Cross Layer Security

Image removed.

Protocol architectures traditionally followed strict layering principles to ensure interoperability, rapid deployment, and efficient implementation. But a lack of coordination between layers limits the performance of these architectures. More important, the lack of coordination may introduce security vulnerabilities and potential threat vectors. The literature cited here addresses the problems and opportunities available for cross layer security.

 

  • Datta, E.; Goyal, N., "Security Attack Mitigation Framework For The Cloud," Reliability and Maintainability Symposium (RAMS), 2014 Annual , vol., no., pp.1,6, 27-30 Jan. 2014. (ID#:14-1627) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6798457&isnumber=6798433 Cloud computing brings in a lot of advantages for enterprise IT infrastructure; virtualization technology, which is the backbone of cloud, provides easy consolidation of resources, reduction of cost, space and management efforts. However, security of critical and private data is a major concern which still keeps back a lot of customers from switching over from their traditional in-house IT infrastructure to a cloud service. Existence of techniques to physically locate a virtual machine in the cloud, proliferation of software vulnerability exploits and cross-channel attacks in-between virtual machines, all of these together increases the risk of business data leaks and privacy losses. This work proposes a framework to mitigate such risks and engineer customer trust towards enterprise cloud computing. Everyday new vulnerabilities are being discovered even in well-engineered software products and the hacking techniques are getting sophisticated over time. In this scenario, absolute guarantee of security in enterprise wide information processing system seems a remote possibility; software systems in the cloud are vulnerable to security attacks. Practical solution for the security problems lies in well-engineered attack mitigation plan. At the positive side, cloud computing has a collective infrastructure which can be effectively used to mitigate the attacks if an appropriate defense framework is in place. We propose such an attack mitigation framework for the cloud. Software vulnerabilities in the cloud have different severities and different impacts on the security parameters (confidentiality, integrity, and availability). By using Markov model, we continuously monitor and quantify the risk of compromise in different security parameters (e.g.: change in the potential to compromise the data confidentiality). Whenever, there is a significant change in risk, our framework would facilitate the tenants to calculate the Mean Time to Security Failure (MTTSF) cloud and allow - hem to adopt a dynamic mitigation plan. This framework is an add-on security layer in the cloud resource manager and it could improve the customer trust on enterprise cloud solutions. Keywords: Markov processes; cloud computing; security of data; virtualization; MTTSF cloud; Markov model; attack mitigation plan; availability parameter; business data leaks; cloud resource manager; cloud service; confidentiality parameter; cross-channel attacks; customer trust; enterprise IT infrastructure; enterprise cloud computing; enterprise cloud solutions; enterprise wide information processing system; hacking techniques; information technology; integrity parameter; mean time to security failure; privacy losses; private data security; resource consolidation; security attack mitigation framework; security guarantee; software products; software vulnerabilities; software vulnerability exploits; virtual machine; virtualization technology; Cloud computing; Companies; Security; Silicon; Virtual machining; Attack Graphs; Cloud computing; Markov Chain; Security; Security Administration}
  • Bo Fu; Yang Xiao; Hongmei Deng; Hui Zeng, "A Survey of Cross-Layer Designs in Wireless Networks," Communications Surveys & Tutorials, IEEE , vol.16, no.1, pp.110,126, First Quarter 2014. (ID#:14-1628) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6587995&isnumber=6734841 The strict boundary of the five layers in the TCP/IP network model provides the information encapsulation that enables the standardizing of network communications and makes the implementation of networks convenient in terms of abstract layers. However, the encapsulation results in some side effects, including compromise of QoS, latency, extra overload, etc. Therefore, to mitigate the side effect of the encapsulation between the abstract layers in the TCP/IP model, a number of cross-layer designs have been proposed. Cross-layer designs allow information sharing among all of the five layers in order to improve the wireless network functionality, including security, QoS, and mobility. In this article, we classify cross-layer designs by two ways. On the one hand, by how to share information among the five layers, cross-layer designs can be classified into two categories: non-manager method and manager method. On the other hand, by the organization of the network, cross-layer designs can be classified into two categories: centralized method and distributed method. Furthermore, we summarize the challenges of the cross-layer designs, including coexistence, signaling, the lack of a universal cross-layer design, and the destruction of the layered architecture. Keywords: quality of service; radio networks; telecommunication security; transport protocols; QoS; TCP/IP network model; centralized method; cross-layer designs; distributed method; information encapsulation; manager method; mobility; network communications; security; wireless network functionality; IP networks; Information management; Physical layer; Protocols; Quality of service; Security; Wireless networks; Cross-layer design; security; wireless networks
