 |
International Conferences: AINA 2015 Korea |
The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA) and the Advanced Information Networking and Applications Workshop (WAINA) were held in Gwangju, Korea from March 25 to March 27, 2015. AINA addresses advanced networking and the explosive growth in the areas of pervasive and mobile applications, multimedia computing and social networking, semantic collaborative systems, Grid, P2P, and Cloud Computing. The works cited here are deemed relevant to the Science of Security.
Chen Yang; Bo Qin; Xiuwen Zhou; Yang Sun; Shuangyu He; Qianhong Wu, “Privacy-Preserving Traffic Monitoring in Vehicular Ad Hoc Networks,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 22–24, 24–27 March 2015. doi:10.1109/WAINA.2015.31
Abstract: Most modern metropolitan cities have suffered from increasing traffic accidents and jams. Vehicular ad hoc network (VANET), consisting of information collecting, processing and transmitting units embedded in vehicles assisted by roadside infrastructures, has been proposed as one the most promising solution to problems introduced by the increasing number of vehicles in modern cities. To achieve the goal, it is crucial to allow the transportation administration center to collect information about the traffic and road status through VANET. A major obstacle in this scenario is the privacy concern on the vehicles. To address this issue, this paper proposes a generic privacy-preserving traffic monitoring framework which allows individual vehicle driving status and the road usage information are collected while the privacy of the vehicles is well preserved. This goal is achieved by the novel technology of distinguishing individual vehicles with their spatio-temporal occupations. The continual change of spatio-temporal identities provides privacy for vehicles in a natural way, which remains nonetheless traceable by a trusted authority to prevent misbehaving vehicles from abuse the privacy-preserving mechanism provided by the system.
Keywords: telecommunication traffic; vehicular ad hoc networks; individual vehicle driving status; information collection; privacy-preserving traffic monitoring; road usage information; roadside infrastructure; spatio-temporal identity; transportation adminstration center; vehicle privacy; vehicular ad hoc network; Monitoring; Privacy; Protocols; Roads; Security; Vehicles; Vehicular ad hoc networks; VANET; traffic monitoring (ID#: 15-6750)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096141&isnumber=7096097
Hernandez Ramos, J.L.; Bernal Bernabe, J.; Skarmeta, A.F., “Managing Context Information for Adaptive Security in IoT Environments,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 676–681, 24–27 March 2015. doi:10.1109/WAINA.2015.55
Abstract: Pervasive computing is becoming a reality due to the rise of the so-called Internet of Things (IoT). In this paradigm, everyday and physical objects are being equipped with capabilities to detect and communicate information they receive from their environment, turning them into smart objects. However, such entities are usually deployed on environments with changing and dynamic conditions, which can be used by them to modify their operation or behavior. Under the foundations of EU FP7 SocIoTal project, this work provides an overview about how contextual information can be taken into account by smart objects when making security decisions, by considering such information as a first-class component, in order to realize the so-called context-aware security on IoT scenarios.
Keywords: Internet of Things; decision making; security of data; EU FP7 SocIoTal project; IoT environments; adaptive security; context information management; context-aware security; pervasive computing; security decision making; smart objects; Access control; Context; Context modeling; Privacy; Protocols; Smart phones; Adaptive Security; Pervasive Computing (ID#: 15-6751)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096255&isnumber=7096097
Bruce, Ndibanje.; HyunHo Kim; Young-Jin Kang; Young-Sil Lee; Hoon Jae Lee, “On Modeling Protocol-Based Clustering Tag in RFID Systems with Formal Security Analysis,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 498–505, 24–27 March 2015. doi:10.1109/AINA.2015.227
Abstract: This paper presents an efficiency and adaptive cryptographic protocol to ensure users’ privacy and data integrity in RFID system. Radio Frequency Identification technology offers more intelligent systems and applications, but privacy and security issues have to be addressed before and after its adoption. The design of the proposed model is based on clustering configuration of the involved tags where they interchange the data with the reader whenever it sends a request. This scheme provides a strong mutual authentication framework that suits for real heterogeneous RFID applications such as in supply-chain management systems, healthcare monitoring and industrial environment. In addition, we contribute with a mathematical analysis to the delay analysis and optimization in a clustering topology tag-based. Finally, a formal security and proof analysis is demonstrated to prove the effectiveness of the proposed protocol and that achieves security and privacy.
Keywords: cryptographic protocols; mathematical analysis; radiofrequency identification; supply chain management; telecommunication security; RFID systems; cryptographic protocol; delay analysis; healthcare monitoring and industrial environment; intelligent systems; protocol-based clustering tag; radio frequency identification; security analysis; supply-chain management systems; Authentication; Delays; Indexes; Protocols; Radiofrequency identification; Servers; RFID; authentication; cryptography protocol; privacy; security (ID#: 15-6752)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098012&isnumber=7097928
Yamaguchi, H.; Gotaishi, M.; Sheu, P.C.-Y.; Tsujii, S., “Privacy Preserving Data Processing,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 714–719, 24–27 March 2015. doi:10.1109/AINA.2015.258
Abstract: A data processing functions are expected as a key-issue of knowledge-intensive service functions in the Cloud computing environment. Cloud computing is a technology that evolved from technologies of the field of virtual machine and distributed computing. However, these unique technologies brings unique privacy and security problems concerns for customers and service providers due to involvement of expertise (such as knowledge, experience, idea, etc.) in data to be processed. We propose the cryptographic protocols preserving the privacy of users and confidentiality of the problem solving servers.
