A systematic review of crime facilitated by the consumer Internet of Things

The nature of crime is changing — estimates suggest that at least half of all crime is now committed online. Once everyday objects (e.g. televisions, baby monitors, door locks) that are now internet connected, collectively referred to as the Internet of Things (IoT), have the potential to transform society, but this increase in connectivity may generate new crime opportunities. Here, we conducted a systematic review to inform understanding of these risks. We identify a number of high-level mechanisms through which offenders may exploit the consumer IoT including profiling, physical access control and the control of device audio/visual outputs. The types of crimes identified that could be facilitated by the IoT were wide ranging and included burglary, stalking, and sex crimes through to state level crimes including political subjugation. Our review suggests that the IoT presents substantial new opportunities for offending and intervention is needed now to prevent an IoT crime harvest

Information seeking, technology use, and vulnerability among migrants at the U.S.-Mexico border

Through interviews with migrants and migrant aid-workers at a shelter in the border town of Nogales, Mexico, we examine how undocumented migrants are seeking, acquiring, understanding, and using information prior to, and during, migration across the U.S.-Mexico border. Our study examines migrants’ perceptions of humanitarian service and the use of so-called “border disturbance technologies” by activists to help prevent the death of migrants in the desert, finding that migrants appreciate water-caching efforts but generally distrust technologies they feel could subject them to surveillance by border agents. Exploratory in nature and based on a small sample, our findings are not necessarily representative of the broader population, but provide rich evidence of the prevalence of word-of-mouth information seeking and use of cell phones over other information technologies, and explore the ambivalent nature of information technology use in the vulnerable setting of life at the border. In particular, we find that mobile phones help migrants meet their communication needs, but also increase their exposure to crime and abuse

The Implications of New Technologies on Privacy Rights

The rise in new technologies is very essential in this contemporary world and it has facilitated the communication sector, improve health and economic development. These new digital tools has made life somehow comfortable and accelerated economic growth in the universe. Nevertheless, these digital tools are a threat to privacy of persons.in the course of manipulating these gadgets, they infringe on the rights of privacy of individuals. Some people misuse these gadgets and they do not use it responsibly.Tehila Schwarz noted that”privacy is in the hands of a digital world”. A smartphone has multiple functions to invade the privacy of individual, because a smartphone can record messages, videotape events, likewise Close Circuit Television Cameras (CCTV), which are installed in homes and streets, they monitor individuals silently, they are installed for security purpose but in the course of monitoring the activities of individuals, they cross the boundary to invade privacy of persons, because they monitor everybody under the vicinity of the camera. Similarly, an instrument like Global Positioning System (GPS) is capable to detect the position or location of persons, it is use to track individual’s movement and position and even cars .These tools are all imperative for our wellbeing but it intrudes on the privacy of individuals

Unmanned Aircraft Systems in the Cyber Domain

Unmanned Aircraft Systems are an integral part of the US national critical infrastructure. The authors have endeavored to bring a breadth and quality of information to the reader that is unparalleled in the unclassified sphere. This textbook will fully immerse and engage the reader / student in the cyber-security considerations of this rapidly emerging technology that we know as unmanned aircraft systems (UAS). The first edition topics covered National Airspace (NAS) policy issues, information security (INFOSEC), UAS vulnerabilities in key systems (Sense and Avoid / SCADA), navigation and collision avoidance systems, stealth design, intelligence, surveillance and reconnaissance (ISR) platforms; weapons systems security; electronic warfare considerations; data-links, jamming, operational vulnerabilities and still-emerging political scenarios that affect US military / commercial decisions. This second edition discusses state-of-the-art technology issues facing US UAS designers. It focuses on counter unmanned aircraft systems (C-UAS) – especially research designed to mitigate and terminate threats by SWARMS. Topics include high-altitude platforms (HAPS) for wireless communications; C-UAS and large scale threats; acoustic countermeasures against SWARMS and building an Identify Friend or Foe (IFF) acoustic library; updates to the legal / regulatory landscape; UAS proliferation along the Chinese New Silk Road Sea / Land routes; and ethics in this new age of autonomous systems and artificial intelligence (AI).https://newprairiepress.org/ebooks/1027/thumbnail.jp

