ENG2575 OL88 Technical Writing, Spring 2021

To Professor ELLIS

From Mohammad Amin

Date 03/03/2021

Subject: 500-word summary of Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms

Following 500-word summary article about IoT, IoT was created in 1999 and was officially launched in 2005 by the International Telecommunication Union, it was coined by Kevin Ashton. It has physical characteristics and virtual representation. The main idea of IoT is to convert miniature devices into smart objects and make them dynamic, it represents the parent class and enables intelligent communication with the information network. last few years, the concept of IoT has been applied in greenhouse monitoring, smart electric meter reading, telemedicine monitoring as well as intelligent transportation. With 5G network, IoT will make the online worlds much stronger but the biggest threat is to protect privacy. With 5G network, IoT will make the online worlds much stronger but the biggest threat is to protect privacy. The main goal of this study is to analyze the defense against IoT related challenge. Potential solutions to the security threats of IOT and review method to gain insight on the practical implication of security in the IoT. Patient data and staff can be monitored automatically using Iot technology. Many applications of Iot are used in smart cities. Protecting privacy is an important issue in digital environment but there is a risk of individual breaches of each device in the IoT network. In order to protect the authenticity of the information, only authorized users need to exchange information. The main goal of Iot is to provide accurate data to the user. IoT information must have protected so that no one can steal, delete or edit anything. Nonrepudiation is related to authentication of a legit party in getting access to the promised service. 

CYBER-ATTACKS ON IoT APPLICATIONS:

Sinkhole Attack creates the network traffic and collapses the network communication. Sinkhole attack creates counterfeit notes and sends route requests to neighboring notes.

Wormhole attack is an internal attack that make it very difficult to identify the attack as a result of unchanged network activity.

In a selective forwarding attack, a compromised node refuses to forward some of the packets in its outstanding buffer, such as control information or data packets in order to cut off the packet’s propagation.

Sybil Attack can create wrong reports, increase traffic load with spam and loss of privacy

Hello Flood Attack, usually within the range of the receiver’s device and can transmit to the receiver when it is incorrect. 

SET OF SECURITY REQUIREMENTS:

‘Internet of Things’ A study titled IoT has presented a secure model of how data can be kept secure. The technology used in the network in this study emphasizes the need for a legal framework in accordance with international standards. Zhuo and Chao security system was disrupted there. According to the author, “a security model for IOT in a study titled ‘‘Proposed Security Model and Threat Taxonomy for the Internet of Things (IoT)’’. The author briefly discusses about the security and privacy concerns in IoT in this article” (Babar et al.,2018, p.11025) They are added encryption methods, communication medium security, use of cryptography and protection of sensor/control data for tackling the Major security and privacy.Internet security issues presented a paper entitled certification approach. Abomhara and Koien 

Author discusses IoT and provides future direction for tackling current and future privacy initiatives. IoT will connect billion of devices, these have achieved the requirement for protection. Overall, this study discusses in detail the security threats to the IoT environment and solutions.

Reference: 

T. A. Ahanger and A. Aljumah, “Internet of Things: A Comprehensive Study of Security Issues and Defense Mechanisms,” in IEEE Access, vol. 7, pp. 11020-11028, 2019, doi: 10.1109/ACCESS.2018.2876939.

To: Prof. Ellis

From: Mateo Avila

Date: 3/3/2021

Subject: 500-Word summary of “Study on Security and Prevention Strategies of Computer Network”

Computer network is expanding in every aspect of people’s lives; therefore, vulnerabilities and privacy are the main concerns. In order to tackle these problems, more research in specific areas is being conducted. Areas such as network management, firewall, encryption, etc. Computer network security refers to the controls on how to protect privacy, integrity, and availability. There are two types of securities which are physical and logical security. Depending upon the individual and organizations, the privacy and data can mean different things. Some just want pure security privacy, others protection. To make plans against different threats/disasters in order to continue with the network communication. Additionally, network security consists of hardware and software that protects data and addresses technical and management issues. Threats include inside people, which are internal threats, employees who leak information intentionally or unintentionally, reconfigure the network, alter or steal data, and more examples of inside threats and destruction. There is also unauthorized user with unauthorized access, such as hackers and/or users navigating unauthorized ways of getting resources. Attacks on integrity which includes manipulating data, denying access to basic operations to users and providing wrong information to end users. Attackers find ways to intercept data such as frequency, length, parameters in order to obtain valuable information which is hard to detect. Attackers can also pretend to be network control, leaders, and other entities so they can access data, use unlimited resources, denial of actual users and obtain and modify key information, passwords, etc. Attackers destroy access to user such as not letting them use daily resources nor operations. Attackers can also repeat itself meaning obtain information and sent it as many times as they want whenever they want. Other kinds of threats are computer virus, network errors, disaster, etc. There are technical protections such as firewalls, constant virus analysis, monitoring, scanning, etc. Technical level includes department of network administrators, technicians and trained users in order to maintain a system of security. In which there will be detecting virus and backing up data on time. There is network access control which is especially important because it ensures for granting access to authorized users. Backup data and recovery is important due to how administrators obtain data after an accident by using different strategies. There is application code technology which is one of the main components of information security. It provides integrity with passwords, encryptions, signatures, and different types of keys. Use antivirus programs and do not download unknown content. Research up to date and better high security operating system in order a safer environment and high performance and do not give a virus any chance. Computer network depends on network protections, security technology, implementations, measurements, laws, and regulation in order to obtain an effective security. To prevent/resists computer’s users from virus, crimes, and hackers. “Users need to be educated and be aware of safety and management institution with continues improvement on technology and laws. According to the author “Never-ending education to users and staff such as code, computer safety principles and to obey rules and regulations to maintain a safe and reliable working environment” (Lin, 2012). Finally, there should be different types of rooms dedicated to different aspects of computer security countermeasures.

