Biblio
The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.
We consider a generic model of Client-Server interactions in the presence of Sender and Relay, conceptual agents acting on behalf of Client and Server, respectively, and modeling cloud service providers in the envisaged "QoS as a Service paradigm". Client generates objects which Sender tags with demanded QoS level, whereas Relay assigns the QoS level to be provided at Server. To verify an object's right to a QoS level, Relay detects its signature that neither Client nor Sender can modify. Since signature detection is costly, Relay tends to occasionally skip it and trust an object; this prompts Sender to occasionally launch a Fake VIP attack, i.e., demand undue QoS level. In a Stackelberg game setting, Relay employs a trust strategy in the form of a double-blind reputation scheme so as to minimize the signature detection cost and undue QoS provision, anticipating a best-response Fake VIP attack strategy on the part of Sender. We ask whether the double-blind reputation scheme, previously proved resilient to a probabilistic Fake VIP attack strategy, is equally resilient to more intelligent Sender behavior. Two intelligent attack strategies are proposed and analyzed using two-dimensional Markov chains.
This paper studies the principle of vulnerability generation and mechanism of cross-site scripting attack, designs a dynamic cross-site scripting vulnerabilities detection technique based on existing theories of black box vulnerabilities detection. The dynamic detection process contains five steps: crawler, feature construct, attacks simulation, results detection and report generation. Crawling strategy in crawler module and constructing algorithm in feature construct module are key points of this detection process. Finally, according to the detection technique proposed in this paper, a detection tool is accomplished in Linux using python language to detect web applications. Experiments were launched to verify the results and compare with the test results of other existing tools, analyze the usability, advantages and disadvantages of the detection method above, confirm the feasibility of applying dynamic detection technique to cross-site scripting vulnerabilities detection.
Malicious software or malware is one of the most significant dangers facing the Internet today. In the fight against malware, users depend on anti-malware and anti-virus products to proactively detect threats before damage is done. Those products rely on static signatures obtained through malware analysis. Unfortunately, malware authors are always one step ahead in avoiding detection. This research deals with dynamic malware analysis, which emphasizes on: how the malware will behave after execution, what changes to the operating system, registry and network communication take place. Dynamic analysis opens up the doors for automatic generation of anomaly and active signatures based on the new malware's behavior. The research includes a design of honeypot to capture new malware and a complete dynamic analysis laboratory setting. We propose a standard analysis methodology by preparing the analysis tools, then running the malicious samples in a controlled environment to investigate their behavior. We analyze 173 recent Phishing emails and 45 SPIM messages in search for potentially new malwares, we present two malware samples and their comprehensive dynamic analysis.
Botnet is one of the major threats on the Internet for committing cybercrimes, such as DDoS attacks, stealing sensitive information, spreading spams, etc. It is a challenging issue to detect modern botnets that are continuously improving for evading detection. In this paper, we propose a machine learning based botnet detection system that is shown to be effective in identifying P2P botnets. Our approach extracts convolutional version of effective flow-based features, and trains a classification model by using a feed-forward artificial neural network. The experimental results show that the accuracy of detection using the convolutional features is better than the ones using the traditional features. It can achieve 94.7% of detection accuracy and 2.2% of false positive rate on the known P2P botnet datasets. Furthermore, our system provides an additional confidence testing for enhancing performance of botnet detection. It further classifies the network traffic of insufficient confidence in the neural network. The experiment shows that this stage can increase the detection accuracy up to 98.6% and decrease the false positive rate up to 0.5%.
Searchable Encryption (SE) schemes provide security and privacy to the cloud data. The existing SE approaches enable multiple users to perform search operation by using various schemes like Broadcast Encryption (BE), Attribute-Based Encryption (ABE), etc. However, these schemes do not allow multiple users to perform the search operation over the encrypted data of multiple owners. Some SE schemes involve a Proxy Server (PS) that allow multiple users to perform the search operation. However, these approaches incur huge computational burden on PS due to the repeated encryption of the user queries for transformation purpose so as to ensure that users' query is searchable over the encrypted data of multiple owners. Hence, to eliminate this computational burden on PS, this paper proposes a secure proxy server approach that performs the search operation without transforming the user queries. This approach also returns the top-k relevant documents to the user queries by using Euclidean distance similarity approach. Based on the experimental study, this approach is efficient with respect to search time and accuracy.
