Ilung Pranata

Exploiting the Error Correction Mechanism in QR Codes for Secret Sharing

This paper investigates a novel approach to secret sharing using QR codes. The proposed QR code secret sharing approach exploits the error correction mechanism inherent in the QR code structure, to distribute and encode information about a secret message in a number of shares. Each share in the scheme is constructed from a cover QR code, and each share itself is a valid QR code which can be scanned and decoded by a QR code reader. The secret message can be recovered by combining the information contained in the QR code shares. Since each share is a valid QR code, the proposed scheme has the advantage of reducing the likelihood of attracting the attention of potential attackers. In addition, the shares can be distributed via public channels without raising suspicion. Moreover, shares do not have to be stored or transmitted electronically, as QR codes can be distributed via printed media.

Modeling Decentralized Reputation-Based Trust for Initial Transactions in Digital Environments

The advent of digital environments has generated significant benefits for businesses, organizations, governments, academia and societies in general. Today, over millions of transactions take place on the Internet. Although the widespread use of digital environments has generally provided opportunities for societies, a number of threats have limited their adoption. The de-facto standard today is for certification authorities to authenticate the identity of service providers while trust on the provided services is implied. This approach has certain shortcomings, for example, single point of failure, implied trust rather than explicit trust and others. One approach for minimizing such threats is to introduce an effective and resilient trust mechanism that is capable of determining the trustworthiness of service providers in providing their services. Determining the trustworthiness of services reduces invalid transactions in digital environments and further encourages collaborations. Evaluating trustworthiness of a service provider without any prior historical transactions (i.e. the initial transaction) pose a number of challenging issues. This article presents TIDE - a decentralized reputation trust mechanism that determines the initial trustworthiness of entities in digital environments. TIDE improves the precision of trust computation by considering raters’ feedback, number of transactions, credibility, incentive to encourage raters’ participation, strategy for updating raters’ category, and safeguards against dynamic personalities. Furthermore, TIDE classifies raters into three categories and promotes the flexibility and customization through its parameters. Evaluation of TIDE against several attack vectors demonstrates its accuracy, robustness and resilience.

SECURING AND GOVERNING ACCESS IN AD-HOC NETWORKS OF INTERNET OF THINGS

The emergence of Internet of Things (IoT) brings tremendous benefits and opportunities for individuals and businesses. However, there exist several challenges that need to be addressed before a full realization of IoT can be achieved. Fundamentally, IoT enables constant transfer and sharing of data between several “things” (i.e. humans and objects) in order to achieve particular objectives. In such sharing environments, security and privacy of data and messages become important. Authentication, authorization. access control, non-repudiation are important to ensure secure communication in an IoT environment. The lack of computing resources (such as processing power, storage, etc.) and ad-hoc nature of such networks requires researcher to re-think existing techniques to adopt to such environments. In this paper, we propose a framework for authentication, authorization and access control for an IoT environment using capability tokens, PKI and encryption which aims to use minimal computing resources.

TIDE: measuring and evaluating trustworthiness and credibility of enterprises in digital ecosystem

In this paper, we investigate the effectiveness and appropriateness of several existing trust management systems for a Digital Ecosystem (DE) environment. DE is characterized as an open and dynamic environment where the interaction and collaboration between its entities are highly promoted. A major requirement to promote such intensive interaction and collaboration is the ability of an entity to measure the trustworthiness of other entities in performing honest transactions. However, most of the proposed trust management solutions do not provide an adequate mechanism for computing the trustworthiness values into its exact measurement. In addition, the appropriateness of these solutions to meet the unique DE characteristics is still in deficient level. Therefore, we propose a distributed trust model for individual enterprises to effectively derive the trustworthiness value of an entity. This would allow them to decide which entities are trustworthy and which entities are not. This model also allows the enterprises to progressively understand the credibility of their recommender entities.

A community based authentication and authorisation mechanism for digital ecosystem

In this paper, we present a distributed mechanism for elevating resource protection in a Digital Ecosystem environment. The dynamic interaction and collaboration between Digital Ecosystem entities poise several main challenges in protecting the resources and information. First, a strong mechanism is needed to ensure only the authentic entities that are able to access the resources. Second, this mechanism must also maintain the confidentiality and integrity of resources over the untrusted network. Unfortunately, the existing mechanisms which focus on providing a centralized protection facade several issues ranging from single point failure to huge administrative burden. Therefore, we present a distributed mechanism to address these challenges. The inclusivity of community based trust approach in our mechanism further promotes its applicability to the Digital Ecosystem environment, on which it is heavily driven by the interacting entities. Public Key Infrastructure is employed to provide a strong protection during its access workflow.

