Visible to the public Biblio

Found 2000 results

Filters: First Letter Of Last Name is A  [Clear All Filters]
[A] B C D E F G H I J K L M N O P Q R S T U V W X Y Z   [Show ALL]
U
Kiseleva, Julia, Williams, Kyle, Jiang, Jiepu, Hassan Awadallah, Ahmed, Crook, Aidan C., Zitouni, Imed, Anastasakos, Tasos.  2016.  Understanding User Satisfaction with Intelligent Assistants. Proceedings of the 2016 ACM on Conference on Human Information Interaction and Retrieval. :121–130.

Voice-controlled intelligent personal assistants, such as Cortana, Google Now, Siri and Alexa, are increasingly becoming a part of users' daily lives, especially on mobile devices. They introduce a significant change in information access, not only by introducing voice control and touch gestures but also by enabling dialogues where the context is preserved. This raises the need for evaluation of their effectiveness in assisting users with their tasks. However, in order to understand which type of user interactions reflect different degrees of user satisfaction we need explicit judgements. In this paper, we describe a user study that was designed to measure user satisfaction over a range of typical scenarios of use: controlling a device, web search, and structured search dialogue. Using this data, we study how user satisfaction varied with different usage scenarios and what signals can be used for modeling satisfaction in the different scenarios. We find that the notion of satisfaction varies across different scenarios, and show that, in some scenarios (e.g. making a phone call), task completion is very important while for others (e.g. planning a night out), the amount of effort spent is key. We also study how the nature and complexity of the task at hand affects user satisfaction, and find that preserving the conversation context is essential and that overall task-level satisfaction cannot be reduced to query-level satisfaction alone. Finally, we shed light on the relative effectiveness and usefulness of voice-controlled intelligent agents, explaining their increasing popularity and uptake relative to the traditional query-response interaction.

Haddad, G. El, Aïmeur, E., Hage, H..  2018.  Understanding Trust, Privacy and Financial Fears in Online Payment. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :28–36.
In online payment, customers must transmit their personal and financial information through the website to conclude their purchase and pay the services or items selected. They may face possible fears from online transactions raised by their risk perception about financial or privacy loss. They may have concerns over the payment decision with the possible negative behaviors such as shopping cart abandonment. Therefore, customers have three major players that need to be addressed in online payment: the online seller, the payment page, and their own perception. However, few studies have explored these three players in an online purchasing environment. In this paper, we focus on the customer concerns and examine the antecedents of trust, payment security perception as well as their joint effect on two fundamentally important customers' aspects privacy concerns and financial fear perception. A total of 392 individuals participated in an online survey. The results highlight the importance, of the seller website's components (such as ease of use, security signs, and quality information) and their impact on the perceived payment security as well as their impact on customer's trust and financial fear perception. The objective of our study is to design a research model that explains the factors contributing to an online payment decision.
Schroeder, Jill M., Manz, David O., Amaya, Jodi P., McMakin, Andrea H., Bays, Ryan M..  2018.  Understanding Past, Current and Future Communication and Situational Awareness Technologies for First Responders. Proceedings of the Fifth Cybersecurity Symposium. :2:1-2:14.
This study builds a foundation for improving research for first responder communication and situational awareness technology in the future. In an online survey, we elicited the opinions of 250 U.S. first responders about effectiveness, security, and reliability of past, current, and future Internet of Things technology. The most desired features respondents identified were connectivity, reliability, interoperability, and affordability. The top barriers to technology adoption and use included restricted budgets/costs, interoperability, insufficient training resources, and insufficient interagency collaboration and communication. First responders in all job types indicated that technology has made first responder equipment more useful, and technology that supports situational awareness is particularly valued. As such, future Internet of Things capabilities, such as tapping into smart device data in residences and piggybacking onto alternative communication channels, could be valuable for future first responders. Potential areas for future investigation are suggested for technology development and research.
Sawant, Anand Ashok, Aniche, Maurício, van Deursen, Arie, Bacchelli, Alberto.  2018.  Understanding Developers' Needs on Deprecation As a Language Feature. Proceedings of the 40th International Conference on Software Engineering. :561-571.

