A packet forgery and packet drop attack detection using efficient Encoding and Decoding mechanisms.

A series of systems are connected to form a network. Vast amount of data moves through this network. A user who is not authorized to access the data tries to get forcible entry to the network by adding a malicious node or spoiling the node that already exists. The data in such network is not trustable. There is always a possibility that the information sent is changed or it is dropped in-between. Therefore identifying such behavior and the reason behind it is one of major issue. This is solved by using Provenance that verifies the data originality. The proposed technique is mainly concerned with the safe transmission of packet from sender to receiver through intermediate participants. The mechanism detects if there is any data change attack or data drop attack in the network and identifies the intruder responsible for such attacks with the help of provenance. The system is implemented experimentally and analyzed for its effectivenes

SCHEMATIC IMPLEMENTATION OF HIGH DATA TRUSTWORTHINESS IN DECISIONS IN UNWIRED BEAM NETS

In the current occasions, recent has highlighted the key contribution of attribution within systems where use of hard to rely on data could potentially cause disastrous failures. Attribution will be tracked for each packet, however essential challenges will arise due to fixed storage, energy in addition to bandwidth limits of sensor nodes consequently, it is important to create a light-weight attribution solution by way of low overhead. It's important to cope with security needs for example privacy, reliability in addition to originality of attribution and our goal would be to devise an attribution encoding in addition to deciphering way in which assures protection in addition to performance needs. Within our work we recommend a brand new lightweight approach to strongly convey attribution for sensor data. The suggested method is determined by in-packet Blossom filters to repair attribution. Blossom filters make well-organized use of bandwidth, in addition to yield small error rates used

MALICIOUS ADVERSARY DECISION MAKING FOR COMPLEX INFRASTRUCTURES

A malicious foe may introduce additional nodes within the network or compromise existing ones. Therefore, assuring high data trustworthiness is vital for proper decision-making. Data provenance represents a vital element in evaluating the standing of sensor data. Large-scale sensor systems are deployed in several application domains, and also the data they collect are utilized in decision-creating critical infrastructures. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for example low energy and bandwidth consumption, efficient storage and secure transmission. Within this paper, we advise a manuscript lightweight plan to safely transmit provenance for sensor data. The suggested technique depends on in packet Blossom filters to encode provenance. We assess the suggested technique both analytically and empirically, and also the results prove the success and efficiency from the lightweight secure provenance plan in discovering packet forgery and loss attacks. We introduce efficient mechanisms for provenance verification and renovation in the base station. Additionally, we extend the secure provenance plan with functionality to identify packet drop attacks staged by malicious data forwarding nodes

A FROTHY ENDANGERED SYSTEM FOR IDENTIFYING ATTRIBUTION FAKE AND PACK DRIP ROUNDS IN WIRELESS SENSOR NETWORKS

Data provenance represents an important consider evaluating the standing of sensor data. Large-scale sensor systems are deployed in lots of application domains, combined with the data they collect be employed in decision-creating critical infrastructures. A malicious foe may introduce additional nodes inside the network or compromise existing ones. Therefore, assuring high data trustworthiness is essential for correct decision-making. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for instance low energy and bandwidth consumption, efficient storage and secure transmission. In this paper, we advise a manuscript lightweight intend to securely transmit provenance for sensor data. The recommended technique is dependent upon in packet Blossom filters to encode provenance. We introduce efficient mechanisms for provenance verification and renovation within the base station. Additionally, we extend the secure provenance plan with functionality to understand packet drop attacks staged by malicious data forwarding nodes. We look at the recommended technique both analytically and empirically, combined with the results prove the success and efficiency inside the lightweight secure provenance intend to find packet forgery and loss attacks

