A model checking-based approach for security policy verification of mobile systems

International audienceThis article describes an approach for the automated verification of mobile systems. Mobile systems are characterized by the explicit notion of (e.g., sites where they run) and the ability to execute at different locations, yielding a number of security issues. To this aim, we formalize mobile systems as Labeled Kripke Structures, encapsulating the notion of that describes the hierarchical nesting of the threads constituting the system. Then, we formalize a generic that includes rules for expressing and manipulating the code location. In contrast to many other approaches, our technique supports both access control and information flow specification. We developed a prototype framework for model checking of mobile systems. It works directly on the program code (in contrast to most traditional process-algebraic approaches that can model only limited details of mobile systems) and uses abstraction-refinement techniques, based also on location abstractions, to manage the program state space. We experimented with a number of mobile code benchmarks by verifying various security policies. The experimental results demonstrate the validity of the proposed mobile system modeling and policy specification formalisms and highlight the advantages of the model checking-based approach, which combines the validation of security properties with other checks, such as the validation of buffer overflows

A WSSL Implementation for Critical CyberPhysical Systems Applications

The advancements in wireless communication technologies have enabled unprecedented pervasiveness and ubiquity of Cyber-Physical Systems (CPS). Such technologies can now empower true Systems-of-Systems (SoS), which cooperate to achieve more complex and efficient functionalities, such as vehicle automation, industry, residential automation, and others. However, for CPS applications to become a reality and fulfill their potential, safety and security must be guaranteed, particularly in critical systems, since they rely heavily on open communication systems, prone to intentional and non-intentional interferences. To address these issues, in this work, we propose designing a Wireless Security and Safety Layer (WSSL) architecture to be implemented in critical CPS applications. WSSL increases the reliability of these critical communications by enabling the detection of communication errors. Otherwise, it increases the CPS security using a message signature process that uniquely identifies the sender. So, this work intends to present the WSSL architecture and its implementation over two different scenarios: over Message Queue Telemetry Transport (MQTT) protocol and inside a simulation environment for communication between Unmanned Aerial Vehicles (UAVs) and Ground Control Stations in case of Beyond Visual Line of Sight (BVLOS) applications. We aim to prove that the WSSL does not significantly increase the system payload and demonstrate its safety and security resources, allowing it to be used in any general or critical CPS.Os avanços nas tecnologias de comunicação sem fios permitiram uma omnipresença e ubiquidade sem precedentes dos Sistemas Ciber-Físicos (CPS). CPS são a combinação de um sistema físico, um sistema cibernético, e a sua rede de comunicação. Tais tecnologias podem agora capacitar verdadeiros Sistemas de Sistemas (SoS) que cooperam para alcançar funcionalidades mais complexas e eficientes, tais como automação de veículos, indústria, automação residencial, e outras. As aplicações CPS são baseadas num ambiente complexo, onde sistemas estão interligados e dispositivos interagem entre si em grande escala. Estas circunstâncias aumentam a superfície de ataque, e os desafios para garantir fiabilidade e segurança. Contudo, para que as aplicações CPS se tornem realidade e alcancem o seu potencial, a segurança do funcionamento e segurança contra intrusões devem ser garantidas, particularmente em sistemas críticos, uma vez que dependem fortemente de sistemas de comunicação abertos, propensos a interferências intencionais e não intencionais. Tais interferências podem ocasionar graves danos ao ambiente e riscos a integridade física e moral das pessoas envolvidas. Neste trabalho, propõe-se a concepção de uma arquitectura WSSL, a ser implementada em aplicações críticas de CPS, para abordar estas questões. Esta arquitectura aumenta a fiabilidade das comunicações críticas, permitindo a detecção de erros de comunicação. Além disso, aumenta a segurança dos CPS utilizando um processo de assinatura de mensagem que identifica de forma única o remetente, garantindo a integridade e autenticidade, pilares cruciais da cibersegurança. Assim, pretende-se apresentar a definição, arquitectura e a implementação da WSSL sobre um protocolo MQTT (do inglês Message Queue Telemetry Transport) para avaliação dos custos associados a sua implementação, e provar que esta não aumenta significativamente a carga útil do sistema. Também é pretendido avaliar seu comportamento e custos a partir da implementação em um ambiente simulado para comunicação entre veículos aéreos não tripulados e estações de controle terrestres . Por fim, deve-se avaliar se os seus recursos de segurança são eficientes na detecção de erros relativos a segurança do funcionamento ou a segurança contra intrusões, permitindo a sua utilização em qualquer CPS, seja ele um CPS crítico ou não.N/

