Survey and Systematization of Secure Device Pairing

Secure Device Pairing (SDP) schemes have been developed to facilitate secure communications among smart devices, both personal mobile devices and Internet of Things (IoT) devices. Comparison and assessment of SDP schemes is troublesome, because each scheme makes different assumptions about out-of-band channels and adversary models, and are driven by their particular use-cases. A conceptual model that facilitates meaningful comparison among SDP schemes is missing. We provide such a model. In this article, we survey and analyze a wide range of SDP schemes that are described in the literature, including a number that have been adopted as standards. A system model and consistent terminology for SDP schemes are built on the foundation of this survey, which are then used to classify existing SDP schemes into a taxonomy that, for the first time, enables their meaningful comparison and analysis.The existing SDP schemes are analyzed using this model, revealing common systemic security weaknesses among the surveyed SDP schemes that should become priority areas for future SDP research, such as improving the integration of privacy requirements into the design of SDP schemes. Our results allow SDP scheme designers to create schemes that are more easily comparable with one another, and to assist the prevention of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications Surveys & Tutorials 2017 (Volume: PP, Issue: 99

Design and Performance of a XBee 900 MHz Acquisition System Aimed at Industrial Applications

Wireless technologies are being introduced in industrial applications since they provide certain benefits, such as the flexibility to modify the layout of the nodes, improving connectivity with monitoring and decision nodes, adapting to mobile devices and reducing or eliminating cabling. However, companies are still reluctant to use them in time-critical applications, and consequently, more research is needed in order to be massively deployed in industrial environments. This paper goes in this direction by presenting a novel wireless acquisition system aimed at industrial applications. This system embeds a low-cost technology, such as XBee, not frequently considered for deterministic applications, for deploying industrial applications that must fulfill certain QoS requirements. The use of XBee 900 MHz modules allows for the use of the 2.4 GHz band for other purposes, such as connecting to cloud services, without causing interferences with critical applications. The system implements a time-slotted media access (TDMA) approach with a timely transmission scheduling of the messages on top of the XBee 900 MHz technology. The paper discusses the details of the acquisition system, including the topology, the nodes involved, the so-called coordinator node and smart measuring nodes, and the design of the frames. Smart measuring nodes are implemented by an original PCB which were specifically designed and manufactured. This board eases the connection of the sensors to the acquisition system. Experimental tests were carried out to validate the presented wireless acquisition system. Its applicability is shown in an industrial scenario for monitoring the positioning of an aeronautical reconfigurable tooling prototype. Both wired and wireless technologies were used to compare the variables monitored. The results proved that the followed approach may be an alternative for monitoring big machinery in indoor industrial environments, becoming especially suitable for acquiring values from sensors located in mobile parts or difficult-to-reach places.This research was funded by the Basque Government, through the project EKOHEGAZ (ELKARTEK KK-2021/00092), Diputación Foral de Álava (DFA) through the project CONAVANTER, and to the UPV/EHU through the project GIU20/063

PRACIS: Privacy-preserving and aggregatable cybersecurity information sharing

Cooperative cyberdefense has been recognized as an essential strategy to fight against cyberattacks. Cybersecurity Information Sharing (CIS), especially about threats and incidents, is a key aspect in this regard. CIS provides members with an improved situational awareness to prepare for and respond to future cyberthreats. Privacy preservation is critical in this context, since organizations can be reluctant to share information otherwise. This is particularly critical when CIS is facilitated through an untrusted infrastructure provided by a third party (e.g., the cloud). Despite this, current data formats and protocols for CIS do not guarantee any form of privacy preservation to participants. In this paper we introduce PRACIS, a scheme for CIS networks that guarantees private data forwarding and aggregation. PRACIS leverages the well-known Structured Threat Information Expression (STIX) standard data format. Remarkably, PRACIS can be seamlessly integrated with existing STIX-based message brokering middleware such as publish-subscribe architectures. PRACIS achieves these goals by combining standard format-preserving and homomorphic encryption primitives. We discuss experimental results obtained with a prototype implementation developed for a subset of STIX. Results show that entities may create up to 689 incidents per minute, far beyond the estimated average of 81. Moreover, aggregation of 104 incidents can be carried out in just 2.1 s, and the transmission overhead is just 13.5 kbps. Overall, these results suggest that the costs incurred by PRACIS are easily affordable in real-world scenarios.This work was partially supported by the MINECO grant TIN2013-46469-R (SPINY); the CAM grant S2013/ICE-3095 (CIBERDINE), which is co-funded by European FEDER; J. M. de Fuentes and L. Gonzalez were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid, Spain

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network

RETRACTED: Analyzing challenging aspects of IPv6 over IPv4

This article has been retracted by the publisher. This article has been retracted at the request of The International Arab Journal of Information Technology (IAJIT) report because of misconduct and plagiarism. The document and its content have been removed from the Jurnal Ilmiah Teknik Elektro Komputer dan Informatika, and reasonable effort should be made to remove all references to this article

