Manmeet Mahinderjit Singh

WEARABLE TECHNOLOGY DEVICES SECURITY AND PRIVACY VULNERABILITY ANALYSIS

Wearable Technology also called wearable gadget, is acategory of technology devices with low processing capabilities that can be worn by a user with the aim to provide information and ease of access to the master devices its pairing with. Such examples are Google Glass and Smart watch. The impact of wearable technology becomes significant when people start their invention in wearable computing, where their mobile devices become one of the computation sources. However, wearable technology is not mature yet in term of device security and privacy acceptance of the public. There exists some security weakness that prompts such wearable devices vulnerable to attack. One of the critical attack on wearable technology is authentication issue. The low processing due to less computing power of wearable device causethe developers inability to equip some complicated security mechanisms and algorithm on the device.In this study, an overview of security and privacy vulnerabilities on wearable devices is presented.

RFID-Enabled Smart Attendance Management System

The existing conventional attendance system requires students to manually provide their signature on the attendance sheet. The drawback of this conventional method is the loss of time in jotting down the attendance, leading to human error and cheating issues and the inability of capturing and storing the attendance record for other essential university activities. In this project, Radio Frequency Identification (RFID)-enabled Smart Attendance Management System (RFID-SAMS) will be designed to cater to the limitation of the conventional attendance system. The RFID-SAMS system function to enrolled students and staff data and course related information, record and monitor students’ attendance and their movement during any courses attended. Its ability to uniquely identify each person based on their RFID tag type of ID card make the process of taking the attendance easier, faster and secure as compared to conventional method. The uniqueness of RFID-SAMS is the capability to detect any duplication RFID event readings and miss readings. In addition, this system has been enhanced to cater the latest ubiquitous technology such as the mobile devices, which are Window Phone and Windows Surface RT. The overall system provides an efficient, accurate and portability solution and work well for the real-life attendance environment within the university.

Hybrid Trust Framework for Loss of Control in Cloud Computing

Today cloud computing is prone to security and privacy threats. Decrement in security within clouds contributes to a loss of clients-confidence, lack of control and loss of trustworthiness in cloud service providers. Loss of control occurs when clients lose their control over their own resources in the hand of service provider. As lack of authentication and access control placed by providers, loss of control contributes to greater security concern. In this research, a novel trust framework is proposed which focus on tackling the loss of central concern by granting back control to the cloud clients in ensuring their service provider environments fully secure and trustworthy. Secondly, the trust model also functions in ensuring that both client and service providers transaction follows set of security mechanism in place. The results proved that both trust need to be enforced is any cloud. Thus the proposed trust model contributes as a mean to solve the security challenges known as loss of control.

Advanced Persistent Threat Mitigation Using Multi Level Security --- Access Control Framework

Bring Your Own Device BYOD concept has become popular amongst organization. However, due to its portability and information available through social network, BYOD has become susceptible to information stealing attacks such as Advanced Persistent Threat APT attack. APT attack uses tricky methods in getting access into the targets machine and mostly motives and stand as a threat to politics, corporate, academic and even military. Various mitigation techniques have been proposed in tackling this attack but, most of them are relying on available information of the attacks and does not provide data protection. Hence, it is challenging in providing protection against APT attack. In this paper, we will investigate on the available mitigation techniques and its problems in tackling APT attack by looking on the root cause of the attack inside BYOD environment. Lastly, based on the information obtained we will propose a new framework in reducing APT attack.

Security and Privacy Risks Awareness for Bring Your Own Device (BYOD) Paradigm

The growing trend of BYOD in the higher education institutions creates a new form of student learning pedagogy in which students are able to use the mobile devices for their academic purposes in anywhere and anytime. Security threat in the paradigm of BYOD creates a great opportunity for hackers or attackers to find new attacks or vulnerabilities that could possibly exploit the students’ mobile devices and gains valuable data from them. A survey was conducted in learning the current awareness of security and privacy importance in BYOD for higher education in Malaysia. Based on the analysis of this survey, it demonstrates that the trend of BYOD in Malaysia has begun. Thoroughly, the survey results have been proven that the current basic fundamental security and privacy awareness and knowledge on mobile devices or applications is important in order to protect their mobile devices or data.

