Biblio

Aimming at the severe security threat faced by information transmission in wireless communication, the artificial interference in physical layer security technology was considered, and the influence of artificial interference signal style on system information transmission security was analyzed by simulation, which provided technical accumulation for the design of wireless security transmission system based on artificial interference.

Nodes in wireless Internet of Things (IoT) sensor networks are heterogeneous in nature. This heterogeneity can come from energy and security resources available at the node level. Besides, these resources are usually limited. Efficient cluster head (CH) selection in rounds is the key to preserving energy resources of sensor nodes. However, energy and security resources are contradictory to one another. Therefore, it is challenging to ensure CH selection with appropriate security resources without decreasing energy efficiency. Coverage and energy optimization subject to a required security level can form a solution to the aforementioned trade-off. This paper proposes a security level aware CH selection algorithm in wireless sensor networks for IoT. The proposed method considers energy and security level updates for nodes and coverage provided by associated CHs. The proposed method performs CH selection in rounds and in a centralized parallel processing way, making it applicable to the IoT scenario. The proposed algorithm is compared to existing traditional and emerging CH selection algorithms that apply security mechanisms in terms of energy and security efficiencies.

A sensor network is wireless with tiny nodes and widely used in various applications. To track the event and collect the data from a remote area or a hostile area sensor network is used. A WSN collects wirelessly connected tiny sensors with minimal resources like the battery, computation power, and memory. When a sensor collects data, it must be transferred to the control center through the gateway (Sink), and it must be transferred safely. For secure transfer of data in the network, the routing protocol must be safe and can use the cryptography method for authentication and confidentiality. An essential issue in WSN structure is the key management. WSN relies on the strength of the communicating devices, battery power, and sensor nodes to communicate in the wireless environment over a limited region. Due to energy and memory limitations, the construction of a fully functional network needs to be well arranged. Several techniques are available in the current literature for such key management techniques. Among the distribution of key over the network, sharing private and public keys is the most important. Network security is not an easy problem because of its limited resources, and these networks are deployed in unattended areas where they work without any human intervention. These networks are used to monitor buildings and airports, so security is always a major issue for these networks. In this paper, we proposed a dynamic key management scheme for the clustered sensor network that also supports the addition of a new node in the network later. Keys are dynamically generated and securely distributed to communication parties with the help of a cluster head. We verify the immunity of the scheme against various attacks like replay attack and node captured attacker. A simulation study was also done on energy consumption for key setup and refreshed the keys. Security analysis of scheme shows batter resiliency against node capture attack.

Wireless Sensor Networks (WSN) are gaining popularity as being the backbone of Cyber physical systems, IOT and various data acquisition from sensors deployed in remote, inaccessible terrains have remote deployment. However due to remote deployment, WSN is an adhoc network of large number of sensors either heli-dropped in inaccessible terrain like volcanoes, Forests, border areas are highly energy deficient and available in large numbers. This makes it the right soup to become vulnerable to various kinds of Security attacks. The lack of energy and resources makes it deprived of developing a robust security code for mitigation of various kinds of attacks. Many attempts have been made to suggest a robust security Protocol. But these consume so much energy, bandwidth, processing power, memory and other resources that the sole purpose of data gathering from inaccessible terrain from energy deprived sensors gets defeated. This paper makes an attempt to study the types of attacks on different layers of WSN and the examine the recent trends in development of various security protocols to mitigate the attacks. Further, we have proposed a simple, lightweight but powerful security protocol known as Simple Sensor Security Protocol (SSSP), which captures the uniqueness of WSN and its isolation from internet to develop an energy efficient security solution.

With the widespread deployment of Internet of Things (IoT) devices, hackers can use IoT devices to launch large-scale distributed denial of service (DDoS) attacks, which bring great harm to the Internet. However, how to defend against these attacks remains to be an open challenge. In this paper, we propose a novel prevention method for IoT DDoS attacks based on blockchain and obfuscation of IP addresses. Our observation is that IoT devices are usually resource-constrained and cannot support complicated cryptographic algorithms such as RSA. Based on the observation, we employ a novel authentication then communication mechanism for IoT DDoS attack prevention. In this mechanism, the attack targets' IP addresses are encrypted by a random security parameter. Clients need to be authenticated to obtain the random security parameter and decrypt the IP addresses. In particular, we propose to authenticate clients with public-key cryptography and a blockchain system. The complex authentication and IP address decryption operations disable IoT devices and thus block IoT DDoS attacks. The effectiveness of the proposed method is analyzed and validated by theoretical analysis and simulation experiments.

