106 research outputs found

    Adaptation of the human nervous system for self-aware secure mobile and IoT systems

    Get PDF
    IT systems have been deployed across several domains, such as hospitals and industries, for the management of information and operations. These systems will soon be ubiquitous in every field due to the transition towards the Internet of Things (IoT). The IoT brings devices with sensory functions into IT systems through the process of internetworking. The sensory functions of IoT enable them to generate and process information automatically, either without human contribution or having the least human interaction possible aside from the information and operations management tasks. Security is crucial as it prevents system exploitation. Security has been employed after system implementation, and has rarely been considered as a part of the system. In this dissertation, a novel solution based on a biological approach is presented to embed security as an inalienable part of the system. The proposed solution, in the form of a prototype of the system, is based on the functions of the human nervous system (HNS) in protecting its host from the impacts caused by external or internal changes. The contributions of this work are the derivation of a new system architecture from HNS functionalities and experiments that prove the implementation feasibility and efficiency of the proposed HNS-based architecture through prototype development and evaluation. The first contribution of this work is the adaptation of human nervous system functions to propose a new architecture for IT systems security. The major organs and functions of the HNS are investigated and critical areas are identified for the adaptation process. Several individual system components with similar functions to the HNS are created and grouped to form individual subsystems. The relationship between these components is established in a similar way as in the HNS, resulting in a new system architecture that includes security as a core component. The adapted HNS-based system architecture is employed in two the experiments prove its implementation capability, enhancement of security, and overall system operations. The second contribution is the implementation of the proposed HNS-based security solution in the IoT test-bed. A temperature-monitoring application with an intrusion detection system (IDS) based on the proposed HNS architecture is implemented as part of the test-bed experiment. Contiki OS is used for implementation, and the 6LoWPAN stack is modified during the development process. The application, together with the IDS, has a brain subsystem (BrSS), a spinal cord subsystem (SCSS), and other functions similar to the HNS whose names are changed. The HNS functions are shared between an edge router and resource-constrained devices (RCDs) during implementation. The experiment is evaluated in both test-bed and simulation environments. Zolertia Z1 nodes are used to form a 6LoWPAN network, and an edge router is created by combining Pandaboard and Z1 node for a test-bed setup. Two networks with different numbers of sensor nodes are used as simulation environments in the Cooja simulator. The third contribution of this dissertation is the implementation of the proposed HNS-based architecture in the mobile platform. In this phase, the Android operating system (OS) is selected for experimentation, and the proposed HNS-based architecture is specifically tailored for Android. A context-based dynamically reconfigurable access control system (CoDRA) is developed based on the principles of the refined HNS architecture. CoDRA is implemented through customization of Android OS and evaluated under real-time usage conditions in test-bed environments. During the evaluation, the implemented prototype mimicked the nature of the HNS in securing the application under threat with negligible resource requirements and solved the problems in existing approaches by embedding security within the system. Furthermore, the results of the experiments highlighted the retention of HNS functions after refinement for different IT application areas, especially the IoT, due to its resource-constrained nature, and the implementable capability of our proposed HNS architecture.