407 research outputs found

    Efficient Security Protocols for Constrained Devices

    Get PDF
    During the last decades, more and more devices have been connected to the Internet.Today, there are more devices connected to the Internet than humans.An increasingly more common type of devices are cyber-physical devices.A device that interacts with its environment is called a cyber-physical device.Sensors that measure their environment and actuators that alter the physical environment are both cyber-physical devices.Devices connected to the Internet risk being compromised by threat actors such as hackers.Cyber-physical devices have become a preferred target for threat actors since the consequence of an intrusion disrupting or destroying a cyber-physical system can be severe.Cyber attacks against power and energy infrastructure have caused significant disruptions in recent years.Many cyber-physical devices are categorized as constrained devices.A constrained device is characterized by one or more of the following limitations: limited memory, a less powerful CPU, or a limited communication interface.Many constrained devices are also powered by a battery or energy harvesting, which limits the available energy budget.Devices must be efficient to make the most of the limited resources.Mitigating cyber attacks is a complex task, requiring technical and organizational measures.Constrained cyber-physical devices require efficient security mechanisms to avoid overloading the systems limited resources.In this thesis, we present research on efficient security protocols for constrained cyber-physical devices.We have implemented and evaluated two state-of-the-art protocols, OSCORE and Group OSCORE.These protocols allow end-to-end protection of CoAP messages in the presence of untrusted proxies.Next, we have performed a formal protocol verification of WirelessHART, a protocol for communications in an industrial control systems setting.In our work, we present a novel attack against the protocol.We have developed a novel architecture for industrial control systems utilizing the Digital Twin concept.Using a state synchronization protocol, we propagate state changes between the digital and physical twins.The Digital Twin can then monitor and manage devices.We have also designed a protocol for secure ownership transfer of constrained wireless devices. Our protocol allows the owner of a wireless sensor network to transfer control of the devices to a new owner.With a formal protocol verification, we can guarantee the security of both the old and new owners.Lastly, we have developed an efficient Private Stream Aggregation (PSA) protocol.PSA allows devices to send encrypted measurements to an aggregator.The aggregator can combine the encrypted measurements and calculate the decrypted sum of the measurements.No party will learn the measurement except the device that generated it

    Classification of networks-on-chip in the context of analysis of promising self-organizing routing algorithms

    Full text link
    This paper contains a detailed analysis of the current state of the network-on-chip (NoC) research field, based on which the authors propose the new NoC classification that is more complete in comparison with previous ones. The state of the domain associated with wireless NoC is investigated, as the transition to these NoCs reduces latency. There is an assumption that routing algorithms from classical network theory may demonstrate high performance. So, in this article, the possibility of the usage of self-organizing algorithms in a wireless NoC is also provided. This approach has a lot of advantages described in the paper. The results of the research can be useful for developers and NoC manufacturers as specific recommendations, algorithms, programs, and models for the organization of the production and technological process.Comment: 10 p., 5 fig. Oral presentation on APSSE 2021 conferenc

    Context-aware and user bahavior-based continuous authentication for zero trust access control in smart homes

