9,772 research outputs found
Secure Identification in Social Wireless Networks
The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices.
The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future
LineSwitch: Efficiently Managing Switch Flow in Software-Defined Networking while Effectively Tackling DoS Attacks
Software Defined Networking (SDN) is a new networking architecture which aims
to provide better decoupling between network control (control plane) and data
forwarding functionalities (data plane). This separation introduces several
benefits, such as a directly programmable and (virtually) centralized network
control. However, researchers showed that the required communication channel
between the control and data plane of SDN creates a potential bottleneck in the
system, introducing new vulnerabilities. Indeed, this behavior could be
exploited to mount powerful attacks, such as the control plane saturation
attack, that can severely hinder the performance of the whole network.
In this paper we present LineSwitch, an efficient and effective solution
against control plane saturation attack. LineSwitch combines SYN proxy
techniques and probabilistic blacklisting of network traffic. We implemented
LineSwitch as an extension of OpenFlow, the current reference implementation of
SDN, and evaluate our solution considering different traffic scenarios (with
and without attack). The results of our preliminary experiments confirm that,
compared to the state-of-the-art, LineSwitch reduces the time overhead up to
30%, while ensuring the same level of protection.Comment: In Proceedings of the 10th ACM Symposium on Information, Computer and
Communications Security (ASIACCS 2015). To appea
ViotSOC: Controlling Access to Dynamically Virtualized IoT Services using Service Object Capability
Virtualization of Internet of Things(IoT) is a concept of dynamically
building customized high-level IoT services which
rely on the real time data streams from low-level physical
IoT sensors. Security in IoT virtualization is challenging,
because with the growing number of available (building
block) services, the number of personalizable virtual
services grows exponentially. This paper proposes Service
Object Capability(SOC) ticket system, a decentralized access
control mechanism between servers and clients to effi-
ciently authenticate and authorize each other without using
public key cryptography. SOC supports decentralized
partial delegation of capabilities specified in each server/-
client ticket. Unlike PKI certificates, SOC’s authentication
time and handshake packet overhead stays constant regardless
of each capability’s delegation hop distance from the
root delegator. The paper compares SOC’s security bene-
fits with Kerberos and the experimental results show SOC’s
authentication incurs significantly less time packet overhead
compared against those from other mechanisms based on
RSA-PKI and ECC-PKI algorithms. SOC is as secure as,
and more efficient and suitable for IoT environments, than
existing PKIs and Kerberos
Enabling Disaster Resilient 4G Mobile Communication Networks
The 4G Long Term Evolution (LTE) is the cellular technology expected to
outperform the previous generations and to some extent revolutionize the
experience of the users by taking advantage of the most advanced radio access
techniques (i.e. OFDMA, SC-FDMA, MIMO). However, the strong dependencies
between user equipments (UEs), base stations (eNBs) and the Evolved Packet Core
(EPC) limit the flexibility, manageability and resiliency in such networks. In
case the communication links between UEs-eNB or eNB-EPC are disrupted, UEs are
in fact unable to communicate. In this article, we reshape the 4G mobile
network to move towards more virtual and distributed architectures for
improving disaster resilience, drastically reducing the dependency between UEs,
eNBs and EPC. The contribution of this work is twofold. We firstly present the
Flexible Management Entity (FME), a distributed entity which leverages on
virtualized EPC functionalities in 4G cellular systems. Second, we introduce a
simple and novel device-todevice (D2D) communication scheme allowing the UEs in
physical proximity to communicate directly without resorting to the
coordination with an eNB.Comment: Submitted to IEEE Communications Magazin
Performance analysis of next generation web access via satellite
Acknowledgements This work was partially funded by the European Union's Horizon 2020 research and innovation programme under grant agreement No. 644334 (NEAT). The views expressed are solely those of the author(s).Peer reviewedPostprin
Recommended from our members
Synthesis from specifications : basic concepts
The need has evolved for a synthesis tool at the computer system level. SpecSyn is one such tool. Basically, it will view the world as a set of chips communicating via protocols. Thus, an abstract specification would get synthesized into a set of one or more interconnected chips. From that point, detail is added to each chip's specification until its structure is synthesized or it is determined that a prefabricated chip similar in functionality can be used.Features of such a tool include executable specifications from which to synthesize, constraint driven partitioning of the specifications into components (chips) and synthesis of interfaces between them, translation into VHDL and synthesis into VHDL structures of micro-architectural components, and the use of other tools (e.g. MILO, a micro-architecture and logic optimizer, and LES, a layout expert system) to evaluate the quality of the chip layout generated from VHDL description.A major component of SpecSyn is SpecCharts, a high level specification language amenable to system level synthesis, able to represent designs from system to register transfer levels. The language consists of a hierarchy of states, represented in combined graphical and textual form, at the same time catering to the expression of concurrent behavior and specification of constraints. With it we have specified several Intel chips as well as higher level systems, and have found it to be quite powerful and easy to use.SpecSyn will have a graphical interface, from which the user can at any time view or edit a SpecChart, translate to VHDL and simulate, view statistics provided by estimators (such as area, speed, and pins), store and retrieve SpecCharts, apply basic Spec Chart operations, as well as apply the partitioning algorithms or interface synthesizer. Providing access to a wide range of tools, having a single language represent the design throughout the synthesis process, and having user specified constraints allow the user to have varying amounts of control over the synthesis process
Quantum Key Distribution (QKD) and Commodity Security Protocols: Introduction and Integration
We present an overview of quantum key distribution (QKD), a secure key
exchange method based on the quantum laws of physics rather than computational
complexity. We also provide an overview of the two most widely used commodity
security protocols, IPsec and TLS. Pursuing a key exchange model, we propose
how QKD could be integrated into these security applications. For such a QKD
integration we propose a support layer that provides a set of common QKD
services between the QKD protocol and the security applicationsComment: 12Page
A Survey on Handover Management in Mobility Architectures
This work presents a comprehensive and structured taxonomy of available
techniques for managing the handover process in mobility architectures.
Representative works from the existing literature have been divided into
appropriate categories, based on their ability to support horizontal handovers,
vertical handovers and multihoming. We describe approaches designed to work on
the current Internet (i.e. IPv4-based networks), as well as those that have
been devised for the "future" Internet (e.g. IPv6-based networks and
extensions). Quantitative measures and qualitative indicators are also
presented and used to evaluate and compare the examined approaches. This
critical review provides some valuable guidelines and suggestions for designing
and developing mobility architectures, including some practical expedients
(e.g. those required in the current Internet environment), aimed to cope with
the presence of NAT/firewalls and to provide support to legacy systems and
several communication protocols working at the application layer
From FPGA to ASIC: A RISC-V processor experience
This work document a correct design flow using these tools in the Lagarto RISC- V Processor and the RTL design considerations that must be taken into account, to move from a design for FPGA to design for ASIC
- …