Skip to content

Home

Jump to bottom
Alvaro Fides edited this page Jan 13, 2017 · 6 revisions

The main goal of the security and privacy-awareness group is about to identify security threats in Ambient Assisted Living (AAL) scenarios and proposing solutions to them. AAL scenarios are characterized by functionalities which have intrinsic threats and security issues.

Links of Interest
Continuous Integration http://depot.universaal.org/hudson/job/security/
Javadoc http://depot.universaal.org/hudson/job/security/site/security.pom/apidocs/index.html
Maven Release Repository http://depot.universaal.org/maven-repo/releases/org/universAAL/security/
Maven Snapshot Repository http://depot.universaal.org/maven-repo/snapshots/org/universAAL/security/

Definition

We identify three main features that characterize all the AAL scenarios, and must be taken into account in the security engineering of the “perfect” solution.

  • Dynamism: AAL Components must adapt to hardware and software dynamic changes.
  • Heterogeneity: Several computing and communication devices with different security constraints. Heterogeneous data with different security requirements.
  • Supervision
The security group is going to identify the major threats in the AAL scenarios: user privacy and system attacks.
  • User privacy: The disclosure of health details, personal preferences, habits and lifestyle, can easily lead to discrimination, blackmailing and problems in human relations. Data-mining issues, for example the possibility of a retailer being able to monitor the shopping behavior of customers can not only lead to an optimized supply chain, it may also be the basis of the “transparent customer” who can be manipulated and controlled.
  • Identity theft: Identity theft is the act of obtaining identity information without the concerned person’s consent and for future activities criminal or not (intent). The more widely personal information becomes available, the greater is the risk of it being stolen by malicious persons and being used for fraud and other illegal activities.
  • Malicious attacks: The term “malicious attack” subsumes a number of ways in which people attempt to access or damage a computer, mobile phone or other device. Such attacks can take many forms, can be active or passive. An active attack is a deliberate alteration or destruction of data or creation of false data. A passive attack consists of unauthorized monitoring, but not alteration or destruction of data (e.g., wiretapping).
Clone this wiki locally