Biblio

During the last decade, the smart digital environment has become one of the most scientific challenges that occupy scientists and researchers. This new environment consists basically of smart connected products including three main parts: the physical mechanical/electrical product, the smart part of the product made from embedded software and human machine interface, and finally the connectivity part including antennas and routing protocols insuring the wired/wireless communication with other products, from our side, we are involved in the implementation of the latter part by developing a routing protocol that will meet the increasingly demanding requirements of today's systems (security, bandwidth, network lifetime, ...). Based on the researches carried out in other fields of application such as MANETS, multi-path routing fulfills our expectations. In this article, the MPOLSR protocol was chosen as an example, comparing its standard version and its improvements in order to choose the best solution that can be applied in the smart digital environment.

The underlying element that supports the device communication in the MANET is the wireless connection capability. Each node has the ability to communicate with other nodes via the creation of routing path. However, due to the fact that nodes in MANET are autonomous and the routing paths created are only based on current condition of the network, some of the paths are extremely instable. In light of these shortcomings, many research works emphasizes on the improvement of routing path algorithm. Regardless of the application the MANET can support, the MANET possesses unique characteristics, which enables mobile nodes to form dynamic communication irrespective the availability of a fixed network. However the inherent nature of MANET has led to nodes in MANET to be vulnerable to denied services. A typical Denial of Service (DoS) in MANET is the Black Hole attack, caused by a malicious node, or a set of nodes advertising false routing updates. Typically, the malicious nodes are difficult to be detected. Each node is equipped with a particular type of routing protocol and voluntarily participates in relaying the packets. However, some nodes may not be genuine and has been tampered to behave maliciously, which causes the Black Hole attack. Several on demand routing protocol e.g. Ad hoc On Demand Distance Vector (AODV) and Dynamic Source Routing (DSR) are susceptible to such attack. In principle, the attack exploits the Route Request (RREQ) discovery operation and falsifies the sequence number and the shortest path information. The malicious nodes are able to utilize the loophole in the RREQ discovery process due to the absence of validation process. As a result, genuine RREQ packets are exploited and erroneously relayed to a false node(s). This paper highlights the effect Black Hole nodes to the network performance and therefore substantiates the previous work done [1]. In this paper, several simulation experiments are iterated using NS-2, which employed various scenarios and traffic loads. The simulation results show the presence of Black Hole nodes in a network can substantially affects the packet delivery ratio and throughput by as much as 100%.

In recent years the use of wireless ad hoc networks has seen an increase of applications. A big part of the research has focused on Mobile Ad Hoc Networks (MAnETs), due to its implementations in vehicular networks, battlefield communications, among others. These peer-to-peer networks usually test novel communications protocols, but leave out the network security part. A wide range of attacks can happen as in wired networks, some of them being more damaging in MANETs. Because of the characteristics of these networks, conventional methods for detection of attack traffic are ineffective. Intrusion Detection Systems (IDSs) are constructed on various detection techniques, but one of the most important is anomaly detection. IDSs based only in past attacks signatures are less effective, even more if these IDSs are centralized. Our work focuses on adding a novel Machine Learning technique to the detection engine, which recognizes attack traffic in an online way (not to store and analyze after), re-writing IDS rules on the fly. Experiments were done using the Dockemu emulation tool with Linux Containers, IPv6 and OLSR as routing protocol, leading to promising results.

Mobile ad hoc networks (MANETs) play a significant role for communication whenever infrastructure is not available. In MANET, the group communication-based applications use the multicast routing protocol, where there is a single sender node and a group of receiver nodes. The benefits of multicast routing protocols are the capability to reduce the communication costs and saving the network resources by reproduction of the message over a shared network. The security is the main concern for multicast routing protocol in MANET, as it includes large number of participants. The security issues become more rigorous in a multicast communication due to its high variedness and routing difficulty. In this paper, we consider the internal attack, namely Multicast Announcement Packet Fabrication Attack on PUMA (Protocol for Unified Multicasting through Announcements). We proposed the security approach to detect the attacks as multicast activity-based overhearing technique, i.e., traffic analysis-based detection method with a unique key value. The performance analysis, shows an improved network performance of proposed approach over PUMA.

Tactical Mobile Ad-hoc NETworks (T-MANETs) are mainly used in self-configuring automatic vehicles and robots (also called nodes) for the rescue and military operations. A high dynamic network architecture, nodes unreliability, nodes misbehavior as well as an open wireless medium make it very difficult to assume the nodes cooperation in the `ad-hoc network or comply with routing rules. The routing protocols in the T-MANET are unprotected and subsequently result in various kinds of nodes misbehavior's (such as selfishness and denial of service). This paper introduces a comprehensive analysis of the packet dropping attack includes three types of misbehavior conducted by insiders in the T-MANETs namely black hole, gray hole, and selfish behaviours. An insider threat model is appended to a state-of-the-art routing protocol (such as DSR) and analyze the effect of packet dropping attack on the performance evaluation of DSR in the T-MANET. This paper contributes to the existing knowledge in a way it allows further security research to understand the behaviours of the main threats in MANETs which depends on nods defection in the packet forwarding. The simulation of the packet dropping attack is conducted using the Network Simulator 2 (NS2). It has been found that the network throughput has dropped considerably for black and gray hole attacks whereas the selfish nodes delay the network flow. Moreover, the packet drop rate and energy consumption rate are higher for black and gray hole attacks.

Tactical MANETs are deployed in several challenging situations such as node mobility, presence of radio interference together with malicious jamming attacks, and execrable terrain features etc. Jamming attacks are especially harmful to the reliability of wireless communication, as they can effectively disrupt communication between any node pairs. The nature of Tactical MANETs hinders ineffective most of existing reliable routing schemes for ordinary wireless mobile networks. Routing Protocols in Tactical MANET s face serious security and reliability challenges. Selecting a long lasting and steady-going route is a critical task. Due to the lack of accurate acquisition and evaluation of the transmission characteristics, routing algorithms may result in continual reconstruction and high control overhead. This paper studies the impact of jamming and interference on the common protocols of tactical communications and presents a neighbor dependency-based reliable routing algorithm. According to the neighbor dependency based on channel state information evaluated by Exponential Smoothing Method, how to select a neighboring node as the next hop will greatly affect the transmission reliability. Finally, the performance of the reliable routing protocol based on neighbor dependency is tested in OPNET, and compared with the classical AODV algorithm and the improved AODV based on link Cost (CAODV) algorithm. The simulation results show that the protocol presented in this paper has better data transmission reliability.

The use of self organized wireless technologies called as Mobile Ad Hoc Networks (MANETs) has increased and these wireless devices can be deployed anywhere without any infrastructural support or without any base station, hence securing these networks and preventing from Intrusions is necessary. This paper describes a method for securing the MANETs using Hybrid cryptographic technique which uses RSA and AES algorithm along with SHA 256 Hashing technique. This hybrid cryptographic technique provides authentication to the data. To check whether there is any malicious node present, an Intrusion Detection system (IDS) technique called Enhanced Adaptive Acknowledgement (EAACK) is used, which checks for the acknowledgement packets to detect any malicious node present in the system. The routing of packets is done through two protocols AODV and ZRP and both the results are compared. The ZRP protocol when used for routing provides better performance as compared to AODV.

Mobile Ad Hoc Network (MANET) technology provides intercommunication between different nodes where no infrastructure is available for communication. MANET is attracting many researcher attentions as it is cost effective and easy for implementation. Main challenging aspect in MANET is its vulnerability. In MANET nodes are very much vulnerable to attacks along with its data as well as data flowing through these nodes. One of the main reasons of these vulnerabilities is its communication policy which makes nodes interdependent for interaction and data flow. This mutual trust between nodes is exploited by attackers through injecting malicious node or replicating any legitimate node in MANET. One of these attacks is blackhole attack. In this study, the behavior of blackhole attack is discussed and have proposed a lightweight solution for blackhole attack which uses inbuilt functions.

