PanCast: Listening to Bluetooth Beacons for Epidemic Risk Mitigation

During the ongoing COVID-19 pandemic, there have been burgeoning efforts to develop and deploy smartphone apps to expedite contact tracing and risk notification. Most of these apps track pairwise encounters between individuals via Bluetooth and then use these tracked encounters to identify and notify those who might have been in proximity of a contagious individual. Unfortunately, these apps have not yet proven sufficiently effective, partly owing to low adoption rates, but also due to the difficult tradeoff between utility and privacy and the fact that, in COVID-19, most individuals do not infect anyone but a few superspreaders infect many in superspreading events. In this paper, we proposePanCast, a privacy-preserving and inclusive system for epidemic risk assessment and notification that scales gracefully with adoption rates, utilizes location and environmental information to increase utility without tracking its users, and can be used to identify superspreading events. To this end, rather than capturing pairwise encounters between smartphones, our system utilizes Bluetooth encounters between beacons placed in strategic locations where superspreading events are most likely to occur and inexpensive, zero-maintenance, small devices that users can attach to their keyring. PanCast allows healthy individuals to use the system in a purely passive "radio" mode, and can assist and benefit from other digital and manual contact tracing systems. Finally, PanCast can be gracefully dismantled at the end of the pandemic, minimizing abuse from any malevolent government or entity

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

A transparent distributed ledger-based certificate revocation scheme for VANETs

The widespread adoption of Cooperative, Connected, and Automated Mobility (CCAM) applications requires the implementation of stringent security mechanisms to minimize the surface of cyber attacks. Authentication is an effective process for validating user identity in vehicular networks. However, authentication alone is not enough to prevent dangerous attack situations. Existing security mechanisms are not able to promptly revoke the credentials of misbehaving vehicles, thus tolerate malicious actors to remain trusted in the system for a long time. The resulting vulnerability window allows the implementation of complex attacks, thus posing a substantial impairment to the security of the vehicular ecosystem. In this paper we propose a Distributed Ledger-based Vehicular Revocation Scheme that improves the state of the art by providing a vulnerability window lower than 1 s, reducing well-behaved vehicles exposure to sophisticated and potentially dangerous attacks. The proposed scheme harnesses the advantages of the underlying Distributed Ledger Technology (DLT) to implement a privacy-aware revocation process while being fully transparent to all participating entities. Furthermore, it meets the critical message processing times defined by EU and US standards, thus closing a critical gap in the current international standards. Theoretical analysis and experimental validation demonstrate the effectiveness and efficiency of the proposed scheme, where DLT streamlines the revocation operation overhead and delivers an economically viable yet scalable solution against cyber attacks on vehicular systems

Quantum key distribution and cryptography: a survey

I will try to partially answer, based on a review on recent work, the following question: Can QKD and more generally quantum information be useful to cover some practical security requirements in current (and future) IT infrastructures ? I will in particular cover the following topics - practical performances of QKD - QKD network deployment - SECOQC project - Capabilities of QKD as a cryptographic primitive - comparative advantage with other solution, in order to cover practical security requirements - Quantum information and Side-channels - QKD security assurance - Thoughts about "real" Post-Quantum Cryptograph

Implementation of Faceted Values in Node.JS.

Information flow analysis is the study of mechanisms by which developers may protect sensitive data within an ecosystem containing untrusted third-party code. Secure multi-execution is one such mechanism that reliably prevents undesirable information flows, but a programmer’s use of secure multi-execution is itself challenging and prone to error. Faceted values have been shown to provide an alternative to secure multi-execution which is, in theory, functionally equivalent. The purpose of this work is to show that the theory holds in practice by implementing usable faceted values in JavaScript via source code transformation. The primary contribution of this project is to provide a library that makes these transformations possible in any standard JavaScript runtime without requiring native support. We build a pipeline that takes JavaScript code with syntactic support for faceted values and, through source code transformation, produces platform-independent JavaScript code containing functional faceted values. Our findings include a method by which we may optimize the use of faceted values through static analysis of the program’s information flow

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Multi-Factor Authentication: A Survey

Today, digitalization decisively penetrates all the sides of the modern society. One of the key enablers to maintain this process secure is authentication. It covers many different areas of a hyper-connected world, including online payments, communications, access right management, etc. This work sheds light on the evolution of authentication systems towards Multi-Factor Authentication (MFA) starting from Single-Factor Authentication (SFA) and through Two-Factor Authentication (2FA). Particularly, MFA is expected to be utilized for human-to-everything interactions by enabling fast, user-friendly, and reliable authentication when accessing a service. This paper surveys the already available and emerging sensors (factor providers) that allow for authenticating a user with the system directly or by involving the cloud. The corresponding challenges from the user as well as the service provider perspective are also reviewed. The MFA system based on reversed Lagrange polynomial within Shamir’s Secret Sharing (SSS) scheme is further proposed to enable more flexible authentication. This solution covers the cases of authenticating the user even if some of the factors are mismatched or absent. Our framework allows for qualifying the missing factors by authenticating the user without disclosing sensitive biometric data to the verification entity. Finally, a vision of the future trends in MFA is discussed.Peer reviewe

Tunable Security for Deployable Data Outsourcing

Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management