634 research outputs found
Quantitative Analysis of DoS Attacks and Client Puzzles in IoT Systems
Denial of Service (DoS) attacks constitute a major security threat to today's
Internet. This challenge is especially pertinent to the Internet of Things
(IoT) as devices have less computing power, memory and security mechanisms to
mitigate DoS attacks. This paper presents a model that mimics the unique
characteristics of a network of IoT devices, including components of the system
implementing `Crypto Puzzles' - a DoS mitigation technique. We created an
imitation of a DoS attack on the system, and conducted a quantitative analysis
to simulate the impact such an attack may potentially exert upon the system,
assessing the trade off between security and throughput in the IoT system. We
model this through stochastic model checking in PRISM and provide evidence that
supports this as a valuable method to compare the efficiency of different
implementations of IoT systems, exemplified by a case study
Quantitative Analysis for Authentication of Low-cost RFID Tags
Formal analysis techniques are widely used today in order to verify and
analyze communication protocols. In this work, we launch a quantitative
verification analysis for the low- cost Radio Frequency Identification (RFID)
protocol proposed by Song and Mitchell. The analysis exploits a Discrete-Time
Markov Chain (DTMC) using the well-known PRISM model checker. We have managed
to represent up to 100 RFID tags communicating with a reader and quantify each
RFID session according to the protocol's computation and transmission cost
requirements. As a consequence, not only does the proposed analysis provide
quantitative verification results, but also it constitutes a methodology for
RFID designers who want to validate their products under specific cost
requirements.Comment: To appear in the 36th IEEE Conference on Local Computer Networks (LCN
2011
Unified architecture of mobile ad hoc network security (MANS) system
In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security
Recommended from our members
Evaluating the resilience and security of boundaryless, evolving socio-technical Systems of Systems
- …