8,766 research outputs found
Software Defined Security Service Provisioning Framework for Internet of Things
Programmable management framework have paved the way for managing devices in
the network. Lately, emerging paradigm of Software Defined Networking (SDN)
have revolutionized programmable networks. Designers of networking applications
i.e. Internet of things (IoT) have started investigating potentials of SDN
paradigm in improving network management. IoT envision interconnecting various
embedded devices surrounding our environment with IP to enable internet
connectivity. Unlike traditional network architectures, IoT are characterized
by constraint in resources and heterogeneous inter connectivity of wireless and
wired medium. Therefore, unique challenges for managing IoT are raised which
are discussed in this paper. Ubiquity of IoT have raised unique security
challenges in IoT which is one of the aspect of management framework for IoT.
In this paper, security threats and requirements are summarized in IoT
extracted from the state of the art efforts in investigating security
challenges of IoT. Also, SDN based security service provisioning framework for
IoT is proposed.Comment: 15 pages, 18 figure
Resilient networking in wireless sensor networks
This report deals with security in wireless sensor networks (WSNs),
especially in network layer. Multiple secure routing protocols have been
proposed in the literature. However, they often use the cryptography to secure
routing functionalities. The cryptography alone is not enough to defend against
multiple attacks due to the node compromise. Therefore, we need more
algorithmic solutions. In this report, we focus on the behavior of routing
protocols to determine which properties make them more resilient to attacks.
Our aim is to find some answers to the following questions. Are there any
existing protocols, not designed initially for security, but which already
contain some inherently resilient properties against attacks under which some
portion of the network nodes is compromised? If yes, which specific behaviors
are making these protocols more resilient? We propose in this report an
overview of security strategies for WSNs in general, including existing attacks
and defensive measures. In this report we focus at the network layer in
particular, and an analysis of the behavior of four particular routing
protocols is provided to determine their inherent resiliency to insider
attacks. The protocols considered are: Dynamic Source Routing (DSR),
Gradient-Based Routing (GBR), Greedy Forwarding (GF) and Random Walk Routing
(RWR)
Understanding Security Requirements and Challenges in Internet of Things (IoTs): A Review
Internet of Things (IoT) is realized by the idea of free flow of information
amongst various low power embedded devices that use Internet to communicate
with one another. It is predicted that the IoT will be widely deployed and it
will find applicability in various domains of life. Demands of IoT have lately
attracted huge attention and organizations are excited about the business value
of the data that will be generated by the IoT paradigm. On the other hand, IoT
have various security and privacy concerns for the end users that limit its
proliferation. In this paper we have identified, categorized and discussed
various security challenges and state of the art efforts to resolve these
challenges
Security and Privacy Challenges in Cognitive Wireless Sensor Networks
Wireless sensor networks (WSNs) have attracted a lot of interest in the
research community due to their potential applicability in a wide range of
real-world practical applications. However, due to the distributed nature and
their deployments in critical applications without human interventions and
sensitivity and criticality of data communicated, these networks are vulnerable
to numerous security and privacy threats that can adversely affect their
performance. These issues become even more critical in cognitive wireless
sensor networks (CWSNs) in which the sensor nodes have the capabilities of
changing their transmission and reception parameters according to the radio
environment under which they operate in order to achieve reliable and efficient
communication and optimum utilization of the network resources. This chapter
presents a comprehensive discussion on the security and privacy issues in CWSNs
by identifying various security threats in these networks and various defense
mechanisms to counter these vulnerabilities. Various types of attacks on CWSNs
are categorized under different classes based on their natures and targets, and
corresponding to each attack class, appropriate security mechanisms are also
discussed. Some critical research issues on security and privacy in CWSNs are
also identified.Comment: 36 pages, 4 figures, 2 tables. The book chapter is accepted for
publication in 201
Internet of Things: Survey on Security and Privacy
The Internet of Things (IoT) is intended for ubiquitous connectivity among
different entities or "things". While its purpose is to provide effective and
efficient solutions, security of the devices and network is a challenging
issue. The number of devices connected along with the ad-hoc nature of the
system further exacerbates the situation. Therefore, security and privacy has
emerged as a significant challenge for the IoT. In this paper,we aim to provide
a thorough survey related to the privacy and security challenges of the IoT.
