Usable Security – Users are not your enemy

Introduction

Often overlooked, usability turned out to be one of the most important aspects of security. Usable systems enable users to accomplish their goals with increased productivity, less errors and security incidents. And It stills seems to be the exception rather than the rule.

When it comes to software, many people believe there is an fundamental tradeoff between security and usability. A choice between one of them has to be done. The belief is – make it more secure – and immediately – things become harder to use.

It’s a never-ending challenge – security and usability experts arguing about which one is more important. And some more people of the engineering and marketing department get involved giving their views and trying to convince the others. Finding the right balance between security and usability is without a doubt a challenging task.

The serious problem: User experience can suffer as digital products become more secure. In other words: the more secure you make something, the less secure it becomes. Why?
Continue reading

Embedded Security using an ESP32

Ever wondered why your brand-new Philips Hue suddenly starts blinking SOS?

Or why there is an ominous Broadcast on your Samsung TV while watching your daily Desperate Housewives?

And didn’t you wear an Apple Watch a few minutes ago, and why did you buy 2 TVs in that time?

Security of smart and embedded devices is one of those topics everyone heard about – might it be good or (more likely) bad.

Let us take a journey down the rabbit hole and find out how such devices handle security today and how we can improve that. On that journey, we will visit 5 points which, in all fairness, are going to be quite technical. Continue reading

AIRA Voice Assistant – A proof of Concept in virtual reality

Motivation

As part of the lecture “Software Development for Cloud Computing” we were looking for a solution, how a user can get basic assistance within our existing virtual reality game AIRA. The primary objective was a maximum of user-friendliness, while avoiding an interruption of the immersive gaming experience. It is also important to keep in mind, that the user is on its own and any kind of support from outside is usually not possible.

Moreover, considering that within virtual reality applications generally no conventional input devices will be available and therefore a keyboard is not an option. If we still following up this idea, many people may think next of an on-screen keyboard, as they know it from their smart TV at home, which might be operated by a game controller. Although such an approach would be contrary to a high ease of use and majority of implementations are quite crippled as well as hard to use.

So, what would be obvious and take all previous considerations into account? Simply think of something that each of us is carrying along at any time – the own unique voice. According to this we decided to implement a personal voice assistant into our game. In the following, it can be seen that the individuality of each human voice leads into a lot of difficulties we have to take care of.

In the following, it will be explained in detail how we implemented a personal voice assistant using multiple Watson serviceswhich are part of the IBM Bluemix cloud platform. Especially fundamental problems we run into will be discussed and then possible approaches will be pointed out.

Continue reading

Cloud Security – Part 2: The vulnerabilities and threats of the cloud, current scientific work on cloud security, conclusion and outlook

I’m glad to welcome you to the second part of two blog posts about cloud security. In the first part, we looked at the current cloud market and learned about the concepts and technologies of the cloud. Thus, we created a basis for the areas of this post in which we will now deal with the vulnerabilities and threats of the cloud, have a look at current scientific work on the topic and finally conclude with a résumé and an outlook.

Once again, I wish you to enjoy reading! 🙂
Continue reading

Cloud Security – Part 1: A current market overview and the concepts and technologies of the cloud

Welcome to the first of two blog posts, that will deal with the latest developments in cloud security.

In this post, we will initially look at the role the cloud plays in today’s market and why it is important to deal with the security of the cloud. In order to address the security aspects, we need to know how the cloud works, so we’ll then take a closer look at the concepts and technologies used in the cloud.

After we know the technologies of the cloud, we will consider their weaknesses and threats in the next post. To this end, we are trying to identify the weaknesses of the cloud as far as possible, and we will regard a list of threats that companies can face when using the cloud. After that we will observe scientific papers that currently deal with the issue of cloud security. Finally, we will summarise, draw a conclusion and look ahead to potential future developments in the area of cloud security.

And now I wish you to enjoy reading! 🙂
Continue reading

VVS-Delay – AI in the Cloud

Introduction

Howdy, Geeks! Ever frustrated by public transportation around Stuttgart?
Managed to get up early just to find out your train to university or work is delayed… again?
Yeah, we all know that! We wondered if we could get around this issue by connecting our alarm clock to some algorithms. So we would never ever have to get up too early again.

