818 research outputs found
Authentication enhancement in command and control networks: (a study in Vehicular Ad-Hoc Networks)
Intelligent transportation systems contribute to improved traffic safety by facilitating real time communication between vehicles. By using wireless channels for communication, vehicular networks are susceptible to a wide range of attacks, such as impersonation, modification, and replay. In this context, securing data exchange between intercommunicating terminals, e.g., vehicle-to-everything (V2X) communication, constitutes a technological challenge that needs to be addressed. Hence, message authentication is crucial to safeguard vehicular ad-hoc networks (VANETs) from malicious attacks. The current state-of-the-art for authentication in VANETs relies on conventional cryptographic primitives, introducing significant computation and communication overheads. In this challenging scenario, physical (PHY)-layer authentication has gained popularity, which involves leveraging the inherent characteristics of wireless channels and the hardware imperfections to discriminate between wireless devices. However, PHY-layerbased authentication cannot be an alternative to crypto-based methods as the initial legitimacy detection must be conducted using cryptographic methods to extract the communicating terminal secret features. Nevertheless, it can be a promising complementary solution for the reauthentication problem in VANETs, introducing what is known as “cross-layer authentication.” This thesis focuses on designing efficient cross-layer authentication schemes for VANETs, reducing the communication and computation overheads associated with transmitting and verifying a crypto-based signature for each transmission. The following provides an overview of the proposed methodologies employed in various contributions presented in this thesis.
1. The first cross-layer authentication scheme: A four-step process represents this approach: initial crypto-based authentication, shared key extraction, re-authentication via a PHY challenge-response algorithm, and adaptive adjustments based on channel conditions. Simulation results validate its efficacy, especially in low signal-to-noise ratio (SNR) scenarios while proving its resilience against active and passive attacks.
2. The second cross-layer authentication scheme: Leveraging the spatially and temporally correlated wireless channel features, this scheme extracts high entropy shared keys that can be used to create dynamic PHY-layer signatures for authentication. A 3-Dimensional (3D) scattering Doppler emulator is designed to investigate the scheme’s performance at different speeds of a moving vehicle and SNRs. Theoretical and hardware implementation analyses prove the scheme’s capability to support high detection probability for an acceptable false alarm value ≤ 0.1 at SNR ≥ 0 dB and speed ≤ 45 m/s.
3. The third proposal: Reconfigurable intelligent surfaces (RIS) integration for improved authentication: Focusing on enhancing PHY-layer re-authentication, this proposal explores integrating RIS technology to improve SNR directed at designated vehicles. Theoretical analysis and practical implementation of the proposed scheme are conducted using a 1-bit RIS, consisting of 64 × 64 reflective units. Experimental results show a significant improvement in the Pd, increasing from 0.82 to 0.96 at SNR = − 6 dB for multicarrier communications.
4. The fourth proposal: RIS-enhanced vehicular communication security: Tailored for challenging SNR in non-line-of-sight (NLoS) scenarios, this proposal optimises key extraction and defends against denial-of-service (DoS) attacks through selective signal strengthening. Hardware implementation studies prove its effectiveness, showcasing improved key extraction performance and resilience against potential threats.
5. The fifth cross-layer authentication scheme: Integrating PKI-based initial legitimacy detection and blockchain-based reconciliation techniques, this scheme ensures secure data exchange. Rigorous security analyses and performance evaluations using network simulators and computation metrics showcase its effectiveness, ensuring its resistance against common attacks and time efficiency in message verification.
6. The final proposal: Group key distribution: Employing smart contract-based blockchain technology alongside PKI-based authentication, this proposal distributes group session keys securely. Its lightweight symmetric key cryptography-based method maintains privacy in VANETs, validated via Ethereum’s main network (MainNet) and comprehensive computation and communication evaluations.
