A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC

A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC

A multi-disciplinary framework for cyber attribution

Effective Cyber security is critical to the prosperity of any nation in the modern world. We have become dependant upon this interconnected network of systems for a number of critical functions within society. As our reliance upon this technology has increased, as has the prospective gains for malicious actors who would abuse these systems for their own personal benefit, at the cost of legitimate users. The result has been an explosion of cyber attacks, or cyber enabled crimes. The threat from hackers, organised criminals and even nations states is ever increasing. One of the critical enablers to our cyber security is that of cyber attribution, the ability to tell who is acting against our systems. A purely technical approach to cyber attribution has been found to be ineffective in the majority of cases, taking too narrow approach to the attribution problem. A purely technical approach will provide Indicators Of Compromise (IOC) which is suitable for the immediate recovery and clean up of a cyber event. It fails however to ask the deeper questions of the origin of the attack. This can be derived from a wider set of analysis and additional sources of data. Unfortunately due to the wide range of data types and highly specialist skills required to perform the deep level analysis there is currently no common framework for analysts to work together towards resolving the attribution problem. This is further exasperated by a communication barrier between the highly specialised fields and no obviously compatible data types. The aim of the project is to develop a common framework upon which experts from a number of disciplines can add to the overall attribution picture. These experts will add their input in the form of a library. Firstly a process was developed to enable the creation of compatible libraries in different specialist fields. A series of libraries can be used by an analyst to create an overarching attribution picture. The framework will highlight any intelligence gaps and additionally an analyst can use the list of libraries to suggest a tool or method to fill that intelligence gap. By the end of the project a working framework had been developed with a number of libraries from a wide range of technical attribution disciplines. These libraries were used to feed in real time intelligence to both technical and nontechnical analysts who were then able to use this information to perform in depth attribution analysis. The pictorial format of the framework was found to assist in the breaking down of the communication barrier between disciplines and was suitable as an intelligence product in its own right, providing a useful visual aid to briefings. The simplicity of the library based system meant that the process was easy to learn with only a short introduction to the framework required

A composable approach to design of newer techniques for large-scale denial-of-service attack attribution

Since its early days, the Internet has witnessed not only a phenomenal growth, but also a large number of security attacks, and in recent years, denial-of-service (DoS) attacks have emerged as one of the top threats. The stateless and destination-oriented Internet routing combined with the ability to harness a large number of compromised machines and the relative ease and low costs of launching such attacks has made this a hard problem to address. Additionally, the myriad requirements of scalability, incremental deployment, adequate user privacy protections, and appropriate economic incentives has further complicated the design of DDoS defense mechanisms. While the many research proposals to date have focussed differently on prevention, mitigation, or traceback of DDoS attacks, the lack of a comprehensive approach satisfying the different design criteria for successful attack attribution is indeed disturbing. Our first contribution here has been the design of a composable data model that has helped us represent the various dimensions of the attack attribution problem, particularly the performance attributes of accuracy, effectiveness, speed and overhead, as orthogonal and mutually independent design considerations. We have then designed custom optimizations along each of these dimensions, and have further integrated them into a single composite model, to provide strong performance guarantees. Thus, the proposed model has given us a single framework that can not only address the individual shortcomings of the various known attack attribution techniques, but also provide a more wholesome counter-measure against DDoS attacks. Our second contribution here has been a concrete implementation based on the proposed composable data model, having adopted a graph-theoretic approach to identify and subsequently stitch together individual edge fragments in the Internet graph to reveal the true routing path of any network data packet. The proposed approach has been analyzed through theoretical and experimental evaluation across multiple metrics, including scalability, incremental deployment, speed and efficiency of the distributed algorithm, and finally the total overhead associated with its deployment. We have thereby shown that it is realistically feasible to provide strong performance and scalability guarantees for Internet-wide attack attribution. Our third contribution here has further advanced the state of the art by directly identifying individual path fragments in the Internet graph, having adopted a distributed divide-and-conquer approach employing simple recurrence relations as individual building blocks. A detailed analysis of the proposed approach on real-life Internet topologies with respect to network storage and traffic overhead, has provided a more realistic characterization. Thus, not only does the proposed approach lend well for simplified operations at scale but can also provide robust network-wide performance and security guarantees for Internet-wide attack attribution. Our final contribution here has introduced the notion of anonymity in the overall attack attribution process to significantly broaden its scope. The highly invasive nature of wide-spread data gathering for network traceback continues to violate one of the key principles of Internet use today - the ability to stay anonymous and operate freely without retribution. In this regard, we have successfully reconciled these mutually divergent requirements to make it not only economically feasible and politically viable but also socially acceptable. This work opens up several directions for future research - analysis of existing attack attribution techniques to identify further scope for improvements, incorporation of newer attributes into the design framework of the composable data model abstraction, and finally design of newer attack attribution techniques that comprehensively integrate the various attack prevention, mitigation and traceback techniques in an efficient manner

