Enabling SDN in VANETs: What is the Impact on Security?

The demand for safe and secure journeys over roads and highways has been growing at a tremendous pace over recent decades. At the same time, the smart city paradigm has emerged to improve citizens’ quality of life by developing the smart mobility concept. Vehicular Ad hoc NETworks (VANETs) are widely recognized to be instrumental in realizing such concept, by enabling appealing safety and infotainment services. Such networks come with their own set of challenges, which range from managing high node mobility to securing data and user privacy. The Software Defined Networking (SDN) paradigm has been identified as a suitable solution for dealing with the dynamic network environment, the increased number of connected devices, and the heterogeneity of applications. While some preliminary investigations have been already conducted to check the applicability of the SDN paradigm to VANETs, and its presumed benefits for managing resources and mobility, it is still unclear what impact SDN will have on security and privacy. Security is a relevant issue in VANETs, because of the impact that threats can have on drivers’ behavior and quality of life. This paper opens a discussion on the security threats that future SDN-enabled VANETs will have to face, and investigates how SDN could be beneficial in building new countermeasures. The analysis is conducted in real use cases (smart parking, smart grid of electric vehicles, platooning, and emergency services), which are expected to be among the vehicular applications that will most benefit from introducing an SDN architecture

Security risks in cyber physical systems—A systematic mapping study

The increased need for constant connectivity and complete automation of existing systems fuels the popularity of Cyber Physical Systems (CPS) worldwide. Increasingly more, these systems are subjected to cyber attacks. In recent years, many major cyber-attack incidents on CPS have been recorded and, in turn, have been raising concerns in their users' minds. Unlike in traditional IT systems, the complex architecture of CPS consisting of embedded systems integrated with the Internet of Things (IoT) requires rather extensive planning, implementation, and monitoring of security requirements. One crucial step to planning, implementing, and monitoring of these requirements in CPS is the integration of the risk management process in the CPS development life cycle. Existing studies do not clearly portray the extent of damage that the unattended security issues in CPS can cause or have caused, in the incidents recorded. An overview of the possible risk management techniques that could be integrated into the development and maintenance of CPS contributing to improving its security level in its actual environment is missing. In this paper, we are set out to highlight the security requirements and issues specific to CPS that are discussed in scientific literature and to identify the state-of-the-art risk management processes adopted to identify, monitor, and control those security issues in CPS. For that, we conducted a systematic mapping study on the data collected from 312 papers published between 2000 and 2020, focused on the security requirements, challenges, and the risk management processes of CPS. Our work aims to form an overview of the security requirements and risks in CPS today and of those published contributions that have been made until now, towards improving the reliability of CPS. The results of this mapping study reveal (i) integrity authentication and confidentiality as the most targeted security attributes in CPS, (ii) model-based techniques as the most used risk identification and assessment and management techniques in CPS, (iii) cyber-security as the most common security risk in CPS, (iv) the notion of “mitigation measures” based on the type of system and the underline internationally recognized standard being the most used risk mitigation technique in CPS, (v) smart grids being the most targeted systems by cyber-attacks and thus being the most explored domain in CPS literature, and (vi) one of the major limitations, according to the selected literature, concerns the use of the fault trees for fault representation, where there is a possibility of runtime system faults not being accounted for. Finally, the mapping study draws implications for practitioners and researchers based on the findings.</p

Game theory for collaboration in future networks

Cooperative strategies have the great potential of improving network performance and spectrum utilization in future networking environments. This new paradigm in terms of network management, however, requires a novel design and analysis framework targeting a highly flexible networking solution with a distributed architecture. Game Theory is very suitable for this task, since it is a comprehensive mathematical tool for modeling the highly complex interactions among distributed and intelligent decision makers. In this way, the more convenient management policies for the diverse players (e.g. content providers, cloud providers, home providers, brokers, network providers or users) should be found to optimize the performance of the overall network infrastructure. The authors discuss in this chapter several Game Theory models/concepts that are highly relevant for enabling collaboration among the diverse players, using different ways to incentivize it, namely through pricing or reputation. In addition, the authors highlight several related open problems, such as the lack of proper models for dynamic and incomplete information games in this area.info:eu-repo/semantics/acceptedVersio

Application of metabolomic profiling and fingerprinting approaches to food fraud cases

