Biblio

We consider transmissions of secure messages over a burst erasure wiretap channel under decoding delay constraint. For block codes we introduce and study delay optimal secure burst erasure correcting (DO-SBE) codes that provide perfect security and recover a burst of erasures of a limited length with minimum possible delay. Our explicit constructions of DO-SBE block codes achieve maximum secrecy rate. We also consider a model of a burst erasure wiretap channel for the streaming setup, where in any sliding window of a given size, in a stream of encoded source packets, the eavesdropper is able to observe packets in an interval of a given size. For that model we obtain an information theoretic upper bound on the secrecy rate for delay optimal streaming codes. We show that our block codes can be used for construction of delay optimal burst erasure correcting streaming codes which provide perfect security and meet the upper bound for a certain class of code parameters.

Cyber security is a vital performance metric for networks. Wiretap attacks belong to passive attacks. It commonly exists in wired or wireless networks, where an eavesdropper steals useful information by wiretapping messages being shipped on network links. It seriously damages the confidentiality of communications. This paper proposed a secure network coding system architecture against wiretap attacks. It combines and collaborates network coding with cryptography technology. Some illustrating examples are given to show how to build such a system and prove its defense is much stronger than a system with a single defender, either network coding or cryptography. Moreover, the system is characterized by flexibility, simplicity, and easy to set up. Finally, it could be used for both deterministic and random network coding system.

Named Data Networking (NDN) intrinsically supports in-network caching and multipath forwarding. The two salient features offer the potential to simultaneously transmit content segments that comprise the requested content from original content publishers and in-network caches. However, due to the complexity of maintaining the reachability information of off-path cached content at the fine-grained packet level of granularity, the multipath forwarding and off-path cached copies are significantly underutilized in NDN so far. Network coding enabled NDN, referred to as NC-NDN, was proposed to effectively utilize multiple on-path routes to transmit content, but off-path cached copies are still unexploited. This work enhances NC-NDN with an On-demand Off-path Cache Exploration based Multipath Forwarding strategy, dubbed as O2CEMF, to take full advantage of the multipath forwarding to efficiently utilize off-path cached content. In O2CEMF, each network node reactively explores the reachability information of nearby off-path cached content when consumers begin to request a generation of content, and maintains the reachability at the coarse-grained generation level of granularity instead. Then the consumers simultaneously retrieve content from the original content publisher(s) and the explored capable off-path caches. Our experimental studies validate that this strategy improves the content delivery performance efficiently as compared to that in the present NC-NDN.

Network security and data confidentiality of transmitted information are among the non-functional requirements of industrial wireless sensor networks (IWSNs) in addition to latency, reliability and energy efficiency requirements. Physical layer security techniques are promising solutions to assist cryptographic methods in the presence of an eavesdropper in IWSN setups. In this paper, we propose a physical layer security scheme, which is based on both insertion of an random error vector to forward error correction (FEC) codewords and transmission over decentralized relay nodes. Reed-Solomon and Golay codes are selected as FEC coding schemes and the security performance of the proposed model is evaluated with the aid of decoding error probability of an eavesdropper. The results show that security level is highly based on the location of the eavesdropper and secure communication can be achieved when some of channels between eavesdropper and relay nodes are significantly noisier.

Bluetooth Low Energy (BLE) beacons are an emerging type of technology in the Internet-of-Things (IoT) realm, which use BLE signals to broadcast a unique identifier that is detected by a compatible device to determine the location of nearby users. Beacons can be used to provide a tailored user experience with each encounter, yet can also constitute an invasion of privacy, due to their covertness and ability to track user behavior. Therefore, we hypothesize that user-driven privacy policy configuration is key to enabling effective and trustworthy privacy management during beacon encounters. We developed a framework for beacon privacy management that provides a policy configuration platform. Through an empirical analysis with 90 users, we evaluated this framework through a proof-of-concept app called Beacon Privacy Manager (BPM), which focused on the user experience of such a tool. Using BPM, we provided users with the ability to create privacy policies for beacons, testing different configuration schemes to refine the framework and then offer recommendations for future research.