Quantum-computing-based channel and signal modeling for 6G wireless systems

Sixth generation (6G) wireless technology introduces a paradigm shift and fundamental transformation of digital wireless connectivity by converging pillars of softwarization, virtualization, and wireless networks. Terahertz (THz) communication technologies are predicted to become more significant in 6G applications as the requirement for bandwidth grows and wireless cell sizes shrink. As a result, 6G will be able to deal with and manage numerous devices and services requiring enhanced spectral throughput and efficiently work with high interference levels. This convergence highlights the increased threat surface of 6G networks and the potentially severe impacts of sophisticated cyber incidents. Furthermore, the heterogeneity of connected devices and provided services will generate a huge amount of data to be processed and managed efficiently. Quantum computing (QC) can efficiently solve several 6G computationally hard problems with a quadratic speedup and provide adaptive techniques for controlling the current and future significant security threats of the 6G network. This article discusses the role of various QC components in 6G and explores the opportunities and challenges of achieving such transformation

Business scenarios, technical challenges and system requirements - D2.1

Deliverable D2.1 del projecte Europeu OneFIT (ICT-2009-257385)Preprin

Octopus++: an enhanced mutual authentication security protocol and lightweight encryption and decryption algorithm based on DNA in fog computing

The Internet of Things (IoT) envisions a world wherein everyday objects may connect to the internet and exchange data, analyse, store, and gather data from their environment and efficiently mediate on it. Fog computing, closer to the IoT, is formulated in data processing, filtering, aggregating, and storing. In fog IoT network one of the main challenges is security. The existing security solutions are based on modern cryptography algorithms are computationally complex which causes the fog IoT network to slow down. Therefore, in fog IoT the operations must be lightweight and secure. The security considerations include attacks, especially Man in the Middle attack (MitM), challenges, requirements, and existing solutions that are deeply analyzed and reviewed. Hence, omega network key generation based on deoxyribonucleic acid (ONDNA) is proposed, which provides lightweight encryption and decryption in fog computing. The security level of ONDNA is tested using NIST test suite. ONDNA passes all the 17 recommended NIST Test Suite tests. Next, we proposed a modified security protocol based on ONDNA and hash message authentication code with secure hash algorithm 2. The modified protocol is noted as OCTOPUS++. We proved that the OCTOPUS++ provides confidentiality, mutual authentication, and resistance to MitM attack using the widely accepted Burrows Abdi Needham (BAN) logic. The OCTOPUS++ is evaluated in terms of execution time. The average execution time for 20-time execution of OCTOPUS++ is 1.018917 milliseconds. The average execution time for Octopus, LAMAS and Amor is 2.444324, 20.1638 and 14.1152 milliseconds respectively. The results show that the OCTOPUS++ has less execution time than other existing protocol

Modeling and Analysis of Cellular Networks Using Stochastic Geometry: A Tutorial

This paper presents a tutorial on stochastic geometry (SG)-based analysis for cellular networks. This tutorial is distinguished by its depth with respect to wireless communication details and its focus on cellular networks. This paper starts by modeling and analyzing the baseband interference in a baseline single-tier downlink cellular network with single antenna base stations and universal frequency reuse. Then, it characterizes signal-to-interference-plus-noise-ratio and its related performance metrics. In particular, a unified approach to conduct error probability, outage probability, and transmission rate analysis is presented. Although the main focus of this paper is on cellular networks, the presented unified approach applies for other types of wireless networks that impose interference protection around receivers. This paper then extends the unified approach to capture cellular network characteristics (e.g., frequency reuse, multiple antenna, power control, etc.). It also presents numerical examples associated with demonstrations and discussions. To this end, this paper highlights the state-of-the-art research and points out future research directions

Network tomography application in mobile ad-hoc networks.

