Biblio

Subscriber Identity Module (SIM) is the backbone of modern mobile communication. SIM can be used to store a number of user sensitive information such as user contacts, SMS, banking information (some banking applications store user credentials on the SIM) etc. Unfortunately, the current SIM model has a major weakness. When the mobile device is lost, an adversary can simply steal a user's SIM and use it. He/she can then extract the user's sensitive information stored on the SIM. Moreover, The adversary can then pose as the user and communicate with the contacts stored on the SIM. This opens up the avenue to a large number of social engineering techniques. Additionally, if the user has provided his/her number as a recovery option for some accounts, the adversary can get access to them. The current methodology to deal with a stolen SIM is to contact your particular service provider and report a theft. The service provider then blocks the services on your SIM, but the adversary still has access to the data which is stored on the SIM. Therefore, a secure scheme is required to ensure that only legal users are able to access and utilize their SIM.

Wireless sensor network is a low cost network to solve many of the real world problems. These sensor nodes used to deploy in the hostile or unattended areas to sense and monitor the atmospheric situations such as motion, pressure, sound, temperature and vibration etc. The sensor nodes have low energy and low computing power, any security scheme for wireless sensor network must not be computationally complex and it should be efficient. In this paper we introduced a secure routing protocol for WSNs, which is able to prevent the network from DDoS attack. In our methodology we scan the infected nodes using the proposed algorithm and block that node from any further activities in the network. To protect the network we use intrusion prevention scheme, where specific nodes of the network acts as IPS node. These nodes operate in their radio range for the region of the network and scan the neighbors regularly. When the IPS node find a misbehavior node which is involves in frequent message passing other than UDP and TCP messages, IPS node blocks the infected node and also send the information to all genuine sender nodes to change their routes. All simulation work has been done using NS 2.35. After simulation the proposed scheme gives feasible results to protect the network against DDoS attack. The performance parameters have been improved after applying the security mechanism on an infected network.

Steganography is the science of hiding information to send secret messages using the carrier object known as stego object. Steganographic technology is based on three principles including security, robustness and capacity. In this paper, we present a digital image hidden by using the compressive sensing technology to increase security of stego image based on human visual system features. The results represent which our proposed method provides higher security in comparison with the other presented methods. Bit Correction Rate between original secret message and extracted message is used to show the accuracy of this method.

Outsourcing services to third-party providers comes with a high security cost-to fully trust the providers. Using trusted hardware can help, but current trusted execution environments do not adequately support services that process very large scale datasets. We present LASTGT, a system that bridges this gap by supporting the execution of self-contained services over a large state, with a small and generic trusted computing base (TCB). LASTGT uses widely deployed trusted hardware to guarantee integrity and verifiability of the execution on a remote platform, and it securely supplies data to the service through simple techniques based on virtual memory. As a result, LASTGT is general and applicable to many scenarios such as computational genomics and databases, as we show in our experimental evaluation based on an implementation of LAST-GT on a secure hypervisor. We also describe a possible implementation on Intel SGX.

There are billions of Internet of things (IoT) devices connecting to the Internet and the number is increasing. As a still ongoing technology, IoT can be used in different fields, such as agriculture, healthcare, manufacturing, energy, retailing and logistics. IoT has been changing our world and the way we live and think. However, IoT has no uniform architecture and there are different kinds of attacks on the different layers of IoT, such as unauthorized access to tags, tag cloning, sybil attack, sinkhole attack, denial of service attack, malicious code injection, and man in middle attack. IoT devices are more vulnerable to attacks because it is simple and some security measures can not be implemented. We analyze the privacy and security challenges in the IoT and survey on the corresponding solutions to enhance the security of IoT architecture and protocol. We should focus more on the security and privacy on IoT and help to promote the development of IoT.

The Internet of Things (IoT) increasingly demonstrates its role in smart services, such as smart home, smart grid, smart transportation, etc. However, due to lack of standards among different vendors, existing networked IoT devices (NoTs) can hardly provide enough security. Moreover, it is impractical to apply advanced cryptographic solutions to many NoTs due to limited computing capability and power supply. Inspired by recent advances in IoT demand, in this paper, we develop an IoT security architecture that can protect NoTs in different IoT scenarios. Specifically, the security architecture consists of an auditing module and two network-level security controllers. The auditing module is designed to have a stand-alone intrusion detection system for threat detection in a NoT network cluster. The two network-level security controllers are designed to provide security services from either network resource management or cryptographic schemes regardless of the NoT security capability. We also demonstrate the proposed IoT security architecture with a network based one-hop confidentiality scheme and a cryptography-based secure link mechanism.

