Improving Smart Home Security: Using Blockchain-Based Situation-Aware Access Control

190926-Thumbnail Image.png
Description
The evolution of technology, including the proliferation of the Internet of Things (IoT), advanced sensors, intelligent systems, and more, has paved the way for the establishment of smart homes. These homes bring a new era of automation with interconnected devices,

The evolution of technology, including the proliferation of the Internet of Things (IoT), advanced sensors, intelligent systems, and more, has paved the way for the establishment of smart homes. These homes bring a new era of automation with interconnected devices, offering increased services. However, they also introduce data security and device management challenges. Current smart home technologies are susceptible to security violations, leaving users vulnerable to data compromise, privacy invasions, and physical risks. These systems often fall short in implementing stringent data security safeguards, and the user control process is complex. In this thesis, an approach is presented to improve smart home security by integrating private blockchain technology with situational awareness access control. Using blockchain technology ensures transparency and immutability in data transactions. Transparency from the blockchain enables meticulous tracking of data access, modifications, and policy changes. The immutability of blockchain is utilized to strengthen the integrity of data, deterring, and preventing unauthorized alterations. While the designed solution leverages these specific blockchain features, it consciously does not employ blockchain's decentralization due to the limited computational resources of IoT devices and the focused requirement for centralized management within a smart home context. Additionally, situational awareness facilitates the dynamic adaptation of access policies. The strategies in this thesis excel beyond existing solutions, providing fine-grained access control, reliable transaction data storage, data ownership, audibility, transparency, access policy, and immutability. This approach is thoroughly evaluated against existing smart home security improvement solutions.
Date Created
2023
Agent

A Blockchain-Based Approach for Tracing Security Requirements for Large Scale and Complex Software Development

171782-Thumbnail Image.png
Description
Security requirements are at the heart of developing secure, invulnerable software. Without embedding security principles in the software development life cycle, the likelihood of producing insecure software increases, putting the consumers of that software at great risk. For large-scale software

Security requirements are at the heart of developing secure, invulnerable software. Without embedding security principles in the software development life cycle, the likelihood of producing insecure software increases, putting the consumers of that software at great risk. For large-scale software development, this problem is complicated as there may be hundreds or thousands of security requirements that need to be met, and it only worsens if the software development project is developed by a distributed development team. In this thesis, an approach is provided for software security requirement traceability for large-scale and complex software development projects being developed by distributed development teams. The approach utilizes blockchain technology to improve the automation of security requirement satisfaction and create a more transparent and trustworthy development environment for distributed development teams. The approach also introduces immutability, auditability, and non-repudiation into the security requirement traceability process. The approach is evaluated against existing software security requirement solutions.
Date Created
2022
Agent

SpaceMediator: Preventing Spatial and Privacy Attacks in Mobile Augmented Reality

168589-Thumbnail Image.png
Description
Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates 3D virtual content into the physical world in real-time. It has been implemented for multiple intents as it enhances people’s interaction, e.g., shopping, entertainment, gaming, etc. Thus,

Mobile Augmented Reality (MAR) is a portable, powerful, and suitable technology that integrates 3D virtual content into the physical world in real-time. It has been implemented for multiple intents as it enhances people’s interaction, e.g., shopping, entertainment, gaming, etc. Thus, MAR is expected to grow at a tremendous rate in the upcoming years, as its popularity via mobile devices has increased. But, unfortunately, the applications that implement MAR, hereby referred to as MAR-Apps, bear security issues. Such are imaged in worldwide recorded incidents caused by MAR-Apps, e.g., robberies, authorities requesting banning MAR at specific locations, etc. To further explore these concerns, a case study analyzed several MAR-Apps available in the market to identify the security problems in MAR. As a result of this study, the threats found were classified into three categories. First, Space Invasion implies the intrusive modification through MAR of sensitive spaces, e.g., hospitals, memorials, etc. Then, Space Affectation means the degradation of users’ experience via interaction with undesirable MAR or malicious entities. Finally, MAR-Apps mishandling sensitive data leads to Privacy Leaks. SpaceMediator, a proof-of-concept MAR-App that imitates the well-known and successful MAR-App Pokémon GO, implements the solution approach of a Policy-Governed MAR-App, which assists in preventing the aforementioned mentioned security issues. Furthermore, its feasibility is evaluated through a user study with 40 participants. As a result, uncovering understandability over the security issues as participants recognized and prevented them with success rates as high as 92.50%. Furthermore, there is an enriched interest in Policy-Governed MAR-Apps as 87.50% of participants agreed with restricted MAR-Apps within sensitive spaces, and 82.50% would implement constraints in MAR-Apps. These promising results encourage adopting the Policy-Governed solution approach in future MAR-Apps.
Date Created
2022
Agent