Biblio

With the traffic growth with different deterministic transport and isolation requirements in radio access networks (RAN), Flexible Ethernet (FlexE) over wavelength division multiplexing (WDM) network is as a candidate for next generation RAN transport, and the security issue in RAN transport is much more obvious, especially the eavesdropping attack in physical layer. Therefore, in this work, we put forward a cross-layer design for security enhancement through leveraging universal Hashing based FlexE data block permutation and multiple parallel fibre transmission for anti-eavesdropping in end-to-end FlexE over WDM network. Different levels of attack ability are considered for measuring the impact on network security and resource utilization. Furthermore, the trade-off problem between efficient resource utilization and guarantee of higher level of security is also explored. Numerical results demonstrate the cross-layer defense strategies are effective to struggle against intruders with different levels of attack ability.

Implementation of Internet-of-Things (IoT) can take place in many applications, for instance, automobiles, and industrial automation. We generally view the role of an Electronic Control Unit (ECU) or industrial network node that is occupied and interconnected in many different configurations in a vehicle or a factory. This condition may raise the occurrence of problems related to security issues, such as unauthorized access to data or components in ECUs or industrial network nodes. In this paper, we propose a hardware (HW)/software (SW) framework having integrated security extensions complemented with various security-related features that later can be implemented directly from the framework to All Programmable Multiprocessor System-on-Chip (AP MPSoC)-based ECUs. The framework is a software-defined one that can be configured or reconfigured in a higher level of abstraction language, including High-Level Synthesis (HLS), and the output of the framework is hardware configuration in multiprocessor or reconfigurable components in the FPGA. The system comprises high-level requirements, covert and side-channel estimation, cryptography, optimization, artificial intelligence, and partial reconfiguration. With this framework, we may reduce the design & development time, and provide significant flexibility to configure/reconfigure our framework and its target platform equipped with security extensions.

Recently, several cross-layer protocols have been designed for vehicular networks to optimize data dissemination by ensuring internal communications between routing and MAC layers. In this context, a cross-layer protocol, called TDMA-aware Routing Protocol for Multi-hop communications (TRPM), was proposed in order to efficiently select a relay node based on time slot scheduling information obtained from the MAC layer. However, due to the constant evolution of cyber-attacks on the routing and MAC layers, data dissemination in vehicular networks is vulnerable to several types of attack. In this paper, we identify the different attack models that can disrupt the cross-layer operation of the TRPM protocol and assess their impact on performance through simulation. Several new vulnerabilities related to the MAC slot scheduling process are identified. Exploiting of these vulnerabilities would lead to severe channel capacity wastage where up to half of the free slots could not be reserved.

The time-varying properties of the wireless channel are a powerful source of information that can complement and enhance traditional security mechanisms. Therefore, we propose a cross-layer authentication mechanism that combines physical layer channel information and traditional authentication mechanism in LTE. To verify the feasibility of the proposed mechanism, we build a cross-layer authentication system that extracts the phase shift information of a typical UE and use the ensemble learning method to train the fingerprint map based on OAI LTE. Experimental results show that our cross-layer authentication mechanism can effectively prompt the security of LTE system.

The significant development of Internet of Things (IoT) paradigm for monitoring the real-time applications using the wireless communication technologies leads to various challenges. The secure data transmission and privacy is one of the key challenges of IoT enabled Wireless Sensor Networks (WSNs) communications. Due to heterogeneity of attackers like Man-in-Middle Attack (MIMA), the present single layered security solutions are not sufficient. In this paper, the robust cross-layer trust computation algorithm for MIMA attacker detection proposed for IoT enabled WSNs called IoT enabled Cross-Layer Man-in-Middle Attack Detection System (IC-MADS). In IC-MADS, first robust clustering method proposed to form the clusters and cluster head (CH) preference. After clustering, for every sensor node, its trust value computed using the parameters of three layers such as MAC, Physical, and Network layers to protect the network communications in presence of security threats. The simulation results prove that IC-MADS achieves better protection against MIMA attacks with minimum overhead and energy consumption.

