916 research outputs found

    Securing NextG networks with physical-layer key generation: A survey

    Get PDF
    As the development of next-generation (NextG) communication networks continues, tremendous devices are accessing the network and the amount of information is exploding. However, with the increase of sensitive data that requires confidentiality to be transmitted and stored in the network, wireless network security risks are further amplified. Physical-layer key generation (PKG) has received extensive attention in security research due to its solid information-theoretic security proof, ease of implementation, and low cost. Nevertheless, the applications of PKG in the NextG networks are still in the preliminary exploration stage. Therefore, we survey existing research and discuss (1) the performance advantages of PKG compared to cryptography schemes, (2) the principles and processes of PKG, as well as research progresses in previous network environments, and (3) new application scenarios and development potential for PKG in NextG communication networks, particularly analyzing the effect and prospects of PKG in massive multiple-input multiple-output (MIMO), reconfigurable intelligent surfaces (RISs), artificial intelligence (AI) enabled networks, integrated space-air-ground network, and quantum communication. Moreover, we summarize open issues and provide new insights into the development trends of PKG in NextG networks

    Authentication enhancement in command and control networks: (a study in Vehicular Ad-Hoc Networks)

    Get PDF
    Intelligent transportation systems contribute to improved traffic safety by facilitating real time communication between vehicles. By using wireless channels for communication, vehicular networks are susceptible to a wide range of attacks, such as impersonation, modification, and replay. In this context, securing data exchange between intercommunicating terminals, e.g., vehicle-to-everything (V2X) communication, constitutes a technological challenge that needs to be addressed. Hence, message authentication is crucial to safeguard vehicular ad-hoc networks (VANETs) from malicious attacks. The current state-of-the-art for authentication in VANETs relies on conventional cryptographic primitives, introducing significant computation and communication overheads. In this challenging scenario, physical (PHY)-layer authentication has gained popularity, which involves leveraging the inherent characteristics of wireless channels and the hardware imperfections to discriminate between wireless devices. However, PHY-layerbased authentication cannot be an alternative to crypto-based methods as the initial legitimacy detection must be conducted using cryptographic methods to extract the communicating terminal secret features. Nevertheless, it can be a promising complementary solution for the reauthentication problem in VANETs, introducing what is known as “cross-layer authentication.” This thesis focuses on designing efficient cross-layer authentication schemes for VANETs, reducing the communication and computation overheads associated with transmitting and verifying a crypto-based signature for each transmission. The following provides an overview of the proposed methodologies employed in various contributions presented in this thesis. 1. The first cross-layer authentication scheme: A four-step process represents this approach: initial crypto-based authentication, shared key extraction, re-authentication via a PHY challenge-response algorithm, and adaptive adjustments based on channel conditions. Simulation results validate its efficacy, especially in low signal-to-noise ratio (SNR) scenarios while proving its resilience against active and passive attacks. 2. The second cross-layer authentication scheme: Leveraging the spatially and temporally correlated wireless channel features, this scheme extracts high entropy shared keys that can be used to create dynamic PHY-layer signatures for authentication. A 3-Dimensional (3D) scattering Doppler emulator is designed to investigate the scheme’s performance at different speeds of a moving vehicle and SNRs. Theoretical and hardware implementation analyses prove the scheme’s capability to support high detection probability for an acceptable false alarm value ≤ 0.1 at SNR ≥ 0 dB and speed ≤ 45 m/s. 3. The third proposal: Reconfigurable intelligent surfaces (RIS) integration for improved authentication: Focusing on enhancing PHY-layer re-authentication, this proposal explores integrating RIS technology to improve SNR directed at designated vehicles. Theoretical analysis and practical implementation of the proposed scheme are conducted using a 1-bit RIS, consisting of 64 × 64 reflective units. Experimental results show a significant improvement in the Pd, increasing from 0.82 to 0.96 at SNR = − 6 dB for multicarrier communications. 4. The fourth proposal: RIS-enhanced vehicular communication security: Tailored for challenging SNR in non-line-of-sight (NLoS) scenarios, this proposal optimises key extraction and defends against denial-of-service (DoS) attacks through selective signal strengthening. Hardware implementation studies prove its effectiveness, showcasing improved key extraction performance and resilience against potential threats. 5. The fifth cross-layer authentication scheme: Integrating PKI-based initial legitimacy detection and blockchain-based reconciliation techniques, this scheme ensures secure data exchange. Rigorous security analyses and performance evaluations using network simulators and computation metrics showcase its effectiveness, ensuring its resistance against common attacks and time efficiency in message verification. 6. The final proposal: Group key distribution: Employing smart contract-based blockchain technology alongside PKI-based authentication, this proposal distributes group session keys securely. Its lightweight symmetric key cryptography-based method maintains privacy in VANETs, validated via Ethereum’s main network (MainNet) and comprehensive computation and communication evaluations. The analysis shows that the proposed methods yield a noteworthy reduction, approximately ranging from 70% to 99%, in both computation and communication overheads, as compared to the conventional approaches. This reduction pertains to the verification and transmission of 1000 messages in total