It is investigated how to achieve semantic security for the wiretap channel. A new type of functions called biregular irreducible (BRI) functions, similar to universal hash functions, is introduced. BRI functions provide a universal method of establishing secrecy. It is proved that the known secrecy rates of any discrete and Gaussian wiretap channel are achievable with semantic security by modular wiretap codes constructed from a BRI function and an error-correcting code. A characterization of BRI functions in terms of edge-disjoint biregular graphs on a common vertex set is derived. This is used to study examples of BRI functions and to construct new ones.

The past decade has seen a growing interest in underwater acoustic positioning networks (UAPNs) because of their wide applications in marine research, ocean monitoring, offshore exploration, and defense or homeland security. Efficient communication among all sensors and receivers is crucial so as to make positioning service available. Traditional UAPNs could locate only one target, that are growing obsolete due to increasing demands for multiple users working at the same time. Due to the demands for multiple users working simultaneously and narrow acoustic bandwidth, new efficient and reliable communication and networking protocols are required in design for UAPNs. In this paper, we aim to provide the procedure of communication design for UAPNs based on sonar equation and spread spectrum communication. What's more, signal design and performance analysis are supplied. The results show that the signal we designed have ideal correlation performance and high processing gain. The signal is suitable for multiple users UAPNs and thus show favorable potential in ocean engineering applications.

With the rapid development of radio detection and wireless communication, narrowband radio-frequency interference (NB-RFI) is a serious threat for GNSS-R (global navigation satellite systems - reflectometry) receivers. However, interferometric GNSS-R (iGNSS-R) is more prone to the NB-RFIs than conventional GNSS-R (cGNSS-R), due to wider bandwidth and unclean replica. Therefore, there is strong demand of detecting and mitigating NB-RFIs for GNSS-R receivers, especially iGNSS-R receivers. Hence, focusing on working with high sampling rate and simplifying the fixed-point implementation on FPGA, this paper proposes a system design exploiting cascading IIR band-stop filters (BSFs) to suppress NB-RFIs. Furthermore, IIR BSF compared with IIR notch filter (NF) and IIR band-pass filter (BPF) is the merely choice that is able to mitigate both white narrowband interference (WNBI) and continuous wave interference (CWI) well. Finally, validation and evaluation are conducted, and then it is indicated that the system design can detect NB-RFIs and suppress WNBI and CWI effectively, which improves the signal-to-noise ratio (SNR) of the Delay-Doppler map (DDM).

Smart Grids require extensive communication to enable safe and stable energy supply in the age of decentralized and dynamic energy production and consumption. To protect the communication in this critical infrastructure, public authorities mandate smart meter gateways (SMGWs) to be in control of the communication security. To this end, the SMGW intercepts all inbound and outbound communication of its premise, e.g., a factory or smart home, and forwards it on secure channels that the SMGW established itself. However, using the SMGW as proxy, local devices can neither review the security of these remote connections established by the SMGW nor enforce higher security guarantees than established by the all in one configuration of the SMGW which does not allow for use case-specific security settings. We present mechanisms that enable local devices to regain this insight and control over the full connection, i.e., up to the final receiver, while retaining the SMGW's ability to ensure a suitable security level. Our evaluation shows modest computation and transmission overheads for this increased security in the critical smart grid infrastructure.

Steganography means hiding secrete message in cover object in a way that no suspicious from the attackers, the most popular steganography schemes is image steganography. A very common questions that asked in the field are: 1- what is the embedding scheme used?, 2- where is (location) the secrete messages are embedded?, and 3- how the sender will tell the receiver about the locations of the secrete message?. Here in this paper we are deal with and aimed to answer questions number 2 and 3. We used the popular scheme in image steganography which is least significant bits for embedding in edges positions in color images. After we separate the color images into its components Red, Green, and Blue, then we used one of the components as an index to find the edges, while other one or two components used for embedding purpose. Using this technique we will guarantee the same number and positions of edges before and after embedding scheme, therefore we are guaranteed extracting the secrete message as it's without any loss of secrete messages bits.

