Mario Weber

Security challenges of the internet of things

Internet of things (furthermore IoT) by definition refers to a networked interconnection of devices in everyday use that are often equipped with ubiquitous intelligence. It is based on processing of large quantities of data in order to provide useful information/service and enables an efficient regulatory policy in the area of IoT. One of the key challenges for the realization of the IoT includes security challenges, especially in the area of privacy and confidentiality among management of heterogeneities and limitations of network capacities. Those challenges will be based on information security management systems as well as on legal foundations. When considering the legal framework of security and privacy of the IoT, it has to be determined which model of regulation should be applied. Thereby, no traditional government regulation is actually appropriate for a global system such as IoT. The most important foundation consequently will be the regulatory foundations of European union (on the territory of EU) and, consequently building the model of self-regulation based partly on state and mostly on law international agreements which are to be considered as tools to govern the IoT. This paper gives an insight into the most important security challenges related to implementation of IoT and building appropriate regulatory framework. Adoption of the regulatory framework is crucial for the development of IoT services due to adequate legal security companies will get.

Mobile entertainment using personal avatars

We present LiveMail, prototype system that allows mobile subscribers to communicate using personalized 3D face models created from images taken by their phone cameras. The user takes a snapshot of someones face - a friend, famous person, themselves, even a pet - using the mobile phones camera. After a quick manipulation on the phone, a 3D model of that face is created and can be animated simply by typing in some text. Speech and appropriate animation of the face are created by speech synthesis. Animations can be sent to others as short videos in MMS. They can be used as fun messages, greeting cards etc. The system is based on a client/server communication model. The clients are mobile devices or web clients so messages can be created, sent and received on the mobile phone or on a web page. The client has a user interface that allows the user to input a facial image and place a simple mask on it to mark the main features. The client then sends this data to the server that builds a personalized face model. The client also provides an interface that lets the user request the creation of animated messages using speech synthesis. The animations are created on the server. It is planned to have several versions of the client: Symbian, midlet-based, web-based, wap-based, etc. The server, Symbian client, midlet-based client and the web client have been implemented as prototypes. We present the system architecture and the experience gained building such a system.

Rule-based system for data leak threat estimation

User data has become a backbone of todays ICT services and applications, where various providers compete to provide better services to their users based on a personalized content. However, user data is simultaneously becoming a tempting target for malicious individuals who try to get the data and exploit it for their own financial gain. The necessity for high-quality data loss prevention is obvious to protect the users and to comply with new regulations of the European Union, specifically General Data Protection Regulation (GDPR) which imposes strict restrictions regarding manipulation of user data. There are various solutions available that try to monitor sensitive user data, identify it, and prevent such data from exiting the service or application domain. This paper proposes a stand-alone system for data leak detection and prevention based on a rule-engine and threat estimation. Unlike the most of the widely used solutions, the proposed system can be customized to a specific purpose, where each service provider can select which type of data should be monitored and blocked if a leak is suspected.

Challenges in Implementing a SIP-Based Application Server

As traditional communication networks move to IP-based protocols, SIP based applications are rapidly introduced bringing evolution to telecommunication services but also some new challenges. SIP is accepted by 3GPP as a signaling protocol in IMS, IP-based architecture which is expected to take over a main role from legacy SS7 networks. Services in IMS are provided by application servers and, while the number of services grows, it is essential to provide consistent and reliable charging mechanisms. This article aims to show challenges in implementing a SIP-based application server based on experiences of our team that worked on solution for application server which provides prepaid front-end functions, providing call control of prepaid sessions, allowing session based charging with unit reservation as well as event based charging, and other supporting prepaid functionalities such as self-care services for end-user. Application server can be used to charge various prepaid services but in this work we primarily analyzed aspects of charging voice calls and usage of voice supplementary services. Several issues observed during the implementation and possible solutions are discussed.