Biblio

This paper investigates the secrecy performance of full-duplex relay mode in underlay cognitive radio networks using decode-and-forward relay selection. The analytical results prove that full-duplex mode can guarantee security under critical conditions such as the bad residual self-interference and the presence of hi-tech eavesdropper. The secrecy outage probability is derived based on the statistical characteristics of channels in this considered system. The system is examined under five circumferences: 1) Different values of primary network's desired outage probability; 2) Different values of primary transmitter's transmit power; 3) Applying of multiple relays selection; 4) Systems undergo path-loss during the transmission process; 5) Systems undergo self-interference in relays. Simulation results are presented to verify the analysis.

The inherent characteristics of Mobile Ad hoc network (MANET) such as dynamic topology, limited bandwidth, limited power supply, infrastructure less network make themselves attractive for a wide spectrum of applications and vulnerable to security attacks. Sinkhole attack is the most disruptive routing layer attack. Sinkhole nodes attract all the traffic towards them to setup further active attacks such as Black hole, Gray hole and wormhole attacks. Sinkhole nodes need to be isolated from the MANET as early as possible. In this paper, an effective mechanism is proposed to prevent and detect sinkhole and wormhole attacks in MANET. The proposed work detects and punishes the attacker nodes using different techniques such as node collusion technique, which classifies a node as an attacker node only with the agreement with the neighboring nodes. When the node suspects the existence of attacker or sinkhole node in the path, it joins together with neighboring nodes to determine the sinkhole node. In the prevention of routing attacks, the proposed system introduces a route reserve method; new routes learnt are updated in the routing table of the node only after ensuring that the route does not contain the attacker nodes. The proposed system effectively modifies Ad hoc on demand Distance Vector (AODV) with the ability to detect and prevent the sinkhole and wormhole attack, so the modified protocol is named as Attack Aware Alert (A3AODV). The experiments are carried out in NS2 simulator, and the result shows the efficiency in terms of packet delivery ratio and routing overhead.

Vehicular ad hoc network is based on MANET all the vehicle to vehicle and vehicle roadside are connected to the wireless sensor network. In this paper mainly discuss on the security in the VANET in the lightweight cloud environment. Moving vehicle on the roadside connected through the sensor nodes and to provide communication between the vehicles and directly connected to the centralized environment. We propose a new approach to share the information in the VANET networks in secure manner through cloud.

For industrial control systems, ensuring the software integrity of their devices is a key security requirement. A pure software-based attestation solution is highly desirable for protecting legacy field devices that lack hardware root of trust (e.g., Trusted Platform Module). However, for the large population of field devices with ARM processors, existing software-based attestation schemes either incur long attestation time or are insecure. In this paper, we design a novel memory stride technique that significantly reduces the attestation time while remaining secure against known attacks and their advanced variants on ARM platform. We analyze the scheme's security and performance based on the formal framework proposed by Armknecht et al. [7] (with a necessary change to ensure its applicability in practical settings). We also implement memory stride on two models of real-world power grid devices that are widely deployed today, and demonstrate its superior performance.

Cyber-physical systems connect the physical world and the information world by sensors and actuators. These sensors are usually small embedded systems which have many limitations on wireless communication, computing and storage. This paper proposes a lightweight coding method for secure and reliable transmission over a wireless communication links in cyber-physical systems. The reliability of transmission is provided by forward error correction. And to ensure the confidentiality, we utilize different encryption matrices at each time of coding which are generated by the sequence number of packets. So replay attacks and other cyber threats can be resisted simultaneously. The issues of the prior reliable transmission protocols and secure communication protocols in wireless networks of a cyber-physical system are reduced, such as large protocol overhead, high interaction delay and large computation cost.

