Biblio

Botnets have become one of the most significant cyber threats over the last decade. The diffusion of the "Internet of Things" and its for-profit exploitation, contributed to botnets spread and sophistication, thus providing real, efficient and profitable criminal cyber-services. Recent research on botnet detection focuses on traffic pattern-based detection, and on analyzing the network traffic generated by the infected hosts, in order to find behavioral patterns independent from the specific payloads, architectures and protocols. In this paper we address the periodic behavioral patterns of infected hosts communicating with their Command-and-Control servers. The main novelty introduced is related to the traffic analysis in the frequency domain without using the well-known Fast Fourier Transform. Moreover, the mentioned analysis is performed through the exploitation of the proxy logs, easily deployable on almost every real-world scenario, from enterprise networks to mobile devices.

Cognitive acoustic (CA) is emerging as a promising technique for spectrum-efficient Underwater Acoustic Networks (UANs). Due to the unique features of UANs, especially the long propagation delay, the busy terminal problem and large interference range, traditional spectrum decision methods used for radio networks need an overhaul to work efficiently in underwater environment. In this paper, we propose a dynamic spectrum decision algorithm called Receiver-viewed Dynamic Borrowing (RvDB) algorithm for Underwater Cognitive Acoustic Networks (UCANs) to improve the efficiency of spectrum utilization. RvDB algorithm is with the following features. Firstly, the spectrum resource is decided by receiver. Secondly, the receivers can borrow the idle spectrum resource from neighbouring nodes dynamically. Finally, the spectrum sensing is completed by control packets on control channel which is separated from data channels. Simulation results show that RvDB algorithm can greatly improve the performance on spectrum efficiency.

In this paper, a multi-channel medium access control (MAC) protocol is proposed to overcome the Large Interference Range Collision (LIRC) problem in underwater acoustic sensor networks (UWASNs), which has been known to occur when a handshaking based MAC protocol is jointly used with a power control. The proposed scheme divides the frequency band into two separate channels each used for control and data packets transmission. Considering the acoustic signal attenuation characteristics, higher frequency is used for data and lower frequency is used for control. And then, the data transmission power is controlled to escape the LIRC problem and simultaneously to save as much as possible. Furthermore with the separated channels, we can also reduce control-data packet collisions.

Distributed detection with data fusion has gained great attention in recent years. Collaborative detection improves the performance, and the optimal sensor deployment may change with time. It has been shown that with data fusion less sensors are needed to get the same detection ability when abundant sensors are deployed randomly. However, because of limitations on equipment number and deployment methods, fixed sensor locations may be preferred underwater. In this paper, we try to establish a theoretical framework for finding sensor positions to maximize the detection probability with a distributed sensor network. With joint data processing, detection performance is related to all the sensor locations; as sensor number grows, the optimization problem would become more difficult. To simplify the demonstration, we choose a 1-dimensional line deployment model and present the relevant numerical results.

Multiple-input multiple-output (MIMO) techniques have been the subject of increased attention for underwater acoustic communication for its ability to significantly improve the channel capabilities. Recently, an under-ice MIMO acoustic communication experiment was conducted in shallow water which differs from previous works in that the water column was covered by about 40 centimeters thick sea ice. In this experiment, high frequency MIMO signals centered at 10 kHz were transmitted from a two-element source array to a four-element vertical receive array at 1km range. The unique under-ice acoustic propagation environment in shallow water seems naturally separate data streams from different transducers, but there is still co-channel interference. Time reversal followed by a single channel decision feedback equalizer is used in this paper to compensate for the inter-symbol interference and co-channel interference. It is demonstrated that this simple receiver scheme is good enough to realize robust performance using fewer hydrophones (i.e. 2) without the explicit use of complex co-channel interference cancelation algorithms such as parallel interference cancelation or serial interference cancelation. Two channel estimation algorithms based on least square and least mean square are also studied for MIMO communications in this paper and their performance are compared using experimental data.

Currently, the coastal communication is mainly provided by satellite networks, which are expensive with low transmission rate and unable to support underwater communication efficiently. In this work, we propose a communication architecture for coastal network based on long term evolution (LTE) cellular networks in which a cellular network architecture is designed for the maritime communication scenario. Some key technologies of next-generation cellular networks such as device-to-device (D2D) and multiple input multiple output (MIMO) are integrated into the proposed architecture to support more efficient data transmission. In addition, over-water nodes aid the transmission of underwater network to improve the communication quality. With the proposed communication architecture, the coastal network can provide high-quality communication service to traffics with different quality-of-service (QoS) requirements.