The Information Centric Networking (ICN) is a novel concept of a large scale ecosystem of wireless actuators and computing technologies. ICN technologies are getting popular in the development of various applications to bring day-to-day comfort and ease in human life. The e-healthcare monitoring services is a subset of ICN services which has been utilized to monitor patient's health condition in a smart and ubiquitous way. However, there are several challenges and attacks on ICN. In this paper we have discussed ICN attacks and ICN based healthcare scenario. We have proposed a novel ICN stack for healthcare scenario for securing biomedical data communication instead of communication networks. However, the biomedical data communication between patient and Doctor requires reliable and secure networks for the global access.

A lack of awareness surrounding secure online behaviour can lead to end-users, and their personal details becoming vulnerable to compromise. This paper describes an ongoing research project in the field of usable security, examining the relationship between end-user-security behaviour, and the use of affective feedback to educate end-users. Part of the aforementioned research project considers the link between categorical information users reveal about themselves online, and the information users believe, or report that they have revealed online. The experimental results confirm a disparity between information revealed, and what users think they have revealed, highlighting a deficit in security awareness. Results gained in relation to the affective feedback delivered are mixed, indicating limited short-term impact. Future work seeks to perform a long-term study, with the view that positive behavioural changes may be reflected in the results as end-users become more knowledgeable about security awareness.

Today's major concern is not only maximizing the information rate through linear network coding scheme which is intelligent combination of information symbols at sending nodes but also secured transmission of information. Though cryptographic measure of security (computational security) gives secure transmission of information, it results system complexity and consequent reduction in efficiency of the communication system. This problem leads to alternative way of optimally secure and maximized information transmission. The alternative solution is secure network coding which is information theoretic approach. Depending up on applications, different security measures are needed during the transmission of information over wiretapped network with potential attack by the adversaries. In this research work, mathematical model for different security constraints with upper and lower boundaries were studied depending up on the randomness added to the source message and hence the security constraints on linear network code for randomized source messages depends both on randomness added and number of random source symbols. If the source generates large number random symbols, lesser number of random keys can give higher security to the information but information theoretic security bounds remain same. Hence maximizing randomness to the source is equivalent to adding security level.

A strong designated verifier signature (SDVS) is a variation of traditional digital signatures, since it allows a signer to designate an intended receiver as the verifier rather than anyone. To do this, a signer must incorporate the verifier's public key with the signing procedure such that only the intended receiver could verify this signature with his/her private key. Such a signature further enables a designated verifier to simulate a computationally indistinguishable transcript intended for himself. Consequently, no one can identify the real signer's identity from a candidate signer and a designated verifier, which is referred to as the property of signer ambiguity. A strong notion of signer ambiguity states that no polynomial-time adversary can distinguish the real signer of a given SDVS that is not received by the designated verifier, even if the adversary has obtained the signer's private key. In 2013, Islam and Biswas proposed a provably secure certificateless strong designated verifier signature (CL-SDVS) scheme based on bilinear pairings. In this paper, we will demonstrate that their scheme fails to satisfy strong signer ambiguity and must assume a trusted private key generator (PKG). In other words, their CL-SDVS scheme is vulnerable to both key-compromise and malicious PKG attacks. Additionally, we present an improved variant to eliminate these weaknesses.

We analyze the security practices of three smart toys that communicate with children through voice commands. We show the general communication architecture, and some general security and privacy practices by each of the devices. Then we focus on the analysis of one particular toy, and show how attackers can decrypt communications to and from a target device, and perhaps more worryingly, the attackers can also inject audio into the toy so the children listens to any arbitrary audio file the attacker sends to the toy. This last attack raises new safety concerns that manufacturers of smart toys should prevent.