Deprecation is a language feature that allows API producers to mark a feature as obsolete. We aim to gain a deep understanding of the needs of API producers and consumers alike regarding deprecation. To that end, we investigate why API producers deprecate features, whether they remove deprecated features, how they expect consumers to react, and what prompts an API consumer to react to deprecation. To achieve this goal we conduct semi-structured interviews with 17 third-party Java API producers and survey 170 Java developers. We observe that the current deprecation mechanism in Java and the proposal to enhance it does not address all the needs of a developer. This leads us to propose and evaluate three further enhancements to the deprecation mechanism.

Cesar, Pablo, Zwitser, Robert, Webb, Andrew, Ashby, Liam, Ali, Abdallah.  2019.  Uncovering Perceived Identification Accuracy of In-Vehicle Biometric Sensing | Proceedings of the 11th International Conference on Automotive User Interfaces and Interactive Vehicular Applications: Adjunct Proceedings. AutomotiveUI '19: Proceedings of the 11th International Conference on Automotive User Interfaces and Interactive Vehicular Applications: Adjunct Proceedings.

Biometric techniques can help make vehicles safer to drive, authenticate users, and provide personalized in-car experiences. However, it is unclear to what extent users are willing to trade their personal biometric data for such benefits. In this early work, we conducted an open card sorting study (N=11) to better understand how well users perceive their physical, behavioral and physiological features can personally identify them. Findings showed that on average participants clustered features into six groups, and helped us revise ambiguous cards and better understand users' clustering. These findings provide the basis for a follow up online closed card sorting study to more fully understand perceived identification accuracy of (in-vehicle) biometric sensing. By uncovering this at a larger scale, we can then further study the privacy and user experience trade-off in (automated) vehicles.

Abidin, Aysajan, Argones Rúa, Enrique, Peeters, Roel.  2017.  Uncoupling Biometrics from Templates for Secure and Privacy-Preserving Authentication. Proceedings of the 22Nd ACM on Symposium on Access Control Models and Technologies. :21–29.

Biometrics are widely used for authentication in several domains, services and applications. However, only very few systems succeed in effectively combining highly secure user authentication with an adequate privacy protection of the biometric templates, due to the difficulty associated with jointly providing good authentication performance, unlinkability and irreversibility to biometric templates. This thwarts the use of biometrics in remote authentication scenarios, despite the advantages that this kind of architectures provides. We propose a user-specific approach for decoupling the biometrics from their binary representation before using biometric protection schemes based on fuzzy extractors. This allows for more reliable, flexible, irreversible and unlinkable protected biometric templates. With the proposed biometrics decoupling procedures, biometric metadata, that does not allow to recover the original biometric template, is generated. However, different biometric metadata that are generated starting from the same biometric template remain statistically linkable, therefore we propose to additionally protect these using a second authentication factor (e.g., knowledge or possession based). We demonstrate the potential of this approach within a two-factor authentication protocol for remote biometric authentication in mobile scenarios.

Alim, Adil, Zhao, Xujiang, Cho, Jin-Hee, Chen, Feng.  2019.  Uncertainty-Aware Opinion Inference Under Adversarial Attacks. 2019 IEEE International Conference on Big Data (Big Data). :6—15.

Inference of unknown opinions with uncertain, adversarial (e.g., incorrect or conflicting) evidence in large datasets is not a trivial task. Without proper handling, it can easily mislead decision making in data mining tasks. In this work, we propose a highly scalable opinion inference probabilistic model, namely Adversarial Collective Opinion Inference (Adv-COI), which provides a solution to infer unknown opinions with high scalability and robustness under the presence of uncertain, adversarial evidence by enhancing Collective Subjective Logic (CSL) which is developed by combining SL and Probabilistic Soft Logic (PSL). The key idea behind the Adv-COI is to learn a model of robust ways against uncertain, adversarial evidence which is formulated as a min-max problem. We validate the out-performance of the Adv-COI compared to baseline models and its competitive counterparts under possible adversarial attacks on the logic-rule based structured data and white and black box adversarial attacks under both clean and perturbed semi-synthetic and real-world datasets in three real world applications. The results show that the Adv-COI generates the lowest mean absolute error in the expected truth probability while producing the lowest running time among all.

Benjamin Andow, Akhil Acharya, Dengfeng Li, University of Illinois at Urbana-Champaign, William Enck, Kapil Singh, Tao Xie, University of Illinois at Urbana-Champaign.  2017.  UiRef: Analysis of Sensitive User Inputs in Android Applications. 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec 2017).