Analyzing challenging aspects of IPv6 over IPv4

The exponential expansion of the Internet has exhausted the IPv4 addresses provided by IANA. The new IP edition, i.e. IPv6 introduced by IETF with new features such as a simplified packet header, a greater address space, a different address sort, improved encryption, powerful section routing, and stronger QoS. ISPs are slowly seeking to migrate from current IPv4 physical networks to new generation IPv6 networks. ‎The move from actual IPv4 to software-based IPv6 is very sluggish, since billions of computers across the globe use IPv4 addresses. The configuration and actions of IP4 and IPv6 protocols are distinct. Direct correspondence between IPv4 and IPv6 is also not feasible. In terms of the incompatibility problems, all protocols can co-exist throughout the transformation for a few years. Compatibility, interoperability, and stability are key concerns between IP4 and IPv6 protocols. After the conversion of the network through an IPv6, the move causes several issues for ISPs. The key challenges faced by ISPs are packet traversing, routing scalability, performance reliability, and protection. Within this study, we meticulously analyzed a detailed overview of all aforementioned issues during switching into ipv6 network

Inferring malicious network events in commercial ISP networks using traffic summarisation

With the recent increases in bandwidth available to home users, traffic rates for commercial national networks have also been increasing rapidly. This presents a problem for any network monitoring tool as the traffic rate they are expected to monitor is rising on a monthly basis. Security within these networks is para- mount as they are now an accepted home of trade and commerce. Core networks have been demonstrably and repeatedly open to attack; these events have had significant material costs to high profile targets. Network monitoring is an important part of network security, providing in- formation about potential security breaches and in understanding their impact. Monitoring at high data rates is a significant problem; both in terms of processing the information at line rates, and in terms of presenting the relevant information to the appropriate persons or systems. This thesis suggests that the use of summary statistics, gathered over a num- ber of packets, is a sensible and effective way of coping with high data rates. A methodology for discovering which metrics are appropriate for classifying signi- ficant network events using statistical summaries is presented. It is shown that the statistical measures found with this methodology can be used effectively as a metric for defining periods of significant anomaly, and further classifying these anomalies as legitimate or otherwise. In a laboratory environment, these metrics were used to detect DoS traffic representing as little as 0.1% of the overall network traffic. The metrics discovered were then analysed to demonstrate that they are ap- propriate and rational metrics for the detection of network level anomalies. These metrics were shown to have distinctive characteristics during DoS by the analysis of live network observations taken during DoS events. This work was implemented and operated within a live system, at multiple sites within the core of a commercial ISP network. The statistical summaries are generated at city based points of presence and gathered centrally to allow for spacial and topological correlation of security events. The architecture chosen was shown to be exible in its application. The system was used to detect the level of VoIP traffic present on the network through the implementation of packet size distribution analysis in a multi-gigabit environment. It was also used to detect unsolicited SMTP generators injecting messages into the core. ii Monitoring in a commercial network environment is subject to data protec- tion legislation. Accordingly the system presented processed only network and transport layer headers, all other data being discarded at the capture interface. The system described in this thesis was operational for a period of 6 months, during which a set of over 140 network anomalies, both malicious and benign were observed over a range of localities. The system design, example anomalies and metric analysis form the majority of this thesis

Modeling medical devices for plug-and-play interoperability

Thesis (M. Eng.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 2007.Includes bibliographical references (p. 181-187).One of the challenges faced by clinical engineers is to support the connectivity and interoperability of medical-electrical point-of-care devices. A system that could enable plug-and-play connectivity and interoperability for medical devices would improve patient safety, save hospitals time and money, and provide data for electronic medical records. However, existing medical device connectivity standards, such as IEEE 11073, have not been widely adopted by medical device manufacturers. This lack of adoption is likely due to the complexity of the existing standards and their poor support for legacy devices. We attempted to design a simpler, more flexible standard for an integrated clinical environment manager. Our standard, called the ICEMAN standard, provides a meta-model for describing medical devices and a communication protocol to enable plug-and-play connectivity for compliant devices. To demonstrate the capabilities of ICEMAN standard, we implemented a service-oriented system that can pair application requirements with device capabilities, based on the ICEMAN device meta-model. This system enables medical devices to interoperate with the manager in a driverless fashion. The system was tested using simulated medical devices.by Robert Matthew Hofmann.M.Eng

