5,294 research outputs found
Secure Position-Based Routing for VANETs
Vehicular communication (VC) systems have the potential to improve road safety and driving comfort. Nevertheless, securing the operation is a prerequisite for deployment. So far, the security of VC applications has mostly drawn the attention of research efforts, while comprehensive solutions to protect the network operation have not been developed. In this paper, we address this problem: we provide a scheme that secures geographic position-based routing, which has been widely accepted as the appropriate one for VC. Moreover, we focus on the scheme currently chosen and evaluated in the Car2Car Communication Consortium (C2C-CC). We integrate security mechanisms to protect the position-based routing functionality and services (beaconing, multi-hop forwarding, and geo-location discovery), and enhance the network robustness. We propose defense mechanisms, relying both on cryptographic primitives, and plausibility checks mitigating false position injection. Our implementation and initial measurements show that the security overhead is low and the proposed scheme deployable
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
The Road Ahead for Networking: A Survey on ICN-IP Coexistence Solutions
In recent years, the current Internet has experienced an unexpected paradigm
shift in the usage model, which has pushed researchers towards the design of
the Information-Centric Networking (ICN) paradigm as a possible replacement of
the existing architecture. Even though both Academia and Industry have
investigated the feasibility and effectiveness of ICN, achieving the complete
replacement of the Internet Protocol (IP) is a challenging task.
Some research groups have already addressed the coexistence by designing
their own architectures, but none of those is the final solution to move
towards the future Internet considering the unaltered state of the networking.
To design such architecture, the research community needs now a comprehensive
overview of the existing solutions that have so far addressed the coexistence.
The purpose of this paper is to reach this goal by providing the first
comprehensive survey and classification of the coexistence architectures
according to their features (i.e., deployment approach, deployment scenarios,
addressed coexistence requirements and architecture or technology used) and
evaluation parameters (i.e., challenges emerging during the deployment and the
runtime behaviour of an architecture). We believe that this paper will finally
fill the gap required for moving towards the design of the final coexistence
architecture.Comment: 23 pages, 16 figures, 3 table
- …