Due to their proven efficiency, machine-learning systems are deployed in a wide range of complex real-life problems. More specifically, Spiking Neural Networks (SNNs) emerged as a promising solution to the accuracy, resource-utilization, and energy-efficiency challenges in machine-learning systems. While these systems are going mainstream, they have inherent security and reliability issues. In this paper, we propose NeuroAttack, a cross-layer attack that threatens the SNNs integrity by exploiting low-level reliability issues through a high-level attack. Particularly, we trigger a fault-injection based sneaky hardware backdoor through a carefully crafted adversarial input noise. Our results on Deep Neural Networks (DNNs) and SNNs show a serious integrity threat to state-of-the art machine-learning techniques.

Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. In this paper, we present MODEF, a cross-layer model diversity ensemble framework. MODEF intelligently combines unsupervised model denoising ensemble with supervised model verification ensemble by quantifying model diversity, aiming to boost the robustness of the target model against adversarial examples. Evaluated using eleven representative attacks on popular benchmark datasets, we show that MODEF achieves remarkable defense success rates, compared with existing defense methods, and provides a superior capability of repairing adversarial inputs and making correct predictions with high accuracy in the presence of black-box attacks.

This paper proposes a triple-layer, high capacity, message security scheme. The first two layers are of a cryptographic nature, whereas the third layer is of a steganographic nature. In the first layer, AES-128 encryption is performed on the secret message. In the second layer, a chaotic logistic map encryption is applied on the output of the first secure layer to increase the security of the scheme. In the third layer of security, a 2D image steganography technique is performed, where the least significant bit (LSB) -embedding is done according to a zigzag pattern in each of the three color planes of the cover image (i.e. RGB). The distinguishing feature of the proposed scheme is that the secret data is hidden in a zigzag manner that cannot be predicted by a third party. Moreover, our scheme achieves higher values of peak signal to noise ratio (PPSNR), mean square error (MSE), the structural similarity index metric (SSIM), normal cross correlation (NCC) and image fidelity (IF) compared to its counterparts form the literature. In addition, a histogram analysis as well as the high achieved capacity are magnificent indicators for a reliable and high capacity steganographic scheme.

We propose a new architecture introducing AI to span the control layer and the data layer in SDON. This demonstration shows the cooperation of the AI engines in two layers in dealing with failure disposal.

The exponential growth of Internet-of-Things (IoT) devices not only brings convenience but also poses numerous challenging safety and security issues. IoT devices are distributed, highly heterogeneous, and more importantly, directly interact with the physical environment. In IoT systems, the bugs in device firmware, the defects in network protocols, and the design flaws in system configurations all may lead to catastrophic accidents, causing severe threats to people's lives and properties. The challenge gets even more escalated as the possible attacks may be chained together in a long sequence across multiple layers, rendering the current vulnerability analysis inapplicable. In this paper, we present ForeSee, a cross-layer formal framework to comprehensively unveil the vulnerabilities in IoT systems. ForeSee generates a novel attack graph that depicts all of the essential components in IoT, from low-level physical surroundings to high-level decision-making processes. The corresponding graph-based analysis then enables ForeSee to precisely capture potential attack paths. An optimization algorithm is further introduced to reduce the computational complexity of our analysis. The illustrative case studies show that our multilayer modeling can capture threats ignored by the previous approaches.

This paper presents a framework for medium access control (MAC) and physical (PRY) cross-layer security design of wireless avionics intra-communications (WAICs). The paper explores the different options based on the latest results of MAC-PRY cross-layer design and the available standard technologies for WAICs. Particular emphasis is given to solutions based on multiple-input multiple-output (MIMO) systems and recent developments towards a wireless technology with ultra-low latency and high reliability in the context of 5G and machine-type traffic support. One major objective is to improve WAICs technology and thus match the real-time, reliability and safety critical performance of the internal aeronautics bus technologies (e.g., ARINC 664). The main identified vulnerabilities and potential solutions are explored, as well as their impact on system design complexity and feasibility for wireless networks on-board aircraft. The solutions are presented in the context of the European project SCOTT (secure connected trustable things) using the recently released reference architecture for trusted IoT systems. Other aspects of SCOTT such as trust, privacy, security classes, and safety are also discussed here for the aeronautics domain.

