Biblio

Network covert timing channel(NCTC) is a process of transmitting hidden information by means of inter-packet delay (IPD) of legitimate network traffic. Their ability to evade traditional security policies makes NCTCs a grave security concern. However, a robust method that can be used to detect a large number of NCTCs is missing. In this paper, a NCTC detection method based on chaos theory and threshold secret sharing is proposed. Our method uses chaos theory to reconstruct a high-dimensional phase space from one-dimensional time series and extract the unique and stable channel traits. Then, a channel identifier is constructed using the secret reconstruction strategy from threshold secret sharing to realize the mapping of the channel features to channel identifiers. Experimental results show that the approach can detect varieties of NCTCs with a guaranteed true positive rate and greatly improve the versatility and robustness.

In unsecured communications settings, ascertaining the trustworthiness of received information, called authentication, is paramount. We consider keyless authentication over an arbitrarily-varying channel, where channel states are chosen by a malicious adversary with access to noisy versions of transmitted sequences. We have shown previously that a channel condition termed U-overwritability is a sufficient condition for zero authentication capacity over such a channel, and also that with a deterministic encoder, a sufficiently clear-eyed adversary is essentially omniscient. In this paper, we show that even if the authentication capacity with a deterministic encoder and an essentially omniscient adversary is zero, allowing a stochastic encoder can result in a positive authentication capacity. Furthermore, the authentication capacity with a stochastic encoder can be equal to the no-adversary capacity of the underlying channel in this case. We illustrate this for a binary channel model, which provides insight into the more general case.

This paper explores using chaos-based cryptography for transmitting multimedia data, mainly speech and voice messages, over public communication channels, such as the internet. The secret message to be transmitted is first converted into a one-dimensional time series, that can be cast in a digital/binary format. The main feature of the proposed technique is mapping the two levels of every corresponding bit of the time series into different multiple chaotic orbits, using a simple encryption function. This one-to-many mapping robustifies the encryption technique and makes it resilient to crypto-analysis methods that rely on associating the energy level of the signal into two binary levels, using return map attacks. A chaotic nonautonomous Duffing oscillator is chosen to implement the suggested technique, using three different parameters that are assumed unknown at the receiver side. Synchronization between the transmitter and the receiver and reconstructing the secret message, at the receiver side, is done using a Lyapunov-based adaptive technique. Achieving stable operation, tuning the required control gains, as well as effective utilization of the bandwidth of the public communication channel are investigated. Two different case studies are presented; the first one deals with text that can be expressed as 8-bit ASCII code, while the second one corresponds to an analog acoustic signal that corresponds to the voice associated with pronouncing a short sentence. Advantages and limitation of the proposed technique are highlighted, while suggesting extensions to other multimedia signals, along with their required additional computational effort.

Data dropouts in communication network can have a significant impact on wide-area oscillation damping control of a smart power grid with large-scale deployment of distributed and networked phasor measurement units and wind energy resources. Remote feedback signals sent through communication channels encounter data dropout, which is represented by the Gilbert-Elliott model. An observer-driven reduced copy (ORC) approach is presented, which uses the knowledge of the nominal system dynamics during data dropouts to improve the damping performance where conventional feedback would suffer. An expression for the expectation of the bound on the error norm between the actual and the estimated states relating uncertainties in the cyber system due to data dropout and physical system due to change in operating conditions is also derived. The key contribution comes from the analytical derivation of the impact of coupling between the cyber and the physical layer on ORC performance. Monte Carlo simulation is performed to calculate the dispersion of the error bound. Nonlinear time-domain simulations demonstrate that the ORC produces significantly better performance compared to conventional feedback under higher data drop situations.

Intentional electromagnetic interference (IEMI) of information and communication devices is based on high-power electromagnetic environments far exceeding the device immunity to electromagnetic interference. IEMI dramatically alters the electromagnetic environment throughout the device by interfering with the electromagnetic waves inside the device and destroying low-tolerance integrated circuits (ICs) and other elements, thereby reducing the availability of the device. In contrast, in this study, by using a hardware Trojan (HT) that is quickly mountable by physically accessing the devices, to locally weaken the immunity of devices, and then irradiating electromagnetic waves of a specific frequency, only the attack targets are intentionally altered electromagnetically. Therefore, we propose a method that uses these electromagnetic changes to rewrite or generate data and commands handled within devices. Specifically, targeting serial communication systems used inside and outside the devices, the installation of an HT on the communication channel weakens local immunity. This shows that it is possible to generate an electrical signal representing arbitrary data on the communication channel by applying electromagnetic waves of sufficiently small output compared with the conventional IEMI and letting the IC process the data. In addition, we explore methods for countering such attacks.