Currently, security protection in Industrial Control Systems has become a hot topic, and a great number of defense techniques have sprung up. As one of the most effective approaches, area isolation has the exceptional advantages and is widely used to prevent attacks or hazards propagating. However, most existing methods for inter-area communication protection present some limitations, i.e., excessively depending on the analyzing rules, affecting original communication. Additionally, the network architecture and data flow direction can hardly be adjusted after being deployed. To address these problems, a dynamical and customized communication protection technology is proposed in this paper. In detail, a security inter-area communication architecture based on Software Defined Network is designed firstly, where devices or subsystems can be dynamically added into or removed from the communication link. And then, a security inspection method based on information entropy is presented for deep network behaviors analysis. According to the security analysis results, the communications in the network can be adjusted in time. Finally, simulations are constructed, and the results indicate that the proposed approach is sensitive and effective for cyber-attacks detection.

RPL is a lightweight IPv6 network routing protocol specifically designed by IETF, which can make full use of the energy of intelligent devices and compute the resource to build the flexible topological structure. This paper analyzes the security problems of RPL, sets up a test network to test RPL network security, proposes a RPL based security routing protocol M-RPL. The routing protocol establishes a hierarchical clustering network topology, the intelligent device of the network establishes the backup path in different clusters during the route discovery phase, enable backup paths to ensure data routing when a network is compromised. Setting up a test prototype network, simulating some attacks against the routing protocols in the network. The test results show that the M-RPL network can effectively resist the routing attacks. M-RPL provides a solution to ensure the Internet of Things (IoT) security.

We all are very much aware of IoT that is Internet of Things which is emerging technology in today's world. The new and advanced field of technology and inventions make use of IoT for better facility. The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers and the ability to transfer data over a network without requiring human-to-human or human-to-computer interaction. Our project is based on IoT and other supporting techniques which can bring out required output. Security issues are everywhere now-a-days which we are trying to deal with by our project. Our security throwbot (a throwable device) will be tossed into a room after activating it and it will capture 360 degree panaromic video from a single IP camera, by using two end connectivity that is, robot end and another is user end, will bring more features to this project. Shape of the robot will be shperical so that problem of retrieving back can be solved. Easy to use and cheap to buy is one of our goal which will be helpful to police and soldiers who get stuck in situations where they have to question oneself before entering to dangerous condition/room. Our project will help them to handle and verify any area before entering by just throwing this robot and getting the sufficient results.

Internet of Things (IoT) depicts an intelligent future, where any IoT-based devices having a sensorial and computing capabilities to interact with each other. Recently, we are living in the area of internet and rapidly moving towards a smart planet where devices are capable to be connected to each other. Cooperative ad-hoc vehicle systems are the main driving force for the actualization of IoT-based concept. Vehicular Ad-hoc Network (VANET) is considered as a promising platform for the intelligent wireless communication system. This paper presents and analyzes the tradeoffs between the security and reliability of the IoT-based VANET system in the presence of eavesdropping attacks using smart vehicle relays based on opportunistic relay selection (ORS) scheme. Then, the optimization of the distance between the source (S), destination (D), and Eavesdropper (E) is illustrated in details, showing the effect of this parameter on the IoT-based network. In order to improve the SRT, we quantify the attainable SRT improvement with variable distances between IoT-based nodes. It is shown that given the maximum tolerable Intercept Probability (IP), the Outage Probability (OP) of our proposed model approaches zero for Ge → ∞, where Ge is distance ratio between S — E via the vehicle relay (R).

In this paper we explore the opportunities, challenges and best practices around designing technologies for those affected by self-harm. Our work contributes to a growing HCI literature on mental health and wellbeing, as well as understandings of how to imbue appropriate value-sensitivity within the digital design process in these contexts. The first phase of our study was centred upon a hackathon during which teams of designers were asked to conceptualise and prototype digital products or services for those affected by self-harm. We discuss how value-sensitive actions and activities, including engagements with those with lived experiences of self-harm, were used to scaffold the conventional hackathon format in such a challenging context. Our approach was then extended through a series of critical engagements with clinicians and charity workers who provided appraisal of the prototypes and designs. Through analysis of these engagements we expose a number of design challenges for future HCI work that considers self-harm; moreover we offer insight into the role of stakeholder critiques in extending and rethinking hackathons as a design method in sensitive contexts.

