Firmware enhancements for BYOD-aware network security

In today’s connected world, users migrate within a complex set of networks, including, but not limited to, 3G and 4G (LTE) services provided by mobile operators, Wi-Fi hotspots in private and public places, as well as wireless and/or wired LAN access in business and home environments. Following the widely expanding Bring Your Own Device (BYOD) approach, many public and educational institutions have begun to encourage customers and students to use their own devices at all times. While this may be cost-effective in terms of decreased investments in hardware and consequently lower maintenance fees on a long-term basis, it may also involve some security risks. In particular, many users are often connected to more than one network and/or communication service provider at the same time, for example to a 3G/4G mobile network and to a Wi-Fi. In a BYOD setting, an infected device or a rogue one can turn into an unwanted gateway, causing a security breach by leaking information across networks. Aiming at investigating in greater detail the implications of BYOD on network security in private and business settings we are building a framework for experiments with mobile routers both in home and business networks. This is a continuation of our earlier work on communications and services with enhanced security for network appliances

Formal verification of secondary authentication protocol for 5G secondary authentication

The Fifth-Generation mobile network (5G) will enable interconnectivity between the Home Network (HN) and Data Network (DN) whereby mobile users with their User Equipment (UE) will be able to access services provided by external Service Providers (SP) seamlessly. The mobile user and SP will rely on security assurances provided by authentication protocols used. For 5G, primary authentication between the UE and the HN has been defined and specified by the Third Generation Partnership Project (3GPP) while the secondary authentication has also been defined but not specified. 3GPP recommends the Extensible Authentication Protocol (EAP) framework for secondary authentication between the UE and the SP. However, the secondary authentication methods have not been formally verified, so this paper proposes a Secondary Authentication Protocol (SAP) for service authentication and provides a comprehensive formal analysis using ProVerif a security protocol verifier. Finally, it conducts a security analysis on the protocol's security properties

Security for network services delivery of 5G enabled device-to-device communications mobile network

The increase in mobile traffic led to the development of Fifth Generation (5G) mobile network. 5G will provide Ultra Reliable Low Latency Communication (URLLC), Massive Machine Type Communication (mMTC), enhanced Mobile Broadband (eMBB). Device-to-Device (D2D) communications will be used as the underlaying technology to offload traffic from 5G Core Network (5GC) and push content closer to User Equipment (UE). It will be supported by a variety of Network Service (NS) such as Content-Centric Networking (CCN) that will provide access to other services and deliver content-based services. However, this raises new security and delivery challenges. Therefore, research was conducted to address the security issues in delivering NS in 5G enabled D2D communications network. To support D2D communications in 5G, this thesis introduces a Network Services Delivery (NSD) framework defining an integrated system model. It incorporates Cloud Radio Access Network (C-RAN) architecture, D2D communications, and CCN to support 5G’s objectives in Home Network (HN), roaming, and proximity scenarios. The research explores the security of 5G enabled D2D communications by conducting a comprehensive investigation on security threats. It analyses threats using Dolev Yao (DY) threat model and evaluates security requirements using a systematic approach based on X.805 security framework. Which aligns security requirements with network connectivity, service delivery, and sharing between entities. This analysis highlights the need for security mechanisms to provide security to NSD in an integrated system, to specify these security mechanisms, a security framework to address the security challenges at different levels of the system model is introduced. To align suitable security mechanisms, the research defines underlying security protocols to provide security at the network, service, and D2D levels. This research also explores 5G authentication protocols specified by the Third Generation Partnership Project (3GPP) for securing communication between UE and HN, checks the security guarantees of two 3GPP specified protocols, 5G-Authentication and Key Agreement (AKA) and 5G Extensive Authentication Protocol (EAP)-AKA’ that provide primary authentication at Network Access Security (NAC). The research addresses Service Level Security (SLS) by proposing Federated Identity Management (FIdM) model to integrate federated security in 5G, it also proposes three security protocols to provide secondary authentication and authorization of UE to Service Provider (SP). It also addresses D2D Service Security (DDS) by proposing two security protocols that secure the caching and sharing of services between two UEs in different D2D communications scenarios. All protocols in this research are verified for functional correctness and security guarantees using a formal method approach and semi-automated protocol verifier. The research conducts security properties and performance evaluation of the protocols for their effectiveness. It also presents how each proposed protocol provides an interface for an integrated, comprehensive security solution to secure communications for NSD in a 5G enabled D2D communications network. The main contributions of this research are the design and formal verification of security protocols. Performance evaluation is supplementary

