Unlocking the deployment of spectrum sharing with a policy enforcement framework

Spectrum sharing has been proposed as a promising way to increase the efficiency of spectrum usage by allowing incumbent operators (IOs) to share their allocated radio resources with licensee operators (LOs), under a set of agreed rules. The goal is to maximize a common utility, such as the sum rate throughput, while maintaining the level of service required by the IOs. However, this is only guaranteed under the assumption that all “players”respect the agreed sharing rules. In this paper, we propose a comprehensive framework for licensed shared access (LSA) networks that discourages LO misbehavior. Our framework is built around three core functions: misbehavior detection via the employment of a dedicated sensing network; a penalization function; and, a behavior-driven resource allocation. To the best of our knowledge, this is the first time that these components are combined for the monitoring/policing of the spectrum under the LSA framework. Moreover, a novel simulator for LSA is provided as an open access tool, serving the purpose of testing and validating our proposed techniques via a set of extensive system-level simulations in the context of mobile network operators, where IOs and several competing LOs are considered. The results demonstrate that violation of the agreed sharing rules can lead to a great loss of resources for the misbehaving LOs, the amount of which is controlled by the system. Finally, we promote that including a policy enforcement function as part of the spectrum sharing system can be beneficial for the LSA system, since it can guarantee compliance with the spectrum sharing rules and limit the short-term benefits arising from misbehavior

A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

A Study on Security Attributes of Software-Defined Wide Area Network

For organizations to communicate important data across various branches, a reliable Wide Area Network (WAN) is important. With the increase of several factors such as usage of cloud services, WAN bandwidth demand, cost of leased lines, complexity in building/managing WAN and changing business needs led to need of next generation WAN. Software-defined wide area network (SD- WAN) is an emerging trend in today’s networking world as it simplifies management of network and provides seamless integration with the cloud. Compared to Multiprotocol Label Switching (MPLS) majorly used in traditional WAN architecture, SD-WAN incurs less cost, highly secure and offers great performance. This paper will mainly focus to investigate this next-generation WAN’s security attributes as security plays a crucial role in SD-WAN implementation. The goal of the paper is to analyze SD-WAN security by applying principles of CIA triad principle. Comparison of SD-WAN products offered by three different vendors in SD-WAN market with respect to its security is another important area that will be covered in this paper

CyberLiveApp: a secure sharing and migration approach for live virtual desktop applications in a cloud environment

In recent years we have witnessed the rapid advent of cloud computing, in which the remote software is delivered as a service and accessed by users using a thin client over the Internet. In particular, the traditional desktop application can execute in the remote virtual machines without re-architecture providing a personal desktop experience to users through remote display technologies. However, existing cloud desktop applications mainly achieve isolation environments using virtual machines (VMs), which cannot adequately support application-oriented collaborations between multiple users and VMs. In this paper, we propose a flexible collaboration approach, named CyberLiveApp, to enable live virtual desktop applications sharing based on a cloud and virtualization infrastructure. The CyberLiveApp supports secure application sharing and on-demand migration among multiple users or equipment. To support VM desktop sharing among multiple users, a secure access mechanism is developed to distinguish view privileges allowing window operation events to be tracked to compute hidden window areas in real time. A proxy-based window filtering mechanism is also proposed to deliver desktops to different users. To support application sharing and migration between VMs, we use the presentation streaming redirection mechanism and VM cloning service. These approaches have been preliminary evaluated on an extended MetaVNC. Results of evaluations have verified that these approaches are effective and useful

Cost-effective Ethernet Communication for Low Cost Microcontroller Architecture

With the advancement of microelectronic technology and the overall rising trend in the use of low cost microcontrollers the need to share information over the existing infrastructure is more and more emphasized. The problem that persists is how to implement Ethernet communication in low cost microcontrollers while retaining low cost of the device. This paper proposes the use of Microchip’s Stand-Alone Ethernet Controller ENC28J60 in order to establish Ethernet communication towards the application located on a Host PC. In order to reduce the induced overhead on the existing microcontroller firmware size, the paper proposes the use of User Datagram Protocol (UDP) alongside with added authentication in the form of Basic Access Authentication using the Base64 algorithm to establish communication. The communication is tested using the Atmel AVR microcontroller architecture (Atmel AVR XMEGA) and the Stand-Alone Ethernet Controller whereas the sent data is displayed on a National Instruments LabVIEW application running on a Host PC. The measurement is carried out by using network protocol analysis and the comparison is made against the existing communication protocol (TFTP). The proposed communication is compared to one of the existing protocols, Trivial File Transfer Protocol (TFTP). The results are visible in a higher data rate and a lower flash size for implementation, representing an advantage over the existing protocols

