5,443 research outputs found
RADIS: Remote Attestation of Distributed IoT Services
Remote attestation is a security technique through which a remote trusted
party (i.e., Verifier) checks the trustworthiness of a potentially untrusted
device (i.e., Prover). In the Internet of Things (IoT) systems, the existing
remote attestation protocols propose various approaches to detect the modified
software and physical tampering attacks. However, in an interoperable IoT
system, in which IoT devices interact autonomously among themselves, an
additional problem arises: a compromised IoT service can influence the genuine
operation of other invoked service, without changing the software of the
latter. In this paper, we propose a protocol for Remote Attestation of
Distributed IoT Services (RADIS), which verifies the trustworthiness of
distributed IoT services. Instead of attesting the complete memory content of
the entire interoperable IoT devices, RADIS attests only the services involved
in performing a certain functionality. RADIS relies on a control-flow
attestation technique to detect IoT services that perform an unexpected
operation due to their interactions with a malicious remote service. Our
experiments show the effectiveness of our protocol in validating the integrity
status of a distributed IoT service.Comment: 21 pages, 10 figures, 2 table
LiSA: A Lightweight and Secure Authentication Mechanism for Smart Metering Infrastructure
Smart metering infrastructure (SMI) is the core component of the smart grid
(SG) which enables two-way communication between consumers and utility
companies to control, monitor, and manage the energy consumption data. Despite
their salient features, SMIs equipped with information and communication
technology are associated with new threats due to their dependency on public
communication networks. Therefore, the security of SMI communications raises
the need for robust authentication and key agreement primitives that can
satisfy the security requirements of the SG. Thus, in order to realize the
aforementioned issues, this paper introduces a lightweight and secure
authentication protocol, "LiSA", primarily to secure SMIs in SG setups. The
protocol employs Elliptic Curve Cryptography at its core to provide various
security features such as mutual authentication, anonymity, replay protection,
session key security, and resistance against various attacks. Precisely, LiSA
exploits the hardness of the Elliptic Curve Qu Vanstone (EVQV) certificate
mechanism along with Elliptic Curve Diffie Hellman Problem (ECDHP) and Elliptic
Curve Discrete Logarithm Problem (ECDLP). Additionally, LiSA is designed to
provide the highest level of security relative to the existing schemes with
least computational and communicational overheads. For instance, LiSA incurred
barely 11.826 ms and 0.992 ms for executing different passes across the smart
meter and the service providers. Further, it required a total of 544 bits for
message transmission during each session.Comment: To appear in IEEE Globecom 201
Smart Grid Communications: Overview of Research Challenges, Solutions, and Standardization Activities
Optimization of energy consumption in future intelligent energy networks (or
Smart Grids) will be based on grid-integrated near-real-time communications
between various grid elements in generation, transmission, distribution and
loads. This paper discusses some of the challenges and opportunities of
communications research in the areas of smart grid and smart metering. In
particular, we focus on some of the key communications challenges for realizing
interoperable and future-proof smart grid/metering networks, smart grid
security and privacy, and how some of the existing networking technologies can
be applied to energy management. Finally, we also discuss the coordinated
standardization efforts in Europe to harmonize communications standards and
protocols.Comment: To be published in IEEE Communications Surveys and Tutorial
Secure Hardware Enhanced MyProxy: A Ph.D. Thesis Proposal
In 1976, Whitfield Diffie and Martin Hellman demonstrated how New Directions In Cryptography could enable secure information exchange between parties that do not share secrets. In order for public key cryptography to work in modern distributed environments, we need an infrastructure for finding and trusting other parties\u27 public keys (i.e., a PKI). A number of useful applications become possible with PKI. While the applications differ in how they use keys (e.g., S/MIME uses the key for message encryption and signing, while client-side SSL uses the key for authentication), all applications share one assumption: users have keypairs. In previous work, we examined the security aspects of some of the standard keystores and the their interaction with the OS. We concluded that desktops are not safe places to store private keys, and we demonstrated the permeability of keystores such as the default Microsoft keystore and the Mozilla keystore. In addition to being unsafe, these desktop keystores have the added disadvantage of being immobile. In other previous work, we examined trusted computing. In industry, a new trusted computing initiative has emerged: the Trusted Computing Platform Alliance (TCPA) (now renamed the Trusted Computing Group (TCG)). The goal of the TCG design is lower-assurance security that protects an entire desktop platform and is cheap enough to be commercially feasible. Last year, we built a trusted computing platform based on the TCG specifications and hardware. The picture painted by these previous projects suggests that common desktops are not secure enough for use as PKI clients, and trusted computing can improve the security of client machines. The question that I propose to investigate is: Can I build a system which applies trusted computing hardware in a reasonable manner in order to make desktops usable for PKI? My design begins with the Grid community\u27s MyProxy credential repository, and enhances it to take advantage of secure hardware on the clients, at the repository, and in the policy framework. The result is called Secure Hardware Enhanced MyProxy
False data injection attack (FDIA): An overview and new metrics for fair evaluation of its countermeasure
The concept of false data injection attack (FDIA) was introduced originally in the smart grid domain. While the term sounds common, it specifically means the case when an attacker compromises sensor readings in such tricky way that undetected errors are introduced into calculations of state variables and values. Due to the rapid growth of the Internet and associated complex adaptive systems, cyber attackers are interested in exploiting similar attacks in other application domains such as healthcare, finance, defense, governance, etc. In today’s increasingly perilous cyber world of complex adaptive systems, FDIA has become one of the top-priority issues to deal with. It is a necessity today for greater awareness and better mechanism to counter such attack in the cyberspace. Hence, this work presents an overview of the attack, identifies the impact of FDIA in critical domains, and talks about the countermeasures. A taxonomy of the existing countermeasures to defend against FDIA is provided. Unlike other works, we propose some evaluation metrics for FDIA detection and also highlight the scarcity of benchmark datasets to validate the performance of FDIA detection techniques. [Figure not available: see fulltext.] © 2020, The Author(s)
Analysing Trust Issues in Cloud Identity Environments
Trust acts as a facilitator for decision making in environments, where decisions are subject to risk and uncertainty. Security is one of the factors contributing to the trust model that is a requirement for service users. In this paper we ask, What can be done to improve end user trust in choosing a cloud identity provider? Security and privacy are central issues in a cloud identity environment and it is the end user who determines the amount of trust they have in any identity system. This paper is an in-depth literature survey that evaluates identity service delivery in a cloud environment from the perspective of the service user
How Far Removed Are You? Scalable Privacy-Preserving Estimation of Social Path Length with Social PaL
Social relationships are a natural basis on which humans make trust
decisions. Online Social Networks (OSNs) are increasingly often used to let
users base trust decisions on the existence and the strength of social
relationships. While most OSNs allow users to discover the length of the social
path to other users, they do so in a centralized way, thus requiring them to
rely on the service provider and reveal their interest in each other. This
paper presents Social PaL, a system supporting the privacy-preserving discovery
of arbitrary-length social paths between any two social network users. We
overcome the bootstrapping problem encountered in all related prior work,
demonstrating that Social PaL allows its users to find all paths of length two
and to discover a significant fraction of longer paths, even when only a small
fraction of OSN users is in the Social PaL system - e.g., discovering 70% of
all paths with only 40% of the users. We implement Social PaL using a scalable
server-side architecture and a modular Android client library, allowing
developers to seamlessly integrate it into their apps.Comment: A preliminary version of this paper appears in ACM WiSec 2015. This
is the full versio
- …