Biblio

Internet of Things (IoT) is characterized by various of heterogeneous devices that facing numerous threats, which makes modeling security situation of IoT still a certain challenge. This paper defines a Stochastic Colored Petri Net (SCPN) for IoT-based smart environment and then proposes a Game model for security situational awareness. All possible attack paths are computed by the SCPN, and antagonistic behavior of both attackers and defenders are taken into consideration dynamically according to Game Theory (GT). Experiments on two typical attack scenarios in smart home environment demonstrate the effectiveness of the proposed model. The proposed model can form a macroscopic trend curve of the security situation. Analysis of the results shows the capabilities of the proposed model in finding vulnerable devices and potential attack paths, and even facilitating the choice of defense strategy. To the best of our knowledge, this is the first attempt to use Game Theory in the IoT-based SCPN to establish a security situational awareness model for a complex smart environment.

Software1 Defined Network (SDN) is a new type of network architecture that has advantages over traditional network. For SDN, security is a basic issue. SDN controller has received considerable attention in the researches on SDN security. Researchers assign security tasks to SDN controllers generally, but it puts a heavy burden on the SDN controller and leads to a decrease in system stability. On the basis of previous work, we propose a new security protection architecture based on SDN/NFV. Meanwhile, a security function virtual machine pool is designed in infrastructure layer in architecture. It can create virtual machines and manage the ip addresses of the virtual machines automatically, which improves the flexibility and expandability of the architecture. Moreover, a function composition algorithm based on Trie (FCT) has been introduced. We deploy the security protection architecture on VMware cloud platform to validate the availability of the architecture and use experimental data to prove FCT algorithm has good performance.

Information Centric Networking (ICN) has been regarded as an ideal architecture for the next-generation network to handle users' increasing demand for content delivery with in-network cache. While making better use of network resources and providing better delivery service, an effective access control mechanism is needed due to wide dissemination of contents. However, in the existing solutions, making cache-enabled routers or content providers authenticate users' requests causes high computation overhead and unnecessary delay. Also, straightforward utilization of advanced encryption algorithms increases the opportunities for DoS attacks. Besides, privacy protection and service accountability are rarely taken into account in this scenario. In this paper, we propose a secure, efficient, and accountable access control framework, called SEAF, for ICN, in which authentication is performed at the network edge to block unauthorized requests at the very beginning. We adopt group signature to achieve anonymous authentication, and use hash chain technique to greatly reduce the overhead when users make continuous requests for the same file. Furthermore, the content providers can affirm the service amount received from the network and extract feedback information from the signatures and hash chains. By formal security analysis and the comparison with related works, we show that SEAF achieves the expected security goals and possesses more useful features. The experimental results also demonstrate that our design is efficient for routers and content providers, and introduces only slight delay for users' content retrieval.

6LoWPAN is a widely used protocol for communication over IPV6 Low-power Wireless Personal Area Networks. Unfortunately, the 6LoWPAN packet fragmentation mechanism possesses vulnerabilities that adversaries can exploit to perform network attacks. Lack of fragment authentication, payload integrity verification, and sender IP address validation lead to fabrication, duplication, and impersonation attacks. Moreover, adversaries can abuse the poor reassembly buffer management technique of the 6LoWPAN layer to perform buffer exhaustion and selective forwarding attacks. In this paper, we propose SecuPAN - a security scheme for mitigating fragmentation-based network attacks in 6LoWPAN networks and devices. We propose a Message Authentication Code based per-fragment integrity and authenticity verification scheme to defend against fabrication and duplication attacks. We also present a mechanism for computing datagram-tag and IPv6 address cryptographically to mitigate impersonation attacks. Additionally, our reputation-based buffer management scheme protects 6LoWPAN devices from buffer reservation attacks. We provide an extensive security analysis of SecuPAN to demonstrate that SecuPAN is secure against strong adversarial scenarios. We also implemented a prototype of SecuPAN on Contiki enabled IoT devices and provided a performance analysis of our proposed scheme.

