83 research outputs found
Efficient Security Protocols for Constrained Devices
During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it
Mobile Firewall System For Distributed Denial Of Service Defense In Internet Of Things Networks
Internet of Things (IoT) has seen unprecedented growth in the consumer space over the past ten years. The majority of IoT device manufacturers do not, however, build their products with cybersecurity in mind. The goal of the mobile firewall system is to move mitigation of network-diffused attacks closer to their source. Attack detection and mitigation is enforced using a machine that physically traverses the area. This machine uses a suite of security tools to protect the network. Our system provides advantages over current network attack mitigation techniques. Mobile firewalls can be deployed when there is no access to the network gateway or when no gateway exists, such as in IoT mesh networks. The focus of this thesis is to refine an explicit implementation for the mobile firewall system and evaluate its effectiveness. Evaluation of the mobile firewall system is analyzed using three simulated distributed denial of service case studies. Mobility is shown to be a great benefit when defending against physically distant attackers â the system takes no more than 131 seconds to fully nullify a worst-case attack
High-Energy Gamma-Ray Astronomy
This volume celebrates the 30th anniversary of the first very-high energy (VHE) gamma-ray Source detection: the Crab Nebula, observed by the pioneering ground-based Cherenkov telescope Whipple, at teraelectronvolts (TeV) energies, in 1989. As we entered a new era in TeV astronomy, with the imminent start of operations of the Cherenkov Telescope Array (CTA) and new facilities such as LHAASO and the proposed Southern Wide-Field Gamma-ray Observatory (SWGO), we conceived of this volume as a broad reflection on how far we have evolved in the astrophysics topics that dominated the field of TeV astronomy for much of recent history.In the past two decades, H.E.S.S., MAGIC and VERITAS pushed the field of TeV astronomy, consolidating the field of TeV astrophysics, from few to hundreds of TeV emitters. Today, this is a mature field, covering almost every topic of modern astrophysics. TeV astrophysics is also at the center of the multi-messenger astrophysics revolution, as the extreme photon energies involved provide an effective probe in cosmic-ray acceleration, propagation and interaction, in dark matter and exotic physics searches. The improvement that CTA will carry forward and the fact that CTA will operate as the first open observatory in the field, mean that gamma-ray astronomy is about to enter a new precision and productive era.This book aims to serve as an introduction to the field and its state of the art, presenting a series of authoritative reviews on a broad range of topics in which TeV astronomy provided essential contributions, and where some of the most relevant questions for future research lie
The Fifteenth Marcel Grossmann Meeting
The three volumes of the proceedings of MG15 give a broad view of all aspects of gravitational physics and astrophysics, from mathematical issues to recent observations and experiments. The scientific program of the meeting included 40 morning plenary talks over 6 days, 5 evening popular talks and nearly 100 parallel sessions on 71 topics spread over 4 afternoons. These proceedings are a representative sample of the very many oral and poster presentations made at the meeting.Part A contains plenary and review articles and the contributions from some parallel sessions, while Parts B and C consist of those from the remaining parallel sessions. The contents range from the mathematical foundations of classical and quantum gravitational theories including recent developments in string theory, to precision tests of general relativity including progress towards the detection of gravitational waves, and from supernova cosmology to relativistic astrophysics, including topics such as gamma ray bursts, black hole physics both in our galaxy and in active galactic nuclei in other galaxies, and neutron star, pulsar and white dwarf astrophysics. Parallel sessions touch on dark matter, neutrinos, X-ray sources, astrophysical black holes, neutron stars, white dwarfs, binary systems, radiative transfer, accretion disks, quasars, gamma ray bursts, supernovas, alternative gravitational theories, perturbations of collapsed objects, analog models, black hole thermodynamics, numerical relativity, gravitational lensing, large scale structure, observational cosmology, early universe models and cosmic microwave background anisotropies, inhomogeneous cosmology, inflation, global structure, singularities, chaos, Einstein-Maxwell systems, wormholes, exact solutions of Einstein's equations, gravitational waves, gravitational wave detectors and data analysis, precision gravitational measurements, quantum gravity and loop quantum gravity, quantum cosmology, strings and branes, self-gravitating systems, gamma ray astronomy, cosmic rays and the history of general relativity
Review of Particle Physics
The Review summarizes much of particle physics and cosmology. Using data from previous editions, plus 2,143
new measurements from 709 papers, we list, evaluate, and average measured properties of gauge bosons and the
recently discovered Higgs boson, leptons, quarks, mesons, and baryons. We summarize searches for hypothetical
particles such as supersymmetric particles, heavy bosons, axions, dark photons, etc. Particle properties and search
limits are listed in Summary Tables. We give numerous tables, figures, formulae, and reviews of topics such as Higgs
Boson Physics, Supersymmetry, Grand Unified Theories, Neutrino Mixing, Dark Energy, Dark Matter, Cosmology,
Particle Detectors, Colliders, Probability and Statistics. Among the 120 reviews are many that are new or heavily
revised, including a new review on Machine Learning, and one on Spectroscopy of Light Meson Resonances.