Distributed denial of service (DDoS) attack is a common way of network attack. It has the characteristics of wide distribution, low cost and difficult defense. The traditional algorithms of machine learning (ML) have such shortcomings as excessive systemic overhead and low accuracy in detection of DDoS. In this paper, a CGAN (conditional generative adversarial networks, conditional GAN) -based method is proposed to detect the attack of DDoS. On off-line training, five features are extracted in order to adapt the input of neural network. On the online recognition, CGAN model is adopted to recognize the packets of DDoS attack. The experimental results demonstrate that our proposed method obtains the better performance than the random forest-based method.

With the emergence of computationally intensive and delay sensitive applications, mobile edge computing(MEC) has become more and more popular. Simultaneously, MEC paradigm is faced with security challenges, the most harmful of which is DDoS attack. In this paper, we focus on the resource orchestration algorithm in MEC scenario to mitigate DDoS attack. Most of existing works on resource orchestration algorithm barely take into account DDoS attack. Moreover, they assume that MEC nodes are unselfish, while in practice MEC nodes are selfish and try to maximize their individual utility only, as they usually belong to different network operators. To solve such problems, we propose a price-based resource orchestration algorithm(PROA) using game theory and convex optimization, which aims at mitigating DDoS attack while maximizing the utility of each participant. Pricing resources to simulate market mechanisms, which is national to make rational decisions for all participants. Finally, we conduct experiment using Matlab and show that the proposed PROA can effectively mitigate DDoS attack on the attacked MEC node.

In this paper, we propose a polar coding based scheme for set reconciliation between two network nodes. The system is modeled as a well-known Slepian-Wolf setting induced by a fixed number of deletions. The set reconciliation process is divided into two phases: 1) a deletion polar code is employed to help one node to identify the possible deletion indices, which may be larger than the number of genuine deletions; 2) a lossless compression polar code is then designed to feedback those indices with minimum overhead. Our scheme can be viewed as a generalization of polar codes to some emerging network-based applications such as the package synchronization in blockchains. The total overhead is linear to the number of packages, and immune to the package size.

Internet of Things (IoT) wireless devices has the capability to interconnect small footprint devices and its key purpose is to have seamless connection without operational barriers. It is built upon a three-layer (Perception, Transportation and Application) protocol stack architecture. A multitude of security principles must be imposed at each layer for the proper and efficient working of various IoT applications. In the forthcoming years, it is anticipated that IoT devices will be omnipresent, bringing several benefits. The intrinsic security issues in conjunction with the resource constraints in IoT devices enables the proliferation of security vulnerabilities. The absence of specifically designed IoT frameworks, specifications, and interoperability issues further exacerbate the challenges in the IoT arena. This paper conducts an investigation in IoT wireless security with a focus on the major security challenges and considerations from an IoT protocol stack perspective. The vulnerabilities in the IoT protocol stack are laid out along with a gap analysis, evaluation, and the discussion on countermeasures. At the end of this work, critical issues are highlighted with the aim of pointing towards future research directions and drawing conclusions out of it.

Underwater Wireless Sensor Networks (UWSN) has vast application areas. Due to the unprotected nature, underwater security is a prime concern. UWSN becomes vulnerable to different attacks due to malicious nodes. Sybil attack is one of the major attacks in UWSN. Most of the proposed security methods are based on encryption and decryption which consumes resources of the sensor nodes. In this paper, a simple authentication mechanism is proposed for securing the UWSN from the Sybil attack. As the nodes have very less computation power and energy resources so this work is not followed any kind of encryption and decryption technique. An authentication process is designed in such a way that node engaged in communication authenticate neighboring nodes by node ID and the data stored in the cluster head. This work is also addressed sensor node compromisation issue through Hierarchical Fuzzy System (HFS) based trust management model. The trust management model has been simulated in Xfuzzy-3.5. After the simulation conducted, the proposed trust management mechanism depicts significant performance on detecting compromised nodes.