Unattended Wireless Sensor Networks (UWSN) are usually deployed in human-hostile environments. Such architectures raise a challenge to data protection for two main reasons. First, sensors have limited capacities in terms of performance and memory, so not all cryptographic mechanisms can be applied. Moreover, the measurements cannot be immediately gathered, so they have to be kept inside the devices until a mobile sink comes to collect them. This paper introduces a new method for secure and resilient data protection inside UWSN. It is based on a lightweight fragmentation scheme that transforms data collected by a sensor into multiple secure fragments that are distributed over sensor's neighboring nodes in a way that only a certain amount of these fragments is required for data recovery. Moreover, data security is reinforced by the use of a dynamic key refreshed after each visit of the mobile sink. Authentication and integrity information are dispersed within the fragments to protected data from active attacks. Homomorphic properties of the algorithm allow to significantly reduce storage space inside the nodes. Performance and empirical security evaluation results show that the proposed scheme achieves a good trade-off between performance, data protection and memory occupation.

This paper describes biometric-based cryptographic techniques for providing confidential communications and strong, mutual and multifactor authentication on the Internet of Things. The described security techniques support the goals of universal access when users are allowed to select from multiple choice alternatives to authenticate their identities. By using a Biometric Authenticated Key Exchange (BAKE) protocol, user credentials are protected against phishing and Man-in-the-Middle attacks. Forward secrecy is achieved using a Diffie-Hellman key establishment scheme with fresh random values each time the BAKE protocol is operated. Confidentiality is achieved using lightweight cryptographic algorithms that are well suited for implementation in resource constrained environments, those limited by processing speed, limited memory and power availability. Lightweight cryptography can offer strong confidentiality solutions that are practical to implement in Internet of Things systems, where efficient execution, and small memory requirements and code size are required.

Recently, some papers that apply a multi-armed bandit algorithm for channel selection in a cognitive radio system have been reported. In those papers, channel selection based on Upper Confidence Bound (UCB) algorithm has been proposed. However, in those selection, secondary users are not allowed to transmit data over same channels at the same time. Moreover, they do not take security of wireless communication into account. In this paper, we propose secure channel selection methods based on UCB algorithm, taking secrecy capacity into account. In our model, secondary users can share same channel by using transmit time control or transmit power control. Our proposed methods lead to be secure against an eavesdropper compared to conventional channel selections based on only estimated channel availability. By computer simulation, we evaluate average system secrecy capacity. As a result, we show that our proposed channel selections improve average system secrecy capacity compared to conventional channel selection.

The area of secure compilation aims to design compilers which produce hardened code that can withstand attacks from low-level co-linked components. So far, there is no formal correctness criterion for secure compilers that comes with a clear understanding of what security properties the criterion actually provides. Ideally, we would like a criterion that, if fulfilled by a compiler, guarantees that large classes of security properties of source language programs continue to hold in the compiled program, even as the compiled program is run against adversaries with low-level attack capabilities. This paper provides such a novel correctness criterion for secure compilers, called trace-preserving compilation (TPC). We show that TPC preserves a large class of security properties, namely all safety hyperproperties. Further, we show that TPC preserves more properties than full abstraction, the de-facto criterion used for secure compilation. Then, we show that several fully abstract compilers described in literature satisfy an additional, common property, which implies that they also satisfy TPC. As an illustration, we prove that a fully abstract compiler from a typed source language to an untyped target language satisfies TPC.

The vision of smart environments, systems, and services is driven by the development of the Internet of Things (IoT). IoT devices produce large amounts of data and this data is used to make critical decisions in many systems. The data produced by these devices has to satisfy various security related requirements in order to be useful in practical scenarios. One of these requirements is data provenance which allows a user to trust the data regarding its origin and location. The low cost of many IoT devices and the fact that they may be deployed in unprotected spaces requires security protocols to be efficient and secure against physical attacks. This paper proposes a light-weight protocol for data provenance in the IoT. The proposed protocol uses physical unclonable functions (PUFs) to provide physical security and uniquely identify an IoT device. Moreover, wireless channel characteristics are used to uniquely identify a wireless link between an IoT device and a server/user. A brief security and performance analysis are presented to give a preliminary validation of the protocol.

