Informatics Publishing Limited

Subhamoy Chakraborti ¹, Sugata Sanyal ²

Affiliations
1 AVP – IT, Magma Fincorp Limited, IN
2 School of Computing and Informatics, "Brain Trust" University of Louisiana at Lafayette, USA, US

Abstract

Internet of Things (IoT) is going to introduce billions of data collection and computing nodes all over the world in next few years. IoT would be impacting daily life in many ways by virtue of more granular field-level data collection via those nodes and thus delivering faster actions. One of the key challenges in IoT design decision is resource constraintwhich often limits the space, battery capacity, computing power available in each of the nodes. This presents an optimization problem with multiple objectives, with competing objectives. This paper proposes an algorithm based on Simulated annealing. Simulated Annealing is inspired by the physical annealing process which leads to a gradual movement towards a solution set. This paper proposes to use a variant of this mechanism to solve multi-objective optimization problems in IoT space to come out with a set of solutions which are nondominated from each other.

Keywords

Internet of Things, IoT, Simulated Annealing, Multiobjective Optimization Problem.

Full Text

   

Tuhin Borgohain ¹, Uday Kumar ², Sugata Sanyal ³

Affiliations
1 Department of Instrumentation Engineering, Assam Engineering College, Guwahati-13, IN
2 Tech Mahindra Limited, IN
3 Tata Consultancy Services, Mumbai, IN

Abstract

This paper is a general survey of all the security issues existing in the Internet of Things (IoT) along with an analysis of the privacy issues that an end-user may face as a consequence of the spread of IoT. The majority of the survey is focused on the security loopholes arising out of the information exchange technologies used in Internet of Things. No countermeasure to the security drawbacks has been analyzed in the paper.

Keywords

Denial of Service, RFID, WSN, Internet of Things, DDoS Attack.

Full Text

   

Tuhin Borgohain ¹, Amardeep Borgohain ², Uday Kumar ³, Sugata Sanyal ⁴

Affiliations
1 Department of Instrumentation Engineering, Assam Engineering College, Guwahati, IN
2 Department of Electrical Engineering, Assam Engineering College, Guwahati, IN
3 Tech Mahindra Limited, Chennai, IN
4 Tata Consultancy Services, Mumbai, IN

Abstract

This paper analyzes the various authentication systems implemented for enhanced security and private reposition of an individual's login credentials. The first part of the paper describes the multi-factor authentication (MFA) systems, which, though not applicable to the field of Internet of Things, provides great security to a user's credentials. MFA is followed by a brief description of the working mechanism of interaction of third party clients with private resources over the OAuth protocol framework and a study of the delegation based authentication system in IP-based IoT.

Keywords

Authentication, Authorization, OAuth, SASL.

Full Text

   

Amal Saha ¹, Sugata Sanyal ²

Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN

Abstract

The information technology and security stakeholders like CIOs, CISOs and CTOs in financial services organization are often asked to identify the risks with mobile computing channel for financial services that they support. They are also asked to come up with approaches for handling risks, define risk acceptance level and mitigate them. This requires them to articulate strategy for supporting a huge variety of mobile devices from various vendors with different operating systems and hardware platforms and at the same time stay within the accepted risk level. These articulations should be captured in information security policy document or other suitable document of financial services organization like banks, payment service provider, etc. While risks and mitigation approaches are available from multiple sources, the senior stakeholders may find it challenging to articulate the issues in a comprehensive manner for sharing with business owners and other technology stakeholders. This paper reviews the current research that addresses the issues mentioned above and articulates a strategy that the senior stakeholders may use in their organization. It is assumed that this type of comprehensive strategy guide for senior stakeholders is not readily available and CIOs, CISOs and CTOs would find this paper to be very useful.

Keywords

Root-Of-Trust, Device Fingerprinting, Web Application Firewall, Application Ipds, Information Security Policy Document, Secure Mobile Computing, Virtualization, Sandboxing.

Full Text

   

Amal Saha ¹, Sugata Sanyal ²

Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN

Abstract

There have been numerous works on network intrusion detection and prevention systems, but work on application layer intrusion detection and prevention is rare and not very mature. Intrusion detection and prevention at both network and application layers are important for cyber-security and enterprise system security. Since application layer intrusion is increasing day by day, it is imperative to give adequate attention to it and use state-of-the-art algorithms for effective detection and prevention. This paper talks about current state of application layer intrusion detection and prevention capabilities in commercial and open-source space and provides a path for evolution to more mature state that will address not only enterprise system security, but also national cyber-defence. Scalability and cost-effectiveness were important factors which shaped the proposed solution.

Keywords

OWASP, Application Layer Intrusion Detection and Prevention, Cyber-Security, Machine Learning.

Full Text

   

Subhamoy Chakraborti ¹, D. P. Acharjya ², Sugata Sanyal ³

Affiliations
1 Magma Fincorp Limited, IN
2 School of Computing Science and Engineering, VIT University, Vellore, IN
3 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN

Abstract

Enterprise Mobility has been increasing the reach over the years. Initially Mobile devices were adopted as consumer devices. However, the enterprises world over have rightly taken the leap and started using the ubiquitous technology for managing its employees as well as to reach out to the customers. While the Mobile ecosystem has been evolving over the years, the increased exposure of mobility in Enterprise framework have caused major focus on the security aspects of it. While a significant focus have been put on network security, this paper discusses on the approach that can be taken at Mobile application layer, which would reduce the risk to the enterprises.