The burgeoning Internet of Things (IoT) has offered unprecedented opportunities for innovations and applications that are continuously changing our life. At the same time, the large amount of pervasive IoT applications have posed paramount threats to the user's security and privacy. While a lot of efforts have been dedicated to deal with such threats from the hardware, the software, and the applications, in this paper, we argue and envision that more effective and comprehensive protection for IoT systems can only be achieved via a cross-layer approach. As such, we present our initial design of XLF, a cross-layer framework towards this goal. XLF can secure the IoT systems not only from each individual layer of device, network, and service, but also through the information aggregation and correlation of different layers.

With the explosive data growth arise from internet of things, how to ensure information security is facing unprecedented challenges. In this paper, a joint PHY/MAC layer security scheme with artificial noise design in singular value decomposition (SVD) based multiple input multiple output hybrid automatic retransmission request (MIMO HARQ) system is proposed to resolve the problem of low data rates in existing cross-layer security design and further adapt to the high data rate requirement of 5G. First, the SVD was applied to simplify MIMO systems into several parallel sub-channels employing HARQ protocol. Then, different from traditional null space based artificial noise design, the artificial noise design, which is dependent on the characteristics of channel states and transmission rounds, is detailed presented. Finally, the analytical and simulation results proved that with the help of the proposed artificial noise, both the information security and data rate performance can be significantly improved compared with that in single input single output (SISO) system.

Internet is a common method of trading business today. The usage of cryptocurrencies has increased these days and it has become a trend to utilize them. Cryptocurrency exchange servicers provide different smartphone apps that unfortunately may become the target of malicious attacks. This paper focuses on how it achieves highest security and proposes the multiple layered security analyses method for cryptocurrency exchange servicers.

Upon the new paradigm of Cellular Internet of Things, through the usage of technologies such as Narrowband IoT (NB-IoT), a massive amount of IoT devices will be able to use the mobile network infrastructure to perform their communications. However, it would be beneficial for these devices to use the same security mechanisms that are present in the cellular network architecture, so that their connections to the application layer could see an increase on security. As a way to approach this, an identity management and provisioning mechanism, as well as an identity federation between an IoT platform and the cellular network is proposed as a way to make an IoT device deemed worthy of using the cellular network and perform its actions.

We propose a novel cross-stack sensor framework for realizing lightweight, context-aware, high-interaction network and endpoint deceptions for attacker disinformation, misdirection, monitoring, and analysis. In contrast to perimeter-based honeypots, the proposed method arms production workloads with deceptive attack-response capabilities via injection of booby-traps at the network, endpoint, operating system, and application layers. This provides defenders with new, potent tools for more effectively harvesting rich cyber-threat data from the myriad of attacks launched by adversaries whose identities and methodologies can be better discerned through direct engagement rather than purely passive observations of probe attempts. Our research provides new tactical deception capabilities for cyber operations, including new visibility into both enterprise and national interest networks, while equipping applications and endpoints with attack awareness and active mitigation capabilities.

The existing research on the Internet of Things(IoT) security mainly focuses on attack and defense on a single protocol layer. Increasing and ubiquitous use of loT also makes it vulnerable to many attacks. An attacker try to performs the intelligent, brutal and stealthy attack that can reduce the risk of being detected. In these kinds of attacks, the attackers not only restrict themselves to a single layer of protocol stack but they also try to decrease the network performance and throughput by a simultaneous and coordinated attack on different layers. A new class of attacks, termed as cross-layer attack became prominent due to lack of interaction between MAC, routing and upper layers. These attacks achieve the better effect with reduced cost. Research has been done on cross-layer attacks in other domains like Cognitive Radio Network(CRN), Wireless Sensor Networks(WSN) and ad-hoc networks. However, our proposed scheme of cross-layer attack in IoT is the first paper to the best of our knowledge. In this paper, we have proposed Rank Manipulation and Drop Delay(RMDD) cross-layer attack in loT, we have investigated how small intensity attack on Routing protocol for low power lossy networks (RPL) degrades the overall application throughput. We have exploited the Rank system of the RPL protocol to implement the attacks. Rank is given to each node in the graph, and it shows its position in the network. If the rank could be manipulated in some manner, then the network topology can be modified. Simulation results demonstrate that the proposed attacks degrade network performance very much in terms of the throughput, latency, and connectivity.

