Systems Development Methodology for Mobile Commerce Applications

There are several methodologies, including traditional and agile methodologies, being utilized in current systems development. However, it could be argued that existing development methodologies may not be suitable for mobile commerce applications, as these applications are utilized in different contexts from fixed e-commerce applications. This study proposes a system development methodology for mobile commerce applications. In order to achieve this aim, four objectives are proposed: investigating existing systems development methodologies used to develop mobile commence applications, identifying strengths and weaknesses of existing development methodologies, construction of a suitable methodology for mobile commerce applications, and testing for its applicability and practicality. The research methodology used in the study is the design research, which includes the steps of awareness of problems, suggestion, development, evaluation and conclusion. However, this paper only focuses on the first two phases of the whole study, which are awareness of the problem and making suggestions, while the evaluation and conclusion will be conducted as future works.

An Integrated Approach for the Enforcement of Contextual Permissions and Pre-Obligations

Pre-obligations denote actions that may be required before access is granted. The successful fulfillment of pre-obligations leads to the authorization of the requested access. Pre-obligations enable a more flexible enforcement of authorization policies. This paper formalizes interactions between the obligation and authorization policy states when pre-obligations are supported and investigates their use in a practical scenario. The main advantage of the presented approach is that it gives pre-obligations both declarative semantics using predicate logic and operational semantics using Event-Condition-Action (ECA) rules. Furthermore, the presented framework enables policy designers to easily choose to evaluate any pre-obligation either (1) statically (an access request is denied if the pre-obligation has not been fulfilled); or (2) dynamically (users are given the possibility to fulfill the pre-obligation after the access request and before access is authorized).

Threat and Risk-Driven Security Requirements Engineering

In this paper, the author aim to present a threat and risk-driven methodology to security requirements engineering. The chosen approach has a strong focus on gathering, modeling, and analyzing the environment in which a secure ICT-system to be built is located. The knowledge about the environment comprises threat and risk models. As presented in the paper, this security-relevant knowledge is used to assess the adequacy of security mechanisms, which are then selected to establish security requirements.

An Energy-Efficient Multilevel Clustering Algorithm for Heterogeneous Wireless Sensor Networks

Wireless Sensor Networks (WSNs) are generally believed to be homogeneous, but some sensor nodes of higher energy can be used to prolong the lifetime and reliability of WSNs. This gives birth to the concept of Heterogeneous Wireless Sensor Networks (HWSNs). Clustering is an important technique to prolong the lifetime of WSNs and to reduce energy consumption as well, by topology management and routing. HWSNs are popular in real deployments (Corchado et al., 2010), and have a large area of coverage. In such scenarios, for better connectivity, the need for multilevel clustering protocols arises. In this paper, the authors propose an energy-efficient protocol called heterogeneous multilevel clustering and aggregation (HMCA) for HWSNs. HMCA is simulated and compared with existing multilevel clustering protocol EEMC (Jin et al., 2008) for homogeneous WSN. Simulation results demonstrate that the proposed protocol performs better.

Cooperative Caching in Mobile Ad Hoc Networks

Mobile ad hoc network (MANET) presents a constrained communication environment due to fundamental limitations of client’s resources, insufficient wireless bandwidth and users’ frequent mobility. MANETs have many distinct characteristics which distinguish them from other wireless networks. Due to frequent network disconnection, data availability is lower than traditional wired networks. Cooperative caching helps MANETs in alleviating the situation of non availability of data. In this paper, the authors present a scheme called global cluster cooperation (GCC) for caching in mobile ad hoc networks. In this scheme, network topology is partitioned into non-overlapping clusters based on the physical network proximity. This approach fully exploits the pull mechanism to facilitate cache sharing in a MANET. Simulation experiments show that GCC mechanism achieves significant improvements in cache hit ratio and average query latency in comparison with other caching strategies.

