A Novel Cryptography-Based Multipath Routing Protocol for Wireless Communications

Communication in a heterogeneous, dynamic, low-power, and lossy network is dependable and seamless thanks to Mobile Ad-hoc Networks (MANETs). Low power and Lossy Networks (LLN) Routing Protocol (RPL) has been designed to make MANET routing more efficient. For different types of traffic, RPL routing can experience problems with packet transmission rates and latency. RPL is an optimal routing protocol for low power lossy networks (LLN) having the capacity to establish a path between resource constraints nodes by using standard objective functions: OF0 and MRHOF. The standard objective functions lead to a decrease in the network lifetime due to increasing the computations for establishing routing between nodes in the heterogeneous network (LLN) due to poor decision problems. Currently, conventional Mobile Ad-hoc Network (MANET) is subjected to different security issues. Weathering those storms would help if you struck a good speed-memory-storage equilibrium. This article presents a security algorithm for MANET networks that employ the Rapid Packet Loss (RPL) routing protocol. The constructed network uses optimization-based deep learning reinforcement learning for MANET route creation. An improved network security algorithm is applied after a route has been set up using (ClonQlearn). The suggested method relies on a lightweight encryption scheme that can be used for both encryption and decryption. The suggested security method uses Elliptic-curve cryptography (ClonQlearn+ECC) for a random key generation based on reinforcement learning (ClonQlearn). The simulation study showed that the proposed ClonQlearn+ECC method improved network performance over the status quo. Secure data transmission is demonstrated by the proposed ClonQlearn + ECC, which also improves network speed. The proposed ClonQlearn + ECC increased network efficiency by 8-10% in terms of packet delivery ratio, 7-13% in terms of throughput, 5-10% in terms of end-to-end delay, and 3-7% in terms of power usage variation

Towards Practical Access Control and Usage Control on the Cloud using Trusted Hardware

Cloud-based platforms have become the principle way to store, share, and synchronize files online. For individuals and organizations alike, cloud storage not only provides resource scalability and on-demand access at a low cost, but also eliminates the necessity of provisioning and maintaining complex hardware installations. Unfortunately, because cloud-based platforms are frequent victims of data breaches and unauthorized disclosures, data protection obliges both access control and usage control to manage user authorization and regulate future data use. Encryption can ensure data security against unauthorized parties, but complicates file sharing which now requires distributing keys to authorized users, and a mechanism that prevents revoked users from accessing or modifying sensitive content. Further, as user data is stored and processed on remote ma- chines, usage control in a distributed setting requires incorporating the local environmental context at policy evaluation, as well as tamper-proof and non-bypassable enforcement. Existing cryptographic solutions either require server-side coordination, offer limited flexibility in data sharing, or incur significant re-encryption overheads on user revocation. This combination of issues are ill-suited within large-scale distributed environments where there are a large number of users, dynamic changes in user membership and access privileges, and resources are shared across organizational domains. Thus, developing a robust security and privacy solution for the cloud requires: fine-grained access control to associate the largest set of users and resources with variable granularity, scalable administration costs when managing policies and access rights, and cross-domain policy enforcement. To address the above challenges, this dissertation proposes a practical security solution that relies solely on commodity trusted hardware to ensure confidentiality and integrity throughout the data lifecycle. The aim is to maintain complete user ownership against external hackers and malicious service providers, without losing the scalability or availability benefits of cloud storage. Furthermore, we develop a principled approach that is: (i) portable across storage platforms without requiring any server-side support or modifications, (ii) flexible in allowing users to selectively share their data using fine-grained access control, and (iii) performant by imposing modest overheads on standard user workloads. Essentially, our system must be client-side, provide end-to-end data protection and secure sharing, without significant degradation in performance or user experience. We introduce NeXUS, a privacy-preserving filesystem that enables cryptographic protection and secure file sharing on existing network-based storage services. NeXUS protects the confidentiality and integrity of file content, as well as file and directory names, while mitigating against rollback attacks of the filesystem hierarchy. We also introduce Joplin, a secure access control and usage control system that provides practical attribute-based sharing with decentralized policy administration, including efficient revocation, multi-domain policies, secure user delegation, and mandatory audit logging. Both systems leverage trusted hardware to prevent the leakage of sensitive material such as encryption keys and access control policies; they are completely client-side, easy to install and use, and can be readily deployed across remote storage platforms without requiring any server-side changes or trusted intermediary. We developed prototypes for NeXUS and Joplin, and evaluated their respective overheads in isolation and within a real-world environment. Results show that both prototypes introduce modest overheads on interactive workloads, and achieve portability across storage platforms, including Dropbox and AFS. Together, NeXUS and Joplin demonstrate that a client-side solution employing trusted hardware such as Intel SGX can effectively protect remotely stored data on existing file sharing services