On-Load Tap Changing transformers are a widely used voltage regulation device. In the context of modern or smart grids, the control signals, i.e., the tap change commands are sent through SCADA channels. It is well known that the power system SCADA networks are prone to attacks involving injection of false data or commands. While false data injection is well explored in existing literature, attacks involving malicious control signals/commands are relatively unexplored. In this paper, an algorithm is developed to detect a stealthily introduced malicious tap change command through a compromised SCADA channel. This algorithm is based on the observation that a stealthily introduced false data or command masks the true estimation of only a few state variables. This leaves the rest of the state variables to show signs of a change in system state brought about by the attack. Using this observation, an index is formulated based on the ratios of injection or branch currents to voltages of the terminal nodes of the tap changers. This index shows a significant increase when there is a false tap command injection, resulting in easy classification from normal scenarios where there is no attack. The algorithm is computationally light, easy to implement and reliable when tested extensively on several tap changers placed in an IEEE 118-bus system.

Covert communications, where a transmitter Alice wishes to hide the presence of her transmitted signal from a watchful adversary Willie, has been considered extensively in recent years. Those investigations have generally considered physical-layer models, where the adversary has access to a sophisticated (often optimal) receiver to determine whether a transmission has taken place, and have addressed the question of what rate can information be communicated covertly. More recent investigations have begun to consider the change in covert rate when Willie has uncertainty about the physical layer environment. Here, we move up the protocol stack to consider the covert rate when Willie is watching the medium-access control (MAC) layer in a network employing a random access MAC such as slotted ALOHA. Based on the rate of collisions and potentially the number of users involved in those collisions, Willie attempts to determine whether unauthorized (covert) users are accessing the channel. In particular, we assume different levels of sophistication in Willie's receiver, ranging from a receiver that only can detect whether there was a collision or not, to one that can always tell exactly how many packets were on the channel in the random access system. In each case, we derive closed-form expressions for the achievable covert rates in the system. The achievable rates exhibit significantly different behavior than that observed in the study of covert systems at the physical layer.

In this study, delays between data packets were read by using different window sizes to detect data transmitted from covert timing channel in computer networks, and feature vectors were extracted from them and detection of hidden data by some classification algorithms was achieved with high performance rate.

In this article the combination of secret sharing schemes and the requirement of discretionary security policy is considered. Secret sharing schemes of Shamir and Blakley are investigated. Conditions for parameters of schemes the providing forbidden information channels are received. Ways for concealment of the forbidden channels are suggested. Three modifications of the Shamir's scheme and two modifications of the Blakley's scheme are suggested. Transition from polynoms to exponential functions for formation the parts of a secret is carried out. The problem of masking the presence of the forbidden information channels is solved. Several approaches with the complete and partial concealment are suggested.

The Named Data Network (NDN) is a promising network paradigm for content distribution based on caching. However, it may put consumer privacy at risk, as the adversary may identify the content, the name and the signature (namely a certificate) through side-channel timing responses from the cache of the routers. The adversary may identify the content name and the consumer node by distinguishing between cached and un- cached contents. In order to mitigate the timing attack, effective countermeasure methods have been proposed by other authors, such as random caching, random freshness, and probabilistic caching. In this work, we have implemented a timing attack scenario to evaluate the efficiency of these countermeasures and to demonstrate how the adversary can be detected. For this goal, a brute force timing attack scenario based on a real topology was developed, which is the first brute force attack model applied in NDN. Results show that the adversary nodes can be effectively distinguished from other legitimate consumers during the attack period. It is also proposed a multi-level mechanism to detect an adversary node. Through this approach, the content distribution performance can be mitigated against the attack.

