Biblio

This paper studies physical-layer security over slow fading channels, considering the impact of finite-blocklength secrecy coding. A comprehensive analysis and optimization framework is established to investigate the secrecy throughput (ST) of a legitimate user pair coexisting with an eavesdropper. Specifically, we devise both adaptive and non-adaptive optimization schemes to maximize the ST, where we derive optimal parameters including the transmission policy, blocklength, and code rates based on the instantaneous and statistical channel state information of the legitimate pair, respectively. Various important insights are provided. In particular, 1) increasing blocklength improves both reliability and secrecy with our transmission policy; 2) ST monotonically increases with blocklength; 3) ST initially increases and then decreases with secrecy rate, and there exists a critical secrecy rate that maximizes the ST. Numerical results are presented to verify theoretical findings.

The design of reliable and secure codes with finite block length is an important requirement for industrial machine type communications. In this work, we develop an autoencoder for the multi-mode fiber wiretap channel taking into account the error performance at the legitimate receiver and the information leakage at potential eavesdroppers. The estimate of the mutual information leakage includes AWGN and fading channels. The code design is tailored to the specific channel setup where the eavesdropper experiences a mode dependent loss. Numerical simulations illustrate the performance and show a Pareto improvement of the proposed scheme compared to the state-of-the-art polar wiretap codes.

This paper deals with novel group-based Authentication and Key Agreement protocol for Internet of Things(IoT) enabled LTE/LTE-A network to overcome the problems of computational overhead, complexity and problem of heterogeneous devices, where other existing methods are lagging behind in attaining security requirements and computational overhead. In this work, two Groups are created among Machine Type Communication Devices (MTCDs) on the basis of device type to reduce complexity and problems of heterogeneous devices. This paper fulfills all the security requirements such as preservation, mutual authentication, confidentiality. Bio-metric authentication has been used to enhance security level of the network. The security and performance analysis have been verified through simulation results. Moreover, the performance of the proposed Novel Group-Based Authentication and key Agreement(AKA) Protocol is analyzed with other existing IoT enabled LTE/LTE-A protocol.

With the help of technological advancements in the last decade, it has become much easier to extensively and remotely observe medical conditions of the patients through wearable biosensors that act as connected nodes on Body Area Networks (BANs). Sensitive nature of the critical data captured and communicated via wireless medium makes it extremely important to process it as securely as possible. In this regard, lightweight security mechanisms are needed to overcome the hardware resource restrictions of biosensors. Random and secure cryptographic key generation and agreement among the biosensors take place at the core of these security mechanisms. In this paper, we propose the SKA-PSAR (Augmented Randomness for Secure Key Agreement using Physiological Signals) system to produce highly random cryptographic keys for the biosensors to secure communication in BANs. Similar to its predecessor SKA-PS protocol by Karaoglan Altop et al., SKA-PSAR also employs physiological signals, such as heart rate and blood pressure, as inputs for the keys and utilizes the set reconciliation mechanism as basic building block. Novel quantization and binarization methods of the proposed SKA-PSAR system distinguish it from SKA-PS by increasing the randomness of the generated keys. Additionally, SKA-PSAR generated cryptographic keys have distinctive and time variant characteristics as well as long enough bit sizes that provides resistance against cryptographic attacks. Moreover, correct key generation rate is above 98% with respect to most of the system parameters, and false key generation rate of 0% have been obtained for all system parameters.