Contributions to Context-Aware Smart Healthcare: A Security and Privacy Perspective

Les tecnologies de la informació i la comunicació han canviat les nostres vides de manera irreversible. La indústria sanitària, una de les indústries més grans i de major creixement, està dedicant molts esforços per adoptar les últimes tecnologies en la pràctica mèdica diària. Per tant, no és sorprenent que els paradigmes sanitaris estiguin en constant evolució cercant serveis més eficients, eficaços i sostenibles. En aquest context, el potencial de la computació ubiqua mitjançant telèfons intel·ligents, rellotges intel·ligents i altres dispositius IoT ha esdevingut fonamental per recopilar grans volums de dades, especialment relacionats amb l'estat de salut i la ubicació de les persones. Les millores en les capacitats de detecció juntament amb l'aparició de xarxes de telecomunicacions d'alta velocitat han facilitat la implementació d'entorns sensibles al context, com les cases i les ciutats intel·ligents, capaços d'adaptar-se a les necessitats dels ciutadans. La interacció entre la computació ubiqua i els entorns sensibles al context va obrir la porta al paradigma de la salut intel·ligent, centrat en la prestació de serveis de salut personalitzats i de valor afegit mitjançant l'explotació de grans quantitats de dades sanitàries, de mobilitat i contextuals. No obstant, la gestió de dades sanitàries, des de la seva recollida fins a la seva anàlisi, planteja una sèrie de problemes desafiants a causa del seu caràcter altament confidencial. Aquesta tesi té per objectiu abordar diversos reptes de seguretat i privadesa dins del paradigma de la salut intel·ligent. Els resultats d'aquesta tesi pretenen ajudar a la comunitat científica a millorar la seguretat dels entorns intel·ligents del futur, així com la privadesa dels ciutadans respecte a les seves dades personals i sanitàries.Las tecnologías de la información y la comunicación han cambiado nuestras vidas de forma irreversible. La industria sanitaria, una de las industrias más grandes y de mayor crecimiento, está dedicando muchos esfuerzos por adoptar las últimas tecnologías en la práctica médica diaria. Por tanto, no es sorprendente que los paradigmas sanitarios estén en constante evolución en busca de servicios más eficientes, eficaces y sostenibles. En este contexto, el potencial de la computación ubicua mediante teléfonos inteligentes, relojes inteligentes, dispositivos wearables y otros dispositivos IoT ha sido fundamental para recopilar grandes volúmenes de datos, especialmente relacionados con el estado de salud y la localización de las personas. Las mejoras en las capacidades de detección junto con la aparición de redes de telecomunicaciones de alta velocidad han facilitado la implementación de entornos sensibles al contexto, como las casas y las ciudades inteligentes, capaces de adaptarse a las necesidades de los ciudadanos. La interacción entre la computación ubicua y los entornos sensibles al contexto abrió la puerta al paradigma de la salud inteligente, centrado en la prestación de servicios de salud personalizados y de valor añadido mediante la explotación significativa de grandes cantidades de datos sanitarios, de movilidad y contextuales. No obstante, la gestión de datos sanitarios, desde su recogida hasta su análisis, plantea una serie de cuestiones desafiantes debido a su naturaleza altamente confidencial. Esta tesis tiene por objetivo abordar varios retos de seguridad y privacidad dentro del paradigma de la salud inteligente. Los resultados de esta tesis pretenden ayudar a la comunidad científica a mejorar la seguridad de los entornos inteligentes del futuro, así como la privacidad de los ciudadanos con respecto a sus datos personales y sanitarios.Information and communication technologies have irreversibly changed our lives. The healthcare industry, one of the world’s largest and fastest-growing industries, is dedicating many efforts in adopting the latest technologies into daily medical practice. It is not therefore surprising that healthcare paradigms are constantly evolving seeking for more efficient, effective and sustainable services. In this context, the potential of ubiquitous computing through smartphones, smartwatches, wearables and IoT devices has become fundamental to collect large volumes of data, including people's health status and people’s location. The enhanced sensing capabilities together with the emergence of high-speed telecommunication networks have facilitated the implementation of context-aware environments, such as smart homes and smart cities, able to adapt themselves to the citizens needs. The interplay between ubiquitous computing and context-aware environments opened the door to the so-called smart health paradigm, focused on the provision of added-value personalised health services by meaningfully exploiting vast amounts of health, mobility and contextual data. However, the management of health data, from their gathering to their analysis, arises a number of challenging issues due to their highly confidential nature. In particular, this dissertation addresses several security and privacy challenges within the smart health paradigm. The results of this dissertation are intended to help the research community to enhance the security of the intelligent environments of the future as well as the privacy of the citizens regarding their personal and health data