In most produced modern vehicles, Passive Keyless Entry and Start System (PKES), a newer form of an entry access system, is becoming more and more popular. The PKES system allows the consumer to enter within a certain range and have the vehicle's doors unlock automatically without pressing any buttons on the key. This technology increases the overall convenience to the consumer; however, it is vulnerable to attacks known as relay and amplified relay attacks. A relay attack consists of placing a device near the vehicle and a device near the key to relay the signal between the key and the vehicle. On the other hand, an amplified relay attack uses only a singular amplifier to increase the range of the vehicle sensors to reach the key. By exploiting these two different vulnerabilities within the PKES system, an attacker can gain unauthorized access to the vehicle, leading to damage or even stolen property. To minimize both vulnerabilities, we propose a coordinate tracing system with an additional Bluetooth communication channel. The coordinate tracing system, or PKES Forcefield, traces the authorized key's longitude and latitude in real time using two proposed algorithms, known as the Key Bearing algorithm and the Longitude and Latitude Key (LLK) algorithm. To further add security, a Bluetooth communication channel will be implemented. With an additional channel established, a second frequency can be traced within a secondary PKES Forcefield. The LLK Algorithm computes both locations of frequencies and analyzes the results to form a pattern. Furthermore, the PKES Forcefield movement-tracing allows a vehicle to understand when an attacker attempts to transmit an unauthenticated signal and blocks any signal from being amplified over a fixed range.

Software Defined Network (SDN) is a revolutionary networking paradigm which provides the flexibility of programming the network interface as per the need and demand of the user. Software Defined Network (SDN) is independent of vendor specific hardware or protocols and offers the easy extensions in the networking. A customized network as per on user demand facilitates communication control via a single entity i.e. SDN controller. Due to this SDN Controller has become more vulnerable to SDN security attacks and more specifically a single point of failure. It is worth noticing that vulnerabilities were identified because of customized applications which are semi-independent of underlying network infrastructure. No doubt, SDN has provided numerous benefits like breaking vendor lock-ins, reducing overhead cost, easy innovations, increasing programmability among devices, introducing new features and so on. But security of SDN cannot be neglected and it has become a major topic of debate. The communication channel used in SDN is OpenFlow which has made TLS implementation an optional approach in SDN. TLS adoption is important and still vulnerable. This paper focuses on making SDN OpenFlow communication more secure by following extended TLS support and defensive algorithm.

This paper explores using chaos-based cryptography for transmitting multimedia data, mainly speech and voice messages, over public communication channels, such as the internet. The secret message to be transmitted is first converted into a one-dimensional time series, that can be cast in a digital/binary format. The main feature of the proposed technique is mapping the two levels of every corresponding bit of the time series into different multiple chaotic orbits, using a simple encryption function. This one-to-many mapping robustifies the encryption technique and makes it resilient to crypto-analysis methods that rely on associating the energy level of the signal into two binary levels, using return map attacks. A chaotic nonautonomous Duffing oscillator is chosen to implement the suggested technique, using three different parameters that are assumed unknown at the receiver side. Synchronization between the transmitter and the receiver and reconstructing the secret message, at the receiver side, is done using a Lyapunov-based adaptive technique. Achieving stable operation, tuning the required control gains, as well as effective utilization of the bandwidth of the public communication channel are investigated. Two different case studies are presented; the first one deals with text that can be expressed as 8-bit ASCII code, while the second one corresponds to an analog acoustic signal that corresponds to the voice associated with pronouncing a short sentence. Advantages and limitation of the proposed technique are highlighted, while suggesting extensions to other multimedia signals, along with their required additional computational effort.

Todays analyzing web weaknesses and vulnerabilities in order to find security attacks has become more urgent. In case there is a communication contrary to the system security policies, a covert channel has been created. The attacker can easily disclosure information from the victim's system with just one public access permission. Covert timing channels, unlike covert storage channels, do not have memory storage and they draw less attention. Different methods have been proposed for their identification, which generally benefit from the shape of traffic and the channel's regularity. In this article, an entropy-based detection method is designed and implemented. The attacker can adjust the amount of channel entropy by controlling measures such as changing the channel's level or creating noise on the channel to protect from the analyst's detection. As a result, the entropy threshold is not always constant for detection. By comparing the entropy from different levels of the channel and the analyst, we conclude that the analyst must investigate traffic at all possible levels.

