On the Design of a Secure Proxy Signature-based Handover Authentication Scheme for LTEWireless Networks

Designing a secure and efficient handover authentication scheme has always been a concern of cellular networks especially in 4G Long Term Evolution (LTE) wireless networks. What makes their handover so complex, is the presence of different types of base stations namely eNodeB (eNB) and Home eNodeB (HeNB). In addition, they cannot directly communicate with each other. Recently, an efficient proxy signature-based handover authentication scheme has been suggested by Qui et al. Despite its better performance and security advantages than previous schemes, it suffers serious vulnerabilities, namely being prone to DoS attack , eNB impersonation attack and lack of perfect forward secrecy. In this paper, we propose an improved handover authentication scheme in LTE wireless networks that resists against such attacks. Further, we validate the security of the proposed scheme using Real-Or- Random (ROR) model and ProVerif analysis tool. The results confirm our security claims of the proposed scheme. In addition, the performance analysis shows that compared to other schemes, our proposed scheme is more efficient

Bringing Order to Chaos: The Case of Collision-Resistant Chameleon-Hashes

Chameleon-hash functions, introduced by Krawczyk and Rabin at NDSS 2000, are trapdoor collision-resistant hash-functions parametrized by a public key. If the corresponding secret key is known, arbitrary collisions for the hash function can be efficiently found. Chameleon-hash functions have prominent applications in the design of cryptographic primitives, such as lifting non-adaptively secure signatures to adaptively secure ones. Recently, this primitive also received a lot of attention as a building block in more complex cryptographic applications ranging from editable blockchains to advanced signature and encryption schemes. We observe that in latter applications various different notions of collision-resistance are used, and it is not always clear if the respective notion does really cover what seems intuitively required by the application. Therefore, we revisit existing collision-resistance notions in the literature, study their relations, and - using the example of the recent redactable blockchain proposals - discuss which practical impact different notions of collision-resistance might have. Moreover, we provide a stronger, and arguably more desirable, notion of collision-resistance than what is known from the literature. Finally, we present a surprisingly simple and efficient black-box construction of chameleon-hash functions achieving this strong notion

Um esquema de autenticação resistente a taques de repetição de identidades em redes heterogêneas

Orientador : Aldri Luiz dos SantosCoorientador : Michele Nogueira LimaDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa: Curitiba, 25/08/2016Inclui referências : f. 47-50Resumo: O desenvolvimento das redes heterogêneas sem fio (RHSFs) apresentou uma maior abrangência de comunicação suportando a demanda dos usuários de dispositivos móveis. Isso ocorre devido à possibilidade de interoperabilidade dos dispositivos com as redes locais sem fio e redes metropolitanas. Essa interoperabilidade consiste de vários serviços de rede e permite a manutenção de conectividade durante a mobilidade do usuário. Um desses serviços consiste da autenticação do usuário que fornece o controle de acesso às redes pelo usuário. A autenticação nas RHSFs precisa lidar com a limitação de recursos dos dispositivos móveis, a transparência dos serviços dos usuários na transição de redes, e as vulnerabilidades do meio sem fio. Assim, durante o procedimento de autenticação, vários tipos de ataques podem acontecer a fim de prejudicar a confidencialidade dos usuários que portam os dispositivos móveis. Dentre os principais ataques neste serviço, destaca-se o ataque de repetição de identidade, que busca obter o acesso não autorizado aos recursos da rede. As abordagens existentes para proteger o serviço de autenticação dos ataques de repetição de identidades não levam em conta as características heterogêneas dos dispositivos, logo, elas são custosas e inseguras contra esse ataque considerando as vulnerabilidades presentes nas RHSFs. Esta dissertação propõe um esquema de autenticação chamado de ARARAS (Autenticação Resistente a Ataques de Repetição de IdentidAdes em RedeS Heterogêneas), que tem como objetivo de anular os ataques de repetição de identidade no processo de autenticação. Esse esquema utiliza uma autenticação unificada entre as redes heterogêneas sem fio e faz uso de um mecanismo de proteção contra o ataque de repetição de identidades. Uma avaliação do esquema, a partir de simulações, analisou o desempenho e a segurança diante do ataque de repetição de identidades, comparando-o com o esquema de autenticação UHA (Unified Handover Authentication). Os resultados mostraram que o ARARAS detectou o ataque de repetição de identidades de forma mais eficaz e eficiente independente do tipo de tecnologia da rede e quantidade de usuários maliciosos. Palavras-chave: redes heterogêneas, interoperabilidade, autenticação, ataque de repetição de identidade.Abstract: The development of heterogeneous wireless networks (RHSFs) has offered a broader range of communication supporting the demand of mobile users. This is due to the possibility of interoperability of the devices with wireless local area networks and metropolitan networks. That interoperability consists of multiple network services and also allows the maintenance of connectivity during the mobility of the user. One of those services consists of the user authentication, which enables user access control to networks. Hoever, authentication in RHSFs needs to deal with the limitation of mobile device resources, the transparency of user services in network transition, and also wireless vulnerabilities. In this way, over the authentication procedure, various types of attacks may occur in order to impair the confidentiality of users who carry mobile devices. Among the main attacks on this service, we highlight the attack of repetition of identity, which seeks to obtain unauthorized access to network resources. On other the hand, the current approaches to protect the authentication service from identity replay attacks do not take into account the heterogeneous features of the devices, so they become costly and insecure against this sort of attack considering the vulnerabilities present in RHSFs. This dissertation proposes an authentication scheme called ARARAS (Autenticação Resistente a Ataques de Repetição de IdentidAdes em RedeS Heterogêneas), which aims avoiding attacks of identity replay under the authentication process. Thus, the scheme uses unified authentication between heterogeneous wireless networks, as well as makes use of a mechanism to defense it against identity replay. An evaluation of ARARAS by simulations analyzed its performance and security in face of identity replay attacks, also compared it to the Unified Handover Authentication (UHA) authentication scheme. The results pointed out that ARARAS is more effective to detect detected identity replay attacks regardless of the type of network technology and the number of malicious users. Keywords: heterogeneous networks, interoperability, authentication, identity replay attack

