44,242 research outputs found
A Middleware for the Internet of Things
The Internet of Things (IoT) connects everyday objects including a vast array
of sensors, actuators, and smart devices, referred to as things to the
Internet, in an intelligent and pervasive fashion. This connectivity gives rise
to the possibility of using the tracking capabilities of things to impinge on
the location privacy of users. Most of the existing management and location
privacy protection solutions do not consider the low-cost and low-power
requirements of things, or, they do not account for the heterogeneity,
scalability, or autonomy of communications supported in the IoT. Moreover,
these traditional solutions do not consider the case where a user wishes to
control the granularity of the disclosed information based on the context of
their use (e.g. based on the time or the current location of the user). To fill
this gap, a middleware, referred to as the Internet of Things Management
Platform (IoT-MP) is proposed in this paper.Comment: 20 pages, International Journal of Computer Networks & Communications
(IJCNC) Vol.8, No.2, March 201
FAIR: Forwarding Accountability for Internet Reputability
This paper presents FAIR, a forwarding accountability mechanism that
incentivizes ISPs to apply stricter security policies to their customers. The
Autonomous System (AS) of the receiver specifies a traffic profile that the
sender AS must adhere to. Transit ASes on the path mark packets. In case of
traffic profile violations, the marked packets are used as a proof of
misbehavior.
FAIR introduces low bandwidth overhead and requires no per-packet and no
per-flow state for forwarding. We describe integration with IP and demonstrate
a software switch running on commodity hardware that can switch packets at a
line rate of 120 Gbps, and can forward 140M minimum-sized packets per second,
limited by the hardware I/O subsystem.
Moreover, this paper proposes a "suspicious bit" for packet headers - an
application that builds on top of FAIR's proofs of misbehavior and flags
packets to warn other entities in the network.Comment: 16 pages, 12 figure
Data Confidentiality in Mobile Ad hoc Networks
Mobile ad hoc networks (MANETs) are self-configuring infrastructure-less
networks comprised of mobile nodes that communicate over wireless links without
any central control on a peer-to-peer basis. These individual nodes act as
routers to forward both their own data and also their neighbours' data by
sending and receiving packets to and from other nodes in the network. The
relatively easy configuration and the quick deployment make ad hoc networks
suitable the emergency situations (such as human or natural disasters) and for
military units in enemy territory. Securing data dissemination between these
nodes in such networks, however, is a very challenging task. Exposing such
information to anyone else other than the intended nodes could cause a privacy
and confidentiality breach, particularly in military scenarios. In this paper
we present a novel framework to enhance the privacy and data confidentiality in
mobile ad hoc networks by attaching the originator policies to the messages as
they are sent between nodes. We evaluate our framework using the Network
Simulator (NS-2) to check whether the privacy and confidentiality of the
originator are met. For this we implemented the Policy Enforcement Points
(PEPs), as NS-2 agents that manage and enforce the policies attached to packets
at every node in the MANET.Comment: 12 page
Flexible Session Management in a Distributed Environment
Many secure communication libraries used by distributed systems, such as SSL,
TLS, and Kerberos, fail to make a clear distinction between the authentication,
session, and communication layers. In this paper we introduce CEDAR, the secure
communication library used by the Condor High Throughput Computing software,
and present the advantages to a distributed computing system resulting from
CEDAR's separation of these layers. Regardless of the authentication method
used, CEDAR establishes a secure session key, which has the flexibility to be
used for multiple capabilities. We demonstrate how a layered approach to
security sessions can avoid round-trips and latency inherent in network
authentication. The creation of a distinct session management layer allows for
optimizations to improve scalability by way of delegating sessions to other
components in the system. This session delegation creates a chain of trust that
reduces the overhead of establishing secure connections and enables centralized
enforcement of system-wide security policies. Additionally, secure channels
based upon UDP datagrams are often overlooked by existing libraries; we show
how CEDAR's structure accommodates this as well. As an example of the utility
of this work, we show how the use of delegated security sessions and other
techniques inherent in CEDAR's architecture enables US CMS to meet their
scalability requirements in deploying Condor over large-scale, wide-area grid
systems
Hidden and Uncontrolled - On the Emergence of Network Steganographic Threats
Network steganography is the art of hiding secret information within innocent
network transmissions. Recent findings indicate that novel malware is
increasingly using network steganography. Similarly, other malicious activities
can profit from network steganography, such as data leakage or the exchange of
pedophile data. This paper provides an introduction to network steganography
and highlights its potential application for harmful purposes. We discuss the
issues related to countering network steganography in practice and provide an
outlook on further research directions and problems.Comment: 11 page
- …