Murat Aydos

Relay Attacks on Bluetooth Authentication and Solutions

We describe relay attacks on Bluetooth authentication protocol. The aim of these attacks is impersonation. The attacker does not need to guess or obtain a common secret known to both victims in order to set up these attacks, merely to relay the information it receives from one victim to the other during the authentication protocol run. Bluetooth authentication protocol allows such a relay if the victims do not hear each other. Such a setting is highly probable. We analyze the attacks for several scenarios and propose practical solutions. Moreover, we simulate attacks to make sure about their feasibility. These simulations show that current Bluetooth specifications do not have defensive mechanisms for relay attacks. However, relay attacks create a significant partial delay during the connection that might be useful for detection.

Laboratory data quality control: A new cost-effective approach

In industrial and medical laboratories, prior to initiating the daily test procedure, the accuracy of the system is observed by measuring the reference control values. Measurements and test results may be below or above the reference value. Hence, the control data is employed in order to ensure that the test scores lie in the targeted range values, and the results obtained from the control data are evaluated via computer-based analysis. The results of the analysis have significant importance for control and improvement of process. Furthermore, the data to be analyzed may be the test results of a product as well as the measurement outcomes obtained from a laboratory. In this study, an algorithm named as Adaptive Precision Point Algorithm is proposed to evaluate the control data and to increase the stability by reducing the loss. In this schema, the contribution to the reduction of the total systematic error was observed by calculating the target working point and the Adaptive Precision Point deviations. Measurement outputs, in other terms the data, are processed in Adaptive Precision Point Algorithm. The algorithm determines a new adaptive working point for the incoming data by doing the required computations for precision working point. Moreover, the deviation between adaptive working point and the specified working point, which is defined according to the standards and rules, is calculated. By this way, adaptive working point is being utilized throughout the reduction of systemic errors. According to the results of the research, Adaptive Precision Point Algorithm eliminates the systematic errors on a large scale. The suggested algorithm provides results within the accepted quality deviation limits so it does not form a negativity in the understanding of quality. It is also observed that the algorithm sets a positive correlation between the minimized test results and reduction of time and material usage. Furthermore, the research and the algorithm offer a cost-effective solution. Consequently, the contribution and significance of the proposed algorithm can be understood in a better way by considering that it does not only maintain the quality limits but it also minimizes the cost and time spent during the testing of thousands of laboratory samples.

A New Approach to Utility-Based Privacy Preserving in Data Publishing

A fundamental problem in privacy-preserving data publishing is how to make the right trade-off between privacy risks and data utility. Anonymization techniques are used both to reduce privacy risks and to create anonymized dataset. The anonymized dataset can be grouped together into equivalence classes. The Equivalence Classes are classified into two groups based on the utility provided to the data recipients: Utility Equivalence Class (UEC) and Outlier Equivalence Class (OEC). The OEC contains records that have been fully suppressed by anonymization techniques resulting in no data utility. In this study, a new approach is proposed by reducing the number of outlier records in order to increase the data utility. In the proposed model, k-anonymity and l-diversity privacy models are used together to reduce the privacy risks. The Average Equivalence Class Size is used in measuring the data utility. According to the experimental results, the data utility is increased with the use of our proposed model while keeping the delicate balance between privacy risks and data usefulness.

Trustworthy scrum: Development of secure software with scrum

Software development process models focus on ordering and combination of phases to develop the intended software product within time and cost estimates. However, commonness of software vulnerabilities in the fielded systems show that there is a need for more stringent software development process that focuses on improved security demands. Meanwhile, there are some reports that demonstrate the efficiency of existing security enhanced conventional processes and success of agile projects over conventional waterfall projects. Based on this finding and the demand for secure software, we propose a security enhanced Scrum model (Trustworthy Scrum) by taking advantages of both security activities and Scrum framework which has fast adaptation and iterative cycle. While enhancing Scrum with security activities, we try to retain agile and security disciplines by considering that conventional security approach conflicts with agile methodologies.

Kısmi ve Tam Dönümlü Spektral Metotların Karşılaştırması

An analysis on the arithmetic complexity of recently proposed spectral modular arithmetic – in particular spectral modular multiplicationis presented through a step-by-step evaluation. Standart use of spectral methods in computer arithmetic instructs to utilize separated multiplication and reduction steps taking place in spectrum and time domains respectively. Such a procedure clearly needs full return (forward and backward) DFT calculations. On the other hand, by calculating some partial values on-the-fly, new methods adopt an approach that keeps the data in the spectrum at all times, including the reduction process. After comparing the timing performances of these approaches, it is concluded that full return algorithms perform better than the recently proposed methods.