    Get PDF
    Orientador: Aldri Luiz dos SantosDissertação (mestrado) - Universidade Federal do Paraná, Setor de Ciências Exatas, Programa de Pós-Graduação em Informática. Defesa : Curitiba, 24/02/2023Inclui referências: p. 96-106Área de concentração: Ciência da ComputaçãoResumo: Embora as casas inteligentes tenham se tornado populares recentemente, as pessoas ainda estão muito preocupadas com questões de segurança, proteção e privacidade. Estudos revelaram que questões de privacidade das pessoas geram prejuízos fisiológicos e financeiros porque as casas inteligentes são ambientes de convivência íntima. Além disso, nossa pesquisa revelou que os ataques de impersonificação são uma das ameaças mais graves contra casas inteligentes porque comprometem a confidencialidade, autenticidade, integridade e não repúdio. Normalmente, abordagens para construir segurança para Sistemas de Casas Inteligentes (SHS) requerem dados históricos para implementar controle de acesso e Sistemas de Detecção de Intrusão (IDS), uma vulnerabilidade à privacidade dos habitantes. Além disso, a maioria dos trabalhos depende de computação em nuvem ou recursos na nuvem para executar tarefas de segurança, que os invasores podem atacar para atingir a confidencialidade, integridade e disponibilidade. Além disso, os pesquisadores não consideram o uso indevido de SHS ao forçar os usuários a interagir com os dispositivos por meio de seus smartphones ou tablets, pois eles costumam interagir por qualquer meio, como assistentes virtuais e os próprios dispositivos. Portanto, os requisitos do sistema de segurança para residências inteligentes devem compreender percepção de privacidade, resposta de baixa latência, localidade espacial e temporal, extensibilidade de dispositivo, proteção contra impersonificação, isolamento de dispositivo, garantia de controle de acesso e levar em consideração a verificação atualizada com um sistema confiável. Para atender a esses requisitos, propomos o sistema ZASH (Zero-Aware Smart Home) para fornecer controle de acesso para as ações do usuário em dispositivos em casas inteligentes. Em contraste com os trabalhos atuais, ele aproveita a autenticação contínua com o paradigma de Confiança Zero suportado por ontologias configuradas, contexto em tempo real e atividade do usuário. A computação de borda e a Cadeia de Markov permitem que o ZASH evite e mitigue ataques de impersonificação que visam comprometer a segurança dos usuários. O sistema depende apenas de recursos dentro de casa, é autossuficiente e está menos exposto à exploração externa. Além disso, funciona desde o dia zero sem a exigência de dados históricos, embora conte com o passar do tempo para monitorar o comportamento dos usuários. O ZASH exige prova de identidade para que os usuários confirmem sua autenticidade por meio de características fortes da classe Something You Are. O sistema executa o controle de acesso nos dispositivos inteligentes, portanto, não depende de intermediários e considera qualquer interação usuário-dispositivo. A princípio, um teste inicial de algoritmos com um conjunto de dados sintético demonstrou a capacidade do sistema de se adaptar dinamicamente aos comportamentos de novos usuários, bloqueando ataques de impersonificação. Por fim, implementamos o ZASH no simulador de rede ns-3 e analisamos sua robustez, eficiência, extensibilidade e desempenho. De acordo com nossa análise, ele protege a privacidade dos usuários, responde rapidamente (cerca de 4,16 ms), lida com a adição e remoção de dispositivos, bloqueia a maioria dos ataques de impersonificação (até 99% com uma configuração adequada), isola dispositivos inteligentes e garante o controle de acesso para todas as interações.Abstract: Although smart homes have become popular recently, people are still highly concerned about security, safety, and privacy issues. Studies revealed that issues in people's privacy generate physiological and financial harm because smart homes are intimate living environments. Further, our research disclosed that impersonation attacks are one of the most severe threats against smart homes because they compromise confidentiality, authenticity, integrity, and non-repudiation. Typically, approaches to build security for Smart Home Systems (SHS) require historical data to implement access control and Intrusion Detection Systems (IDS), a vulnerability to the inhabitant's privacy. Additionally, most works rely on cloud computing or resources in the cloud to perform security tasks, which attackers can exploit to target confidentiality, integrity, and availability. Moreover, researchers do not regard the misuse of SHS by forcing users to interact with devices through their smartphones or tablets, as they usually interact by any means, like virtual assistants and devices themselves. Therefore, the security system requirements for smart homes should comprehend privacy perception, low latency in response, spatial and temporal locality, device extensibility, protection against impersonation, device isolation, access control enforcement, and taking into account the refresh verification with a trustworthy system. To attend to those requirements, we propose the ZASH (Zero-Aware Smart Home) system to provide access control for the user's actions on smart devices in smart homes. In contrast to current works, it leverages continuous authentication with the Zero Trust paradigm supported by configured ontologies, real-time context, and user activity. Edge computing and Markov Chain enable ZASH to prevent and mitigate impersonation attacks that aim to compromise users' security. The system relies only on resources inside the house, is self-sufficient, and is less exposed to outside exploitation. Furthermore, it works from day zero without the requirement of historical data, though it counts on that as time passes to monitor the users' behavior. ZASH requires proof of identity for users to confirm their authenticity through strong features of the Something You Are class. The system enforces access control in smart devices, so it does not depend on intermediaries and considers any user-device interaction. At first, an initial test of algorithms with a synthetic dataset demonstrated the system's capability to dynamically adapt to new users' behaviors withal blocking impersonation attacks. Finally, we implemented ZASH in the ns-3 network simulator and analyzed its robustness, efficiency, extensibility, and performance. According to our analysis, it protects users' privacy, responds quickly (around 4.16 ms), copes with adding and removing devices, blocks most impersonation attacks (up to 99% with a proper configuration), isolates smart devices, and enforces access control for all interactions

    Security of Electrical, Optical and Wireless On-Chip Interconnects: A Survey

    Full text link
    The advancement of manufacturing technologies has enabled the integration of more intellectual property (IP) cores on the same system-on-chip (SoC). Scalable and high throughput on-chip communication architecture has become a vital component in today's SoCs. Diverse technologies such as electrical, wireless, optical, and hybrid are available for on-chip communication with different architectures supporting them. Security of the on-chip communication is crucial because exploiting any vulnerability would be a goldmine for an attacker. In this survey, we provide a comprehensive review of threat models, attacks, and countermeasures over diverse on-chip communication technologies as well as sophisticated architectures.Comment: 41 pages, 24 figures, 4 table