NoCs are a well established research topic and several Implementations have been proposed for Self-healing. Self-healing refers to the ability of a system to detect faults or failures and fix them through healing or repairing. The main problems in current self-healing approaches are area overhead and scalability for complex structure since they are based on redundancy and spare blocks. Also, faulty router can isolate PE from other router nodes which can reduce the overall performance of the system. This paper presents a self-healing for a router to avoid denied fault PE function and isolation PE from other nodes. In the proposed design, the neighbor routers receive signal from a faulty router which keeps them to send the data packet which has only faulted router destination to a faulty router. Control unite turns on switches to connect four input ports to local ports successively to send coming packets to PE. The reliability of the proposed technique is studied and compared to conventional system with different failure rates. This approach is capable of healing 50% of the router. The area overhead is 14% for the proposed approach which is much lower compared to other approaches using redundancy.

Cloud Computing has many significant benefits like the provision of computing resources and virtual networks on demand. However, there is the problem to assure the security of these networks against Distributed Denial-of-Service (DDoS) attack. Over the past few decades, the development of protection method based on data mining has attracted many researchers because of its effectiveness and practical significance. Most commonly these detection methods use prelearned models or models based on rules. Because of this the proposed DDoS detection methods often failure in dynamically changing cloud virtual networks. In this paper, we purposed self-learning method allows to adapt a detection model to network changes. This is minimized the false detection and reduce the possibility to mark legitimate users as malicious and vice versa. The developed method consists of two steps: collecting data about the network traffic by Netflow protocol and relearning the detection model with the new data. During the data collection we separate the traffic on legitimate and malicious. The separated traffic is labeled and sent to the relearning pool. The detection model is relearned by a data from the pool of current traffic. The experiment results show that proposed method could increase efficiency of DDoS detection systems is using data mining.

Securing their critical documents on the cloud from data threats is a major challenge faced by organizations today. Controlling and limiting access to such documents requires a robust and trustworthy access control mechanism. In this paper, we propose a semantically rich access control system that employs an access broker module to evaluate access decisions based on rules generated using the organizations confidentiality policies. The proposed system analyzes the multi-valued attributes of the user making the request and the requested document that is stored on a cloud service platform, before making an access decision. Furthermore, our system guarantees an end-to-end oblivious data transaction between the organization and the cloud service provider using oblivious storage techniques. Thus, an organization can use our system to secure their documents as well as obscure their access pattern details from an untrusted cloud service provider.

Patches and related information about software vulnerabilities are often made available to the public, aiming to facilitate timely fixes. Unfortunately, the slow paces of system updates (30 days on average) often present to the attackers enough time to recover hidden bugs for attacking the unpatched systems. Making things worse is the potential to automatically generate exploits on input-validation flaws through reverse-engineering patches, even though such vulnerabilities are relatively rare (e.g., 5% among all Linux kernel vulnerabilities in last few years). Less understood, however, are the implications of other bug-related information (e.g., bug descriptions in CVE), particularly whether utilization of such information can facilitate exploit generation, even on other vulnerability types that have never been automatically attacked. In this paper, we seek to use such information to generate proof-of-concept (PoC) exploits for the vulnerability types never automatically attacked. Unlike an input validation flaw that is often patched by adding missing sanitization checks, fixing other vulnerability types is more complicated, usually involving replacement of the whole chunk of code. Without understanding of the code changed, automatic exploit becomes less likely. To address this challenge, we present SemFuzz, a novel technique leveraging vulnerability-related text (e.g., CVE reports and Linux git logs) to guide automatic generation of PoC exploits. Such an end-to-end approach is made possible by natural-language processing (NLP) based information extraction and a semantics-based fuzzing process guided by such information. Running over 112 Linux kernel flaws reported in the past five years, SemFuzz successfully triggered 18 of them, and further discovered one zero-day and one undisclosed vulnerabilities. These flaws include use-after-free, memory corruption, information leak, etc., indicating that more complicated flaws can also be automatically attacked. This finding calls into question the way vulnerability-related information is shared today.

Classifying users according to their behaviors is a complex problem due to the high-volume of data and the unclear association between distinct data points. Although over the past years behavioral researches has mainly focused on Massive Multiplayer Online Role Playing Games (MMORPG), such as World of Warcraft (WoW), which has predefined player classes, there has been little applied to Open World Sandbox Games (OWSG). Some OWSG do not have player classes or structured linear gameplay mechanics, as freedom is given to the player to freely wander and interact with the virtual world. This research focuses on identifying different play styles that exist within the non-structured gameplay sessions of OWSG. This paper uses the OWSG TUG as a case study and over a period of forty-five days, a database stored selected gameplay events happening on the research server. The study applied k-means clustering to this dataset and evaluated the resulting distinct behavioral profiles to classify player sessions on an open world sandbox game.