Mobile applications frequently request sensitive data. While prior work has focused on analyzing sensitive-data uses originating from well-dened API calls in the system, the security and privacy implications of inputs requested via application user interfaces have been widely unexplored. In this paper, our goal is to understand the broad implications of such requests in terms of the type of sensitive data being requested by applications.

To this end, we propose UiRef (User Input REsolution Framework), an automated approach for resolving the semantics of user inputs requested by mobile applications. UiRef’s design includes a number of novel techniques for extracting and resolving user interface labels and addressing ambiguity in semantics, resulting in signicant improvements over prior work.We apply UiRef to 50,162 Android applications from Google Play and use outlier analysis to triage applications with questionable input requests. We identify concerning developer practices, including insecure exposure of account passwords and non-consensual input disclosures to third parties. These ndings demonstrate the importance of user-input semantics when protecting end users.

Alamri, N., Chow, C. E., Aljaedi, A., Elgzil, A..  2018.  UFAP: Ultra-fast handoff authentication protocol for wireless mesh networks. 2018 Wireless Days (WD). :1–8.
Wireless mesh networking (WMN) is a new technology aimed to introduce the benefits of using multi-hop and multi-path to the wireless world. However, the absence of a fast and reliable handoff protocol is a major drawback especially in a technology designed to feature high mobility and scalability. We propose a fast and efficient handoff authentication protocol for wireless mesh networks. It is a token-based authentication protocol using pre-distributed parameters. We provide a performance comparison among our protocol, UFAP, and other protocols including EAP-TLS and EAP-PEAP tested in an actual setup. Performance analysis will prove that our proposed handoff authentication protocol is 250 times faster than EAP-PEAP and 500 times faster than EAP-TLS. The significant improvement in performance allows UFAP to provide seamless handoff and continuous operation even for real-time applications which can only tolerate short delays under 50 ms.
T
Leinonen, Juho, Longi, Krista, Klami, Arto, Ahadi, Alireza, Vihavainen, Arto.  2016.  Typing Patterns and Authentication in Practical Programming Exams. Proceedings of the 2016 ACM Conference on Innovation and Technology in Computer Science Education. :160–165.

In traditional programming courses, students have usually been at least partly graded using pen and paper exams. One of the problems related to such exams is that they only partially connect to the practice conducted within such courses. Testing students in a more practical environment has been constrained due to the limited resources that are needed, for example, for authentication. In this work, we study whether students in a programming course can be identified in an exam setting based solely on their typing patterns. We replicate an earlier study that indicated that keystroke analysis can be used for identifying programmers. Then, we examine how a controlled machine examination setting affects the identification accuracy, i.e. if students can be identified reliably in a machine exam based on typing profiles built with data from students' programming assignments from a course. Finally, we investigate the identification accuracy in an uncontrolled machine exam, where students can complete the exam at any time using any computer they want. Our results indicate that even though the identification accuracy deteriorates when identifying students in an exam, the accuracy is high enough to reliably identify students if the identification is not required to be exact, but top k closest matches are regarded as correct.

Kurilova, Darya, Omar, Cyrus, Nistor, Ligia, Chung, Benjamin, Potanin, Alex, Aldrich, Jonathan.  2014.  Type-specific Languages to Fight Injection Attacks. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :18:1–18:2.

Injection vulnerabilities have topped rankings of the most critical web application vulnerabilities for several years [1, 2]. They can occur anywhere where user input may be erroneously executed as code. The injected input is typically aimed at gaining unauthorized access to the system or to private information within it, corrupting the system's data, or disturbing system availability. Injection vulnerabilities are tedious and difficult to prevent.

Omar, Cyrus, Chung, Benjamin, Kurilova, Darya, Potanin, Alex, Aldrich, Jonathan.  2013.  Type-directed, whitespace-delimited parsing for embedded DSLs. Proceedings of the First Workshop on the Globalization of Domain Specific Languages. :8–11.
Domain-specific languages improve ease-of-use, expressiveness and verifiability, but defining and using different DSLs within a single application remains difficult. We introduce an approach for embedded DSLs where 1) whitespace delimits DSL-governed blocks, and 2) the parsing and type checking phases occur in tandem so that the expected type of the block determines which domain-specific parser governs that block. We argue that this approach occupies a sweet spot, providing high expressiveness and ease-of-use while maintaining safe composability. We introduce the design, provide examples and describe an ongoing implementation of this strategy in the Wyvern programming language. We also discuss how a more conventional keyword-directed strategy for parsing of DSLs can arise as a special case of this type-directed strategy.
Ali, Muqeet, Reaz, Rezwana, Gouda, Mohamed.  2016.  Two-phase Nonrepudiation Protocols. Proceedings of the 7th International Conference on Computing Communication and Networking Technologies. :22:1–22:8.

