SIREN – A network infrastructure for emergencies.

The SIREN project (Secure, Interoperable, UAV-assisted, Rapid Emergency Deployment Communication and sensing Infrastructure) implements a secure, distributed, open, self-configured and emergency-aware network and service platform for automated, secure and dependable support of multiple mission critical applications in highly demanding and dynamic emergency environments

A pattern-based approach for designing reliable cyber-physical systems

Cyber-Physical Systems (CPS) appear to be of paramount importance due to their increasing use on critical infrastructure. New challenges have occurred because of the nature and the complexity of such systems in supporting heterogeneous physical and cyber components simultaneously. Failures or attacks on system components decrease system reliability creating severe consequences to CPS and the attached applications. The construction of complex CPS with respect to security and dependability (SandD) properties is necessary to avoid system vulnerabilities at design level. Design patterns are solutions for reusable designs and interactions of objects. In this work we present a pattern-based language for designing CPS able to guarantee SandD properties. The first set of SandD patterns includes the Reliability Component Composition (RCC) Patterns for designing reliable CPS. RCC patterns are encoded in Drools, which is a rule-based reasoning system. To evaluate our approach, we use RCC patterns as a methodology for designing a reliable wireless sensor network attached to a physical architecture to send monitored data to a central controller through relay nodes and paths

Communications in Emergency and Crisis Situations

Abstract. In emergency and crisis situations (ECS) like earthquakes, tsunamis, terrorist attacks, it is very important that communication facilities are operative to provide services both to rescue teams and civilians. In ECS it is very common that communication premises are often unable to provide services, either due to physical damages or traffic overload. In such a case there is the need for rapid reestablishment of communication services. In this paper the communication services that can be exploited for ECS mitigation are discussed. The usage scenarios of such services are studied. Following that and looking from a network perspective view an ECS communication network architecture is presented. This architecture aims to provide seamless interoperability of varies communication technologies often present in EC

WARDOG: Awareness detection watchbog for Botnet infection on the host device

Botnets constitute nowadays one of the most dangerous security threats worldwide. High volumes of infected machines are controlled by a malicious entity and perform coordinated cyber-attacks. The problem will become even worse in the era of the Internet of Things (IoT) as the number of insecure devices is going to be exponentially increased. This paper presents WARDOG – an awareness and digital forensic system that informs the end-user of the botnet’s infection, exposes the botnet infrastructure, and captures verifiable data that can be utilized in a court of law. The responsible authority gathers all information and automatically generates a unitary documentation for the case. The document contains undisputed forensic information, tracking all involved parties and their role in the attack. The deployed security mechanisms and the overall administration setting ensures non-repudiation of performed actions and enforces accountability. The provided properties are verified through theoretic analysis. In simulated environment, the effectiveness of the proposed solution, in mitigating the botnet operations, is also tested against real attack strategies that have been captured by the FORTHcert honeypots, overcoming state-of-the-art solutions. Moreover, a preliminary version is implemented in real computers and IoT devices, highlighting the low computational/communicational overheads of WARDOG in the field

Policy-Controlled Authenticated Access to LLN-Connected Healthcare Resources.

Ubiquitous devices comprising several resource-constrained nodes with sensors, actuators, and networking capabilities are becoming part of many solutions that seek to enhance user's environment smartness and quality of living, prominently including enhanced healthcare services. In such an environment, security issues are of primary concern as a potential resource misuse can severely impact user's privacy or even become life threatening. Access to these resources should be appropriately controlled to ensure that eHealth nodes are adequately protected and the services are available to authorized entities. The intrinsic resource limitations of these nodes, however, make satisfying these requirements a great challenge. This paper proposes and analyzes a service-oriented architecture that provides a policy-based, unified, cross-platform, and flexible access control mechanism, allowing authorized entities to consume services provided by eHealth nodes while protecting their valuable resources. The scheme is XACML driven, although modifications to the related standardized architecture are proposed to satisfy the requirements imposed by nodes that comprise low-power and lossy networks (LLNs). A proof-of-concept implementation is presented, along with the associated performance evaluation, confirming the feasibility of the proposed approach