In this paper, a novel secure information exchange scheme has been proposed for MIMO vehicular ad hoc networks (VANETs) through physical layer approach. In the scheme, a group of On Board Units (OBUs) exchange information with help of one Road Side Unit (RSU). By utilizing the key signal processing technique, i.e., Direction Rotation Alignment technique, the information to be exchanged of the two neighbor OBUs are aligned into a same direction to form summed signal at RSU or external eavesdroppers. With such summed signal, the RSU or the eavesdropper cannot recover the individual information from the OBUs. By regulating the transmission rate for each OBU, the information theoretic security could be achieved. The secrecy sum-rates of the proposed scheme are analyzed following the scheme. Finally, the numerical results are conducted to demonstrate the theoretical analysis.

A majority of today's mobile apps integrate web content of various kinds. Unfortunately, the interactions between app code and web content expose new attack vectors: a malicious app can subvert its embedded web content to steal user secrets; on the other hand, malicious web content can use the privileges of its embedding app to exfiltrate sensitive information such as the user's location and contacts. In this paper, we discuss security weaknesses of the interface between app code and web content through attacks, then introduce defenses that can be deployed without modifying the OS. Our defenses feature WIREframe, a service that securely embeds and renders external web content in Android apps, and in turn, prevents attacks between em- bedded web and host apps. WIREframe fully mediates the interface between app code and embedded web content. Un- like the existing web-embedding mechanisms, WIREframe allows both apps and embedded web content to define simple access policies to protect their own resources. These policies recognize fine-grained security principals, such as origins, and control all interactions between apps and the web. We also introduce WIRE (Web Isolation Rewriting Engine), an offline app rewriting tool that allows app users to inject WIREframe protections into existing apps. Our evaluation, based on 7166 popular apps and 20 specially selected apps, shows these techniques work on complex apps and incur acceptable end-to-end performance overhead.

Next generation 5G wireless networks pose several important security challenges. One fundamental challenge is key management between the two communicating parties. The goal is to establish a common secret key through an unsecured wireless medium. In this paper, we introduce a new physical layer paradigm for secure key exchange between the legitimate communication parties in the presence of a passive eavesdropper. The proposed method ensures secrecy via pre-equalization and guarantees reliable communications by the use of Low Density Parity Check (LDPC) codes. One of the main findings of this paper is to demonstrate through simulations that the diversity order of the eavesdropper will be zero unless the main and eavesdropping channels are almost correlated, while the probability of key mismatch between the legitimate transmitter and receiver will be low. Simulation results demonstrate that the proposed approach achieves very low secret key mismatch between the legitimate users, while ensuring very high error probability at the eavesdropper.

The rapid increase of connected devices and the major advances in information and communication technologies have led to great emergence in the Internet of Things (IoT). IoT devices require software adaptation as they are in continuous transition. Multi-agent based solutions offer adaptable composition for IoT systems. Mobile agents can also be used to enable interoperability and global intelligence with smart objects in the Internet of Things. The use of agents carrying personal data and the rapid increasing number of connected IoT devices require the use of security protocols to secure the user data. Elliptic Curve Cryptography (ECC) Algorithm has emerged as an attractive and efficient public-key cryptosystem. We recommend the use of ECC in the proposed Broadcast based Secure Mobile Agent Protocol (BROSMAP) which is one of the most secure protocols that provides confidentiality, authentication, authorization, accountability, integrity and non-repudiation. We provide a methodology to improve BROSMAP to fulfill the needs of Multi-agent based IoT Systems in general. The new BROSMAP performs better than its predecessor and provides the same security requirements. We have formally verified ECC-BROSMAP using Scyther and compared it with BROSMAP in terms of execution time and computational cost. The effect of varying the key size on BROSMAP is also presented. A new ECC-based BROSMAP takes half the time of Rivest-Shamir-Adleman (RSA) 2048 BROSMAP and 4 times better than its equivalent RSA 3072 version. The computational cost was found in favor of ECC-BROSMAP which is more efficient by a factor of 561 as compared to the RSA-BROSMAP.