--- IT-järjestelmiä hyödynnetään tiedon ja toimintojen hallinnassa useilla aloilla, kuten sairaaloissa ja teollisuudessa. Siirtyminen kohti esineiden Internetiä (Internet of Things, IoT) tuo tällaiset laitteet yhä kiinteämmäksi osaksi jokapäiväistä elämää. IT-järjestelmiin liitettyjen IoT-laitteiden sensoritoiminnot mahdollistavat tiedon automaattisen havainnoinnin ja käsittelyn osana suurempaa järjestelmää jopa täysin ilman ihmisen myötävaikutusta, poislukien mahdolliset ylläpito- ja hallintatoimenpiteet. Turvallisuus on ratkaisevan tärkeää IT-järjestelmien luvattoman käytön estämiseksi. Valitettavan usein järjestelmäsuunnittelussa turvallisuus ei ole osana ydinsuunnitteluprosessia, vaan otetaan huomioon vasta käyttöönoton jälkeen. Tässä väitöskirjassa esitellään uudenlainen biologiseen lähestymistapaan perustuva ratkaisu, jolla turvallisuus voidaan sisällyttää erottamattomaksi osaksi järjestelmää. Ehdotettu prototyyppiratkaisu perustuu ihmisen hermoston toimintaan tilanteessa, jossa se suojelee isäntäänsä ulkoisten tai sisäisten muutosten vaikutuksilta. Tämän työn keskeiset tulokset ovat uuden järjestelmäarkkitehtuurin johtaminen ihmisen hermoston toimintaperiaatteesta sekä tällaisen järjestelmän toteutettavuuden ja tehokkuuden arviointi kokeellisen prototyypin kehittämisen ja toiminnan arvioinnin avulla. Tämän väitöskirjan ensimmäinen kontribuutio on ihmisen hermoston toimintoihin perustuva IT-järjestelmäarkkitehtuuri. Tutkimuksessa arvioidaan ihmisen hermoston toimintaa ja tunnistetaan keskeiset toiminnot ja toiminnallisuudet, jotka mall-innetaan osaksi kehitettävää järjestelmää luomalla näitä vastaavat järjestelmäkomponentit. Nä-istä kootaan toiminnallisuudeltaan hermostoa vastaavat osajärjestelmät, joiden keskinäinen toiminta mallintaa ihmisen hermoston toimintaa. Näin luodaan arkkitehtuuri, jonka keskeisenä komponenttina on turvallisuus. Tämän pohjalta toteutetaan kaksi prototyyppijärjestelmää, joiden avulla arvioidaan arkkitehtuurin toteutuskelpoisuutta, turvallisuutta sekä toimintakykyä. Toinen kontribuutio on esitetyn hermostopohjaisen turvallisuusratkaisun toteuttaminen IoT-testialustalla. Kehitettyyn arkkitehtuuriin perustuva ja tunkeutumisen estojärjestelmän (intrusion detection system, IDS) sisältävä lämpötilan seurantasovellus toteutetaan käyttäen Contiki OS -käytöjärjestelmää. 6LoWPAN protokollapinoa muokataan tarpeen mukaan kehitysprosessin aikana. IDS:n lisäksi sovellukseen kuuluu aivo-osajärjestelmä (Brain subsystem, BrSS), selkäydinosajärjestelmä (Spinal cord subsystem, SCSS), sekä muita hermoston kaltaisia toimintoja. Nämä toiminnot jaetaan reunareitittimen ja resurssirajoitteisten laitteiden kesken. Tuloksia arvioidaan sekä simulaatioiden että testialustan tulosten perusteella. Testialustaa varten 6LoWPAN verkon toteutukseen valittiin Zolertia Z1 ja reunareititin on toteutettu Pandaboardin ja Z1:n yhdistelmällä. Cooja-simulaattorissa käytettiin mallinnukseen ymp-äristönä kahta erillistä ja erikokoisuta sensoriverkkoa. Kolmas tämän väitöskirjan kontribuutio on kehitetyn hermostopohjaisen arkkitehtuurin toteuttaminen mobiilialustassa. Toteutuksen alustaksi valitaan Android-käyttöjärjestelmä, ja kehitetty arkkitehtuuri räätälöidään Androidille. Tuloksena on kontekstipohjainen dynaamisesti uudelleen konfiguroitava pääsynvalvontajärjestelmä (context-based dynamically reconfigurable access control system, CoDRA). CoDRA toteutetaan mukauttamalla Androidin käyttöjärjestelmää ja toteutuksen toimivuutta arvioidaan reaaliaikaisissa käyttöolosuhteissa testialustaympäristöissä. Toteutusta arvioitaessa havaittiin, että kehitetty prototyyppi jäljitteli ihmishermoston toimintaa kohdesovelluksen suojaamisessa, suoriutui tehtävästään vähäisillä resurssivaatimuksilla ja onnistui sisällyttämään turvallisuuden järjestelmän ydintoimintoihin. Tulokset osoittivat, että tämän tyyppinen järjestelmä on toteutettavissa sekä sen, että järjestelmän hermostonkaltainen toiminnallisuus säilyy siirryttäessä sovellusalueelta toiselle, erityisesti resursseiltaan rajoittuneissa IoT-järjestelmissä