Methodology of synthesis and signal processing of generalized binary Barker sequences for spread spectrum communications

Дисертація на здобуття наукового ступеня доктора технічних наук за спеціальністю 05.12.02 – «Телекомунікаційні системи та мережі». – Національний авіаційний університет, Київ, 2019. У дисертаційній роботі вирішується актуальна науково-технічна проблема синтезу бінарних дискретно-кодованих послідовностей (ДКП), які є оптимальними за мінімаксним критерієм щодо їх автокореляційної функції (АКФ), у частині синтезу регулярних структур цих ДКП та їх комбінаторних систем в умовах обмежень на максимальний рівень абсолютних значень бічних пелюсток їх АКФ (ДКП Баркера). Вирішенням зазначеної проблеми у дисертації є новий синтезований тип ДКП – узагальнені бінарні послідовності Баркера (УБПБ), які характеризуються регулярними структурами, можуть бути синтезовані регулярними методами синтезу та утворюють нові мультиплікативно комплементарні структури бінарних ДКП. У роботі розроблено методологію синтезу та обробки УБПБ та їх мультиплікативно комплементарних структур, яка у своєму складі містить розроблену параметрично-критеріальну модифікацію EM-алгоритму з видаленням компонент гаусівської змішаної моделі для аналізу кореляційних зв’язків у системах ДКП та доведені теореми про його математичну сингулярність за певних умов такого статистичного аналізу для обґрунтування введених у модифікації алгоритму критеріїв, розроблені метод структуризації ДКП з апріорі невідомими внутрішніми структурами, регулярний метод синтезу УБПБ, метод синтезу та сумісної обробки мультиплікативно комплементарних структур УБПБ, метод декомпозиції структури вихідного сигналу системи обробки мультиплікативно комплементарних УБПБ, метод39 оцінювання енергетичних параметрів ортогональних сигнально-кодових конструкцій та завад при передаванні УБПБ. У дослідженні також обґрунтовано класифікацію УБПБ, виявлено та досліджено системні властивості регулярних структур УБПБ та їх АКФ, синтезовано повну систему математичних моделей для аналітичного опису АКФ УБПБ, розроблено аналітичні моделі оцінювання показників якості передавання повідомлень у телекомунікаційних системах при використанні УБПБ.Диссертация на соискание учёной степени доктора технических наук по специальности 05.12.02 – «Телекоммуникационные системы и сети». – Национальный авиационный университет, Киев, 2019. Диссертационная работа посвящена решению актуальной научно-технической проблемы синтеза бинарных дискретно-кодированных последовательностей (ДКП), оптимальных по минимаксному критерию в отношении их автокорреляционной функции (АКФ), в части синтеза регулярных структур этих ДКП и их комбинаторных систем в условиях ограничений на максимальный уровень абсолютных значений боковых лепестков их АКФ (ДКП Баркера). Решением указанной проблемы в диссертации является новый синтезированный тип ДКП – обобщённые бинарные последовательности Баркера (ОБПБ), которые характеризуются регулярными структурами, могут быть синтезированы регулярными методами синтеза и образовывают новые мультипликативно комплементарные структуры бинарных ДКП. В работе разработана методология синтеза и обработки ОБПБ и их мультипликативно комплементарных структур, которая в своём составе содержит разработанную параметрически-критериальную модификацию EM-алгоритма с удалением компонент гауссовской смешанной модели для анализа корреляционных связей в системах ДКП и доказанные теоремы о его математической сингулярности в определённых условиях такого статистического анализа для обоснования введённых в модификации алгоритма критериев, разработанные метод структуризации ДКП с априори неизвестными внутренними структурами, регулярный метод синтеза ОБПБ, метод синтезу и совместной обработки мультипликативно комплементарных структур ОБПБ, метод декомпозиции структуры сигнала на выходе системы обработки мультипликативно комплементарных ОБПБ, метод оценивания энергетических параметров ортогональных сигнально-кодовых конструкций и помех при передаче ОБПБ. В исследовании также обоснована классификация ОБПБ, выявлены и исследованы системные свойства регулярных структур ОБПБ и их АКФ, синтезирована полная система математических моделей для аналитического описания АКФ ОБПБ, разработаны аналитические модели оценивания показателей качества передачи сообщений в телекоммуникационных системах при использовании ОБПБ.Thesis for a degree of Doctor of Technical Science in specialty 05.12.02 – «Telecommunication Systems and Networks». – National Aviation University. – Kyiv, 2019. The thesis is devoted to solving the actual scientific and engineering problem dealing with a synthesis of binary sequences, which are optimal by the minimax criterion with respect to their autocorrelation