Modeling Attacks in IoT to Assist the Engineering Process

The Internet of Things is the broad name given to technologies that allow for any devices (known in this context as things) to communicate with each other as well as machines, applications, databases, among others in a seamless manner. This allows for devices in an environment such as in a home, a factory or a hospital, to interact with each other and even to autonomously perform actions based on the information they receive. This integration of technology in regular, everyday devices allows for the people that interact or otherwise are affected by them to have a finer degree of control over what is happening around them, allowing for this technology to improve other existing ones by improving their usefulness and efficiency. As a simple example, in the context of a smart home, a user can be able to manually command actions or to set conditions that trigger said actions according to his preferences. This means that things such as controlling room temperature and lighting, opening doors, ordering something when it runs out or turning appliances on, can be automatically performed when the conditions approved by the user are met. In medicine for example, Internet of Things (IoT) systems allow for the creation of more effective patient monitoring and diagnostic systems as well as resource management in general, as patients could potentially carry sensors that allow for constant monitoring thus assisting in diagnostics and in emergency situations. This last example raises an obvious and very important issue with this type of technologies, which is security. If IoT systems are not properly secured, a malicious actor could potentially access or modify private patient or hospital data as well as disable or tamper with the sensors, among other malicious scenarios that could potentially result in harm to equipment or even human lives. Given the speed at which this technology is evolving and new systems are being created and implemented, security is often seen as an afterthought, which results in insufficient or poorly implemented security measures allowing for attackers to easily disrupt the functioning or even to steal sensitive data from the system. Therefore, it is critical to perform an adequate security analysis right from the start of the system design process. By understanding the security requirements relevant to a system, it is possible to implement adequate security measures that prevent attacks or other malicious actions from occurring, thus safeguarding data and allowing for the system to perform as originally intended. The goal of this dissertation is to explore the principles behind system and threat modeling to be able to develop a prototype tool to assist users - even those with limited security knowledge - in the identification of security requirements, threats and good practices. Hopefully, this prototype should prove to be able to assist developers better define security requirements early in the system design stage, as well as including the correct defensive measures in the development stages. This prototype was developed in the context of the S E C U R I o T E S I G N project, as it integrates two other tools created in its context to assist in the identification of the requirements from information provided by the user. This dissertation produced a web application capable of handling the user inputs containing relevant system requirement and recommendations information, and then processing them in order to extrapolate the relevant system and threat modeling information. The validation process for this prototype consisted of comparing a manual system and threat analysis created by an expert, with the results obtained by volunteers using the prototype application, and verifying how correct is the analysis by the tool. The results were satisfying and the proposed objectives were successfully achieved.A Internet das Coisas (Internet of Things, do inglês e abreviado para IoT), é o nome dado às tecnologias que permitem que qualquer dispositivo (que neste contexto é apelidado de coisa) comunique com outro, tal como com máquinas, aplicações, bases de dados, entre outras tecnologias, de maneira direta. Isto permite que dispositivos num dado ambiente interajam uns com os outros e que sejam inclusivamente capazes de tomar decisões