SAnoVs: Secure Anonymous Voting Scheme for clustered ad hoc networks

In this paper we propose a secure anonymous voting scheme (SAnoVS) for re-clustering in the ad-hoc network. SAnoVS extends our previous work of degree-based clustering algorithms by achieving anonymity and confidentiality of the voting procedure applied to select new cluster heads. The security of SAnoVS is based on the difficulty of computing discrete logarithms over elliptic curves, the intractability of inverting a one-way hash function and the fact that only neighboring nodes contribute to the generation of a shared secret. Furthermore, we achieve anonymity since our scheme does not require any identification information as we make use of a polynomial equation system combined with pseudo-random coordinates. The security analysis of our scheme is demonstrated with several attacks scenarios.examined with several attack scenarios and experimental results

Protection of an intrusion detection engine with watermarking in ad hoc networks

Mobile ad hoc networks have received great attention in recent years, mainly due to the evolution of wireless networking and mobile computing hardware. Nevertheless, many inherent vulnerabilities exist in mobile ad hoc networks and their applications that affect the security of wireless transactions. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient we need a second line of defense, Intrusion Detection. In this pa-per we present an intrusion detection engine based on neural networks and a protection method based on watermarking techniques. In particular, we exploit information visualization and machine learning techniques in order to achieve intrusion detection and we authenticate the maps produced by the application of the intelligent techniques using a novel combined watermarking embedding method. The performance of the proposed model is evaluated under different traffic conditions, mobility patterns and visualization metrics

NAVI: Novel authentication with visual information

Text-based passwords, despite their well-known drawbacks, remain the dominant user authentication scheme implemented. Graphical password systems, based on visual information such as the recognition of photographs and / or pictures, have emerged as a promising alternative to the aggregate reliance on text passwords. Nevertheless, despite the advantages offered they have not been widely used in practice since many open issues need to be resolved. In this paper we propose a novel graphical password scheme, NAVI, where the credentials of the user are his username and a password formulated by drawing a route on a predefined map. We analyze the strength of the password generated by this scheme and present a prototype implementation in order to illustrate the feasibility of our proposal. Finally, we discuss NAVI’s security features and compare it with existing graphical password schemes as well as text-based passwords in terms of key security features, such aspassword keyspace, dictionary attacks and guessing attacks. The proposed scheme appears to have the same or better performance in the majority of the security features examined

ForChaos: Real Time Application DDoS detection using Forecasting and Chaos Theory in Smart Home IoT Network

Recently, D/DoS attacks have been launched by zombie IoT devices in smart home networks. They pose a great threat to to network systems with Application Layer DDoS attacks being especially hard to detect due to their stealth and seemingly legitimacy. In this paper, we propose we propose ForChaos, a lightweight detection algorithm for IoT devices, that is based on forecasting and chaos theory to identify flooding and DDoS attacks. For every time-series behaviour collected, a forecasting-technique prediction is generated, based on a number of features, and the error between the two values is calcualted. In order to assess the error of the forecasting from the actual value, the lyapunov exponent is used to detect potential malicious behaviour. In NS-3 we evaluate our detection algorithm through a series of experiments in Flooding and Slow-Rate DDoS attacks. The results are presented and discussed in detail and compared with related studies, demonstrating its effectiveness and robustness

A two‐step authentication framework for Mobile ad hoc networks

The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation

Network attack detection at flow level

In this paper, we propose a new method for detecting unauthorized network intrusions, based on a traffic flow model and Cisco NetFlow protocol application. The method developed allows us not only to detect the most common types of network attack (DDoS and port scanning), but also to make a list of trespassers' IP-addresses. Therefore, this method can be applied in intrusion detection systems, and in those systems which lock these IP-addresses

User dependent cryptography for security in future mobile telecommunication systems

In this paper we propose a user dependent scheme for enhancing security of the transmitted content in the future telecommunication systems. In order to achieve a higher level of security we introduce a scheme where the user identity gets involved in the encryption/decryption processes using an additional component for the block cipher which represents the user’s behavioural model. Applying such a scheme, in addition to introducing more difficulties to an attacker due to the user dependency of the cipher algorithm, gives the mobile operator the opportunity to ensure that a licensed service has not been shared by the customer. To show the feasibility of our approach we use the concept of invertible Boolean functions as an example

Degree-Based Clustering Algorithms for Wireless Ad Hoc Networks Under Attack

In this paper we investigate the behavior of degree-based clustering algorithms with respect to their stability and attack-resistance. Our attack scenario tries to bias the clustering head selection procedure by sending faulty degree claims. We propose a randomized variant of the highest degree algorithm which is proved, through experimental results, attack-resistant without imposing significant overhead to the clustering performance. In addition, we extend our proposal with a cooperative consistent clustering algorithm which integrates security into the clustering decision achieving attacker identification and classification

Towards an effective intrusion response engine combined with intrusion detection in ad hoc networks

In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks

Two‐Step Authentication in Mobile Ad Hoc Networks

The lack of fixed infrastructure in ad hoc networks causes nodes to rely more heavily on peer nodes for communication. Nevertheless, establishing trust in such a distributed environment is very difficult, since it is not straightforward for a node to determine if its peer nodes can be trusted. An additional concern in such an environment is with whether a peer node is merely relaying a message or if it is the originator of the message. In this paper, we propose an authentication approach for protecting nodes in mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using several authentication protocols are analyzed. Protocols based on zero knowledge and challenge response techniques are presented and their performance is evaluated through analysis and simulation