Smart homes under siege: Assessing the robustness of physical security against wireless network attacks

© 2024 The Authors. Published by Elsevier Ltd. This is an open access article distributed under the terms of the Creative Commons Attribution License (CC BY), https://creativecommons.org/licenses/by/4.0/Nowadays domestic smart security devices, such as smart locks, smart doorbells, and security cameras, are becoming increasingly popular with users, due to their ease of use, convenience, and declining prices. Unlike conventional non-smart security devices, such as alarms and locks, performance standards for smart security devices, such as the British TS 621, are not easily understandable by end users due to the technical language employed. Users also have very few sources of unbiased information regarding product performance in real world conditions and protection against attacks from cyber attacker-burglars and, as a result, tend to take manufacturer claims at face value. This means that, as this work proves, users may be exposed to threats, such as theft, impersonation (should an attacker steal their credentials), and even physical injury, if the device fails and is used to prevent access to hazardous environments. As such, this paper deploys several attacks using popular wireless attack vectors (i.e., 433MHz radio, Bluetooth, and RFID) against domestic smart security devices to assess the protection offered against a cyber attacker-burglar. Our results suggest that users are open to considerable cyber physical attacks, irrespective if they use lesser known (i.e., no name) or branded smart security devices, due to the poor security offered by these devices.Peer reviewe

Solutions to the GSM Security Weaknesses

Recently, the mobile industry has experienced an extreme increment in number of its users. The GSM network with the greatest worldwide number of users succumbs to several security vulnerabilities. Although some of its security problems are addressed in its upper generations, there are still many operators using 2G systems. This paper briefly presents the most important security flaws of the GSM network and its transport channels. It also provides some practical solutions to improve the security of currently available 2G systems.Comment: 6 Pages, 2 Figure

Security and Privacy for Green IoT-based Agriculture: Review, Blockchain solutions, and Challenges

open access articleThis paper presents research challenges on security and privacy issues in the field of green IoT-based agriculture. We start by describing a four-tier green IoT-based agriculture architecture and summarizing the existing surveys that deal with smart agriculture. Then, we provide a classification of threat models against green IoT-based agriculture into five categories, including, attacks against privacy, authentication, confidentiality, availability, and integrity properties. Moreover, we provide a taxonomy and a side-by-side comparison of the state-of-the-art methods toward secure and privacy-preserving technologies for IoT applications and how they will be adapted for green IoT-based agriculture. In addition, we analyze the privacy-oriented blockchain-based solutions as well as consensus algorithms for IoT applications and how they will be adapted for green IoT-based agriculture. Based on the current survey, we highlight open research challenges and discuss possible future research directions in the security and privacy of green IoT-based agriculture

Secured Data Masking Framework and Technique for Preserving Privacy in a Business Intelligence Analytics Platform

The main concept behind business intelligence (BI) is how to use integrated data across different business systems within an enterprise to make strategic decisions. It is difficult to map internal and external BI’s users to subsets of the enterprise’s data warehouse (DW), resulting that protecting the privacy of this data while maintaining its utility is a challenging task. Today, such DW systems constitute one of the most serious privacy breach threats that an enterprise might face when many internal users of different security levels have access to BI components. This thesis proposes a data masking framework (iMaskU: Identify, Map, Apply, Sign, Keep testing, Utilize) for a BI platform to protect the data at rest, preserve the data format, and maintain the data utility on-the-fly querying level. A new reversible data masking technique (COntent BAsed Data masking - COBAD) is developed as an implementation of iMaskU. The masking algorithm in COBAD is based on the statistical content of the extracted dataset, so that, the masked data cannot be linked with specific individuals or be re-identified by any means. The strength of the re-identification risk factor for the COBAD technique has been computed using a supercomputer where, three security scheme/attacking methods are considered, a) the brute force attack, needs, on average, 55 years to crack the key of each record; b) the dictionary attack, needs 231 days to crack the same key for the entire extracted dataset (containing 50,000 records), c) a data linkage attack, the re-identification risk is very low when the common linked attributes are used. The performance validation of COBAD masking technique has been conducted. A database schema of 1GB is used in TPC-H decision support benchmark. The performance evaluation for the execution time of the selected TPC-H queries presented that the COBAD speed results are much better than AES128 and 3DES encryption. Theoretical and experimental results show that the proposed solution provides a reasonable trade-off between data security and the utility of re-identified data