Security is the main concern for wireless sensor nodes and exposed against malicious attacks. To secure the communication between sensor nodes several key managing arrangements are already implemented. The key managing method for any protected application must minimally deliver safety facilities such as truthfulness. Diffie–Hellman key exchange in the absence of authentication is exposed to MITM (man-in-the-middle) attacks due to which the attacker node can easily interrupt the communication, by appearing as a valid node in the network. In wireless sensor networks, single path routing is very common but it suffers with the two problems i:e link failure which results in data loss and if any node in single path is compromised, there is no alternative to send the data to the destination securely. To overcome this problem, multipath routing protocol is used which provides both availability and consistency of data. AOMDV (Ad-hoc On-demand Multipath Distance Vector Routing Protocol) is used in a proposed algorithm which provides alternative paths to reach the data packets to the destination. This paper presents an algorithm DH-SAM (Diffie-Hellman- Sybil Attack Mitigation) to spot and mitigate Sybil nodes and make the network trusted with the objective of solving the issue of MITM attack in the network. After node authentication, secure keys are established between two communicating nodes for data transmission using the Diffie-Hellman algorithm. Performance evaluation of DH-SAM is done by using different metrics such as detection rate, PDR, throughput, and average end to end (AE2E) delay.

The pervasive and resource-constrained nature of Internet of Things (IoT) devices makes them attractive to be targeted by different means of cyber threats. There are a vast amount of botnets being deployed every day that aim to increase their presence on the Internet for realizing malicious activities with the help of the compromised interconnected devices. Therefore, monitoring IoT networks using intrusion detection systems is one of the major countermeasures against such threats. In this work, we present a machine learning based Wi-Fi intrusion detection system developed specifically for IoT devices. We show that a single multi-class classifier, which operates on the encrypted data collected from the wireless data link layer, is able to detect the benign traffic and six types of IoT attacks with an overall accuracy of 96.85%. Our model is a scalable one since there is no need to train different classifiers for different IoT devices. We also present an alternative attack classifier that outperforms the attack classification model which has been developed in an existing study using the same dataset.

Digital signature is more appropriate for message security in Wireless Sensors Networks (WSNs), which is energy-limited, than costly encryption. However, it meets with difficulty of verification when a large amount of message-signature pairs swarm into the central node in WSNs. In this paper, a scalable group testing algorithm based on Latin square (SGTLS) is proposed, which focus on both batch verification of signatures and invalid signature identification. To address the problem of long time-delay during individual verification, we adapt aggregate signature for batch verification so as to judge whether there are any invalid signatures among the collection of signatures once. In particular, when batch verification fails, an invalid signature identification algorithm is presented based on scalable OR-checking matrix of Latin square, which can adjust the number of group testing by itself with the variation of invalid signatures. Comprehensive analyses show that SGTLS has more advantages, such as scalability, suitability for parallel computing and flexible design (Latin square is popular), than other algorithm.

In existing Communication Based Train Control (CBTC) system, information security threats are analyzed, then information security demands of CBTC system are put forward. To protect information security, three security domains are divided according the Safety Integrity Level (SIL)) of CBTC system. Information security architecture of CBTC system is designed, special use firewalls and intrusion detection system are adopted. Through this CBTC system security are enhanced and operation safety is ensured.

Wireless Sensor Network (WSN)is the most promising area which is widely used in the field of military, healthcare systems, flood control, and weather forecasting system. In WSN every node is connected with another node and exchanges the information from one to another. While sending data between nodes data security is an important factor. Security is a vital issue in the area of networking. This paper addresses the issue of security in terms of distinct attacks and their solutions provided by the different authors. Whenever data is transferred from source to destination then it follows some route so there is a possibility of a malicious node in the network. It is a very difficult task to identify the malicious node present in the network. Insecurity intruder attacks on data packets that are transferred from one node to another node. While transferring the data from source to destination node hacker hacks the data and changes the actual data. In this paper, we have discussed the numerous security solution provided by the different authors and they had used the Machine Learning (ML) approach to handle the attacks. Various ML techniques are used to determine the authenticity of the node. Network attacks are elaborated according to the layer used for WSN architecture. In this paper, we will categorize the security attacks according to layer-wise and type-wise and represent the solution using the ML technique for handling the security attack.

Recently, vehicular communications have been the focus of industry, research and development fields. There are many benefits of vehicular communications. It improves traffic management and put derivers in better control of their vehicles. Privacy and security protection are collective accountability in which all parties need to actively engage and collaborate to afford safe and secure communication environments. The primary objective of this paper is to exploit the RSS characteristic of physical layer, in order to generate a secret key that can securely be exchanged between legitimated communication vehicles. In this paper, secret key extraction from wireless channel will be the main focus of the countermeasures against VANET security attacks. The technique produces a high rate of bits stream while drop less amount of information. Information reconciliation is then used to remove dissimilarity of two initially extracted keys, to increase the uncertainty associated to the extracted bits. Five values are defined as quantization thresholds for the captured probes. These values are derived statistically, adaptively and randomly according to the readings obtained from the received signal strength.