  • Rieke, R.; Repp, J.; Zhdanova, M.; Eichler, J., "Monitoring Security Compliance of Critical Processes," Parallel, Distributed and Network-Based Processing (PDP), 2014 22nd Euromicro International Conference on , vol., no., pp.552,560, 12-14 Feb. 2014. (ID#:14-1629) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6787328&isnumber=6787236 Enforcing security in process-aware information systems at runtime requires the monitoring of systems' operation using process information. Analysis of this information with respect to security and compliance aspects is growing in complexity with the increase in functionality, connectivity, and dynamics of process evolution. To tackle this complexity, the application of models is becoming standard practice. Considering today's frequent changes to processes, model-based support for security and compliance analysis is not only needed in pre-operational phases but also at runtime. This paper presents an approach to support evaluation of the security status of processes at runtime. The approach is based on operational formal models derived from process specifications and security policies comprising technical, organizational, regulatory and cross-layer aspects. A process behavior model is synchronized by events from the running process and utilizes prediction of expected close-future states to find possible security violations and allow early decisions on countermeasures. The applicability of the approach is exemplified by a misuse case scenario from a hydroelectric power plant. Keywords: hydroelectric power stations; power system security; critical processes; hydroelectric power plant; model-based support; operational formal models; process behavior model; process specifications; process-aware information systems; security compliance; security policies; Automata; Business; Computational modeling; Monitoring; Predictive models; Runtime; Security; critical infrastructures; predictive security analysis; process behavior analysis; security information and event management; security modeling and simulation; security monitoring
  • Mendes, L.D.P.; Rodrigues, J.J.P.C.; Lloret, J.; Sendra, S., "Cross-Layer Dynamic Admission Control for Cloud-Based Multimedia Sensor Networks," Systems Journal, IEEE , vol.8, no.1, pp.235,246, March 2014. (ID#:14-1630) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6553353&isnumber=6740850 Cloud-based communications system is now widely used in many application fields such as medicine, security, environment protection, etc. Its use is being extended to the most demanding services like multimedia delivery. However, there are a lot of constraints when cloud-based sensor networks use the standard IEEE 802.15.3 or IEEE 802.15.4 technologies. This paper proposes a channel characterization scheme combined to a cross-layer admission control in dynamic cloud-based multimedia sensor networks to share the network resources among any two nodes. The analysis shows the behavior of two nodes using different network access technologies and the channel effects for each technology. Moreover, the existence of optimal node arrival rates in order to improve the usage of dynamic admission control when network resources are used is also shown. An extensive simulation study was performed to evaluate and validate the efficiency of the proposed dynamic admission control for cloud-based multimedia sensor networks. Keywords: IEEE standards; Zigbee; channel allocation; cloud computing; control engineering computing; multimedia communication; telecommunication congestion control; wireless sensor networks; channel characterization scheme; channel effects; cloud-based communications system; cloud-based sensor networks; cross-layer admission control; cross-layer dynamic admission control; dynamic cloud-based multimedia sensor networks; extensive simulation study; multimedia delivery; network access technology; network resources; optimal node arrival rates; standard IEEE 802.15.3 technology; standard IEEE 802.15.4 technology; Admission control; cloud computing; cross-layer design; multimedia communications ;sensor networks