Protocols and Architecture for Privacy-preserving Authentication and Secure Message Dissemination in Vehicular Ad Hoc Networks

The rapid development in the automotive industry and wireless communication technologies have enhanced the popularity of Vehicular ad hoc networks (VANETs). Today, the automobile industry is developing sophisticated sensors that can provide a wide range of assistive features, including accident avoidance, automatic lane tracking, semi-autonomous driving, suggested lane changes, and more. VANETs can provide drivers a safer and more comfortable driving experience, as well as many other useful services by leveraging such technological advancements. Even though this networking technology enables smart and autonomous driving, it also introduces a plethora of attack vectors. However, the main issues to be sorted out and addressed for the widespread deployment/adoption of VANETs are privacy, authenticating users, and the distribution of secure messages. These issues have been addressed in this dissertation, and the contributions of this dissertation are summarized as follows: Secure and privacy-preserving authentication and message dissemination in VANETs: Attackers can compromise the messages disseminated within VANETs by tampering with the message content or sending malicious messages. Therefore, it is crucial to ensure the legitimacy of the vehicles participating in the VANETs as well as the integrity and authenticity of the messages transmitted in VANETs. In VANET communication, the vehicle uses pseudonyms instead of its real identity to protect its privacy. However, the real identity of a vehicle must be revealed when it is determined to be malicious. This dissertation presents a distributed and scalable privacy-preserving authentication and message dissemination scheme in VANET. Low overhead privacy-preserving authentication scheme in VANETs: The traditional pseudonym-based authentication scheme uses Certificate Revocation Lists (CRLs) to store the certificates of revoked and malicious entities in VANETs. However, the size of CRL increases significantly with the increased number of revoked entities. Therefore, the overhead involved in maintaining the revoked certificates is overwhelming in CRL-based solutions. This dissertation presents a lightweight privacy-preserving authentication scheme that reduces the overhead associated with maintaining CRLs in VANETs. Our scheme also provides an efficient look-up operation for CRLs. Efficient management of pseudonyms for privacy-preserving authentication in VANETs: In VANETs, vehicles change pseudonyms frequently to avoid the traceability of attackers. However, if only one vehicle out of 100 vehicles changes its pseudonym, an intruder can easily breach the privacy of the vehicle by linking the old and new pseudonym. This dissertation presents an efficient method for managing pseudonyms of vehicles. In our scheme, vehicles within the same region simultaneously change their pseudonyms to reduce the chance of linking two pseudonyms to the same vehicle

Blockchain-enabled cybersecurity provision for scalable heterogeneous network: A comprehensive survey

