published by Springer and made available through SpringerLink Digital Library, one of the world’s largest scientific libraries. Proceedings are submitted for inclusion to the leading indexing services: EI, ISI Thomson’s Scientific and Technical Proceedings at Web of Science, Scopus, CrossRef, Google Scholar, DBLP, as well as EAI’s own EU Digital Library (EUDL).
The segment of wearable technology is booming, but if you’re actively using a smart watch, you are producing more data than you are probably aware of. Data that hackers find very attractive.
When we say that wearables are booming, it is not an overstatement. It is reportedly already producing an estimated $14 billion in sales worldwide – and is expected to to more than double within the next four years. But researchers from Stevens Institute of Technology have revealed that these gizmos are capable of continually recording a lot of sensitive information based on the motion of your hands. And that includes PIN codes, which hackers could guess with more than 90% accuracy.
“It may be easier than we think for criminals to obtain secret information from our wearables by using the right techniques,” said the research team leader, electrical and computer engineering processor Yingying Chen.
The Stevens team outfitted 20 volunteers with an array of fitness wristbands and smart watches, then asked them to make some 5,000 sample PIN entries on keypads or laptop keyboards while “sniffing” the packets of Bluetooth low energy (BLE) data transmitted by sensors in those devices to paired smartphones. After capturing accelerometer, gyroscope and magnetometer data from the devices and using it to calculate typical distances between and directions of consecutive key entries, Chen’s team developed a backward-inference algorithm to predict four-digit PIN codes.
While some devices proved more secure than others, the algorithm’s first guess succeeded an astonishing 80 percent of the time, on average. Within five tries, its accuracy climbed to 99 percent on some devices.
“Further research is needed, and we are also working on countermeasures,” concludes Chen, adding that wearables are not easily hackable — but they are hackable.
SPVAN 2016, the 1st EAI International Conference on Security and Privacy in Vehicular Networks, will take place in Madrid, Spain on November 17-18, 2016.
The goal of SPVAN 2016 is to address the foundations of security and privacy in the field which help to setting a ground base for further developments in VANETs. Expected contributions have to identify novel models, techniques, protocols, algorithms or architectures, etc. that provide with the said properties.
Topics of interest to the conference include:
· Privacy/Anonymity mechanisms in VANETs;
· Security and privacy metrics;
· Authentication and access control in VANETs;
· User and Data trust issues in VANETs;
· Formal security models for VANET protocols;
· Novel cryptographic algorithms for VANETs;
· Secure and privacy‐preserving aggregation techniques for VANETs;
· Formal verification techniques for VANET protocols;
· Standardization aspects of VANET security and privacy;
· Human‐computer interaction issues related to security/privacy perception in VANETs;
· Legal issues related to security and privacy aspects for VANETs;
· Secure and private location-based services in VANETs.
SPVAN 2016 will also host a keynote speech by Dr. William Whyte (Security Innovation, ITU).
All accepted papers will be published in Springer LNICST and made available through SpringerLink Digital Library, one of the world’s largest scientific libraries. Proceedings are submitted for inclusion to the leading indexing services: Elsevier (EI), Thomson Scientific (ISI), Scopus, Crossref, Google Scholar, DBLP. Selected (and presented) papers, after further extensions, will be published in the Special Issue of the SPVAN conference in the Mobile Networks and Applications Journal (included in Thomson Reuters’ ISI ranking). Furthermore, other outstanding papers will be considered for publication in the EAI Endorsed Transactions on Security and Safety. Best papers will be submitted for consideration into the Special Issue of the SPVAN conference in the Mobile Networks and Applications Journal (included in Thomson Reuters’ ISI ranking).
Full Paper Submission Deadline: 15th July, 2016
Notification Deadline: 12th August, 2016
Camera-ready Deadline: 12th September, 2016
If you want to know more about SPVAN 2016, visit the conference official website.
We had the pleasure of interviewing Dr. Gilad L. Rosner, privacy and information policy researcher and the founder of Internet of Things Privacy Forum, which focuses on responsible innovation in the domain of connected devices. As an expert on IoT, identity management, US & EU privacy, data protection regimes, and online trust, we are also very happy to have Dr. Rosner as a keynote speaker at SaSeIoT 2016, the 3rd EAI International Conference on Safety and Security in Internet of Things, which will take place in Paris on October 26-28. The domain of data protection, privacy, surveillence and information laws is a gray one, so let’s dive in. How would you comment on the recent clashes between governments and tech firms, regarding privacy and security?
