Algorithm Selection Framework for Cyber Attack Detection

The number of cyber threats against both wired and wireless computer systems and other components of the Internet of Things continues to increase annually. In this work, an algorithm selection framework is employed on the NSL-KDD data set and a novel paradigm of machine learning taxonomy is presented. The framework uses a combination of user input and meta-features to select the best algorithm to detect cyber attacks on a network. Performance is compared between a rule-of-thumb strategy and a meta-learning strategy. The framework removes the conjecture of the common trial-and-error algorithm selection method. The framework recommends five algorithms from the taxonomy. Both strategies recommend a high-performing algorithm, though not the best performing. The work demonstrates the close connectedness between algorithm selection and the taxonomy for which it is premised.Comment: 6 pages, 7 figures, 1 table, accepted to WiseML '2

Improving lifecycle query in integrated toolchains using linked data and MQTT-based data warehousing

The development of increasingly complex IoT systems requires large engineering environments. These environments generally consist of tools from different vendors and are not necessarily integrated well with each other. In order to automate various analyses, queries across resources from multiple tools have to be executed in parallel to the engineering activities. In this paper, we identify the necessary requirements on such a query capability and evaluate different architectures according to these requirements. We propose an improved lifecycle query architecture, which builds upon the existing Tracked Resource Set (TRS) protocol, and complements it with the MQTT messaging protocol in order to allow the data in the warehouse to be kept updated in real-time. As part of the case study focusing on the development of an IoT automated warehouse, this architecture was implemented for a toolchain integrated using RESTful microservices and linked data.Comment: 12 pages, worksho

Lost and Found: Stopping Bluetooth Finders from Leaking Private Information

A Bluetooth finder is a small battery-powered device that can be attached to important items such as bags, keychains, or bikes. The finder maintains a Bluetooth connection with the user's phone, and the user is notified immediately on connection loss. We provide the first comprehensive security and privacy analysis of current commercial Bluetooth finders. Our analysis reveals several significant security vulnerabilities in those products concerning mobile applications and the corresponding backend services in the cloud. We also show that all analyzed cloud-based products leak more private data than required for their respective cloud services. Overall, there is a big market for Bluetooth finders, but none of the existing products is privacy-friendly. We close this gap by designing and implementing PrivateFind, which ensures locations of the user are never leaked to third parties. It is designed to run on similar hardware as existing finders, allowing vendors to update their systems using PrivateFind.Comment: WiSec '2

ChirpOTLE: A Framework for Practical LoRaWAN Security Evaluation

Low-power wide-area networks (LPWANs) are becoming an integral part of the Internet of Things. As a consequence, businesses, administration, and, subsequently, society itself depend on the reliability and availability of these communication networks. Released in 2015, LoRaWAN gained popularity and attracted the focus of security research, revealing a number of vulnerabilities. This lead to the revised LoRaWAN 1.1 specification in late 2017. Most of previous work focused on simulation and theoretical approaches. Interoperability and the variety of implementations complicate the risk assessment for a specific LoRaWAN network. In this paper, we address these issues by introducing ChirpOTLE, a LoRa and LoRaWAN security evaluation framework suitable for rapid iteration and testing of attacks in testbeds and assessing the security of real-world networks.We demonstrate the potential of our framework by verifying the applicability of a novel denial-of-service attack targeting the adaptive data rate mechanism in a testbed using common off-the-shelf hardware. Furthermore, we show the feasibility of the Class B beacon spoofing attack, which has not been demonstrated in practice before.Comment: 11 pages, 14 figures, accepted at ACM WiSec 2020 (13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

GNSS Spoofing Detection via Opportunistic IRIDIUM Signals

In this paper, we study the privately-own IRIDIUM satellite constellation, to provide a location service that is independent of the GNSS. In particular, we apply our findings to propose a new GNSS spoofing detection solution, exploiting unencrypted IRIDIUM Ring Alert (IRA) messages that are broadcast by IRIDIUM satellites. We firstly reverse-engineer many parameters of the IRIDIUM satellite constellation, such as the satellites speed, packet interarrival times, maximum satellite coverage, satellite pass duration, and the satellite beam constellation, to name a few. Later, we adopt the aforementioned statistics to create a detailed model of the satellite network. Subsequently, we propose a solution to detect unintended deviations of a target user from his path, due to GNSS spoofing attacks. We show that our solution can be used efficiently and effectively to verify the position estimated from standard GNSS satellite constellation, and we provide constraints and parameters to fit several application scenarios. All the results reported in this paper, while showing the quality and viability of our proposal, are supported by real data. In particular, we have collected and analyzed hundreds of thousands of IRA messages, thanks to a measurement campaign lasting several days. All the collected data ($1000+$ hours) have been made available to the research community. Our solution is particularly suitable for unattended scenarios such as deserts, rural areas, or open seas, where standard spoofing detection techniques resorting to crowd-sourcing cannot be used due to deployment limitations. Moreover, contrary to competing solutions, our approach does not resort to physical-layer information, dedicated hardware, or multiple receiving stations, while exploiting only a single receiving antenna and publicly-available IRIDIUM transmissions. Finally, novel research directions are also highlighted.Comment: Accepted for the 13th Conference on Security and Privacy in Wireless and Mobile Networks (WISEC), 202