Involuntary Signal-Based Grounding of Civilian Unmanned Aerial Systems (UAS) in Civilian Airspace

This thesis investigates the involuntary signal-based grounding of civilian unmanned aerial systems (UAS) in unauthorized air spaces. The technique proposed here will forcibly land unauthorized UAS in a given area in such a way that the UAS will not be harmed, and the pilot cannot stop the landing. The technique will not involuntarily ground authorized drones which will be determined prior to the landing. Unauthorized airspaces include military bases, university campuses, areas affected by a natural disaster, and stadiums for public events. This thesis proposes an early prototype of a hardware-based signal based involuntary grounding technique to handle the problem by immediately grounding unauthorized drones. Research in the development of UAS is in the direction of airspace integration. For the potential of airspace integration three communication protocols were evaluated: LoRa WAN, Bluetooth 5, and Frequency Shift Keying (FSK) for their long range capabilities. Of the three technologies, LoRa WAN transmitted the farthest, however the FSK module transmitted a comparable distance at a lower power. The power measurements were taken using existing modules, however, due to LoRa using a higher frequency than the FSK module this outcome was expected

Securing CAN-Based Cyber-Physical Systems

With the exponential growth of cyber-physical systems (CPSs), new security challenges have emerged. Various vulnerabilities, threats, attacks, and controls have been introduced for the new generation of CPS. However, there lacks a systematic review of the CPS security literature. In particular, the heterogeneity of CPS components and the diversity of CPS systems have made it difficult to study the problem with one generalized model. As the first component of this dissertation, existing research on CPS security is studied and systematized under a unified framework. Smart cars, as a CPS application, were further explored under the proposed framework and new attacks are identified and addressed. The Control Area Network (CAN bus) is a prevalent serial communication protocol adopted in industrial CPS, especially in small and large vehicles, ships, planes, and even in drones, radar systems, and submarines. Unfortunately, the CAN bus was designed without any security considerations. We then propose and demonstrate a stealthy targeted Denial of Service (DoS) attack against CAN. Experimentation shows that the attack is effective and superior to attacks of the same category due to its stealthiness and ability to avoid detection from current countermeasures. Two controls are proposed to defend against various spoofing and DoS attacks on CAN. The first one aims to minimize the attack using a mechanism called ID-Hopping so that CAN arbitration IDs are randomized so an attacker would not be able to target them. ID-Hopping raises the bar for attackers by randomizing the expected patterns in a CAN network. Such randomization hinders an attacker’s ability to launch targeted DoS attacks. Based on the evaluation on the testbed, the randomization mechanism, ID-Hopping, holds a promising solution for targeted DoS, and reverse engineering CAN IDs, and which CAN networks are most vulnerable. The second countermeasure is a novel CAN firewall that aims to prevent an attacker from launching a plethora of nontraditional attacks on CAN that existing solutions do not adequately address. The firewall is placed between a potential attacker’s node and the rest of the CAN bus. Traffic is controlled bi-directionally between the main bus and the attacker’s side so that only benign traffic can pass to the main bus. This ensures that an attacker cannot arbitrarily inject malicious traffic into the main bus. Demonstration and evaluation of the attack and firewall were conducted by a bit-level analysis, i.e., “Bit banging”, of CAN’s traffic. Results show that the firewall successfully prevents the stealthy targeted DoS attack, as well as, other recent attacks. To evaluate the proposed attack and firewall, a testbed was built that consisted of BeagleBone Black and STM32 Nucleo- 144 microcontrollers to simulate real CAN traffic. Finally, a design of an Intrusion Detection System (IDS) was proposed to complement the firewall. It utilized the proposed firewall to add situational awareness capabilities to the bus’s security posture and detect and react to attacks that might bypass the firewall based on certain rules