Blockchain, the technology behind the popular Bitcoin, is considered a "security by design" system as it is meant to create security among a group of distrustful parties yet without a central trusted authority. The security of blockchain relies on the premise of honest-majority, namely, the blockchain system is assumed to be secure as long as the majority of consensus voting power is honest. And in the case of proof-of-work (PoW) blockchain, adversaries cannot control more than 50% of the network's gross computing power. However, this 50% threshold is based on the analysis of computing power only, with implicit and idealistic assumptions on the network and node behavior. Recent researches have alluded that factors such as network connectivity, presence of blockchain forks, and mining strategy could undermine the consensus security assured by the honest-majority, but neither concrete analysis nor quantitative evaluation is provided. In this paper we fill the gap by proposing an analytical model to assess the impact of network connectivity on the consensus security of PoW blockchain under different adversary models. We apply our analytical model to two adversarial scenarios: 1) honest-but-potentially-colluding, 2) selfish mining. For each scenario, we quantify the communication capability of nodes involved in a fork race and estimate the adversary's mining revenue and its impact on security properties of the consensus protocol. Simulation results validated our analysis. Our modeling and analysis provide a paradigm for assessing the security impact of various factors in a distributed consensus system.

Among the different types of malware, botnets are rising as the most genuine risk against cybersecurity as they give a stage to criminal operations (e.g., Distributed Denial of Service (DDOS) attacks, malware dispersal, phishing, and click fraud and identity theft). Existing botnet detection techniques work only on specific botnet Command and Control (C&C) protocols and lack in providing early-stage botnet detection. In this paper, we propose an approach for early-stage botnet detection. The proposed approach first selects the optimal features using feature selection techniques. Next, it feeds these features to machine learning classifiers to evaluate the performance of the botnet detection. Experiments reveals that the proposed approach efficiently classifies normal and malicious traffic at an early stage. The proposed approach achieves the accuracy of 99%, True Positive Rate (TPR) of 0.99 %, and False Positive Rate (FPR) of 0.007 % and provide an efficient detection rate in comparison with the existing approach.

A self-governing system consisting of mobile nodes that exchange information within a cellular area and is known as a mobile ad hoc network (MANET). Due to its dynamic nature, it is vulnerable to attacks and there is no fixed infrastructure. To transfer a data packet Ad-hoc On-Demand Distance Vector (AODV) is used and it's another form of a reactive protocol. The black-hole attack is a major attack that drastically decreases the packet delivery ratio during a data transaction in a routing environment. In this attack, the attacker's node acts as the shortest path to the target node itself. If the attacker node receives the data packet from the source node, all obtained data packets are excluded from a routing network. A trust-based routing scheme is suggested to ensure secure routing. This routing scheme is divided into two stages, i.e., the Data retrieval (DR), to identify and preserve each node data transfer mechanism in a routing environment and route development stage, to predict a safe path to transmit a data packet to the target node.

Robotics Mobile Ad-hoc Networks (MANETs) are comprised of stations having mobility with no central authority and control. The stations having mobility in Robotics MANETs work as a host as well as a router. Due to the unique characteristics of Robotics MANETs such type of networks are vulnerable to different security attacks. Ad-hoc On-demand Distance Vector (AODV) is a routing protocol that belongs to the reactive category of routing protocols in Robotics MANETs. However, it is more vulnerable to the Black hole (BH) attack that is one of the most common attacks in the Robotics MANETs environment. In this attack during the route disclosure procedure a malicious station promotes itself as a most brief path to the destination as well as after that drop every one of the data gotten by the malicious station. Meanwhile the packets don't reach to its ideal goal, the BH attack turns out to be progressively escalated when a heap of malicious stations attack the system as a gathering. This research analyzed different BH finding as well as removal mechanisms for AODV routing protocol.

Mobile Ad hoc Network (MANET) is one of the emerging technologies to communicate between nodes and its decentralized structure, self-configuring nature are the few properties of this Ad hoc network. Due to its undefined structure, it has found its usage in the desired and temporary communication network. MANET has many routing protocols governing it and due to its changing topology, there can be many issues arise in recent times. Problems like no central node, limited energy, and the quality of service, performance, design issues, and security challenges have been bugging the researchers. The black hole attacks are the kind that cause ad hoc network to be at loss of information and make the source to believe that it has the actual least distance path to the destination, but in real scenario the packets do not get forwarded to neighbouring nodes. In this paper, we have discussed different solutions over the past years to deal with such attacks. A summary of the schemes with their results and drawbacks in terms of performance metrics is also given.

