CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection

Intrusion Detection Systems are an accepted and very useful option to monitor, and detect malicious activities. However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention

An Efficient Fog-Assisted Unstable Sensor Detection Scheme with Privacy Preserved

The Internet of Thing (IoT) has been a hot topic in both research community and industry. It is anticipated that in future IoT, an enormous number of sensors will collect the physical information every moment to enable the control center making better decisions to improve the quality of service (QoS). However, the sensors maybe faulty and thus generate inaccurate data which would compromise the decision making. To guarantee the QoS, the system should be able to detect faulty sensors so as to eliminate the damages of inaccurate data. Various faulty sensor detection mechanisms have been developed in the context of wireless sensor network (WSN). Some of them are only fit for WSN while the others would bring a communication burden to control center. To detect the faulty sensors for general IoT applications and save the communication resource at the same time, an efficient faulty sensor detection scheme is proposed in this paper. The proposed scheme takes advantage of fog computing to save the computation and communication resource of control center. To preserve the privacy of sensor data, the Paillier Cryptosystem is adopted in the fog computing. The batch verification technique is applied to achieve efficient authentication. The performance analyses are presented to demonstrate that the proposed detection scheme is able to conserve the communication resource of control center and achieve a high true positive ratio while maintaining an acceptable false positive ratio. The scheme could also withstand various security attacks and preserve data privacy.Comment: 11 pages, 5 figure

Delegating Private Quantum Computations

We give a protocol for the delegation of quantum computation on encrypted data. More specifically, we show that in a client-server scenario, where the client holds the encryption key for an encrypted quantum register held by the server, it is possible for the server to perform a universal set of quantum gates on the quantum data. All Clifford group gates are non-interactive, while the remaining non-Clifford group gate that we implement (the p/8 gate) requires the client to prepare and send a single random auxiliary qubit (chosen among four possibilities), and exchange classical communication. This construction improves on previous work, which requires either multiple auxiliary qubits or two-way quantum communication. Using a reduction to an entanglement-based protocol, we show privacy against any adversarial server according to a simulation-based security definition.Comment: 13 pages, 15 figures. This paper focuses on the theory contribution of arXiv:1309.258

Secure Mobile Identities

The unique identities of every mobile user (phone number,IMSI) and device (IMEI) are far from secure and are increasingly vulnerable to a variety of network-level threats. The exceedingly high reliance on the weak SIM authentication layer does not present any notion of end-to-end security for mobile users. We propose the design and implementation of Secure Mobile Identities (SMI), a repetitive key-exchange protocol that uses this weak SIM authentication as a foundation to enable mobile users to establish stronger identity authenticity. The security guarantees of SMI are directly reliant on the mobility of users and are further enhanced by external trusted entities providing trusted location signatures (e.g. trusted GPS, NFC synchronization points). In this paper, we demonstrate the efficacy of our protocol using an implementation and analysis across standard mobility models

Multimedia delivery in the future internet

The term “Networked Media” implies that all kinds of media including text, image, 3D graphics, audio and video are produced, distributed, shared, managed and consumed on-line through various networks, like the Internet, Fiber, WiFi, WiMAX, GPRS, 3G and so on, in a convergent manner [1]. This white paper is the contribution of the Media Delivery Platform (MDP) cluster and aims to cover the Networked challenges of the Networked Media in the transition to the Future of the Internet. Internet has evolved and changed the way we work and live. End users of the Internet have been confronted with a bewildering range of media, services and applications and of technological innovations concerning media formats, wireless networks, terminal types and capabilities. And there is little evidence that the pace of this innovation is slowing. Today, over one billion of users access the Internet on regular basis, more than 100 million users have downloaded at least one (multi)media file and over 47 millions of them do so regularly, searching in more than 160 Exabytes1 of content. In the near future these numbers are expected to exponentially rise. It is expected that the Internet content will be increased by at least a factor of 6, rising to more than 990 Exabytes before 2012, fuelled mainly by the users themselves. Moreover, it is envisaged that in a near- to mid-term future, the Internet will provide the means to share and distribute (new) multimedia content and services with superior quality and striking flexibility, in a trusted and personalized way, improving citizens’ quality of life, working conditions, edutainment and safety. In this evolving environment, new transport protocols, new multimedia encoding schemes, cross-layer inthe network adaptation, machine-to-machine communication (including RFIDs), rich 3D content as well as community networks and the use of peer-to-peer (P2P) overlays are expected to generate new models of interaction and cooperation, and be able to support enhanced perceived quality-of-experience (PQoE) and innovative applications “on the move”, like virtual collaboration environments, personalised services/ media, virtual sport groups, on-line gaming, edutainment. In this context, the interaction with content combined with interactive/multimedia search capabilities across distributed repositories, opportunistic P2P networks and the dynamic adaptation to the characteristics of diverse mobile terminals are expected to contribute towards such a vision. Based on work that has taken place in a number of EC co-funded projects, in Framework Program 6 (FP6) and Framework Program 7 (FP7), a group of experts and technology visionaries have voluntarily contributed in this white paper aiming to describe the status, the state-of-the art, the challenges and the way ahead in the area of Content Aware media delivery platforms