    A Hybrid Multi-user Cloud Access Control based Block Chain Framework for Privacy Preserving Distributed Databases

    Get PDF
    Most of the traditional medical applications are insecure and difficult to compute the data integrity with variable hash size. Traditional medical data security systems are insecure and it depend on static parameters for data security. Also, distributed based cloud storage systems are independent of integrity computational and data security due to unstructured data and computational memory. As the size of the data and its dimensions are increasing in the public and private cloud servers, it is difficult to provide the machine learning based privacy preserving in cloud computing environment. Block-chain technology plays a vital role for large cloud databases. Most of the conventional block-chain frameworks are based on the existing integrity and confidentiality models. Also, these models are based on the data size and file format. In this model, a novel integrity verification and encryption framework is designed and implemented in cloud environment.  In order to overcome these problems in the cloud computing environment, a hybrid integrity and security-based block-chain framework is designed and implemented on the large distributed databases. In this framework,a novel decision tree classifier is used along with non-linear mathematical hash algorithm and advanced attribute-based encryption models are used to improve the privacy of multiple users on the large cloud datasets. Experimental results proved that the proposed advanced privacy preserving based block-chain technology has better efficiency than the traditional block-chain based privacy preserving systems on large distributed databases

    Jornadas Nacionales de Investigación en Ciberseguridad: actas de las VIII Jornadas Nacionales de Investigación en ciberseguridad: Vigo, 21 a 23 de junio de 2023

    Get PDF
    Jornadas Nacionales de Investigación en Ciberseguridad (8ª. 2023. Vigo)atlanTTicAMTEGA: Axencia para a modernización tecnolóxica de GaliciaINCIBE: Instituto Nacional de Cibersegurida

    Secure Communications in Next Generation Digital Aeronautical Datalinks

    Get PDF
    As of 2022, Air Traffic Management (ATM) is gradually digitizing to automate and secure data transmission in civil aviation. New digital data links like the L-band Digital Aeronautical Communications System (LDACS) are being introduced for this purpose. LDACS is a cellular, ground-based digital communications system for flight guidance and safety. Unfortunately, LDACS and many other datalinks in civil aviation lack link layer security measures. This doctoral thesis proposes a cybersecurity architecture for LDACS, developing various security measures to protect user and control data. These include two new authentication and key establishment protocols, along with a novel approach to secure control data of resource-constrained wireless communication systems. Evaluations demonstrate a latency increase of 570 to 620 milliseconds when securely attaching an aircraft to an LDACS cell, along with a 5% to 10% security data overhead. Also, flight trials confirm that Ground-based Augmentation System (GBAS) can be securely transmitted via LDACS with over 99% availability. These security solutions enable future aeronautical applications like 4D-Trajectories, paving the way for a digitized and automated future of civil aviation

    Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

    Get PDF
    VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic

    Developing an Effective Detection Framework for Targeted Ransomware Attacks in Brownfield Industrial Internet of Things

