Towards Bayesian-Based Trust Management for Insider Attacks in Healthcare Software-Defined Networks

© 2004-2012 IEEE. The medical industry is increasingly digitalized and Internet-connected (e.g., Internet of Medical Things), and when deployed in an Internet of Medical Things environment, software-defined networks (SDNs) allow the decoupling of network control from the data plane. There is no debate among security experts that the security of Internet-enabled medical devices is crucial, and an ongoing threat vector is insider attacks. In this paper, we focus on the identification of insider attacks in healthcare SDNs. Specifically, we survey stakeholders from 12 healthcare organizations (i.e., two hospitals and two clinics in Hong Kong, two hospitals and two clinics in Singapore, and two hospitals and two clinics in China). Based on the survey findings, we develop a trust-based approach based on Bayesian inference to figure out malicious devices in a healthcare environment. Experimental results in either a simulated and a real-world network environment demonstrate the feasibility and effectiveness of our proposed approach regarding the detection of malicious healthcare devices, i.e., our approach could decrease the trust values of malicious devices faster than similar approaches

Investigating the influence of special on-off attacks on challenge-based collaborative intrusion detection networks

Intrusions are becoming more complicated with the recent development of adversarial techniques. To boost the detection accuracy of a separate intrusion detector, the collaborative intrusion detection network (CIDN) has thus been developed by allowing intrusion detection system (IDS) nodes to exchange data with each other. Insider attacks are a great threat for such types of collaborative networks, where an attacker has the authorized access within the network. In literature, a challenge-based trust mechanism is effective at identifying malicious nodes by sending challenges. However, such mechanisms are heavily dependent on two assumptions, which would cause CIDNs to be vulnerable to advanced insider attacks in practice. In this work, we investigate the influence of advanced on–off attacks on challenge-based CIDNs, which can respond truthfully to one IDS node but behave maliciously to another IDS node. To evaluate the attack performance, we have conducted two experiments under a simulated and a real CIDN environment. The obtained results demonstrate that our designed attack is able to compromise the robustness of challenge-based CIDNs in practice; that is, some malicious nodes can behave untruthfully without a timely detection

Trust-based Selfish Node Detection Mechanism using Beta Distribution in Wireless Sensor Network

Wireless sensor networks (WSNs) are placed in open environments for the collection of data and are vulnerable to external and internal attacks. The cryptographic mechanisms implemented so far, such as authorization and authentication, are used to restrict external sensor node attacks but cannot prevent internal node attacks. In order to evade internal attacks trust mechanisms are used. In trust mechanisms, firstly, the sensor nodes are monitored using the popular Watchdog mechanism. However, traditional trust models do not pay much attention to selective forwarding and consecutive packet dropping. Sometimes, sensitive data are dropped by internal attackers. This problem is addressed in our proposed model by detecting selective forwarding and consecutive failure of sending packets using the Beta probability density function model

DaaS: Dew Computing as a Service for Intelligent Intrusion Detection in Edge-of-Things Ecosystem

Edge of Things (EoT) enables the seamless transfer of services, storage, and data processing from the cloud layer to edge devices in a large-scale distributed Internet of Things (IoT) ecosystems (e.g., Industrial systems). This transition raises the privacy and security concerns in the EoT paradigm distributed at different layers. Intrusion detection systems (IDSs) are implemented in EoT ecosystems to protect the underlying resources from attackers. However, the current IDSs are not intelligent enough to control the false alarms, which significantly lower the reliability and add to the analysis burden on the IDSs. In this article, we present a Dew Computing as a Service (DaaS) for intelligent intrusion detection in EoT ecosystems. In DaaS, a deep learning-based classifier is used to design an intelligent alarm filtration mechanism. In this mechanism, the filtration accuracy is improved (or sustained) by using deep belief networks. In the past, the cloud-based techniques have been applied for offloading the EoT tasks, which increases the middle layer burden and raises the communication delay. Here, we introduce the dew computing features that are used to design the smart false alarm reduction system. DaaS, when experimented in a simulated environment, reflects lower response time to process the data in the EoT ecosystem. The revamped DBN model achieved the classification accuracy up to 95%. Moreover, it depicts a 60% improvement in the latency and 35% workload reduction of the cloud servers as compared to edge IDS