By allowing a large number of users to behave as readers or writers, Multi-User Searchable Encryption (MUSE) raises new security and performance challenges beyond the typical requirements of Symmetric Searchable Encryption (SSE). In this paper we identify two core mandatory requirements of MUSE protocols being privacy in face of users colluding with the CSP and low complexity for the users, pointing that no existing MUSE protocol satisfies these two requirements at the same time. We then come up with the first MUSE protocol that satisfies both of them. The design of the protocol also includes new constructions for a secure variant of Bloom Filters (BFs) and multi-query Oblivious Transfer (OT).

Wireless Sensors Networks (WSNs) are susceptible to many security threats, and because of communication, computation and delay constraints of WSNs, traditional security mechanisms cannot be used. As a consequence, several secure routing methods have been proposed during the last decade, whereas trust management models and corresponding routing protocols have also been recently suggested as an even more effective security mechanism for WSNs. In this paper, we present a detailed survey on such routing protocols along with a proper classification according to their basic features. We first distinguish between secure multipath protocols and trust evaluation based protocols. The former are then distinguished to share and non share-based ones, whereas the latter are categorized according to their cluster-based structure or not. A comprehensive analysis is presented, accompanied by proper comparison and summarization tables for the most significant ones, as well as corresponding discussion and conclusions. Main emphasis is given to their novelty, basic methodology, pros and cons, kinds of faced attacks and complexity.

For location-aware applications in wireless sensor networks (WSNs), it is important to ensure that sensor nodes can get correct locations in a hostile WSNs. Sybil attacks, which are vital threats in WSNs, especially in the distributed WSNs. They can forge one or multiple identities to decrease the localization accuracy, or sometimes to collapse the whole localization systems. In this paper, a novel lightweight sybilfree (SF)-APIT algorithm is presented to solve the problem of sybil attacks in APIT localization scheme, which is a popular range-free method and performs at individual node in a purely distributed fashion. The proposed SF-APIT scheme requires minimal overhead for wireless devices and works well based on the received signal strength. Simulations demonstrate that SF-APIT is an effective scheme in detecting and defending against sybil attacks with a high detection rate in distributed wireless localization schemes.

As a result of increasing the interest in developing the communication systems that use public channels for transmitting information, many channel problems are raised up. Among these problems, the important one should be addressed is the information security. This paper presents a proposed communication system with high security uses two encryption levels based on chaotic systems. The first level is chaotic scrambling, while the second one is chaotic masking. This configuration increases the information security since the key space becomes too large. The MATLAB simulation results showed that the Segmental Spectral Signal to Noise Ratio (SSSNR) of the first level (chaotic scrambling) is reduced by -5.195 dB comparing to time domain scrambling. Furthermore, in the second level (chaotic masking), the SSSNR is reduced by -20.679 dB. It is also showed that when the two levels are combined, the overall reduction obtained is -21.755 dB.

We seek to answer the following question: To what extent can we deduplicate replicated storage? To answer this question, we design ReDup, a secure storage system that provides users with strong integrity, reliability, and transparency guarantees about data that is outsourced at cloud storage providers. Users store multiple replicas of their data at different storage servers, and the data at each storage server is deduplicated across users. Remote data integrity mechanisms are used to check the integrity of replicas. We consider a strong adversarial model, in which collusions are allowed between storage servers and also between storage servers and dishonest users of the system. A cloud storage provider (CSP) could store less replicas than agreed upon by contract, unbeknownst to honest users. ReDup defends against such adversaries by making replica generation to be time consuming so that a dishonest CSP cannot generate replicas on the fly when challenged by the users. In addition, ReDup employs transparent deduplication, which means that users get a proof attesting the deduplication level used for their files at each replica server, and thus are able to benefit from the storage savings provided by deduplication. The proof is obtained by aggregating individual proofs from replica servers, and has a constant size regardless of the number of replica servers. Our solution scales better than state of the art and is provably secure under standard assumptions.

A secure voice communications channel is on demand to avoid unwanted eavesdropping of voice messages. This paper reports the development of communicaiton channel prototype equipped with Chaotic cryptographic algorithm with Cipher Feedback mode, implemented on FPGA due to its high processing speed and low delay required for voice channel. Two Spartan-3 FPGA board was used for the purpose, one as transmitter in encryption process and the other as receiver of decryption process. The experimental tests reveal that the voice channel is successfully secured using the encryption-decription cycle for asynchronous communication. In the non-ecrypted channel, the average values of MSE, delay, and THD-N parameters are 0.3513 V2, 202 μs, and 17.52%, respectively, while the secured channel produce MSE of 0.3794 V2, delay 202 μs, and THD-N 20.45%. Therefore, the original information sent in the encrypted channel can be restored with similar quality compared to the non-encrypted channel.

