Misconfiguration in Firewalls and Network Access Controls: Literature Review

Firewalls and network access controls play important roles in security control and protection. Those firewalls may create an incorrect sense or state of protection if they are improperly configured. One of the major configuration problems in firewalls is related to misconfiguration in the access control roles added to the firewall that will control network traffic. In this paper, we evaluated recent research trends and open challenges related to firewalls and access controls in general and misconfiguration problems in particular. With the recent advances in next-generation (NG) firewalls, firewall roles can be auto-generated based on networks and threats. Nonetheless, and due to the large number of roles in any medium to large networks, roles’ misconfiguration may occur for several reasons and will impact the performance of the firewall and overall network and protection efficiency

Delay-Tolerant ICN and Its Application to LoRa

Connecting long-range wireless networks to the Internet imposes challenges due to vastly longer round-trip-times (RTTs). In this paper, we present an ICN protocol framework that enables robust and efficient delay-tolerant communication to edge networks. Our approach provides ICN-idiomatic communication between networks with vastly different RTTs. We applied this framework to LoRa, enabling end-to-end consumer-to-LoRa-producer interaction over an ICN-Internet and asynchronous data production in the LoRa edge. Instead of using LoRaWAN, we implemented an IEEE 802.15.4e DSME MAC layer on top of the LoRa PHY and ICN protocol mechanisms in RIOT OS. Executed on off-the-shelf IoT hardware, we provide a comparative evaluation for basic NDN-style ICN [60], RICE [31]-like pulling, and reflexive forwarding [46]. This is the first practical evaluation of ICN over LoRa using a reliable MAC. Our results show that periodic polling in NDN works inefficiently when facing long and differing RTTs. RICE reduces polling overhead and exploits gateway knowledge, without violating ICN principles. Reflexive forwarding reflects sporadic data generation naturally. Combined with a local data push, it operates efficiently and enables lifetimes of >1 year for battery powered LoRa-ICN nodes.Comment: 12 pages, 7 figures, 2 table

Serial Interference Cancellation for Improving uplink in LoRa-like Networks

In this paper, we present a new receiver design, which significantly improves performance in the Internet of Things networks such as LoRa, i.e., having a chirp spread spectrum modulation. The proposed receiver is able to demodulate multiple users simultaneously transmitted over the same frequency channel with the same spreading factor. From a non-orthogonal multiple access point of view, it is based on the power domain and uses serial interference cancellation. Simulation results show that the receiver allows a significant increase in the number of connected devices in the network

Cybersecurity in Power Grids: Challenges and Opportunities

Increasing volatilities within power transmission and distribution force power grid operators to amplify their use of communication infrastructure to monitor and control their grid. The resulting increase in communication creates a larger attack surface for malicious actors. Indeed, cyber attacks on power grids have already succeeded in causing temporary, large-scale blackouts in the recent past. In this paper, we analyze the communication infrastructure of power grids to derive resulting fundamental challenges of power grids with respect to cybersecurity. Based on these challenges, we identify a broad set of resulting attack vectors and attack scenarios that threaten the security of power grids. To address these challenges, we propose to rely on a defense-in-depth strategy, which encompasses measures for (i) device and application security, (ii) network security, and (iii) physical security, as well as (iv) policies, procedures, and awareness. For each of these categories, we distill and discuss a comprehensive set of state-of-the art approaches, as well as identify further opportunities to strengthen cybersecurity in interconnected power grids

Using publish/subscribe for message routing in mobile environments

Publish/subscribe is a mature communication paradigm to route and deliver events from publishers to interested subscribers. Initially conceived for large scale systems, e.g., the Internet, it has been used more recently in new scenarios, e.g., wireless sensor networks and the Internet of Things (IoT), where mobility and dynamicity are the norm. The loose-coupling and asynchronicity of publish/subscribe makes it an interesting choice for IoT scenarios, i.e., each node in an IoT network can choose a different role depending on its location, capabilities, etc. This paper presents MFT-PubSub, a fully mobile and fault tolerant content-based publish/subscribe protocol. Our proposal is a purely reactive solution for mobility in a publish/subscribe system without any kind of limits on the mobility patterns of the nodes. A wireless ad hoc network is created without the need of any previous connections or knowledge on the nodes. Handling the mobility, be it physical or logical, of both clients and brokers. We prove the validity of our solution by experimentation, and compare it with AODV, a routing protocol for mobile ad hoc networking. The simulations show an improvement on message delivery rate over previously used protocols.Open Access funding provided thanks to the CRUE-CSIC agreement with Springer Nature. Research supported by grant TIN2016-79897-P funded by MCIN/AEI/10.13039/501100011033 and by the European Union, and by the Department of Education, Universities and Research of the Basque Government, grant IT-1437-22 (ADIAN)

Practical evaluation of carrier sensing for a LoRa wildlife monitoring network

International audienceWe consider the technique of carrier sensing for application in a LoRa mesh network aimed at wildlife monitoring. A key challenge in this application is to limit collisions in order to increase the channel capacity. Since CSMA is very rarely applied in LoRa-based networks, our goal is to determine its practical viability. We evaluate the LoRa Channel Activity Detection (CAD) mechanism under laboratory and field conditions. Our results show that both preamble and payload symbols are detectable even at distances exceeding 4 km. Detecting LoRa preamble symbols had a SNR advantage of between 1 and 2 dB over payload symbols. Furthermore, we find that by taking at least 8 consecutive CAD measurements, a clear channel assessment (CCA) comparable to the LoRa frame reception rate can be achieved between two nodes

IoTMapper: a metrics aggregation system architecture in support of smart city solutions

Smart cities are, nowadays, an unavoidable and growing reality, supported on software platforms that support city management, through the processing and presentation of a large number of data, obtained from sensors used throughout the cities. Low-power wide area networks (LPWAN) leverage the sensorization process; however, urban landscape, in turn, induces a high probability of change in the propagation conditions of the LPWAN network, thus requiring active monitoring solutions for assessing the city LPWAN network condition. Currently existing solutions usually consider the existence of only one type of LPWAN network to be monitored. In this paper, an architecture for aggregation of metrics from heterogeneous LPWAN networks is presented. The architecture, named IoTMapper, combines purpose build components with existing components from the FIWARE and Apache Kafka ecosystems. Implementation details for the LPWAN networks are abstracted by adapters so that new networks may be easily added. The validation was carried out using real data collected for long-range wide-area network (LoRaWAN) in Lisbon, and a simulated data set extrapolated from the collected data. The results indicate that the presented architecture is a viable solution for metrics aggregation that may be expanded to support multiple networks. However, some of the considered FIWARE components present performance bottlenecks that may hinder the scaling of the architecture while processing new message arrivals.info:eu-repo/semantics/publishedVersio

Machine Learning for Multimedia Communications

Machine learning is revolutionizing the way multimedia information is processed and transmitted to users. After intensive and powerful training, some impressive efficiency/accuracy improvements have been made all over the transmission pipeline. For example, the high model capacity of the learning-based architectures enables us to accurately model the image and video behavior such that tremendous compression gains can be achieved. Similarly, error concealment, streaming strategy or even user perception modeling have widely benefited from the recent learningoriented developments. However, learning-based algorithms often imply drastic changes to the way data are represented or consumed, meaning that the overall pipeline can be affected even though a subpart of it is optimized. In this paper, we review the recent major advances that have been proposed all across the transmission chain, and we discuss their potential impact and the research challenges that they raise