On account of large and inconsistent propagation delays during transmission in Underwater Wireless Sensor Networks (UWSNs), wormholes bring more destructive than many attacks to localization applications. As a localization algorithm, DV-hop is classic but without secure scheme. A secure localization algorithm for UWSNs- RDV-HOP is brought out, which is based on reputation values and the constraints of propagation distance in UWSNs. In RDV-HOP, the anchor nodes evaluate the reputation of paths to other anchor nodes and broadcast these reputation values to the network. Unknown nodes select credible anchors nodes with high reputation to locate. We analyze the influence of the location accuracy with some parameters in the simulation experiments. The results show that the proposed algorithm can reduce the location error under the wormhole attack.

Mobile application offloading, with the purpose of extending battery lifetime and increasing performance has been intensively discussed recently, resulting in various different solutions: mobile device clones operated as virtual machines in the cloud, simultaneously running applications on the mobile device and on a distant server, as well as flexible solutions dynamically acquiring other mobile devices' resources in the user's surrounding. Existing solutions have gaps in the fields of data security and application security. These gaps can be closed by integrating data usage policies, as well as application-flow policies. In this paper, we propose and evaluate a novel approach of integrating XACML into existing mobile application offloading-frameworks. Data owners remain in full control of their data, still, technologies like device-to-device offloading can be used.

Subscriber Identity Module (SIM) is the backbone of modern mobile communication. SIM can be used to store a number of user sensitive information such as user contacts, SMS, banking information (some banking applications store user credentials on the SIM) etc. Unfortunately, the current SIM model has a major weakness. When the mobile device is lost, an adversary can simply steal a user's SIM and use it. He/she can then extract the user's sensitive information stored on the SIM. Moreover, The adversary can then pose as the user and communicate with the contacts stored on the SIM. This opens up the avenue to a large number of social engineering techniques. Additionally, if the user has provided his/her number as a recovery option for some accounts, the adversary can get access to them. The current methodology to deal with a stolen SIM is to contact your particular service provider and report a theft. The service provider then blocks the services on your SIM, but the adversary still has access to the data which is stored on the SIM. Therefore, a secure scheme is required to ensure that only legal users are able to access and utilize their SIM.

Mobile Ad hoc Network has a wide range of applications in military and civilian domains. It is generally assumed that the nodes are trustworthy and cooperative in routing protocols of MANETs viz. AODV, DSR etc. This assumption makes wireless ad hoc network more prone to interception and manipulation which further open possibilities of various types of Denial of Service (DoS) attacks. In order to mitigate the effect of malicious nodes, a reputation based secure routing protocol is proposed in this paper. The basic idea of the proposed scheme is organize the network with 25 nodes which are deployed in a 5×5 grid structure. Each normal node in the network has a specific prime number, which acts as Node identity. A Backbone Network (BBN) is deployed in a 5×5 grid structure. The proposed scheme uses legitimacy value table and reputation level table maintained by backbone network in the network. These tables are used to provide best path selection after avoiding malicious nodes during path discovery. Based on the values collected in their legitimacy table & reputation level table backbone nodes separate and avoid the malicious nodes while making path between source and destination.

Wireless sensor network is a low cost network to solve many of the real world problems. These sensor nodes used to deploy in the hostile or unattended areas to sense and monitor the atmospheric situations such as motion, pressure, sound, temperature and vibration etc. The sensor nodes have low energy and low computing power, any security scheme for wireless sensor network must not be computationally complex and it should be efficient. In this paper we introduced a secure routing protocol for WSNs, which is able to prevent the network from DDoS attack. In our methodology we scan the infected nodes using the proposed algorithm and block that node from any further activities in the network. To protect the network we use intrusion prevention scheme, where specific nodes of the network acts as IPS node. These nodes operate in their radio range for the region of the network and scan the neighbors regularly. When the IPS node find a misbehavior node which is involves in frequent message passing other than UDP and TCP messages, IPS node blocks the infected node and also send the information to all genuine sender nodes to change their routes. All simulation work has been done using NS 2.35. After simulation the proposed scheme gives feasible results to protect the network against DDoS attack. The performance parameters have been improved after applying the security mechanism on an infected network.

