A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model

Wireless sensor networks (WSNs) have recently gained popularity for a wide spectrum of applications. Monitoring tasks can be performed in various environments. This may be beneficial in many scenarios, but it certainly exhibits new challenges in terms of security due to increased data transmission over the wireless channel with potentially unknown threats. Among possible security issues are timing attacks, which are not prevented by traditional cryptographic security. Moreover, the limited energy and memory resources prohibit the use of complex security mechanisms in such systems. Therefore, balancing between security and the associated energy consumption becomes a crucial challenge. This paper proposes a secure scheme for WSNs while maintaining the requirement of the security-performance tradeoff. In order to proceed to a quantitative treatment of this problem, a hybrid continuous-time Markov chain (CTMC) and queueing model are put forward, and the tradeoff analysis of the security and performance attributes is carried out. By extending and transforming this model, the mean time to security attributes failure is evaluated. Through tradeoff analysis, we show that our scheme can enhance the security of WSNs, and the optimal rekeying rate of the performance and security tradeoff can be obtained. View Full-Tex

Modelling and Analysis of Corporate Efficiency and Productivity Loss Associated with Enterprise Information Security Technologies

The file attached to this record is the author's final peer reviewed version. The Publisher's final version can be found by following the DOI link.By providing effective access control mechanisms, enterprise information security technologies have been proven successful in protecting the sensitive information in business organizations. However, such security mechanisms typically reduce the work productivity of the staff, by making them spend time working on non-project related tasks. Therefore, organizations have to invest a signification amount of capital in the information security technologies, and then to continue incurring additional costs. In this study, we investigate the non-productive time (NPT) in an organization, resulting from the implementation of information security technologies. An approximate analytical solution is discussed first, and the loss of staff member productivity is quantified using non-productive time. Stochastic Petri nets are then used to provide simulation results. Moreover, sensitivity analysis is applied to develop a cost-effective strategy for mitigating the negative impact of implementing information security technologies. The presented study can help information security managers to make investment decisions, and to take actions toward reducing the cost of information security technologies, so that a balance is kept between information security expense, resource drain and effectiveness of security technologies

Security and Performance Engineering of Scalable Cognitive Radio Networks. Sensing, Performance and Security Modelling and Analysis of ’Optimal’ Trade-offs for Detection of Attacks and Congestion Control in Scalable Cognitive Radio Networks

A Cognitive Radio Network (CRN) is a technology that allows unlicensed users to utilise licensed spectrum by detecting an idle band through sensing. How- ever, most research studies on CRNs have been carried out without considering the impact of sensing on the performance and security of CRNs. Sensing is essential for secondary users (SUs) to get hold of free band without interfering with the signal generated by primary users (PUs). However, excessive sensing time for the detection of free spectrum for SUs as well as extended periods of CRNs in an insecure state have adverse effects on network performance. Moreover, a CRN is very vulnerable to attacks as a result of its wireless nature and other unique characteristics such as spectrum sensing and sharing. These attacks may attempt to eavesdrop or modify the contents of packets being transmitted and they could also deny legitimate users the opportunity to use the band, leading to underutilization of the spectrum space. In this context, it is often challenging to differentiate between networks under Denial of Service (DoS) attacks from those networks experiencing congestion. This thesis employs a novel Stochastic Activity Network (SAN) model as an effective analytic tool to represent and study sensing vs performance vs security trade-offs in CRNs. Specifically, an investigation is carried out focusing on sensing vs security vs performance trade-offs, leading to the optimization of the spectrum band’s usage. Moreover, consideration is given either when a CRN experiencing congestion and or it is under attack. Consequently, the data delivery ratio (PDR) is employed to determine if the network is under DoS attack or experiencing congestion. In this context, packet loss probability, queue length and throughput of the transmitter are often used to measure the PDR with reference to interarrival times of PUs. Furthermore, this thesis takes into consideration the impact of scalability on the performance of the CRN. Due to the unpredictable nature of PUsactivities on the spectrum, it is imperative for SUs to swiftly utilize the band as soon as it becomes available. Unfortunately, the CRN models proposed in literature are static and unable to respond effectively to changes in service demands. To this end, a numerical simulation experiment is carried out to determine the impact of scalability towards the enhancement of nodal CRN sensing, security and performance. Atthe instant the band becomes idle and there are requests by SUs waiting for encryption and transmission, additional resources are dynamically released in order to largely utilize the spectrum space before the reappearance of PUs. These additional resources make the same service provision, such as encryption and intrusion detection, as the initial resources. To this end,SAN model is proposed in order to investigate the impact of scalability on the performance of CRN. Typical numerical simulation experiments are carried out, based on the application of the Mobius Petri Net Package to determine the performance of scalable CRNs (SCRNs) in comparison with unscalable CRNs (UCRNs) and associated interpretations are made

A survey on cyber risk management for the Internet of Things

The Internet of Things (IoT) continues to grow at a rapid pace, becoming integrated into the daily operations of individuals and organisations. IoT systems automate crucial services within daily life that users may rely on, which makes the assurance of security towards entities such as devices and information even more significant. In this paper, we present a comprehensive survey of papers that model cyber risk management processes within the context of IoT, and provide recommendations for further work. Using 39 collected papers, we studied IoT cyber risk management frameworks against four research questions that delve into cyber risk management concepts and human-orientated vulnerabilities. The importance of this work being human-driven is to better understand how individuals can affect risk and the ways that humans can be impacted by attacks within different IoT domains. Through the analysis, we identified open areas for future research and ideas that researchers should consider