Recent advances in Cross-Technology Communication (CTC) enable the coexistence and collaboration among heterogeneous wireless devices operating in the same ISM band (e.g., Wi-Fi, ZigBee, and Bluetooth in 2.4 GHz). However, state-of-the-art CTC schemes are vulnerable to spoofing attacks since there is no practice authentication mechanism yet. This paper proposes a scheme to enable the spoofing attack detection for CTC in heterogeneous wireless networks by using physical layer information. First, we propose a model to detect ZigBee packets and measure the corresponding Received Signal Strength (RSS) on Wi-Fi devices. Then, we design a collaborative mechanism between Wi-Fi and ZigBee devices to detect the spoofing attack. Finally, we implement and evaluate our methods through experiments on commercial off-the- shelf (COTS) Wi-Fi and ZigBee devices. Our results show that it is possible to measure the RSS of ZigBee packets on Wi-Fi device and detect spoofing attack with both a high detection rate and a low false positive rate in heterogeneous wireless networks.

The healthcare sector is exploring the incorporation of digital solutions in order to improve access, reduce costs, increase quality and enhance their capacity in reaching a higher number of citizens. However, this opens healthcare organisations' systems to external elements used within or beyond their premises, new risks and vulnerabilities in what regards cyber threats and incidents. We propose the creation of a Security Assessment as a Service (SAaaS) crosslayered system that is able to identify vulnerabilities and proactively assess and mitigate threats in an IT healthcare ecosystem exposed to external devices and interfaces, considering that most users are not experts (even technologically illiterate") in cyber security and, thus, unaware of security tactics or policies whatsoever. The SAaaS can be integrated in an IT healthcare environment allowing the monitoring of existing and new devices, the limitation of connectivity and privileges to new devices, assess a device's cybersecurity risk and - based on the device's behaviour - the assignment and revoking of privileges. The SAaaS brings a controlled cyber aware environment that assures security, confidentiality and trust, even in the presence of non-trusted devices and environments.

Cross layer based approaches are increasingly becoming popular in Manet (Mobile Adhoc Network). As Manet are constrained with issues as low battery, limited bandwidth, link breakage and dynamic topology, cross layer based designs are trying to remove such barriers and trying to make Manet more scalable. Cross layer designs are also facing attacking problem and ensuring the security of network to defend the attack is must. In this paper we discuss about technique to optimize the performance by minimizing delay and overhead of secure cross layer routing protocol. We have designed SCLPC (Secure cross layer based Power control) protocol. But when security is imposed using AASR (Authenticated and anonymous secure routing), the network metrics as end to end delay and control overhead is disturbed. To optimize the network performance here we proposed OSCLPC (Optimized secure cross layer based power control protocol). The proposed OSCLPC has been evaluated using SHORT (Self healing and optimizing route technique). The OSCLPC is simulated in ns2 and it is giving the better performance compared with SCLPC.

Global Platform (GP)1 specifications accepted as de facto industry standards are widely used for the development of embedded operating system running on secure chip devices. A promising approach to demonstrating the implementation of an OS meets its specification is formal verification. However, most previous work on operating system verification targets high-level source programs proving the correspondence between abstract specification and high-level implementation but ignoring the machine-code level implementation parts. Thus, this kind of correspondence proofs stay in a shallow level. In this paper, we present a novel methodology for formal specifying and certifying the implementation of an embedded operating system strictly follows the GP specification. We establish a multiple abstraction layers framework that has four layers, from up to down, which are Formal Global Platform Layer (FGPL), Formal Specification High Layer (FSHL), Formal Specification Low Layer (FSLL) and Formal Assembly Machine Layer (FAML). To demonstrate the effectiveness of our methodology, we take the communication module of our Trust-E operating system (running on an extended CompCert ARM assembly machine model) as a case study and have successfully constructed a multi-layered proof, fully formalized in the Coq proof assistant. Some parts of the module are written in C and some are written in assembly; we certify that all codes implementation follow Global Platform specification.