The internet age has been a windfall for law enforcement and intelligence gathering agencies. The routine collection of personal information through social media, search, mobile phones, and web usage has created enormous databases of people’s movements, activities and communications. All of this comes from commercial endeavor – that is, the internet and social media are propelled by private companies in search of profit. They create the products and they store the data, and so those private data stores represent an irresistible target for data-hungry government entities like the NSA and others.
The ‘government’ is never one thing. Governments are comprised of agencies, interests, and people – overlapping powers and agendas. In the case of law enforcement, different groups have different remits and varying degrees of power. Foreign intelligence gathering is not the same as domestic law enforcement, and the rules that enable and constrain different agencies vary widely. There is a blurry line between lawful and unlawful access to private stores of personal data. The Snowden disclosures gave the world some perspective about just how blurry that line is, and how the governance of intelligence gathering may be porous or insufficient.
“Lawful and unlawful access – and who gets to say which is which? – are two sides of the same coin: the state’s desire for information about people.”
Sociologists have noted that states ‘penetrate’ their populations; that people need to be made ‘legible’ so that the state can act upon them. A strong argument can be made that intelligence gathering – for foreign or domestic purposes – is a core characteristic of the modern state. As such, lawful and unlawful access (and who gets to say which is which?) are two sides of the same coin: the state’s desire for information about people. Part of the way liberal democracies are judged is through consideration of their legitimacy. When government actors are accused of hacking into private data stores or otherwise circumventing established legal methods of obtaining access, such as search warrants and subpoenas, that legitimacy is called into question. Still, the line is blurry, and because of the secretive nature of intelligence gathering, it’s difficult to get a complete picture of when agencies are acting within their rights, when company practice facilitates or hinders the transfer of personal data to government actors, and when everyone is acting within ‘normal’ operating procedures. What role does the EU play in protecting our digital privacy and enforcing our security online?
The EU has several roles to play. The first is the creation of ‘command and control’ data protection frameworks. These are coercive laws that permit and sanction activities relating to the collection and use of personal data – an example is the forthcoming General Data Protection Regulation. Also, the political control of the EU is highly influential on the relative power of data protection authorities. DPAs are essential ‘detection’ and enforcement bodies in the domain of privacy. The second is what is sometimes called ‘norm entrepreneurship’: deliberately changing social norms around privacy. We can see this in the continual and evolving support of the idea that privacy is a ‘fundamental right.’ Regarding security, the EU can both create coercive laws, such as data breach notification, but also encourage standards development, convene stakeholders to advance issues, fund research, and promote security through bodies like ENISA. The EU is many things. In addition to refining a harmonized internal commercial market, it also seeks to make population movements easier (Schengen), create a trading bloc, and also to create a sense of ‘Europeanness.’ Part of this European identity is strong support of human rights, a component of which (in the European conception of it) is the right to privacy. By supporting human rights, Europe also ends up supporting privacy rights. What, in particular, is the security and privacy sector currently striving for?
Privacy professionals and academics are a heterogeneous group, so it’s difficult to say what the sector is striving for as a whole. Many voices within the community are in full-throated support of maintaining and pushing forward privacy values in new technology developments, but there is great debate about the ways to accomplish this. Europe tends to house a great number of privacy people who normatively support the view that privacy is a fundamental right, whereas in the United States there are those who are softer on this idea, saying instead that market mechanisms (rather than rights) are a more appropriate way to let privacy protections manifest.
For those who vigorously support the expansion of privacy rights and mechanisms through non-market methods, there is a general sense of wanting to help shape the market into more respectful, user-centered uses of data. Coercive methods like sanctions, fines, law suits and punishments only go so far, and so there is active and far-reaching discussion about different ways of supporting consumers, enhancing their knowledge and ability to intervene, supporting pseudonymous use of technology, and attempting to incorporate the contextual nature of privacy into governance. Part of the privacy community is quite concerned with Consent; or, more accurately, with the perceived failure of Consent. Some privacy researchers are seeking ways to make Consent more meaningful, whereas others have given up on it. Connected to this is a discussion about if and how to regulate data based on its use. In other words, regulating data differently when it is used for medical versus lending versus employment versus educational purposes. This already occurs to some degree, but part of the privacy community is actively seeking to broaden this approach. How will user protection change when there will be a developed IoT infrastructure, compared to how it looks right now?
