620 research outputs found
Study of Security Issues in Pervasive Environment of Next Generation Internet of Things
Internet of Things is a novel concept that semantically implies a world-wide
network of uniquely addressable interconnected smart objects. It is aimed at
establishing any paradigm in computing. This environment is one where the
boundary between virtual and physical world is eliminated. As the network gets
loaded with hitherto unknown applications, security threats also become
rampant. Current security solutions fail as new threats appear to de-struct the
reliability of information. The network has to be transformed to IPv6 enabled
network to address huge number of smart objects. Thus new addressing schemes
come up with new attacks. Real time analysis of information from the
heterogeneous smart objects needs use of cloud services. This can fall prey to
cloud specific security threats. Therefore need arises for a review of security
threats for a new area having huge demand. Here a study of security issues in
this domain is briefly presented.Comment: 12 pages, CISIM 201
Host mobility management with identifier-locator split protocols in hierarchical and flat networks
Includes abstractIncludes bibliographical references.As the Internet increasingly becomes more mobile focused and overloaded with mobile hosts, mobile users are bound to roam freely and attach to a variety of networks. These different networks converge over an IP-based core to enable ubiquitous network access, anytime and anywhere, to support the provision of services, that is, any service, to mobile users. Therefore, in this thesis, the researcher proposed network-based mobility solutions at different layers to securely support seamless handovers between heterogeneous networks in hierarchical and flat network architectures
Security architecture for Fog-To-Cloud continuum system
Nowadays, by increasing the number of connected devices to Internet rapidly, cloud computing cannot handle the real-time processing. Therefore, fog computing was emerged for providing data processing, filtering, aggregating, storing, network, and computing closer to the users. Fog computing provides real-time processing with lower latency than cloud. However, fog computing did not come to compete with cloud, it comes to complete the cloud. Therefore, a hierarchical Fog-to-Cloud (F2C) continuum system was introduced. The F2C system brings the collaboration between distributed fogs and centralized cloud. In F2C systems, one of the main challenges is security. Traditional cloud as security provider is not suitable for the F2C system due to be a single-point-of-failure; and even the increasing number of devices at the edge of the network brings scalability issues. Furthermore, traditional cloud security cannot be applied to the fog devices due to their lower computational power than cloud. On the other hand, considering fog nodes as security providers for the edge of the network brings Quality of Service (QoS) issues due to huge fog device’s computational power consumption by security algorithms. There are some security solutions for fog computing but they are not considering the hierarchical fog to cloud characteristics that can cause a no-secure collaboration between fog and cloud. In this thesis, the security considerations, attacks, challenges, requirements, and existing solutions are deeply analyzed and reviewed. And finally, a decoupled security architecture is proposed to provide the demanded security in hierarchical and distributed fashion with less impact on the QoS.Hoy en día, al aumentar rápidamente el número de dispositivos conectados a Internet, el cloud computing no puede gestionar el procesamiento en tiempo real. Por lo tanto, la informática de niebla surgió para proporcionar procesamiento de datos, filtrado, agregación, almacenamiento, red y computación más cercana a los usuarios. La computación nebulizada proporciona procesamiento en tiempo real con menor latencia que la nube. Sin embargo, la informática de niebla no llegó a competir con la nube, sino que viene a completar la nube. Por lo tanto, se introdujo un sistema continuo jerárquico de niebla a nube (F2C). El sistema F2C aporta la colaboración entre las nieblas distribuidas y la nube centralizada. En los sistemas F2C, uno de los principales retos es la seguridad. La nube tradicional como proveedor de seguridad no es adecuada para el sistema F2C debido a que se trata de un único punto de fallo; e incluso el creciente número de dispositivos en el borde de la red trae consigo problemas de escalabilidad. Además, la seguridad tradicional de la nube no se puede aplicar a los dispositivos de niebla debido a su menor poder computacional que la nube. Por otro lado, considerar los nodos de niebla como proveedores de seguridad para el borde de la red trae problemas de Calidad de Servicio (QoS) debido al enorme consumo de energía computacional del dispositivo de niebla por parte de los algoritmos de seguridad. Existen algunas soluciones de seguridad para la informática de niebla, pero no están considerando las características de niebla a nube jerárquica que pueden causar una colaboración insegura entre niebla y nube. En esta tesis, las consideraciones de seguridad, los ataques, los desafíos, los requisitos y las soluciones existentes se analizan y revisan en profundidad. Y finalmente, se propone una arquitectura de seguridad desacoplada para proporcionar la seguridad exigida de forma jerárquica y distribuida con menor impacto en la QoS.Postprint (published version
Prospectiva de seguridad de las redes de sensores inalámbricos
En las Redes de Sensores Inalámbricos (WSN), los nodos son vulnerables a los ataques de seguridad porque están instalados en un entorno difícil, con energía y memoria limitadas, baja capacidad de procesamiento y transmisión de difusión media; por lo tanto, identificar las amenazas, los retos y las soluciones de seguridad y privacidad es un tema candente hoy en día. En este artículo se analizan los trabajos de investigación que se han realizado sobre los mecanismos de seguridad para la protección de las WSN frente a amenazas y ataques, así como las tendencias que surgen en otros países junto con futuras líneas de investigación. Desde el punto de vista metodológico, este análisis se muestra a través de la visualización y estudio de trabajos indexados en bases de datos como IEEE, ACM, Scopus y Springer, con un rango de 7 años como ventana de observación, desde 2013 hasta 2019. Se obtuvieron un total de 4.728 publicaciones, con un alto índice de colaboración entre China e India. La investigación planteó desarrollos, como avances en los principios de seguridad y mecanismos de defensa, que han llevado al diseño de contramedidas en la detección de intrusiones. Por último, los resultados muestran el interés de la comunidad científica y empresarial por el uso de la inteligencia artificial y el aprendizaje automático (ML) para optimizar las medidas de rendimiento.In Wireless Sensor Networks (WSN), nodes are vulnerable to security attacks because they are installed in a harsh environment with limited power and memory, low processing power, and medium broadcast transmission. Therefore, identifying threats, challenges, and solutions of security and privacy is a talking topic today. This article analyzes the research work that has been carried out on the security mechanisms for the protection of WSN against threats and attacks, as well as the trends that emerge in other countries combined with future research lines. From the methodological point of view, this analysis is shown through the visualization and study of works indexed in databases such as IEEE, ACM, Scopus, and Springer, with a range of 7 years as an observation window, from 2013 to 2019. A total of 4,728 publications were obtained, with a high rate of collaboration between China and India. The research raised developments, such as advances in security principles and defense mechanisms, which have led to the design of countermeasures in intrusion detection. Finally, the results show the interest of the scientific and business community in the use of artificial intelligence and machine learning (ML) to optimize performance measurements
An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network
Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy.
Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against
redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS).
This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device
Securing IP Mobility Management for Vehicular Ad Hoc Networks
The proliferation of Intelligent Transportation Systems (ITSs) applications, such as
Internet access and Infotainment, highlights the requirements for improving the underlying
mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility
management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e.,
vehicles, with seamless communications, in which service continuity is guaranteed while
vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless
technologies.
Due to its standardization and widely deployment, IP mobility (also called Mobile IP
(MIP)) is the most popular mobility management protocol used for mobile networks including
VANETs. In addition, because of the diversity of possible applications, the Internet
Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and
NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However,
many challenges have been posed for integrating IP mobility with VANETs, including the
vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security
perspective, we observe three main challenges: 1) each vehicle's anonymity and location
privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer
location privacy.
In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home
Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can
be revealed by other network entities and attackers. The mobile node's HoA and CoA
represent its identity and its current location, respectively, therefore revealing an MN's HoA
means breaking its anonymity while revealing an MN's CoA means breaking its location
privacy. On one hand, some existing anonymity and location privacy schemes require
intensive computations, which means they cannot be used in such time-restricted seamless
communications. On the other hand, some schemes only achieve seamless communication
through low anonymity and location privacy levels. Therefore, the trade-off between the
network performance, on one side, and the MN's anonymity and location privacy, on the
other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6
to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a
relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore,
a mutual authentication between the MN and RN is required to thwart authentication
attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure,
which is used in public hotspots installed inside moving vehicles, protecting physical-layer
location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily
localize users by employing signals transmitted from these users.
In this dissertation, we address those security challenges by proposing three security
schemes to be employed for different mobility management scenarios in VANETs, namely,
the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols.
First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose
an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary
sub-schemes: anonymous home binding update (AHBU) and anonymous return
routability (ARR). In addition, anonymous mutual authentication and key establishment
schemes have been proposed, to authenticate a mobile node to its foreign gateway and
create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff
between the networking performance and the achieved privacy level. Combining onion
routing and the anonymizer in the ALPP scheme increases the achieved location privacy
level, in which no entity in the network except the mobile node itself can identify this
node's location. Using the entropy model, we show that ALPP achieves a higher degree of
anonymity than that achieved by the mix-based scheme. Compared to existing schemes,
the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both
internal and external adversaries. Simulation results demonstrate that our sub-schemes
have low control-packets routing delays, and are suitable for seamless communications.
Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose
EM3A, a novel mutual authentication scheme that guarantees the authenticity of both
MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion,
impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction
with a proposed scheme for key establishment based on symmetric polynomials, to generate
a shared secret key between an MN and an RN. This scheme achieves lower revocation
overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP
domain with n points of attachment and a symmetric polynomial of degree t, our scheme
achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication
schemes achieve only t-secrecy. Computation and communication overhead analysis as well
as simulation results show that EM3A achieves low authentication delay and is suitable
for seamless multi-hop IP communications. Furthermore, we present a case study of a
multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A
represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming
vehicle and its relay vehicle. Compared to other authentication schemes, we show that our
MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication
delay and communication overhead, respectively.
Finally, we consider the physical-layer location privacy attacks in the NEMO-based
VANETs scenario, such as would be presented by a public hotspot installed inside a moving
vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and
propose a new physical-layer location privacy scheme, the fake point-cluster based scheme,
to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving
the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse
the attackers by increasing the estimation errors of their Received Signal Strength (RSSs)
measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted
signals. We show that our scheme not only achieves higher location privacy, but
also increases the overall network performance. Employing correctness, accuracy, and certainty
as three different metrics, we analytically measure the location privacy achieved by
our proposed scheme. In addition, using extensive simulations, we demonstrate that the
fake point-cluster based scheme can be practically implemented in high-speed VANETs'
scenarios
HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing
制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584
- …