Self-organising networks, such as mobile ad-hoc networks (MANETs), are growing more and more in importance each day. However, due to their nature and constraints MANETs are vulnerable to a wide array of attacks, such as black hole attacks. Furthermore, there are numerous routing protocols in use in MANETs, and what works for one might not for another. In this paper, we present a review of previous surveys of black hole attack solutions, followed by a collation of recently published papers categorised by original routing protocol and evaluated on a set of common metrics. Finally, we suggest areas for further research.

Mobile Ad hoc Network is a very important key technology for device to device communication without any support of extra infrastructure. As it is being used as a mode of communication in various fields, protecting the network from various attacks becomes more important. In this research paper, we have created a real network scenario using random mobility of nodes and implemented Black hole Attack and Gray hole Attack, which degrades the performance of the network. In our research, we have found a novel mitigation technique which is efficient to mitigate both the attack from the network.

Wireless technology is widely used today and is growing rapidly. One of the wireless technologies is VANET where the network can communicate with vehicles (V2V) which can prevent accidents on the road. Energy is also a problem in VANET so it needs to be used efficiently. The presence of malicious nodes or nodes can eliminate and disrupt the process of data communication. The routing protocol used in this study is AODV. The purpose of this study is to analyze the comparison of blackhole attack and flooding attack against energy-efficient AODV on VANET. This research uses simulation methods and several supporting programs such as OpenStreetMap, SUMO, NS2, NAM, and AWK to test the AODV routing protocol. Quality of service (QOS) parameters used in this study are throughput, packet loss, and end to end delay. Energy parameters are also used to examine the energy efficiency used. This study uses the number of variations of nodes consisting of 20 nodes, 40 nodes, 60 nodes, and different network conditions, namely normal network conditions, network conditions with black hole attacks, and network conditions with flooding attacks. The results obtained can be concluded that the highest value of throughput when network conditions are normal, the greatest value of packet loss when there is a black hole attack, the highest end to end delay value and the largest remaining energy when there is a flooding attack.

The 5G network solutions currently standardised and deployed do not yet enable the full potential of pervasive networking and computing envisioned in 5G initial visions: network services and slices with different QoS profiles do not span multiple operators; security, trust and automation is limited. The evolution of 5G towards a truly production-level stage needs to heavily rely on automated end-to-end network operations, use of distributed Artificial Intelligence (AI) for cognitive network orchestration and management and minimal manual interventions (zero-touch automation). All these elements are key to implement highly pervasive network infrastructures. Moreover, Distributed Ledger Technologies (DLT) can be adopted to implement distributed security and trust through Smart Contracts among multiple non-trusted parties. In this paper, we propose an initial concept of a zero-touch security and trust architecture for ubiquitous computing and connectivity in 5G networks. Our architecture aims at cross-domain security & trust orchestration mechanisms by coupling DLTs with AI-driven operations and service lifecycle automation in multi-tenant and multi-stakeholder environments. Three representative use cases are identified through which we will validate the work which will be validated in the test facilities at 5GBarcelona and 5TONIC/Madrid.

The present work describes a remote environment monitoring system based on the paradigms of mesh networks and opportunistic networks, whereby a sensor node can explore “con-nectivity windows” to transmit information that will eventually reach another network participants. We discuss the threats to the system's security and propose security mechanisms for the system ensuring the integrity and availability of monitoring information, something identified as critical to its proper operation.

In multi-hop wireless mesh networks, the end-to-end delay for a packet is getting longer as the relaying hops to the destination are increasing. The real-time packet such as the urgent safety message should be delivered within the stipulated deadline. Most previous studies have been focused to find out the optimal route to the destination. We propose an intellectual priority-based packet transmission scheme for multi-interface devices in multi-hop wireless mesh networks.