In the context of emerging applications such as IoT, an RFID framework that can dynamically incorporate, identify, and seamlessly regulate the RFID tags is considered exciting. Earlier RFID frameworks developed using the older web technologies were limited in their ability to provide complete information about the RFID tags and their respective locations. However, the new and emerging web technologies have transformed this scenario and now framework can be developed to include all the required flexibility and security for seamless applications such as monitoring of RFID tags. This paper revisits and proposes a generic scenario of an RFID framework built using latest web technology and demonstrates its ability to customize using an application for tracking of personal user objects. This has been shown that the framework based on newer web technologies can be indeed robust, uniform, unified, and integrated.
There are two types of network architectures are presents those are wired network and wireless network. MANETs is one of the examples of wireless network. Each and every network has their own features which make them different from other types of network. Some of the features of MANETs are; infrastructure less network, mobility, dynamic network topology which make it different and more popular from wired network but these features also generate different problems for achieving security due to the absence of centralized authority inside network as well as sending of data due to its mobility features. Achieving security in wired network is little-bit easy compare to MANETs because in wired network user need to just protect main centralized authority for achieving security whereas in MANETs there is no centralized authority available so protecting server in MANETs is difficult compare to wired network. Data sending and receiving process is also easy in wired network but mobility features makes this data sending and receiving process difficult in MANETs. Protecting server or central repository without making use of secrete sharing in wired network will create so many challenges and problem in terms of security. The proposed system makes use of Secrete sharing method to protect server from malicious nodes and `A New particle Swarm Optimization Method for MANETs' (NPSOM) for performing data sending and receiving operation in optimization way. NPSOM technique get equated with the steady particle swarm optimizer (PSO) technique. PSO was essentially designed by Kennedy, Eberhart in 1995. These methods are based upon 4 dissimilar types of parameters. These techniques were encouraged by common performance of animals, some of them are bird assembling and fish tuition, ant colony. The proposed system converts this PSO in the form of MANETs where Particle is nothing but the nodes in the network, Swarm means collection of multiple nodes and Optimization means finding the best and nearer root to reach to destination. Each and every element study about their own previous best solution which they are having with them for the given optimization problem, likewise they see for the groups previous best solution which they got for the same problem and finally they correct its solution depending on these values. This same process gets repeated for finding of the best and optimal solutions value. NPSOM technique, used in proposed system there every element changes its location according to the solution which they got previously and which is poorest as well as their collection's earlier poorest solution for finding best, optimal value. In this proposed system we are concentrating on, sidestepping element's and collections poorest solution which they got before.
The Cloud computing in simple terms is storing and accessing data through internet. The data stored in the cloud is managed by cloud service providers. Storing data in cloud saves users time and memory. But once user stores data in cloud, he loses the control over his data. Hence there must be some security issues to be handled to keep users data safely in the cloud. In this work, we projected a secure auditing system using Third Party Auditor (TPA). We used Advanced Encryption Standard (AES) algorithm for encrypting user's data and Secure Hash Algorithm (SHA-2) to compute message digest. The system is executed in Amazon EC2 cloud by creating windows server instance. The results obtained demonstrates that our proposed work is safe and takes a firm time to audit the files.
Control-hijacking attacks include code injection attacks and code reuse attacks. In recent years, with the emergence of the defense mechanism data-execution prevention(DEP), code reuse attacks have become mainstream, such as return-oriented programming(ROP), Jump-Oriented Programming(JOP), and Counterfeit Object-oriented Programming(COOP). And a series of defensive measures have been proposed, such as DEP, address space layout randomization (ASLR), coarse-grained Control-Flow Integrity(CFI) and fine-grained CFI. In this paper, we propose a new attack called function-oriented programming(FOP) to construct malicious program behavior. FOP takes advantage of the existing function of the C program to induce attack. We propose concrete algorithms for FOP gadgets and build a tool to identify FOP gadgets. FOP can successfully bypass coarse-grained CFI, and FOP also can bypass some existing fine-grained CFI technologies, such as shadow stack technology. We show a real-world attack for proftpd1.3.0 server in the Linux x64 environment. We believe that the FOP attack will encourage people to come up with more effective defense measures.
In this paper we propose a new algorithm to detect Advanced Persistent Threats (APT's) that relies on a graph model of HTTP traffic. We also implement a complete detection system with a web interface that allows to interactively analyze the data. We perform a complete parameter study and experimental evaluation using data collected on a real network. The results show that the performance of our system is comparable to currently available antiviruses, although antiviruses use signatures to detect known malwares while our algorithm solely uses behavior analysis to detect new undocumented attacks.