The Review is divided into two volumes. Volume 1 includes the Summary Tables and 97 review articles. Volume
2 consists of the Particle Listings and contains also 23 reviews that address specific aspects of the data presented
in the Listings.
The complete Review (both volumes) is published online on the website of the Particle Data Group (pdg.lbl.gov)
and in a journal. Volume 1 is available in print as the PDG Book. A Particle Physics Booklet with the Summary
Tables and essential tables, figures, and equations from selected review articles is available in print, as a web version
optimized for use on phones, and as an Android app.United States Department of Energy (DOE) DE-AC02-05CH11231government of Japan (Ministry of Education, Culture, Sports, Science and Technology)Istituto Nazionale di Fisica Nucleare (INFN)Physical Society of Japan (JPS)European Laboratory for Particle Physics (CERN)United States Department of Energy (DOE
Configurable Secured Adaptive Routing Protocol for Mobile Wireless Sensor Networks
This paper aims at designing, building, and simulating a secured routing protocol to defend against packet dropping attacks in mobile WSNs (MWSNs). This research addresses the gap in the literature by proposing Configurable Secured Adaptive Routing Protocol (CSARP). CSARP has four levels of protection to allow suitability for different types of network applications. The protocol allows the network admin to configure the required protection level and the ratio of cluster heads to all nodes. The protocol has an adaptive feature, which allows for better protection and preventing the spread of the threats in the network. The conducted CSARP simulations with different conditions showed the ability of CSARP to identify all malicious nodes and remove them from the network. CSARP provided more than 99.97% packets delivery rate with 0% data packet loss in the existence of 3 malicious nodes in comparison with 3.17% data packet loss without using CSARP. When compared with LEACH, CSARP showed an improvement in extending the lifetime of the network by up to 39.5%. The proposed protocol has proven to be better than the available security solutions in terms of configurability, adaptability, optimization for MWSNs, energy consumption optimization, and the suitability for different MWSNs applications and conditions
Characterizing the IoT ecosystem at scale
Internet of Things (IoT) devices are extremely popular with home, business, and industrial users. To provide their services, they typically rely on a backend server in- frastructure on the Internet, which collectively form the IoT Ecosystem. This ecosys- tem is rapidly growing and offers users an increasing number of services. It also has been a source and target of significant security and privacy risks. One notable exam- ple is the recent large-scale coordinated global attacks, like Mirai, which disrupted large service providers. Thus, characterizing this ecosystem yields insights that help end-users, network operators, policymakers, and researchers better understand it, obtain a detailed view, and keep track of its evolution. In addition, they can use these insights to inform their decision-making process for mitigating this ecosystemâs security and privacy risks. In this dissertation, we characterize the IoT ecosystem at scale by (i) detecting the IoT devices in the wild, (ii) conducting a case study to measure how deployed IoT devices can affect usersâ privacy, and (iii) detecting and measuring the IoT backend infrastructure. To conduct our studies, we collaborated with a large European Internet Service Provider (ISP) and a major European Internet eXchange Point (IXP). They rou- tinely collect large volumes of passive, sampled data, e.g., NetFlow and IPFIX, for their operational purposes. These data sources help providers obtain insights about their networks, and we used them to characterize the IoT ecosystem at scale. We start with IoT devices and study how to track and trace