Barcoding-free BAC Pooling Enables Combinatorial Selective Sequencing of the Barley Gene Space

We propose a new sequencing protocol that combines recent advances in combinatorial pooling design and second-generation sequencing technology to efficiently approach de novo selective genome sequencing. We show that combinatorial pooling is a cost-effective and practical alternative to exhaustive DNA barcoding when dealing with hundreds or thousands of DNA samples, such as genome-tiling gene-rich BAC clones. The novelty of the protocol hinges on the computational ability to efficiently compare hundreds of million of short reads and assign them to the correct BAC clones so that the assembly can be carried out clone-by-clone. Experimental results on simulated data for the rice genome show that the deconvolution is extremely accurate (99.57% of the deconvoluted reads are assigned to the correct BAC), and the resulting BAC assemblies have very high quality (BACs are covered by contigs over about 77% of their length, on average). Experimental results on real data for a gene-rich subset of the barley genome confirm that the deconvolution is accurate (almost 70% of left/right pairs in paired-end reads are assigned to the same BAC, despite being processed independently) and the BAC assemblies have good quality (the average sum of all assembled contigs is about 88% of the estimated BAC length)

Providing distributed certificate authority service in mobile ad hoc networks

In this paper, we propose an architecture for providing distributed Certificate Authority (CA) service in Mobile Ad Hoc Networks (MANET), based on threshold cryptography. We have two major contributions: 1) we make use of the cluster structure to provide CA service, and design a scheme for locating CA server nodes in MANET; 2) we provide a proactive secret share update protocol, which periodically updates CA secret shares with low system overhead. Compared with existing approaches, our CA architecture provides faster CA services to user nodes at reduced system overhead. © 2005 IEEE.published_or_final_versio

PACT: Privacy Sensitive Protocols and Mechanisms for Mobile Contact Tracing

The global health threat from COVID-19 has been controlled in a number of instances by large-scale testing and contact tracing efforts. We created this document to suggest three functionalities on how we might best harness computing technologies to supporting the goals of public health organizations in minimizing morbidity and mortality associated with the spread of COVID-19, while protecting the civil liberties of individuals. In particular, this work advocates for a third-party free approach to assisted mobile contact tracing, because such an approach mitigates the security and privacy risks of requiring a trusted third party. We also explicitly consider the inferential risks involved in any contract tracing system, where any alert to a user could itself give rise to de-anonymizing information. More generally, we hope to participate in bringing together colleagues in industry, academia, and civil society to discuss and converge on ideas around a critical issue rising with attempts to mitigate the COVID-19 pandemic.Comment: 22 pages, 2 figure

EPDA: Enhancing Privacy-Preserving Data Authentication for Mobile Crowd Sensing

As a popular application, mobile crowd sensing systems aim at providing more convenient service via the swarm intelligence. With the popularity of sensor-embedded smart phones and intelligent wearable devices, mobile crowd sensing is becoming an efficient way to obtain various types of sensing data from individuals, which will make people's life more convenient. However, mobile crowd sensing systems today are facing a critical challenge, namely the privacy leakage of the sensitive information and valuable data, which can raise grave concerns among the participants. To address this issue, we propose an enhanced secure certificateless privacy-preserving verifiable data authentication scheme for mobile crowd sensing, named EPDA. The proposed scheme provides unconditional anonymous data authentication service for mobile crowd sensing, by deploying an improved certificateless ring signature as the cryptogram essential, in which the big sensing data should be signed by one of legitimate members in a specific group and could be verified without exposing the actual identity of the participant. The formal security proof demonstrates that EPDA is secure against existential forgery under adaptive chosen message and identity attacks in random oracle model. Finally, extensive simulations are conducted. The results show that the proposed EPDA efficiently decreases computational cost and time consumption in the sensing data authentication process

A Survey on Software-Defined VANETs: Benefits, Challenges, and Future Directions

The evolving of Fifth Generation (5G) networks isbecoming more readily available as a major driver of the growthof new applications and business models. Vehicular Ad hocNetworks (VANETs) and Software Defined Networking (SDN)represent the key enablers of 5G technology with the developmentof next generation intelligent vehicular networks and applica-tions. In recent years, researchers have focused on the integrationof SDN and VANET, and look at different topics related to thearchitecture, the benefits of software-defined VANET servicesand the new functionalities to adapt them. However, securityand robustness of the complete architecture is still questionableand have been largely negleted. Moreover, the deployment andintegration of novel entities and several architectural componentsdrive new security threats and vulnerabilities.In this paper, first we survey the state-of-the-art SDN basedVehicular ad-hoc Network (SDVN) architectures for their net-working infrastructure design, functionalities, benefits, and chal-lenges. Then we discuss these SDVN architectures against majorsecurity threats that violate the key security services such asavailability, confidentiality, authentication, and data integrity.We also propose different countermeasures to these threats.Finally, we discuss the lessons learned with the directions offuture research work towards provisioning stringent security andprivacy solutions in future SDVN architectures. To the best of ourknowledge, this is the first comprehensive work that presents sucha survey and analysis on SDVNs in the era of future generationnetworks (e.g., 5G, and Information centric networking) andapplications (e.g., intelligent transportation system, and IoT-enabled advertising in VANETs).Comment: 17 pages, 2 figure