Smartphones have evolved over the years from simple devices to communicate with each other to fully functional portable computers although with comparatively less computational power but inholding multiple applications within. With the smartphone revolution, the value of personal data has increased. As technological complexities increase, so do the vulnerabilities in the system. Smartphones are the latest target for attacks. Android being an open source platform and also the most widely used smartphone OS draws the attention of many malware writers to exploit the vulnerabilities of it. Attackers try to take advantage of these vulnerabilities and fool the user and misuse their data. Malwares have come a long way from simple worms to sophisticated DDOS using Botnets, the latest trends in computer malware tend to go in the distributed direction, to evade the multiple anti-virus apps developed to counter generic viruses and Trojans. However, the recent trend in android system is to have a combination of applications which acts as malware. The applications are benign individually but when grouped, these may result into a malicious activity. This paper proposes a new category of distributed malware in android system, how it can be used to evade the current security, and how it can be detected with the help of graph matching algorithm.
In order to solve the problem of vulnerable password guessing attacks caused by dictionary attacks, replay attacks in the authentication process, and man-in-the-middle attacks in the existing wireless local area network in terms of security authentication, we make some improvements to the 802.1X / EAP authentication protocol based on the study of the current IEEE802.11i security protocol with high security. After introducing the idea of Kerberos protocol authentication and applying the idea in the authentication process of 802.1X / EAP, a new protocol of Kerberos extensible authentication protocol (KEAP) is proposed. Firstly, the protocol introduces an asymmetric key encryption method, uses public key encryption during data transmission, and the receiver uses the corresponding private key for decryption. With unidirectional characteristics and high security, the encryption can avoid password guessing attacks caused by dictionary attacks as much as possible. Secondly, aiming at the problem that the request message sent from the client to the authentication server is vulnerable to replay attacks, the protocol uses a combination of the message sequence number and the random number, and the message serial number is added to the request message sent from the client to the authentication server. And establish a list database for storing message serial number and random number in the authentication server. After receiving a transfer message, the serial number and the random number are extracted and compared with the values in the list database to distinguish whether it is a retransmission message. Finally, the protocol introduces a keychain mechanism and uses an irreversible Hash function to encrypt the final authentication result, thereby effectively solving the man-in-the-middle attack by the pretender. The experiment uses the OPNET 14.5 simulation platform to model the KEAP protocol and simulate simulation attacks, and compares it with the current more common EAP-TLS authentication protocol. Experimental results show that the average traffic of the KEAP protocol is at least 14.74% higher than the EAP-TLS authentication protocol, and the average bit error rate is reduced by at least 24.00%.
We survey elliptic curve implementations from several vantage points. We perform internet-wide scans for TLS on a large number of ports, as well as SSH and IPsec to measure elliptic curve support and implementation behaviors, and collect passive measurements of client curve support for TLS. We also perform active measurements to estimate server vulnerability to known attacks against elliptic curve implementations, including support for weak curves, invalid curve attacks, and curve twist attacks. We estimate that 1.53% of HTTPS hosts, 0.04% of SSH hosts, and 4.04% of IKEv2 hosts that support elliptic curves do not perform curve validity checks as specified in elliptic curve standards. We describe how such vulnerabilities could be used to construct an elliptic curve parameter downgrade attack called CurveSwap for TLS, and observe that there do not appear to be combinations of weak behaviors we examined enabling a feasible CurveSwap attack in the wild. We also analyze source code for elliptic curve implementations, and find that a number of libraries fail to perform point validation for JSON Web Encryption, and find a flaw in the Java and NSS multiplication algorithms.
The Internet of Things (IoT) is one of the emerging technologies that has seized the attention of researchers, the reason behind that was the IoT expected to be applied in our daily life in the near future and human will be wholly dependent on this technology for comfort and easy life style. Internet of things is the interconnection of internet enabled things or devices to connect with each other and to humans in order to achieve some goals or the ability of everyday objects to connect to the Internet and to send and receive data. However, the Internet of Things (IoT) raises significant challenges that could stand in the way of realizing its potential benefits. This paper discusses access control area as one of the most crucial aspect of security and privacy in IoT and proposing a new way of access control that would decide who is allowed to access what and who is not to the IoT subjects and sensors.