    A Trust Management Framework for Vehicular Ad Hoc Networks

    Get PDF
    The inception of Vehicular Ad Hoc Networks (VANETs) provides an opportunity for road users and public infrastructure to share information that improves the operation of roads and the driver experience. However, such systems can be vulnerable to malicious external entities and legitimate users. Trust management is used to address attacks from legitimate users in accordance with a user’s trust score. Trust models evaluate messages to assign rewards or punishments. This can be used to influence a driver’s future behaviour or, in extremis, block the driver. With receiver-side schemes, various methods are used to evaluate trust including, reputation computation, neighbour recommendations, and storing historical information. However, they incur overhead and add a delay when deciding whether to accept or reject messages. In this thesis, we propose a novel Tamper-Proof Device (TPD) based trust framework for managing trust of multiple drivers at the sender side vehicle that updates trust, stores, and protects information from malicious tampering. The TPD also regulates, rewards, and punishes each specific driver, as required. Furthermore, the trust score determines the classes of message that a driver can access. Dissemination of feedback is only required when there is an attack (conflicting information). A Road-Side Unit (RSU) rules on a dispute, using either the sum of products of trust and feedback or official vehicle data if available. These “untrue attacks” are resolved by an RSU using collaboration, and then providing a fixed amount of reward and punishment, as appropriate. Repeated attacks are addressed by incremental punishments and potentially driver access-blocking when conditions are met. The lack of sophistication in this fixed RSU assessment scheme is then addressed by a novel fuzzy logic-based RSU approach. This determines a fairer level of reward and punishment based on the severity of incident, driver past behaviour, and RSU confidence. The fuzzy RSU controller assesses judgements in such a way as to encourage drivers to improve their behaviour. Although any driver can lie in any situation, we believe that trustworthy drivers are more likely to remain so, and vice versa. We capture this behaviour in a Markov chain model for the sender and reporter driver behaviours where a driver’s truthfulness is influenced by their trust score and trust state. For each trust state, the driver’s likelihood of lying or honesty is set by a probability distribution which is different for each state. This framework is analysed in Veins using various classes of vehicles under different traffic conditions. Results confirm that the framework operates effectively in the presence of untrue and inconsistent attacks. The correct functioning is confirmed with the system appropriately classifying incidents when clarifier vehicles send truthful feedback. The framework is also evaluated against a centralized reputation scheme and the results demonstrate that it outperforms the reputation approach in terms of reduced communication overhead and shorter response time. Next, we perform a set of experiments to evaluate the performance of the fuzzy assessment in Veins. The fuzzy and fixed RSU assessment schemes are compared, and the results show that the fuzzy scheme provides better overall driver behaviour. The Markov chain driver behaviour model is also examined when changing the initial trust score of all drivers

    Displacement and the Humanities: Manifestos from the Ancient to the Present

    Get PDF
    This is the final version. Available on open access from MDPI via the DOI in this recordThis is a reprint of articles from the Special Issue published online in the open access journal Humanities (ISSN 2076-0787) (available at: https://www.mdpi.com/journal/humanities/special_issues/Manifestos Ancient Present)This volume brings together the work of practitioners, communities, artists and other researchers from multiple disciplines. Seeking to provoke a discourse around displacement within and beyond the field of Humanities, it positions historical cases and debates, some reaching into the ancient past, within diverse geo-chronological contexts and current world urgencies. In adopting an innovative dialogic structure, between practitioners on the ground - from architects and urban planners to artists - and academics working across subject areas, the volume is a proposition to: remap priorities for current research agendas; open up disciplines, critically analysing their approaches; address the socio-political responsibilities that we have as scholars and practitioners; and provide an alternative site of discourse for contemporary concerns about displacement. Ultimately, this volume aims to provoke future work and collaborations - hence, manifestos - not only in the historical and literary fields, but wider research concerned with human mobility and the challenges confronting people who are out of place of rights, protection and belonging