SUTMS - Unified Threat Management Framework for Home Networks

Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

FedEdge AI-TC: A Semi-supervised Traffic Classification Method based on Trusted Federated Deep Learning for Mobile Edge Computing

As a typical entity of MEC (Mobile Edge Computing), 5G CPE (Customer Premise Equipment)/HGU (Home Gateway Unit) has proven to be a promising alternative to traditional Smart Home Gateway. Network TC (Traffic Classification) is a vital service quality assurance and security management method for communication networks, which has become a crucial functional entity in 5G CPE/HGU. In recent years, many researchers have applied Machine Learning or Deep Learning (DL) to TC, namely AI-TC, to improve its performance. However, AI-TC faces challenges, including data dependency, resource-intensive traffic labeling, and user privacy concerns. The limited computing resources of 5G CPE further complicate efficient classification. Moreover, the "black box" nature of AI-TC models raises transparency and credibility issues. The paper proposes the FedEdge AI-TC framework, leveraging Federated Learning (FL) for reliable Network TC in 5G CPE. FL ensures privacy by employing local training, model parameter iteration, and centralized training. A semi-supervised TC algorithm based on Variational Auto-Encoder (VAE) and convolutional neural network (CNN) reduces data dependency while maintaining accuracy. To optimize model light-weight deployment, the paper introduces XAI-Pruning, an AI model compression method combined with DL model interpretability. Experimental evaluation demonstrates FedEdge AI-TC's superiority over benchmarks in terms of accuracy and efficient TC performance. The framework enhances user privacy and model credibility, offering a comprehensive solution for dependable and transparent Network TC in 5G CPE, thus enhancing service quality and security.Comment: 13 pages, 13 figure

CMI Computing: A Cloud, MANET, and Internet of Things Integration for Future Internet

The wireless communication is making it easier for smart devices to communicate with one another in terms of the network of the Internet of Things. Smart devices are automatically linked and built up a network on their own. But there are more obstacles to safe access within the network itself. Mobile devices such as smart home automation access point, smart washing machines, mobile boards, temperature sensors, color-changing smart lighting, smartphones, wearable devices, and smart appliances, etc. are widespread in our daily lives and is becoming valuable tools with wireless communication abilities that are using specific wireless standards that are commonly used with IEEE 802.11 access points. On the realism of the Internet, security has been perceived as a prominent inhibitor of embracing the cloud paradigm. It is resource storage and management that may lay in any since the cloud environment is a distributed architecture, which place of the world, many concerns have been raised over its vulnerabilities, security threats and challenges. The involvement of various parties has widened these concerns based on each party's perspective and objective. The Cloud point of view we mainly discuss the causes of obstacles and challenges related to security, reliability, privacy, and service availability. The wireless communication Security has been raised as one of the most critical issues of cloud computing where resolving such an issue would result in constant growth in the cloud’s use and popularity. Our purpose of this study is to create a framework of mobile ad hoc network mobility model using cloud computing for providing secure communication among smart devices network for the internet of things in 5G heterogeneous networks. Our main contribution links a new methodology for providing secure communication on the internet of smart devices in 5G. Our methodology uses the correct and efficient simulation of the desired study and can be implemented in a framework of the Internet of Things in 5G