The analysis shows that the proposed methods yield a noteworthy reduction, approximately ranging from 70% to 99%, in both computation and communication overheads, as compared to the conventional approaches. This reduction pertains to the verification and transmission of 1000 messages in total
SUTMS - Unified Threat Management Framework for Home Networks
Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Cybersecurity applications of Blockchain technologies
With the increase in connectivity, the popularization of cloud services, and the rise
of the Internet of Things (IoT), decentralized approaches for trust management
are gaining momentum. Since blockchain technologies provide a distributed ledger,
they are receiving massive attention from the research community in different application
fields. However, this technology does not provide cybersecurity by itself.
Thus, this thesis first aims to provide a comprehensive review of techniques and
elements that have been proposed to achieve cybersecurity in blockchain-based systems.
The analysis is intended to target area researchers, cybersecurity specialists
and blockchain developers. We present a series of lessons learned as well. One of
them is the rise of Ethereum as one of the most used technologies.
Furthermore, some intrinsic characteristics of the blockchain, like permanent
availability and immutability made it interesting for other ends, namely as covert
channels and malicious purposes.
On the one hand, the use of blockchains by malwares has not been characterized
yet. Therefore, this thesis also analyzes the current state of the art in this area. One
of the lessons learned is that covert communications have received little attention.
On the other hand, although previous works have analyzed the feasibility of
covert channels in a particular blockchain technology called Bitcoin, no previous
work has explored the use of Ethereum to establish a covert channel considering all
transaction fields and smart contracts.
To foster further defence-oriented research, two novel mechanisms are presented
on this thesis. First, Zephyrus takes advantage of all Ethereum fields and smartcontract
bytecode. Second, Smart-Zephyrus is built to complement Zephyrus by
leveraging smart contracts written in Solidity. We also assess the mechanisms feasibility
and cost. Our experiments show that Zephyrus, in the best case, can embed
40 Kbits in 0.57 s. for US 1.82 per bit), the provided stealthiness might be worth the price for attackers. Furthermore,
these two mechanisms can be combined to increase capacity and reduce
costs.Debido al aumento de la conectividad, la popularización de los servicios en la nube
y el auge del Internet de las cosas (IoT), los enfoques descentralizados para la
gestión de la confianza están cobrando impulso. Dado que las tecnologías de cadena
de bloques (blockchain) proporcionan un archivo distribuido, están recibiendo
una atención masiva por parte de la comunidad investigadora en diferentes campos
de aplicación. Sin embargo, esta tecnología no proporciona ciberseguridad por sí
misma. Por lo tanto, esta tesis tiene como primer objetivo proporcionar una revisión
exhaustiva de las técnicas y elementos que se han propuesto para lograr la ciberseguridad
en los sistemas basados en blockchain. Este análisis está dirigido a investigadores
del área, especialistas en ciberseguridad y desarrolladores de blockchain. A
su vez, se presentan una serie de lecciones aprendidas, siendo una de ellas el auge
de Ethereum como una de las tecnologías más utilizadas.
Asimismo, algunas características intrínsecas de la blockchain, como la disponibilidad
permanente y la inmutabilidad, la hacen interesante para otros fines, concretamente
como canal encubierto y con fines maliciosos.
Por una parte, aún no se ha caracterizado el uso de la blockchain por parte
de malwares. Por ello, esta tesis también analiza el actual estado del arte en este
ámbito. Una de las lecciones aprendidas al analizar los datos es que las comunicaciones
encubiertas han recibido poca atención.
Por otro lado, aunque trabajos anteriores han analizado la viabilidad de los
canales encubiertos en una tecnología blockchain concreta llamada Bitcoin, ningún
trabajo anterior ha explorado el uso de Ethereum para establecer un canal encubierto
considerando todos los campos de transacción y contratos inteligentes.
Con el objetivo de fomentar una mayor investigación orientada a la defensa,
en esta tesis se presentan dos mecanismos novedosos. En primer lugar, Zephyrus
aprovecha todos los campos de Ethereum y el bytecode de los contratos inteligentes.