    LIPIcs, Volume 251, ITCS 2023, Complete Volume

    Get PDF
    LIPIcs, Volume 251, ITCS 2023, Complete Volum

    20th SC@RUG 2023 proceedings 2022-2023

    Get PDF

    Deteção de intrusões de rede baseada em anomalias

    Get PDF
    Dissertação de mestrado integrado em Eletrónica Industrial e ComputadoresAo longo dos últimos anos, a segurança de hardware e software tornou-se uma grande preocupação. À medida que a complexidade dos sistemas aumenta, as suas vulnerabilidades a sofisticadas técnicas de ataque têm proporcionalmente escalado. Frequentemente o problema reside na heterogenidade de dispositivos conectados ao veículo, tornando difícil a convergência da monitorização de todos os protocolos num único produto de segurança. Por esse motivo, o mercado requer ferramentas mais avançadas para a monitorizar ambientes críticos à vida humana, tais como os nossos automóveis. Considerando que existem várias formas de interagir com os sistemas de entretenimento do automóvel como o Bluetooth, o Wi-fi ou CDs multimédia, a necessidade de auditar as suas interfaces tornou-se uma prioridade, uma vez que elas representam um sério meio de aceeso à rede interna do carro. Atualmente, os mecanismos de segurança de um carro focam-se na monitotização da rede CAN, deixando para trás as tecnologias referidas e não contemplando os sistemas não críticos. Como exemplo disso, o Bluetooth traz desafios diferentes da rede CAN, uma vez que interage diretamente com o utilizador e está exposto a ataques externos. Uma abordagem alternativa para tornar o automóvel num sistema mais robusto é manter sob supervisão as comunicações que com este são estabelecidas. Ao implementar uma detecção de intrusão baseada em anomalias, esta dissertação visa analisar o protocolo Bluetooth no sentido de identificar interações anormais que possam alertar para uma situação fora dos padrões de utilização. Em última análise, este produto de software embebido incorpora uma grande margem de auto-aprendizagem, que é vital para enfrentar quaisquer ameaças desconhecidas e aumentar os níveis de segurança globais. Ao longo deste documento, apresentamos o estudo do problema seguido de uma metodologia alternativa que implementa um algoritmo baseado numa LSTM para prever a sequência de comandos HCI correspondentes a tráfego Bluetooth normal. Os resultados mostram a forma como esta abordagem pode impactar a deteção de intrusões nestes ambientes ao demonstrar uma grande capacidade para identificar padrões anómalos no conjunto de dados considerado.In the last few years, hardware and software security have become a major concern. As the systems’ complexity increases, its vulnerabilities to several sophisticated attack techniques have escalated likewise. Quite often, the problem lies in the heterogeneity of the devices connected to the vehicle, making it difficult to converge the monitoring systems of all existing protocols into one security product. Thereby, the market requires more refined tools to monitor life-risky environments such as personal vehicles. Considering that there are several ways to interact with the car’s infotainment system, such as Wi-fi, Bluetooth, or CD player, the need to audit these interfaces has become a priority as they represent a serious channel to reach the internal car network. Nowadays, security in car networks focuses on CAN bus monitoring, leaving behind the aforementioned technologies and not contemplating other non-critical systems. As an example of these concerns, Bluetooth brings different challenges compared to CAN as it interacts directly with the user, being exposed to external attacks. An alternative approach to converting modern vehicles and their set of computers into more robust systems is to keep track of established communications with them. By enforcing anomaly-based intrusion detection this dissertation aims to analyze the Bluetooth protocol to identify abnormal user interactions that may alert for a non conforming pattern. Ultimately, such embedded software product incorporates a self-learning edge, which is vital to face newly developed threats and increasing global security levels. Throughout this document, we present the study case followed by an alternative methodology that implements an LSTM based algorithm to predict a sequence of HCI commands corresponding to normal Bluetooth traffic. The results show how this approach can impact intrusion detection in such environments by expressing a high capability of identifying abnormal patterns in the considered data

    SUTMS - Unified Threat Management Framework for Home Networks

    Get PDF
    Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates
    corecore