Quantum Key Distribution (QKD) is a technique for sharing encryption keys between two adjacent nodes. It provides unconditional secure communication based on the laws of physics. From the viewpoint of network research, QKD is considered to be a component for providing secure communication in network systems. A QKD network enables each node to exchange encryption keys with arbitrary nodes. However previous research did not focus on the processing speed of the key management method essential for a QKD network. This paper focuses on the key management method assuming a high-speed QKD system for which we clarify the design, propose a high-speed method, and evaluate the throughput. The proposed method consists of four modules: (1) local key manager handling the keys generated by QKD, (2) one-time pad tunnel manager establishing the transparent encryption link, (3) global key manager generating the keys for application communication, and (4) web API providing keys to the application. The proposed method was implemented in software and evaluated by emulating QKD key generation and application key consumption. The evaluation result reveals that it is capable of handling the encryption keys at a speed of 414 Mb/s, 185 Mb/s, 85 Mb/s and 971 Mb/s, for local key manager, one-time pad tunnel manager, global key manager and web API, respectively. These are sufficient for integration with a high-speed QKD system. Furthermore, the method allows the high-speed QKD system consisting of two nodes to expand corresponding to the size of the QKD network without losing the speed advantage.

Accountability and privacy are considered valuable but conflicting properties in the Internet, which at present does not provide native support for either. Past efforts to balance accountability and privacy in the Internet have unsatisfactory deployability due to the introduction of new communication identifiers, and because of large-scale modifications to fully deployed infrastructures and protocols. The IPv6 is being deployed around the world and this trend will accelerate. In this paper, we propose a private and accountable proposal based on IPv6 called PAVI that seeks to bootstrap accountability and privacy to the IPv6 Internet without introducing new communication identifiers and large-scale modifications to the deployed base. A dedicated quantitative analysis shows that the proposed PAVI achieves satisfactory levels of accountability and privacy. The results of evaluation of a PAVI prototype show that it incurs little performance overhead, and is widely deployable.

To experimentally study the characteristics of ultrasonic sensors, a wideband air-coupled ultrasonic transducer, wideband electromagnetic dynamic acoustic transducer (WEMDAT), is designed and fabricated. Characterisation methods, including electrical impedance analysis, laser Doppler vibrometry and pressure-field microphone measurement, are used to examine the performance of the WEMDAT, which have shown that the transducer has a wide bandwidth ranging approximately from 47 kHz to 145 kHz and a good directivity with a beam angle of around 20˚ with no evident side lobes. A 40 kHz commercial flexural ultrasonic transducer (FUT) is then taken as an example to receive ultrasonic waves in a pitch-catch configuration to evaluate the performance of the WEMDAT as an acoustic source. Experiment results have demonstrated that the WEMDAT can maintain the most of the frequency content of a 5 cycle 40 kHz tone burst electric signal and convert it into an ultrasonic wave for studying the dynamic characteristic and the directivity pattern of the ultrasonic receiver. A comparison of the dynamic characteristics between the transmitting and the receiving processes of the same FUT reveals that the FUT has a wider bandwidth when operating as an ultrasonic receiver than operating as a transmitter, which indicates that it is necessary to quantitatively investigate the receiving process of an ultrasonic transducer, demonstrating a huge potential of the WEMDAT serving as a standard acoustic source for ultrasonic sensors for various air-coupled ultrasonic applications.

Information security has become a major challenge in data transmission. Data transmitted through the network is vulnerable to many passive and active attacks. Cryptographic algorithms provide security against the data intruders and provide secure network communication. In this method, two algorithms TEA and DNA are combined to form a new algorithm called DETD (Double Encryption using TEA and DNA). The algorithm mainly deals with encryption and decryption time of a given input text. Here, both the encryption and decryption time are compared with the other two algorithms and the results are recorded. This algorithm also aims to provide data security by increasing the levels of encryption.