Reference

Li, F. (2012). Study on Security and Prevention Strategies of Computer Network. International Conference on Computer Science and Information Processing (CSIP), 645-647. https://ieeexplore-ieee-org.citytech.ezproxy.cuny.edu/document/6308936

TO:      Prof. Ellis

FROM:  Chowdhury A Hashmee

DATE:   03/03/2021

SUBJECT: 500-Word Summary of “Mobile Applications for Business”

This memo is a 500-word summary of the article, “Mobile Applications for Business” by N. Angelova a researcher at Trakia University, faculty of Economics, Stara Zagora, Bulgaria. In this article the author describes the importance of mobile applications in business communication and the operating systems, mobile technologies and features that are being used daily. Over the past decades, the rapid growth of mobile technology has made mobile phones more available to the average user, including more messaging services, listening to music, playing sports, taking photographs and all kinds of entertainment. According to the author “Mobile can be describe as a part of technology that involves mobility”. (Angelova., 2019, p. 854). Using network infrastructures, protocols, and portable devices used for cellular communication, mobile technology enables users to flexibly perform different tasks in terms of time and place. Several smartphone operating systems, such as Android, iPhone OS / iOS, Samsung, BlackBerry, Windows, are primarily used on the market today. According to market surveys worldwide, the main leader of mobile operating systems is Android OS that is installed on most smartphones, while iOS market share is concentrated in countries that mainly produce and sell devices that support this OS. (Angelova, 2019, p. 853). Some of the most development countries that uses iOS are, US – 55.07%, UK – 49.81%, China – 24.1%, Japan – 71.9%, Germany – 28.38%, Russia – 26.6% etc. (Angelova, 2019, p. 854). Some  of the developed countries that uses Android OS are, US – 44.61%, UK – 49.42%, China – 74.6%, Japan – 27.81%, Germany – 70.61%, Russia – 72.32% etc. Mobile communications such as 1G, the first generation uses analogue voice-only relationship. The second generation 2G standard is Global Service for mobile communication(GSM), started in 1991 and the transfer rate was 906 kbit/s. The third generation 3G mobile communications started in 2002 which includes 3 standards – UMTS, WCDMA and CDMA2000 and provides speeds from 384 kbit/s to 2.4 Mbit/s. The fourth generation of mobile technologies 4G is a set of standards for broadband Internet access. Gigabit speeds above the current speeds would be enabled by the new standard 5G. Moreover, for several milliseconds, a minimum ping will be preserved. Depending on the mobile OS, mobile apps are created for a particular OS and can be downloaded from a special location. Some of the popular app stores are, Android – Google play, iOS – App Store, Windows 10 – Microsoft Store etc. Businesses needs mobile applications to create a direct marketing channel, build a brand for recognitions, Improving customer engagement etc. According to the article the most popular recommended mobile apps for businesses in google play and app stores are, scanning tools (Clear scan, Genius Scan), Office suits (OfficeSuite, Documents), Job Search or Hiring ( Glassdoor, LinkedIn) Employee Scheduling (Hours tracker, Paylocity Mobile), Video conferencing tools ( Hangout, Zoom), Planning (AWS events, Trello), Automated expense management (Invoice maker, Expensify) etc. To conclude, Mobile devices are an integral part of our lives and it seems like everything we possess is inside them behind the screen. It has no longer been the only mean for connecting and talking with people who are far away from us. It is our personal assistant.

Reference

Angelova, N. (2019). Mobile Applications for Business. EBSCO Connect Trakia Journal of Sciences, 17(1), 853–859. https://doi-org/10.15547/tjs.2019.s.01.140

TO:      Prof. Ellis

FROM:    Kiara Candelario

DATE:    3/03/2021

SUBJECT: 500-Word Summary of Article About Comparing Non-Relational and Relational Databases.

The following is a 500-word summary of a peer-reviewed article about testing and comparing MongoDB and MySQL using IoT data on a virtual machine. The Internet of things is a system that consists of sensing, and collecting data, and it’s becoming a large aspect in many industries. According to the author, ” using IoT technology generates a large amount of heterogeneous data like texts, numbers, audio, videos, and pictures. These types of data need to be transferred, processed and stored” (Eyada et al., 2020, p. 110656). IoT data comes from different sources, and a database management system can assist with storing the amount of data that IoT creates. Relational DBMS’s use SQL,which is a popular system, but IoT data is heterogeneous, and it can negatively affect the database’s performance. NoSQL database, also known as a non-relational database, is the best option for IoT data due to storing unstructured data and is schema-free. NoSQL also has high scalability and availability. Cloud computing can deal with large amounts of data, and databases use cloud computing to improve consistency, availability, and tolerance.