    An improved non-local awareness of congestion and load balanced algorithm for the communication of on chip 2D mesh-based network

    Get PDF
    Due to advancements in multi-core design technology, IC (Integrated Circuits) designers have expanded the single chip multi-core design. A privileged way of communication effectively between these multi-cores is a Network on-chip (NoC). Design of an effective routing algorithm capable of routing data to non-congested paths is the most notable research challenge in NoC, by retrieving congestion information of non-local nodes. This research proposed an improved congestion-aware load balancing routing algorithm. Non-local or distant links congestion awareness is done by propagating congestion information via data packets. By counting number of hops from the source node, in the quadrant of the destination node, an intermediate node has been defined, and after the calculation of the least congested route to the intermediate node, this route is also stored in the data packet for source routing. Furthermore, for load balancing network is partitioned into two areas called high congested area (HCA) and low congested area (LCA). For load balancing, from HCA a node in LCA is selected as output for data packets. Comparison of the proposed algorithm is done in the form of average latency, average throughput, power consumption, and scalability analysis under synthetic traffic patterns. Under simulation experiments, it is shown improvement in an average latency and throughput of the proposed algorithm is 31.28% and 5.28% respectively, than existing

    Improving Security for the Internet of Things: Applications of Blockchain, Machine Learning and Inter-Pulse Interval

    Get PDF
    The Internet of Things (IoT) is a concept where physical objects of various sizes can seamlessly connect and communicate with each other without human intervention. The concept covers various applications, including healthcare, utility services, automotive/vehicular transportation, smart agriculture and smart city. The number of interconnected IoT devices has recently grown rapidly as a result of technological advancement in communications and computational systems. Consequently, this trend also highlights the need to address issues associated with IoT, the biggest risk of which is commonly known to be security. This thesis focuses on three selected security challenges from the IoT application areas of connected and autonomous vehicles (CAVs), Internet of Flying Things (IoFT), and human body interface and control systems (HBICS). For each of these challenges, a novel and innovative solution is proposed to address the identified problems. The research contributions of this thesis to the literature can be summarised as follows: • A blockchain-based conditionally anonymised pseudonym management scheme for CAVs, supporting multi-jurisdictional road networks. • A Sybil attack detection scheme for IoFT using machine learning carried out on intrinsically generated physical layer data of radio signals. • A potential approach of using inter-pulse interval (IPI) biometrics for frequency hopping to mitigate jamming attacks on HBICS devices

    Navigating the IoT landscape: Unraveling forensics, security issues, applications, research challenges, and future

    Full text link
    Given the exponential expansion of the internet, the possibilities of security attacks and cybercrimes have increased accordingly. However, poorly implemented security mechanisms in the Internet of Things (IoT) devices make them susceptible to cyberattacks, which can directly affect users. IoT forensics is thus needed for investigating and mitigating such attacks. While many works have examined IoT applications and challenges, only a few have focused on both the forensic and security issues in IoT. Therefore, this paper reviews forensic and security issues associated with IoT in different fields. Future prospects and challenges in IoT research and development are also highlighted. As demonstrated in the literature, most IoT devices are vulnerable to attacks due to a lack of standardized security measures. Unauthorized users could get access, compromise data, and even benefit from control of critical infrastructure. To fulfil the security-conscious needs of consumers, IoT can be used to develop a smart home system by designing a FLIP-based system that is highly scalable and adaptable. Utilizing a blockchain-based authentication mechanism with a multi-chain structure can provide additional security protection between different trust domains. Deep learning can be utilized to develop a network forensics framework with a high-performing system for detecting and tracking cyberattack incidents. Moreover, researchers should consider limiting the amount of data created and delivered when using big data to develop IoT-based smart systems. The findings of this review will stimulate academics to seek potential solutions for the identified issues, thereby advancing the IoT field.Comment: 77 pages, 5 figures, 5 table