Keywords

Enterprise Mobility, Mobile Computing, Mobility, Security.

Full Text

   

Subhamoy Chakraborti ¹, Sugata Sanyal ²

Affiliations
1 Magma Fincorp Limited, IN
2 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN

Abstract

All over the world, the population in rural and semi-urban areas is a major concern for policy makers as they require technology enablement most to get elevated from their living conditions. Financial Inclusion projects are meant to work in this area as well. However the reach of financial institutions in those areas is much lesser than in urban areas in general. New policies and strategies are being made towards making banking services more accessible to the people in rural and semi-urban area. Technology, in particular Internet of Things (IoT) and Mobilitycan play a major role in this context as an enablerand multiplier. This paper discusses about an IoT and Mobility driven approach, which the Financial Institutions may consider while trying to work on financial inclusion projects.

Keywords

Financial Inclusion, Internet of Things, IoT, Mobile Computing, Mobility, Enterprise Mobility, Financial Institution, NBFC, Microfinance.

Full Text

   

Tuhin Borgohain ¹, Uday Kumar ², Sugata Sanyal ³

Affiliations
1 Department of Instrumentation Engineering, Assam Engineering College, Guwahati, IN
2 Tech Mahindra Limited, Chennai, IN
3 Corporate Technology Office, Tata Consultancy Services, Mumbai, IN

Abstract

This paper is a comprehensive survey of the various operating systems available for the Internet of Things environment. At first the paper introduces the various aspects of the operating systems designed for the IoT environment where resource constraint poses a huge problem for the operation of the general OS designed for the various computing devices. The latter part of the paper describes the various OS available for the resource constraint IoT environment along with the various platforms each OS supports, the software development kits available for the development of applications in the respective OS'es along with the various protocols implemented in these OS'es for the purpose of communication and networking.

Keywords

IDE, IP, SDK, WSN, IoT.

Full Text

   

Amal Saha ¹, Sugata Sanyal ²

Affiliations
1 Tata Institute of Fundamental Research (TIFR), Mumbai, IN
2 Tata Consultancy Services (TCS), Mumbai, IN

Abstract

Payment transactions initiated through a mobile device are growing and security concerns must be addressed. People coming from payment card industry often talk passionately about porting ISO 9564 PIN standard based authentication in open-loop card payment to closed-loop mobile financial transactions and certification of closed-loop payment product or solution against this standard. In reality, so far this standard has not been adopted in closed-loop mobile payment authentication and applicability of this ISO standard must be studied carefully before adoption. The authors do a critical analysis of the applicability of this ISO specification and make categorical statement about relevance of compliance to closed-loop mobile payment. Security requirements for authentication in closed-loop mobile payment systems are not standardised through ISO 9564 standard, Common Criteria [3], etc. Since closed-loop mobile payment is a relatively new field, the authors make a case for Common Criteria Recognition Agreement (CCRA) or other standards organization to push for publication of a mobile device-agnostic Protection Profile or standard for it, incorporating the suggested authentication approaches.

Keywords

ISO 9564 PIN Based Authentication, Card-Present and Card-Not-Present Transactions, Open-Loop and Closed-Loop Payments, Mobile Payment, Stored-Value-Account, Common Criteria Protection Profile, Device Fingerprinting, m-PIN (Mobile PIN), One Time Password (OTP), Android Application component called Service, Backend Service.

Full Text

   

Rajdeep Borgohain ¹, Sugata Sanyal ²

Affiliations
1 Department of Computer Science and Engineering, Dibrugarh University Institute of Engineering and Technology, Dibrugarh, Assam, IN
2 School of Technology and Computer Science, Tata Institute of Fundamental Research, Mumbai, IN

Abstract

In this paper, we discuss the implementation of a rule based expert system for diagnosing neuromuscular diseases. The proposed system is implemented as a rule based expert system in JESS for the diagnosis of Cerebral Palsy, Multiple Sclerosis, Muscular Dystrophy and Parkinson's disease. In the system, the user is presented with a list of questionnaires about the symptoms of the patients based on which the disease of the patient is diagnosed and possible treatment is suggested. The system can aid and support the patients suffering from neuromuscular diseases to get an idea of their disease and possible treatment for the disease.

Keywords

Expert System, Neuromuscular Diseases, RETE algorithm, Artificial Intelligence, JESS.

Full Text

   

Nitish Balachandran ¹, Sugata Sanyal ²

Affiliations
1 Department of Computer Science and Information Systems, BITS, Pilani, IN
2 School of Technology and Computer Science, Tata Institute of Fundamental Research, Mumbai, IN

Abstract

Any decentralised distributed network is particularly vulnerable to the Sybil attack wherein a malicious node masquerades as several different nodes, called Sybil nodes, simultaneously in an attempt to disrupt the proper functioning of the network. Such attacks may cause damage on a fairly large scale especially since they are difficult to detect and there has been no universally accepted scheme to counter them as yet. In this paper, we discuss the different kinds of Sybil attacks including those occurring in peer-to-peer reputation systems, selforganising networks and even social network systems. In addition, various methods that have been suggested over time to decrease or eliminate their risk completely are also analysed along with their modus operandi.

Keywords

MANET, Security, Sybil Attack, Defence.

Full Text