A nonrepudiation protocol from party S to party R performs two tasks. First, the protocol enables party S to send to party R some text x along with a proof (that can convince a judge) that x was indeed sent by S. Second, the protocol enables party R to receive text x from S and to send to S a proof (that can convince a judge) that x was indeed received by R. A nonrepudiation protocol from one party to another is called two-phase iff the two parties execute the protocol as specified until one of the two parties receives its complete proof. Then and only then does this party refrain from sending any message specified by the protocol because these messages only help the other party complete its proof. In this paper, we present methods for specifying and verifying two-phase nonrepudiation protocols.

A. A. Zewail, A. Yener.  2015.  "The two-hop interference untrusted-relay channel with confidential messages". 2015 IEEE Information Theory Workshop - Fall (ITW). :322-326.

This paper considers the two-user interference relay channel where each source wishes to communicate to its destination a message that is confidential from the other destination. Furthermore, the relay, that is the enabler of communication, due to the absence of direct links, is untrusted. Thus, the messages from both sources need to be kept secret from the relay as well. We provide an achievable secure rate region for this network. The achievability scheme utilizes structured codes for message transmission, cooperative jamming and scaled compute-and-forward. In particular, the sources use nested lattice codes and stochastic encoding, while the destinations jam using lattice points. The relay decodes two integer combinations of the received lattice points and forwards, using Gaussian codewords, to both destinations. The achievability technique provides the insight that we can utilize the untrusted relay node as an encryption block in a two-hop interference relay channel with confidential messages.

Soni, Preeti, Ali, Rifaqat, Pal, Arup Kumar.  2017.  A Two-factor Based Remote User Authentication Scheme Using ElGamal Cryptosystem. Proceedings of the ACM Workshop on Internet of Things (IoT) Security: Issues and Innovations. :3:1–3:6.

Remote user authentication is an essential process to provide services securely during accessing on-line applications where its aim is to find out the legitimacy of an user. The traditional password based remote user authentication is quite popular and widely used but such schemes are susceptible to dictionary attack. To enhance the system security, numerous password based remote user authentication schemes using smartcard have been submitted. However, most of the schemes proposed are either computationally expensive or vulnerable to several kinds of known attacks. In this paper, the authors have developed a two factor based remote user authentication scheme using ElGamal cryptosystem. The validity of the proposed scheme is also confirmed through BAN logic. Besides that authors have done security analysis and compared with related schemes which proclaim that the proposed scheme is able to resist against several kinds of known attacks effectively. The proposed scheme is also simulated with AVISPA tool and expected outcome is achieved where it ensures that the scheme is secured against some known attacks. Overall, the presented scheme is suitable, secure and applicable in any real time applications.

Alamleh, Hosam, AlQahtani, Ali Abdullah S..  2020.  Two Methods for Authentication Using Variable Transmission Power Patterns. 2020 10th Annual Computing and Communication Workshop and Conference (CCWC). :0355–0358.
In the last decade, the adoption of wireless systems has increased. These systems allow multiple devices to send data wirelessly using radio waves. Moreover, in some applications, authentication is done wirelessly by exchanging authentication data over the air as in wireless locks and keyless entry systems. On the other hand, most of the wireless devices today can control the radio frequency transmission power to optimize the system's performance and minimize interference. In this paper, we explore the possibility of modulating the radio frequency transmission power in wireless systems for authentication purposes and using it for source authentication. Furthermore, we propose two system models that perform authentication using variable power transmission patterns. Then, we discuss possible applications. Finally, we implement and test a prototype system using IEEE 802.11 (Wi-Fi) devices.
Gulsezim, Duisen, Zhansaya, Seiitkaliyeva, Razaque, Abdul, Ramina, Yestayeva, Amsaad, Fathi, Almiani, Muder, Ganda, Raouf, Oun, Ahmed.  2019.  Two Factor Authentication using Twofish Encryption and Visual Cryptography Algorithms for Secure Data Communication. 2019 Sixth International Conference on Internet of Things: Systems, Management and Security (IOTSMS). :405–411.
Dependence of the individuals on the Internet for performing the several actions require secure data communication. Thus, the reliable data communication improves the confidentiality. As, enhanced security leads to reliable and faster communication. To improve the reliability and confidentiality, there is dire need of fully secured authentication method. There are several methods of password protections were introduced to protect the confidentiality and reliability. Most of the existing methods are based on alphanumeric approaches, but few methods provide the dual authentication process. In this paper, we introduce improved graphical password authentication using Twofish Encryption and Visual Cryptography (TEVC) method. Our proposed TEVC is unpredictably organized as predicting the correct graphical password and arranging its particles in the proper order is harder as compared to traditional alphanumeric password system. TEVC is tested by using JAVA platform. Based on the testing results, we confirm that proposed TEVC provides secure authentication. TEVC encryption algorithm detected as more prudent and possessing lower time complexity as compared to other known existing algorithms message code confirmation and fingerprint scan with password.
Aromataris, G., Annovazzi-Lodi, V..  2016.  Two- and three-laser chaos communications. 18th Italian National Conference on Photonic Technologies (Fotonica 2016). :1–4.

