16 research outputs found
Esquemas de segurança contra ataques de poluição em codificação de rede sobre redes sem fios
Doutoramento em TelecomunicaçõesResumo em português não disponivelThe topic of this thesis is how to achieve e cient security against pollution
attacks by exploiting the structure of network coding.
There has recently been growing interest in using network coding
techniques to increase the robustness and throughput of data networks, and
reduce the delay in wireless networks, where a network coding-based scheme
takes advantage of the additive nature of wireless signals by allowing two
nodes to transmit simultaneously to the relay node. However, Network
Coding (NC)-enabled wireless networks are susceptible to a severe security
threat, known as data pollution attack, where a malicious node injects into
the network polluted (i.e., corrupted) packets that prevent the destination
nodes from decoding correctly. Due to recoding at the intermediate nodes,
according to the core principle of NC, the polluted packets propagate
quickly into other packets and corrupt bunches of legitimate packets
leading to network resource waste. Hence, a lot of research e ort has been
devoted to schemes against data pollution attacks. Homomorphic Message
Authentication Code (MAC)-based schemes are a promising solution against
data pollution attacks. However, most of them are susceptible to a new
type of pollution attack, called tag pollution attack, where an adversary
node randomly modi es tags appended to the end of the transmitted packets.
Therefore, in this thesis, we rst propose a homomorphic message
authentication code-based scheme, providing resistance against data
pollution attacks and tag pollution attacks in XOR NC-enabled wireless
networks. Moreover, we propose four homomorphic message authentication
code-based schemes which provide resistance against data and tag pollution
attacks in Random Linear Network Coding (RLNC). Our results show that
our proposed schemes are more e cient compared to other competitive tag
pollution immune schemes in terms of complexity, communication overhead
and key storage overhead
Security threats in network coding-enabled mobile small cells
The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells
Recommended from our members
A novel intrusion detection and prevention scheme for network coding-enabled mobile small cells
Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead
Recommended from our members
IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells
Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well
Key management for secure network coding-enabled mobile small cells
The continuous growth in wireless devices connected to the Internet and the increasing demand for higher data rates put ever increasing pressure on the 4G cellular network. The EU funded H2020-MSCA project “SECRET” investigates a scenario architecture to cover the urban landscape for the upcoming 5G cellular network. The studied scenario architecture combines multi-hop device-to-device (D2D) communication with network coding-enabled mobile small cells. In this scenario architecture, mobile nodes benefit from high transmission speeds, low latency and increased energy efficiency, while the cellular network benefits from a reduced workload of its base stations. However, this scenario architecture faces various security and privacy challenges. These challenges can be addressed using cryptographic techniques and protocols, assuming that a key management scheme is able to provide mobile nodes with secret keys in a secure manner. Unfortunately, existing key management schemes are unable to cover all security and privacy challenges of the studied scenario architecture. Certificateless key management schemes seem promising, although many proposed schemes of this category of key management schemes require a secure channel or lack key update and key revocation procedures. We therefore suggest further research in key management schemes which include secret key sharing among mobile nodes, key revocation, key update and mobile node authentication to fit with our scenario architecture
Dual-homomorphic message authentication code scheme for network coding-enabled wireless sensor networks
Network coding has shown a considerable improvement in terms of capacity and robustness compared to traditional store-and-forward transmission paradigm. However, since the intermediate nodes in network coding-enabled networks have the ability to change the packets en route, network coding-enabled networks are vulnerable to pollution attacks where a small number of polluted messages can corrupt bunches of legitimate messages. Recently, research effort has been put on schemes for protecting the transmitted messages against data pollution attacks. However, most of them cannot resist tag pollution attacks. This paper presents a new homomorphic MAC-based scheme, called Dual-Homomorphic MAC (Dual-HMAC), for network coding-enabled wireless sensor networks. The proposed scheme makes use of two types of tags (i.e., MACs and D-MACs) to provide resistance against data pollution attacks and partially tag pollution attacks. Furthermore, our proposed scheme presents low communication overhead and low computational complexity compared to other existing schemes
Using Privacy Impact Assessment to Inspect Privacy Issues in a Smart Home
IoT has an ever-increasing amount of development as more and more different devices connect to the Internet and become IoT devices. For the regular private user, the smart home may be the most enticing domain of IoT as it can be used to ease their lives. Smart home and smart home devices are one of the subfields of the Internet of Things. They allow the inhabitants to control various home devices remotely from anywhere within the house or anywhere in the world at any particular time. Smart homes have several benefits. They are improving the quality of individuals' lives, as individuals can control their various smart devices at any time. In addition, a smart home allows individuals to have greater control of their energy use. Other pros of smart homes include complete control over devices, increased convenience, and insurance benefits. However, regardless of the many benefits of smart homes, they are also associated with various challenges. Security and privacy are significant challenges related to the smart home environment.