Drones are increasingly being used as mobile data collectors for various monitoring services. However, since they may move around in unattended hostile areas with valuable data, they can be the targets of malicious physical/cyber attacks. These attacks may aim at stealing privacy-sensitive data, including secret keys, and eavesdropping on communications between the drones and the ground station. To detect tampered drones, a code attestation technique is required. However, since attestation itself does not guarantee that the data in the drones' memory are not leaked, data collected by the drones must be protected and secret keys for secure communications must not be leaked. In this paper, we present a solution integrating techniques for software-based attestation, data encryption and secret key protection. We propose an attestation technique that fills up free memory spaces with data repositories. Data repositories consist of pseudo-random numbers that are also used to encrypt collected data. We also propose a group attestation scheme to efficiently verify the software integrity of multiple drones. Finally, to prevent secret keys from being leaked, we utilize a technique that converts short secret keys into large look-up tables. This technique prevents attackers from abusing free space in the data memory by filling up the space with the look-up tables. To evaluate the integrated solution, we implemented it on AR.Drone and Raspberry Pi.

Social media users generate tremendous amounts of data. To better serve users, it is required to share the user-related data among researchers, advertisers and application developers. Publishing such data would raise more concerns on user privacy. To encourage data sharing and mitigate user privacy concerns, a number of anonymization and de-anonymization algorithms have been developed to help protect privacy of social media users. In this work, we propose a new adversarial attack specialized for social media data.We further provide a principled way to assess effectiveness of anonymizing different aspects of social media data. Our work sheds light on new privacy risks in social media data due to innate heterogeneity of user-generated data which require striking balance between sharing user data and protecting user privacy.

To achieve its goals, ransomware needs to employ strong encryption, which in turn requires access to high-grade encryption keys. Over the evolution of ransomware, various techniques have been observed to accomplish the latter. Understanding the advantages and disadvantages of each method is essential to develop robust defense strategies. In this paper we explain the techniques used by ransomware to derive encryption keys and analyze the security of each approach. We argue that recovery of data might be possible if the ransomware cannot access high entropy randomness sources. As an evidence to support our theoretical results, we provide a decryptor program for a previously undefeated ransomware.

Analyzing performance of security and stability control system is of great importance for the safe and stable operation of the power grid. Digital dynamic experimental model is built by real time digital simulation (RTDS) in order to research security and stability system of Inner Mongolia in northern 500kV transmission channel. The whole process is closed-loop dynamic real-time simulation. According to power grid network testing technology standard, all kinds of stability control devices need to be tested in a comprehensive system. Focus on the following items: security and stability control strategy, tripping criterion as well as power system low frequency oscillations. Results of the trial indicated that the simulation test platform based on RTDS have the ability of detecting the safe and stable device. It can reflect the action behavior and control characteristics of the safe and stable device accurately. The device can be used in the case of low frequency oscillation of the system.

A wireless sensor network consists of many important elements like Sensors, Bass station and User. A Sensor can measure many non electrical quantities like pressure, temperature, sound, etc and transmit this information to the base station by using internal transreceiver. A security of this transmitted data is very important as the data may contain important information. As wireless sensor network have many application in the military and civil domains so security of wireless sensor network become a critical concern. A Sybil attack is one of critical attack which can affect the routing protocols, fair resourse allocation, data aggregation and misbehavior detection parameters of network. A number of detection techniques to detect Sybil nodes have already designed to overcome the Sybil attack. Out of all the techniques few techniques which can improve the true detection rate and reduce false detection rate are discussed in this paper.