After a brief introduction on optical chaotic cryptography, we compare the standard short cavity, close-loop, two-laser and three-laser schemes for secure transmission, showing that both are suitable for secure data exchange, the three-laser scheme offering a slightly better level of privacy, due to its symmetrical topology.

Sayler, Andy, Andrews, Taylor, Monaco, Matt, Grunwald, Dirk.  2016.  Tutamen: A Next-Generation Secret-Storage Platform. Proceedings of the Seventh ACM Symposium on Cloud Computing. :251–264.

The storage and management of secrets (encryption keys, passwords, etc) are significant open problems in the age of ephemeral, cloud-based computing infrastructure. How do we store and control access to the secrets necessary to configure and operate a range of modern technologies without sacrificing security and privacy requirements or significantly curtailing the desirable capabilities of our systems? To answer this question, we propose Tutamen: a next-generation secret-storage service. Tutamen offers a number of desirable properties not present in existing secret-storage solutions. These include the ability to operate across administrative domain boundaries and atop minimally trusted infrastructure. Tutamen also supports access control based on contextual, multi-factor, and alternate-band authentication parameters. These properties have allowed us to leverage Tutamen to support a variety of use cases not easily realizable using existing systems, including supporting full-disk encryption on headless servers and providing fully-featured client-side encryption for cloud-based file-storage services. In this paper, we present an overview of the secret-storage challenge, Tutamen's design and architecture, the implementation of our Tutamen prototype, and several of the applications we have built atop Tutamen. We conclude that Tutamen effectively eases the secret-storage burden and allows developers and systems administrators to achieve previously unattainable security-oriented goals while still supporting a wide range of feature-oriented requirements.

Ahmed, Abu Shohel, Aura, Tuomas.  2018.  Turning Trust Around: Smart Contract-Assisted Public Key Infrastructure. 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE). :104–111.
In past, several Certificate Authority (CA) compromise and subsequent mis-issue of certificate raise the importance of certificate transparency and dynamic trust management for certificates. Certificate Transparency (CT) provides transparency for issued certificates, thus enabling corrective measure for a mis-issued certificate by a CA. However, CT and existing mechanisms cannot convey the dynamic trust state for a certificate. To address this weakness, we propose Smart Contract-assisted PKI (SCP) - a smart contract based PKI extension - to manage dynamic trust network for PKI. SCP enables distributed trust in PKI, provides a protocol for managing dynamic trust, assures trust state of a certificate, and provides a better trust experience for end-users.
Andersson, Björn.  2016.  Turning Compositionality into Composability. SIGBED Rev.. 13:25–30.

Compositional theories and technologies facilitate the decomposition of a complex system into components, as well as their integration via interfaces. Component interfaces hide the internal details of the components, thereby reducing integration complexity. A system is said to be composable if the properties established and validated for components in isolation hold once the components are integrated to form the system. This brings us the question: "Is compositionality related to composability?" This paper answers this question in the affirmative; it considers a previously known interface for compositionality and shows that it can be used for composability. It also presents a run-time policing mechanism for this interface.