This thesis will discuss the privacy impact of smart homes and smart devices. Four different devices have been included, and each device will be analyzed to conclude what private sensitive information they collect. Moreover, a privacy impact assessment (PIA) tool will be used to conclude whether our manual analysis of the devices was correct or not. Lastly, we will propose some solutions that we consider will increase the protection of users' privacy
Privacy in Smart Homes Using Privacy Impact Assessment to Inspect Privacy Issues in a Smart Home
IoT has an ever-increasing amount of development as more and more different devices connect to the Internet and become IoT devices. For the regular private user, the smart home may be the most enticing domain of IoT as it can be used to ease their lives. Smart home and smart home devices are one of the subfields of the Internet of Things. They allow the inhabitants to control various home devices remotely from anywhere within the house or anywhere in the world at any particular time. Smart homes have several benefits. They are improving the quality of individuals' lives, as individuals can control their various smart devices at any time. In addition, a smart home allows individuals to have greater control of their energy use. Other pros of smart homes include complete control over devices, increased convenience, and insurance benefits. However, regardless of the many benefits of smart homes, they are also associated with various challenges. Security and privacy are significant challenges related to the smart home environment.
This thesis will discuss the privacy impact of smart homes and smart devices. Four different devices have been included, and each device will be analyzed to conclude what private sensitive information they collect. Moreover, a privacy impact assessment (PIA) tool will be used to conclude whether our manual analysis of the devices was correct or not. Lastly, we will propose some solutions that we consider will increase the protection of users' privacy
Encaminhamento confiável e energeticamente eficiente para redes ad hoc
Doutoramento em InformáticaIn Mobile Ad hoc NETworks (MANETs), where cooperative behaviour is
mandatory, there is a high probability for some nodes to become overloaded
with packet forwarding operations in order to support neighbor data exchange.
This altruistic behaviour leads to an unbalanced load in the network in terms of
traffic and energy consumption. In such scenarios, mobile nodes can benefit
from the use of energy efficient and traffic fitting routing protocol that better
suits the limited battery capacity and throughput limitation of the network. This
PhD work focuses on proposing energy efficient and load balanced routing
protocols for ad hoc networks. Where most of the existing routing protocols
simply consider the path length metric when choosing the best route between a
source and a destination node, in our proposed mechanism, nodes are able to
find several routes for each pair of source and destination nodes and select the
best route according to energy and traffic parameters, effectively extending the
lifespan of the network. Our results show that by applying this novel
mechanism, current flat ad hoc routing protocols can achieve higher energy
efficiency and load balancing. Also, due to the broadcast nature of the wireless
channels in ad hoc networks, other technique such as Network Coding (NC)
looks promising for energy efficiency. NC can reduce the number of
transmissions, number of re-transmissions, and increase the data transfer rate
that directly translates to energy efficiency. However, due to the need to access
foreign nodes for coding and forwarding packets, NC needs a mitigation
technique against unauthorized accesses and packet corruption. Therefore, we
proposed different mechanisms for handling these security attacks by, in
particular by serially concatenating codes to support reliability in ad hoc
network. As a solution to this problem, we explored a new security framework
that proposes an additional degree of protection against eavesdropping
attackers based on using concatenated encoding. Therefore, malicious
intermediate nodes will find it computationally intractable to decode the
transitive packets. We also adopted another code that uses Luby Transform
(LT) as a pre-coding code for NC. Primarily being designed for security
applications, this code enables the sink nodes to recover corrupted packets
even in the presence of byzantine attacks.Nas redes móveis ad hoc (MANETs), onde o comportamento cooperativo é
obrigatório, existe uma elevada probabilidade de alguns nós ficarem
sobrecarregados nas operações de encaminhamento de pacotes no apoio à
troca de dados com nós vizinhos. Este comportamento altruísta leva a uma
sobrecarga desequilibrada em termos de tráfego e de consumo de energia.
Nestes cenários, os nós móveis poderão beneficiar do uso da eficiência
energética e de protocolo de encaminhamento de tráfego que melhor se
adapte à sua capacidade limitada da bateria e velocidade de processamento.
Este trabalho de doutoramento centra-se em propor um uso eficiente da
energia e protocolos de encaminhamento para balanceamento de carga nas
redes ad hoc. Actualmente a maioria dos protocolos de encaminhamento
existentes considera simplesmente a métrica da extensão do caminho, ou seja
o número de nós, para a escolha da melhor rota entre fonte (S) e um nó de
destino (D); no mecanismo aqui proposto os nós são capazes de encontrar
várias rotas por cada par de nós de origem e destino e seleccionar o melhor
caminho segundo a energia e parâmetros de tráfego, aumentando o tempo de
vida útil da rede. Os nossos resultados mostram que pela aplicação deste novo
mecanismo, os protocolos de encaminhamento ad hoc actuais podem alcançar
uma maior eficiência energética e balanceamento de carga.
Para além disso, devido à natureza de difusão dos canais sem fio em redes
ad-hoc, outras técnicas, tais como a Codificação de Rede (NC), parecem ser
também promissoras para a eficiência energética. NC pode reduzir o número
de transmissões, e número de retransmissões e aumentar a taxa de
transferência de dados traduzindo-se directamente na melhoria da eficiência
energética. No entanto, devido ao acesso dos nós intermediários aos pacotes
em trânsito e sua codificação, NC necessita de uma técnica que limite as
acessos não autorizados e a corrupção dos pacotes. Explorou-se o
mecanismo de forma a oferecer um novo método de segurança que propõe um
grau adicional de protecção contra ataques e invasões. Por conseguinte, os
nós intermediários mal-intencionados irão encontrar pacotes em trânsito
computacionalmente intratáveis em termos de descodificação. Adoptou-se
também outro código que usa Luby Transform (LT) como um código de précodificação
no NC. Projectado inicialmente para aplicações de segurança, este
código permite que os nós de destino recuperem pacotes corrompidos mesmo
em presença de ataques bizantinos