The IoT is not a homogenous idea – it’s a set of trends: non-computer devices getting more sensors and network communications, low power computing, screenless interfacing, increasing stakeholders in the collection of device data, increasing device autonomy, lower cost manufacturing, miniaturization, the use of smartphones as a platform, and so on. User protection will, as it does now, take many forms: law, encryption, security architectures, contractual terms, market disincentive, and consumer education. Each of those areas will (hopefully) evolve to address the increase in data collection that the IoT portends. One challenge, for example, is privacy policies and other forms of user notifications. When screens get smaller or disappear, how do you notify users about what data a device is collecting? We know that many, many people do not read privacy policies, so the IoT will likely amplify this problem. There is some progress in the evolution of privacy policies, but it is slow, and that’s due in part to how many policies people are told to read. My view is that this calls for more institutional controls rather than trying to make people read more. What do you expect from the SaSeIoT 2016 conference? How do conferences like this one influence your work?
I expect to hear about interesting developments in security and identity management with regard to the IoT, and about new designs and uses of technology. Some of these will implicate personal data collection and some will not. I’m interested in both, but the greatest impact on my work is learning of new ways that people’s data is being collected and used. Also, hearing about the emergence or evolution of standards and the way that public bodies are interacting with the IoT domain both influence my research activities.
A lot has been said about Tor – software project that enables its users to browse the web in anonymity and with their location protected. And not only that. Many websites and services are only available via the Tor network. These are called Hidden Services/Servers (around 30.000 of which are being run daily) and their uses range from services for citizens of countries that restrict and censor online communciations, through transmission of sensitive information, all the way to illegal projects and organizations, such as The Silk Road, a black market website which used to mediate drugs and arms trade in staggering volumes. Tor is controversial, to say the least.
In any case, Tor has been the topic of many academic discussions and deliberations, occupying a host of digital security experts and computer scientists. The paper presented here is one such instance, titled Enhancing Traffic Analysis Resistance for Tor Hidden Services with Multipath Routing by Lei Yang and Fenguj Li from The University of Kansas. Their paper won the Best Paper award at the Securecomm 2015 –11th EAI International Conference on Security and Privacy in Communication Networks.
In this paper, the authors propose a multipath routing scheme for Tor hidden servers to defend against traffic analysis attacks. It is argued that Tor’s hidden services are particularly vulnerable to this kind of attack, which correlates communication patterns, deducing information about its participants, their IP addresses and locations in particular. In a traffic analysis, a statistical comparison of various traffic features, such as packet timings and counts, is performed. For a service that is supposed to provide sender-receiver unlinkability, that is quite a problem.
Tor operates via a network of six routers, nodes, and relays run by volunteers, which serve as jumping points for information from one to the next, until it reaches the desired receiver. Each node is only aware of the previous one and the next in line, obscuring the complete link between the original sender and the final receiver. If you have been wondering why hidden services are particularly vulnerable to traffic analysis attacks, the answer is simple: a new set of six nodes for each hidden service is randomized every 24 hours, but for the duration of that entire day. Additionally, nodes for hidden servers are flagged as such, and researchers have demonstrated that it is possible to take up these nodes for a specific day by brute forcing their key generation. This is opposed to a new set of nodes selected for every single connection to an ordinary (i.e. unhidden) server. The number of nodes which an attacker needs to take over in order to perform a reliable statistical traffic analysis would rise immensely. However, gaining control over the entry and the exit node, in addition to several more inbetween, for a single hidden server for a day, is not unheard of. Plus, the more nodes the attacker can track, the lower the latency on the observed traffic, and the more reliably can he or she connect the dots.
Yang and Li have stated that there are two ways of addressing this security issue – 1. to prevent the adversary from taking control of the entry and the exit node, and 2. to reduce the success rate of traffic analysis when the adversary has already been successful in gaining control over these nodes. In their paper, they proposed an approach for the latter.
They developed a multipath routing scheme for Tor hidden servers, which transfers data through multiple circuits between the hidden server and a special server rendezvous point. This system is able to exploit flow splitting and flow merging to eliminate identifiable patterns of the original flow thanks. The flow is split inside an anonymous tunnel connecting the last node and a new rendezvous point selected by the hidden server. This tunnel is comprised of multiple circuits, and is created by the hidden server upon client’s request. The different network dynamics across these multiple routes is what throws off the traffic analysis.
