More Web Proxy on the site http://driver.im/

research-article

Characteristic-based security analysis of personal networks

Authors:

Andrew J. Paverd,

Fadi El-Moussa,

Ian BrownAuthors Info & Claims

UbiComp '14 Adjunct: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication

Pages 979 - 986

https://doi.org/10.1145/2638728.2641549

Published: 13 September 2014 Publication History

Abstract

The Personal Network (PN) is a logical network of interconnected components used by an individual. It encompasses the home network, the Personal Area Network (PAN), and the Vehicular Area Network (VAN) and includes cloud-based services. Previous security analyses, including ITU-T Recommendation X.1111, have focussed on the individual physical networks rather than the PN itself. By consolidating and structuring previous work, we propose an updated and enhanced security analysis for the PN. In our characteristic-based approach we identify the primary characteristics of the PN and its components and use these to develop an abstract PN asset model. From this, we derive the main attacker objectives and a list of attack vectors through which these could be achieved. We propose a mapping between the attack vectors and the PN component characteristics that can be used to determine the specific attacks to which a particular component is vulnerable. In this paper, we present a summary of this analysis and discuss its usage.

References

[1]

Baugher, M., and Lortz, V. Home-network threats and access controls. In Proceedings of the 4th international conference on Trust and trustworthy computing - TRUST '11 (June 2011), 217--230.

Digital Library

[2]

Friedman, J., and Hoffman, D. V. Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information-Knowledge-Systems Management 7, 1, 2 (2008), 159--180.

Digital Library

[3]

International Telecommunication Union. ITU-T Recommendation X.1111 - Framework of security technologies for home network. Tech. rep., International Telecommunication Union, 2007.

[4]

Landman, M. Managing smart phone security risks. In Information Security Curriculum Development Conference (Oct. 2010).

Digital Library

[5]

Lee, J. I., Choi, C.-S., Park, W.-K., Han, J.-S., and Lee, I.-W. A study on the use cases of the smart grid home energy management system. In ICTC 2011, IEEE (Sept. 2011), 746--750.

[6]

Leung, A., Yau, P.-w., and Mitchell, C. J. Using Trusted Computing to Secure Mobile Ubiquitous Environments. Security and Privacy in Wireless and Mobile Networking (2009), 303--335.

[7]

Lyle, J., Paverd, A., King-Lacroix, J., Atzeni, A., Virji, H., Flechais, I., and Faily, S. Personal PKI for the smart device era. In 9th European PKI Workshop: Research and Applications (2012).

[8]

Miller, C. Mobile Attacks and Defense. IEEE Security & Privacy Magazine 9, 4 (July 2011), 68--70.

Digital Library

[9]

National Institute of Standards and Technology (NIST). SP800-124 Guidelines on Cell Phone and PDA Security. Tech. rep., 2013.

[10]

Niemegeers, I. G., and de Groot, S. M. From Personal Area Networks to Personal Networks: A User Oriented Approach. Wireless Personal Communications 22, 2 (2002), 175--186.

Digital Library

[11]

Niemegeers, I. G., and de Groot, S. M. Research Issues in Ad-Hoc Distributed Personal Networking. Wireless Personal Communications 26, 2--3 (2003).

Digital Library

[12]

Oberheide, J., and Jahanian, F. When mobile is harder than fixed (and vice versa). In Proceedings of the Eleventh Workshop on Mobile Computing Systems & Applications (Feb. 2010).

Digital Library

[13]

Paverd, A., El-Moussa, F., and Brown, I. Characteristic-Based Security Analysis for the Personal Network. Tech. rep., 2014. https://www.cs.ox.ac.uk/people/andrew.paverd/home.

[14]

Paverd, A. J., Inggs, M. R., and Winberg, S. L. Towards a Framework for Enhanced Mobile Computing Using Cloud Resources. In Proceedings of the Southern Africa Telecommunications, Networks and Applications Conference (2011).

[15]

Schwiderski-Grosche, S., Tomlinson, A., and Irvine, J. Security challenges in the personal distributed environment. In IEEE 60th Vehicular Technology Conference, vol. 5, IEEE (2004).

[16]

Shabtai, A., Fledel, Y., Kanonov, U., Elovici, Y., Dolev, S., and Glezer, C. Google Android: A Comprehensive Security Assessment. IEEE Security & Privacy Magazine 8, 2 (Mar. 2010), 35--44.

Digital Library

[17]

Webinos. Phase 1 - Architecture and Components. Tech. rep., 2011. http://webinos.org/downloads/.

Index Terms

Characteristic-based security analysis of personal networks
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

A survey of detection methods for XSS attacks
Abstract
Cross-site scripting attack (abbreviated as XSS) is an unremitting problem for the Web applications since the early 2000s. It is a code injection attack on the client-side where an attacker injects malicious payload into a vulnerable ...
Mitigating attacks in software defined networks
Abstract
Future network innovation lies in software defined networking (SDN). This innovative technology has revolutionised the networking world for half a decade and contributes to transform legacy network architectures. This transformation blesses the ...
A Philosophy of Security Architecture Design
Abstract
Digital systems are almost always vulnerable, yet we increasingly depend on these systems. There will be many threats towards these system. In a fully networked system, the vulnerabilities will literally be exposed to the whole world. The exposed ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

UbiComp '14 Adjunct: Proceedings of the 2014 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct Publication

September 2014

1409 pages

ISBN:9781450330473

DOI:10.1145/2638728

General Chairs:
AJ Brush
Microsoft Research
,
Adrian Friday
Lancaster University, UK
,
Program Chairs:
Julie Kientz
University of Washington
,
James Scott
Microsoft Research, UK
,
Junehwa Song
Korea Advanced Institute of Science and Technology (KAIST), KR

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

In-Cooperation

SIGSPATIAL: ACM Special Interest Group on Spatial Information

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 September 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

UbiComp '14

Sponsor:

UbiComp '14: The 2014 ACM Conference on Ubiquitous Computing

September 13 - 17, 2014

Washington, Seattle

Acceptance Rates

Overall Acceptance Rate 764 of 2,912 submissions, 26%

Upcoming Conference

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

0
Total Citations
149
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten