Biblio

Multi-stage Proof-of-Work is a recently proposed protocol which extends the Proof-of-Work protocol used in Bitcoin. It splits Proof-of-Work into multiple stages, to achieve a more efficient block generation and a fair reward distribution. In this paper we study some of the Multi-stage Proof-of-Work security vulnerabilities. Precisely, we present two attacks: a Selfish Mining attack and a Selfish Stage-Withholding attack. We show that Multi-stage Proof-of-Work is not secure against a selfish miner owning more than 25% of the network hashing power. Moreover, we show that Selfish Stage-Withholding is a complementary strategy to boost a selfish miner's profitability.

The advent of the Internet of Things (IoT) and Cyber-Physical Systems (CPS) enabled a new class of smart and interactive devices. With their continuous connectivity and their access to valuable information in both the digital and physical world, they are attractive targets for security attackers. Hence, with their integration into both the industry and consumer devices, they added a new surface for cybersecurity attacks. These potential threats call for special care of security vulnerabilities during the design of IoT devices and CPS. The design of secure systems is a complex task, especially if they must adhere to other constraints, such as performance, power consumption, and others. A range of design space exploration tools have been proposed in academics, which aim to support system designers in their task of finding the optimal selection of hardware components and task mappings. Said tools offer a limited way of modeling attack scenarios as constraints for a system under design. The framework proposed in this paper aims at closing this gap, offering system designers a way to consider security attacks and security risks during the early design phase. It offers designers to model security constraints from the view of potential attackers, assessing the probability of successful security attacks and security risk. The framework's feasibility and performance is demonstrated by revisiting a potential system design of an industry partner.

A mobile ad hoc network (MANET) is a collection of mobile nodes that do not need to rely on a pre-existing network infrastructure or centralized administration. Securing MANETs is a serious concern as current research on MANETs continues to progress. Each node in a MANET acts as a router, forwarding data packets for other nodes and exchanging routing information between nodes. It is this intrinsic nature that introduces the serious security issues to routing protocols. A black hole attack is one of the well-known security threats for MANETs. A black hole is a security attack in which a malicious node absorbs all data packets by sending fake routing information and drops them without forwarding them. In order to defend against a black hole attack, in this paper we propose a new threshold-based black hole attack prevention method using multiple RREPs. To investigate the performance of the proposed method, we compared it with existing methods. Our simulation results show that the proposed method outperforms existing methods from the standpoints of packet delivery rate, throughput, and routing overhead.

Mobile ad-hoc network (MANETS) is generally appropriate in different territories like military tactical network, educational, home and entertainment and emergency operations etc. The MANETSs are simply the disintegration and designing kind of system in this portable hubs coming up and out the system whenever. Because of decentralized creation of the network, security, routing and Standard of service are the three noteworthy issues. MANETSs are helpless against security attack in light of the decentralized validation. The mobile hubs can enter or out the system and at some point malicious hubs enter the system, which are capable to trigger different dynamic and inactive attack. The flooding attack is the dynamic sort of attack in which malicious hubs transfers flooding packets on the medium. Because of this, medium gets over-burden and packets drop may happen inside the system. This decreases the throughput and increased packet loss. In this paper we illustrated different techniques and proposed various methods responsible for flooding attack. Our commitment in this paper is that we have investigated various flooding attacks in MANETs, their detection techniques with performance measure parameters.

This paper provides hardware-independent authentication named as Intelligent Authentication Scheme, which rectifies the design weaknesses that may be exploited by various security attacks. The Intelligent Authentication Scheme protects against various types of security attacks such as password-guessing attack, replay attack, streaming bots attack (denial of service), keylogger, screenlogger and phishing attack. Besides reducing the overall cost, it also balances both security and usability. It is a unique authentication scheme.

Phishing is a security attack to acquire personal information like passwords, credit card details or other account details of a user by means of websites or emails. Phishing websites look similar to the legitimate ones which make it difficult for a layman to differentiate between them. As per the reports of Anti Phishing Working Group (APWG) published in December 2018, phishing against banking services and payment processor was high. Almost all the phishy URLs use HTTPS and use redirects to avoid getting detected. This paper presents a focused literature survey of methods available to detect phishing websites. A comparative study of the in-use anti-phishing tools was accomplished and their limitations were acknowledged. We analyzed the URL-based features used in the past to improve their definitions as per the current scenario which is our major contribution. Also, a step wise procedure of designing an anti-phishing model is discussed to construct an efficient framework which adds to our contribution. Observations made out of this study are stated along with recommendations on existing systems.

A covert channel is a communication channel that is subjugated for illegal flow of information in a way that violates system security policies. It is a dangerous, invisible, undetectable, and developed security attack. Recently, Packet length covert channel has motivated many researchers as it is a one of the most undetectable network covert channels. Packet length covert channel generates a covert traffic that is very similar to normal terrific which complicates the detection of such type of covert channels. This motivates us to introduce a machine learning based detection scheme. Recently, a machine learning approach has proved its capability in many different fields especially in security field as it usually brings up a reliable and realistic results. Based in our developed content and frequency-based features, the developed detection scheme has been fully trained and tested. Our detection scheme has gained an excellent degree of detection accuracy which reaches 98% (zero false negative rate and 0.02 false positive rate).

The Information Centric Networking (ICN) is a novel concept of a large scale ecosystem of wireless actuators and computing technologies. ICN technologies are getting popular in the development of various applications to bring day-to-day comfort and ease in human life. The e-healthcare monitoring services is a subset of ICN services which has been utilized to monitor patient's health condition in a smart and ubiquitous way. However, there are several challenges and attacks on ICN. In this paper we have discussed ICN attacks and ICN based healthcare scenario. We have proposed a novel ICN stack for healthcare scenario for securing biomedical data communication instead of communication networks. However, the biomedical data communication between patient and Doctor requires reliable and secure networks for the global access.

A mobile ad hoc network (MANET) is a collection of mobile nodes that do not need to rely on a pre-existing network infrastructure or centralized administration. Securing MANETs is a serious concern as current research on MANETs continues to progress. Each node in a MANET acts as a router, forwarding data packets for other nodes and exchanging routing information between nodes. It is this intrinsic nature that introduces the serious security issues to routing protocols. A black hole attack is one of the well-known security threats for MANETs. A black hole is a security attack in which a malicious node absorbs all data packets by sending fake routing information and drops them without forwarding them. In order to defend against a black hole attack, in this paper we propose a new threshold-based black hole attack prevention method. To investigate the performance of the proposed method, we compared it with existing methods. Our simulation results show that the proposed method outperforms existing methods from the standpoints of black hole node detection rate, throughput, and packet delivery rate.

In this paper we present an approach to implement security as a Virtualized Network Function (VNF) that is implemented within a Software-Defined Infrastructure (SDI). We present a scalable, flexible, and seamless design for a Deep Packet Inspection (DPI) system for network intrusion detection and prevention. We discuss how our design introduces significant reductions in both capital and operational expenses (CAPEX and OPEX). As proof of concept, we describe an implementation for a modular security solution that uses the SAVI SDI testbed to first detect and then block an attack or to re-direct it to a honey-pot for further analysis. We discuss our testing methodology and provide measurement results for the test cases where an application faces various security attacks.

Voting among replicated data collection devices is a means to achieve dependable data delivery to the end-user in a hostile environment. Failures may occur during the data collection process: such as data corruptions by malicious devices and security/bandwidth attacks on data paths. For a voting system, how often a correct data is delivered to the user in a timely manner and with low overhead depicts the QoS. Prior works have focused on algorithm correctness issues and performance engineering of the voting protocol mechanisms. In this paper, we study the methods for autonomic management of device replication in the voting system to deal with situations where the available network bandwidth fluctuates, the fault parameters change unpredictably, and the devices have battery energy constraints. We treat the voting system as a `black-box' with programmable I/O behaviors. A management module exercises a macroscopic control of the voting box with situational inputs: such as application priorities, network resources, battery energy, and external threat levels.
 

Voting among replicated data collection devices is a means to achieve dependable data delivery to the end-user in a hostile environment. Failures may occur during the data collection process: such as data corruptions by malicious devices and security/bandwidth attacks on data paths. For a voting system, how often a correct data is delivered to the user in a timely manner and with low overhead depicts the QoS. Prior works have focused on algorithm correctness issues and performance engineering of the voting protocol mechanisms. In this paper, we study the methods for autonomic management of device replication in the voting system to deal with situations where the available network bandwidth fluctuates, the fault parameters change unpredictably, and the devices have battery energy constraints. We treat the voting system as a `black-box' with programmable I/O behaviors. A management module exercises a macroscopic control of the voting box with situational inputs: such as application priorities, network resources, battery energy, and external threat levels.