AlQahtani, Ali Abdullah S, Alamleh, Hosam, Gourd, Jean, Alnuhait, Hend.  2020.  TS2FA: Trilateration System Two Factor Authentication. 2020 3rd International Conference on Computer Applications Information Security (ICCAIS). :1—4.
Two-factor authentication (2FA) systems implement by verifying at least two factors. A factor is something a user knows (password, or phrase), something a user possesses (smart card, or smartphone), something a user is (fingerprint, or iris), something a user does (keystroke), or somewhere a user is (location). In the existing 2FA system, a user is required to act in order to implement the second layer of authentication which is not very user-friendly. Smart devices (phones, laptops, tablets, etc.) can receive signals from different radio frequency technologies within range. As these devices move among networks (Wi-Fi access points, cellphone towers, etc.), they receive broadcast messages, some of which can be used to collect information. This information can be utilized in a variety of ways, such as establishing a connection, sharing information, locating devices, and, most appropriately, identifying users in range. The principal benefit of broadcast messages is that the devices can read and process the embedded information without being connected to the broadcaster. Moreover, the broadcast messages can be received only within range of the wireless access point sending the broadcast, thus inherently limiting access to those devices in close physical proximity and facilitating many applications dependent on that proximity. In the proposed research, a new factor is used - something that is in the user's environment with minimal user involvement. Data from these broadcast messages is utilized to implement a 2FA scheme by determining whether two devices are proximate or not to ensure that they belong to the same user.
Horne, Benjamin D., Gruppi, Mauricio, Adali, Sibel.  2019.  Trustworthy Misinformation Mitigation with Soft Information Nudging. 2019 First IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :245–254.

Research in combating misinformation reports many negative results: facts may not change minds, especially if they come from sources that are not trusted. Individuals can disregard and justify lies told by trusted sources. This problem is made even worse by social recommendation algorithms which help amplify conspiracy theories and information confirming one's own biases due to companies' efforts to optimize for clicks and watch time over individuals' own values and public good. As a result, more nuanced voices and facts are drowned out by a continuous erosion of trust in better information sources. Most misinformation mitigation techniques assume that discrediting, filtering, or demoting low veracity information will help news consumers make better information decisions. However, these negative results indicate that some news consumers, particularly extreme or conspiracy news consumers will not be helped. We argue that, given this background, technology solutions to combating misinformation should not simply seek facts or discredit bad news sources, but instead use more subtle nudges towards better information consumption. Repeated exposure to such nudges can help promote trust in better information sources and also improve societal outcomes in the long run. In this article, we will talk about technological solutions that can help us in developing such an approach, and introduce one such model called Trust Nudging.

Agostino Ardagna, Claudio, Asal, Rasool, Damiani, Ernesto, El Ioini, Nabil, Pahl, Claus.  2019.  Trustworthy IoT: An Evidence Collection Approach Based on Smart Contracts. 2019 IEEE International Conference on Services Computing (SCC). :46–50.
Today, Internet of Things (IoT) implements an ecosystem where a panoply of interconnected devices collect data from physical environments and supply them to processing services, on top of which cloud-based applications are built and provided to mobile end users. The undebatable advantages of smart IoT systems clash with the need of a secure and trustworthy environment. In this paper, we propose a service-based methodology based on blockchain and smart contracts for trustworthy evidence collection at the basis of a trustworthy IoT assurance evaluation. The methodology balances the provided level of trustworthiness and its performance, and is experimentally evaluated using Hyperledger fabric blockchain.
Nitti, M., Girau, R., Atzori, L..  2014.  Trustworthiness Management in the Social Internet of Things. Knowledge and Data Engineering, IEEE Transactions on. 26:1253-1266.

The integration of social networking concepts into the Internet of things has led to the Social Internet of Things (SIoT) paradigm, according to which objects are capable of establishing social relationships in an autonomous way with respect to their owners with the benefits of improving the network scalability in information/service discovery. Within this scenario, we focus on the problem of understanding how the information provided by members of the social IoT has to be processed so as to build a reliable system on the basis of the behavior of the objects. We define two models for trustworthiness management starting from the solutions proposed for P2P and social networks. In the subjective model each node computes the trustworthiness of its friends on the basis of its own experience and on the opinion of the friends in common with the potential service providers. In the objective model, the information about each node is distributed and stored making use of a distributed hash table structure so that any node can make use of the same information. Simulations show how the proposed models can effectively isolate almost any malicious nodes in the network at the expenses of an increase in the network traffic for feedback exchange.