Biblio
Permissioned Blockchain (PBC) has become a prevalent data structure to ensure that the records are immutable and secure. However, PBC still has significant challenges before it can be realized in different applications. One of such challenges is the overhead of the communication which is required to execute the Byzantine Agreement (BA) protocol that is needed for consensus building. As such, it may not be feasible to implement PBC for resource constrained environments such as Internet-of-Things (IoT). In this paper, we assess the communication overhead of running BA in an IoT environment that consists of wireless nodes (e.g., Raspberry PIs) with meshing capabilities. As the the packet loss ratio is significant and makes BA unfeasible to scale, we propose a network coding based approach that will reduce the packet overhead and minimize the consensus completion time of the BA. Specifically, various network coding approaches are designed as a replacement to TCP protocol which relies on unicasting and acknowledgements. The evaluation on a network of Raspberry PIs demonstrates that our approach can significantly improve scalability making BA feasible for medium size IoT networks.
Moving target defense (MTD) is becoming popular with the advancements in Software Defined Networking (SDN) technologies. With centralized management through SDN, changing the network attributes such as routes to escape from attacks is simple and fast. Yet, the available alternate routes are bounded by the network topology, and a persistent attacker that continuously perform the reconnaissance can extract the whole link-map of the network. To address this issue, we propose to use virtual shadow networks (VSNs) by applying Network Function Virtualization (NFV) abilities to the network in order to deceive attacker with the fake topology information and not reveal the actual network topology and characteristics. We design this approach under a formal framework for Internet Service Provider (ISP) networks and apply it to the recently emerged indirect DDoS attacks, namely Crossfire, for evaluation. The results show that attacker spends more time to figure out the network behavior while the costs on the defender and network operations are negligible until reaching a certain network size.
In Advanced Metering Infrastructure (AMI) networks, power data collections from smart meters are static. Due to such static nature, attackers may predict the transmission behavior of the smart meters which can be used to launch selective jamming attacks that can block the transmissions. To avoid such attack scenarios and increase the resilience of the AMI networks, in this paper, we propose dynamic data reporting schedules for smart meters based on the idea of moving target defense (MTD) paradigm. The idea behind MTD-based schedules is to randomize the transmission times so that the attackers will not be able to guess these schedules. Specifically, we assign a time slot for each smart meter and in each round we shuffle the slots with Fisher-Yates shuffle algorithm that has been shown to provide secure randomness. We also take into account the periodicity of the data transmissions that may be needed by the utility company. With the proposed approach, a smart meter is guaranteed to send its data at a different time slot in each round. We implemented the proposed approach in ns-3 using IEEE 802.11s wireless mesh standard as the communication infrastructure. Simulation results showed that our protocol can secure the network from the selective jamming attacks without sacrificing performance by providing similar or even better performance for collection time, packet delivery ratio and end-to-end delay compared to previously proposed protocols.