2,395 research outputs found
Security Implications of Fog Computing on the Internet of Things
Recently, the use of IoT devices and sensors has been rapidly increased which
also caused data generation (information and logs), bandwidth usage, and
related phenomena to be increased. To our best knowledge, a standard definition
for the integration of fog computing with IoT is emerging now. This integration
will bring many opportunities for the researchers, especially while building
cyber-security related solutions. In this study, we surveyed about the
integration of fog computing with IoT and its implications. Our goal was to
find out and emphasize problems, specifically security related problems that
arise with the employment of fog computing by IoT. According to our findings,
although this integration seems to be non-trivial and complicated, it has more
benefits than the implications.Comment: 5 pages, conference paper, to appear in Proceedings of the ICCE 2019,
IEEE 37th International Conference on Consumer Electronics (ICCE), Jan 11-
13, 2019, Las Vegas, NV, US
A Novel Cross-Layer Authentication Protocol for the Internet of Things
An innovative cross-layer authentication protocol that integrates cryptography-based authentication and physical layer authentication (PLA) is proposed for massive cellular Internet of things (IoT) systems. Due to dramatic increases in the number of cellular IoT devices, a centralized authentication architecture in which a mobility management entity in core networks administers authentication of massive numbers of IoT devices may cause network congestion with large signaling overhead. Thus, a distributed authentication architecture in which a base station in radio access networks authenticates IoT devices locally is presented. In addition, a cross-layer authentication protocol is designed with a novel integration strategy under the distributed authentication architecture, where PLA, which employs physical features for authentication, is used as preemptive authentication in the proposed protocol. Theoretical analysis and numerical simulations were performed to analyze the trade-off between authentication performance and overhead in the proposed authentication method compared with existing authentication protocols. The results demonstrate that the proposed protocol outperforms conventional authentication and key agreement protocols in terms of overhead and computational complexity while guaranteeing low authentication error probability
A Taxonomy of Intrusion Response Systems
Recent advances in intrusion detection field brought new requirements to intrusion prevention and response. Traditionally, the response to an attack was manually triggered by an administrator. However, increased complexity and speed of the attack-spread during recent years showed acute necessity for complex dynamic response mechanisms. Although intrusion detection systems are being actively developed, research efforts in intrusion response are still isolated. In this work we present taxonomy of intrusion response systems, together with a review of current trends in intrusion response research. We also provide a set of essential fetures as a requirement for an ideal intrusion response system
A framework for cost-sensitive automated selection of intrusion response
In recent years, cost-sensitive intrusion response has gained
significant interest due to its emphasis on the balance between
potential damage incurred by the intrusion and cost of the response.
However, one of the challenges in applying this approach is defining a
consistent and adaptable measurement framework to evaluate the expected
benefit of a response. In this thesis we present a model and framework
for the cost-sensitive assessment and selection of intrusion response.
Specifically, we introduce a set of measurements that characterize the
potential costs associated with the intrusion handling process, and
propose an intrusion response evaluation method with respect to the risk
of potential intrusion damage, the effectiveness of the response action
and the response cost for a system. The proposed framework has the
important quality of abstracting the system security policy from the
response selection mechanism, permitting policy adjustments to be made
without changes to the model. We provide an implementation of the
proposed solution as an IDS-independent plugin tool, and demonstrate its
advantages over traditional static response systems and an existing
dynamic response system
- …