A covert channel is a communication channel that is subjugated for illegal flow of information in a way that violates system security policies. It is a dangerous, invisible, undetectable, and developed security attack. Recently, Packet length covert channel has motivated many researchers as it is a one of the most undetectable network covert channels. Packet length covert channel generates a covert traffic that is very similar to normal terrific which complicates the detection of such type of covert channels. This motivates us to introduce a machine learning based detection scheme. Recently, a machine learning approach has proved its capability in many different fields especially in security field as it usually brings up a reliable and realistic results. Based in our developed content and frequency-based features, the developed detection scheme has been fully trained and tested. Our detection scheme has gained an excellent degree of detection accuracy which reaches 98% (zero false negative rate and 0.02 false positive rate).

One of the specially designated versatile networks, commonly referred to as MANET, performs on the basics that each and every one grouping in nodes totally operate in self-sorting out limits. In any case, performing in a group capacity maximizes quality and different sources. Mobile ad hoc network is a wireless infrastructureless network. Due to its unique features, various challenges are faced under MANET when the role of routing and its security comes into play. The review has demonstrated that the impact of failures during the information transmission has not been considered in the existing research. The majority of strategies for ad hoc networks just determines the path and transmits the data which prompts to packet drop in case of failures, thus resulting in low dependability. The majority of the existing research has neglected the use of the rejoining processing of the root nodes network. Most of the existing techniques are based on detecting the failures but the use of path re-routing has also been neglected in the existing methods. Here, we have proposed a method of path re-routing for managing the authorized nodes and managing the keys for group in ad hoc environment. Securing Schemes, named as 2ACK and the EGSR schemes have been proposed, which may be truly interacted to most of the routing protocol. The path re-routing has the ability to reduce the ratio of dropped packets. The comparative analysis has clearly shown that the proposed technique outperforms the available techniques in terms of various quality metrics.

In this paper a novel set-theoretic control framework for Cyber-Physical Systems is presented. By resorting to set-theoretic ideas, an anomaly detector module and a control remediation strategy are formally derived with the aim to contrast cyber False Data Injection (FDI) attacks affecting the communication channels. The resulting scheme ensures Uniformly Ultimate Boundedness and constraints fulfillment regardless of any admissible attack scenario.

Cognitive radio networks (CRNs) have a great potential in supporting time-critical data delivery among the Internet of Things (IoT) devices and for emerging applications such as smart cities. However, the unique characteristics of different technologies and shared radio operating environment can significantly impact network availability. Hence, in this paper, we study the channel assignment problem in time-critical IoT-based CRNs under proactive jamming attacks. Specifically, we propose a probabilistic spectrum assignment algorithm that aims at minimizing the packet invalidity ratio of each cognitive radio (CR) transmission subject to delay constrains. We exploit the statistical information of licensed users' activities, fading conditions, and jamming attacks over idle channels. Simulation results indicate that network performance can be significantly improved by using a security- availability- and quality-aware channel assignment that provides communicating CR pair with the most secured channel of the lowest invalidity ratio.

The keys generated by (symmetric or asymmetric) have been still compromised by attackers. Cryptography algorithms need extra efforts to enhance the security of keys that are transferring between parities. Also, using cryptography algorithms increase time consumption and overhead cost through communication. Encryption is very important issue for protecting information from stealing. Unfortunately encryption can achieve confidentiality not integrity. Covert channel allows two parties to indirectly send information, where the main drawbacks of covert channel are detectability and the security of pre-agreement knowledge. In this paper, i merge between encryption, authentication and convert channel to achieve un-detectability covert channel. This channel guarantee integrity and confidentiality of covert data and sending data dynamically. I propose and implement un-detectability a covert channel using AES (Advanced Encryption Standard) algorithm and HMAC (Hashed Message Authentication Code). Where this channel is un-detectability with integrity and confidentiality agreement process between the sender and the receiver. Instead of sending fake key directly through channel, encryption and HMAC function used to hide fake key. After that investigations techniques for improving un-detectability of channel is proposed.