their activity in the wild. We developed and evaluated a scalable methodology to accurately detect and monitor IoT devices with limited, sparsely sampled data in the ISP and IXP. Next, we conduct a case study to measure how a myriad of deployed devices can affect the privacy of ISP subscribers. Unfortunately, we found that the privacy of a substantial fraction of IPv6 end-users is at risk. We noticed that a single device at home that encodes its MAC address into the IPv6 address could be utilized as a tracking identifier for the entire end-user prefixâeven if other devices use IPv6 privacy extensions. Our results showed that IoT devices contribute the most to this privacy leakage. Finally, we focus on the backend server infrastructure and propose a methodology to identify and locate IoT backend servers operated by cloud services and IoT vendors. We analyzed their IoT traffic patterns as observed in the ISP. Our analysis sheds light on their diverse operational and deployment strategies. The need for issuing a priori unknown network-wide queries against large volumes of network flow capture data, which we used in our studies, motivated us to develop Flowyager. It is a system built on top of existing traffic capture utilities, and it relies on flow summarization techniques to reduce (i) the storage and transfer cost of flow captures and (ii) query response time. We deployed a prototype of Flowyager at both the IXP and ISP.Internet-of-Things-GerĂ€te (IoT) sind aus vielen Haushalten, BĂŒrorĂ€umen und In- dustrieanlagen nicht mehr wegzudenken. Um ihre Dienste zu erbringen, nutzen IoT- GerĂ€te typischerweise auf eine Backend-Server-Infrastruktur im Internet, welche als Gesamtheit das IoT-Ăkosystem bildet. Dieses Ăkosystem wĂ€chst rapide an und bie- tet den Nutzern immer mehr Dienste an. Das IoT-Ăkosystem ist jedoch sowohl eine Quelle als auch ein Ziel von signifikanten Risiken fĂŒr die Sicherheit und PrivatsphĂ€re. Ein bemerkenswertes Beispiel sind die jĂŒngsten groĂ angelegten, koordinierten globa- len Angriffe wie Mirai, durch die groĂe Diensteanbieter gestört haben. Deshalb ist es wichtig, dieses Ăkosystem zu charakterisieren, eine ganzheitliche Sicht zu bekommen und die Entwicklung zu verfolgen, damit Forscher, EntscheidungstrĂ€ger, Endnutzer und Netzwerkbetreibern Einblicke und ein besseres VerstĂ€ndnis erlangen. AuĂerdem können alle Teilnehmer des Ăkosystems diese Erkenntnisse nutzen, um ihre Entschei- dungsprozesse zur Verhinderung von Sicherheits- und PrivatsphĂ€rerisiken zu verbes- sern. In dieser Dissertation charakterisieren wir die Gesamtheit des IoT-Ăkosystems indem wir (i) IoT-GerĂ€te im Internet detektieren, (ii) eine Fallstudie zum Einfluss von benutzten IoT-GerĂ€ten auf die PrivatsphĂ€re von Nutzern durchfĂŒhren und (iii) die IoT-Backend-Infrastruktur aufdecken und vermessen. Um unsere Studien durchzufĂŒhren, arbeiten wir mit einem groĂen europĂ€ischen Internet- Service-Provider (ISP) und einem groĂen europĂ€ischen Internet-Exchange-Point (IXP) zusammen. Diese sammeln routinemĂ€Ăig fĂŒr operative Zwecke groĂe Mengen an pas- siven gesampelten Daten (z.B. als NetFlow oder IPFIX). Diese Datenquellen helfen Netzwerkbetreibern Einblicke in ihre Netzwerke zu erlangen und wir verwendeten sie, um das IoT-Ăkosystem ganzheitlich zu charakterisieren. Wir beginnen unsere Analysen mit IoT-GerĂ€ten und untersuchen, wie diese im Inter- net aufgespĂŒrt und verfolgt werden können. Dazu entwickelten und evaluierten wir eine skalierbare Methodik, um IoT-GerĂ€te mit Hilfe von eingeschrĂ€nkten gesampelten Daten des ISPs und IXPs prĂ€zise erkennen und beobachten können. Als NĂ€chstes fĂŒhren wir eine Fallstudie durch, in der wir messen, wie eine Unzahl von eingesetzten GerĂ€ten die PrivatsphĂ€re von ISP-Nutzern beeinflussen kann. Lei- der fanden wir heraus, dass die PrivatsphĂ€re eines substantiellen Teils von IPv6- Endnutzern bedroht ist. Wir entdeckten, dass bereits ein einzelnes GerĂ€t im Haus, welches seine MAC-Adresse in die