Biblio

Industrial Wireless Sensor Networks (IWSNs) are an extension of the Internet of Things paradigm that integrates smart sensors in industrial processes. However, the unattended open environment makes IWSNs vulnerable to malicious attacks, such as node compromise in addition to eavesdropping. The compromised nodes can again launch notorious attacks such as the sinkhole or sybil attack which may degrade the network performance. In this paper, we propose a lightweight, Secure Directed Diffusion (SDD) protocol. The algorithm for the proposed protocol uses bilinear pairing to derive a location-based key (LK) by binding the ID and geographic location of a node, thereby ensuring neighborhood authentication. Thus, authenticated nodes can prevent eavesdropping, node compromise including sinkhole and sybil attacks while ensuring confidentiality, authenticity, integrity with reduced latency. Finally, through security analysis, we prove that basic security is maintained and above-mentioned attacks are also prevented. We also compute storage, computation and communication overheads which show that SDD performs at least 2.6 times better in terms of storage overhead and at least 1.3 times better in terms of communication overhead over the other state-of-the-art competing schemes for attack preventions in WSN domain.

Vehicular Ad-hoc Networks (VANETs) are a subset of Mobile Ad-hoc Networks (MANETs). They are deployed to introduce the ability of inter-communication among vehicles in order to guarantee safety and provide services for people while driving. VANETs are exposed to many types of attacks like denial of service, spoofing, ID disclosure and Sybil attacks. In this paper, a novel lightweight approach for preventing Sybil attack in VANETs is proposed. The presented protocol scheme uses symmetric key encryption and authentication between Road Side Units (RSUs) and vehicles on the road so that no malicious vehicle could gain more than one identity inside the network. This protocol does not need managers for Road Side Units (RSUs) or Certification Authority (CA) and uses minimum amount of messages exchanged with RSU making the scheme efficient and effective.

In Vehicular networks, privacy, especially the vehicles' location privacy is highly concerned. Several pseudonymous based privacy protection mechanisms have been established and standardized in the past few years by IEEE and ETSI. However, vehicular networks are still vulnerable to Sybil attack. In this paper, a Sybil attack detection method based on k-Nearest Neighbours (kNN) classification algorithm is proposed. In this method, vehicles are classified based on the similarity in their driving patterns. Furthermore, the kNN methods' high runtime complexity issue is also optimized. The simulation results show that our detection method can reach a high detection rate while keeping error rate low.

Vehicular networks have been drawing special atten- tion in recent years, due to its importance in enhancing driving experience and improving road safety in future smart city. In past few years, several security services, based on cryptography, PKI and pseudonymous, have been standardized by IEEE and ETSI. However, vehicular networks are still vulnerable to various attacks, especially Sybil attack. In this paper, a Support Vector Machine (SVM) based Sybil attack detection method is proposed. We present three SVM kernel functions based classifiers to distinguish the malicious nodes from benign ones via evaluating the variance in their Driving Pattern Matrices (DPMs). The effectiveness of our proposed solution is evaluated through extensive simulations based on SUMO simulator and MATLAB. The results show that the proposed detection method can achieve a high detection rate with low error rate even under a dynamic traffic environment.

Vehicular Ad Hoc Networks (VANETs) enable vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) communications that bring many benefits and conveniences to improve the road safety and drive comfort in future transportation systems. Sybil attack is considered one of the most risky threats in VANETs since a Sybil attacker can generate multiple fake identities with false messages to severely impair the normal functions of safety-related applications. In this paper, we propose a novel Sybil attack detection method based on Received Signal Strength Indicator (RSSI), Voiceprint, to conduct a widely applicable, lightweight and full-distributed detection for VANETs. To avoid the inaccurate position estimation according to predefined radio propagation models in previous RSSI-based detection methods, Voiceprint adopts the RSSI time series as the vehicular speech and compares the similarity among all received time series. Voiceprint does not rely on any predefined radio propagation model, and conducts independent detection without the support of the centralized infrastructure. It has more accurate detection rate in different dynamic environments. Extensive simulations and real-world experiments demonstrate that the proposed Voiceprint is an effective method considering the cost, complexity and performance.