The Earth is a water planet. The ocean is used for nature resource exploitation, fishery, etc., and it also plays critical roles in global climate regulation and transportation. Consequently, it is extremely important to keep track of its condition. And thus ocean observation systems have received increasing attentions.

In this work, a bi-directional transceiver with a maximum throughput of 24 kbps is presented. The spatio-temporal shallow water channel characteristics between a projector and a hydrophone array are analyzed in a seawater tank, and a methodology to maintain a 10−4 probability of bit error with prior knowledge of the channel statistics is proposed. Also, it is found that flow generated in the sea water provides a realistic representation of time-varying propagation conditions, particularly for the reverse link communication link at 22.5 kHz.

The local minima has been deemed as a challenging issue when designing routing protocols for 3D underwater sensor networks. Recently, harmonic potential field method has been used to tackle the issue of local minima which was also a major bottleneck in path planning and obstacle avoidance of robotics community. Inspired by this, this paper proposes a harmonic potential field based routing protocol for 3D underwater sensor networks with local minima. More specifically, the harmonic potential field is calculated using harmonic functions and Dirichlet boundary conditions are used for the local minima, sink(or seabuoy) and sending node. Numerical results show the effectiveness of the proposed routing protocol.

The ability to obtain reliable, long-term visual data in marine habitats has the potential to transform biological surveys of marine species. However, the underwater environment poses several challenges to visual monitoring: turbidity and light attenuation impede the range of optical sensors, biofouling clouds lenses and underwater housings, and marine species typically range over a large area, far outside of the range of a single camera sensor. Due to these factors, a continuously-recording or time-lapse visual sensor will not be gathering useful data the majority of the time, wasting battery life and filling limited onboard storage with useless images. These limitations make visual monitoring difficult in marine environments, but visual data is invaluable to biologists studying the behaviors and interactions of a species. This paper describes an acoustic-based, autonomous triggering approach to counter the current limitations of underwater visual sensing, and motivates the need for a distributed sensor network for underwater visual monitoring.

In this work, we develop an underwater relay network model for an unmanned cruise system. By introducing the underwater cruise, we analyze end-to-end outage performance for collecting data from a sensor node. Based on theoretical derivation of the outage probability, we further analyze the optimized location and data rate for relaying.

In this work, a magneto inductive (MI) link design is studied to achieve high speed transmission applied to a high density underwater network. For a small loop antenna, a design procedure is described to define the optimal operating frequency constrained on the system bandwidth and range. A coherent link is established between two nodes in a controlled underwater environment. For a small coil with radius of 5 cm, simulation results indicate that a range above 10 meters can be achieved in the low frequency spectrum spanning 10 kHz to 1 MHz. The design procedure is validated through measurements in seawater: a very high output SNR equal to 31.4 dB is realized at the output of the equalizer, and in these conditions a perfectly reliable 8-kbps link is demonstrated at a center frequency of 22.5 kHz.

Underwater sensing is envisioned using inexpensive underwater sensor nodes distributed over a wide area, deployed close to the bottom, and networked through underwater acoustic communications. In this paper, an underwater acoustic sensor node to perform the underwater sensing is designed and implemented. Specifically, we describe the design criteria, architecture and functional modules of underwater acoustic sensor node. Moreover, we give the experiment results of ocean current field estimation using the designed underwater acoustic sensor nodes at the sea area of Liuheng, Zhoushan, China.

In this study, we evaluate a multipath diversity reception in underwater CDMA system by performing a lake experiment. First, we design CDMA transmitter and receiver equipped with a multipath diversity with equal gain combining (EGC) and maximal ratio combining (MRC). Then, an experiment is performed at Lake Kyungcheon, South Korea to show that the diversity combining successfully corrects bit errors caused by multipath fading.