Internet eXchange Points (IXPs) play an ever-growing role in Internet inter-connection. To facilitate the exchange of routes amongst their members, IXPs provide Route Server (RS) services to dispatch the routes according to each member's peering policies. Nowadays, to make use of RSes, these policies must be disclosed to the IXP. This poses fundamental questions regarding the privacy guarantees of route-computation on confidential business information. Indeed, as evidenced by interaction with IXP administrators and a survey of network operators, this state of affairs raises privacy concerns among network administrators and even deters some networks from subscribing to RS services. We design Sixpack1, an RS service that leverages Secure Multi-Party Computation (SMPC) to keep peering policies confidential, while extending, the functionalities of today's RSes. As SMPC is notoriously heavy in terms of communication and computation, our design and implementation of Sixpack aims at moving computation outside of the SMPC without compromising the privacy guarantees. We assess the effectiveness and scalability of our system by evaluating a prototype implementation using traces of data from one of the largest IXPs in the world. Our evaluation results indicate that Sixpack can scale to support privacy-preserving route-computation, even at IXPs with many hundreds of member networks.

The need for security in today's world has become a mandatory issue to look after. With the increase in a number of thefts, it has become a necessity to implement a smart security system. Due to the high cost of the existing smart security systems which use conventional Bluetooth and other wireless technologies and their relatively high energy consumption, implementing a security system with low energy consumption at a low cost has become the need of the hour. The objective of the paper is to build a cost effective and low energy consumption security system using the Bluetooth Low Energy (BLE) technology. This system will help the user to monitor and manage the security of the house even when the user is outside the house with the help of webpage. This paper presents the design and implementation of a security system using PSoC 4 BLE which can automatically lock and unlock the door when the user in the vicinity and leaving the vicinity of the door respectively by establishing a wireless connection between the physical lock and the smartphone. The system also captures an image of a person arriving at the house and transmits it wirelessly to a webpage. The system also notifies the user of any intrusion by sending a message and the image of the intruder to the webpage. The user can also access the door remotely on the go from the website.

Software Defined Radio (SDR) can move the complicated signal processing and handling procedures involved in communications from radio equipment into computer software. Consequently, SDR equipment could consist of only a few chips connected to an antenna. In this paper, we present an implemented SDR testbed, which consists of four complete SDR nodes. Using the designed testbed, we have conducted two case studies. The first is designed to facilitate video transmission via adaptive LTE links. Our experimental results demonstrate that adaptive LTE link video transmission could reduce the bandwidth usage for data transmission. In the second case study, we perform UE location estimation by leveraging the signal strength from nearby cell towers, pertinent to various applications, such as public safety and disaster rescue scenarios where GPS (Global Position System) is not available (e.g., indoor environment). Our experimental results show that it is feasible to accurately derive the location of a UE (User Equipment) by signal strength. In addition, we design a Hardware In the Loop (HIL) simulation environment using the Vienna LTE simulator, srsLTE library, and our SDR testbed. We develop a software wrapper to connect the Vienna LTE simulator to our SDR testbed via the srsLTE library. Our experimental results demonstrate the comparative performance of simulated UEs and eNodeBs against real SDR UEs and eNodeBs, as well as how a simulated environment can interact with a real-world implementation.

Most security software tools try to detect malicious components by cryptographic hashes, signatures or based on their behavior. The former, is a widely adopted approach based on Integrity Measurement Architecture (IMA) enabling appraisal and attestation of system components. The latter, however, may induce a very long time until misbehavior of a component leads to a successful detection. Another approach is a Dynamic Runtime Attestation (DRA) based on the comparison of binary code loaded in the memory and well-known references. Since DRA is a complex approach, involving multiple related components and often complex attestation strategies, a flexible and extensible architecture is needed. In a cooperation project an architecture was designed and a Proof of Concept (PoC) successfully developed and evaluated. To achieve needed flexibility and extensibility, the implementation facilitates central components providing attestation strategies (guidelines). These guidelines define and implement the necessary steps for all relevant attestation operations, i.e. measurement, reference generation and verification.