Yang and Li tested this system experimentally on the Shadow simulator. The results of this tested have shown that the scheme can effectively mitigate the risk of traffic analysis even when robust watermarking techniques are employed.
If you wish to take a closer look at how this scheme works, we recommend checking out the full paper at EUDL.
As mentioned in our text on FBI vs. iPhone controversy, today we bring you the interview with Víctor Rodriguez Doncel. He is an accomplished researcher in industry as well as in academia. His work is primarily situated around licensing, ontology engineering, and also artificial intelligence. Víctor will lead a workshop on Copyright, privacy and data protection in the Future Internet at the AFI 360° 2016 Summer School, which will take place in Puebla, Mexico (27-28 May).
Compared to other regions, how good/bad is legal framework of copyright and data protection in Europe?
They are two separate things. Regarding the copyright law, legislation in Europe is fragmented, which is bad for the market. There is no uniform legislation and important differences in the law of the different Member States exist. For example, I can watch some YouTube videos in Spain, and when I go to Germany I cannot because the Copyright Collecting Society in Germany has protested. These internal borders are hampering the development of the market, although this is going to be fixed: the European institutions are working towards the Digital Single Market, and legal harmonization will take place sooner than later.
And regarding Data Protection, Europe is a singular place, because it is a reference in the respect of the privacy of the individuals. The European Union has developed a very sophisticated protection regime that has influenced the development of privacy laws in the rest of the world. Again, we are in a critical moment, because European legislation on data protection is facing dramatic changes and a new Regulation is entering into force very soon, having validity throughout Europe. Everybody is expecting this change to happen.
How does Europe’s data protection and copyright legal framework compare to that of the United States?
There are indeed commonalities, as international treaties and agreements on copyright have been signed with quasi universal validity; but divergences exist, posing difficulties to the markets. As a parallel example in the Data Protection domain, European companies may find problems storing personal information in servers located in the US. The US companies need a certification, named Safe Harbor Certification, which nonetheless has been recently declared ‘invalid’ by the European courts.
Do you think the current technological progress leads to more security or more vulnerability? Which side of this conflict is more dominant?
Perhaps I should remain neutral here, but I will not. I think we are becoming essentially more vulnerable. The internet is an extension of our minds, or at least many think so. And our minds, which so far could not be read by others, are now open books in a way. My internet provider can read my email, know what I am searching, what I am thinking; my thoughts are being invaded. We are getting more vulnerable and we don’t become more secure in any manner.
For example, this argument (the internet being an extension of our minds) has been recently used by Apple. In the last few days there has been polemic in the mass media about the shooting in San Bernardino (California) four months ago. One of the shooters happened to have an iPhone, and the FBI was unable to access the data. The FBI wanted a backdoor in the smartphone for future cases with the idea that “one has to surrender privacy to have more security“. This is arguable. Besides, you will not get more security, as if a backdoor in the smartphone exists for the FBI; others may have easier to break into your smartphone.
This vision of internet as an extension of our minds is a corollary of Marshall McLuhan’s ideas, where technology is an extension of the human body. Bound to Jürgen Habermas’ vision of technology as an ideology (technology is accepted with no debate even if it effectively changes the way we live), it leads to having a sensitive and important part of us vulnerably and irremediably exposed to others.
And technologies can be used to control the nature but also to control other humans. If early technological developments were very useful for controlling the nature (e.g. the fire), they are now very good at controlling other people. We should not forget these risks.
What are the most prevailing ethical questions on Future Internet? What frightens people about it?
I don’t think people are really frightened about the internet. Nobody says “I won’t use it because I am afraid“. There are concerns, mostly on privacy, according to opinion surveys. But there are no more anti-globalization activists (they disappeared already one decade ago) or anti-internet movements. There is no serious opposition. With respect to the most prevailing ethical questions, there are many aspects that could be discussed. The ethical questions on the Future Internet are the existing ethical problems magnified with the Future Internet. The Future Internet will have impact on many human values like freedom, knowledge, opportunities, health, politics, privacy or security. In this workshop we will only focus on those aspects related to privacy and security.
What does your workshop at the AFI 360° offer?
I hope the workshop will be very attractive for two reasons: one very practical, as it will be of interest for computer scientists to have some legal notions when handling data, and one more speculative, discussing the ethical perspectives of the Future Internet.