Mobile Healthcare Networks (MHN) continuouslycollect the patients' health data sensed by wearable devices, andanalyze the collected data pre-processed by servers combinedwith medical histories, such that disease diagnosis and treatmentare improved, and the heavy burden on the existing healthservices is released. However, the network is vulnerable to Sybilattacks, which would degrade network performance, disruptproceedings, manipulate data or cheat others maliciously. What'smore, the user is reluctant to leak identity privacy, so the identityprivacy preserving makes Sybil defenses more difficult. One ofthe best choices is mutually authenticating each other with noidentity information involved. Thus, we propose a fine-grainedauthentication scheme based on Attribute-Based Signature (ABS)using lattice assumption, where a signer is authorized by an at-tribute set instead of single identity string. This ABS scheme usesFiat-Shamir framework and supports flexible threshold signaturepredicates. Moreover, to anonymously guarantee integrity andavailability of health data in MHN, we design an anonymousanti-Sybil attack protocol based on our ABS scheme, so thatSybil attacks are prevented. As there is no linkability betweenidentities and services, the users' identity privacy is protected. Finally, we have analyzed the security and simulated the runningtime for our proposed ABS scheme.

Vehicular ad hoc networks (VANETs) are designed to provide traffic safety by exploiting the inter-vehicular communications. Vehicles build awareness of traffic in their surroundings using information broadcast by other vehicles, such as speed, location and heading, to proactively avoid collisions. The effectiveness of these VANET traffic safety applications is particularly dependent on the accuracy of the location information advertised by each vehicle. Therefore, traffic safety can be compromised when Sybil attackers maliciously advertise false locations or other inaccurate GPS readings are sent. The most effective way to detect a Sybil attack or correct the noise in the GPS readings is localizing vehicles based on the physical features of their transmission signals. The current localization techniques either are designed for networks where the nodes are immobile or suffer from inaccuracy in high-interference environments. In this paper, we present a RSSI-based localization technique that uses mobile nodes for localizing another mobile node and adjusts itself based on the heterogeneous interference levels in the environment. We show via simulation that our localization mechanism is more accurate than the other mechanisms and more resistant to environments with high interference and mobility.

Internet of Things (IoT) is an emerging paradigm in information technology (IT) that integrates advancements in sensing, computing and communication to offer enhanced services in everyday life. IoTs are vulnerable to sybil attacks wherein an adversary fabricates fictitious identities or steals the identities of legitimate nodes. In this paper, we model sybil attacks in IoT and evaluate its impact on performance. We also develop a defense mechanism based on behavioural profiling of nodes. We develop an enhanced AODV (EAODV) protocol by using the behaviour approach to obtain the optimal routes. In EAODV, the routes are selected based on the trust value and hop count. Sybil nodes are identified and discarded based on the feedback from neighbouring nodes. Evaluation of our protocol in ns-2 simulator demonstrates the effectiveness of our approach in identifying and detecting sybil nodes in IoT network.

This paper presents the results of a cryptographic analysis of the protocols used by the European Rail Traffic Management System (ERTMS). A stack of three protocols secures the communication between trains and trackside equipment; encrypted radio communication is provided by the GSM-R protocol, on top of this the EuroRadio protocol provides authentication for a train control application-level protocol. We present an attack which exploits weaknesses in all three protocols: GSM-R has the same well known weaknesses as the GSM protocol, and we present a new collision attack against the EuroRadio protocol. Combined with design weaknesses in the application-level protocol, these vulnerabilities allow an attacker, who observes a MAC collision, to forge train control messages. We demonstrate this attack with a proof of concept using train control messages we have generated ourselves. Currently, ERTMS is only used to send small amounts of data for short sessions, therefore this attack does not present an immediate danger. However, if EuroRadio was to be used to transfer larger amounts of data trains would become vulnerable to this attack. Additionally, we calculate that, under reasonable assumptions, an attacker who could monitor all backend control centres in a country the size of the UK for 45 days would have a 1% chance of being able to take control of a train.