Since MANETs are infrastructure-less, they heavily use secret sharing techniques to distribute and decentralize the role of a trusted third party, where the MANET secret s is shared among the legitimate nodes using (t, n) threshold secret sharing scheme. For long lived MANETs, the shared secret is periodically updated without changing the MANET secret based on proactive secret sharing using Elliptic Curve Cryptography(ECC). Hence, the adversary trying to learn the secret, needs to gain at-least t partial shares in the same time period. If the time period and the threshold value t are selected properly, proactive verifiable secret sharing can maintain the overall security of the information in long lived MANETs. The conventional cryptographic algorithms are heavy weight, require lot of computation power thus consuming lot of resources. In our proposal we used Elliptic Curve Cryptography to verify commitments as it requires smaller keys compared to existing proactive secret sharing techniques and makes it useful for MANETs, Which are formed of resource constraint devices.

Reliability and robustness of Internet of Things (IoT)-cloud-based communication is an important issue for prospective development of the IoT concept. In this regard, a robust and unique client-to-cloud communication physical layer is required. Physical Unclonable Function (PUF) is regarded as a suitable physics-based random identification hardware, but suffers from reliability problems. In this paper, we propose novel hardware concepts and furthermore an analysis method in CMOS technology to improve the hardware-based robustness of the generated PUF word from its first point of generation to the last cloud-interfacing point in a client. Moreover, we present a spectral analysis for an inexpensive high-yield implementation in a 65nm generation. We also offer robust monitoring concepts for the PUF-interfacing communication physical layer hardware.

This paper presents a true random number generator that exploits the subthreshold properties of jitter of events propagating in a self-timed ring and jitter of events propagating in an inverter based ring oscillator. Design was implemented in 180nm CMOS flash process. Devices provide high quality random bit sequences passing FIPS 140-2 and NIST SP 800-22 statistical tests which guaranty uniform distribution and unpredictability thanks to the physics based entropy source.

Hardware implementations of cryptographic algorithms may leak information through numerous side channels, which can be used to reveal the secret cryptographic keys, and therefore compromise the security of the algorithm. Power Analysis Attacks (PAAs) [1] exploit the information leakage from the device's power consumption (typically measured on the supply and/or ground pins). Digital circuits consume dynamic switching energy when data propagate through the logic in each new calculation (e.g. new clock cycle). The average power dissipation of a design can be expressed by: Ptot(t) = α · (Pd(t) + Ppvt(t)) (1) where α is the activity factor (the probability that the gate will switch) and depends on the probability distribution of the inputs to the combinatorial logic. This induces a linear relationship between the power and the processed data [2]. Pd is the deterministic power dissipated by the switching of the gate, including any parasitic and intrinsic capacitances, and hence can be evaluated prior to manufacturing. Ppvt is the change in expected power consumption due to nondeterministic parameters such as process variations, mismatch, temperature, etc. In this manuscript, we describe the design of logic gates that induce data-independent (constant) α and Pd.

Physically unclonable functions (PUFs) are used to uniquely identify electronic devices. Here, we introduce a hybrid silicon CMOS-nanotube PUF circuit that uses the variations of nanotube transistors to generate a random response. An analog silicon circuit subsequently converts the nanotube response to zero or one bits. We fabricate an array of nanotube transistors to study and model their device variability. The behavior of the hybrid CMOS-nanotube PUF is then simulated. The parameters of the analog circuit are tuned to achieve the desired normalized Hamming inter-distance of 0.5. The co-design of the nanotube array and the silicon CMOS is an attractive feature for increasing the immunity of the hybrid PUF against an unauthorized duplication. The heterogeneous integration of nanotubes with silicon CMOS offers a new strategy for realizing security tokens that are strong, low-cost, and reliable.

The paper presents an example Sensor-cloud architecture that integrates security as its native ingredient. It is based on the multi-layer client-server model with separation of physical and virtual instances of sensors, gateways, application servers and data storage. It proposes the application of virtualised sensor nodes as a prerequisite for increasing security, privacy, reliability and data protection. All main concerns in Sensor-Cloud security are addressed: from secure association, authentication and authorization to privacy and data integrity and protection. The main concept is that securing the virtual instances is easier to implement, manage and audit and the only bottleneck is the physical interaction between real sensor and its virtual reflection.

The Semantic Web can be used to enable the interoperability of IoT devices and to annotate their functional and nonfunctional properties, including security and privacy. In this paper, we will show how to use the ontology and JSON-LD to annotate connectivity, security and privacy properties of IoT devices. Out of that, we will present our prototype for a lightweight, secure application level protocol wrapper that ensures communication consistency, secrecy and integrity for low cost IoT devices like the ESP8266 and Photon particle.

Untrusted third-party vendors and manufacturers have raised security concerns in hardware supply chain. Among all existing solutions, formal verification methods provide powerful solutions in detection malicious behaviors at the pre-silicon stage. However, little work have been done towards built-in hardware runtime verification at the post-silicon stage. In this paper, a runtime formal verification framework is proposed to evaluate the trust of hardware during its execution. This framework combines the symbolic execution and SAT solving methods to validate the user defined properties. The proposed framework has been demonstrated on an FPGA platform using an SoC design with untrusted IPs. The experimentation results show that the proposed approach can provide high-level security assurance for hardware at runtime.

Mobile cloud computing paradigm enables cloud servers to extend the limited hardware resources of mobile devices improving availability and reliability of the services provided. Consequently, private, financial, business and critical data pass through wireless access media exposed to malicious attacks. Mobile cloud infrastructure requires new security mechanisms, at the same time as offloading operations need to maintain the advantages of saving processing and energy of the device. Thus, this paper implements a middleware-based computational offloading with cryptographic algorithms and evaluates two mechanisms (symmetric and asymmetric), to provide the integrity and authenticity of data that a smartphone offloads to mobile cloud servers. Also, the paper discusses the factors that impact on power consumption and performance on smartphones that's run resource-intensive applications.

Application-level data management middleware solutions are becoming increasingly compelling to deal with the complexity of a multi-cloud or federated cloud storage and multitenant storage architecture. However, these systems typically support traditional data mapping strategies that are created under the assumption of a fixed and rigorous database schema, and mapping data objects while supporting varying data confidentiality requirements therefore leads to fragmentation of data over distributed storage nodes. This introduces performance over-head at the level of individual database transactions and negatively affects the overall scalability. This paper discusses these challenges and highlights the potential of leveraging the data schema flexibility of NoSQL databases to accomplish dynamic and fine-grained data encryption in a more efficient and scalable manner. We illustrate these ideas in the context of an industrial multi-tenant SaaS application.

The increase of sensitive data in the current Internet of Things (IoT) raises demands of computation, communication and storage capabilities. Indeed, thanks to RFID tags and wireless sensor networks, anything can be part of IoT. As a result, a large amount of data is generated, which is hard for many IoT devices to handle, as many IoT devices are resource-constrained and cannot use the existing standard security protocols. Cloud computing might seem like a convenient solution, since it offers on-demand access to a shared pool of resources such as processors, storage, applications and services. However this comes as a cost, as unnecessary communications not only burden the core network, but also the data center in the cloud. Therefore, considering suitable approaches such as fog computing and security middleware solutions is crucial. In this paper, we propose a novel middleware architecture to solve the above issues, and discuss the generic concept of using fog computing along with cloud in order to achieve a higher security level. Our security middleware acts as a smart gateway as it is meant to pre-process data at the edge of the network. Depending on the received information, data might either be processed and stored locally on fog or sent to the cloud for further processing. Moreover, in our scheme, IoT constrained devices communicate through the proposed middleware, which provide access to more computing power and enhanced capability to perform secure communications. We discuss these concepts in detail, and explain how our proposal is effective to cope with some of the most relevant IoT security challenges.

With Internet of Things (IoT) middleware solutions moving towards cloud computing, the problems of trust in cloud platforms and data privacy need to be solved. The emergence of Trusted Execution Environments (TEEs) opens new perspectives to increase security in cloud applications. We propose a privacy-preserving IoT middleware, using Intel Software Guard Extensions (SGX) to create a secure system on untrusted platforms. An encrypted index is used as a database and communication with the application is protected using asymmetric encryption. This set of measures allows our system to process events in an orchestration engine without revealing data to the hosting cloud platform.

