Automatic security assessment for next generation wireless mobile networks

Abstract. Wireless networks are more and more popular in our life, but their increasing pervasiveness and widespread coverage raises serious security concerns. Mobile client devices potentially migrate, usually passing through very light access control policies, between numerous and heterogeneous wireless environments, bringing with them software vulnerabilities as well as possibly malicious code. To cope with these new security threats the paper proposes a new active third party authentication, authorization and security assessment strategy in which, once a device enters a new Wi-Fi environment, it is subjected to analysis by the infrastructure, and if it is found to be dangerously insecure, it is immediately taken out from the network and denied further access until its vulnerabilities have been fixed. The security assessment module, that is the fundamental component of the aforementioned strategy, takes advantage from a reliable knowledge base containing semantically-rich information about the mobile node under examination, dynamically provided by network mapping and configuration assessment facilities. It implements a fully automatic security analysis framework, based on AHP, which has been conceived to be flexible and customizable, to provide automated support for real-time execution of complex security/risk evaluation tasks which depends on the results obtained from different kind of analysis tools and methodologies. Encouraging results have been achieved utilizing a proof-of-concept model based on current technology and standard open-source networking tools

Distributed Temporal Link Prediction Algorithm Based on Label Propagation

Link prediction has steadily become an important research topic in the area of complex networks. However, the current link prediction algorithms typically neglect the evolution process and they tend to exhibit low accuracy and scalability when applied to large-scale networks. In this article, we propose a novel distributed temporal link prediction algorithm based on label propagation (DTLPLP), governed by the dynamical properties of the interactions between nodes. In particular, nodes are associated with labels, which include details of their sources, and the corresponding similarity value. When such labels are propagated across neighbouring nodes, they are updated based on the weights of the incident links, and the values from same source nodes are aggregated to evaluate the scores of links in the predicted network. Furthermore, DTLPLP has been designed to be distributed and parallelised, and thus suitable for large-scale network analysis. As part of the validation process, we have designed a prototype system developed in Pregel, which is a distributed network analysis framework. Experiments are conducted on the Enron e-mails and the General Relativity and Quantum Cosmology Scientific Collaboration networks. The experimental results show that compared to the most of link prediction algorithms, DTLPLP offers enhanced accuracy, stability and scalability

Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures

This work analyzes a new and very subtle kind of security threat that can affect large-scale cloud-based IT service infrastructures, by exploiting the computational resources of their component data center to waste as much energy as possible. The consequence of these threats ranges from increased costs in the energy bill, to penalization for exceeding the agreed quantity of greenhouse gases (GHG) emissions, up to complete denial of service caused by electrical outages due to power budget exhaustion. We analyzed different types of such attacks with their potential impacts on the energy consumption, modeled their behavior and quantified how current energy-proportional technologies may provide attackers with great opportunities for raising the target facility emissions and costs. These efforts resulted in a simple model with some parametric reference values that can be used to estimate the impact of such attacks also in presence of very large infrastructures containing thousands or millions of servers.Peer ReviewedPostprint (author's final draft

ieee access special section editorial research challenges and opportunities in security and privacy of blockchain technologies

Blockchain uses a peer-to-peer (P2P) network, rather than a central authority (e.g., a central bank or financial institution), to conduct transactions (e.g., financial transactions). Due to the decentralized nature, blockchain allows one to undertake and verify transactions in real-time. In recent times, a number of blockchain-based applications have been presented in the literature. One such popular real-world example application is Bitcoin. However, there are underlying security and privacy issues. For example, once a public key has been linked with an individual's identity, one could browse prior transactions on the blockchain and view all transactions associated with the particular public key. One key research challenge is how to balance security and privacy of an individual with accountability. For example, how can we allow the tracing of illegal activities or users (e.g., money laundering and cybercrime) without breaking the decentralization property of the system

automated production of predetermined digital evidence

Digital evidence is increasingly used in juridical proceedings. In some recent legal cases, the verdict has been strongly influenced by the digital evidence proffered by the defense. Digital traces can be left on computers, phones, digital cameras, and also on remote machines belonging to ISPs, telephone providers, companies that provide services via Internet such as YouTube, Facebook, Gmail, and so on. This paper presents a methodology for the automated production of predetermined digital evidence, which can be leveraged to forge a digital alibi. It is based on the use of an automation, a program meant to simulate any common user activity. In addition to wanted traces, the automation may produce a number of unwanted traces, which may be disclosed upon a digital forensic analysis. These include data remanence of suspicious files, as well as any kind of logs generated by the operating system modules and services. The proposed methodology describes a process to design, implement, and execute the automation on a target system, and to properly handle both wanted and unwanted evidence. Many experiments with different combinations of automation tools and operating systems are conducted. This paper presents an implementation of the methodology through VBScript on Windows 7. A forensic analysis on the target system is not sufficient to reveal that the alibi is forged by automation. These considerations emphasize the difference between digital and traditional evidence. Digital evidence is always circumstantial, and therefore it should be considered relevant only if supported by stronger evidence collected through traditional investigation techniques. Thus, a Court verdict should not be based solely on digital evidence

Condensation-based routing in mobile ad-hoc networks

The provision of efficient broadcast containment schemes that can dynamically cope with frequent topology changes and limited shared channel bandwidth, is one of the most challenging research topics in MANETs, and is crucial to the basic operations of networks serving fully mobile devices within areas having no fixed communication infrastructure. This problem particularly impacts the design of dynamic routing protocol that can efficiently establish routes to deliver data packets among mobile nodes with minimum communication overhead, and at the same time, ensure high throughput and low end-to-end delay. Accordingly, this work exploits and analyzes an adaptive probabilistic broadcast containment technique based on a particular condensation phenomenon borrowed from Quantum Mechanics and transposed in self-organizing random networks, that has the potential to effectively drive the on-demand route discovery process. Simulation-based performance analysis has shown that the proposed technique can introduce significant benefits on the general performance of broadcast-based reactive routing protocols in MANETs