de forma autónoma com base nos dados que recebem. Esta integração de novas tecnologias em dispositivos do dia a dia permite que os utilizadores tenham um controlo mais refinado sobre o que cada aparelho é capaz de fazer, aumentando assim a utilidade e eficiência dos mesmos. Alguns exemplos da aplicabilidade deste controlo adicional podem ser observados em casas inteligentes, na qual os utilizadores conseguem controlar remotamente os equipamentos da sua casa, ou até definir o seu controlo de forma automática com base em certos parâmetros determinados pelos equipamentos. Isto significa que tarefas como controlo de temperatura, luminosidade, abertura/fecho de portas, ligar ou desligar eletrodomésticos, ou até mesmo encomendar automaticamente um produto quando este termina podem todas ser efetuadas de maneira automática, quando as condições certas são verificadas. Outro exemplo poderia ser no ramo da Medicina, na qual sistemas baseados na IoT podem permitir a criação de sistemas mais eficientes de monitorização e diagnóstico de pacientes, o que acaba por acarretar benefícios a nível da gestão de recursos hospitalares, visto que os pacientes poderiam simplesmente possuir consigo sensores que faziam a sua monitorização permanente, assistindo nos processos de diagnóstico e em casos de emergência. Contudo, este último exemplo chama à atenção para o problema óbvio e muito importante com estas tecnologias, que é a segurança (ou a falta dela). Casos os sistemas de IoT não cumpram com as medidas de segurança mais adequadas, um atacante poderia potencialmente aceder ou modificar dados dos pacientes, do hospital, ou até mesmo fazer modificações no próprio equipamento. Isto seriam violações gravíssimas da segurança do sistema, que poderiam mesmo provocar prejuízos ao nível de bens materiais ou em casos extremos, de vidas humanas. Dada a velocidade com que estas tecnologias estão a evoluir, e à qual novos sistemas estão a ser desenvolvidos e implementados, a segurança dos sistemas costuma ser algo esquecida a acaba por ser dos últimos aspetos a ser considerado aquando do design dos mesmos. Isto resulta em insuficiências e falhas ao nível de segurança, o que acaba por permitir que atacantes consigam provocar alterações no funcionamento normal ou até mesmo roubar dados do sistema. É extremamente importante efetuar um bom levantamento dos requisitos de segurança que o sistema deve implementar logo desde as fases iniciais de design e planificação da arquitetura. Só quando se compreende na integra os requisitos de segurança é que é possível planear e implementar as medidas de segurança adequadas para o sistema a ser desenhado. O objetivo principal desta dissertação é explorar os princípios por detrás da modelação dos sistemas e das ameaças. Desta forma pretende-se desenvolver um protótipo de uma ferramenta capaz de assistir os utilizadores - mesmo aqueles com conhecimentos limitados na área de segurança - na identificação de requisitos de segurança e ameaças ao sistema, assim como fornecer informação pertinente para colmatar estes aspetos. Esta ferramenta deverá ser capaz de auxiliar os developers, designers e engenheiros de software com os processos de definição de requisitos e medidas de segurança preventivas, desde as etapas iniciais da planificação dos sistemas. Este protótipo foi desenvolvido no contexto do projeto S E C U R I o T E S I G N , o mesmo integra duas outras ferramentas que auxiliam na identificação de requisitos a partir de informações fornecidas pelo utilizador e que vão ser vir de inputs do protótipo aqui desenvolvido. Esta dissertação produziu uma aplicação web capaz de receber os inputs do utilizador contendo a informação com os requisitos e recomendações do sistema e a partir do seu processamento é possível obter a modelação de sistema e de ameaças. O processo de validação do protótipo aqui desenvolvido consistiu em comparar uma análise de modelação de sistema e ameaças produzidas manualmente por um perito, com as análises obtidas por voluntários através do protótipo desta aplicação web, e verificar o quão correta é a análise produzida pelo protótipo. De forma geral os resultados foram satisfatórios, tendo o protótipo sido capaz de alcançar uma análise bastante correta face à produzida pelo perito. Desta forma pode-se concluir que os objetivos desta dissertação foram alcançados com sucesso