function, in terms of a synthesis of regular structures of these binary sequences and their combinatorial systems under additional restrictions on the peak sidelobe level of their autocorrelation function (Barker sequences). The solution of the problem, proposed in the thesis, boils down to a new synthesized kind of binary sequences – generalized binary Barker sequences, which are characterized by regular structures, can be synthesized by means of regular synthesis method and form new multiplicative complementary structures of binary sequences. The methodology of synthesis and signal processing of generalized binary Barker sequences and their multiplicative complementary structures, developed in the thesis, consists of: (a) the modification (parametric and criteria features) of the expectationmaximization (EM) algorithm with removing components of the Gaussian mixture model and additional clustering criteria for a statistical analysis of cross-correlations between sequences in a system for their further structuring, based on proved theorems on mathematical singularities in the log-likelihood function in the mentioned statistical analysis of cross-correlations; (b) the method of structuring binary sequences with a priori unknown structures, which provides selecting groups of binary sequences with interconnected structures and further detecting these interconnected structures in an explicit form; (c) the regular method for synthesis of generalized binary Barker sequences, based on the deterministic generation rules for these sequences; (d) the method for synthesis and joint signal processing of multiplicative complementary structures of generalized binary Barker sequences, based on the multiplication of results of matched filtering of signal components; (e) the method of a structural decomposition of output signal in signal processing system for multiplicative complementary generalized binary Barker sequences (an output signal can be represented by some number of separately taken partial lobes, each of which is characterized by constant mean value and variance of signal), which allows to perform a statistical analysis of output signal for noise immunity analysis, detection and other purposes in telecommunication system; (f) the method of estimation of energetic parameters of orthogonal signal-code constructions and noise on the physical layer of telecommunication system in case of use of generalized binary Barker sequences. The classification by types and subtypes of generalized binary Barker sequences, based on statistical clustering using the EM and k-means algorithms, is also justified in the research. The properties of regular structures of generalized binary Barker sequences and properties of their autocorrelation functions are detected and studied. A complete system of mathematical models for analytical description of the autocorrelation function of generalized binary Barker sequences is synthesized. The analytical models for estimation of quality characteristics on the physical layer of telecommunication system in case of use of generalized binary Barker sequences are developed. Spectral and detection features of generalized binary Barker sequences and their comparison with Golay complementary sequences are also studied in the research. In contrast with Golay complementary sequences, generalized binary Barker sequences provide larger values of the processing gain in sidelobes (by 4.1 dB for a considered case), which provides less noise in sidelobes and a lower number of errors of the first genus in the case of the use of generalized binary Barker sequences. At the same time, the main disadvantage of generalized binary Barker sequences in comparison with Golay complementary sequences is that the processing gain in the main central lobe is lower (by 8.9 dB for a considered case), which causes more noise in the main lobe and a greater number of errors of the second genus in the case of the use of generalized binary Barker sequences. With this, the compared systems of sequences are characterized by almost the same total bandwidth, and the fact that generalized binary Barker sequences also provide a lower pulse width in the main lobe after signal processing (by 1.5 times), which provides a greater maximum data transfer rate and spectral efficiency on the physical layer of spread-spectrum telecommunication system (up to 1.5 times). The research results were implemented in the production and research activities of the UkSATSE Flight Calibration & Rescue Service (Ukrainian State Air Traffic Services Enterprise «UkSATSE») and educational processes at the Faculty of Air Navigation, Electronics and Telecommunications (National Aviation University, Kyiv)