X-Vine: Secure and Pseudonymous Routing Using Social Networks

Distributed hash tables suffer from several security and privacy vulnerabilities, including the problem of Sybil attacks. Existing social network-based solutions to mitigate the Sybil attacks in DHT routing have a high state requirement and do not provide an adequate level of privacy. For instance, such techniques require a user to reveal their social network contacts. We design X-Vine, a protection mechanism for distributed hash tables that operates entirely by communicating over social network links. As with traditional peer-to-peer systems, X-Vine provides robustness, scalability, and a platform for innovation. The use of social network links for communication helps protect participant privacy and adds a new dimension of trust absent from previous designs. X-Vine is resilient to denial of service via Sybil attacks, and in fact is the first Sybil defense that requires only a logarithmic amount of state per node, making it suitable for large-scale and dynamic settings. X-Vine also helps protect the privacy of users social network contacts and keeps their IP addresses hidden from those outside of their social circle, providing a basis for pseudonymous communication. We first evaluate our design with analysis and simulations, using several real world large-scale social networking topologies. We show that the constraints of X-Vine allow the insertion of only a logarithmic number of Sybil identities per attack edge; we show this mitigates the impact of malicious attacks while not affecting the performance of honest nodes. Moreover, our algorithms are efficient, maintain low stretch, and avoid hot spots in the network. We validate our design with a PlanetLab implementation and a Facebook plugin.Comment: 15 page

Intrusion Tolerant Routing Protocols for Wireless Sensor Networks

This MSc thesis is focused in the study, solution proposal and experimental evaluation of security solutions for Wireless Sensor Networks (WSNs). The objectives are centered on intrusion tolerant routing services, adapted for the characteristics and requirements of WSN nodes and operation behavior. The main contribution addresses the establishment of pro-active intrusion tolerance properties at the network level, as security mechanisms for the proposal of a reliable and secure routing protocol. Those properties and mechanisms will augment a secure communication base layer supported by light-weigh cryptography methods, to improve the global network resilience capabilities against possible intrusion-attacks on the WSN nodes. Adapting to WSN characteristics, the design of the intended security services also pushes complexity away from resource-poor sensor nodes towards resource-rich and trustable base stations. The devised solution will construct, securely and efficiently, a secure tree-structured routing service for data-dissemination in large scale deployed WSNs. The purpose is to tolerate the damage caused by adversaries modeled according with the Dolev-Yao threat model and ISO X.800 attack typology and framework, or intruders that can compromise maliciously the deployed sensor nodes, injecting, modifying, or blocking packets, jeopardizing the correct behavior of internal network routing processing and topology management. The proposed enhanced mechanisms, as well as the design and implementation of a new intrusiontolerant routing protocol for a large scale WSN are evaluated by simulation. For this purpose, the evaluation is based on a rich simulation environment, modeling networks from hundreds to tens of thousands of wireless sensors, analyzing different dimensions: connectivity conditions, degree-distribution patterns, latency and average short-paths, clustering, reliability metrics and energy cost

State of the art of cyber-physical systems security: An automatic control perspective

Cyber-physical systems are integrations of computation, networking, and physical processes. Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns. Our systematic mapping study sheds light on how security is actually addressed when dealing with cyber-physical systems from an automatic control perspective. The provided map of 138 selected studies is defined empirically and is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies. It presents a powerful comparison framework for existing and future research on this hot topic, important for both industry and academia

Resilient Control Under Denial-of-Service:Results and Research Directions

The question of security is becoming central for the current generation of engineering systems which more and more rely on networks to support monitoring and control tasks. This chapter addresses the question of designing network control systems that are resilient to Denial-of-Service, that is to phenomena which render a communication network unavailable to use. We review recent results in this area and discuss some of the research challenges.</p

Secure Data Aggregation Protocol with Byzantine Robustness for Wireless Sensor Networks

Sensor networks are dense wireless networks constituting of small and low-cost sensors that collect and disseminate sensory data. They have gained great attention in recent years due to their ability to offer economical and effective solutions in a variety of fields; and their profound suitability to address mission critical problems that are common in health, transportation, and military applications. “Sensor networks” is a technology that is seen to change the world, and as such their deployment is expected to see a rapid growth. Effective security strategy is essential for any sensor network in order to maintain trustful and reliable functionality, protect sensory information, and ensure network component authenticity. Security models and protocols that are typically used in other types of networks, such as wired networks, are not suitable for sensor networks due to their specific hardware specifications. This thesis highlights some of the research done so far in the area of security of wireless sensor networks and proposes a solution to detect Byzantine behaviour - a challenging security threat that many sensor networks face. The proposed solution’s use of cryptography is kept at a minimum to ensure maximum secure bandwidth. Under this solution, a sensor network continues to work normally until an attack is suspected. Once an attack is suspected, a cryptography scheme is enabled to authenticate suspected nodes and to allow the identification of potential external attacks. If an attack seems to persist after the cryptography scheme has been enabled, the same mechanism is used to identify and isolate potentially compromised nodes. The goal is to introduce a degree of intelligence into such networks and consequently improve reliability of data collection, accuracy of aggregated data, and prolong network lifetime