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados

Measuring trustworthiness of image data in the internet of things environment

Internet of Things (IoT) image sensors generate huge volumes of digital images every day. However, easy availability and usability of photo editing tools, the vulnerability in communication channels and malicious software have made forgery attacks on image sensor data effortless and thus expose IoT systems to cyberattacks. In IoT applications such as smart cities and surveillance systems, the smooth operation depends on sensors’ sharing data with other sensors of identical or different types. Therefore, a sensor must be able to rely on the data it receives from other sensors; in other words, data must be trustworthy. Sensors deployed in IoT applications are usually limited to low processing and battery power, which prohibits the use of complex cryptography and security mechanism and the adoption of universal security standards by IoT device manufacturers. Hence, estimating the trust of the image sensor data is a defensive solution as these data are used for critical decision-making processes. To our knowledge, only one published work has estimated the trustworthiness of digital images applied to forensic applications. However, that study’s method depends on machine learning prediction scores returned by existing forensic models, which limits its usage where underlying forensics models require different approaches (e.g., machine learning predictions, statistical methods, digital signature, perceptual image hash). Multi-type sensor data correlation and context awareness can improve the trust measurement, which is absent in that study’s model. To address these issues, novel techniques are introduced to accurately estimate the trustworthiness of IoT image sensor data with the aid of complementary non-imagery (numeric) data-generating sensors monitoring the same environment. The trust estimation models run in edge devices, relieving sensors from computationally intensive tasks. First, to detect local image forgery (splicing and copy-move attacks), an innovative image forgery detection method is proposed based on Discrete Cosine Transformation (DCT), Local Binary Pattern (LBP) and a new feature extraction method using the mean operator. Using Support Vector Machine (SVM), the proposed method is extensively tested on four well-known publicly available greyscale and colour image forgery datasets and on an IoT-based image forgery dataset that we built. Experimental results reveal the superiority of our proposed method over recent state-of-the-art methods in terms of widely used performance metrics and computational time and demonstrate robustness against low availability of forged training samples. Second, a robust trust estimation framework for IoT image data is proposed, leveraging numeric data-generating sensors deployed in the same area of interest (AoI) in an indoor environment. As low-cost sensors allow many IoT applications to use multiple types of sensors to observe the same AoI, the complementary numeric data of one sensor can be exploited to measure the trust value of another image sensor’s data. A theoretical model is developed using Shannon’s entropy to derive the uncertainty associated with an observed event and Dempster-Shafer theory (DST) for decision fusion. The proposed model’s efficacy in estimating the trust score of image sensor data is analysed by observing a fire event using IoT image and temperature sensor data in an indoor residential setup under different scenarios. The proposed model produces highly accurate trust scores in all scenarios with authentic and forged image data. Finally, as the outdoor environment varies dynamically due to different natural factors (e.g., lighting condition variations in day and night, presence of different objects, smoke, fog, rain, shadow in the scene), a novel trust framework is proposed that is suitable for the outdoor environments with these contextual variations. A transfer learning approach is adopted to derive the decision about an observation from image sensor data, while also a statistical approach is used to derive the decision about the same observation from numeric data generated from other sensors deployed in the same AoI. These decisions are then fused using CertainLogic and compared with DST-based fusion. A testbed was set up using Raspberry Pi microprocessor, image sensor, temperature sensor, edge device, LoRa nodes, LoRaWAN gateway and servers to evaluate the proposed techniques. The results show that CertainLogic is more suitable for measuring the trustworthiness of image sensor data in an outdoor environment.Doctor of Philosoph

Behavioural Demand Response for Future Smart Homes: Investigation of Demand Response Strategies for Future Smart Homes that Account for Consumer Comfort, Behaviour and Cybersecurity

Smart metering and precise measurement of energy consumption levels have brought more detailed information and interest on the actual load profile of a house which continues to improve consumer-retailer relationships. Participation in demand response (DR) programs is one of these relationships but studies have shown that there are considerable impacts resulting to some level of discomfort on consumers as they aim to follow a suggested load profile. This research therefore investigates the impact on consumers while participating in DR programs by evaluating various perspectives that includes: Modelling the causes discomfort during participation in DR programs; Evaluation of user participation capabilities in DR programs; Identification of schedulable and non-schedulable loads and opportunities; Application of load scheduling mechanism which caters for specific user concerns. Investigation towards ensuring a secure and robust system design. The key source of information that enhances this work is obtained from data on historical user behavior which can be stored within a smart controller installed in the home and optimised using genetic algorithm implemented on MATLAB. Results show that user participation in DR programs can be improved and effectively managed if the challenges facing home owners are adequately understood. This is the key contribution of this work whereby load schedules created are specifically tailored to meet the need of the users hence minimizing the impact of discomfort experienced due to participation in DR programs. Finally as part of the test for robustness of the system design in order to prevent or minimize the impact of any event of a successful cyber-attack on the load or price profiles, this work includes means to managing any such attacks thereby mitigating the impact of such attacks on users who participate in demand response programs. Solutions to these attacks are also proffered with the aim of increasing robustness of the grid by being sufficiently proactive