A TRIVIAL PROTECTED PLAN FOR DETECT ATTRIBUTION FAKE AND CONTAINER PLUNGE ATTACKS IN WIRELESS SENSOR NETWORKS

Data provenance represents an essential consider evaluating the standing of sensor data. Large-scale sensor systems are deployed in many application domains, along with data they collect are employed in decision-creating critical infrastructures. A malicious foe may introduce additional nodes within the network or compromise existing ones. Therefore, assuring high data trustworthiness is important for proper decision-making. Data are streamed from multiple sources through intermediate processing nodes that aggregate information. Provenance management for sensor systems introduces several challenging needs, for example low energy and bandwidth consumption, efficient storage and secure transmission. During this paper, we advise a manuscript lightweight plan to safely transmit provenance for sensor data. The suggested technique depends upon in packet Blossom filters to encode provenance. We introduce efficient mechanisms for provenance verification and renovation inside the base station. Furthermore, we extend the secure provenance plan with functionality to know packet drop attacks staged by malicious data forwarding nodes. We consider the suggested technique both analytically and empirically, along with results prove the success and efficiency within the lightweight secure provenance plan to find packet forgery and loss attacks

Secrecy and performance models for query processing on outsourced graph data

Database outsourcing is a challenge concerning data secrecy. Even if an adversary, including the service provider, accesses the data, she should not be able to learn any information from the accessed data. In this paper, we address this problem for graph-structured data. First, we define a secrecy notion for graph-structured data based on the concepts of indistinguishability and searchable encryption. To address this problem, we propose an approach based on bucketization. Next to bucketization, it makes use of obfuscated indexes and encryption. We show that finding an optimal bucketization tailored to graph-structured data is NP-hard; therefore, we come up with a heuristic. We prove that the proposed bucketization approach fulfills our secrecy notion. In addition, we present a performance model for scale-free networks which consists of (1) a number-of-buckets model that estimates the number of buckets obtained after applying our bucketization approach and (2) a query-cost model. Finally, we demonstrate with a set of experiments the accuracy of our number-of-buckets model and the efficiency of our approach with respect to query processing

Preserving Integrity and Confidentiality of a Directed Acyclic Graph Model of Provenance

International audienceThis paper describes how to preserve integrity and confidentiality of a directed acyclic graph (DAG) model of provenance database. We show a method to preserve integrity by using digital signature where both of the provenance owner and the process executors (i.e. contributors) sign the nodes and the relationships between nodes in the provenance graph so that attacks to integrity can be detected by checking the signatures. To preserve confidentiality of the nodes and edges in the provenance graph we propose an access control model based on paths on the provenance graph because an auditor who need to audit a result normally need to access all nodes that have causal relationship with the result (i.e. all nodes that have a path to the result). We also complement the path-based access control with a compartment-based access control where each node is classified into compartments and the auditor is not allowed to access the nodes included in a compartment that can not be accessed by him/her (because of the sensitivity of the compartment). We implement the path-based access control by encrypting the nodes and later store encrypted encryption's keys in the children of the nodes. The compartment-based access control is implemented by encrypting the nodes in different compartments with different keys. We developed a prototype of the model and performed experiments to measure the overhead of digital signature and the double encryptions

Digital provenance - models, systems, and applications

Data provenance refers to the history of creation and manipulation of a data object and is being widely used in various application domains including scientific experiments, grid computing, file and storage system, streaming data etc. However, existing provenance systems operate at a single layer of abstraction (workflow/process/OS) at which they record and store provenance whereas the provenance captured from different layers provide the highest benefit when integrated through a unified provenance framework. To build such a framework, a comprehensive provenance model able to represent the provenance of data objects with various semantics and granularity is the first step. In this thesis, we propose a such a comprehensive provenance model and present an abstract schema of the model. ^ We further explore the secure provenance solutions for distributed systems, namely streaming data, wireless sensor networks (WSNs) and virtualized environments. We design a customizable file provenance system with an application to the provenance infrastructure for virtualized environments. The system supports automatic collection and management of file provenance metadata, characterized by our provenance model. Based on the proposed provenance framework, we devise a mechanism for detecting data exfiltration attack in a file system. We then move to the direction of secure provenance communication in streaming environment and propose two secure provenance schemes focusing on WSNs. The basic provenance scheme is extended in order to detect packet dropping adversaries on the data flow path over a period of time. We also consider the issue of attack recovery and present an extensive incident response and prevention system specifically designed for WSNs