Software Defined Vehicular Networking (SDVN) could be the future of the vehicular networks, enabling interoperability between heterogeneous networks and mobility management. Thus, the deployment of large SDVN is considered. However, SDVN is facing major security issues, in particular, authentication and access control issues. Indeed, an unauthorized SDN controller could modify the behavior of switches (packet redirection, packet drops) and an unauthorized switch could disrupt the operation of the network (reconnaissance attack, malicious feedback). Due to the SDVN features (decentralization, mobility) and the SDVN requirements (flexibility, scalability), the Blockchain technology appears to be an efficient way to solve these authentication and access control issues. Therefore, many Blockchain-based approaches have already been proposed. However, two key challenges have not been addressed: authentication and access control for SDN controllers and high scalability for the underlying Blockchain network. That is why in this paper we propose an innovative and scalable architecture, based on a set of interconnected Blockchain sub-networks. Moreover, an efficient access control mechanism and a cross-sub-networks authentication/revocation mechanism are proposed for all SDVN devices (vehicles, roadside equipment, SDN controllers). To demonstrate the benefits of our approach, its performances are compared with existing solutions in terms of throughput, latency, CPU usage and read/write access to the Blockchain ledger. In addition, we determine an optimal number of Blockchain sub-networks according to different parameters such as the number of certificates to store and the number of requests to process.

The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

Almost all smart appliances are operated through wireless sensor networks. With the passage of time, due to various applications, the WSN becomes prone to various external attacks. Preventing such attacks, Intrusion Detection strategy (IDS) is very crucial to secure the network from the malicious attackers. The proposed IDS methodology discovers the pattern in large data corpus which works for different types of algorithms to detect four types of Denial of service (DoS) attacks, namely, Grayhole, Blackhole, Flooding, and TDMA. The state-of-the-art detection algorithms, such as KNN, Naïve Bayes, Logistic Regression, Support Vector Machine (SVM), and ANN are applied to the data corpus and analyze the performance in detecting the attacks. The analysis shows that these algorithms are applicable for the detection and prediction of unavoidable attacks and can be recommended for network experts and analysts.

This paper designs a re-transmission strategy to intensify the security of communication over the additive white Gaussian noise (AWGN) wire-tap channel. In this scheme, irregular low-density parity-check (LDPC) codes work with reliability-based hybrid automatic repeat-request (RB-HARQ). For irregular LDPC codes, the variable nodes have different degrees, which means miscellaneous protection for the nodes. In RB-HARQ protocol, the legitimate receiver calls for re-transmissions including the most unreliable bits at decoder's outputting. The bits' reliability can be evaluated by the average magnitude of a posteriori probability log-likelihood ratios (APP LLRs). Specifically, this scheme utilizes the bit-error rate (BER) to assess the secrecy performance. Besides, the paper gives close analyses of BER through theoretical arguments and simulations. Results of numerical example demonstrate that RB-HARQ protocol with irregular LDPC codes can hugely reinforce the security performance of the communication system.

Network coding (NC) can significantly increase network performance and make lossy networks more reliable. Since the middle nodes modify the packets during their path to destination, integrity of the original packets cannot be checked using classical methods (MACs, Signatures, etc). Though, pollution attacks are the most common threat to network coded systems, where an infected node can inject the data flow of a network with a number of false packets and ban the receiver from properly decoding the packets. A lot of work in the security of NC in resisting pollution attacks has been investigated in recent years, majority have the same security parameter 1/q. A Homomorphic MAC scheme is presented earlier to resist pollution attacks with a security level 1/qˆl, In this paper, we will show that the mentioned scheme is subject to known-plaintext attacks. This is due to that part of the key can be revealed in an initial process. Also, the whole key could be revealed if the key is used more than once. Then, a modification to the mentioned scheme is proposed to overcome this issue. Besides, the MAC length is adjustable according to the required security level and not variable according to the vector's length which will accordingly increase the performance and efficiency of the scheme.