[eng] Food fraud is an intentional and misleading act in food that generally does not comply with food law and is motivated by economic gain. It encompasses several fraudulent practices such as deception during manufacture, diversion into illicit supply chains, interventions with the food product, or misrepresentation. In this context, the coming to light of the horse meat scandal at the beginning of 2013 highlighted the shortcomings of the European system against food fraud, increasing concern and interest among European citizens and administrative bodies. Under these circumstances, in recent years, omics tools —comprising genomics, transcriptomics, proteomics, metabolomics, and elementomics/isotopollomics— have been applied to solve food fraud issues, along with biostatistics and chemometrics. In most cases, their application has relied on profiling (focusing on determining targeted secondary chemical markers) or fingerprinting approaches (based on the unspecific detection of instrumental responses without assuming any previous knowledge about the sample composition), overcoming the traditional targeted analysis. In particular, since a food product’s metabolome varies according to its biological nature and several external conditions (i.e., either from a natural or anthropogenic origin), metabolomics has shown excellent potential to assess several issues related to its authenticity and quality. Therefore, in this thesis, several metabolomic profiling and fingerprinting approaches were developed to address different food fraud cases. In this line, liquid chromatography coupled to low- or high-resolution mass spectrometry (LC–LRMS, LC–HRMS) was proposed for the targeted approaches. In contrast, non-targeted methods were based on liquid chromatography with ultraviolet detection (LC-UV) or fluorescence detection (LC-FLD), LC–HRMS, or direct mass spectrometry (MS)-based techniques. Furthermore, non-supervised and supervised chemometric techniques allowed sample assignation and classification. As a result, the proposed analytical methodologies were successfully applied to several food products —including paprika, nuts and seeds, hen eggs, vegetable oils, and red wine— guaranteeing their classification and authentication regarding the geographical origin, botanical origin, production system, or quality category.[cat] El frau alimentari és un acte intencionat i enganyós produït en els aliments que, generalment, no compleix amb la legislació alimentària i que està motivat per un benefici econòmic. La sortida a la llum de l’escàndol de la carn de cavall a principis del 2013 va posar de manifest les mancances del sistema europeu contra el frau alimentari, augmentant la preocupació i l’interès entre els ciutadans i els organismes administratius europeus. En aquestes circumstàncies, en els darrers anys, s’han aplicat eines òmiques —que inclouen la genòmica, la transcriptòmica, la proteòmica, la metabolòmica i l’elementòmica/isotopol·lòmica— per resoldre qüestions relacionades amb el frau alimentari, juntament amb bioestadística i quimiometria. En la majoria dels casos, la seva aplicació s’ha efectuat mitjançant estratègies basades en perfils (centrant-se en la determinació dirigida de marcadors químics secundaris) o empremtes dactilars (basades en la detecció inespecífica de respostes instrumental sense assumir cap coneixement previ sobre la composició de la mostra), superant l’anàlisi dirigida tradicional. En concret, com que el metaboloma d’un producte alimentari varia segons la seva naturalesa biològica i un seguit de condicions externes (siguin d’origen natural o antropogènic), la metabolòmica ha demostrat un excel·lent potencial per avaluar diverses qüestions relacionades amb la seva autenticitat i qualitat. En aquesta tesi, es van desenvolupar diverses estratègies de perfils i empremtes dactilars metabolòmiques per abordar alguns casos de frau alimentari. Així, es va proposar la cromatografia líquida acoblada a l’espectrometria de masses de baixa o alta resolució (LC–LRMS, LC–HRMS) per als enfocaments dirigits. En canvi, els mètodes no dirigits es van basar en la cromatografia líquida amb detecció ultraviolada (LC-UV) o fluorescent (LC-FLD), LC–HRMS o tècniques basades en l’espectrometria de masses (MS) directa. A més, tècniques quimiomètriques no supervisades i supervisades van permetre l’assignació i classificació de les mostres. Com a resultat, les metodologies analítiques proposades es van aplicar amb èxit a diferents productes alimentaris —incloent el pebre vermell, fruits secs i llavors, ous de gallina, olis vegetals i vi negre— garantint-ne la classificació i autenticació pel que fa a l’origen geogràfic, l’origen botànic, el sistema de producció o la categoria de qualitat

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Secure Routing and Medium Access Protocols inWireless Multi-hop Networks