A dynamic DNA for key-based Cryptography that encrypt and decrypt plain text characters, text file, image file and audio file using DNA sequences. Cryptography is always taken as the secure way while transforming the confidential information over the network such as LAN, Internet. But over the time, the traditional cryptographic approaches are been replaced with more effective cryptographic systems such as Quantum Cryptography, Biometric Cryptography, Geographical Cryptography and DNA Cryptography. This approach accepts the DNA sequences as the input to generate the key that going to provide two stages of data security.

Wireless sensor networks consist of various sensors that are deployed to monitor the physical world. And many existing security schemes use traditional cryptography theory to protect message content and contextual information. However, we are concerned about location security of nodes. In this paper, we propose an anonymous routing strategy for preserving location privacy (ARPLP), which sets a proxy source node to hide the location of real source node. And the real source node randomly selects several neighbors as receivers until the packets are transmitted to the proxy source. And the proxy source is randomly selected so that the adversary finds it difficult to obtain the location information of the real source node. Meanwhile, our scheme sets a branch area around the sink, which can disturb the adversary by increasing the routing branch. According to the analysis and simulation experiments, our scheme can reduce traffic consumption and communication delay, and improve the security of source node and base station.

With the rapid proliferation of mobile users, the spectrum scarcity has become one of the issues that have to be addressed. Cognitive Radio technology addresses this problem by allowing an opportunistic use of the spectrum bands. In cognitive radio networks, unlicensed users can use licensed channels without causing harmful interference to licensed users. However, cognitive radio networks can be subject to different security threats which can cause severe performance degradation. One of the main attacks on these networks is the primary user emulation in which a malicious node emulates the characteristics of the primary user signals. In this paper, we propose a detection technique of this attack based on the RSS-based localization with the maximum likelihood estimation. The simulation results show that the proposed technique outperforms the RSS-based localization method in detecting the primary user emulation attacker.

Secure network coding realizes the secrecy of the message when the message is transmitted via noiseless network and a part of edges or a part of intermediate nodes are eavesdropped. In this framework, if the channels of the network has noise, we apply the error correction to noisy channel before applying the secure network coding. In contrast, secure physical layer network coding is a method to securely transmit a message by a combination of coding operation on nodes when the network is given as a set of noisy channels. In this paper, we give several examples of network, in which, secure physical layer network coding realizes a performance that cannot be realized by secure network coding.

In this paper, we propose a frozen bit selection scheme for polar coding scheme combined with physical layer security that enhances the security of two legitimate users on a wiretap channel. By flipping certain frozen bits, the bit-error rate (BER) of an eavesdropper is maximized while the BER of the legitimate receiver is unaffected. An ARQ protocol is proposed that only feeds back a small proportion of the frozen bits to the transmitter, which increases the secrecy rate. The scheme is evaluated on a wiretap channel affected by impulsive noise and we consider cases where the eavesdropper's channel is actually more impulsive than the main channel. Simulation results show that the proposed scheme ensures the eavesdropper's BER is high even when only one frozen bit is flipped and this is achieved even when their channel is more impulsive than the main channel.

As a result of increasing the interest in developing the communication systems that use public channels for transmitting information, many channel problems are raised up. Among these problems, the important one should be addressed is the information security. This paper presents a proposed communication system with high security uses two encryption levels based on chaotic systems. The first level is chaotic scrambling, while the second one is chaotic masking. This configuration increases the information security since the key space becomes too large. The MATLAB simulation results showed that the Segmental Spectral Signal to Noise Ratio (SSSNR) of the first level (chaotic scrambling) is reduced by -5.195 dB comparing to time domain scrambling. Furthermore, in the second level (chaotic masking), the SSSNR is reduced by -20.679 dB. It is also showed that when the two levels are combined, the overall reduction obtained is -21.755 dB.