Many IoT devices are part of fixed critical infrastructure, where the mere act of moving an IoT device may constitute an attack. Moving pressure, chemical and radiation sensors in a factory can have devastating consequences. Relocating roadside speed sensors, or smart meters without knowledge of command and control center can similarly wreck havoc. Consequently, authenticating geolocation of IoT devices is an important problem. Unfortunately, an IoT device itself may be compromised by an adversary. Hence, location information from the IoT device cannot be trusted. Thus, we have to rely on infrastructure to obtain a proximal location. Infrastructure routers may similarly be compromised. Therefore, there must be a way to authenticate trusted routers remotely. Unfortunately, IP packets may be blocked, hijacked or forged by an adversary. Therefore IP packets are not trustworthy either. Thus, we resort to covert channels for authenticating Internet packet routers as an intermediate step towards proximal geolocation of IoT devices. Several techniques have been proposed in the literature to obtain the geolocation of an edge device, but it has been shown that a knowledgeable adversary can circumvent these techniques. In this paper, we survey the state-of-the-art geolocation techniques and corresponding adversarial countermeasures to evade geolocation to justify the use of covert channels on networks. We propose a technique for determining proximal geolocation using covert channel. Challenges and directions for future work are also explored.

The evolution of the Internet of Things (IoT) requires a well-defined infrastructure of systems that provides services for device abstraction and data management, and also supports the development of applications. Middleware for IoT has been recognized as the system that can provide these services and has become increasingly important for IoT in recent years. The large amount of data that flows into a middleware system demands a security architecture that ensures the protection of all layers of the system, including the communication channels and border APIs used to integrate the applications and IoT devices. However, this security architecture should be based on lightweight approaches since middleware systems are widely applied in constrained environments. Some works have already defined new solutions and adaptations to existing approaches in order to mitigate IoT middleware security problems. In this sense, this article discusses the role of lightweight approaches to the standardization of a security architecture for IoT middleware systems. This article also analyzes concepts and existing works, and presents some important IoT middleware challenges that may be addressed by emerging lightweight security approaches in order to achieve the consolidation of a standard security architecture and the mitigation of the security problems found in IoT middleware systems.

Massive MIMO and tight cooperation between transmission nodes are expected to become an integral part of a future 5G radio system. As part of an overall interference mitigation scheme substantial gains in coverage, spectral as well as energy efficiency have been reported. One of the main limitations for massive MIMO and coordinated multi-point (CoMP) systems is the aging of the channel state information at the transmitter (CSIT), which can be overcome partly by state of the art channel prediction techniques. For a clean slate 5G radio system, we propose to integrate channel prediction from the scratch in a flexible manner to benefit from future improvements in this area. As any prediction is unreliable by nature, further improvements over the state of the art are needed for a convincing solution. In this paper, we explain how the basic ingredients of 5G like base stations with massive MIMO antenna arrays, and multiple UE antennas can help to stretch today's limits with an approximately 10 dB lower normalized mean square error (NMSE) of the predicted channel. In combination with the novel introduced concept of artificially mutually coupled antennas, adding super-directivity gains to virtual beamforming, robust and accurate prediction over 10 ms with an NMSE of -20 dB up to 15 km/h at 2.6 GHz RF frequency could be achieved. This result has been achieved for measured channels without massive MIMO, but a comparison with ray-traced channels for the same scenario is provided as well.

We design polynomial time schemes for secure message transmission over arbitrary networks, in the presence of an eavesdropper, and where each edge corresponds to an erasure channel with public feedback. Our schemes are described through linear programming (LP) formulations, that explicitly select (possibly different) sets of paths for key-generation and message sending. Although our LPs are not always capacity-achieving, they outperform the best known alternatives in the literature, and extend to incorporate several interesting scenaria.

In this paper we present WiMesh, a software tool we developed during the last ten years of research conducted in the field of multi-radio wireless mesh networks. WiMesh serves two main purposes: (i) to run different algorithms for the assignment of channels, transmission rate and power to the available network radios; (ii) to automatically setup and run ns-3 simulations based on the network configuration returned by such algorithms. WiMesh basically consists of three libraries and three corresponding utilities that allow to easily conduct experiments. All such utilities accept as input an XML configuration file where a number of options can be specified. WiMesh is freely available to the research community, with the purpose of easing the development of new algorithms and the verification of their performances.

Wireless sensor networks extend people's ability to explore, monitor, and control the physical world. Wireless sensor networks are susceptible to certain types of attacks because they are deployed in open and unprotected environments. Novel intrusion tolerance architecture is proposed in this paper. An expert intrusion detection analysis system and an all-channel analyzer are introduced. A proposed intrusion tolerance scheme is implemented. Results show that this scheme can detect data traffic and re-route it to a redundant node in the wireless network, prolong the lifetime of the network, and isolate malicious traffic introduced through compromised nodes or illegal intrusions.