This document addresses these challenges from the perspective of technologies
and architecture used. This work focuses also in IoT intrinsic vulnerabilities
as well as the security challenges of various layers based on the security
principles of data confidentiality, integrity and availability. This survey
analyzes articles published for the IoT at the time and relates it to the
security conjuncture of the field and its projection to the future.Comment: 16 pages, 3 figure
A ReRAM Physically Unclonable Function (ReRAM PUF)-based Approach to Enhance Authentication Security in Software Defined Wireless Networks
The exponentially increasing number of ubiquitous wireless devices connected
to the Internet in Internet of Things (IoT) networks highlights the need for a
new paradigm of data flow management in such large-scale networks under
software defined wireless networking (SDWN). The limited power and computation
capability available at IoT devices as well as the centralized management and
decision-making approach in SDWN introduce a whole new set of security threats
to the networks. In particular, the authentication mechanism between the
controllers and the forwarding devices in SDWNs is a key challenge from both
secrecy and integrity aspects. Conventional authentication protocols based on
public key infrastructure (PKI) are no longer sufficient for these networks
considering the large-scale and heterogeneity nature of the networks as well as
their deployment cost, and security vulnerabilities due to key distribution and
storage. We propose a novel security protocol based on physical unclonable
functions (PUFs) known as hardware security primitives to enhance the
authentication security in SDWNs. In this approach, digital PUFs are developed
using the inherent randomness of the nanomaterials of Resistive Random Access
Memory (ReRAM) that are embedded in most IoT devices to enable a secure
authentication and access control in these networks. These PUFs are developed
based on a novel approach of multi-states, in which the natural drifts due to
the physical variations in the environment are predicted to reduce the
potential errors in challenge-response pairs of PUFs being tested in different
situations. We also proposed a PUF-based PKI protocol to secure the controller
in SDWNs. The performance of the developed ReRAM-based PUFs are evaluated in
the experimental results.Comment: 16 pages, 10 figures, submitted to Springer International Journal of
Wireless Information Network
A Survey on Software-Defined VANETs: Benefits, Challenges, and Future Directions
The evolving of Fifth Generation (5G) networks isbecoming more readily
available as a major driver of the growthof new applications and business
models. Vehicular Ad hocNetworks (VANETs) and Software Defined Networking
(SDN)represent the key enablers of 5G technology with the developmentof next
generation intelligent vehicular networks and applica-tions. In recent years,
researchers have focused on the integrationof SDN and VANET, and look at
different topics related to thearchitecture, the benefits of software-defined
VANET servicesand the new functionalities to adapt them. However, securityand
robustness of the complete architecture is still questionableand have been
largely negleted. Moreover, the deployment andintegration of novel entities and
several architectural componentsdrive new security threats and
vulnerabilities.In this paper, first we survey the state-of-the-art SDN
basedVehicular ad-hoc Network (SDVN) architectures for their net-working
infrastructure design, functionalities, benefits, and chal-lenges. Then we
discuss these SDVN architectures against majorsecurity threats that violate the
key security services such asavailability, confidentiality, authentication, and
data integrity.We also propose different countermeasures to these
threats.Finally, we discuss the lessons learned with the directions offuture
research work towards provisioning stringent security andprivacy solutions in
future SDVN architectures. To the best of ourknowledge, this is the first
comprehensive work that presents sucha survey and analysis on SDVNs in the era
of future generationnetworks (e.g., 5G, and Information centric networking)
andapplications (e.g., intelligent transportation system, and IoT-enabled
advertising in VANETs).Comment: 17 pages, 2 figure
Security, Privacy, and Access Control in Information-Centric Networking: A Survey
Information-Centric Networking (ICN) is a new networking paradigm, which
replaces the widely used host-centric networking paradigm in communication
networks (e.g., Internet, mobile ad hoc networks) with an information-centric
paradigm, which prioritizes the delivery of named content, oblivious of the
contents origin. Content and client security are more intrinsic in the ICN
paradigm versus the current host centric paradigm where they have been
instrumented as an after thought. By design, the ICN paradigm inherently
supports several security and privacy features, such as provenance and identity
privacy, which are still not effectively available in the host-centric
paradigm. However, given its nascency, the ICN paradigm has several open
security and privacy concerns, some that existed in the old paradigm, and some
new and unique. In this article, we survey the existing literature in security
and privacy research sub-space in ICN. More specifically, we explore three
broad areas: security threats, privacy risks, and access control enforcement
mechanisms.
We present the underlying principle of the existing works, discuss the
drawbacks of the proposed approaches, and explore potential future research
directions. In the broad area of security, we review attack scenarios, such as
denial of service, cache pollution, and content poisoning. In the broad area of
privacy, we discuss user privacy and anonymity, name and signature privacy, and
content privacy. ICN's feature of ubiquitous caching introduces a major
challenge for access control enforcement that requires special attention. In
this broad area, we review existing access control mechanisms including
encryption-based, attribute-based, session-based, and proxy re-encryption-based
access control schemes. We conclude the survey with lessons learned and scope
for future work.Comment: 36 pages, 17 figure
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
Privacy-Preserving DDoS Attack Detection Using Cross-Domain Traffic in Software Defined Networks
Existing distributed denial-of-service attack detection in software defined
networks (SDNs) typically perform detection in a single domain. In reality,
abnormal traffic usually affects multiple network domains. Thus, a cross-domain
attack detection has been proposed to improve detection performance. However,
when participating in detection, the domain of each SDN needs to provide a
large amount of real traffic data, from which private information may be
leaked. Existing multiparty privacy protection schemes often achieve privacy
guarantees by sacrificing accuracy or increasing the time cost. Achieving both
high accuracy and reasonable time consumption is a challenging task. In this
paper, we propose Predis, which is a privacypreserving cross-domain attack
detection scheme for SDNs. Predis combines perturbation encryption and data
encryption to protect privacy and employs a computationally simple and
efficient algorithm k-Nearest Neighbors (kNN) as its detection algorithm. We
also improve kNN to achieve better efficiency. Via theoretical analysis and
extensive simulations, we demonstrate that Predis is capable of achieving
efficient and accurate attack detection while securing sensitive information of
each domain
- …