MySQL is a relational database system that uses SQL to store data in tables and needs a pre-defined schema. Any change to the schema can hinder the performance and takes the database offline. MongoDB is a non-relational database system that is document-oriented, and it stores data as BSON objects. It has quick query access, and a structure does not need to be declared. MongoDB has different features that provide better performance based on long-term storage of large amounts of data and flexibility to work. The current experiment will solve the previous limitations that the other experiments had by enhancing both databases and not limiting the number of sensor nodes.

MongoDB and MySQL will store the IoT information, and it is base on the data collected from air pollution indoors and outdoors. In the MySQL database setup, two tables are created named station_location and town_name, which manage the station’s location and the sensor nodes. In the MongoDB Database Setup, two collections are made, where the first collection saves every station’s location. The second collection is the sensor table for all the sensors in the station. Node.JS is the server language that is used to process the collected data. Ubuntu 16. 04 LTS is the operating system installed on the virtual machine to setup MongoDB, MySQL, and Node.JS. Amazon Web Service’s Elastic Compute Cloud is the virtual machine that is used to establish the environment.

The experiment was conducted based on increasing the workload of each database latency, database size, and the number of sensor nodes. The impact of increasing the workload resulted in a latency decrease in the MongoDB database compared to the MySQL database. The impact of increasing the workload on database sizes demonstrates that MySQL outperforms MongoDB. Lastly, increasing the number of sensor nodes that connect to each station resulted in MongoDB outperforming MySQL significantly. The results demonstrate that MongoDB outperforms MySQL due to MySQL performance loss when increasing the workload.

Reference:

M. M. Eyada, W. Saber, M. M. El Genidy and F. Amer, “Performance Evaluation of IoT Data Management Using MongoDB Versus MySQL Databases in Different Cloud Environments,” in IEEE Access, vol. 8, pp. 110656-110668, 2020, doi: 10.1109/ACCESS.2020.3002164.

To: Professor Ellis

From: Foysal Ahmed

Date:03-03-21

Subject: 500 word summary of an article about “Cyber Security.”

The following is a 500 word summary of a peer-reviewed article about quantifying the significance and relevance of cyber-security text through textual similarity and a cyber-security knowledge graph. Presenting various opportunities to socialize and business in general, these opportunities also bring different kinds of risks such as cyber-attacks, data breaches, loss of intellectual properties, financial fraud, etc. The idea of sharing threat information stems from the assumption that an adversary that attacks a specific target is also likely to attack similar targets in the near future. From the paper, we can know about quantifying the significance and relevance of the threat information applying different methods, such as the Entity Recognition (NER) model and the Cyber-security Knowledge Graph (CKG), the subjective relevance of the cyber-security text to the user, and to generate correlation features. This paper also shows that to mitigate cyber-security risks proactively, security analysts continuously monitor sources of threat information. 

“While information-sharing platforms have grown in popularity, the amount of shared threat information has grown tremendously, overwhelming human analysts and undermining the efforts to share threat information.” (2)

Even though there are approaches that automatically share information between machines through structured information sharing such as Structured Threat Information Expression (STIX) and its corresponding protocol, Trusted Automated Exchange of Intelligence Information (TAXII), the need to process unstructured text reports that might be shared via email or forums still exists. For example, dark-web forums provide valuable threat information if the noise can be segregated with less effort. Also, to establish situational awareness, a security analyst has to identify cyber threat-related information specifically applicable to his environment to monitor and prevent the possible intrusion proactively and control the possible risk. To ensure those all, the research first shows why they are so willing to research on this topic; then they find the problems out to be solved and show the existing methods that could not solve the problem. They proposed their solution and then tried to prove why that solution is significantly more important than the existing ones.

Finally, it is shown that due to the constraints such as a probable lack of identifiable cyber-security named entity in test data and the uncertainty of identified Mentioned Entities to exist in CKG, the effectiveness of the proposed architecture could not be proven directly on the raw test documents; however, by simulating the controlled environment by manipulating the test document achieved a classification accuracy of 88% using the logistic regression classifier. Since it is impossible to expect the controlled environment in a real-life situation, the experiment must be improved to reconcile the simulated dataset with real-life data. We believe by improving the NER performance and extending the scope of CKG, the experiment would come closer to producing production-grade results.

Cyber protection, as we all know, is the process of shielding computers, routers, handheld devices, electronic infrastructure, networks, and documents from malicious attacks, and It is also known as information technology security or electronic information security. As the term applies in various contexts, from business to mobile computing, and can be divided into a few common categories, research on this kind of topic is a crying need for the overall development of all.

References

Received September 9, 2020, accepted September 21, 2020, date of publication September 28, 2020, date of current version October 8, 2020. Digital Object    Identifier 10.1109/ACCESS.2020.3027321. 

Resource center. (n.d.). Retrieved March 02, 2021, from https://www.kaspersky.com/resource-center/definitions/what-is-cyber-security.