1,185 research outputs found
A survey of secure middleware for the Internet of Things
The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area
SHARKS: Smart Hacking Approaches for RisK Scanning in Internet-of-Things and Cyber-Physical Systems based on Machine Learning
Cyber-physical systems (CPS) and Internet-of-Things (IoT) devices are
increasingly being deployed across multiple functionalities, ranging from
healthcare devices and wearables to critical infrastructures, e.g., nuclear
power plants, autonomous vehicles, smart cities, and smart homes. These devices
are inherently not secure across their comprehensive software, hardware, and
network stacks, thus presenting a large attack surface that can be exploited by
hackers. In this article, we present an innovative technique for detecting
unknown system vulnerabilities, managing these vulnerabilities, and improving
incident response when such vulnerabilities are exploited. The novelty of this
approach lies in extracting intelligence from known real-world CPS/IoT attacks,
representing them in the form of regular expressions, and employing machine
learning (ML) techniques on this ensemble of regular expressions to generate
new attack vectors and security vulnerabilities. Our results show that 10 new
attack vectors and 122 new vulnerability exploits can be successfully generated
that have the potential to exploit a CPS or an IoT ecosystem. The ML
methodology achieves an accuracy of 97.4% and enables us to predict these
attacks efficiently with an 87.2% reduction in the search space. We demonstrate
the application of our method to the hacking of the in-vehicle network of a
connected car. To defend against the known attacks and possible novel exploits,
we discuss a defense-in-depth mechanism for various classes of attacks and the
classification of data targeted by such attacks. This defense mechanism
optimizes the cost of security measures based on the sensitivity of the
protected resource, thus incentivizing its adoption in real-world CPS/IoT by
cybersecurity practitioners.Comment: This article has been accepted in IEEE Transactions on Emerging
Topics in Computing. 17 pages, 12 figures, IEEE copyrigh
Information Sharing Solutions for Nato Headquarters
NATO is an Alliance of 26 nations that operates on a consensus basis, not a majority basis. Thorough and timely information exchange between nations is fundamental to the Business Process. Current technology and practices at NATO HQ are inadequate to meet modern-day requirements despite the availability of demonstrated and accredited Cross-Domain technology solutions. This lack of integration between networks is getting more complicated with time, as nations continue to invest in IT and ignore the requirements for inter-networked gateways. This contributes to inefficiencies, fostering an atmosphere where shortcuts are taken in order to get the job done. The author recommends that NATO HQ should improve its presence on the Internet, building on the desired tenets of availability and security
Decentralized information flow control for databases
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2012.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Cataloged from student-submitted PDF version of thesis.Includes bibliographical references (p. 177-194).Privacy and integrity concerns have been mounting in recent years as sensitive data such as medical records, social network records, and corporate and government secrets are increasingly being stored in online systems. The rate of high-profile breaches has illustrated that current techniques are inadequate for protecting sensitive information. Many of these breaches involve databases that handle information for a multitude of individuals, but databases don't provide practical tools to protect those individuals from each other, so that task is relegated to the application. This dissertation describes a system that improves security in a principled way by extending the database system and the application platform to support information flow control. Information flow control has been gaining traction as a practical way to protect information in the contexts of programming languages and operating systems. Recent research advocates the decentralized model for information flow control (DIFC), since it provides the necessary expressiveness to protect data for many individuals with varied security concerns.However, despite the fact that most applications implicated in breaches rely on relational databases, there have been no prior comprehensive attempts to extend DIFC to a database system. This dissertation introduces IFDB, which is a database management system that supports DIFC with minimal overhead. IFDB pioneers the Query by Label model, which provides applications with a simple way to delineate constraints on the confidentiality and integrity of the data they obtain from the database. This dissertation also defines new abstractions for managing information flows in a database and proposes new ways to address covert channels. Finally, the IFDB implementation and case studies with real applications demonstrate that database support for DIFC improves security, is easy for developers to use, and has good performance.by David Andrew Schultz.Ph.D
Secure publish-subscribe protocols for heterogeneous medical wireless body area networks
Security and privacy issues in medical wireless body area networks (WBANs) constitute a major unsolved concern because of the challenges posed by the scarcity of resources in WBAN devices and the usability restrictions imposed by the healthcare domain. In this paper, we describe a WBAN architecture based on the well-known publish-subscribe paradigm. We present two protocols for publishing data and sending commands to a sensor that guarantee confidentiality and fine-grained access control. Both protocols are based on a recently proposed ciphertext policy attribute-based encryption (CP-ABE) scheme that is lightweight enough to be embedded into wearable sensors. We show how sensors can implement lattice-based access control (LBAC) policies using this scheme, which are highly appropriate for the eHealth domain. We report experimental results with a prototype implementation demonstrating the suitability of our proposed solution.This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You)
