An efficient null space-based Homomorphic MAC scheme against tag pollution attacks in RLNC

This letter proposes an efficient null space-based homomorphic message authentication code scheme providing resistance against tag pollution attacks in random linear network coding, where these attacks constitute a severe security threat. In contrast to data pollution attacks, where an adversary injects into the network corrupted packets, in tag pollution attacks the adversary corrupts (i.e. pollutes) tags appended to the end of the coded packets to prevent the destination nodes from decoding correctly. Our results show that the proposed scheme is more efficient compared to other competitive tag pollution immune schemes in terms of computational complexity

An OAuth2-based protocol with strong user privacy preservation for smart city mobile e-Health apps

In the context of the Smart City concept, mobile e-Health applications can play a pivotal role towards the improvement of citizens’ quality of life, since they can enable citizens to access personalized e-Health services, without limitations on time and location. However, accessing personalized e-Health services through citizens’ mobile e-Health applications, running on their mobile devices, raises many privacy issues in terms of citizens’ identity and location. These privacy issues should be addressed so that citizens, concerned about privacy leakage, will embrace Smart City mobile e-Health applications and reap their benefits. Hence, in this paper we propose an OAuth2-based protocol with strong user privacy preservation that addresses these privacy issues. Our proposed protocol follows the OAuth2 protocol flow and integrates a pseudonym-based signature scheme and a delegation signature scheme into the user authentication phase of the OAuth2 protocol. The proposed protocol enables citizens authentication towards the servers providing personalized e-Health services, while preserving their privacy from malicious mobile applications and/or eavesdroppers. Moreover, the proposed protocol does not require to store sensitive information in the citizens’ mobile devices

A Lightweight Privacy-Preserving OAuth2-Based Protocol for Smart City Mobile Apps

In the forthcoming Smart City scenario, users' mobile applications will be of fundamental role towards supporting the envisioned functionalities and services. Mobile users, provided with a smartphone, will be capable of ubiquitously connecting to service providers through their installed mobile applications. However, this connection must be authenticated, which threatens the citizen privacy rights. Privacy-preserving mechanisms have already been proposed in the past; nevertheless, they are based on RSA groups or groups with bilinear pairings, which are inefficient in mobile devices due to its computational complexity. Thus, in this paper, we integrate a lightweight anonymous credential mechanism, suitable for computationally-limited mobile devices, into the user authentication phase of the OAuth2 protocol, which has become a de facto solution for user authentication in mobile applications. The proposed protocol enables citizen's authentication towards service providers, while preserving their privacy. Additionally, the protocol is compliant with the OAuth2 specification, which enables an easy integration in current mobile application implementations

Analysis of the impact of denial of service attacks on centralized control in smart cities

The increasing threat of Denial of Service (DoS) attacks targeting Smart City systems impose unprecedented challenges in terms of service availability, especially against centralized control platforms due to their single point of failure issue. The European ARTEMIS co-funded project ACCUS (Adaptive Cooperative Control in Urban (sub) Systems) is focused on a centralized Integration and Coordination Platform (ICP) for urban subsystems to enable real-time collaborative applications across them and optimize their combined performance in Smart Cities. Hence, any outage of the ACCUS ICP, due to DoS attacks, can severely affect not only the interconnected subsystems but also the citizens. Consequently, it is of utmost importance for ACCUS ICP to be protected with the appropriate defense mechanisms against these attacks. Towards this direction, the measurement of the performance degradation of the attacked ICP server can be used for the selection of the most appropriate defense mechanisms. However, the suitable metrics are required to be defined. Therefore, this paper models and analyzes the impact of DoS attacks on the queue management temporal performance of the ACCUS ICP server in terms of system delay by using queueing theory

Profile Management System in Ubiquitous Healthcare Cloud Computing Environment

A shift from the doctor-centric model to a patient-centric model is required to face the challenges of the healthcare sector. The vision of patient-centric model can be materialized integrating ubiquitous healthcare and the notion of personalization in services. Cloud computing can be the underlying technology for ubiquitous healthcare. The use of profiles enables the personalization in healthcare services and the use of profile management systems facilitates the deployment of these services. In this paper, we propose a profile management system in ubiquitous healthcare cloud computing environment. The proposed system exploits the cloud computing technology and the smart card technology to increase the efficiency and the quality of the provided healthcare services in the context of the patient-centric model. Furthermore, we propose generic healthcare profile structures corresponding to the main classes of the participating entities in a ubiquitous healthcare cloud computing environment

Novelty detection for risk-based user authentication on mobile devices

User authentication acts as the first line of defense verifying the identity of a mobile user, often as a prerequisite to allow access to resources in a mobile device. For several decades, user authentication was based on the “something the user knows”, known also as knowledge-based user authentication. Recent studies state that although knowledge-based user authentication has been the most popular for authenticating an individual, nowadays it is no more considered secure and convenient for the mobile user as it is imposing several limitations. These limitations stress the need for the development and implementation of more secure and usable user authentication methods. Toward this direction, user authentication based on the “something the user is” has caught the attention. This category includes authentication methods which make use of human physical characteristics (also referred to as physiological biometrics), or involuntary actions (also referred to as behavioral biometrics). In particular, risk-based user authentication based on behavioral biometrics appears to have the potential to increase mobile authentication security without sacrificing usability. In this context, we, firstly, present an overview of user authentication on mobile devices and discuss risk-based user authentication for mobile devices as a suitable approach to deal with the security vs. usability challenge. Afterwards, a set of novelty detection algorithms for risk estimation is tested and evaluated to identify the most appropriate ones for risk-based user authentication on mobile devices

Efficient group key agreement & recovery in ad hoc networks

Ad hoc networks are dynamic peer-to-peer wireless networks composed of a collection of nodes which employ wireless transmission methods in a self-organized way without relying on fixed infrastructure or predetermined connectivity. Such networks pose great challenges in group communication. In this paper, we propose an efficient group key agreement and recovery mechanism based on key escrow systems for ad hoc networks. Nodes randomly change their operation and perform authentication services for specific groups

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

A null space-based MAC scheme against pollution attacks to random linear network coding

Network Coding has significantly shown the achievable throughput and robustness in wireless Networks. However, network coding-enabled networks are susceptible to pollution attacks where a small number of polluted messages will propagate due to recoding and corrupt bunches of legitimate messages. Several lightweight Homomorphic Message Authentication Code (HMAC) schemes have been proposed for protecting the transmitted data against pollution attacks; however, most of them are not appropriate for wireless networks or cannot resist tag pollution attacks. In this paper, we present a computationally efficient null space-based homomorphic MAC scheme, for network coding-enabled wireless networks. The proposed scheme makes use of two types of tags (i.e., MACs and D-MACs) to provide resistance against data pollution and tag pollution attacks. Furthermore, we demonstrate that due to its lightweight nature, our proposed scheme incurs a minimal complexity compared to other related schemes

Security in smart home environment

This chapter presents the concept of Smart Home, describes the Smart Home networking technologies and discusses the main issues for ensuring security in a Smart Home environment. Nowadays, the integration of current communication and information technologies within the dwelling has led to the emergence of Smart Homes. These technologies facilitate the building of Smart Home environments in which devices and systems can communicate with each other and can be controlled automatically in order to interact with the household members and improve the quality of their life. However, the nature of Smart Home environment, the fact that it is always connected to the outside world via Internet and the open security back doors derived from the household members raise many security concerns. Finally, by reviewing the existing literature regarding Smart Homes and security issues that exist in Smart Home environments, the authors envisage to provide a base to broaden the research in Smart Home security