This paper explores using chaos-based cryptography for transmitting multimedia data, mainly speech and voice messages, over public communication channels, such as the internet. The secret message to be transmitted is first converted into a one-dimensional time series, that can be cast in a digital/binary format. The main feature of the proposed technique is mapping the two levels of every corresponding bit of the time series into different multiple chaotic orbits, using a simple encryption function. This one-to-many mapping robustifies the encryption technique and makes it resilient to crypto-analysis methods that rely on associating the energy level of the signal into two binary levels, using return map attacks. A chaotic nonautonomous Duffing oscillator is chosen to implement the suggested technique, using three different parameters that are assumed unknown at the receiver side. Synchronization between the transmitter and the receiver and reconstructing the secret message, at the receiver side, is done using a Lyapunov-based adaptive technique. Achieving stable operation, tuning the required control gains, as well as effective utilization of the bandwidth of the public communication channel are investigated. Two different case studies are presented; the first one deals with text that can be expressed as 8-bit ASCII code, while the second one corresponds to an analog acoustic signal that corresponds to the voice associated with pronouncing a short sentence. Advantages and limitation of the proposed technique are highlighted, while suggesting extensions to other multimedia signals, along with their required additional computational effort.

A secure voice communications channel is on demand to avoid unwanted eavesdropping of voice messages. This paper reports the development of communicaiton channel prototype equipped with Chaotic cryptographic algorithm with Cipher Feedback mode, implemented on FPGA due to its high processing speed and low delay required for voice channel. Two Spartan-3 FPGA board was used for the purpose, one as transmitter in encryption process and the other as receiver of decryption process. The experimental tests reveal that the voice channel is successfully secured using the encryption-decription cycle for asynchronous communication. In the non-ecrypted channel, the average values of MSE, delay, and THD-N parameters are 0.3513 V2, 202 μs, and 17.52%, respectively, while the secured channel produce MSE of 0.3794 V2, delay 202 μs, and THD-N 20.45%. Therefore, the original information sent in the encrypted channel can be restored with similar quality compared to the non-encrypted channel.

Searchable encryption server protects privacal data of data owner from leaks. This paper analyzes the security of a multi-user searchable encryption scheme and points out that this scheme does not satisfy the invisibility of trapdoors. In order to improve the security of the original scheme, this paper proposes a probably secure multi-user multi-keyword searchable encryption scheme. New secheme not only ensures the confidentiality of the cipher text keyword, but also does not increase the encryption workload of the data owner when the new data user joins. In the random oracle model, based on the hard problem of decisional Diffie-Hellman, it is proved that the scheme has trapdoor indistinguishability. In the end, obtained by the simulation program to achieve a new computationally efficient communication at low cost.

Software-defined networking (SDN) is a recently developed approach to computer networking that brings a centralized orientation to network control, thereby improving network architecture and management. However, as with any communication environment that involves message transmission among users, SDN is confronted by the ongoing challenge of protecting user privacy. In this “Work in Progress (WIP)” research, we propose an SDN security model that applies the moving target defense (MTD) technique to protect communication links from sensitive data leakages. MTD is a security solution aimed at increasing complexity and uncertainty for attackers by concealing sensitive information that may serve as a gateway from which to launch different types of attacks. The proposed MTD-based security model is intended to protect user identities contained in transmitted messages in a way that prevents network intruders from identifying the real identities of senders and receivers. According to the results from preliminary experiments, the proposed MTD model has potential to protect the identities contained in transmitted messages within communication links. This work will be extended to protect sensitive data if an attacker gets access to the network device.

Todays analyzing web weaknesses and vulnerabilities in order to find security attacks has become more urgent. In case there is a communication contrary to the system security policies, a covert channel has been created. The attacker can easily disclosure information from the victim's system with just one public access permission. Covert timing channels, unlike covert storage channels, do not have memory storage and they draw less attention. Different methods have been proposed for their identification, which generally benefit from the shape of traffic and the channel's regularity. In this article, an entropy-based detection method is designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel's level or creating noise on the channel to protect from the analyst's detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyst, we conclude that the analyst must investigate traffic at all possible levels.