Theo Tryfonas

Living Labs, Innovation Districts and Information Marketplaces: A Systems Approach for Smart Cities☆

Abstract In the past few years many groundbreaking promises have been made about the potential of the Smart City. The future of cities relies perceivably on ubiquitous sensing, and anytime-anywhere information access and control. However, city leaders are still struggling to identify the quantifiable sources of value that novel ICT can generate. Current Smart City investment is characterized by relatively small demonstrators that often lack the scalability to have real and long lasting impacts on the economy. In this paper we adopt the view of a Smart City as an information marketplace and look at how we might use existing and tested concepts of fostering technology innovation to support city leaders in navigating this unknown territory. In particular we use systems thinking to scope how the concepts of the ‘Living Lab’ and the ‘Innovation District’ can work together in a complementary fashion to create a candidate model for the implementation of the Smart City.

A pilot study on the security of pattern screen-lock methods and soft side channel attacks

Graphical passwords that allow a user to unlock a smartphones screen are one of the Android operating systems features and many users prefer them instead of traditional text-based codes. A variety of attacks has been proposed against this mechanism, of which notable are methods that recover the lock patterns using the oily residues left on screens when people move their fingers to reproduce the unlock code. In this paper we present a pilot study on user habits when setting a pattern lock and on their perceptions regarding what constitutes a secure pattern. We use our surveys results to establish a scheme, which combines a behaviour-based attack and a physical attack on graphical lock screen methods, aiming to reduce the search space of possible combinations forming a pattern, to make it partially or fully retrievable.

A Distributed Consensus Algorithm for Decision Making in Service-Oriented Internet of Things

In a service-oriented Internet of things (IoT) deployment, it is difficult to make consensus decisions for services at different IoT edge nodes where available information might be insufficient or overloaded. Existing statistical methods attempt to resolve the inconsistency, which requires adequate information to make decisions. Distributed consensus decision making (CDM) methods can provide an efficient and reliable means of synthesizing information by using a wider range of information than existing statistical methods. In this paper, we first discuss service composition for the IoT by minimizing the multi-parameter dependent matching value. Subsequently, a cluster-based distributed algorithm is proposed, whereby consensuses are first calculated locally and subsequently combined in an iterative fashion to reach global consensus. The distributed consensus method improves the robustness and trustiness of the decision process.

The Internet of Things: a security point of view

Purpose – The purpose of this paper is to provide an in-depth overview of the security requirements and challenges for Internet of Things (IoT) and discuss security solutions for various enabling technologies and implications to various applications. Design/methodology/approach – Security requirements and solutions are analysed based on a four-layer framework of IoT on sensing layer, network layer, service layer, and application layer. The cross-layer threats are analysed followed by the security discussion for the enabling technologies including identification and tracking technologies, WSN and RFID, communication, networks, and service management. Findings – IoT calls for new security infrastructure based on the new technical standards. As a consequence, new security design for IoT shall pay attention to these new standards. Security at both the physical devices and service-applications is critical to the operation of IoT, which is indispensable for the success of IoT. Open problems remain in a number o...

Complexity Metrics and User Strength Perceptions of the Pattern-Lock Graphical Authentication Method

One of the most popular contemporary graphical password approaches is the Pattern-Lock authentication mechanism that comes integrated with the Android mobile operating system. In this paper we investigate the impact of password strength meters on the selection of a perceivably secure pattern. We first define a suitable metric to measure pattern strength, taking into account the constraints imposed by the Pattern-Lock mechanisms design. We then implement an app via which we conduct a survey for Android users, retaining demographic information of responders and their perceptions on what constitutes a pattern complex enough to be secure. Subsequently, we display a pattern strength meter to the participant and investigate whether this additional prompt influences the user to change their pattern to a more effective and complex one. We also investigate potential correlations between our findings and results of a previous pilot study in order to detect any significant biases on setting a Pattern-Lock.

Security by Compliance? A Study of Insider Threat Implications for Nigerian Banks

This work explores the behavioural dimension of compliance to information security standards. We review past literature, building on different models of human behaviour, based on relevant theories like deterrence theory and the theory of planned behaviour. We conduct a survey of IT professionals, managers and employees of selected banks from Nigeria as part of a sector case study focussed in this region. Our findings suggest that security by compliance as a campaign to secure information assets in the Nigerian financial institution is a farfetched approach. In addition to standards, banking regulators should promote holistic change of security culture across the sector. Based on an established model of Information Security Governance Framework, we propose how information security may be embedded into organisation security culture in that context.

Migrating to the cloud:lessons and limitations of 'traditional' IS success models

Abstract This paper uses the ‘traditional’ Information Systems (IS) success model literature (e.g. Grover, DeLone and McLean, Seddon, Alter etc.) as the starting point for developing a new model intended to support better outcomes when migrating/porting an IS functionality to a cloud. In simple terms ‘cloud’ refers to an IS functionality accessed (rented) by users through a thin client (web browser, mobile applications, etc.) while the software, hardware and data are stored on remote servers. Its popularity as an approach reflects claims that such ‘shared resources’ model (akin to a utility like the electricity grid) will allow organisation to access more advanced and flexible IS services at a lower aggregate cost. This paper argues that cloud migration requires organisations to consider a range of additional success factors, including how to accommodate new delivery modes (e.g. different pricing models) and manage new risks (e.g. data out side organisational firewalls, etc). Despite burgeoning interest in the topic, specific empirical research and, more importantly, specific practitioner guidance remains limited. This paper therefore concludes by presenting a preliminary conceptual model (informed by Systems Thinking) along with steps to operationalise it and suggests empirical options to test this model.

Life-logging in smart environments: Challenges and security threats

As the world becomes an interconnected network in which objects and humans interact, new challenges and threats appear. In this interconnected world, smart objects seam to have an important role in giving users the chance for life-logging in smart environments. However, the limitation of smart devices with regard to memory, resources and computation power, hinder the opportunity to apply well-established security algorithms and techniques for secure life-logging on the Internet of Things domain. As the need for secure and trustworthy life-logging in smart environments is vital, a lightweight approach has to be considered to overcome the constraints of smart objects. The purpose of this paper is to detail current topics of life-logging in smart environments while describing interconnection issues, security threats and suggesting a lightweight framework for ensuring security, privacy and trustworthy life-logging.

The Smart City from a Public Value Perspective

This paper explores whether it is useful to view the fundamental ideas behind the smart city concept through the lens of the ‘Public Value Management’ (PVM) paradigm. It investigates how appropriate ICT investment in cities might be articulated and valued through the concept of PVM. In order to achieve this, it explores the core concepts found in the PVM literature, and draws key connections to the smart city

Using penetration testing feedback to cultivate an atmosphere of proactive security amongst end‐users

Purpose – The purpose of this case study paper is to demonstrate that, no matter how complex computer security systems are, effort should be concentrated and focused on employees to improve their security awareness. Each employee needs to become a “Security Deputy” to the companys computer security staff and he or she needs to take some responsibility for preventing security breaches – whether inside the workplace or not. It is easy to unwittingly spread a virus, or open security vulnerabilities, and such actions might damage a companys systems perhaps even more than malicious employees, through simple ignorance of security issues.Design/methodology/approach – A series of surveys and questionnaires were designed along with practical exercises and security awareness training sessions.Findings – Following their involvement in the exercises and awareness training, employees demonstrated improvement in security awareness. Users were made explicitly aware of the realities of IT security with pertinent questi...