Esquemas de segurança contra ataques de poluição em codificação de rede sobre redes sem fios

Doutoramento em TelecomunicaçõesResumo em português não disponivelThe topic of this thesis is how to achieve e cient security against pollution attacks by exploiting the structure of network coding. There has recently been growing interest in using network coding techniques to increase the robustness and throughput of data networks, and reduce the delay in wireless networks, where a network coding-based scheme takes advantage of the additive nature of wireless signals by allowing two nodes to transmit simultaneously to the relay node. However, Network Coding (NC)-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted (i.e., corrupted) packets that prevent the destination nodes from decoding correctly. Due to recoding at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research e ort has been devoted to schemes against data pollution attacks. Homomorphic Message Authentication Code (MAC)-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modi es tags appended to the end of the transmitted packets. Therefore, in this thesis, we rst propose a homomorphic message authentication code-based scheme, providing resistance against data pollution attacks and tag pollution attacks in XOR NC-enabled wireless networks. Moreover, we propose four homomorphic message authentication code-based schemes which provide resistance against data and tag pollution attacks in Random Linear Network Coding (RLNC). Our results show that our proposed schemes are more e cient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead

Security threats in network coding-enabled mobile small cells

The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells

A novel intrusion detection and prevention scheme for network coding-enabled mobile small cells

Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

Key management for secure network coding-enabled mobile small cells

The continuous growth in wireless devices connected to the Internet and the increasing demand for higher data rates put ever increasing pressure on the 4G cellular network. The EU funded H2020-MSCA project “SECRET” investigates a scenario architecture to cover the urban landscape for the upcoming 5G cellular network. The studied scenario architecture combines multi-hop device-to-device (D2D) communication with network coding-enabled mobile small cells. In this scenario architecture, mobile nodes benefit from high transmission speeds, low latency and increased energy efficiency, while the cellular network benefits from a reduced workload of its base stations. However, this scenario architecture faces various security and privacy challenges. These challenges can be addressed using cryptographic techniques and protocols, assuming that a key management scheme is able to provide mobile nodes with secret keys in a secure manner. Unfortunately, existing key management schemes are unable to cover all security and privacy challenges of the studied scenario architecture. Certificateless key management schemes seem promising, although many proposed schemes of this category of key management schemes require a secure channel or lack key update and key revocation procedures. We therefore suggest further research in key management schemes which include secret key sharing among mobile nodes, key revocation, key update and mobile node authentication to fit with our scenario architecture

Dual-homomorphic message authentication code scheme for network coding-enabled wireless sensor networks

Network coding has shown a considerable improvement in terms of capacity and robustness compared to traditional store-and-forward transmission paradigm. However, since the intermediate nodes in network coding-enabled networks have the ability to change the packets en route, network coding-enabled networks are vulnerable to pollution attacks where a small number of polluted messages can corrupt bunches of legitimate messages. Recently, research effort has been put on schemes for protecting the transmitted messages against data pollution attacks. However, most of them cannot resist tag pollution attacks. This paper presents a new homomorphic MAC-based scheme, called Dual-Homomorphic MAC (Dual-HMAC), for network coding-enabled wireless sensor networks. The proposed scheme makes use of two types of tags (i.e., MACs and D-MACs) to provide resistance against data pollution attacks and partially tag pollution attacks. Furthermore, our proposed scheme presents low communication overhead and low computational complexity compared to other existing schemes

Using Privacy Impact Assessment to Inspect Privacy Issues in a Smart Home

IoT has an ever-increasing amount of development as more and more different devices connect to the Internet and become IoT devices. For the regular private user, the smart home may be the most enticing domain of IoT as it can be used to ease their lives. Smart home and smart home devices are one of the subfields of the Internet of Things. They allow the inhabitants to control various home devices remotely from anywhere within the house or anywhere in the world at any particular time. Smart homes have several benefits. They are improving the quality of individuals' lives, as individuals can control their various smart devices at any time. In addition, a smart home allows individuals to have greater control of their energy use. Other pros of smart homes include complete control over devices, increased convenience, and insurance benefits. However, regardless of the many benefits of smart homes, they are also associated with various challenges. Security and privacy are significant challenges related to the smart home environment. This thesis will discuss the privacy impact of smart homes and smart devices. Four different devices have been included, and each device will be analyzed to conclude what private sensitive information they collect. Moreover, a privacy impact assessment (PIA) tool will be used to conclude whether our manual analysis of the devices was correct or not. Lastly, we will propose some solutions that we consider will increase the protection of users' privacy

Privacy in Smart Homes Using Privacy Impact Assessment to Inspect Privacy Issues in a Smart Home