En segundo lugar, Smart-Zephyrus complementa Zephyrus aprovechando los contratos inteligentes escritos en Solidity. Se evalúa, también, la viabilidad y el coste
de ambos mecanismos. Los resultados muestran que Zephyrus, en el mejor de los
casos, puede ocultar 40 Kbits en 0,57 s. por 1,64 US$, y recuperarlos en 2,8 s.
Smart-Zephyrus, por su parte, es capaz de ocultar un secreto de 4 Kb en 41 s. Si
bien es cierto que es caro (alrededor de 1,82 dólares por bit), el sigilo proporcionado
podría valer la pena para los atacantes. Además, estos dos mecanismos pueden
combinarse para aumentar la capacidad y reducir los costesPrograma de Doctorado en Ciencia y Tecnología Informática por la Universidad Carlos III de MadridPresidente: José Manuel Estévez Tapiador.- Secretario: Jorge Blasco Alís.- Vocal: Luis Hernández Encina
Towards trustworthy computing on untrustworthy hardware
Historically, hardware was thought to be inherently secure and trusted due to its
obscurity and the isolated nature of its design and manufacturing. In the last two
decades, however, hardware trust and security have emerged as pressing issues.
Modern day hardware is surrounded by threats manifested mainly in undesired
modifications by untrusted parties in its supply chain, unauthorized and pirated
selling, injected faults, and system and microarchitectural level attacks. These threats,
if realized, are expected to push hardware to abnormal and unexpected behaviour
causing real-life damage and significantly undermining our trust in the electronic and
computing systems we use in our daily lives and in safety critical applications. A
large number of detective and preventive countermeasures have been proposed in
literature. It is a fact, however, that our knowledge of potential consequences to
real-life threats to hardware trust is lacking given the limited number of real-life
reports and the plethora of ways in which hardware trust could be undermined. With
this in mind, run-time monitoring of hardware combined with active mitigation of
attacks, referred to as trustworthy computing on untrustworthy hardware, is proposed
as the last line of defence. This last line of defence allows us to face the issue of live
hardware mistrust rather than turning a blind eye to it or being helpless once it occurs.
This thesis proposes three different frameworks towards trustworthy computing
on untrustworthy hardware. The presented frameworks are adaptable to different
applications, independent of the design of the monitored elements, based on
autonomous security elements, and are computationally lightweight. The first
framework is concerned with explicit violations and breaches of trust at run-time,
with an untrustworthy on-chip communication interconnect presented as a potential
offender. The framework is based on the guiding principles of component guarding,
data tagging, and event verification. The second framework targets hardware elements
with inherently variable and unpredictable operational latency and proposes a
machine-learning based characterization of these latencies to infer undesired latency
extensions or denial of service attacks. The framework is implemented on a DDR3
DRAM after showing its vulnerability to obscured latency extension attacks. The
third framework studies the possibility of the deployment of untrustworthy hardware
elements in the analog front end, and the consequent integrity issues that might arise
at the analog-digital boundary of system on chips. The framework uses machine
learning methods and the unique temporal and arithmetic features of signals at this
boundary to monitor their integrity and assess their trust level
Efficient Security Protocols for Constrained Devices
During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it
Enabling Security Analysis and Education of the Ethereum Platform: A Network Traffic Dissection Tool
Ethereum, the decentralized global software platform powered by blockchain technology known for its native cryptocurrency, Ether (ETH), provides a technology stack for building apps, holding assets, transacting, and communicating without control by a central authority. At the core of Ethereum’s network is a suite of purpose-built protocols known as DEVP2P, which provides the underlying nodes in an Ethereum network the ability to discover, authenticate and communicate confidentiality. This document discusses the creation of a new Wireshark dissector for DEVP2P’s discovery protocols, DiscoveryV4 and DiscoveryV5, and a dissector for RLPx, an extensible TCP transport protocol for a range of Ethereum node capabilities. Network packet dissectors like Wireshark are commonly used to educate, develop, and analyze underlying network traffic. In support of creating the dissector, a custom private Ethereum docker network was also created, facilitating the communication amongst Go Ethereum execution clients and allowing the Wireshark dissector to capture live network data. Lastly, the dissector is used to understand the differences between DiscoveryV4 and DiscoveryV5, along with stepping through the network packets of RLPx to track a transaction executed on the network
Cryptography: Recent Advances and Research Perspectives
Cryptography is considered as a branch of both mathematics and computer science, and it is related closely to information security. This chapter explores the earliest known cryptographic methods, including the scytale, Caesar cipher, substitution ciphers, and transposition ciphers. Also, explains the evolution of these methods over time. The development of symmetric and asymmetric key cryptography, hash functions, and digital signatures is also discussed. The chapter highlights major historical events and technological advancements that have driven the need for stronger and more efficient encryption methods. In addition, the chapter explores the potential for integrating artificial intelligence tools with cryptographic algorithms and the future of encryption technology
Towards Automated Detection of Single-Trace Side-Channel Vulnerabilities in Constant-Time Cryptographic Code
Although cryptographic algorithms may be mathematically secure, it is often
possible to leak secret information from the implementation of the algorithms.