Current threat models typically consider all possible ways an attacker can penetrate a system and assign probabilities to each path according to some metric (e.g. time-to-compromise). In this paper we discuss how this view hinders the realness of both technical (e.g. attack graphs) and strategic (e.g. game theory) approaches of current threat modeling, and propose to steer away by looking more carefully at attack characteristics and attacker environment. We use a toy threat model for ICS attacks to show how a realistic view of attack instances can emerge from a simple analysis of attack phases and attacker limitations.

Learning-based systems have been shown to be vulnerable to evasion through adversarial data manipulation. These attacks have been studied under assumptions that the adversary has certain knowledge of either the target model internals, its training dataset or at least classification scores it assigns to input samples. In this paper, we investigate a much more constrained and realistic attack scenario wherein the target classifier is minimally exposed to the adversary, revealing only its final classification decision (e.g., reject or accept an input sample). Moreover, the adversary can only manipulate malicious samples using a blackbox morpher. That is, the adversary has to evade the targeted classifier by morphing malicious samples "in the dark". We present a scoring mechanism that can assign a real-value score which reflects evasion progress to each sample based on the limited information available. Leveraging on such scoring mechanism, we propose an evasion method – EvadeHC? and evaluate it against two PDF malware detectors, namely PDFRate and Hidost. The experimental evaluation demonstrates that the proposed evasion attacks are effective, attaining 100% evasion rate on the evaluation dataset. Interestingly, EvadeHC outperforms the known classifier evasion techniques that operate based on classification scores output by the classifiers. Although our evaluations are conducted on PDF malware classifiers, the proposed approaches are domain agnostic and are of wider application to other learning-based systems.

Algorithmic complexity vulnerabilities occur when the worst-case time/space complexity of an application is significantly higher than the respective average case for particular user-controlled inputs. When such conditions are met, an attacker can launch Denial-of-Service attacks against a vulnerable application by providing inputs that trigger the worst-case behavior. Such attacks have been known to have serious effects on production systems, take down entire websites, or lead to bypasses of Web Application Firewalls. Unfortunately, existing detection mechanisms for algorithmic complexity vulnerabilities are domain-specific and often require significant manual effort. In this paper, we design, implement, and evaluate SlowFuzz, a domain-independent framework for automatically finding algorithmic complexity vulnerabilities. SlowFuzz automatically finds inputs that trigger worst-case algorithmic behavior in the tested binary. SlowFuzz uses resource-usage-guided evolutionary search techniques to automatically find inputs that maximize computational resource utilization for a given application. We demonstrate that SlowFuzz successfully generates inputs that match the theoretical worst-case performance for several well-known algorithms. SlowFuzz was also able to generate a large number of inputs that trigger different algorithmic complexity vulnerabilities in real-world applications, including various zip parsers used in antivirus software, regular expression libraries used in Web Application Firewalls, as well as hash table implementations used in Web applications. In particular, SlowFuzz generated inputs that achieve 300-times slowdown in the decompression routine of the bzip utility, discovered regular expressions that exhibit matching times exponential in the input size, and also managed to automatically produce inputs that trigger a high number of collisions in PHP's default hashtable implementation.

A current trend on the Internet is the increasing surveillance of its users. A few big service providers have divided most of the user-facing Internet between them, observing and recording the activities of their users to increase profits. Additionally, government agencies have been found to practice mass surveillance. With regard to this it becomes even more important to provide online services that protect the privacy of their users and avoid censorship by single, powerful entities. To reach these goals, a trusted third party should be avoided. A prototype service which fulfills these goals is DPS-Discuss, a decentralized, pseudonymous online discussion application. It uses the libraries BitNym and Peer-Tor-Peer for pseudonym management and anonymous communication.