A Framework of Cooperating Agents Hierarchies for Local-Area Mobility Support

Host mobility creates a routing problem in the Internet, where an IP address reflects the network\u27s point of attachment. Mobile IP, relying on a mapping between a home address and a care-of address, and a home registration process, is widely accepted as a solution for the host mobility problem in wide-area mobility scenarios. However, its home registration requirement, upon each change of point of attachment, makes it unsuitable to handle local-area mobility, resulting in large handoff latencies, increased packet loss, and disrupted services. In this dissertation, we introduce a local-area mobility support framework for IPv4 based on the deployment of multiple cooperating mobility agents hierarchies in the foreign domain. First, we introduce a hierarchy model offering a backward compatible mode to service legacy mobile hosts, unaware of local-area mobility extensions. Second, for intra-hierarchy handoffs, we identify several design deficiencies within the current Mobile IP hierarchy extension proposal, and present an enhanced regional registration framework for local handoffs that encompasses a replay protection identification value dissemination mechanism. In addition, we present two novel registration frameworks for home registrations involving local handoffs, in which we identify the dual nature of such registrations, and attempt to emphasize the local handoff aspect. One technique, maintains tunneling of data packets to the MH (Mobile Host) through an old path until a home registration reply is received to set up the new path. In contrast, the other technique adopts a more proactive bold approach in switching immediately to the new path resulting in a reduction of the handoff latency. Third, for inter-hierarchy handoffs, we present a scalable, configurable, and cooperation based framework between mobility agents hierarchies to reduce the handoffs latencies. An attempt is made to exploit the expected network proximity between hierarchies within the foreign domain, and maintain a mobile host\u27s home-registered care-of address unchanged while within the same foreign domain. In addition, the involved registration signaling design requires a reduced number of security associations between mobility agents belonging to different hierarchies, and copes with the fact that the mobile host\u27s home-registered care-of address might not be reachable

Review on Service Recommendation System using Social User?s Rating Behaviors

The research communities of information retrieval, machine learning and data mining are recently started to paying attention towards Service recommendation systems. Traditional service recommendation algorithms are often based on batch machine learning methods which are having certain critical limitations, e.g., mostly systems are so costly also new user needs to pay the certain cost for new login, can?t capture the changes of user preferences over time. So that to overcome from that problem it is important to make service recommendation system more flexible for real world online applications where data arrives sequentially and user preferences may change randomly and dynamically. The proposed system present a new framework of online social recommendation on the basis of online graph regularized user preference learning (OGRPL), which incorporates both collaborative user-services relationship as well as service content features into an unified preference learning process. Also provide aggregated services in only one application (social networking) which increases user?s interest towards the services. Proposed system also provides security about subscribed services as well as documents/photos on online social network application. Proposed system utilizes services like Active Life, Beauty & Spas, Home Services, Hotels & Travel, Pets, Restaurants and Shopping

Smart Washers May Clean Your Clothes, But Hacks Can Clean Out Your Privacy, and Underdeveloped Regulations Could Leave You Hanging on a Line, 32 J. Marshall J. Info. Tech. & Privacy L. 259 (2016)

A house is equipped with a smart clothes washer, an intelligent HVAC system and a video enabled home security system, all running through the home network - it reduces the noise by doing laundry when no one is at home, saves energy costs by automatically changing the temperature depending who is in a room, lets the owner remotely see the kids walk in the door after school, and keeps the house safe - the owner is maximizing the use of the Internet of Things (“IoT”) devices (i.e. a network of everyday objects connected to the Internet and to each other). However, the home owner has also created at least four points for data vulnerabilities, giving a hacker four opportunities to enter the home. A single hack can allow a wrongdoer to determine when no one is home and access an empty house, spy on the children and collect PIN numbers and any sensitive data recorded by any or all of the IoT service providers, like credit card numbers. When such a data breach happens, what legal protections does a consumer have? What regulatory infrastructure is in place to prevent this type of intrusion, what data is considered protectable personal identifying information (PII), what obligations do the manufacturers have to prevent hacks, and what remedies are available to those whose privacy has been corrupted? This paper attempts to address the growing infiltration of the IoT into everyday life and to answer some of these questions by looking at the current US legal framework addressing privacy