Anybody who is publishing data, consuming data, and managing content online should be interested in knowing the basics of copyright and data protection from legal perspective; even if during the seminar only simple notions are commented. We want the participants in the workshop to learn the legal principles that protect their rights as data subjects and we want the participants in the workshop to learn legal principles not to infringe the law when handling others’ data. The workshop is open to a very broad audience!
Original article was first published by Rich McCormic at The Verge.
Just two days after the FBI has confirmed that it got into the iPhone which belonged to the San Bernardino shooter, it offers the same service in a murder case in Arkansas. Cody Hiland, the attorney in the Arkansas case, requested help from the Federal Bureau of Investigation. In the case, two teenagers stand accused of double murder, pleading not guilty. According to their attorney, the suspects are “not concerned about anything on that phone.”
Initially when FBI wanted to negotiate with Apple about unlocking the phone, there was a proposal that it would not be used in other cases. However, now after the FBI managed to unlock the phone, the Bureau accepted the request to unlock the phone in a non-terrorism related case. It is important to note that Apple did help government agencies in the past, but only in getting data available without the need of penetrating the lock and the encryption. The case that brought up all this controversy was when the FBI asked Apple to unlock the iPhone of Syed Farook, who, with the help of his wife, killed 14 people in California early in December 2015.
According to the Associated Press, it is not specified which generation of iPhone is the FBI going to tackle in the Arkansas case, but there is a mention of an iPod as well. One suspect was supposedly using it to communicate with the other and plan the murder. Theoretically, FBI should be able to unlock iPhones up to the 5S generation. In any case, regardless of what will happen next, we are already witnessing a significant change in data protection and security.
EAI Blog will stay tuned to the latest developments in the spheres of security, privacy and encryption. These events have a direct impact on the evolution of the Internet of Things. This coming Friday, an interview with Víctor Rodriguez Doncel, an expert on copyright law, will be published, where this subject will be touched upon again.
The 11th International Conference on Security and Privacy in Communication Networks (SecureComm 2015) will be taking place in October 26 – 29, 2015, in Dallas, USA.
SecureComm seeks high-quality research contributions in the form of well-developed papers. Topics of interest encompass research advances in ALL areas of secure communications and networking. Topics in other areas (e.g., formal methods, database security, secure software, theoretical cryptography) will be considered only if a clear connection to private or secure communication/networking is demonstrated.
Topics of interest include:
Security & Privacy in Wired, Wireless, Mobile, Hybrid, Sensor, Ad Hoc networks;
Network Intrusion Detection and Prevention, Firewalls, Packet Filters;
Malware Analysis and Detection including Botnets, Trojans and APTs;
Web and Systems Security;
Distributed Denial of Service Attacks and Defenses;
Communication Privacy and Anonymity;
Circumvention and Anti-Censorship Technologies;
Network and Internet Forensics Techniques;
Authentication Systems: Public Key Infrastructures, Key Management, Credential Management;
Security & Privacy in Pervasive and Ubiquitous Computing, e.g., RFIDs;
Security & Privacy in Peer-to-Peer and Overlay Networks;
Security & Privacy for Emerging Technologies: VoIP, Internet-of-Things, Social Networks;
Security & Isolation in Cloud, Data Center and Software-Defined Networks.
Accepted papers will be published in Springer’s LNICST series and will appear in the SpringerLink, one of the largest digital libraries online that covers a variety of scientific disciplines, as well as in the ICST’s own EU Digital Library (EUDL). LNICST volumes are submitted for inclusion to leading indexing services, including DBLP, Google Scholar, ACM Digital Library, ISI Proceedings, EI Engineering Index, CrossRef, Scopus.
The conference aims to explore the dynamics within the scope of IoT in the context of Safety and Security. The conference solicits original and inspiring research contributions from technology experts, researchers, designers, practitioners in academia, authorities and industry, and promises to offer a perfect forum to share knowledge, experiences, and best practices, focusing primarily on ensuring the resilience and security of IoT dependent infrastructures, and using IoT for crisis and emergency management.
The papers should be formatted using the Springer LNICST Authors’ Kit. All accepted papers will be available in book form, as well as published by Springer and made available through SpringerLink Digital Library, one of the world’s largest scientific libraries. In addition, the best papers will also have the opportunity to be published in EAI Endorsed Transactions on Security and Safety.