Modelling and Quantitative Analysis of Performance vs Security Trade-offs in Computer Networks: An investigation into the modelling and discrete-event simulation analysis of performance vs security trade-offs in computer networks, based on combined metrics and stochastic activity networks (SANs)

Performance modelling and evaluation has long been considered of paramount importance to computer networks from design through development, tuning and upgrading. These networks, however, have evolved significantly since their first introduction a few decades ago. The Ubiquitous Web in particular with fast-emerging unprecedented services has become an integral part of everyday life. However, this all is coming at the cost of substantially increased security risks. Hence cybercrime is now a pervasive threat for today’s internet-dependent societies. Given the frequency and variety of attacks as well as the threat of new, more sophisticated and destructive future attacks, security has become more prevalent and mounting concern in the design and management of computer networks. Therefore equally important if not more so is security. Unfortunately, there is no one-size-fits-all solution to security challenges. One security defence system can only help to battle against a certain class of security threats. For overall security, a holistic approach including both reactive and proactive security measures is commonly suggested. As such, network security may have to combine multiple layers of defence at the edge and in the network and in its constituent individual nodes. Performance and security, however, are inextricably intertwined as security measures require considerable amounts of computational resources to execute. Moreover, in the absence of appropriate security measures, frequent security failures are likely to occur, which may catastrophically affect network performance, not to mention serious data breaches among many other security related risks. In this thesis, we study optimisation problems for the trade-offs between performance and security as they exist between performance and dependability. While performance metrics are widely studied and well-established, those of security are rarely defined in a strict mathematical sense. We therefore aim to conceptualise and formulate security by analogy with dependability so that, like performance, it can be modelled and quantified. Having employed a stochastic modelling formalism, we propose a new model for a single node of a generic computer network that is subject to various security threats. We believe this nodal model captures both performance and security aspects of a computer node more realistically, in particular the intertwinements between them. We adopt a simulation-based modelling approach in order to identify, on the basis of combined metrics, optimal trade-offs between performance and security and facilitate more sophisticated trade-off optimisation studies in the field. We realise that system parameters can be found that optimise these abstract combined metrics, while they are optimal neither for performance nor for security individually. Based on the proposed simulation modelling framework, credible numerical experiments are carried out, indicating the scope for further work extensions for a systematic performance vs security tuning of computer networks

Security and Energy Efficiency in Resource-Constrained Wireless Multi-hop Networks

In recent decades, there has been a huge improvement and interest from the research community in wireless multi-hop networks. Such networks have widespread applications in civil, commercial and military applications. Paradigms of this type of networks that are critical for many aspects of human lives are mobile ad-hoc networks, sensor networks, which are used for monitoring buildings and large agricultural areas, and vehicular networks with applications in traffic monitoring and regulation. Internet of Things (IoT) is also envisioned as a multi-hop network consisting of small interconnected devices, called ``things", such as smart meters, smart traffic lights, thermostats etc. Wireless multi-hop networks suffer from resource constraints, because all the devices have limited battery, computational power and memory. Battery level of these devices should be preserved in order to ensure reliability and communication across the network. In addition, these devices are not a priori designed to defend against sophisticated adversaries, which may be deployed across the network in order to disrupt network operation. In addition, the distributed nature of this type of networks introduces another limitation to protocol performance in the presence of adversaries. Hence, the inherit nature of this type of networks poses severe limitations on designing and optimizing protocols and network operations. In this dissertation, we focus on proposing novel techniques for designing more resilient protocols to attackers and more energy efficient protocols. In the first part of the dissertation, we investigate the scenario of multiple adversaries deployed across the network, which reduce significantly the network performance. We adopt a component-based and a cross-layer view of network protocols to make protocols secure and resilient to attacks and to utilize our techniques across existing network protocols. We use the notion of trust between network entities to propose lightweight defense mechanisms, which also satisfy performance requirements. Using cryptographic primitives in our network scenario can introduce significant computational overhead. In addition, behavioral aspects of entities are not captured by cryptographic primitives. Hence, trust metrics provide an efficient security metric in these scenarios, which can be utilized to introduce lightweight defense mechanisms applicable to deployed network protocols. In the second part of the dissertation, we focus on energy efficiency considerations in this type of networks. Our motivation for this work is to extend network lifetime, but at the same time maintain critical performance requirements. We propose a distributed sleep management framework for heterogeneous machine-to-machine networks and two novel energy efficient metrics. This framework and the routing metrics are integrated into existing routing protocols for machine-to-machine networks. We demonstrate the efficiency of our approach in terms of increasing network lifetime and maintaining packet delivery ratio. Furthermore, we propose a novel multi-metric energy efficient routing protocol for dynamic networks (i.e. mobile ad-hoc networks) and illustrate its performance in terms of network lifetime. Finally, we investigate the energy-aware sensor coverage problem and we propose a novel game theoretic approach to capture the tradeoff between sensor coverage efficiency and energy consumption