Open issues in differentiating misbehavior and anomalies for VANETs

This position paper proposes new challenges in data-centric misbehavior detection for vehicular ad-hoc networks (VANETs). In VANETs, which aim to improve safety and efficiency of road transportation by enabling communication between vehicles, an important challenge is how vehicles can be certain that messages they receive are correct. Incorrectness of messages may be caused by malicious participants, damaged sensors, delayed messages or they may be triggered by software bugs. An essential point is that due to the wide deployment in these networks, we cannot assume that all vehicles will behave correctly. This effect is stronger due to the privacy requirements, as those requirements include multiple certificates per vehicle to hide its identity. To detect these incorrect messages, the research community has developed misbehavior data-centric detection mechanisms, which attempt to recognize the messages by semantically analyzing the content. The detection of anomalous messages can be used to detect and eventually revoke the certificate of the sender, if the message was malicious. However, this approach is made difficult by rare events –such as accidents–, which are essentially anomalous messages that may trigger the detection mechanisms. The idea we wish to explore in this paper is how attack detection may be improved by also considering the detection of specific types of anomalous events, such as accidents

Enhanced Position Verification for VANETs using Subjective Logic

The integrity of messages in vehicular ad-hoc networks has been extensively studied by the research community, resulting in the IEEE~1609.2 standard, which provides typical integrity guarantees. However, the correctness of message contents is still one of the main challenges of applying dependable and secure vehicular ad-hoc networks. One important use case is the validity of position information contained in messages: position verification mechanisms have been proposed in the literature to provide this functionality. A more general approach to validate such information is by applying misbehavior detection mechanisms. In this paper, we consider misbehavior detection by enhancing two position verification mechanisms and fusing their results in a generalized framework using subjective logic. We conduct extensive simulations using VEINS to study the impact of traffic density, as well as several types of attackers and fractions of attackers on our mechanisms. The obtained results show the proposed framework can validate position information as effectively as existing approaches in the literature, without tailoring the framework specifically for this use case.Comment: 7 pages, 18 figures, corrected version of a paper submitted to 2016 IEEE 84th Vehicular Technology Conference (VTC2016-Fall): revised the way an opinion is created with eART, and re-did the experiments (uploaded here as correction in agreement with TPC Chairs

Heterochromatin and the molecular mechanisms of 'parent-of-origin' effects in animals.

Twenty five years ago it was proposed that conserved components of constitutive heterochromatin assemble heterochromatinlike complexes in euchromatin and this could provide a general mechanism for regulating heritable (cell-to-cell) changes in gene expressibility. As a special case, differences in the assembly of heterochromatin-like complexes on homologous chromosomes might also regulate the parent-of-origin-dependent gene expression observed in placental mammals. Here, the progress made in the intervening period with emphasis on the role of heterochromatin and heterochromatin-like complexes in parent-of-origin effects in animals is reviewed

Insights on the security and dependability of industrial control systems

The authors discuss the findings of a recent research seminar on the security and dependability of industrial control systems and provide an overview of major challenges in the field and areas where current research should focus

Terrorist fraud resistance of distance bounding protocols employing physical unclonable functions

Distance bounding protocols (DBPs) are security protocols that aim to limit the maximum possible distance between two partners in a wireless communication. This enables to ensure locality of interaction between two devices. Despite numerous proposed protocols, recent analyses of DBPs have shown the majority of them to be susceptible to attacks. Most prominent among the unsolved security problems of DBPs is terrorist fraud. This type of attack involves collaboration with a legitimate device, after which the attacker can successfully execute the protocol. We show how terrorist fraud can be prevented by replacing shared secrets – commonly used in classical DBPs – with physical unclonable functions (PUFs). Our new approach can be integrated in all current DBPs with minor modifications. We offer two alternate designs: One utilizing challenge-response PUFs and another using so-called SIMPL systems, a PUF-analogue to public-key cryptography. We use a security model proposed by previous work to demonstrate security of our scheme

Risk Prediction of IoT Devices Based on Vulnerability Analysis

Internet of Things (IoT) devices are becoming more widespread not only in areas such as smart homes and smart cities but also in research and office environments. The sheer number, heterogeneity, and limited patch availability provide significant challenges for the security of both office networks and the Internet in general. The systematic estimation of device risks, which is essential for mitigation decisions, is currently a skill-intensive task that requires expertise in network vulnerability scanning, as well as manual effort in firmware binary analysis. This article introduces SAFER, 1 the Security Assessment Framework for Embedded-device Risks, which enables a semi-automated risk assessment of IoT devices in any network. SAFER combines information from network device identification and automated firmware analysis to estimate the current risk associated with the device. Based on past vulnerability data and vendor patch intervals for device models, SAFER extrapolates those observations into the future using different automatically parameterized prediction models. Based on that, SAFER also estimates an indicator for future security risks. This enables users to be aware of devices exposing high risks in the future. One major strength of SAFER over other approaches is its scalability, achieved through significant automation. To demonstrate this strength, we apply SAFER in the network of a large multinational organization, to systematically assess the security level of hundreds of IoT devices on large-scale networks. Results indicate that SAFER successfully identified 531 out of 572 devices leading to a device identification rate of 92.83 %, analyzed 825 firmware images, and predicted the current and future security risk for 240 devices

Unobtrusive monitoring: Statistical dissemination latency estimation in Bitcoin's peer-to-peer network.

The cryptocurrency system Bitcoin uses a peer-to-peer network to distribute new transactions to all participants. For risk estimation and usability aspects of Bitcoin applications, it is necessary to know the time required to disseminate a transaction within the network. Unfortunately, this time is not immediately obvious and hard to acquire. Measuring the dissemination latency requires many connections into the Bitcoin network, wasting network resources. Some third parties operate that way and publish large scale measurements. Relying on these measurements introduces a dependency and requires additional trust. This work describes how to unobtrusively acquire reliable estimates of the dissemination latencies for transactions without involving a third party. The dissemination latency is modelled with a lognormal distribution, and we estimate their parameters using a Bayesian model that can be updated dynamically. Our approach provides reliable estimates even when using only eight connections, the minimum connection number used by the default Bitcoin client. We provide an implementation of our approach as well as datasets for modelling and evaluation. Our approach, while slightly underestimating the latency distribution, is largely congruent with observed dissemination latencies

A comparison of TCP congestion control algorithms in 10G networks

The increasing availability of 10G Ethernet network capabilities challenges existing transport layer protocols. As 10G connections gain momentum outside of backbone networks, the choice of appropriate TCP congestion control algorithms becomes even more relevant for networked applications running in environments such as data centers. Therefore, we provide an extensive overview of relevant TCP congestion control algorithms for high-speed environments leveraging 10G. We analyzed and evaluated six TCP variants using a physical network testbed, with a focus on the effects of propagation delay and significant drop rates. The results indicate that of the algorithms compared, BIC is most suitable when no legacy variant is present, CUBIC is suggested otherwise