Patterns for the design of secure and dependable software defined networks

In an interconnected world, cyber and physical networks face a number of challenges that need to be resolved. These challenges are mainly due to the nature and complexity of interconnected systems and networks and their ability to support heterogeneous physical and cyber components simultaneously. The construction of complex networks preserving Security and Dependability (S&D) properties is necessary to avoid system vulnerabilities, which may occur in all the different layers of Software Defined Networking (SDN) architectures. In this paper, we present a model based approach to support the design of secure and dependable SDN. This approach is based on executable patterns for designing networks able to guarantee S&D properties and can be used in SDN networks. The design patterns express conditions that can guarantee specific S&D properties and can be used to design networks that have these properties and manage them during their deployment. To evaluate our pattern approach, we have implemented executable pattern instances, in a rule-based reasoning system, and used them to design and verify wireless SDN networks with respect to availability and confidentiality. To complete this work, we propose and evaluate an implementation framework in which S&D patterns can be applied for the design and verification of SDN networks

Design and performance evaluation of a lightweight wireless early warning intrusion detection prototype

The proliferation of wireless networks has been remarkable during the last decade. The license-free nature of the ISM band along with the rapid proliferation of the Wi-Fi-enabled devices, especially the smart phones, has substantially increased the demand for broadband wireless access. However, due to their open nature, wireless networks are susceptible to a number of attacks. In this work, we present anomaly-based intrusion detection algorithms for the detection of three types of attacks: (i) attacks performed on the same channel legitimate clients use for communication, (ii) attacks on neighbouring channels, and (iii) severe attacks that completely block network's operation. Our detection algorithms are based on the cumulative sum change-point technique and they execute on a real lightweight prototype based on a limited resource mini-ITX node. The performance evaluation shows that even with limited hardware resources, the prototype can detect attacks with high detection rates and a few false alarms. © 2012 Fragkiadakis et al

Ubiquitous robust communications for emergency response using multi-operator heterogeneous networks

A number of disasters in various places of the planet have caused an extensive loss of lives, severe damages to properties and the environment, as well as a tremendous shock to the survivors. For relief and mitigation operations, emergency responders are immediately dispatched to the disaster areas. Ubiquitous and robust communications during the emergency response operations are of paramount importance. Nevertheless, various reports have highlighted that after many devastating events, the current technologies used, failed to support the mission critical communications, resulting in further loss of lives. Inefficiencies of the current communications used for emergency response include lack of technology inter-operability between different jurisdictions, and high vulnerability due to their centralized infrastructure. In this article, we propose a flexible network architecture that provides a common networking platform for heterogeneous multi-operator networks, for interoperation in case of emergencies. A wireless mesh network is the main part of the proposed architecture and this provides a back-up network in case of emergencies. We first describe the shortcomings and limitations of the current technologies, and then we address issues related to the applications and functionalities a future emergency response network should support. Furthermore, we describe the necessary requirements for a flexible, secure, robust, and QoS-aware emergency response multi-operator architecture, and then we suggest several schemes that can be adopted by our proposed architecture to meet those requirements. In addition, we suggest several methods for the re-tasking of communication means owned by independent individuals to provide support during emergencies. In order to investigate the feasibility of multimedia transmission over a wireless mesh network, we measured the performance of a video streaming application in a real wireless metropolitan multi-radio mesh network, showing that the mesh network can meet the requirements for high quality video transmissions

Secure and resilient communications for emergency response

In emergencies or disasters a key support factor for situation awareness, decision making and response is to provide a secure and dependable network infrastructure that aggregates connectivity over all available heterogeneous wireless broadband access technologies, including those employed for commercial network access, which adapts to mission critical application requirements and enables immediate and robust communications among command centres, rescue workers and affected population. This dissertation is aiming at a secure by design, distributed, open, self-configured and emergency-aware network and service architecture for automated, secure and dependable support of multiple mission critical applications in highly demanding and dynamic emergency environments. This thesis proposes and develops a secure and dependable overlay network model that hides heterogeneity of the underlying networks and support the multiplicity of communication needs across different types of users and user groups in emergencies. It also designs and implements an integrated comprehensive security architecture that combines pro active and reactive security mechanisms, taking into account cross-layer considerations and multi-operator emergency environments. In terms of pro active security, the dissertation introduces a family of key agreement methods based on weak to strong authentication associated with several multiparty contributory key agreement schemes. In the area of reactive security, the dissertation introduces anomaly-based wireless intrusion detection algorithms for the detection of various attacks on the wireless channels. Finally, it includes prototype implementation of the reactive security algorithms and proof of concept evaluation and validation of the proposed emergency response architecture and the developed security mechanisms through a series of experiments at local and metropolitan scale test-beds.EThOS - Electronic Theses Online ServiceGBUnited Kingdo