A Data Protection Architecture for Derived Data Control in Partially Disconnected Networks
Every organisation needs to exchange and disseminate data constantly amongst its employees, members, customers
and partners. Disseminated data is often sensitive or confidential and access to it should be restricted to
authorised recipients. Several enterprise rights management (ERM) systems and data protection solutions have
been proposed by both academia and industry to enable usage control on disseminated data, i.e. to allow data
originators to retain control over whom accesses their information, under which circumstances, and how it is
used. This is often obtained by means of cryptographic techniques and thus by disseminating encrypted data
that only trustworthy recipients can decrypt. Most of these solutions assume data recipients are connected to
the network and able to contact remote policy evaluation authorities that can evaluate usage control policies and
issue decryption keys. This assumption oversimplifies the problem by neglecting situations where connectivity
is not available, as often happens in crisis management scenarios. In such situations, recipients may not be
able to access the information they have received. Also, while using data, recipients and their applications can
create new derived information, either by aggregating data from several sources or transforming the original
data’s content or format. Existing solutions mostly neglect this problem and do not allow originators to retain
control over this derived data despite the fact that it may be more sensitive or valuable than the data originally
disseminated.
In this thesis we propose an ERM architecture that caters for both derived data control and usage control in
partially disconnected networks. We propose the use of a novel policy lattice model based on information flow
and mandatory access control. Sets of policies controlling the usage of data can be specified and ordered in a
lattice according to the level of protection they provide. At the same time, their association with specific data
objects is mandated by rules (content verification procedures) defined in a data sharing agreement (DSA) stipulated
amongst the organisations sharing information. When data is transformed, the new policies associated
with it are automatically determined depending on the transformation used and the policies currently associated
with the input data. The solution we propose takes into account transformations that can both increase or reduce
the sensitivity of information, thus giving originators a flexible means to control their data and its derivations.
When data must be disseminated in disconnected environments, the movement of users and the ad hoc connections they establish can be exploited to distribute information. To allow users to decrypt disseminated data
without contacting remote evaluation authorities, we integrate our architecture with a mechanism for authority
devolution, so that users moving in the disconnected area can be granted the right to evaluate policies and issue
decryption keys. This allows recipients to contact any nearby user that is also a policy evaluation authority to
obtain decryption keys. The mechanism has been shown to be efficient so that timely access to data is possible
despite the lack of connectivity. Prototypes of the proposed solutions that protect XML documents have been
developed. A realistic crisis management scenario has been used to show both the flexibility of the presented
approach for derived data control and the efficiency of the authority devolution solution when handling data
dissemination in simulated partially disconnected networks.
While existing systems do not offer any means to control derived data and only offer partial solutions to
the problem of lack of connectivity (e.g. by caching decryption keys), we have defined a set of solutions
that help data originators faced with the shortcomings of current proposals to control their data in innovative,
problem-oriented ways
Remote Policy Enforcement Using Java Virtual Machine
Tanenbaum, A.S. [Promotor]Crispo, B. [Copromotor
Secrecy for Mobile Implementations of Security Protocols
Mobile code technology offers interesting possibilities to
the practitioner, but also raises strong concerns about security. One
aspect of security is secrecy, the preservation of confidential
information. This thesis investigates the modelling, specification and
verification of secrecy in mobile applications which access and
transmit confidential information through a possibly compromised
medium (e.g. the Internet). These applications can be expected to
communicate secret information using a security protocol, a mechanism
to guarantee that the transmitted data does not reach unauthorized
entities.
The central idea is therefore to relate the secrecy properties of the
application to those of the protocol it implements, through the
definition of a ``confidential protocol implementation'' relation.
The argument takes an indirect form, showing that a confidential
implementation transmits secret data only in the ways indicated by the
protocol.
We define the implementation relation using labelled transition
semantics, bisimulations and relabelling functions. To justify its
technical definition, we relate this property to a notion of
noninterference for nondeterministic systems derived from Cohen's
definition of Selective Independency. We also provide simple and
local conditions that greatly simplify its verification, and report on
our experiments on an architecture showing how the proposed
formulations could be used in practice to enforce secrecy of mobile
code
- …