Nakamoto's famous blockchain protocol enables achieving consensus in a so-called permissionless setting—anyone can join (or leave) the protocol execution, and the protocol instructions do not depend on the identities of the players. His ingenious protocol prevents "sybil attacks" (where an adversary spawns any number of new players) by relying on computational puzzles (a.k.a. "moderately hard functions") introduced by Dwork and Naor (Crypto'92). Recent work by Garay et al (EuroCrypt'15) and Pass et al (manuscript, 2016) demonstrate that this protocol provably achieves consistency and liveness assuming a) honest players control a majority of the computational power in the network, b) the puzzle-hardness is appropriately set as a function of the maximum network delay and the total computational power of the network, and c) the computational puzzle is modeled as a random oracle. Assuming honest participation, however, is a strong assumption, especially in a setting where honest players are expected to perform a lot of work (to solve the computational puzzles). In Nakamoto's Bitcoin application of the blockchain protocol, players are incentivized to solve these puzzles by receiving rewards for every "block" (of transactions) they contribute to the blockchain. An elegant work by Eyal and Sirer (FinancialCrypt'14), strengthening and formalizing an earlier attack discussed on the Bitcoin forum, demonstrates that a coalition controlling even a minority fraction of the computational power in the network can gain (close to) 2 times its "fair share" of the rewards (and transaction fees) by deviating from the protocol instructions. In contrast, in a fair protocol, one would expect that players controlling a φ fraction of the computational resources to reap a φ fraction of the rewards. We present a new blockchain protocol—the FruitChain protocol—which satisfies the same consistency and liveness properties as Nakamoto's protocol (assuming an honest majority of the computing power), and additionally is δ-approximately fair: with overwhelming probability, any honest set of players controlling a φ fraction of computational power is guaranteed to get at least a fraction (1-δ)φ of the blocks (and thus rewards) in any Ω(κ/δ) length segment of the chain (where κ is the security parameter). Consequently, if this blockchain protocol is used as the ledger underlying a cryptocurrency system, where rewards and transaction fees are evenly distributed among the miners of blocks in a length κ segment of the chain, no coalition controlling less than a majority of the computing power can gain more than a factor (1+3δ) by deviating from the protocol (i.e., honest participation is an n/2-coalition-safe 3δ-Nash equilibrium). Finally, the FruitChain protocol enables decreasing the variance of mining rewards and as such significantly lessens (or even obliterates) the need for mining pools.

Recommender systems have become quite popular recently. However, such systems are vulnerable to several types of attacks that target user ratings. One such attack is the Sybil attack where an entity masquerades as several identities with the intention of diverting user ratings. In this work, we propose evolutionary game theory as a possible solution to the Sybil attack in recommender systems. After modeling the attack, we use replicator dynamics to solve for evolutionary stable strategies. Our results show that under certain conditions that are easily achievable by a system administrator, the probability of an attack strategy drops to zero implying degraded fitness for Sybil nodes that eventually die out.

Sybil attacks, in which an adversary creates a large number of identities, present a formidable problem for the robustness of recommendation systems. One promising method of sybil detection is to use data from social network ties to implicitly infer trust. Previous work along this dimension typically a) assumes that it is difficult/costly for an adversary to create edges to honest nodes in the network; and b) limits the amount of damage done per such edge, using conductance-based methods. However, these methods fail to detect a simple class of sybil attacks which have been identified in online systems. Indeed, conductance-based methods seem inherently unable to do so, as they are based on the assumption that creating many edges to honest nodes is difficult, which seems to fail in real-world settings. We create a sybil defense system that accounts for the adversary's ability to launch such attacks yet provably withstands them by: Notassuminganyrestrictiononthenumberofedgesanadversarycanform,butinsteadmakingamuch weaker assumption that creating edges from sybils to most honest nodes is difficult, yet allowing that the remaining nodes can be freely connected to. Relaxing the goal from classifying all nodes as honest or sybil to the goal of classifying the "core" nodes of the network as honest; and classifying no sybil nodes as honest. Exploiting a new, for sybil detection, social network property, namely, that nodes can be embedded in low-dimensional spaces.

Crowdsourcing is an unique and practical approach to obtain personalized data and content. Its impact is especially significant in providing commentary, reviews and metadata, on a variety of location based services. In this study, we examine reliability of the Waze mapping service, and its vulnerability to a variety of location-based attacks. Our goals are to understand the severity of the problem, shed light on the general problem of location and device authentication, and explore the efficacy of potential defenses. Our preliminary results already show that a single attacker with limited resources can cause havoc on Waze, producing ``virtual'' congestion and accidents, automatically re-routing user traffic, and compromising user privacy by tracking users' precise movements via software while staying undetected. To defend against these attacks, we propose a proximity-based Sybil detection method to filter out malicious devices.