Robots are sophisticated form of IoT devices as they are smart devices that scrutinize sensor data from multiple sources and observe events to decide the best procedural actions to supervise and manoeuvre objects in the physical world. In this paper, localization of the robot is addressed by QR code Detection and path optimization is accomplished by Dijkstras algorithm. The robot can navigate automatically in its environment with sensors and shortest path is computed whenever heading measurements are updated with QR code landmark recognition. The proposed approach highly reduces computational burden and deployment complexity as it reflects the use of artificial intelligence to self-correct its course when required. An Encrypted communication channel is established over wireless local area network using SSHv2 protocol to transfer or receive sensor data(or commands) making it an IoT enabled Robot.
In recent time it has become very crucial for the data center networks (DCN) to broaden the system limit to be able to meet with the increasing need of cloud based applications. A decent DCN topology must comprise of numerous properties for low diameter, high bisection bandwidth, ease of organization and so on. In addition, a DCN topology should depict aptness in failure resiliency, scalability, construction and routing. In this paper, we introduce a new Data Center Network topology termed LevelTree built up with several modules grows as a tree topology and each module is constructed from a complete graph. LevelTree demonstrates great topological properties and it beats critical topologies like Jellyfish, VolvoxDC, and Fattree regarding providing a superior worthwhile plan with greater capacity.
Browser extensions are a way through which third party developers provide a set of additional functionalities on top of the traditional functionalities provided by a browser. It has been identified that the browser extension platform can be used by hackers to carry out attacks of sophisticated kinds. These attacks include phishing, spying, DDoS, email spamming, affiliate fraud, mal-advertising, payment frauds etc. In this paper, we showcase the vulnerability of the current browsers to these attacks by taking Google Chrome as the case study as it is a popular browser. The paper also discusses the technical reason which makes it possible for the attackers to launch such attacks via browser extensions. A set of suggestions and solutions that can thwart the attack possibilities has been discussed.
Fog computing is a new paradigm which extends cloud computing services into the edge of the network. Indeed, it aims to pool edge resources in order to deal with cloud's shortcomings such as latency problems. However, this proposal does not ensure the honesty and the good behavior of edge devices. Thus, security places itself as an important challenge in front of this new proposal. Authentication is the entry point of any security system, which makes it an important security service. Traditional authentication schemes endure latency issues and some of them do not satisfy fog-computing requirements such as mutual authentication between end devices and fog servers. Thus, new authentication protocols need to be implemented. In this paper, we propose a new efficient authentication scheme for fog computing architecture. Our scheme ensures mutual authentication and remedies to fog servers' misbehaviors. Moreover, fog servers need to hold only a couple of information to verify the authenticity of every user in the system. Thus, it provides a low overhead in terms of storage capacity. Finally, we show through experimentation the efficiency of our scheme.
Traditional address scanning attacks mainly rely on the naive 'brute forcing' approach, where the entire IPv4 address space is exhaustively searched by enumerating different possibilities. However, such an approach is inefficient for IPv6 due to its vast subnet size (i.e., 264). As a result, it is widely assumed that address scanning attacks are less feasible in IPv6 networks. In this paper, we evaluate new IPv6 reconnaissance techniques in real IPv6 networks and expose how to leverage the Domain Name System (DNS) for IPv6 network reconnaissance. We collected IPv6 addresses from 5 regions and 100,000 domains by exploiting DNS reverse zone and DNSSEC records. We propose a DNS Guard (DNSG) to efficiently detect DNS reconnaissance attacks in IPv6 networks. DNSG is a plug and play component that could be added to the existing infrastructure. We implement DNSG using Bro and Suricata. Our results demonstrate that DNSG could effectively block DNS reconnaissance attacks.
We consider a cloud based multiserver system consisting of a set of replica application servers behind a set of proxy (indirection) servers which interact directly with clients over the Internet. We study a proactive moving-target defense to thwart a DDoS attacker's reconnaissance phase and consequently reduce the attack's impact. The defense is effectively a moving-target (motag) technique in which the proxies dynamically change. The system is evaluated using an AWS prototype of HTTP redirection and by numerical evaluations of an “adversarial” coupon-collector mathematical model, the latter allowing larger-scale extrapolations.