Well, okay, we’re not quite there yet. But we started with getting some data and did some hardly trustworthy hypothesis of prediction on it. In the end it’s up to you if you gonna believe it or not.

To give you a short overview, here are the components that are involved in the process. You will find the components described in more details below.
Process overview

A view parts in short:
1. crawler and database – get and store departure information
2. visualization – visualizes the delays on a map
3. statistical analysis – some statistical analysis on the delays over a week
4. continuous delivery – keep the production system up to date with the code

Continue reading

Sport data stream processing on IBM Bluemix: Real Time Stream Processing Basics

New data is created every second. Just on Google the humans preform 40,000 search queries every second. By 2020 Forbes estimate 1.7 megabytes of new information will be created every second for every human on our planet.
However, it is about collecting and exchanging data, which then can be used in many different ways. Equipment fault monitoring, predictive maintenance, or real-time diagnostics are only a few of the possible scenarios. Dealing with all this information, creates certain challenges for stream processing of huge amounts of data is among them.

Improvement of technology and development of big scaling systems like IBM Bluemix it is now not only possible process business or IoT data, it is also interesting to analyze complex and large data like sport studies. That’s the main idea of my application – collect data from a 24-hour swimming event to use real time processed metrics to control event and athletes flow.

In this article explains how to integrate and use the IBM tools for stream processing. We explore IBM Message Hub (for collecting streams), the IBM Streaming Analytics service (for processing events) and IBM Node.JS Service (for visualization data).
Continue reading

Wettersave – Realizing Weather Forecasts with Machine Learning

    Introduction

Since the internet boom a few years ago companies started to collect and save data in an almost aggressive way. But the huge amounts of data are actually useless if they are not used to gain new information with a higher value. I was always impressed by the way how easy statistical algorithms can be used to answer extremely complex questions if you add the component “Machine Learning”. Our goal was to create a web service that does exactly that thing: We realized Weather Forecasts using Machine Learning algorithms.

The Application can be split in four parts:

  • The website is the final user interface to start a query and to see the resulting prediction.
  • The server connects all parts and hosts the website.
  • The database stores all important data about the weather.
  • IBM Watson is used to calculate the forecasts with the data of the database.

In the following I will explain the structure more detailed and show how we developed the application.
Continue reading

Developing a Chat Server and Client in the Cloud

Introduction

During the Lecture “Software Development for Cloud Computing” I decided to develop a Cloud based Chat Application with the help of IBM’s Bluemix.
The Application consists of 3 separate Applications:

  • Chat Server: Allows Clients to connect to it, manages the Chat-Channels/Users and relays messages sent from a client to the other clients in the same channel.
  • Chat Client: The Client consists of a GUI where the User can connect to the Server and chat with other Users.
  • Chat Backend Database: A simple Database which records and provides the chat history of a given Chat-Channel via REST.

Continue reading

Moodkoala – An intelligent Social Media application

Welcome to our blog post ‘Moodkoala – An intelligent Social Media application’. The following provides an overview of our contents.

Contents

Introduction
       – The idea behind Moodkoala
       – Technologies overview
Technologies
       – Frontend and Backend
       – Bluemix Services
       – Liberty for Java
       – Natural Language Processing
       – Tone Analyzer
       – Language Translator
       – Cloudant
       – Mood analysis with IBM Watson
       – Mood Analysis with IBM Watson Tone Analyser
       – The Mood Analysis Algorithm
       – Embedding the Tone Analyzer into the Java EE application
       – Filtering Hate comments using Natural Language Understanding
       – Natural Language Understanding
       – Summing up text analysis
       – Google and Facebook API
       – Mood imaging analysis
Implementation
       – Implementing the mood analysis algorithm
       – Deserializing JSON Strings
       – Implementing the Natural Language Processing API
       – Implementing hate comment filter into the Java EE application
       – Set up Google Sign-in
       – Set up Facebook login
       – Mood imaging implementation
       – Configuration
       – Docker and IBM Bluemix
       – Gitlab CI
       – Jenkins
Discussion and conclusion
       – Discussion Moodkoala and 12 factor app
       – Comparison to other cloud providers
       – Conclusion
Continue reading