Reconfigurable Intelligent Surface (RIS) is one of the latest technologies in bringing a certain amount of control to the rather unpredictable and uncontrollable wireless channel. In this paper, RIS is introduced in a bidirectional system with two source nodes and a Decode and Forward (DF) relay node. It is assumed that there is no direct path between the source nodes. The relay node receives information from source nodes simultaneously. The Physical Layer Network Coding (PLNC) is applied at the relay node to assist in the exchange of information between the source nodes. Analytical expressions are derived for the average probability of errors at the source nodes and relay node of the proposed RIS-assisted bidirectional relay system. The Bit Error Rate (BER) performance is analyzed using both simulation and analytical forms. It is observed that RIS-assisted PLNC based bidirectional relay system performs better than the conventional PLNC based bidirectional system.

In this paper, we study a wireless powered cellular network (WPCN) supported with network coding capability. In particular, we consider a network consisting of k cellular users (CUs) served by a hybrid access point (HAP) that takes over energy transfer to the users on top of information transmission over both the uplink (UL) and downlink (DL). Each CU has k+1 states representing its communication behavior, and collectively are referred to as the user demand profile. Opportunistically, when the CUs have information to be exchanged through the HAP, it broadcasts this information in coded format to the exchanging pairs, resulting in saving time slots over the DL. These saved slots are then utilized by the HAP to prolong the network lifetime and enhance the network throughput. We quantify, analytically, the performance gain of our network-coded WPCN over the conventional one, that does not employ network coding, in terms of network lifetime and throughput. We consider the two extreme cases of using all the saved slots either for energy boosting or throughput enhancement. In addition, a lifetime/throughput optimization is carried out by the HAP for balancing the saved slots assignment in an optimized fashion, where the problem is formulated as a mixed-integer linear programming optimization problem. Numerical results exhibit the network performance gains from the lifetime and throughput perspectives, for a uniform user demand profile across all CUs. Moreover, the effect of biasing the user demand profile of some CUs in the network reveals considerable improvement in the network performance gains.

Batched network coding is a low-complexity network coding solution to feedbackless multi-hop wireless packet network transmission with packet loss. The data to be transmitted is encoded into batches where each of which consists of a few coded packets. Unlike the traditional forwarding strategy, the intermediate network nodes have to perform recoding, which generates recoded packets by network coding operations restricted within the same batch. Adaptive recoding is a technique to adapt the fluctuation of packet loss by optimizing the number of recoded packets per batch to enhance the throughput. The input rank distribution, which is a piece of information regarding the batches arriving at the node, is required to apply adaptive recoding. However, this distribution is not known in advance in practice as the incoming link's channel condition may change from time to time. On the other hand, to fully utilize the potential of adaptive recoding, we need to have a good estimation of this distribution. In other words, we need to guess this distribution from a few samples so that we can apply adaptive recoding as soon as possible. In this paper, we propose a distributionally robust optimization for adaptive recoding with a small-sample inferred prediction of the input rank distribution. We develop an algorithm to efficiently solve this optimization with the support of theoretical guarantees that our optimization's performance would constitute as a confidence lower bound of the optimal throughput with high probability.

Batched network coding (BNC) is a low-complexity solution to network transmission in feedbackless multi-hop packet networks with packet loss. BNC encodes the source data into batches of packets. As a network coding scheme, the intermediate nodes perform recoding on the received packets instead of just forwarding them. Blockwise adaptive recoding (BAR) is a recoding strategy which can enhance the throughput and adapt real-time changes in the incoming channel condition. In wireless applications, in order to combat burst packet loss, interleavers can be applied for BNC in a hop-by-hop manner. In particular, a batch-stream interleaver that permutes packets across blocks can be applied with BAR to further boost the throughput. However, the previously proposed minimal communication protocol for BNC only supports permutation of packets within a block, called intrablock interleaving, and so it is not compatible with the batch-stream interleaver. In this paper, we design an intrablock interleaver for BAR that is backward compatible with the aforementioned minimal protocol, so that the throughput can be enhanced without upgrading all the existing devices.

Wireless relay network is a solution for transmitting information from a source node to a sink node far away by installing a relay in between. The broadcasting nature of wireless communication allows the sink node to receive part of the data sent by the source node. In this way, the relay does not need to receive the whole piece of data from the source node and it does not need to forward everything it received. In this paper, we consider the application of batched network coding, a practical form of random linear network coding, for a better utilization of such a network. The amount of innovative information at the relay which is not yet received by the sink node, called the innovative rank, plays a crucial role in various applications including the design of the transmission scheme and the analysis of the throughput. We present a visualization of the innovative rank which allows us to understand and derive formulae related to the innovative rank with ease.