Large-scale parallel applications with complex global data dependencies beyond those of reductions pose significant scalability challenges in an asynchronous runtime system. Internodal challenges include identifying the all-to-all communication of data dependencies among the nodes. Intranodal challenges include gathering together these data dependencies into usable data objects while avoiding data duplication. This paper addresses these challenges within the context of a large-scale, industrial coal boiler simulation using the Uintah asynchronous many-task runtime system on GPU architectures. We show significant reduction in time spent analyzing data dependencies through refinements in our dependency search algorithm. Multiple task graphs are used to eliminate subsequent analysis when task graphs change in predictable and repeatable ways. Using a combined data store and task scheduler redesign reduces data dependency duplication ensuring that problems fit within host and GPU memory. These modifications did not require any changes to application code or sweeping changes to the Uintah runtime system. We report results running on the DOE Titan system on 119K CPU cores and 7.5K GPUs simultaneously. Our solutions can be generalized to other task dependency problems with global dependencies among thousands of nodes which must be processed efficiently at large scale.

Internet of Things (IoT) devices offer new sources of contextual information, which can be leveraged by applications to make smart decisions. However, due to the decentralized and heterogeneous nature of such devices - each only having a partial view of their surroundings - there is an inherent risk of uncertain, unreliable and inconsistent observations. This is a serious concern for applications making security related decisions, such as context-aware authentication. We propose and evaluate a middleware for IoT that provides trustworthy context for a collaborative authentication use case. It abstracts a dynamic and distributed fusion scheme that extends the Chair-Varshney (CV) optimal decision fusion rule such that it can be used in a highly dynamic IoT environment. We compare performance and cost trade-offs against regular CV. Experimental evaluation demonstrates that our solution outperforms CV with 10% in a highly dynamic IoT environments, with the ability to detect and mitigate unreliable sensors.

The Internet of Things (IoT) creates value by connecting digital processes to the physical world using embedded sensors, actuators and wireless networks. The IoT is increasingly intertwined with critical industrial processes, yet contemporary IoT devices offer limited security features, creating a large new attack surface and inhibiting the adoption of IoT technologies. Hardware security modules address this problem, however, their use increases the cost of embedded IoT devices. Furthermore, millions of IoT devices are already deployed without hardware security support. This paper addresses this problem by introducing a Security MicroVisor (SμV) middleware, which provides memory isolation and custom security operations using software virtualisation and assembly-level code verification. We showcase SμV by implementing a key security feature: remote attestation. Evaluation shows extremely low overhead in terms of memory, performance and battery lifetime for a representative IoT device.

The growing adoption of distributed data processing frameworks in a wide diversity of application domains challenges end-to-end integration of properties like security, in particular when considering deployments in the context of large-scale clusters or multi-tenant Cloud infrastructures. This paper therefore introduces SecureStreams, a reactive middleware framework to deploy and process secure streams at scale. Its design combines the high-level reactive dataflow programming paradigm with Intel®'s low-level software guard extensions (SGX) in order to guarantee privacy and integrity of the processed data. The experimental results of SecureStreams are promising: while offering a fluent scripting language based on Lua, our middleware delivers high processing throughput, thus enabling developers to implement secure processing pipelines in just few lines of code.

Every so often papers are published presenting a new extension for modelling cyber security requirements in Business Process Model and Notation (BPMN). The frequent production of new extensions by experts belies the need for a richer and more usable representation of security requirements in BPMN processes. In this paper, we present our work considering an analysis of existing extensions and identify the notational issues present within each of them. We discuss how there is yet no single extension which represents a comprehensive range of cyber security concepts. Consequently, there is no adequate solution for accurately specifying cyber security requirements within BPMN. In order to address this, we propose a new framework that can be used to extend, visualise and verify cyber security requirements in not only BPMN, but any other existing modelling language. The framework comprises of the three core roles necessary for the successful development of a security extension. With each of these being further subdivided into the respective components each role must complete.