Timing and power side-channel vulnerabilities are some of the most widely
considered threats to cryptographic algorithm implementations. Timing
vulnerabilities may be easier to detect and exploit, and all high-quality
cryptographic code today should be written in constant-time style. However,
this does not prevent power side-channels from existing. With constant time
code, potential attackers can resort to power side-channel attacks to try
leaking secrets. Detecting potential power side-channel vulnerabilities is a
tedious task, as it requires analyzing code at the assembly level and needs
reasoning about which instructions could be leaking information based on their
operands and their values. To help make the process of detecting potential
power side-channel vulnerabilities easier for cryptographers, this work
presents Pascal: Power Analysis Side Channel Attack Locator, a tool that
introduces novel symbolic register analysis techniques for binary analysis of
constant-time cryptographic algorithms, and verifies locations of potential
power side-channel vulnerabilities with high precision. Pascal is evaluated on
a number of implementations of post-quantum cryptographic algorithms, and it is
able to find dozens of previously reported single-trace power side-channel
vulnerabilities in these algorithms, all in an automated manner
'A way of life': practising place in the small press
This thesis is a study of place in the practice and publications of three small presses: Moschatel Press, Coracle Press and Corbel Stone Press.
Practice is central to my approach, both in situating place as something practised, unfinished and ongoing, and in the repetitive everyday acts that make running a press ‘a way of life’.
I examine the ways in which small press practice shapes and responds to a variety of places. Beginning with the home, the thesis moves gradually outwards to larger-scale spaces: the local area, public spaces, the wider landscape.
The thesis is founded upon the press model as one of collaboration, both between artists, and with the places they inhabit.
Chapter One establishes the domestic space as central to the activities and publications of the press. The home is a site of production enmeshed with the everyday, and is the intended habitat of many small press pieces. I trace the influence of domestic intimacy and tactility across small press poetics, and the importance of ‘the domestic scale’ is foregrounded throughout the thesis.
Chapter Two is an exploration of small press localness. I build upon the domestic chapter to examine how the local is shaped by its relationship to the home. I frame small press localness as distinctly embodied, examining the charting of local places on foot and the gathering of texts and objects by hand.
Chapter Three examines site-specific work, exploring the presence of small press pieces in public, communal spaces. I focus particularly upon the hospital-based works of Thomas A Clark, and how they provoke questions around attention, contemplation and care. The chapter closes by reflecting upon how these pieces facilitate thinking about the more- than-human.
Chapter Four sustains a focus upon the more-than-human to explore the small press relationship with the wider landscape. The chapter scrutinises an ambivalent attitude towards books as a means of relating to and recording landscapes. I consider work across deep timescales and study the embodied landscape-based practices of Corbel Stone Press, such as burial and the leaving of offerings
- …