Symbolism in Computer Security Warnings: Signal Icons & Signal Words

Security warning is often encountered by the end users when they use their system. It is a form of communication to notify the users of possible consequences in the future. These threats have always been evolved with the advancement of technologies. The attacks threaten the end users with many harmful effects such as malware attacks. However, security warning keeps being ignored due to various reasons. One of the reasons is lack of attention towards warnings. The end users feels burden and treat security task as a secondary rather than primary task. To divert user’s mind to read and comprehend the security warnings, it is important to capture the user’s attention. Signal words and signal icons are important in the security warning as it is the elements that could help user to heed the warnings. A survey study has been conducted with 60 participants in regards to the perception towards attractiveness and understanding of the signal words and icons. It can be revealed that end users significantly feel that the icon with the exclamation marks is attractive and easy to understand. However, only one of three hypotheses is proven to be significant.

INdoor-OuTdoor Elderly CAring SystEm (NOTECASE)

Dementia is a term for diseases or conditions caused memory loss issues. Age society often suffers from common problems such as Alzheimers disease that disrupts their daily life. Moreover, it restricted their activity area, safety and freedom in their daily life. Hence, a tracking system is good for their relatives or guardian to track their location and path. When the population of aged society increases and the number of elders being lost increases, current tracking and monitoring systems are unable to satisfy the needs of the community. Hence, a smart tracking and monitoring system that automatically tracks and monitor these elderly person is required. INdoor-OuTdoor Elderly CAring SystEm (NOTECASE) is a real-time tracking and monitoring system that utilizes the RFID, Wi-Fi, and Global Location Positioning System (GPS) aim to track and monitor the aged society, both within indoors and outdoors environment. A mobile and web-based application is developed and the architecture of the whole implementation is presented. This paper provides detailed background study, methods, implementations, results and conclusion of the NOTECASE.

SQL injections attack and session hijacking on e-learning systems

E-learning enables acquisition of knowledge and information through technologies such as computers, smartphones, tablets and wide area networks. The existence of e-learning does contribute in the field of education field such as in the university because its improve the education quality and distributing and sharing of teaching material efficiently. However, due to the open-network in which e-learning tools resides, it is prone to various security attacks. In this paper, we will classify e-learning technology security based attacks into classification via active and passive attacks. Next, two major attacks which is the SQL injection attack and session hijacking is explored in-depth. Case study for each attack to investigate the vulnerabilities in e-learning system and mechanism of solutions to tackle this attack is also presented. An evaluation of the proposed solutions against the X.800 security architecture is done at the end of the study.

Smart Home using Microelectromechanical Systems (MEMS) Sensor and Ambient Intelligences (SAHOMASI)

Smart home is a home that has a set of electrical appliances connected to a network can be remotely controlled, accessed and monitored. Smart home normally is used to fine-tune human’s daily life. However, the main problem is when different devices such as sensors and electrical appliances produced by different manufacturers being used in a smart home. Each device produced by different manufacturer might come with their own set of communication protocol. Therefore, it is important to have a standardized communication protocol for interconnecting and remotely controlling those devices to ensure data can be transmitted to each other. This project aims to present the Smart Home using MEMS Sensor and Ambient Intelligence (SAHOMASI) where in this paper, a standardized communication protocol is proposed to overcome the above problem. The features of the system includes monitoring elderly’s activities, detect fall and sending email to caregiver upon abnormal activity or fall detected.

APTGuard : Advanced Persistent Threat (APT) Detections and Predictions using Android Smartphone

Advanced Persistent Threat (APT) is an attack aim to damage the system’s data from the aspect of confidentiality and integrity. APT attack has several variants of attacks such social engineering techniques via spear phishing, watering hole and whaling. APTGuard exhibits the ability to predict spear phishing URLs accurately using ensemble learning that combines decision tree and neural network. The URL is obtained from the SMS content received on the smart phones and sent to the server for filtering, classifying, logging and finally informing the administrator of the classification outcome. APTGuard can predict and detect APT from spear phishing but it does not have the ability of automated intervention on the user receiving the spear phishing URL. As a result, APTGuard is capable to extract the features of the URL and then classify it accordingly using ensemble learner which combines decision tree and neural network accurately.