  • Kumar, G.V.P.; Reddy, D.K., "An Agent Based Intrusion Detection System for Wireless Network with Artificial Immune System (AIS) and Negative Clone Selection," Electronic Systems, Signal Processing and Computing Technologies (ICESC), 2014 International Conference on , vol., no., pp.429,433, 9-11 Jan. 2014. (ID#:14-1631) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6745417&isnumber=6745317 Intrusion in Wireless network differs from IP network in a sense that wireless intrusion is both of packet level as well as signal level. Hence a wireless intrusion signature may be as simple as say a changed MAC address or jamming signal to as complicated as session hijacking. Therefore merely managing and cross verifying the patterns from an intrusion source are difficult in such a network. Beside the difficulty of detecting the intrusion at different layers, the network credential varies from node to node due to factors like mobility, congestion, node failure and so on. Hence conventional techniques for intrusion detection fail to prevail in wireless networks. Therefore in this work we device a unique agent based technique to gather information from various nodes and use this information with an evolutionary artificial immune system to detect the intrusion and prevent the same via bypassing or delaying the transmission over the intrusive paths. Simulation results show that the overhead of running AIS system does not vary and is consistent for topological changes. The system also proves that the proposed system is well suited for intrusion detection and prevention in wireless network. Keywords: access protocols; artificial immune systems; jamming; packet radio networks; radio networks; security of data; AIS system; IP network; MAC address; agent based intrusion detection system; artificial immune system; jamming signal; negative clone selection; network topology; session hijacking; wireless intrusion signature; wireless network; Bandwidth; Delays; Immune system; Intrusion detection; Mobile agents; Wireless networks; Wireless sensor networks; AIS; congestion; intrusion detection; mobility
  • Tsai, J., "An Improved Cross-Layer Privacy-Preserving Authentication in WAVE-enabled VANETs," Communications Letters, IEEE, vol. PP, no.99, pp.1,1, May 2014. (ID#:14-1632) Available at: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6814798&isnumber=5534602 In 2013, Biswas and Misic proposed a new privacypreserving authentication scheme for WAVE-based vehicular ad hoc networks (VANETs), claiming that they used a variant of the Elliptic Curve Digital Signature Algorithm (ECDSA). However, our study has discovered that the authentication scheme proposed by them is vulnerable to a private key reveal attack. Any malicious receiving vehicle who receives a valid signature from a legal signing vehicle can gain access to the signing vehicle private key from the learned valid signature. Hence, the authentication scheme proposed by Biswas and Misic is insecure. We thus propose an improved version to overcome this weakness. The proposed improved scheme also supports identity revocation and trace. Based on this security property, the CA and a receiving entity (RSU or OBU) can check whether a received signature has been generated by a revoked vehicle. Security analysis is also conducted to evaluate the security strength of the proposed authentication scheme. Keywords: Authentication; Digital signatures; Elliptic curves; Law; Public key; Vehicles
  • Liang Hong, Wei Chen, “Information Theory And Cryptography Based Secured Communication Scheme For Cooperative MIMO Communication In Wireless Sensor Networks,” Ad Hoc Networks, Volume 14, March, 2014, (Pages 95-105). (ID#:14-1633) Available at: http://dl.acm.org/citation.cfm?id=2580129.2580645&coll=DL&dl=GUIDE&CFID=376909966&CFTOKEN=69937197 A cross-layer secured communication approach is proposed as a solution to improve and secure wireless sensor network communication. This solution examines overriding compromised external and active attacks on nodes via layered cryptographic methods and key management. A cryptographic method would be applied at higher network layers, coupled with data assurance analysis at the physical layer to bolster security in data transmission and receipt. The authors of this work also propose an information theory-based detector, at the physical layer, to detect active compromised nodes and prompt the key management system to revoke keys. Results of simulations are discussed.
  • Tobias Oder, Thomas Pöppelmann, Tim Güneysu, “Beyond ECDSA and RSA: Lattice-based Digital Signatures on Constrained Devices,” DAC '14 Proceedings of the The 51st Annual Design Automation Conference on Design Automation Conference, June 2014, (Pages 1-6). (ID#:14-1634) Available at: http://dl.acm.org/citation.cfm?id=2593069.2593098&coll=DL&dl=GUIDE&CFID=376909966&CFTOKEN=69937197 This paper argues the inadequacy of currently used asymmetric cryptography in the face of robustly effective quantum computing. Recognizing the need for alternatives, particularly for systems with continuous security requirements, such as aviation and automobiles, the authors propose lattice-based cryptography as a sustainable solution. The authors present this solution as an implementation of BLISS, a post-quantum secure signature scheme, which this paper shows significantly improves signing and verification. Keywords: (not provided)
  • Ana Nieto, Javier Lopez, “A Model for the Analysis of QoS and Security Tradeoff in Mobile Platforms,” Mobile Networks and Applications, Volume 19 Issue 1, February 2014, (Pages 64-78). (ID#:14-1635) Available at: http://dl.acm.org/citation.cfm?id=2582353.2582359&coll=DL&dl=GUIDE&CFID=376909966&CFTOKEN=69937197 This paper addresses the popular, widespread use of mobile devices, and the conflicting security and quality of service (QoS) requirements which accompany mobile platform usage. The authors of this paper propose a Parametric Relationship Model (PRM), to determine Security and QoS correlation. Increased usability, security, and efficiency for mobile platforms are considered in terms of the Future Internet.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.