Denial-of-Service Resistance in Key Establishment

Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made

On the Achievable Error Region of Physical Layer Authentication Techniques over Rayleigh Fading Channels

For a physical layer message authentication procedure based on the comparison of channel estimates obtained from the received messages, we focus on an outer bound on the type I/II error probability region. Channel estimates are modelled as multivariate Gaussian vectors, and we assume that the attacker has only some side information on the channel estimate, which he does not know directly. We derive the attacking strategy that provides the tightest bound on the error region, given the statistics of the side information. This turns out to be a zero mean, circularly symmetric Gaussian density whose correlation matrices may be obtained by solving a constrained optimization problem. We propose an iterative algorithm for its solution: Starting from the closed form solution of a relaxed problem, we obtain, by projection, an initial feasible solution; then, by an iterative procedure, we look for the fixed point solution of the problem. Numerical results show that for cases of interest the iterative approach converges, and perturbation analysis shows that the found solution is a local minimum

Collaborative Authentication for 6G Networks: An Edge Intelligence based Autonomous Approach

The conventional device authentication of wireless networks usually relies on a security server and centralized process, leading to long latency and risk of single-point of failure. While these challenges might be mitigated by collaborative authentication schemes, their performance remains limited by the rigidity of data collection and aggregated result. They also tend to ignore attacker localization in the collaborative authentication process. To overcome these challenges, a novel collaborative authentication scheme is proposed, where multiple edge devices act as cooperative peers to assist the service provider in distributively authenticating its users by estimating their received signal strength indicator (RSSI) and mobility trajectory (TRA). More explicitly, a distributed learning-based collaborative authentication algorithm is conceived, where the cooperative peers update their authentication models locally, thus the network congestion and response time remain low. Moreover, a situation-aware secure group update algorithm is proposed for autonomously refreshing the set of cooperative peers in the dynamic environment. We also develop an algorithm for localizing a malicious user by the cooperative peers once it is identified. The simulation results demonstrate that the proposed scheme is eminently suitable for both indoor and outdoor communication scenarios, and outperforms some existing benchmark schemes

A Privacy Framework for Decentralized Applications using Blockchains and Zero Knowledge Proofs

With the increasing interest in connected vehicles along with electrification opportunities, there is an ongoing effort to automate the charging process of electric vehicles (EVs) through their capabilities to communicate with the infrastructure and each other. However, charging EVs takes time and thus in-advance scheduling is needed. As this process is done frequently due to limited mileage of EVs, it may expose the locations and charging pattern of the EV to the service providers, raising privacy concerns for their users. Nevertheless, the EV still needs to be authenticated to charging providers, which means some information will need to be provided anyway. While there have been many studies to address the problem of privacy-preserving authentication for vehicular networks, such solutions will be void if charging payments are made through traditional means. In this thesis, we tackle this problem by utilizing distributed applications enabled by Blockchain and smart contracts. We adapt zero-knowledge proofs to Blockchain for enabling privacy-preserving authentication while removing the need for a central authority. We introduce two approaches, one using a token-based mechanism and another utilizing the Pederson Commitment scheme to realize anonymous authentication. We also describe a protocol for the whole process which includes scheduling and charging operations. The evaluation of the proposed approaches indicates that the overhead of this process is affordable to enable real-time charging operations for connected EVs

Crowdsourcing atop blockchains

Traditional crowdsourcing systems, such as Amazon\u27s Mechanical Turk (MTurk), though once acquiring great economic successes, have to fully rely on third-party platforms to serve between the requesters and the workers for basic utilities. These third-parties have to be fully trusted to assist payments, resolve disputes, protect data privacy, manage user authentications, maintain service online, etc. Nevertheless, tremendous real-world incidents indicate how elusive it is to completely trust these platforms in reality, and the reduction of such over-reliance becomes desirable. In contrast to the arguably vulnerable centralized approaches, a public blockchain is a distributed and transparent global consensus computer that is highly robust. The blockchain is usually managed and replicated by a large-scale peer-to-peer network collectively, thus being much more robust to be fully trusted for correctness and availability. It, therefore, becomes enticing to build novel crowdsourcing applications atop blockchains to reduce the over-trust on third-party platforms. However, this new fascinating technology also brings about new challenges, which were never that severe in the conventional centralized setting. The most serious issue is that the blockchain is usually maintained in the public Internet environment with a broader attack surface open to anyone. This not only causes serious privacy and security issues, but also allows the adversaries to exploit the attack surface to hamper more basic utilities. Worse still, most existing blockchains support only light on-chain computations, and the smart contract executed atop the decentralized consensus computer must be simple, which incurs serious feasibility problems. In reality, the privacy/security issue and the feasibility problem even restrain each other and create serious tensions to hinder the broader adoption of blockchain. The dissertation goes through the non-trivial challenges to realize secure yet still practical decentralization (for urgent crowdsourcing use-cases), and lay down the foundation for this line of research. In sum, it makes the next major contributions. First, it identifies the needed security requirements in decentralized knowledge crowdsourcing (e.g., data privacy), and initiates the research of private decentralized crowdsourcing. In particular, the confidentiality of solicited data is indispensable to prevent free-riders from pirating the others\u27 submissions, thus ensuring the quality of solicited knowledge. To this end, a generic private decentralized crowdsourcing framework is dedicatedly designed, analyzed, and implemented. Furthermore, this dissertation leverages concretely efficient cryptographic design to reduce the cost of the above generic framework. It focuses on decentralizing the special use-case of Amazon MTurk, and conducts multiple specific-purpose optimizations to remove needless generality to squeeze performance. The implementation atop Ethereum demonstrates a handling cost even lower than MTurk. In addition, it focuses on decentralized crowdsourcing of computing power for specific machine learning tasks. It lets a requester place deposits in the blockchain to recruit some workers for a designated (randomized) programs. If and only if these workers contribute their resources to compute correctly, they would earn well-deserved payments. For these goals, a simple yet still useful incentive mechanism is developed atop the blockchain to deter rational workers from cheating. Finally, the research initiates the first systematic study on crowdsourcing blockchains\u27 full nodes to assist superlight clients (e.g., mobile phones and IoT devices) to read the blockchain\u27s records. This dissertation presents a novel generic solution through the powerful lens of game-theoretic treatments, which solves the long-standing open problem of designing generic superlight clients for all blockchains