    Circuits and Systems Advances in Near Threshold Computing

    Get PDF
    Modern society is witnessing a sea change in ubiquitous computing, in which people have embraced computing systems as an indispensable part of day-to-day existence. Computation, storage, and communication abilities of smartphones, for example, have undergone monumental changes over the past decade. However, global emphasis on creating and sustaining green environments is leading to a rapid and ongoing proliferation of edge computing systems and applications. As a broad spectrum of healthcare, home, and transport applications shift to the edge of the network, near-threshold computing (NTC) is emerging as one of the promising low-power computing platforms. An NTC device sets its supply voltage close to its threshold voltage, dramatically reducing the energy consumption. Despite showing substantial promise in terms of energy efficiency, NTC is yet to see widescale commercial adoption. This is because circuits and systems operating with NTC suffer from several problems, including increased sensitivity to process variation, reliability problems, performance degradation, and security vulnerabilities, to name a few. To realize its potential, we need designs, techniques, and solutions to overcome these challenges associated with NTC circuits and systems. The readers of this book will be able to familiarize themselves with recent advances in electronics systems, focusing on near-threshold computing

    Location Privacy in VANETs: Improved Chaff-Based CMIX and Privacy-Preserving End-to-End Communication

    Get PDF
    VANETs communication systems are technologies and defined policies that can be formed to enable ITS applications to provide road traffic efficacy, warning about such issues as environmental dangers, journey circumstances, and in the provision of infotainment that considerably enhance transportation safety and quality. The entities in VANETs, generally vehicles, form part of a massive network known as the Internet of Vehicles (IoV). The deployment of large-scale VANETs systems is impossible without ensuring that such systems are themselves are safe and secure, protecting the privacy of their users. There is a risk that cars might be hacked, or their sensors become defective, causing inaccurate information to be sent across the network. Consequently, the activities and credentials of participating vehicles should be held responsible and quickly broadcast throughout a vast VANETs, considering the accountability in the system. The openness of wireless communication means that an observer can eavesdrop on vehicular communication and gain access or otherwise deduce users' sensitive information, and perhaps profile vehicles based on numerous factors such as tracing their travels and the identification of their home/work locations. In order to protect the system from malicious or compromised entities, as well as to preserve user privacy, the goal is to achieve communication security, i.e., keep users' identities hidden from both the outside world and the security infrastructure and service providers. Being held accountable while still maintaining one's privacy is a difficult balancing act. This thesis explores novel solution paths to the above challenges by investigating the impact of low-density messaging to improve the security of vehicle communications and accomplish unlinkability in VANETs. This is achieved by proposing an improved chaff-based CMIX protocol that uses fake messages to increase density to mitigate tracking in this scenario. Recently, Christian \etall \cite{vaas2018nowhere} proposed a Chaff-based CMIX scheme that sends fake messages under the presumption low-density conditions to enhance vehicle privacy and confuse attackers. To accomplish full unlinkability, we first show the following security and privacy vulnerabilities in the Christian \etall scheme: linkability attacks outside the CMIX may occur due to deterministic data-sharing during the authentication phase (e.g., duplicate certificates for each communication). Adversaries may inject fake certificates, which breaks Cuckoo Filters' (CFs) updates authenticity, and the injection may be deniable. CMIX symmetric key leakage outside the coverage may occur. We propose a VPKI-based protocol to mitigate these issues. First, we use a modified version of Wang \etall's \cite{wang2019practical} scheme to provide mutual authentication without revealing the real identity. To this end, a vehicle's messages are signed with a different pseudo-identity “certificate”. Furthermore, the density is increased via the sending of fake messages during low traffic periods to provide unlinkability outside the mix-zone. Second, unlike Christian \etall's scheme, we use the Adaptive Cuckoo Filter (ACF) instead of CF to overcome the effects of false positives on the whole filter. Moreover, to prevent any alteration of the ACFs, only RUSs distribute the updates, and they sign the new fingerprints. Third, mutual authentication prevents any leakage from the mix zones' symmetric keys by generating a fresh one for each communication through a Diffie–Hellman key exchange. As a second main contribution of this thesis, we focus on the V2V communication without the interference of a Trusted Third Party (TTP)s in case this has been corrupted, destroyed, or is out of range. This thesis presents a new and efficient end-to-end anonymous key exchange protocol based on Yang \etall's \cite{yang2015self} self-blindable signatures. In our protocol, vehicles first privately blind their own private certificates for each communication outside the mix-zone and then compute an anonymous shared key based on zero-knowledge proof of knowledge (PoK). The efficiency comes from the fact that once the signatures are verified, the ephemeral values in the PoK are also used to compute a shared key through an authenticated Diffie-Hellman key exchange protocol. Therefore, the protocol does not require any further external information to generate a shared key. Our protocol also does not require interfacing with the Roadside Units or Certificate Authorities, and hence can be securely run outside the mixed-zones. We demonstrate the security of our protocol in ideal/real simulation paradigms. Hence, our protocol achieves secure authentication, forward unlinkability, and accountability. Furthermore, the performance analysis shows that our protocol is more efficient in terms of computational and communications overheads compared to existing schemes.Kuwait Cultural Offic
    corecore