IPv6-Adresse kodiert, als Tracking-Identifikator fĂŒr das gesamte Endnutzer-PrĂ€fix missbraucht werden kann â auch wenn andere GerĂ€te IPv6-Privacy-Extensions verwenden. Unsere Ergebnisse zeigten, dass IoT-GerĂ€te den GroĂteil dieses PrivatsphĂ€re-Verlusts verursachen. AbschlieĂend fokussieren wir uns auf die Backend-Server-Infrastruktur und wir schla- gen eine Methodik zur Identifizierung und Lokalisierung von IoT-Backend-Servern vor, welche von Cloud-Diensten und IoT-Herstellern betrieben wird. Wir analysier- ten Muster im IoT-Verkehr, der vom ISP beobachtet wird. Unsere Analyse gibt Auf- schluss ĂŒber die unterschiedlichen Strategien, wie IoT-Backend-Server betrieben und eingesetzt werden. Die Notwendigkeit a-priori unbekannte netzwerkweite Anfragen an groĂe Mengen von Netzwerk-Flow-Daten zu stellen, welche wir in in unseren Studien verwenden, moti- vierte uns zur Entwicklung von Flowyager. Dies ist ein auf bestehenden Netzwerkverkehrs- Tools aufbauendes System und es stĂŒtzt sich auf die Zusammenfassung von Verkehrs- flĂŒssen, um (i) die Kosten fĂŒr Archivierung und Transfer von Flow-Daten und (ii) die Antwortzeit von Anfragen zu reduzieren. Wir setzten einen Prototypen von Flowyager sowohl im IXP als auch im ISP ein
Understanding and Advancing the Status Quo of DDoS Defense
Two decades after the first distributed denial-of-service (DDoS) attack, the Internet remains challenged by DDoS attacks as they evolve. Not only is the scale of attacks larger than ever, but they are also harder to detect and mitigate. Nevertheless, the Internet's fundamental design, based on which machines are free to send traffic to any other machines, remains the same. This thesis reinvestigates the prior DDoS defense solutions to find less studied but critical issues in existing defense solutions. It proposes solutions to improve the input, design, and evaluation of DDoS defense. Specifically, we show why DDoS defense systems need a better view of the Internet's traffic at the autonomous system (AS) level. We use a novel attack to expose the inefficiencies in the existing defense systems. Finally, we reason why a defense solution needs a sound empirical evaluation and provide a framework that mimics real-world networks to facilitate DDoS defense evaluation.
This dissertation includes published and unpublished co-authored materials
Prototype Interferometry in the Era of Gravitational Wave Astronomy
Since the first direct detection of gravitational wave signals from the coalescence of a pair of stella-mass black holes on 14 September 2015, a global network of terrestrial interferometric detectors, with kilometer-scale arms, have opened a new window through which the astrophysical universe can be probed. This success was the result of decades of exploratory work done on smaller-scale prototype interferometers. Even though the detection of astrophysical gravitational wave signals has become almost a routine event, prototype interferometers remain an essential tool in developing technologies for future generations of kilometer-scale detectors. They are unique in that they are large enough to probe physics that cannot be easily investigated on the table-top, but have no obligation to function as an observatory, and so can be readily modified for a wide variety of experiments. This thesis focuses on one direction in which prototype interferometry can be taken, serving as a testbed for testing the laws of quantum mechanics at the macroscopic scale. While this is in itself an interesting experimental program, it can make a direct contribution to the field of gravitational wave astronomy since future generations of terrestrial detectors are expected to be limited in their sensitivity due to measurement limits set by the Heisenberg uncertainty principle. Techniques to evade these limits can be demonstrated on a prototype interferometer, before embarking on an expensive program to implement them at the scale necessary for kilometer-scale observatories.</p
- âŠ