Novel architectures and strategies for security offloading

Internet has become an indispensable and powerful tool in our modern society. Its ubiquitousness, pervasiveness and applicability have fostered paradigm changes around many aspects of our lives. This phenomena has positioned the network and its services as fundamental assets over which we rely and trust. However, Internet is far from being perfect. It has considerable security issues and vulnerabilities that jeopardize its main core functionalities with negative impact over its players. Furthermore, these vulnerabilities¿ complexities have been amplified along with the evolution of Internet user mobility. In general, Internet security includes both security for the correct network operation and security for the network users and endpoint devices. The former involves the challenges around the Internet core control and management vulnerabilities, while the latter encompasses security vulnerabilities over end users and endpoint devices. Similarly, Internet mobility poses major security challenges ranging from routing complications, connectivity disruptions and lack of global authentication and authorization. The purpose of this thesis is to present the design of novel architectures and strategies for improving Internet security in a non-disruptive manner. Our novel security proposals follow a protection offloading approach. The motives behind this paradigm target the further enhancement of the security protection while minimizing the intrusiveness and disturbance over the Internet routing protocols, its players and users. To accomplish such level of transparency, the envisioned solutions leverage on well-known technologies, namely, Software Defined Networks, Network Function Virtualization and Fog Computing. From the Internet core building blocks, we focus on the vulnerabilities of two key routing protocols that play a fundamental role in the present and the future of the Internet, i.e., the Border Gateway Protocol (BGP) and the Locator-Identifier Split Protocol (LISP). To this purpose, we first investigate current BGP vulnerabilities and countermeasures with emphasis in an unresolved security issue defined as Route Leaks. Therein, we discuss the reasons why different BGP security proposals have failed to be adopted, and the necessity to propose innovative solutions that minimize the impact over the already deployed routing solution. To this end, we propose pragmatic security methodologies to offload the protection with the following advantages: no changes to the BGP protocol, neither dependency on third party information nor on third party security infrastructure, and self-beneficial. Similarly, we research the current LISP vulnerabilities with emphasis on its control plane and mobility support. We leverage its by-design separation of control and data planes to propose an enhanced location-identifier registration process of end point identifiers. This proposal improves the mobility of end users with regards on securing a dynamic traffic steering over the Internet. On the other hand, from the end user and devices perspective we research new paradigms and architectures with the aim of enhancing their protection in a more controllable and consolidated manner. To this end, we propose a new paradigm which shifts the device-centric protection paradigm toward a user-centric protection. Our proposal focus on the decoupling or extending of the security protection from the end devices toward the network edge. It seeks the homogenization of the enforced protection per user independently of the device utilized. We further investigate this paradigm in a mobility user scenario. Similarly, we extend this proposed paradigm to the IoT realm and its intrinsic security challenges. Therein, we propose an alternative to protect both the things, and the services that leverage from them by consolidating the security at the network edge. We validate our proposal by providing experimental results from prof-of-concepts implementations.Internet se ha convertido en una poderosa e indispensable herramienta para nuestra sociedad moderna. Su omnipresencia y aplicabilidad han promovido grandes cambios en diferentes aspectos de nuestras vidas. Este fenómeno ha posicionado a la red y sus servicios como activos fundamentales sobre los que contamos y confiamos. Sin embargo, Internet está lejos de ser perfecto. Tiene considerables problemas de seguridad y vulnerabilidades que ponen en peligro sus principales funcionalidades. Además, las complejidades de estas vulnerabilidades se han ampliado junto con la evolución de la movilidad de usuarios de Internet y su limitado soporte. La seguridad de Internet incluye tanto la seguridad para el correcto funcionamiento de la red como la seguridad para los usuarios y sus dispositivos. El primero implica los desafíos relacionados con las vulnerabilidades de control y gestión de la infraestructura central de Internet, mientras que el segundo abarca las vulnerabilidades de seguridad sobre los usuarios finales y sus dispositivos. Del mismo modo, la movilidad en Internet plantea importantes desafíos de seguridad que van desde las complicaciones de enrutamiento, interrupciones de la conectividad y falta de autenticación y autorización globales. El propósito de esta tesis es presentar el diseño de nuevas arquitecturas y estrategias para mejorar la seguridad de Internet de una manera no perturbadora. Nuestras propuestas de seguridad siguen un enfoque de desacople de la protección. Los motivos detrás de este paradigma apuntan a la mejora adicional de la seguridad mientras que minimizan la intrusividad y la perturbación sobre los protocolos de enrutamiento de Internet, sus actores y usuarios. Para lograr este nivel de transparencia, las soluciones previstas aprovechan nuevas tecnologías, como redes definidas por software (SDN), virtualización de funciones de red (VNF) y computación en niebla. Desde la perspectiva central de Internet, nos centramos en las vulnerabilidades de dos protocolos de enrutamiento clave que desempeñan un papel fundamental en el presente y el futuro de Internet, el Protocolo de Puerta de Enlace Fronterizo (BGP) y el Protocolo de Separación Identificador/Localizador (LISP ). Para ello, primero investigamos las vulnerabilidades y medidas para contrarrestar un problema no resuelto en BGP definido como Route Leaks. Proponemos metodologías pragmáticas de seguridad para desacoplar la protección con las siguientes ventajas: no cambios en el protocolo BGP, cero dependencia en la información de terceros, ni de infraestructura de seguridad de terceros, y de beneficio propio. Del mismo modo, investigamos las vulnerabilidades actuales sobre LISP con énfasis en su plano de control y soporte de movilidad. Aprovechamos la separacçón de sus planos de control y de datos para proponer un proceso mejorado de registro de identificadores de ubicación y punto final, validando de forma segura sus respectivas autorizaciones. Esta propuesta mejora la movilidad de los usuarios finales con respecto a segurar un enrutamiento dinámico del tráfico a través de Internet. En paralelo, desde el punto de vista de usuarios finales y dispositivos investigamos nuevos paradigmas y arquitecturas con el objetivo de mejorar su protección de forma controlable y consolidada. Con este fin, proponemos un nuevo paradigma hacia una protección centrada en el usuario. Nuestra propuesta se centra en el desacoplamiento o ampliación de la protección de seguridad de los dispositivos finales hacia el borde de la red. La misma busca la homogeneización de la protección del usuario independientemente del dispositivo utilizado. Además, investigamos este paradigma en un escenario con movilidad. Validamos nuestra propuesta proporcionando resultados experimentales obtenidos de diferentes experimentos y pruebas de concepto implementados.Postprint (published version

