9 research outputs found
Mobile Ad-Hoc Networks
Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks
Security and Privacy for Modern Wireless Communication Systems
The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks
Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication
VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act.
This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange.
As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic
Acesso remoto dinâmico e seguro a bases de dados com integração de políticas de acesso suave
The amount of data being created and shared has grown greatly in recent
years, thanks in part to social media and the growth of smart devices.
Managing the storage and processing of this data can give a competitive edge
when used to create new services, to enhance targeted advertising, etc. To
achieve this, the data must be accessed and processed. When applications
that access this data are developed, tools such as Java Database Connectivity,
ADO.NET and Hibernate are typically used. However, while these tools aim to
bridge the gap between databases and the object-oriented programming
paradigm, they focus only on the connectivity issue. This leads to increased
development time as developers need to master the access policies to write
correct queries. Moreover, when used in database applications within noncontrolled
environments, other issues emerge such as database credentials
theft; application authentication; authorization and auditing of large groups of
new users seeking access to data, potentially with vague requirements;
network eavesdropping for data and credential disclosure; impersonating
database servers for data modification; application tampering for unrestricted
database access and data disclosure; etc.
Therefore, an architecture capable of addressing these issues is necessary to
build a reliable set of access control solutions to expand and simplify the
application scenarios of access control systems. The objective, then, is to
secure the remote access to databases, since database applications may be
used in hard-to-control environments and physical access to the host
machines/network may not be always protected. Furthermore, the authorization
process should dynamically grant the appropriate permissions to users that
have not been explicitly authorized to handle large groups seeking access to
data. This includes scenarios where the definition of the access requirements is
difficult due to their vagueness, usually requiring a security expert to authorize
each user individually. This is achieved by integrating and auditing soft access
policies based on fuzzy set theory in the access control decision-making
process. A proof-of-concept of this architecture is provided alongside a
functional and performance assessment.A quantidade de dados criados e partilhados tem crescido nos últimos anos,
em parte graças às redes sociais e à proliferação dos dispositivos inteligentes.
A gestão do armazenamento e processamento destes dados pode fornecer
uma vantagem competitiva quando usados para criar novos serviços, para
melhorar a publicidade direcionada, etc. Para atingir este objetivo, os dados
devem ser acedidos e processados. Quando as aplicações que acedem a
estes dados são desenvolvidos, ferramentas como Java Database
Connectivity, ADO.NET e Hibernate são normalmente utilizados. No entanto,
embora estas ferramentas tenham como objetivo preencher a lacuna entre as
bases de dados e o paradigma da programação orientada por objetos, elas
concentram-se apenas na questão da conectividade. Isto aumenta o tempo de
desenvolvimento, pois os programadores precisam dominar as políticas de
acesso para escrever consultas corretas. Além disso, quando usado em
aplicações de bases de dados em ambientes não controlados, surgem outros
problemas, como roubo de credenciais da base de dados; autenticação de
aplicações; autorização e auditoria de grandes grupos de novos utilizadores
que procuram acesso aos dados, potencialmente com requisitos vagos; escuta
da rede para obtenção de dados e credenciais; personificação de servidores
de bases de dados para modificação de dados; manipulação de aplicações
para acesso ilimitado à base de dados e divulgação de dados; etc.
Uma arquitetura capaz de resolver esses problemas é necessária para
construir um conjunto confiável de soluções de controlo de acesso, para
expandir e simplificar os cenários de aplicação destes sistemas. O objetivo,
então, é proteger o acesso remoto a bases de dados, uma vez que as
aplicações de bases de dados podem ser usados em ambientes de difícil
controlo e o acesso físico às máquinas/rede nem sempre está protegido.
Adicionalmente, o processo de autorização deve conceder dinamicamente as
permissões adequadas aos utilizadores que não foram explicitamente
autorizados para suportar grupos grandes de utilizadores que procuram aceder
aos dados. Isto inclui cenários em que a definição dos requisitos de acesso é
difícil devido à sua imprecisão, geralmente exigindo um especialista em
segurança para autorizar cada utilizador individualmente. Este objetivo é
atingido no processo de decisão de controlo de acesso com a integração e
auditaria das políticas de acesso suaves baseadas na teoria de conjuntos
difusos. Uma prova de conceito desta arquitetura é fornecida em conjunto com
uma avaliação funcional e de desempenho.Programa Doutoral em Informátic