Towards an Accountable Web of Personal Information: the Web-of-Receipts

Consent is a corner stone in any Privacy practice or public policy. Much beyond a simple "accept" button, we show in this paper that obtaining and demonstrating valid Consent can be a complex matter since it is a multifaceted problem. This is important for both Organisations and Users. As shown in recent cases, not only cannot an individual prove what they accepted at any point in time, but also organisations are struggling with proving such consent was obtained leading to inefficiencies and non-compliance. To a large extent, this problem has not obtained sufficient visibility and research effort. In this paper, we review the current state of Consent and tie it to a problem of Accountability. We argue for a different approach to how the Web of Personal Information operates: the need of an accountable Web in the form of Personal Data Receipts which are able to protect both individuals and organisation. We call this evolution the Web-of-Receipts: online actions, from registration to real-time usage, is preceded by valid consent and is auditable (for Users) and demonstrable (for Organisations) at any moment by using secure protocols and locally stored artefacts such as Receipts. The key contribution of this paper is to elaborate on this unique perspective, present proof-of-concept results and lay out a research agenda

Diffractive Interfaces: diffraction as an artistic research methodology

L'abundància de mètodes d'experimentació artística és una realitat que requereix metodologies alternatives per al seu estudi i la seva avaluació. Diffractive Interfícies és una proposta d'investigació que se centra en la relació art-pedagogia i possibilita una interacció dinàmica entre agències mitjançant l'experimentació amb diferents patrons i possibilitats relacionals facilitant la recerca d'altres formes de (re)presentació i gestualitats en el context de les interfícies culturals.Tant els processos de treball com els resultats de Diffractive Interfícies es caracteritzen per un procediment interdisciplinari d'apropiació i d'interacció entre recerca científica i investigació artística per mitjà de l'ús de la tecnologia, la biologia, la sociologia, la crítica, la música, l'art i la filosofia.La abundancia de métodos de experimentación artística es algo que requiere de metodologías alternativas para su estudio y su evaluación. «Diffractive Interfaces» es una propuesta de investigación que se centra en la relación arte-pedagogía y posibilita una interacción dinámica entre agencias mediante la experimentación con diferentes patrones y posibilidades relacionales facilitando la búsqueda de otras formas de (re)presentación y gestualidades en el contexto de las interfaces culturales.Tanto los procesos de trabajo como los resultados de «Diffractive Interfaces» se caracterizan por un procedimiento interdisciplinario de apropiación y de interacción entre investigación científica e investigación artística por medio del uso de la tecnología, la biología, la sociología, la crítica, la música, el arte y la filosofía.The abundance of methods of artistic experimentation is a reality that requires alternative methodologies for their study and evaluation. ‘Diffractive Interfaces’ is a research approach that focuses on the relationship between art and teaching, enabling dynamic interaction be­tween agencies through experimentation through different relational patterns and possibilities, facilitating the search for other ways of (re)presentation and gestural movement within the context of cultural interfaces.Both the work processes and the results of ‘Diffractive Interfaces’ are characterized by an interdisciplinary procedure of appropriation and interaction between scientific and artistic research through the use of technology, biology, sociology, critique, music, art and philosophy

ivPair: context-based fast intra-vehicle device pairing for secure wireless connectivity

The emergence of advanced in-vehicle infotainment (IVI) systems, such as Apple CarPlay and Android Auto, calls for fast and intuitive device pairing mechanisms to discover newly introduced devices and make or break a secure, high-bandwidth wireless connection. Current pairing schemes are tedious and lengthy as they typically require users to go through pairing and verification procedures by manually entering a predetermined or randomly generated pin on both devices. This inconvenience usually results in prolonged usage of old pins, significantly degrading the security of network connections. To address this challenge, we propose ivPair, a secure and usable device pairing protocol that extracts an identical pairing pin or fingerprint from vehicle\u27s vibration response caused by various factors such as driver\u27s driving pattern, vehicle type, and road conditions. Using ivPair, users can pair a mobile device equipped with an accelerometer with the vehicle\u27s IVI system or other mobile devices by simply holding it against the vehicle\u27s interior frame. Under realistic driving experiments with various types of vehicles and road conditions, we demonstrate that all passenger-owned devices can expect a high pairing success rate with a short pairing time, while effectively rejecting proximate adversaries attempting to pair with the target vehicle