    Full text link
    The Industrial Internet of Things (IIoT) is being interconnected with many critical industrial activities, creating major cyber security concerns. The key concern is with edge systems of Brownfield IIoT, where new devices and technologies are deployed to interoperate with legacy industrial control systems and leverage the benefits of IoT. These edge devices, such as edge gateways, have opened the way to advanced attacks such as targeted ransomware. Various pre-existing security solutions can detect and mitigate such attacks but are often ineffective due to the heterogeneous nature of the IIoT devices and protocols and their interoperability demands. Consequently, developing new detection solutions is essential. The key challenges in developing detection solutions for targeted ransomware attacks in IIoT systems include 1) understanding attacks and their behaviour, 2) designing accurate IIoT system models to test attacks, 3) obtaining realistic data representing IIoT systems' activities and connectivities, and 4) identifying attacks. This thesis provides important contributions to the research focusing on investigating targeted ransomware attacks against IIoT edge systems and developing a new detection framework. The first contribution is developing the world's first example of ransomware, specifically targeting IIoT edge gateways. The experiments' results demonstrate that such an attack is now possible on edge gateways. Also, the kernel-related activity parameters appear to be significant indicators of the crypto-ransomware attacks' behaviour, much more so than for similar attacks in workstations. The second contribution is developing a new holistic end-to-end IIoT security testbed (i.e., Brown-IIoTbed) that can be easily reproduced and reconfigured to support new processes and security scenarios. The results prove that Brown-IIoTbed operates efficiently in terms of its functions and security testing. The third contribution is generating a first-of-its-kind dataset tailored for IIoT systems covering targeted ransomware attacks and their activities, called X-IIoTID. The dataset includes connectivity- and device-agnostic features collected from various data sources. The final contribution is developing a new asynchronous peer-to-peer federated deep learning framework tailored for IIoT edge gateways for detecting targeted ransomware attacks. The framework's effectiveness has been evaluated against pre-existing datasets and the newly developed X-IIoTID dataset

    Mobile Ad-Hoc Networks

    Get PDF
    Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

    Smart Wireless Sensor Networks

    Get PDF
    The recent development of communication and sensor technology results in the growth of a new attractive and challenging area - wireless sensor networks (WSNs). A wireless sensor network which consists of a large number of sensor nodes is deployed in environmental fields to serve various applications. Facilitated with the ability of wireless communication and intelligent computation, these nodes become smart sensors which do not only perceive ambient physical parameters but also be able to process information, cooperate with each other and self-organize into the network. These new features assist the sensor nodes as well as the network to operate more efficiently in terms of both data acquisition and energy consumption. Special purposes of the applications require design and operation of WSNs different from conventional networks such as the internet. The network design must take into account of the objectives of specific applications. The nature of deployed environment must be considered. The limited of sensor nodes� resources such as memory, computational ability, communication bandwidth and energy source are the challenges in network design. A smart wireless sensor network must be able to deal with these constraints as well as to guarantee the connectivity, coverage, reliability and security of network's operation for a maximized lifetime. This book discusses various aspects of designing such smart wireless sensor networks. Main topics includes: design methodologies, network protocols and algorithms, quality of service management, coverage optimization, time synchronization and security techniques for sensor networks