Medical Cyber-Physical Systems Development: A Forensics-Driven Approach

The synthesis of technology and the medical industry has partly contributed to the increasing interest in Medical Cyber-Physical Systems (MCPS). While these systems provide benefits to patients and professionals, they also introduce new attack vectors for malicious actors (e.g. financially-and/or criminally-motivated actors). A successful breach involving a MCPS can impact patient data and system availability. The complexity and operating requirements of a MCPS complicates digital investigations. Coupling this information with the potentially vast amounts of information that a MCPS produces and/or has access to is generating discussions on, not only, how to compromise these systems but, more importantly, how to investigate these systems. The paper proposes the integration of forensics principles and concepts into the design and development of a MCPS to strengthen an organization's investigative posture. The framework sets the foundation for future research in the refinement of specific solutions for MCPS investigations.Comment: This is the pre-print version of a paper presented at the 2nd International Workshop on Security, Privacy, and Trustworthiness in Medical Cyber-Physical Systems (MedSPT 2017

A Survey on Blockchain-Based IoMT Systems: Towards Scalability

peer reviewedRecently, blockchain-based Internet of Medical Things (IoMT) has started to receive more attention in the healthcare domain as it not only improves the care quality using real-time and continuous monitoring but also minimizes the cost of care. However, there is a clear trend to include many entities in IoMT systems, such as IoMT sensor nodes, IoT wearable medical devices, patients, healthcare centers, and insurance companies. This makes it challenging to design a blockchain framework for these systems where scalability is a most critical factor in blockchain technology. Motivated by this observation, in this survey we review the state-of-the-art in blockchain-IoMT systems. Comparison and analysis of such systems prove that there is a substantial gap, which is the negligence of scalability. In this survey, we discuss several approaches proposed in the literature to improve the scalability of blockchain technology, and thus overcoming the above mentioned research gap. These approaches include on-chain and off-chain techniques, based on which we give recommendations and directions to facilitate designing a scalable blockchain-based IoMT system. We also recommended that a designer considers the well-known trilemma along with the various dimensions of a scalable blockchain system to prevent sacrificing security and decentralization as well. Moreover, we raise several research questions regarding benchmarking; addressing these questions could help designers determining the existing bottlenecks, leading to a scalable blockchain

Proof of Travel for Trust-Based Data Validation in V2I Communication Part I: Methodology

Previous work on misbehavior detection and trust management for Vehicle-to-Everything (V2X) communication can identify falsified and malicious messages, enabling witness vehicles to report observations about high-criticality traffic events. However, there may not exist enough "benign" vehicles with V2X connectivity or vehicle owners who are willing to opt-in in the early stages of connected-vehicle deployment. In this paper, we propose a security protocol for the communication between vehicles and infrastructure, titled Proof-of-Travel (POT), to answer the research question: How can we transform the power of cryptography techniques embedded within the protocol into social and economic mechanisms to simultaneously incentivize Vehicle-to-Infrastructure (V2I) data sharing activities and validate the data? The key idea is to determine the reputation of and the contribution made by a vehicle based on its distance traveled and the information it shared through V2I channels. In particular, the total vehicle miles traveled for a vehicle must be testified by digital signatures signed by each infrastructure component along the path of its movement. While building a chain of proofs of spatial movement creates burdens for malicious vehicles, acquiring proofs does not result in extra cost for normal vehicles, which naturally want to move from the origin to the destination. The proof of travel for a vehicle can then be used to determine the contribution and reward by its altruistic behaviors. We propose short-term and long-term incentive designs based on the POT protocol and evaluate their security and performance through theoretical analysis and simulations