Managing enterprise authentication and authorization permissions in digital ecosystem

Intense interactions between resource providers and resource consumers in collaborating and sharing their resources frequently occur in an open and dynamic Digital Ecosystem environment. Such interactions contribute to several challenges in cyber security, particularly in protecting enterprise resources from various malicious attacks. The main challenge that occurs in protecting these resources is the ability to manage multiple unique authorization permissions over the enterprise resources. Unfortunately, the inadequacies of the current security mechanisms in addressing these challenges result in a slower implementation of a potentially highly beneficial Digital Ecosystem environment. Therefore, this paper proposes a distributed mechanism for individual enterprise’ to manage its own authorization process and resource access permissions, with the aim of providing rigorous protection of the enterprise resources in question.

Are the most popular users always trustworthy? The case of Yelp

Abstract Consumer ratings play a pivotal role in making purchase decision and are now part of daily decision making. Yet, there always be a concern on the credibility of these ratings. Numerous incidents have occurred in the past where businesses gave incentives to the raters to provide fraud and non-credible reviews. We, as average users, tend to believe recommendations given by people with whom we have close relationship, such as family or friends. In the absence of people that we can inherently trust, we tend to consider ratings that come from popular raters more seriously. This is particularly true in the online environments where many raters are unknown to us. However, we can never be sure how trustworthy these popular raters are when providing their ratings and reviews. This paper investigates the credibility of the most popular users in giving trustworthy ratings on a popular consumer reviews platform Yelp. We begin by identifying and grouping the most popular users. We then collect all ratings of the businesses that this group of users has rated. Endogenous statistical techniques are employed to determine the trustworthiness of each popular user’s rating and to discount the unfair ratings. By analyzing and comparing the rating given by each popular user with the computed business’ trust rating, we collect statistics that found the most popular users are not always trustworthy in providing their ratings and their percentage of rating trustworthiness.

Determining Trustworthiness and Quality of Mobile Applications

The growth of “smart” mobile devices, such as smartphones and tablets, has been exponential over the past few years. Such growth was mainly attributed to the development of mobile applications. To date, mobile applications have been increasingly used to improve our productivity and also to provide the entertainment contents. However, with a huge number of mobile applications that appear in the application stores; in particular those that provide similar functionalities, users are often confused with the selection of trustworthy and high quality mobile applications. At the current state, there is a limited research embarked to provide solutions for measuring the trustworthiness of mobile applications prior to download. Thus, the aims of this paper are to review the current research in this area and to discuss several issues in measuring the trustworthiness of mobile applications. In addition, this paper also proposes MobilTrust, a similarity trust measurement method to solve the identified issues.

A survey on the usability and effectiveness of web-based trust rating systems

In Todays online environment, it is hard to measure the trustworthiness of seller/product. However, such trustworthiness is crucial to be determined in order to generate buyers confidence prior to transaction. There exist a number of web-based trust rating systems that assist buyers in determining the trust level of seller/product. These systems have been widely used in many e-commerce websites and in online forums. Further, they have varying types of trust measurements and user interfaces. Although many users have used these systems when performing online transactions or activities, the usability and effectiveness of these trust rating systems are still largely unknown. Thus, the major aim of this paper is to investigate these issues, in particular to discover the most and least preferred trust rating systems from users perspective, the influence of ratings, and the effectiveness of these online trust rating systems.

A Distributed Secure Mechanism for Resource Protection in a Digital Ecosystem Environment

The dynamic interaction and collaboration of the loosely coupled entities play a pivotal role for the successful implementation of a Digital Ecosystem environment. However, such interaction and collaboration can only be promoted when information and resources are effortlessly shared, accessed, and utilized by the interacting entities. A major requirement to promote an intensive sharing of resources is the ability to secure and uphold the confidentiality, integrity and non-repudiation of resources. This requirement is extremely important in particular when interactions with the unfamiliar entities occur frequently. In this paper, we present a distributed mechanism for improving resource protection in a Digital Ecosystem environment. This mechanism can be used not only for any secure and reliable transaction, but also for encouraging the collaborative efforts by the Digital Ecosystem community members to play a major role in securing the environment. Public Key Infrastructure is also employed to provide a strong protection for its access workflows.