A Proposal for Enhancing the Mobility Management in the Future 3GPP Architectures

The management of the mobility between radio networks composed of heterogeneous radio technologies, called inter-access mobility management, provides the capability to tie together heterogeneous radio networks into an integrated network. The 3GPP architectures with well-designed inter-access mobility management capabilities are a part of the solution to cope with the growth of the mobile data traffic. This paper reviews the 3GPP architectures to highlight those with these capabilities. In order to evaluate if the mobility management is well-designed into these architectures, the authors describe the phases making up the management of the mobility and design an evaluation grid to assess the integration of these phases into the highlighted architectures. Since the assessment shows the existence of loopholes in the design of the inter-access mobility management, this paper proposes to enhance the 3GPP architectures by implementing a method called Hierarchical and Distributed Handover.

Online Authentication Using Smart Card Technology in Mobile Phone Infrastructure

The widespread of Internet usage has resulted in a greater number and variety of applications involving different types of private information. In order to diminish privacy concerns and strengthen user trust, security improvements in terms of authentication are necessary. The solutions need to be convenient, entailing ease of use and higher mobility. The suggested approach is to make use of the already popular mobile phone and to involve the mobile network, benefiting from Subscriber Identity Module (SIM) card’s tamper resistance to become trusted entities guarding personal information and identifying users. Mobile phone’s SIM card is convenient for safely storing security parameters essential for secured communication. It becomes secure entity compulsory for getting access to privacy sensitive Internet applications, like those involving money transfers. Utilizing the NFC interface passes the personal user keys only when needed, giving additional strength to the traditional public key cryptography approach in terms of security and portability.

2-ClickAuth

Internet users often have usernames and passwords at multiple web sites. To simplify things, many sites support federated identity management, which enables users to have a single account allowing them to log on to different sites by authenticating to a single identity provider. Most identity providers perform authentication using a username and password. Should these credentials be compromised, all of the user’s accounts become compromised. Therefore a more secure authentication method is desirable. This paper implements 2-clickAuth, a multimedia-based challenge-response solution which uses a web camera and a camera phone for authentication. Two-dimensional barcodes are used for the communication between phone and computer, which allows 2-clickAuth to transfer relatively large amounts of data in a short period of time. 2-clickAuth is more secure than passwords while easy to use and distribute. 2-clickAuth is a viable alternative to passwords in systems where enhanced security is desired, but availability, ease-of-use, and cost cannot be compromised. This paper implements an identity provider in the OpenID federated identity management system that uses 2-clickAuth for authentication, making 2-clickAuth available to all users of sites that support OpenID, including Facebook, Sourceforge, and MySpace.

An Adaptive Backoff Algorithm for Mobile Ad-Hoc Networks

Collision is a common problem in Mobile Ad Hoc Networks (MANETs). There are several backoff algorithms that have been proposed to avoid this problem. This paper proposes a new backoff algorithm called the Square Root Backoff (SRB). Moreover, it identifies that no algorithm can perform the best in all cases. Therefore, an adaptive strategy is proposed to choose the best backoff mechanism from a set of mechanisms based on network density and mobility parameters. The proposed adaptive algorithm is implemented in two phases: the offline phase and the online phase. Such design aims at reducing the time complexity of the algorithm by performing some of the computations prior to the actual deployment and of the network. Results from simulations demonstrate that the SRB algorithm achieved better performance than BEB and LB. Moreover, the adaptive backoff algorithm obtains the best throughput and end-to-end delay performance over the other backoff algorithms.

Improving Effectiveness of Intrusion Detection by Correlation Feature Selection

In this paper, the authors propose a new feature selection procedure for intrusion detection, which is based on filter method used in machine learning. They focus on Correlation Feature Selection (CFS) and transform the problem of feature selection by means of CFS measure into a mixed 0-1 linear programming problem with a number of constraints and variables that is linear in the number of full set features. The mixed 0-1 linear programming problem can then be solved by using branch-and-bound algorithm. This feature selection algorithm was compared experimentally with the best-first-CFS and the genetic-algorithm-CFS methods regarding the feature selection capabilities. Classification accuracies obtained after the feature selection by means of the C4.5 and the BayesNet over the KDD CUP’99 dataset were also tested. Experiments show that the authors’ method outperforms the best-first-CFS and the genetic-algorithm-CFS methods by removing much more redundant features while keeping the classification accuracies or getting better performances.