While the rapid proliferation of mobile devices along with the tremendous growth of various applications using wireless multi-hop networks have significantly facilitate our human life, securing and ensuring high quality services of these networks are still a primary concern. In particular, anomalous protocol operation in wireless multi-hop networks has recently received considerable attention in the research community. These relevant security issues are fundamentally different from those of wireline networks due to the special characteristics of wireless multi-hop networks, such as the limited energy resources and the lack of centralized control. These issues are extremely hard to cope with due to the absence of trust relationships between the nodes. To enhance security in wireless multi-hop networks, this dissertation addresses both MAC and routing layers misbehaviors issues, with main focuses on thwarting black hole attack in proactive routing protocols like OLSR, and greedy behavior in IEEE 802.11 MAC protocol. Our contributions are briefly summarized as follows. As for black hole attack, we analyze two types of attack scenarios: one is launched at routing layer, and the other is cross layer. We then provide comprehensive analysis on the consequences of this attack and propose effective countermeasures. As for MAC layer misbehavior, we particularly study the adaptive greedy behavior in the context of Wireless Mesh Networks (WMNs) and propose FLSAC (Fuzzy Logic based scheme to Struggle against Adaptive Cheaters) to cope with it. A new characterization of the greedy behavior in Mobile Ad Hoc Networks (MANETs) is also introduced. Finally, we design a new backoff scheme to quickly detect the greedy nodes that do not comply with IEEE 802.11 MAC protocol, together with a reaction scheme that encourages the greedy nodes to become honest rather than punishing them

Sorafenib decreases proliferation and induces apoptosis of prostate cancer cells by inhibition of the androgen receptor and Akt signaling pathways

Antihormonal and chemotherapy are standard treatments for nonorgan-confined prostate cancer. The effectivity of these therapies is limited and the development of alternative approaches is necessary. In the present study, we report on the use of the multikinase inhibitor sorafenib in a panel of prostate cancer cell lines and their derivatives which mimic endocrine and chemotherapy resistance. 3H-thymidine incorporation assays revealed that sorafenib causes a dose-dependent inhibition of proliferation of all cell lines associated with downregulation of cyclin-dependent kinase 2 and cyclin D1 expression. Apoptosis was induced at 2 μM of sorafenib in androgen-sensitive cells, whereas a higher dose of the drug was needed in castration-resistant cell lines. Sorafenib stimulated apoptosis in prostate cancer cell lines through downregulation of myeloid cell leukemia-1 (MCL-1) expression and Akt phosphorylation. Although concentrations of sorafenib required for the antitumor effect in therapy-resistant sublines were higher than those needed in parental cells, the drug showed efficacy in cells which became resistant to bicalutamide and docetaxel respectively. Most interestingly, we show that sorafenib has an inhibitory effect on androgen receptor (AR) and prostate-specific antigen expression. In cells in which AR expression was downregulated by short interfering RNA, the treatment with sorafenib increased apoptosis in an additive manner. In summary, the results of the present study indicate that there is a potential to use sorafenib in prostate cancers as an adjuvant therapy option to current androgen ablation treatments, but also in progressed prostate cancers that become unresponsive to standard therapies

A Survey on Long-Range Wide-Area Network Technology Optimizations

Long-Range Wide-Area Network (LoRaWAN) enables flexible long-range service communications with low power consumption which is suitable for many IoT applications. The densification of LoRaWAN, which is needed to meet a wide range of IoT networking requirements, poses further challenges. For instance, the deployment of gateways and IoT devices are widely deployed in urban areas, which leads to interference caused by concurrent transmissions on the same channel. In this context, it is crucial to understand aspects such as the coexistence of IoT devices and applications, resource allocation, Media Access Control (MAC) layer, network planning, and mobility support, that directly affect LoRaWAN’s performance.We present a systematic review of state-of-the-art works for LoRaWAN optimization solutions for IoT networking operations. We focus on five aspects that directly affect the performance of LoRaWAN. These specific aspects are directly associated with the challenges of densification of LoRaWAN. Based on the literature analysis, we present a taxonomy covering five aspects related to LoRaWAN optimizations for efficient IoT networks. Finally, we identify key research challenges and open issues in LoRaWAN optimizations for IoT networking operations that must be further studied in the future

Address spreading in future Internet supporting both the unlinkability of communication relations and the filtering of non legitimate traffic