Multiple-input multiple-output (MIMO) techniques are currently the de facto approach for increasing the capacity and reliability of communication systems. Spatial modulation (SM) is presently one of the most eminent MIMO techniques. As, it combines the advantages of having higher spectral efficiency than repetition coding (RC) while overcoming the inter-channel interference (ICI) faced by spatial multiplexing (SMP). Moreover, SM reduces system complexity. In this paper, for the first time in literature, the use of MIMO techniques is explored in Internet-of-Things(IoT) deployments by introducing a novel technique called security aware spatial modulation (SA-SM).SA-SM provides a low complexity, secure and spectrally efficient technique that harvests the advantages of SM, while facing the arising security concerns of IoT systems. Using an undemanding modification at the receiver, SA-SM gives an extra degree of technology independent physical layer security. Our results show that SA-SM forces the bit-error-rate (BER) of an eavesdropper to not exceed the range of 10-2, which is below the forward-error-correction (FEC) threshold. Hence, it eradicates the ability of an eavesdropper to properly decode the transmitted signal. Additionally, the efficiency of SA-SM is verified in both the radio and visible light ranges. Furthermore, SA-SM is capable of reducing the peak-to-average-power-ratio (PAPR) by 26.2%.

In modern cyber-physical systems and wireless sensor networks the complexity of crisis management processes is caused by a variety of software/hardware assets and communication protocols, the necessity of their collaborative function, possible inconsistency of data flows between particular devices and increased requirements to cyber-physical security. A crisis management oriented model of a communicational mobile network is constructed. A general architecture of network nodes by the use of XBee circuits, Arduino microcontrollers and connecting equipment are developed. An analysis of possible cyber-physical security events on the base of existing intruder models is performed. A series of experiments on modeling attacks on network nodes is conducted. Possible ways for attack revelations by means of components for security event collection and data correlation is discussed.

The current security mechanisms for Android apps, both static and dynamic analysis approaches, are insufficient for detection and prevention of the increasingly dynamic and sophisticated security attacks. Static analysis approaches suffer from false positives whereas dynamic analysis approaches suffer from false negatives. Moreover, they all lack the ability to efficiently analyze systems with incremental changes—such as adding/removing apps, granting/revoking permissions, and dynamic components’ communications. Each time the system changes, the entire analysis needs to be repeated, making the existing approaches inefficient for practical use. To mitigate their shortcomings, we have developed SALMA, a novel self-protecting Android software system that monitors itself and adapts its behavior at runtime to prevent a wide-range of security risks. SALMA maintains a precise architectural model, represented as a Multiple-Domain-Matrix, and incrementally and efficiently analyzes an Android system in response to incremental system changes. The maintained architecture is used to reason about the running Android system. Every time the system changes, SALMA determines (1) the impacted part of the system, and (2) the subset of the security analyses that need to be performed, thereby greatly improving the performance of the approach. Our experimental results on hundreds of real-world apps corroborate SALMA’s scalability and efficiency as well as its ability to detect and prevent security attacks at runtime with minimal disruption.

The Software Defined Networks (SDN) paradigm, often referred to as a radical new idea in networking, promises to dramatically simplify network management by enabling innovation through network programmability. However, notable security issues, such as app-to-control threats, remain a significant concern that impedes SDN from being widely adopted. To cope with those app-to-control threats, this paper proposes a solution to securely deploy valid network applications while protecting the SDN controller against the injection of the malicious application. This problem is mitigated by proposing a novel SDN architecture, dubbed SENAD, which splits the well-known SDN controller into: (1) a data plane controller (DPC), and (2) an application plane controller (APC), to secure this latter by design. The role of the DPC is dedicated for interpreting the network rules into OpenFlow entries and maintaining the communication with the data plane. The role of the APC, however, is to provide a secured runtime for deploying the network applications, including authentication, access control, resource isolation, control, and monitoring applications. We show that this approach can easily shield against any deny of service, caused for instance by the resource exhaustion attack or the malicious command injection, that is caused by the co-existence of a malicious application on the controller's runtime. The evaluation of our architecture shows that the packet\_in messages take less than 5 ms to be delivered from the data plane to the application plane on the long range.

A limit SNR(signal noise ratio) -1.6dB has been derived in continuous AWGN channel by shannon theorem. In this paper we study the channel capacity and limit SNR by series representation unlike iteration method for BI-AWGN(discrete binary input, continuous output) and rayleigh channel in BPSK modulation. The limit SNR is obtained under the help of Cesαro series summation rule. We figure out that BI-AWGN and rayleigh channel with (channel state information)CSI behave the same in limit SNR in terms of R → 0 and P → 0. For rayleigh channel without CSI, We solve it approximately by series expanded in R → 0 and an expression of capacity behaves more simple than the two others derived before.