Blockchain-enabled cybersecurity system to ensure and strengthen decentralized digital transaction is gradually gaining popularity in the digital era for various areas like finance, transportation, healthcare, education, and supply chain management. Blockchain interactions in the heterogeneous network have fascinated more attention due to the authentication of their digital application exchanges. However, the exponential development of storage space capabilities across the blockchain-based heterogeneous network has become an important issue in preventing blockchain distribution and the extension of blockchain nodes. There is the biggest challenge of data integrity and scalability, including significant computing complexity and inapplicable latency on regional network diversity, operating system diversity, bandwidth diversity, node diversity, etc., for decision-making of data transactions across blockchain-based heterogeneous networks. Data security and privacy have also become the main concerns across the heterogeneous network to build smart IoT ecosystems. To address these issues, today’s researchers have explored the potential solutions of the capability of heterogeneous network devices to perform data transactions where the system stimulates their integration reliably and securely with blockchain. The key goal of this paper is to conduct a state-of-the-art and comprehensive survey on cybersecurity enhancement using blockchain in the heterogeneous network. This paper proposes a full-fledged taxonomy to identify the main obstacles, research gaps, future research directions, effective solutions, and most relevant blockchain-enabled cybersecurity systems. In addition, Blockchain based heterogeneous network framework with cybersecurity is proposed in this paper to meet the goal of maintaining optimal performance data transactions among organizations. Overall, this paper provides an in-depth description based on the critical analysis to overcome the existing work gaps for future research where it presents a potential cybersecurity design with key requirements of blockchain across a heterogeneous network

An intelligent intrusion detection system for external communications in autonomous vehicles

Advancements in computing, electronics and mechanical systems have resulted in the creation of a new class of vehicles called autonomous vehicles. These vehicles function using sensory input with an on-board computation system. Self-driving vehicles use an ad hoc vehicular network called VANET. The network has ad hoc infrastructure with mobile vehicles that communicate through open wireless channels. This thesis studies the design and implementation of a novel intelligent intrusion detection system which secures the external communication of self-driving vehicles. This thesis makes the following four contributions: It proposes a hybrid intrusion detection system to protect the external communication in self-driving vehicles from potential attacks. This has been achieved using fuzzification and artificial intelligence. The second contribution is the incorporation of the Integrated Circuit Metrics (ICMetrics) for improved security and privacy. By using the ICMetrics, specific device features have been used to create a unique identity for vehicles. Our work is based on using the bias in on board sensory systems to create ICMetrics for self-driving vehicles. The incorporation of fuzzy petri net in autonomous vehicles is the third contribution of the thesis. Simulation results show that the scheme can successfully detect denial-of-service attacks. The design of a clustering based hierarchical detection system has also been presented to detect worm hole and Sybil attacks. The final contribution of this research is an integrated intrusion detection system which detects various attacks by using a central database in BusNet. The proposed schemes have been simulated using the data extracted from trace files. Simulation results have been compared and studied for high levels of detection capability and performance. Analysis shows that the proposed schemes provide high detection rate with a low rate of false alarm. The system can detect various attacks in an optimised way owing to a reduction in the number of features, fuzzification

Smart PIN: performance and cost-oriented context-aware personal information network

The next generation of networks will involve interconnection of heterogeneous individual networks such as WPAN, WLAN, WMAN and Cellular network, adopting the IP as common infrastructural protocol and providing virtually always-connected network. Furthermore, there are many devices which enable easy acquisition and storage of information as pictures, movies, emails, etc. Therefore, the information overload and divergent content’s characteristics make it difficult for users to handle their data in manual way. Consequently, there is a need for personalised automatic services which would enable data exchange across heterogeneous network and devices. To support these personalised services, user centric approaches for data delivery across the heterogeneous network are also required. In this context, this thesis proposes Smart PIN - a novel performance and cost-oriented context-aware Personal Information Network. Smart PIN's architecture is detailed including its network, service and management components. Within the service component, two novel schemes for efficient delivery of context and content data are proposed: Multimedia Data Replication Scheme (MDRS) and Quality-oriented Algorithm for Multiple-source Multimedia Delivery (QAMMD). MDRS supports efficient data accessibility among distributed devices using data replication which is based on a utility function and a minimum data set. QAMMD employs a buffer underflow avoidance scheme for streaming, which achieves high multimedia quality without content adaptation to network conditions. Simulation models for MDRS and QAMMD were built which are based on various heterogeneous network scenarios. Additionally a multiple-source streaming based on QAMMS was implemented as a prototype and tested in an emulated network environment. Comparative tests show that MDRS and QAMMD perform significantly better than other approaches

Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida

Resilience-Building Technologies: State of Knowledge -- ReSIST NoE Deliverable D12

This document is the first product of work package WP2, "Resilience-building and -scaling technologies", in the programme of jointly executed research (JER) of the ReSIST Network of Excellenc