The memorability of mobile ad-hoc network (MANET) is the precondition of its management, performance optimization and network resources re-allocations. The traditional network interior measurement technique performs measurement on the nodes or links directly, and obtains the node or link performance through analyzing the measurement sample, which usually is used in the wired networks measurement based on the solid infrastructure. However, MANET is an infrastructure-free, multihop, and self-organized temporary network, comprised of a group of mobile nodes with wireless communication devices. Not only does its topology structure vary with time, but also the communication protocol used in its network layer or data link layer is diverse and non-standard. Specially, with the limitation of node energy and wireless bandwidth, the traditional interior network measurement technique is not suited for the measurement requirement of MANET. In order to solve the problem of interior links performance (such as packet loss rate and delay) measurement in MANET, this dissertation has adopted an external measurement based on network tomography (NT). Being a new measurement technology, NT collects the sample of path performance based on end-to-end measurement to infer the probability distribution of the network logical links performance parameters by using mathematical statistics theory, which neither need any cooperation from internal network, nor dependence from communication protocols, and has the merit of being deployed exibly. Thus from our literature review it can be concluded that Network Tomography technique is adaptable for ad-hoc network measurement. We have the following contribution in the eld of ad-hoc network performance: PLE Algorithm: We developed the PLE algorithm based on EM model, which statistically infer the link performance. Stitching Algorithm: Stitching algorithm is based on the isomorphic properties of a directed graph. The proposed algorithm concatenates the links, which are common over various steady state period and carry forward the ones, which are not. Hence in the process it gives the network performance analysis of the entire network over the observation period. EM routing: EM routing is based on the statistical inference calculated by our PLE algorithm. EM routing provides multiple performance metric such as link delay and hops of all the possible path in various time period in a wireless mesh network

Identity Management and Authorization Infrastructure in Secure Mobile Access to Electronic Health Records