Steganography is the science of hiding information to send secret messages using the carrier object known as stego object. Steganographic technology is based on three principles including security, robustness and capacity. In this paper, we present a digital image hidden by using the compressive sensing technology to increase security of stego image based on human visual system features. The results represent which our proposed method provides higher security in comparison with the other presented methods. Bit Correction Rate between original secret message and extracted message is used to show the accuracy of this method.

The use of cloud computing and cloud federations has been the focus of studies in the last years. Many of these infrastructures delegate user authentication to Identity Providers. Once these services are available through the Internet, concerns about the confidentiality of user credentials and attributes are high. The main focus of this work is the security of the credentials and user attributes in authentication infrastructures, exploring secret sharing techniques and using cloud federations as a base for storing this information.

Many enterprises are transitioning towards data-driven business processes. There are numerous situations where multiple parties would like to share data towards a common goal if it were possible to simultaneously protect the privacy and security of the individuals and organizations described in the data. Existing solutions for multi-party analytics that follow the so called Data Lake paradigm have parties transfer their raw data to a trusted third-party (i.e., mediator), which then performs the desired analysis on the global data, and shares the results with the parties. However, such a solution does not fit many applications such as Healthcare, Finance, and the Internet-of-Things, where privacy is a strong concern. Motivated by the increasing demands for data privacy, we study the problem of privacy-preserving multi-party data analytics, where the goal is to enable analytics on multi-party data without compromising the data privacy of each individual party. In this paper, we first propose a secure sum protocol with strong security guarantees. The proposed secure sum protocol is resistant to collusion attacks even with N-2 parties colluding, where N denotes the total number of collaborating parties. We then use this protocol to propose two secure gradient descent algorithms, one for horizontally partitioned data, and the other for vertically partitioned data. The proposed framework is generic and applies to a wide class of machine learning problems. We demonstrate our solution for two popular use-cases, regression and classification, and evaluate the performance of the proposed solution in terms of the obtained model accuracy, latency and communication cost. In addition, we perform a scalability analysis to evaluate the performance of the proposed solution as the data size and the number of parties increase.

Outsourcing services to third-party providers comes with a high security cost-to fully trust the providers. Using trusted hardware can help, but current trusted execution environments do not adequately support services that process very large scale datasets. We present LASTGT, a system that bridges this gap by supporting the execution of self-contained services over a large state, with a small and generic trusted computing base (TCB). LASTGT uses widely deployed trusted hardware to guarantee integrity and verifiability of the execution on a remote platform, and it securely supplies data to the service through simple techniques based on virtual memory. As a result, LASTGT is general and applicable to many scenarios such as computational genomics and databases, as we show in our experimental evaluation based on an implementation of LAST-GT on a secure hypervisor. We also describe a possible implementation on Intel SGX.

As the Internet of Things (IoT) continues to grow, there arises concerns and challenges with regard to the security and privacy of the IoT system. In this paper, we propose a FOg CompUting-based Security (FOCUS) system to address the security challenges in the IoT. The proposed FOCUS system leverages the virtual private network (VPN) to secure the access channel to the IoT devices. In addition, FOCUS adopts a challenge-response authentication to protect the VPN server against distributed denial of service (DDoS) attacks, which can further enhance the security of the IoT system. FOCUS is implemented in fog computing that is close to the end users, thus achieving a fast and efficient protection. We demonstrate FOCUS in a proof-of-concept prototype, and conduct experiments to evaluate its performance. The results show that FOCUS can effectively filter out malicious attacks with a very low response latency.