    A REVIEW STUDY OF EUROPEAN R&D PROJECTS FOR SATELLITE COMMUNICATIONS IN 5G/6G ERA

    Get PDF
    Κατά τις τελευταίες δεκαετίες τα δορυφορικά συστήματα τηλεπικοινωνιών έχουν προσφέρει μια γκάμα από πολυμεσικές υπηρεσίες όπως δορυφορική τηλεόραση, δορυφορική τηλεφωνία και ευρυζωνική πρόσβαση στο διαδίκτυο. Οι μακροπρόθεσμες τεχνολογικές αναβαθμίσεις σε συνδυασμό με την προσθήκη νέων δορυφορικών συστημάτων γεωστατικής και ελλειπτικής τροχιάς και με την ενσωμάτωση τεχνολογιών πληροφορικής έχουν ωθήσει την αύξηση του μέγιστου εύρους των δορυφόρων στο 1Gbps σε μεμονωμένους δορυφόρους ενώ σε διάταξη αστερισμού μπορούν να ξεπεράσουν το 1 Tbps. Σε συνδυασμό με την μείωση του χρόνου απόκρισης σε ρυθμούς ανταγωνιστικούς με τις χερσαίες υποδομές ανοίγουν νέες ευκαιρίες και νέους ρόλους εντός ενός οικοσυστήματος ετερογενούς δικτύων 5ης γενιάς. Σε αυτήν την διατριβή, αξιολογούμε επιδοτούμενα επιστημονικά προγράμματα έρευνας και ανάπτυξης της Ευρωπαϊκής Επιτροπής Διαστήματος (ESA) και του προγράμματος επιδότησης Horizon 2020 της Ευρωπαϊκής Ένωσης, προκειμένου να εξηγήσουμε τις δυνατότητες των δορυφόρων εντός ενός ετερογενούς δικτύου 5ης γενιάς, αναφέρουμε συγκεκριμένα αυτά που αφορούν την εξέλιξη των δορυφορικών ψηφιακών συστημάτων και την ικανότητα ενσωμάτωσης τους σε τωρινές αλλά και μελλοντικές υποδομές χερσαίων τηλεπικοινωνιακών δικτύων μέσω της εμφάνισης νέων τεχνολογιών στις ηλεκτρονικές και οπτικές επικοινωνίες αέρος μαζί με την εμφάνιση τεχνολογιών πληροφορικής όπως της δικτύωσης βασισμένης στο λογισμικό και της εικονικοποίησης λειτουργιών δικτύου. Αναφερόμαστε στους στόχους του κάθε project ξεχωριστά και κατηγοριοποιημένα στους ακόλουθους τομείς έρευνας: -Συσσωμάτωση των δορυφόρων με τα επίγεια δίκτυα 5ης γενιάς με οργανωμένες μελέτες και στρατηγικές -Ενσωμάτωση των τεχνολογιών δικτύωσης βασισμένης στο λογισμικό και εικονικοποίησης λειτουργιών δικτύου στο δορυφορικών τμήμα των δικτύων 5ης γενιάς -Ο ρόλος των δορυφόρων σε εφαρμογές του διαδικτύου των πραγμάτων σε συνάφεια με τα χερσαία δίκτυα 5ης γενιάς -Ο ρόλος των δορυφόρων στην δίκτυα διανομής πολυμεσικού περιεχομένου & η επιρροή των πρωτοκόλλων διαδικτύου στην ποιότητα υπηρεσίας χρήστη κατά την διάρκεια μιας δορυφορικής σύνδεσης. -Μελλοντικές βελτιώσεις και εφαρμογές στα δορυφορικά συστήματα με έμφαση στα μελλοντικά πρότυπα του φυσικό επιπέδου Στο τέλος διαθέτουμε ένα παράρτημα που αφορά τεχνικές αναλύσεις στην εξέλιξη του φυσικού επιπέδου των δορυφορικών συστημάτων, συνοδευόμενο με την συσχετιζόμενη βιβλιογραφία για περαιτέρω μελέτη.Over the last decades satellite telecommunication systems offer many types of multimedia services like Satellite TV, telephony and broadband internet access. The long-term technological evolutions occurred into state-of-the-art satellite systems altogether with the addition of new high throughput geostatic and non-geostatic systems, individual satellites can now achieve a peak bandwidth of up to Gbps, and with possible extension into satellite constellation systems the total capacity can reach up to Tbps. Supplementary, with systems latency being comparable to terrestrial infrastructures and with integration of several computer science technologies, satellite systems can achieve new & more advanced roles inside a heterogeneous 5G network’s ecosystem. In this thesis, we have studied European Space Agency (ESA’s) and European Union’s (EU) Horizon 2020 Research and Development (R&D) funded projects in order to describe the satellite capabilities within a 5G heterogeneous network, mentioning the impact of the evolution of digital satellite communications and furthermore the integration with the state-of the art & future terrain telecommunication systems by new technologies occurred through the evolution of electronic & free space optical communications alongside with the integration of computer science’s technologies like Software Defined Networking (SDN) and Network Function Virtualization (NFV). In order to describe this evolution we have studied the concepts of each individual project, categorized chronically and individual by its scientific field of research. Our main scientific trends for this thesis are: -Satellite Integration studies & strategies into the 5G terrestrial networks -Integration of SDN and NFV technologies on 5G satellite component -Satellite’s role in the Internet of Things applications over 5G terrestrial networks -Satellite’s role in Content Distribution Networks & internet protocols impact over user’s Quality of Experience (QoE) over a satellite link -The future proposals upon the evolution of Satellite systems by upcoming improvements and corresponding standards Finally, we have created an Annex for technical details upon the evolution of physical layer of the satellite systems with the corresponding bibliography of this thesis for future study
    corecore