We live in an age of the mobile paradigm of anytime/anywhere access, as the mobile device is the most ubiquitous device that people now hold. Due to their portability, availability, easy of use, communication, access and sharing of information within various domains and areas of our daily lives, the acceptance and adoption of these devices is still growing. However, due to their potential and raising numbers, mobile devices are a growing target for attackers and, like other technologies, mobile applications are still vulnerable. Health information systems are composed with tools and software to collect, manage, analyze and process medical information (such as electronic health records and personal health records). Therefore, such systems can empower the performance and maintenance of health services, promoting availability, readability, accessibility and data sharing of vital information about a patients overall medical history, between geographic fragmented health services. Quick access to information presents a great importance in the health sector, as it accelerates work processes, resulting in better time utilization. Additionally, it may increase the quality of care. However health information systems store and manage highly sensitive data, which raises serious concerns regarding patients privacy and safety, and may explain the still increasing number of malicious incidents reports within the health domain. Data related to health information systems are highly sensitive and subject to severe legal and regulatory restrictions, that aim to protect the individual rights and privacy of patients. Along side with these legislations, security requirements must be analyzed and measures implemented. Within the necessary security requirements to access health data, secure authentication, identity management and access control are essential to provide adequate means to protect data from unauthorized accesses. However, besides the use of simple authentication models, traditional access control models are commonly based on predefined access policies and roles, and are inflexible. This results in uniform access control decisions through people, different type of devices, environments and situational conditions, and across enterprises, location and time. Although already existent models allow to ensure the needs of the health care systems, they still lack components for dynamicity and privacy protection, which leads to not have desire levels of security and to the patient not to have a full and easy control of his privacy. Within this master thesis, after a deep research and review of the stat of art, was published a novel dynamic access control model, Socio-Technical Risk-Adaptable Access Control modEl (SoTRAACE), which can model the inherent differences and security requirements that are present in this thesis. To do this, SoTRAACE aggregates attributes from various domains to help performing a risk assessment at the moment of the request. The assessment of the risk factors identified in this work is based in a Delphi Study. A set of security experts from various domains were selected, to classify the impact in the risk assessment of each attribute that SoTRAACE aggregates. SoTRAACE was integrated in an architecture with requirements well-founded, and based in the best recommendations and standards (OWASP, NIST 800-53, NIST 800-57), as well based in deep review of the state-of-art. The architecture is further targeted with the essential security analysis and the threat model. As proof of concept, the proposed access control model was implemented within the user-centric architecture, with two mobile prototypes for several types of accesses by patients and healthcare professionals, as well the web servers that handles the access requests, authentication and identity management. The proof of concept shows that the model works as expected, with transparency, assuring privacy and data control to the user without impact for user experience and interaction. It is clear that the model can be extended to other industry domains, and new levels of risks or attributes can be added because it is modular. The architecture also works as expected, assuring secure authentication with multifactor, and secure data share/access based in SoTRAACE decisions. The communication channel that SoTRAACE uses was also protected with a digital certificate. At last, the architecture was tested within different Android versions, tested with static and dynamic analysis and with tests with security tools. Future work includes the integration of health data standards and evaluating the proposed system by collecting users’ opinion after releasing the system to real world.Hoje em dia vivemos em um paradigma móvel de acesso em qualquer lugar/hora, sendo que os dispositivos móveis são a tecnologia mais presente no dia a dia da sociedade. Devido à sua portabilidade, disponibilidade, fácil manuseamento, poder de comunicação, acesso e partilha de informação referentes a várias áreas e domínios das nossas vidas, a aceitação e integração destes dispositivos é cada vez maior. No entanto, devido ao seu potencial e aumento do número de utilizadores, os dispositivos móveis são cada vez mais alvos de ataques, e tal como outras tecnologias, aplicações móveis continuam a ser vulneráveis. Sistemas de informação de saúde são compostos por ferramentas e softwares que permitem recolher, administrar, analisar e processar informação médica (tais como documentos de saúde eletrónicos). Portanto, tais sistemas podem potencializar a performance e a manutenção dos serviços de saúde, promovendo assim a disponibilidade, acessibilidade e a partilha de dados vitais referentes ao registro médico geral dos pacientes, entre serviços e instituições que estão geograficamente fragmentadas. O rápido acesso a informações médicas apresenta uma grande importância para o setor da saúde, dado que acelera os processos de trabalho, resultando assim numa melhor eficiência na utilização do tempo e recursos. Consequentemente haverá uma melhor qualidade de tratamento. Porém os sistemas de informação de saúde armazenam e manuseiam dados bastantes sensíveis, o que levanta sérias preocupações referentes à privacidade e segurança do paciente. Assim se explica o aumento de incidentes maliciosos dentro do domínio da saúde. Os dados de saúde são altamente sensíveis e são sujeitos a severas leis e restrições regulamentares, que pretendem assegurar a proteção dos direitos e privacidade dos pacientes, salvaguardando os seus dados de saúde. Juntamente com estas legislações, requerimentos de segurança devem ser analisados e medidas implementadas. Dentro dos requerimentos necessários para aceder aos dados de saúde, uma autenticação segura, gestão de identidade e controlos de acesso são essenciais para fornecer meios adequados para a proteção de dados contra acessos não autorizados. No entanto, além do uso de modelos simples de autenticação, os modelos tradicionais de controlo de acesso são normalmente baseados em políticas de acesso e cargos pré-definidos, e são inflexíveis. Isto resulta em decisões de controlo de acesso uniformes para diferentes pessoas, tipos de dispositivo, ambientes e condições situacionais, empresas, localizações e diferentes alturas no tempo. Apesar dos modelos existentes permitirem assegurar algumas necessidades dos sistemas de saúde, ainda há escassez de componentes para accesso dinâmico e proteção de privacidade , o que resultam em níveis de segurança não satisfatórios e em o paciente não ter controlo directo e total sobre a sua privacidade e documentos de saúde. Dentro desta tese de mestrado, depois da investigação e revisão intensiva do estado da arte, foi publicado um modelo inovador de controlo de acesso, chamado SoTRAACE, que molda as diferenças de acesso inerentes e requerimentos de segurança presentes nesta tese. Para isto, o SoTRAACE agrega atributos de vários ambientes e domínios que ajudam a executar uma avaliação de riscos, no momento em que os dados são requisitados. A avaliação dos fatores de risco identificados neste trabalho são baseados num estudo de Delphi. Um conjunto de peritos de segurança de vários domínios industriais foram selecionados, para classificar o impacto de cada atributo que o SoTRAACE agrega. O SoTRAACE foi integrado numa arquitectura para acesso a dados médicos, com requerimentos bem fundados, baseados nas melhores normas e recomendações (OWASP, NIST 800-53, NIST 800-57), e em revisões intensivas do estado da arte. Esta arquitectura é posteriormente alvo de uma análise de segurança e modelos de ataque. Como prova deste conceito, o modelo de controlo de acesso proposto é implementado juntamente com uma arquitetura focada no utilizador, com dois protótipos para aplicações móveis, que providênciam vários tipos de acesso de pacientes e profissionais de saúde. A arquitetura é constituída também por servidores web que tratam da gestão de dados, controlo de acesso e autenticação e gestão de identidade. O resultado final mostra que o modelo funciona como esperado, com transparência, assegurando a privacidade e o controlo de dados para o utilizador, sem ter impacto na sua interação e experiência. Consequentemente este modelo pode-se extender para outros setores industriais, e novos níveis de risco ou atributos podem ser adicionados a este mesmo, por ser modular. A arquitetura também funciona como esperado, assegurando uma autenticação segura com multi-fator, acesso e partilha de dados segura baseado em decisões do SoTRAACE. O canal de comunicação que o SoTRAACE usa foi também protegido com um certificado digital. A arquitectura foi testada em diferentes versões de Android, e foi alvo de análise estática, dinâmica e testes com ferramentas de segurança. Para trabalho futuro está planeado a integração de normas de dados de saúde e a avaliação do sistema proposto, através da recolha de opiniões de utilizadores no mundo real