Counter Unmanned Aircraft Systems Technologies and Operations

As the quarter-century mark in the 21st Century nears, new aviation-related equipment has come to the forefront, both to help us and to haunt us. (Coutu, 2020) This is particularly the case with unmanned aerial vehicles (UAVs). These vehicles have grown in popularity and accessible to everyone. Of different shapes and sizes, they are widely available for purchase at relatively low prices. They have moved from the backyard recreation status to important tools for the military, intelligence agencies, and corporate organizations. New practical applications such as military equipment and weaponry are announced on a regular basis – globally. (Coutu, 2020) Every country seems to be announcing steps forward in this bludgeoning field. In our successful 2nd edition of Unmanned Aircraft Systems in the Cyber Domain: Protecting USA’s Advanced Air Assets (Nichols, et al., 2019), the authors addressed three factors influencing UAS phenomena. First, unmanned aircraft technology has seen an economic explosion in production, sales, testing, specialized designs, and friendly / hostile usages of deployed UAS / UAVs / Drones. There is a huge global growing market and entrepreneurs know it. Second, hostile use of UAS is on the forefront of DoD defense and offensive planners. They are especially concerned with SWARM behavior. Movies like “Angel has Fallen,” where drones in a SWARM use facial recognition technology to kill USSS agents protecting POTUS, have built the lore of UAS and brought the problem forefront to DHS. Third, UAS technology was exploding. UAS and Counter- UAS developments in navigation, weapons, surveillance, data transfer, fuel cells, stealth, weight distribution, tactics, GPS / GNSS elements, SCADA protections, privacy invasions, terrorist uses, specialized software, and security protocols has exploded. (Nichols, et al., 2019) Our team has followed / tracked joint ventures between military and corporate entities and specialized labs to build UAS countermeasures. As authors, we felt compelled to address at least the edge of some of the new C-UAS developments. It was clear that we would be lucky if we could cover a few of – the more interesting and priority technology updates – all in the UNCLASSIFIED and OPEN sphere. Counter Unmanned Aircraft Systems: Technologies and Operations is the companion textbook to our 2nd edition. The civilian market is interesting and entrepreneurial, but the military and intelligence markets are of concern because the US does NOT lead the pack in C-UAS technologies. China does. China continues to execute its UAS proliferation along the New Silk Road Sea / Land routes (NSRL). It has maintained a 7% growth in military spending each year to support its buildup. (Nichols, et al., 2019) [Chapter 21]. They continue to innovate and have recently improved a solution for UAS flight endurance issues with the development of advanced hydrogen fuel cell. (Nichols, et al., 2019) Reed and Trubetskoy presented a terrifying map of countries in the Middle East with armed drones and their manufacturing origin. Guess who? China. (A.B. Tabriski & Justin, 2018, December) Our C-UAS textbook has as its primary mission to educate and train resources who will enter the UAS / C-UAS field and trust it will act as a call to arms for military and DHS planners.https://newprairiepress.org/ebooks/1031/thumbnail.jp