The harsh environment in the water has imposed challenges for underwater sensor networks (USNs), which collect the sensed data from the underwater sensors to the sink on land. The time-varying underwater acoustic channel has low band-width and high bit error rate, which leads to low data collection efficiency. Furthermore, the heterogeneous model of USNs that uses acoustic communications under the water and wireless communication above the water makes it difficult in efficient routing and forwarding for data collection. To this end, we propose a novel on-surface wireless-assisted opportunistic routing (SurOpp) for USNs. SurOpp deploys multiple buoy nodes on surface and includes all of them in the forwarding candidates to form a receive diversity. The opportunities of reception and forwarding in buoy nodes are exploited to improve the end-to-end transmissions. SurOpp also adopts rateless codes in the source to achieve opportunistic reception in the sink. The cooperation of both opportunistic reception in the buoys and the sink further decreases the messages of control overhead. The wireless interface in the buoy undertakes all the message exchanges in forwarding coordination to compensate the bandwidth limit of the acoustic channel. Simulations in NS3 show that SurOpp outperforms the traditional routing and existing opportunistic routing in terms of packet delivery ratio, end-to-end delay and energy consumption.

The development process of short-range underwater communication systems consists of different phases. Each phase comprises a multitude of specific requirements to the development platform. Typically, the utilized hardware and software is custom-built for each phase and wireless technology. Thus, the available platforms are usually not flexible and only usable for a single development phase or a single wireless technology. Furthermore, the modification and adaption between the phases and technologies are costly and time-consuming. Platforms providing the flexibility to switch between phases or even wireless technologies are either expensive or are not suitable to be integrated into underwater equipment. We developed a flexible and modular platform consisting of a controller and different front ends. The platform is capable of performing complex tasks during all development phases. To achieve high performance with more complex modulation schemes, we combine an embedded Linux processor with a field programmable gate array (FPGA) for computational demanding tasks. We show that our platform is capable of supporting the development of short-range underwater communication systems using a variety of wireless underwater communication technologies.

The design of medium access control (MAC) protocols for Underwater Acoustic Sensor Networks (UASNs) pose many challenges due to low bandwidth and high propagation delay. In this paper, a new medium access control (MAC) protocol called Handshake Triggered Chained-Concurrent MAC (HTCC) is proposed for large-scale applications in UWSNs. The main idea of HTCC is to establish a chained concurrent transmission accomplishing spatial reuse. The novelties of HTCC lie in: firstly, the protocol allows multi-direction handshake with different nodes simultaneously; secondly, a random access mechanism is integrated with the handshake mechanism for improve channel utilization. Simulation results show that HTCC outperforms extended version of Slotted floor acquisition multiple accesses (Ext-sFAMA) in terms of network throughput, the RTS efficiency, as well as fairness in representative scenarios.

Underwater Acoustic Sensor Networks (UWASNs) have the wide of applications with the proliferation of the increasing underwater activities recently. Most of current studies are focused on designing protocols to improve the network performance of WASNs. However, the security of UWASNs is also an important concern since malicious nodes can easily wiretap the information transmitted in UWASNs due to the vulnerability of UWASNs. In this paper, we investigate one of security problems in UWASNs - eavesdropping behaviours. In particular, we propose a general model to quantitatively evaluate the probability of eavesdropping behaviour in UWASNs. Simulation results also validate the accuracy of our proposed model.

Encryption is critical in protecting the confidentiality of users' data on mobile devices. However, research has shown that many mobile apps are not correctly using the ciphers, which makes them vulnerable to the attacks. The existing resources on cipher programming education do not provide enough practical scenarios to help students learn the cipher programming in the context of real world situations with programs that have complex interacting modules with access to networking, storage, and database. This poster introduces a course module that teaches students how to develop secure Android applications by correctly using Android's cryptography APIs. This course module is targeted to two areas where programmers commonly make many mistakes: password based encryption and SSL certificate validation. The core of the module includes a real world sample Android program for students to secure by implementing cryptographic components correctly. The course module will use open-ended problem solving to let students freely explore the multiple options in securing the application. The course module includes a lecture slide on Android's Crypto library, its common misuses, and suggested good practices. Assessment materials will also be included in the course module. This course module will be used and evaluated in a Network Security class. We will present the results of the evaluation in the conference.

TLS has the potential to provide strong protection against network-based attackers and mass surveillance, but many implementations take security shortcuts in order to reduce the costs of cryptographic computations and network round trips. We report the results of a nine-week study that measures the use and security impact of these shortcuts for HTTPS sites among Alexa Top Million domains. We find widespread deployment of DHE and ECDHE private value reuse, TLS session resumption, and TLS session tickets. These practices greatly reduce the protection afforded by forward secrecy: connections to 38% of Top Million HTTPS sites are vulnerable to decryption if the server is compromised up to 24 hours later, and 10% up to 30 days later, regardless of the selected cipher suite. We also investigate the practice of TLS secrets and session state being shared across domains, finding that in some cases, the theft of a single secret value can compromise connections to tens of thousands of sites. These results suggest that site operators need to better understand the tradeoffs between optimizing TLS performance and providing strong security, particularly when faced with nation-state attackers with a history of aggressive, large-scale surveillance.