Reliable communication over the wireless network with high throughput is a major target for the next generation communication technologies. Network coding can significantly improve the throughput efficiency of the network in a cooperative environment. The small cell technology and device to device communication make network coding an ideal candidate for improved performance in the fifth generation of communication networks. However, the security concerns associated with network coding needs to be addressed before any practical implementations. Pollution attacks are considered one of the most threatening attacks in the network coding environment. Although there are different integrity schemes to detect polluted packets, identifying the exact adversary in a network coding environment is a less addressed challenge. This paper proposes a scheme for identifying and locating adversaries in a dense, network coding enabled environment of mobile nodes. It also discusses a non-repudiation protocol that will prevent adversaries from deceiving the network.

In this work, novel metaheuristic algorithms are proposed to address the network coding (NC)-based routing and spectrum allocation (RSA) problem in elastic optical networks, aiming to increase the level of security against eavesdropping attacks for the network's confidential connections. A modified simulated annealing, a genetic algorithm, as well as a combination of the two techniques are examined in terms of confidentiality and spectrum utilization. Performance results demonstrate that using metaheuristic techniques can improve the performance of NC-based RSA algorithms and thus can be utilized in real-world network scenarios.

Due to the harsh environment and energy limitation, maintaining efficient communication is crucial to the lifetime of Underwater Sensor Networks (UWSN). Named Data Networking (NDN), one of future network architectures, begins to be applied to UWSN. Although Underwater Named Data Networking (UNDN) performs well in data transmission, it still faces some security threats, such as the Denial-of-Service (DoS) attacks caused by Interest Flooding Attacks (IFAs). In this paper, we present a new type of DoS attacks, named as Synergetic Denial-of-Service (SDoS). Attackers synergize with each other, taking turns to reply to malicious interests as late as possible. SDoS attacks will damage the Pending Interest Table, Content Store, and Forwarding Information Base in routers with high concealment. Simulation results demonstrate that the SDoS attacks quadruple the increased network traffic compared with normal IFAs and the existing IFA detection algorithm in UNDN is completely invalid to SDoS attacks. In addition, we analyze the infection problem in UNDN and propose a defense method Trident based on carefully designed adaptive threshold, burst traffic detection, and attacker identification. Experiment results illustrate that Trident can effectively detect and resist both SDoS attacks and normal IFAs. Meanwhile, Trident can robustly undertake burst traffic and congestion.

One of the main threats to the underwater communication cables identified in the recent years is possible tampering or damage by malicious actors. This paper proposes a solution with explanation abilities to detect and investigate this kind of threat within the evidence theory framework. The reasoning scheme implements the traditional “opportunity-capability-intent” threat model to assess a degree to which a given vessel may pose a threat. The scenario discussed considers a variety of possible pieces of information available from different sources. A source quality model is used to reason with the partially reliable sources and the impact of this meta-information on the overall assessment is illustrated. Examples of uncertain relationships between the relevant variables are modelled and the constructed model is used to investigate the probability of threat of four vessels of different types. One of these cases is discussed in more detail to demonstrate the explanation abilities. Explanations about inference are provided thanks to sensitivity spaces in which the impact of the different pieces of information on the reasoning are compared.

Current physical layer authentication (PLA) mechanisms are mostly designed for static communications, and the accuracy degrades significantly when used in dynamic scenarios, where the network environments and wireless channels change frequently. To improve the authentication performance, it is necessary to update the hypothesis test models and parameters in time, which however brings high computational complexity and authentication delay. In this paper, we propose a lightweight cross-layer authentication scheme for dynamic communication scenarios. We use multiple characteristics based PLA to guarantee the reliability and accuracy of authentication, and propose an upper layer assisted method to ensure the performance stability. Specifically, upper layer authentication (ULA) helps to update the PLA models and parameters. By properly choosing the period of triggering ULA, a balance between complexity and performance can be easily obtained. Simulation results show that our scheme can achieve pretty good authentication performance with reduced complexity.