Memory-safety violations are the primary cause of security and reliability issues in software systems written in unsafe languages. Given the limited adoption of decades-long research in software-based memory safety approaches, as an alternative, Intel released Memory Protection Extensions (MPX)–-a hardware-assisted technique to achieve memory safety. In this work, we perform an exhaustive study of Intel MPX architecture along three dimensions: (a) performance overheads, (b) security guarantees, and (c) usability issues. We present the first detailed root cause analysis of problems in the Intel MPX architecture through a cross-layer dissection of the entire system stack, involving the hardware, operating system, compilers, and applications. To put our findings into perspective, we also present an in-depth comparison of Intel MPX with three prominent types of software-based memory safety approaches. Lastly, based on our investigation, we propose directions for potential changes to the Intel MPX architecture to aid the design space exploration of future hardware extensions for memory safety. A complete version of this work appears in the 2018 proceedings of the ACM on Measurement and Analysis of Computing Systems.

Secure Two Party Computation (2PC) has the potential to facilitate a wide range of real life applications where privacy of the computation and participants is critical. Nevertheless, this potential has not translated to widespread industry acceptance due to performance issues. Over the years a significant research effort has focused on optimising the performance of 2PC. The computation complexity has been continually improved and recently, following circuit optimisations and hardware support for cryptographic operations, evaluations of 2PC on a single host currently produce efficient results. Unfortunately, when evaluated on remote hosts, the performance remains prohibitive for practical purposes. The bottleneck is believed to be the bandwidth. In this work we explore the networking layer of 2PC implementations and show that the performance bottleneck is inherent in the usage of TCP sockets in implementations of 2PC schemes. Through experimental evaluations, we demonstrate that other transport protocols can significantly improve the performance of 2PC, making it suitable for practical applications.

Although the vision of 5G is to accommodate billions IoT devices and applications, its success depends very much on its ability to provide enhanced and affordable security. This paper introduces an Identity Federation solution which reuses the SIM authentication for cellular IoT devices enabling single-sign-on. The proposed solution alleviates the IoT provider's burden of device identity management at the same time as the operational costs are reduced considerably. The proposed solution is realized by open source software for LTE, identity management and IoT.

Access control in the Internet of Things (IoT) often depends on a situation — for example, "the user is at home” — that can only be tracked using multiple devices. In contrast to the (well-studied) smartphone frameworks, enforcement of situational constraints in the IoT poses new challenges because access control is fundamentally decentralized. It takes place in multiple independent frameworks, subjects are often external to the enforcement system, and situation tracking requires cross-framework interaction and permissioning. Existing IoT frameworks entangle access-control enforcement and situation tracking. This results in overprivileged, redundant, inconsistent, and inflexible implementations. We design and implement a new approach to IoT access control. Our key innovation is to introduce "environmental situation oracles” (ESOs) as first-class objects in the IoT ecosystem. An ESO encapsulates the implementation of how a situation is sensed, inferred, or actuated. IoT access-control frameworks can use ESOs to enforce situational constraints, but ESOs and frameworks remain oblivious to each other's implementation details. A single ESO can be used by multiple access-control frameworks across the ecosystem. This reduces inefficiency, supports consistent enforcement of common policies, and — because ESOs encapsulate sensitive device-access rights — reduces overprivileging. ESOs can be deployed at any layer of the IoT software stack where access control is applied. We implemented prototype ESOs for the IoT resource layer, based on the IoTivity framework, and for the IoT Web services, based on the Passport middleware.