With the rapid development of mobile communication technology, the reconnaissance on terminal capability and identity information is not only an important guarantee to maintain the normal order of mobile communication, but also an essential means to ensure the electromagnetic space security. According to the characteristics of 5G mobile communication terminal's transporting capability and identity information, the smart jamming is first used to make the target terminal away from the 5G network, and then the jamming is turned off at once. Next the terminal will return to the 5G network. Through the time-frequency matching detection method, interactive signals of random access process and network registration between the terminal and the base station are quickly captured in this process, and the scheduling information in Physical Downlink Control Channel (PDCCH) and the capability and identity information in Physical Uplink Shared Channel (PUSCH) are demodulated and decoded under non-cooperative conditions. Finally, the experiment is carried out on the actual 5G communication terminal of China Telecom. The capability and identity information of this terminal are extracted successfully in the Stand Alone (SA) mode, which verifies the effectiveness and correctness of the method. This is a significant technical foundation for the subsequent development on the 5G terminal control equipment.

The 5G technology brings the substantial improvement on the quality of services (QoS), such as higher throughput, lower latency, more stable signal and more ultra-reliable data transmission, triggering a revolution for the wireless mobile network. But in a general traffic channel in the 5G-based wireless mobile network, an attacker can detect a message transmitted over a channel, or even worse, forge or tamper with the message. Building a secure channel over the two parties is a feasible solution to this uttermost data transmission security challenge in 5G-based wireless mobile network. However, how to authentication the identities of the both parties before establishing the secure channel to fully ensure the data confidentiality and integrity during the data transmission has still been a open issue. To establish a fully secure channel, in this paper, we propose a strongly secure pairing-free certificateless authenticated key agreement (PF-CL-AKA) protocol with two-way identity-based authentication before extracting the secure session key. Our protocol is provably secure in the Lippold model, which means our protocol is still secure as long as each party of the channel has at least one uncompromised partial private term. Finally, By the theoretical analysis and simulation experiments, we can observe that our scheme is practical for the real-world applications in the 5G-based wireless mobile network.

The performance prediction of user equipment (UE) metrics has many applications in the 5G era and beyond. For instance, throughput prediction can improve carrier selection, adaptive video streaming's quality of experience (QoE), and traffic latency. Many studies suggest distributed learning algorithms (e.g., federated learning (FL)) for this purpose. However, in a multi-tier design, features are measured in different tiers, e.g., UE tier, and gNodeB (gNB) tier. On one hand, neglecting the measurements in one tier results in inaccurate predictions. On the other hand, transmitting the data from one tier to another improves the prediction performance at the expense of increasing network overhead and privacy risks. In this paper, we propose cascaded FL to enhance UE throughput prediction with minimum network footprint and privacy ramifications (if any). The idea is to introduce feedback to conventional FL, in multi-tier architectures. Although we use cascaded FL for UE prediction tasks, the idea is rather general and can be used for many prediction problems in multi-tier architectures, such as cellular networks. We evaluate the performance of cascaded FL by detailed and 3GPP compliant simulations of London's city center. Our simulations show that the proposed cascaded FL can achieve up to 54% improvement over conventional FL in the normalized gain, at the cost of 1.8 MB (without quantization) and no cost with quantization.

The popular federated edge learning (FEEL) framework allows privacy-preserving collaborative model training via frequent learning-updates exchange between edge devices and server. Due to the constrained bandwidth, only a subset of devices can upload their updates at each communication round. This has led to an active research area in FEEL studying the optimal device scheduling policy for minimizing communication time. However, owing to the difficulty in quantifying the exact communication time, prior work in this area can only tackle the problem partially by considering either the communication rounds or per-round latency, while the total communication time is determined by both metrics. To close this gap, we make the first attempt in this paper to formulate and solve the communication time minimization problem. We first derive a tight bound to approximate the communication time through cross-disciplinary effort involving both learning theory for convergence analysis and communication theory for per-round latency analysis. Building on the analytical result, an optimized probabilistic scheduling policy is derived in closed-form by solving the approximate communication time minimization problem. It is found that the optimized policy gradually turns its priority from suppressing the remaining communication rounds to reducing per-round latency as the training process evolves. The effectiveness of the proposed scheme is demonstrated via a use case on collaborative 3D objective detection in autonomous driving.