Protection of an intrusion detection engine with watermarking in ad hoc networks

Mobile ad hoc networks have received great attention in recent years, mainly due to the evolution of wireless networking and mobile computing hardware. Nevertheless, many inherent vulnerabilities exist in mobile ad hoc networks and their applications that affect the security of wireless transactions. As intrusion prevention mechanisms, such as encryption and authentication, are not sufficient we need a second line of defense, Intrusion Detection. In this pa-per we present an intrusion detection engine based on neural networks and a protection method based on watermarking techniques. In particular, we exploit information visualization and machine learning techniques in order to achieve intrusion detection and we authenticate the maps produced by the application of the intelligent techniques using a novel combined watermarking embedding method. The performance of the proposed model is evaluated under different traffic conditions, mobility patterns and visualization metrics

Towards an effective intrusion response engine combined with intrusion detection in ad hoc networks

In this paper, we present an effective intrusion response engine combined with intrusion detection in ad hoc networks. The intrusion response engine is composed of a secure communication module, a local and a global response module. Its function is based on an innovative tree-based key agreement protocol while the intrusion detection engine is based on a class of neural networks called eSOM. The proposed intrusion response model and the tree-based protocol, it is based on, are analyzed concerning key secrecy while the intrusion detection engine is evaluated for MANET under different traffic conditions and mobility patterns. The results show a high detection rate for packet dropping attacks

Synergistic user ↔ context analytics

Various flavours of a new research field on (socio-)physical or personal analytics have emerged, with the goal of deriving semanticallyrich insights from people’s low-level physical sensing combined with their (online) social interactions. In this paper, we argue for more comprehensive data sources, including environmental and application-specific data, to better capture the interactions between users and their context, in addition to those among users. We provide some example use cases and present our ongoing work towards a synergistic analytics platform: a testbed based on mobile crowdsensing and IoT, a data model for representing the different sources of data and their connections, and a prediction engine for analyzing the data and producing insights

Optimal Proximity Proofs Revisited

Distance bounding protocols become important since wireless technologies become more and more common. Therefore, the security of the distance bounding protocol should be carefully analyzed. However, most of the protocols are not secure or their security is proven informally. Recently, Boureanu and Vaudenay defined the common structure which is commonly followed by most of the distance bounding protocols: answers to challenges are accepted if they are correct and on time. They further analyzed the optimal security that we can achieve in this structure and proposed DBopt which reaches the optimal security bounds. In this paper, we define three new structures: when the prover registers the time of a challenge, when the verifier randomizes the sending time of the challenge, and the combined structure. Then, we show the optimal security bounds against distance fraud and mafia fraud which are lower than the bounds showed by Boureanu and Vaudenay for the common structure. Finally, we adapt the DBopt protocol according to our new structures and we get three new distance bounding protocols. All of them are proven formally. In the end, we compare the performance of the new protocols with DBopt and we see that we have a better efficiency. For instance, we can reduce the number of rounds in DB2 (one of the instances of DBopt) from $123$ to $5$ with the same security

Revisiting two-hop distance-bounding protocols: Are you really close enough?

The emergence of ubiquitous computing has led to multiple heterogeneous devices with increased connectivity. In this communication paradigm everything is inter-connected and proximity-based authentication is an indispensable requirement in multiple applications including contactless payments and access control to restricted services/places. Distance-bounding (DB) protocols is the main approach employed to achieve accurate proximity-based authentication. Traditional distance-bounding requires that the prover and the verifier are in each other’s communication range. Recently, Pagnin et al. have proposed a two-hop DB protocol that allows proximity-based authentication, when the prover and the verifier need to rely on an intermediate untrusted party (linker). In this paper, we investigate further the topic of two-hop distance-bounding. We analyse the security of the Pagnin et al. protocol for internal adversaries and we investigate the impact of the position of the linker in the distance-bounding process. We propose a new two-hop DB protocol that is more lightweight and avoids the identified problems. Finally, we extend the protocol to the multi-hop setting and we provide a detailed security analysis for internal adversaries

User-driven RFID applications and challenges

Aikaterini Mitrokotsa, Quan Z. Sheng, Zakaria Maama

RFID technology, systems, and applications

EditorialQuan Z.Sheng, Sherali Zeadally, Aikaterini Mitrokotsa, Zakaria Maama

A comprehensive RFID solution to enhance inpatient medication safety

Errors involving medication administration can be costly, both in financial and in human terms. Indeed, there is much potential for errors due to the complexity of the medication administration process. Nurses are often singled out as the only responsible of these errors because they are in charge of drug administration. Nevertheless, the interventions of every actor involved in the process and the system design itself contribute to errors (Wakefield et al. (1998) [23]). Proper inpatient medication safety systems can help to reduce such errors in hospitals. In this paper, we review in depth two recent proposals (Chien et al. (2010) [7]; Huang and Ku (2009) [12]) that pursue the aforementioned objective. Unfortunately, they fail in their attempt mainly due to their security faults but interesting ideas can be drawn from both. These security faults refer to impersonation and replay attacks that could produce the generation of a forged proof stating that certain medication was administered to an inpatient when it was not. We propose a leading-edge solution to enhance inpatient medication safety based on RFID technology that overcomes these weaknesses. Our solution, named Inpatient Safety RFID system (IS-RFID), takes into account the Information Technology (IT) infrastructure of a hospital and covers every phase of the drug administration process. From a practical perspective, our system can be easily integrated within hospital IT infrastructures, has a moderate cost, is very ease to use and deals with security aspects as a key point. © 2010 Elsevier Ireland Ltd