The rotation of identifiers is a common security mechanism to protect telecommunication; one example is the frequency hopping in wireless communication, used against interception, radio jamming and interferences. In this thesis, we extend this rotation concept to the Internet. We use the large IPv6 address space to build pseudo-random sequences of IPv6 addresses, known only by senders and receivers. The sequences are used to periodically generate new identifiers, each of them being ephemeral. It provides a new solution to identify a flow of data, packets not following the sequence of addresses will be rejected. We called this technique “address spreading”. Since the attackers cannot guess the next addresses, it is no longer possible to inject packets. The real IPv6 addresses are obfuscated, protecting against targeted attacks and against identification of the computer sending a flow of data. We have not modified the routing part of IPv6 addresses, so the spreading can be easily deployed on the Internet. The “address spreading” needs a synchronization between devices, and it has to take care of latency in the network. Otherwise, the identification will reject the packets (false positive detection). We evaluate this risk with a theoretical estimation of packet loss and by running tests on the Internet. We propose a solution to provide a synchronization between devices. Since the address spreading cannot be deployed without cooperation of end networks, we propose to use ephemeral addresses. Such addresses have a lifetime limited to the communication lifetime between two devices. The ephemeral addresses are based on a cooperation between end devices, they add a tag to each flow of packets, and an intermediate device on the path of the communication, which obfuscates the real address of data flows. The tagging is based on the Flow Label field of IPv6 packets. We propose an evaluation of the current implementations on common operating systems. We fixed on the Linux Kernel behaviours not following the current standards, and bugs on the TCP stack for flow labels. We also provide new features like reading the incoming flow labels and reflecting the flow labels on a socket

Bringing Stability to Wireless Mesh Networks

Wireless mesh networks were designed as a mean to rapidly deliver large-scale communication capabilities without the support of any prior infrastructure. Among the different properties of mesh networks, the self-organizing feature is particularly interesting for developing countries or for emergency situations. However, these benefits also bring new challenges. For example, the scheduling decision needs to be performed in a distributed manner at each node of the network. Toward this goal, most of the current mesh deployments are based on the IEEE 802.11 protocol, even if it was not designed for multi-hop communications. The main goals of this thesis are (i) to understand and model the behavior of IEEE 802.11-based mesh networks and more specifically the root causes that lead to congestion and network instability; (ii) to develop an experimental infrastructure in order to validate with measurements both the problems and the solutions discussed in this thesis; (iii) to build efficient hop-by-hop scheduling schemes that provide congestion control and inter-flow fairness in a practical way and that are backward-compatible with the current protocol; and (iv) to explain the non-monotonic relation between the end-to-end throughput and the source rate and to introduce a model to derive the rationale behind this artifact. First, we propose a Markovian model and we introduce the notion of stealing effect to explain the root causes behind the 3-hop stability boundary, where linear networks up to 3 hops are stable, and larger topologies are intrinsically unstable. We validate our analytical results both through simulations and through measurements on a small testbed deployment. Second, to support the experimental research presented in this thesis, we design and deploy a large-scale mesh network testbed on the EPFL campus. We plan our architecture to be as flexible as possible in order to support a wide range of other research areas such as IEEE 802.11 indoor localization and opportunistic routing. Third, we introduce EZ-flow, a novel hop-by-hop congestion-control mechanism that operates at the Medium Access Control layer. EZ-flow is fully backward-compatible with the existing IEEE 802.11 deployments and it works without any form of message passing. To perform its task EZ-flow takes advantage of the broadcast nature of the wireless medium in order to passively derive the queue size at the next-hop node. This information is then used by each node to adapt accordingly its channel access probability, through the contention window parameter of IEEE 802.11. After detailing the different components of EZ-flow, we analyze its performance analytically, through simulations and real measurements. Fourth, we show that hop-by-hop congestion-control can be efficiently performed at the network layer in order to not abuse the contention mechanism of IEEE 802.11. Additionally, we introduce a complete framework that jointly achieves congestion-control and fairness without requiring a prior knowledge of the network capacity region. To achieve the fairness part, we propose the Explore & Enhance algorithm that finds a fair and achievable rate allocation vector that maximizes a desired function of utility. We show experimentally that this algorithm reaches its objective by alternating between exploration phases (to discover the capacity region) and enhancement phases (to improve the utility through a gradient ascent). Finally, we note that, as opposed to wired networks, the multi-hop wireless capacity is usually unknown and time-varying. Therefore, we study how the end-to-end throughput evolves as a function of the source rate when operating both below and above the network capacity. We note that this evolution follows a non-monotonic curve and we explain, through an analytical model and simulations, the rationale behind the different transition points of this curve. Following our analysis, we show that no end-to-end congestion control can be throughput-optimal if it operates directly over IEEE 802.11. Hence, this supports the methodology of performing congestion control in a hop-by-hop manner. After validating experimentally the non-monotonicity, we compare through simulations different state-of-the-art scheduling schemes and we highlight the important tradeoff that exists in congestion-control schemes between efficiency (i.e., throughput-optimality) and robustness (i.e., no throughput collapse when the sources attempt to operate at a rate above the network capacity)