We measure the prevalence and uses of TLS proxies using a Flash tool deployed with a Google AdWords campaign. We generate 2.9 million certificate tests and find that 1 in 250 TLS connections are TLS-proxied. The majority of these proxies appear to be benevolent, however we identify over 1,000 cases where three malware products are using this technology nefariously. We also find numerous instances of negligent, duplicitous, and suspicious behavior, some of which degrade security for users without their knowledge. Distinguishing these types of practices is challenging in practice, indicating a need for transparency and user awareness.

Trust in SSL-based communication on the Internet is provided by Certificate Authorities (CAs) in the form of signed certificates. Checking the validity of a certificate involves three steps: (i) checking its expiration date, (ii) verifying its signature, and (iii) making sure that it is not revoked. Currently, Certificate Revocation checks (i.e. step (iii) above) are done either via Certificate Revocation Lists (CRLs) or Online Certificate Status Protocol (OCSP) servers. Unfortunately, both current approaches tend to incur such a high overhead that several browsers (including almost all mobile ones) choose not to check certificate revocation status, thereby exposing their users to significant security risks. To address this issue, we propose DCSP: a new low-latency approach that provides up-to-date and accurate certificate revocation information. DCSP capitalizes on the existing scalable and high-performance infrastructure of DNS. DCSP minimizes end user latency while, at the same time, requiring only a small number of cryptographic signatures by the CAs. Our design and initial performance results show that DCSP has the potential to perform an order of magnitude faster than the current state-of-the-art alternatives.

We present a new approach to authentication using Trusted Execution Environments (TEEs), by changing the location of authentication from a remote device (e.g. remote authentication server) to user device(s) that are TEE enabled. The authentication takes place locally on the user device and only the outcome is sent back to the remote device. Our approach uses existing features and capabilities of TEEs to enhance the security of user authentication. We reverse the way traditional authentication schemes work: instead of the user presenting their authentication data to a remote device, we request the remote device to send the stored authentication template (s) to the local device. Almost paradoxically, this enhances security of authentication data by supplying it only to a trusted device, and so enabling users to authenticate the intended remote entity. This addresses issues related with bad SSL certificates on local devices, DNS poisoning, and counteracts certain threats posed by the presence of malware. We present a protocol to implement such authentication system discussing its strengths and limitations, before identifying available technologies to implement the architecture.

Commercial trusted third parties (TTPs) may increase their bottom line by watering down their validation procedures because they assume no liability for lapses of judgement. Consumers bear the risk of misplaced trust. Reputation loss is a weak deterrent for TTPs because consumers do not choose them - web shops and browser vendors do. At the same time, consumers are the source of income of these parties. Hence, risks and rewards are not well-aligned. Towards a better alignment, we explore the brokering of connection insurances and transaction insurances, where consumers get to choose their insurer. We lay out the principal idea how such a brokerage might work at a technical level with minimal interference with existing protocols and mechanisms, we analyze the security requirements and we propose techniques to meet these requirements.

In Mobile Ad hoc Network (MANET) is a self-organizing session of communication between wireless mobile nodes build up dynamically regardless of any established infrastructure or central authority. In MANET each node behaves as a sender, receiver and router which are connected directly with one another if they are within the range of communication or else will depend on intermediate node if nodes are not in the vicinity of each other (hop-to-hop). MANET, by nature are very open, dynamic and distributed which make it more vulnerable to various attacks such as sinkhole, jamming, selective forwarding, wormhole, Sybil attack etc. thus acute security problems are faced more related to rigid network. A Wormhole attack is peculiar breed of attack, which cause a consequential breakdown in communication by impersonating legitimate nodes by malicious nodes across a wireless network. This attack can even collapse entire routing system of MANET by specifically targeting route establishment process. Confidentiality and Authenticity are arbitrated as any cryptographic primitives are not required to launch the attack. Emphasizing on wormhole attack attributes and their defending mechanisms for detection and prevention are discussed in this paper.