When clustering unlabeled data, categorical attributes are usually treated differently from numerical attributes because of their unique characteristics, which introduces difficulties in clustering data with both types of attributes. In this paper, we propose a strategy to map categorical attributes to high dimensional vectors based on the Simplex Theory, hence categorical attributes could be handled the same as numeral attributes. To achieve identical distances between any two values under Euclidean distance, we theoretically prove a categorical attribute with n types of values should be mapped to at least n–1 dimensional vectors. Furthermore, numerical vector mapping solutions are provided on condition of 0 normalized constraint. Experimentally, we show that integrating our vector mapping strategy with K-means algorithm achieves better accuracy than integrating similarities for categorical attributes with K-modes algorithm on four datasets.

The Data Encryption Standard (DES) of the multimedia cryptography possesses the weak point of key conducting that is why it reaches to the triple form of DES. However, the triple DES obtains the better characteristic to secure the protection of data to against the attacks, it still contains an extremely inappropriate performance (speed) and efficiency in doing so. This paper provides the effective performance and the results of a single and triple chaotic cryptography using chaos in digital filter, compare to DES and triple DES. This comparison has been made pair-to-pair of single structure respectively to the triple form. Finally the implementation aspects of a single chaotic cryptography using chaos in digital filter can stand efficiently as better performance speed with the small complexity algorithm, points out the resemblances to DES and triple DES with the similar security confirmation results without reaching to the triple form of the structure. Simulation has been conducted using Matlab simulation with the input of grayscale image.

The rapid development of the Cloud Computing Technologies (CCTs) has amended the conventional design of resource-constrained Network Control System (NCS) to the powerful and flexible design of Cloud-Based Networked Control System (CB-NCS) by relocating the processing part to the cloud server. This arrangement has produced many internets based exquisite applications. However, this new arrangement has also raised many network security challenges for the cloud-based control system related to cyber-physical part of the system. In the absence of robust verification methodology, an attacker can launch the modification attack in order to destabilize or take control of NCS. It is desirable that there shall be a solution authentication methodology used to verify whether the incoming solutions are coming from the cloud or not. This paper proposes a methodology used for the verification of the receiving solution to the local control system from the cloud using Karush-Kuhn-Tucker (KKT) conditions, which is then applied to actuator after verification and thus ensure the stability in case of modification attack.

Photonic networks-on-chip (PNoCs) enable high bandwidth on-chip data transfers by using photonic waveguides capable of dense-wave-length-division-multiplexing (DWDM) for signal traversal and microring resonators (MRs) for signal modulation. A Hardware Trojan in a PNoC can manipulate the electrical driving circuit of its MRs to cause the MRs to snoop data from the neighboring wavelength channels in a shared photonic waveguide. This introduces a serious security threat. This paper presents a novel framework called SOTERIA† that utilizes process variation based authentication signatures along with architecture-level enhancements to protect data in PNoC architectures from snooping attacks. Evaluation results indicate that our approach can significantly enhance the hardware security in DWDM-based PNoCs with minimal overheads of up to 10.6% in average latency and of up to 13.3% in energy-delay-product (EDP).

Security often requires that the data must be kept safe from unauthorized access. And the best line of speech communication is security. However, most computers are interconnected with each other openly, thereby exposing them and the communication channels that person uses. Speech cryptography secures information by protecting its confidentiality. It can also be used to protect information about the integrity and authenticity of data. Stronger cryptographic techniques are needed to ensure the integrity of data stored on a machine that may be infected or under attack. So far speech cryptography is used in many forms but using it with Audio file is another stronger technique. The process of cryptography happens with audio file for transferring more secure sensitive data. The audio file is encrypted and decrypted by using Lorenz 3D mapping and then 3D mapping function is converted into 2D mapping function by using euler's numerical resolution and strong algorithm provided by using henon mapping and then decrypted by using reverse of encryption. By implementing this, the resultant audio file will be in secured form.