System architecture for the ASBGo* Smart Walker

Dissertação de mestrado em Engenharia Eletrónica Industrial e ComputadoresWeakness, mobility and balance problems are some of the obstacles that most certainly will go along with the last period of life, the old age. Also, those difficulties can strike young lives due to gait abnormalities resulted from degenerative diseases or even accidents. To patients with high motor deficit, traditional methods, such as wheelchairs, are usually prescribed, but the use of an assistive device that do not promotes the patient’s recovery will eventually lead him to a restrict daily life as well as a notable loss of motor skills. With previous questions in mind, the Adaptive System Behavior Group (ASBG) decided to develop a motorized smart walker capable of adapting to the needs of its users. The Adaptive System Behavior Group Project (ASBGo) counts already with four versions that have proved its worth in clinical environment and was renowned, for two consecutive times, as one of the best technological and innovating Portuguese research projects in the rehabilitation field. However, the electromechanical and software solutions of each prototype commonly impair the global development of the project, making each version obsolete, outdated or unusable. Now, it is time to go further and render these proof-of-concept devices in a mature version, excluding previous academic solutions and engineering a robust and trustworthy device that will establish this new rehabilitation concept. This master thesis, addressed to rehabilitation robotics, describes the design and implementation of a system architecture for the Adaptive System Behavior Group Project Star (ASBGo*) . The implementation of a unified modular system architecture embraces the development of software components, electronic hardware and electromechanical modifications required to its implementation. This new prototype is an upgrade of the all ASBGo previous versions, in which the sturdy and user-friendly solutions implemented provide robust tools for future development and usability. Firstly, the contextualization in the project was performed, including a brief study of robotic software platforms, the familiarity with the several ASBGo prototypes and the research of the best solutions to design a system architecture. Secondly, following a Top-Down strategy, the work plan was established bearing in mind the considerations to design and implement a global system architecture: definition of the main functionalities and behaviours of the prototype and, simultaneously, the strategies to be followed in the hardware, electromechanical and software development. Hereinafter, the development stage was conducted following an Hardware-Software co-design methodology. That strategy ensured that the design and implementation of electronic and electric circuits were in agreement with all system requirements guaranteeing trade-offs, robustness and safety. During all the development process, validations of the system were constantly performed and, in the end, intensive experimentations of the final device were executed in the laboratory with the intervention of colleagues of the ASBG group.Debilidade e dificuldades de mobilidade e equilíbrio são alguns dos problemas que muito certamente irão acompanhar o período final da vida, a velhice. Para além disso, esses problemas podem atingir jovens vidas devido a anomalias na marcha resultantes de doenças degenerativas ou até mesmo acidentes. Aos pacientes que apresentam um alto défice motor, métodos tradicionais, como cadeiras de rodas, são normalmente receitados. No entanto, o uso de dispositivos de assistência que não promovem a recuperação do paciente irão eventualmente levá-lo a uma vida restrita assim como a uma notável perda de capacidades motoras. Com tal ideias em mente, o Adaptive System Behavior Group (ASBG) decidiu desenvolver um andarilho inteligente motorizado capaz de se adaptar as necessidades dos seus utilizadores. O Adaptive System Behavior Group Project (ASBGo) já conta com quatro versões que provaram o seu valor em ambiente clínico e já foi reconhecido, por duas vezes consecutivas, como um dos projetos de investigação mais tecnológico e inovador na área de reabilitação. Contudo, as soluções eletromecânicas e de software de cada protótipo comprometem o desenvolvimento contínuo do projeto, tornando cada versão obsoleta, desatualizada e inutilizável. Agora, está na hora de ir mais longe e tornar estes dispositivos de prova de conceito numa versão mais madura, excluindo as soluções académicas anteriormente implementadas e concebendo um dispositivo robusto e fiável que irá afirmar este novo conceito de reabilitação. A presente dissertação de mestrado, no âmbito da robótica de reabilitação, descreve o design e implementação de uma arquitetura de sistema para o Adaptive System Behavior Group Project Star (ASBGo*). A implementação de uma arquitetura de sistema unificada e modular envolve o desenvolvimento de componentes de software, hardware eletrónico e modificações eletromecânicas necessárias à sua implementação. Este novo protótipo consiste numa melhoria avançada de todas as versões anteriores do ASBGo no qual as soluções vigorosas e acessíveis implementadas providenciam meios para desenvolvimento futuro e usabilidade. Inicialmente, foi realizada a contextualização no projeto que incluiu uma breve pesquisa de plataformas de software robótico, a familiarização com os diferentes protótipos ASBGo e o estudo das melhores soluções para a conceção da arquitetura do sistema. Seguindo uma estratégia Top-Down, o plano de trabalhos foi estabelecido tendo em conta considerações para o design e implementação de uma arquitetura de sistema unificada: definição das principais funcionalidades e comportamentos do protótipo e, concomitantemente, as estratégias a ser seguidas no desenvolvimento eletromecânico, de hardware e de software. Doravante, a fase de desenvolvimento foi acompanhada por uma metodologia de Hardware-Software co-design. Esta estratégia assegurou a concordância entre o design e a implementação de circuitos eletrónicos e elétricos e todos os requisitos do sistema garantindo desta forma, trade-offs, robustez e segurança. Durante todo o processo de desenvolvimento, validações do sistema foram constantemente realizadas, sendo que no final testes intensivos ao produto final foram executados em laboratório com a intervenção dos colegas do grupo ASBG