IoT has an ever-increasing amount of development as more and more different devices connect to the Internet and become IoT devices. For the regular private user, the smart home may be the most enticing domain of IoT as it can be used to ease their lives. Smart home and smart home devices are one of the subfields of the Internet of Things. They allow the inhabitants to control various home devices remotely from anywhere within the house or anywhere in the world at any particular time. Smart homes have several benefits. They are improving the quality of individuals' lives, as individuals can control their various smart devices at any time. In addition, a smart home allows individuals to have greater control of their energy use. Other pros of smart homes include complete control over devices, increased convenience, and insurance benefits. However, regardless of the many benefits of smart homes, they are also associated with various challenges. Security and privacy are significant challenges related to the smart home environment. This thesis will discuss the privacy impact of smart homes and smart devices. Four different devices have been included, and each device will be analyzed to conclude what private sensitive information they collect. Moreover, a privacy impact assessment (PIA) tool will be used to conclude whether our manual analysis of the devices was correct or not. Lastly, we will propose some solutions that we consider will increase the protection of users' privacy

Encaminhamento confiável e energeticamente eficiente para redes ad hoc

Doutoramento em InformáticaIn Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is mandatory, there is a high probability for some nodes to become overloaded with packet forwarding operations in order to support neighbor data exchange. This altruistic behaviour leads to an unbalanced load in the network in terms of traffic and energy consumption. In such scenarios, mobile nodes can benefit from the use of energy efficient and traffic fitting routing protocol that better suits the limited battery capacity and throughput limitation of the network. This PhD work focuses on proposing energy efficient and load balanced routing protocols for ad hoc networks. Where most of the existing routing protocols simply consider the path length metric when choosing the best route between a source and a destination node, in our proposed mechanism, nodes are able to find several routes for each pair of source and destination nodes and select the best route according to energy and traffic parameters, effectively extending the lifespan of the network. Our results show that by applying this novel mechanism, current flat ad hoc routing protocols can achieve higher energy efficiency and load balancing. Also, due to the broadcast nature of the wireless channels in ad hoc networks, other technique such as Network Coding (NC) looks promising for energy efficiency. NC can reduce the number of transmissions, number of re-transmissions, and increase the data transfer rate that directly translates to energy efficiency. However, due to the need to access foreign nodes for coding and forwarding packets, NC needs a mitigation technique against unauthorized accesses and packet corruption. Therefore, we proposed different mechanisms for handling these security attacks by, in particular by serially concatenating codes to support reliability in ad hoc network. As a solution to this problem, we explored a new security framework that proposes an additional degree of protection against eavesdropping attackers based on using concatenated encoding. Therefore, malicious intermediate nodes will find it computationally intractable to decode the transitive packets. We also adopted another code that uses Luby Transform (LT) as a pre-coding code for NC. Primarily being designed for security applications, this code enables the sink nodes to recover corrupted packets even in the presence of byzantine attacks.Nas redes móveis ad hoc (MANETs), onde o comportamento cooperativo é obrigatório, existe uma elevada probabilidade de alguns nós ficarem sobrecarregados nas operações de encaminhamento de pacotes no apoio à troca de dados com nós vizinhos. Este comportamento altruísta leva a uma sobrecarga desequilibrada em termos de tráfego e de consumo de energia. Nestes cenários, os nós móveis poderão beneficiar do uso da eficiência energética e de protocolo de encaminhamento de tráfego que melhor se adapte à sua capacidade limitada da bateria e velocidade de processamento. Este trabalho de doutoramento centra-se em propor um uso eficiente da energia e protocolos de encaminhamento para balanceamento de carga nas redes ad hoc. Actualmente a maioria dos protocolos de encaminhamento existentes considera simplesmente a métrica da extensão do caminho, ou seja o número de nós, para a escolha da melhor rota entre fonte (S) e um nó de destino (D); no mecanismo aqui proposto os nós são capazes de encontrar várias rotas por cada par de nós de origem e destino e seleccionar o melhor caminho segundo a energia e parâmetros de tráfego, aumentando o tempo de vida útil da rede. Os nossos resultados mostram que pela aplicação deste novo mecanismo, os protocolos de encaminhamento ad hoc actuais podem alcançar uma maior eficiência energética e balanceamento de carga. Para além disso, devido à natureza de difusão dos canais sem fio em redes ad-hoc, outras técnicas, tais como a Codificação de Rede (NC), parecem ser também promissoras para a eficiência energética. NC pode reduzir o número de transmissões, e número de retransmissões e aumentar a taxa de transferência de dados traduzindo-se directamente na melhoria da eficiência energética. No entanto, devido ao acesso dos nós intermediários aos pacotes em trânsito e sua codificação, NC necessita de uma técnica que limite as acessos não autorizados e a corrupção dos pacotes. Explorou-se o mecanismo de forma a oferecer um novo método de segurança que propõe um grau adicional de protecção contra ataques e invasões. Por conseguinte, os nós intermediários mal-intencionados irão encontrar pacotes em trânsito computacionalmente intratáveis em termos de descodificação. Adoptou-se também outro código que usa Luby Transform (LT) como um código de précodificação no NC. Projectado inicialmente para aplicações de segurança, este código permite que os nós de destino recuperem pacotes corrompidos mesmo em presença de ataques bizantinos