725 research outputs found
NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem
As a consequence of the growing popularity of smart mobile devices, mobile
malware is clearly on the rise, with attackers targeting valuable user
information and exploiting vulnerabilities of the mobile ecosystems. With the
emergence of large-scale mobile botnets, smartphones can also be used to launch
attacks on mobile networks. The NEMESYS project will develop novel security
technologies for seamless service provisioning in the smart mobile ecosystem,
and improve mobile network security through better understanding of the threat
landscape. NEMESYS will gather and analyze information about the nature of
cyber-attacks targeting mobile users and the mobile network so that appropriate
counter-measures can be taken. We will develop a data collection infrastructure
that incorporates virtualized mobile honeypots and a honeyclient, to gather,
detect and provide early warning of mobile attacks and better understand the
modus operandi of cyber-criminals that target mobile devices. By correlating
the extracted information with the known patterns of attacks from wireline
networks, we will reveal and identify trends in the way that cyber-criminals
launch attacks against mobile devices.Comment: Accepted for publication in Proceedings of the 28th International
Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figur
Performance analysis of mobile networks under signalling storms
There are numerous security challenges in cellular mobile networks, many of which originate from the Internet world. One of these challenges is to answer the problem with increasing rate of signalling messages produced by smart devices. In particular, many services in the Internet are provided through mobile applications in an unobstructed manner, such that users get an always connected feeling. These services, which usually come from instant messaging, advertising and social networking areas, impose significant signalling loads on mobile networks by frequent exchange of control data in the background. Such services and applications could be built intentionally or unintentionally, and result in denial of service attacks known as signalling attacks or storms. Negative consequences, among others, include degradations of mobile network’s services, partial or complete net- work failures, increased battery consumption for infected mobile terminals.
This thesis examines the influence of signalling storms on different mobile technologies, and proposes defensive mechanisms. More specifically, using stochastic modelling techniques, this thesis first presents a model of the vulnerability in a single 3G UMTS mobile terminal, and studies the influence of the system’s internal parameters on stability under a signalling storm. Further on, it presents a queueing network model of the radio access part of 3G UMTS and examines the effect of the radio resource control (RRC) inactivity timers. In presence of an attack, the proposed dynamic setting of the timers manage to lower the signalling load in the network and to increase the threshold above which a network failure could happen. Further on, the network model is upgraded into a more generic and detailed model, represent different generations of mobile technologies. It is than used to compare technologies with dedicated and shared organisation of resource allocation, referred to as traditional and contemporary networks, using performance metrics such as: signalling and communication delay, blocking probability, signalling load on the network’s nodes, bandwidth holding time, etc. Finally, based on the carried analysis, two mechanisms are proposed for detection of storms in real time, based on counting of same-type bandwidth allocations, and usage of allocated bandwidth. The mechanisms are evaluated using discrete event simulation in 3G UMTS, and experiments are done combining the detectors with a simple attack mitigation approach.Open Acces
A Hybrid Secure Scheme for Wireless Sensor Networks against Timing Attacks Using Continuous-Time Markov Chain and Queueing Model
Wireless sensor networks (WSNs) have recently gained popularity for a wide
spectrum of applications. Monitoring tasks can be performed in various
environments. This may be beneficial in many scenarios, but it certainly
exhibits new challenges in terms of security due to increased data
transmission over the wireless channel with potentially unknown threats. Among
possible security issues are timing attacks, which are not prevented by
traditional cryptographic security. Moreover, the limited energy and memory
resources prohibit the use of complex security mechanisms in such systems.
Therefore, balancing between security and the associated energy consumption
becomes a crucial challenge. This paper proposes a secure scheme for WSNs
while maintaining the requirement of the security-performance tradeoff. In
order to proceed to a quantitative treatment of this problem, a hybrid
continuous-time Markov chain (CTMC) and queueing model are put forward, and
the tradeoff analysis of the security and performance attributes is carried
out. By extending and transforming this model, the mean time to security
attributes failure is evaluated. Through tradeoff analysis, we show that our
scheme can enhance the security of WSNs, and the optimal rekeying rate of the
performance and security tradeoff can be obtained. View Full-Tex
Stuck in Traffic (SiT) Attacks: A Framework for Identifying Stealthy Attacks that Cause Traffic Congestion
Recent advances in wireless technologies have enabled many new applications
in Intelligent Transportation Systems (ITS) such as collision avoidance,
cooperative driving, congestion avoidance, and traffic optimization. Due to the
vulnerable nature of wireless communication against interference and
intentional jamming, ITS face new challenges to ensure the reliability and the
safety of the overall system. In this paper, we expose a class of stealthy
attacks -- Stuck in Traffic (SiT) attacks -- that aim to cause congestion by
exploiting how drivers make decisions based on smart traffic signs. An attacker
mounting a SiT attack solves a Markov Decision Process problem to find
optimal/suboptimal attack policies in which he/she interferes with a
well-chosen subset of signals that are based on the state of the system. We
apply Approximate Policy Iteration (API) algorithms to derive potent attack
policies. We evaluate their performance on a number of systems and compare them
to other attack policies including random, myopic and DoS attack policies. The
generated policies, albeit suboptimal, are shown to significantly outperform
other attack policies as they maximize the expected cumulative reward from the
standpoint of the attacker
Robust control tools for traffic monitoring in TCP/AQM networks
Several studies have considered control theory tools for traffic control in
communication networks, as for example the congestion control issue in IP
(Internet Protocol) routers. In this paper, we propose to design a linear
observer for time-delay systems to address the traffic monitoring issue in
TCP/AQM (Transmission Control Protocol/Active Queue Management) networks. Due
to several propagation delays and the queueing delay, the set TCP/AQM is
modeled as a multiple delayed system of a particular form. Hence, appropriate
robust control tools as quadratic separation are adopted to construct a delay
dependent observer for TCP flows estimation. Note that, the developed mechanism
enables also the anomaly detection issue for a class of DoS (Denial of Service)
attacks. At last, simulations via the network simulator NS-2 and an emulation
experiment validate the proposed methodology
Mobile network anomaly detection and mitigation: The NEMESYS approach
Mobile malware and mobile network attacks are becoming a significant threat that accompanies the increasing popularity of smart phones and tablets. Thus in this paper we present our research vision that aims to develop a network-based security solution combining analytical modelling, simulation and learning, together with billing and control-plane data, to detect anomalies and attacks, and eliminate or mitigate their effects, as part of the EU FP7 NEMESYS project. These ideas are supplemented with a careful review of the state-of-the-art regarding anomaly detection techniques that mobile network operators may use to protect their infrastructure and secure users against malware
Storms in mobile networks
Mobile networks are vulnerable to signalling attacks and storms caused by traffic that overloads the control plane through excessive signalling, which can be introduced via malware and mobile botnets. With the advent of machine-to-machine (M2M) communications over mobile networks, the potential for signalling storms increases due to the normally periodic nature of M2M traffic and the sheer number of communicating nodes. Several mobile network operators have also experienced signalling storms due to poorly designed applications that result in service outage. The radio resource control (RRC) protocol is particularly susceptible to such attacks, motivating this work within the EU FP7 NEMESYS project which presents simulations that clarify the temporal dynamics of user behavior and signalling, allowing us to suggest how such attacks can be detected and mitigated
- …