Dependency on cloud computing are increasing day by day due to its beneficial aspects. As day by day we are relying on cloud computing, the securities issues are coming up. There are lots of security protocols but now-a-days those protocol are not secured enough to provide a high security. One of those protocols which were once highly secured, is Kerberos authentication protocol. With the advancement of technology, Kerberos authentication protocol is no longer as secured as it was before. Many authors have thought about the improvement of Kerberos authentication protocol and consequently they have proposed different types of protocol models by using a renowned public key cryptography named RSA cryptography. Though RSA cryptography is good to some extent but this cryptography has some flaws that make this cryptography less secured as well as less efficient. In this paper, we are combining Elliptic Curve Cryptography (ECC) as well as Threshold Cryptography to create a new version of Kerberos authentication protocol. Our proposed model will provide secure transaction of data which will not only be hard to break but also increase memory efficiency, cost efficiency, and reduce the burden of computation.
With the rapid development of the information industry, the applications of Internet of things, cloud computing and artificial intelligence have greatly affected people's life, and the network equipment has increased with a blowout type. At the same time, more complex network environment has also led to a more serious network security problem. The traditional security solution becomes inefficient in the new situation. Therefore, it is an important task for the security industry to seek technical progress and improve the protection detection and protection ability of the security industry. Botnets have been one of the most important issues in many network security problems, especially in the last one or two years, and China has become one of the most endangered countries by botnets, thus the huge impact of botnets in the world has caused its detection problems to reset people's attention. This paper, based on the topic of botnet detection, focuses on the latest research achievements of botnet detection based on machine learning technology. Firstly, it expounds the application process of machine learning technology in the research of network space security, introduces the structure characteristics of botnet, and then introduces the machine learning in botnet detection. The security features of these solutions and the commonly used machine learning algorithms are emphatically analyzed and summarized. Finally, it summarizes the existing problems in the existing solutions, and the future development direction and challenges of machine learning technology in the research of network space security.
The ever rising attacks on IT infrastructure, especially on networks has become the cause of anxiety for the IT professionals and the people venturing in the cyber-world. There are numerous instances wherein the vulnerabilities in the network has been exploited by the attackers leading to huge financial loss. Distributed denial of service (DDoS) is one of the most indirect security attack on computer networks. Many active computer bots or zombies start flooding the servers with requests, but due to its distributed nature throughout the Internet, it cannot simply be terminated at server side. Once the DDoS attack initiates, it causes huge overhead to the servers in terms of its processing capability and service delivery. Though, the study and analysis of request packets may help in distinguishing the legitimate users from among the malicious attackers but such detection becomes non-viable due to continuous flooding of packets on servers and eventually leads to denial of service to the authorized users. In the present research, we propose traffic flow and flow count variable based prevention mechanism with the difference in homogeneity. Its simplicity and practical approach facilitates the detection of DDoS attack at the early stage which helps in prevention of the attack and the subsequent damage. Further, simulation result based on different instances of time has been shown on T-value including generation of simple and harmonic homogeneity for observing the real time request difference and gaps.
Recent worldwide cybersecurity attacks caused by Cryptographic Ransomware infected systems across countries and organizations with millions of dollars lost in paying extortion amounts. This form of malicious software takes user files hostage by encrypting them and demands a large ransom payment for providing the decryption key. Signature-based methods employed by Antivirus Software are insufficient to evade Ransomware attacks due to code obfuscation techniques and creation of new polymorphic variants everyday. Generic Malware Attack vectors are also not robust enough for detection as they do not completely track the specific behavioral patterns shown by Cryptographic Ransomware families. This work based on analysis of an extensive dataset of Ran-somware families presents RansomWall, a layered defense system for protection against Cryptographic Ransomware. It follows a Hybrid approach of combined Static and Dynamic analysis to generate a novel compact set of features that characterizes the Ransomware behavior. Presence of a Strong Trap Layer helps in early detection. It uses Machine Learning for unearthing zero-day intrusions. When initial layers of RansomWall tag a process for suspicious Ransomware behavior, files modified by the process are backed up for preserving user data until it is classified as Ransomware or Benign. We implemented RansomWall for Microsoft Windows operating system (the most attacked OS by Cryptographic Ransomware) and evaluated it against 574 samples from 12 Cryptographic Ransomware families in real-world user environments. The testing of RansomWall with various Machine Learning algorithms evaluated to 98.25% detection rate and near-zero false positives with Gradient Tree Boosting Algorithm. It also successfully detected 30 zero-day intrusion samples (having less than 10% detection rate with 60 Security Engines linked to VirusTotal).