Keywords: cloud computing; cryptographic protocols; data privacy; virtual machines; cloud computing environment; data processing functions; distributed computing; knowledge-intensive service functions; privacy preserving data processing; problem solving server confidentiality; virtual machine; Data processing; Indexes; Information retrieval; Security; Servers; Web services; Cloud Computing; Cryptographic Protocol; Privacy (ID#: 15-6753)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098043&isnumber=7097928
Bui, T.V.; Nguyen, T.D.; Sonehara, N.; Echizen, I., “Efficient Authentication, Traitor Detection, and Privacy-Preserving for the Most Common Queries in Two-Tiered Wireless Sensor Networks,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 365–372, 24–27 March 2015. doi:10.1109/AINA.2015.208
Abstract: Wireless Sensor Networks (WSNs) are being used more and more and are becoming a key technology in applications ranging from military ones to ones used in daily life. There are basic architectures: one comprising sensors and a server and one comprising sensors, a server, and storage nodes between them (“two-tiered architecture”). We investigate this second type as it has many advantages in terms of energy usage, computation, and data transmission. Although two-tiered wireless sensor networks have many advantages, security is a critical due to three main problems. First, sensors located in hostile areas can be surreptitiously replaced with fake ones that send bogus data. Second, an attacker could install new sensors with valid authentication keys that send bogus data to storage nodes and deceive the server. Third, a storage nodes could be compromised and reveal data received from sensors. Therefore, the server must authenticate sensors before accepting data from them, detect whether a key was intercepted and identify which one, and handle the most common queries while preserving the privacy of data received from storage nodes. We have developed a novel solution using Non-Adaptive Group Testing that enables a server to perform these tasks efficiently and effectively. This solution is secure with high probability against an attack that tries to guess sensor data and thus protects data confidentiality.
Keywords: data privacy; message authentication; probability; telecommunication security; wireless sensor networks; WSN; attacker; authentication keys; common queries; data confidentiality; data privacy; data transmission; energy usage; non-adaptive group testing; sensor data; storage nodes; two-tiered architecture; two-tiered wireless sensor networks; Authentication; Concatenated codes; Decoding; Reed-Solomon codes; Servers; Testing; Wireless sensor networks; Common Query; Group Testing; List Decoding; Privacy-preserving; Wireless Sensor Network (ID#: 15-6754)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097993&isnumber=7097928
Miguel, J.; Caballe, S.; Xhafa, F.; Snasel, V., “A Data Visualization Approach for Trustworthiness in Social Networks for On-line Learning,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 490–497, 24–27 March 2015. doi:10.1109/AINA.2015.226
Abstract: Up to now, the problem of ensuring collaborative activities in e-Learning against dishonest students’ behaviour has been mainly tackled with technological security solutions. Over the last years, technological security solutions have evolved from isolated security approaches based on specific properties, such as privacy, to holistic models based on technological security comprehensive solutions, such as public key infrastructures, biometric models and multidisciplinary approaches from different research areas. Current technological security solutions are feasible in many e-Learning scenarios but on-line assessment involves certain requirements that usually bear specific security challenges related to e-Learning design. In this context, even the most advanced and comprehensive technological security solutions cannot cope with the whole scope of e-Learning vulnerabilities. To overcome these deficiencies, our previous research aimed at incorporating information security properties and services into on-line collaborative e-Learning by a functional approach based on trustworthiness assessment and prediction. In this paper, we present a peer-to-peer on-line assessment approach carried out in a real on-line course developed in our real e-Learning context of the Open University of Catalonia. The design presented in this paper is conducted by our trustworthiness security methodology with the aim of building peer-to-peer collaborative activities, which enhances security e-Learning requirements. Eventually, peer-to-peer visualizations methods are proposed to manage security e-Learning events, as well as on-line visualization through peer-to-peer tools, intended to analyse collaborative relationship.
Keywords: computer aided instruction; data visualisation; social networking (online); trusted computing; Open University of Catalonia; biometric models; data visualization approach; e-learning; holistic models; information security properties; information security services; multidisciplinary approaches; online learning; peer-to-peer collaborative activities; peer-to-peer on-line assessment; public key infrastructures; social networks; student behaviour; technological security; technological security comprehensive solutions; trustworthiness assessment; trustworthiness security methodology; Collaboration; Context; Electronic learning; Peer-to-peer computing; Security; Social network services; Visualization; Information security; computer-supported collaborative learning; on-line assessment; peer-to-peer analysis; trustworthiness (ID#: 15-6755)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098011&isnumber=7097928
Ssembatya, R.; Kayem, A.V.D.M., “Secure and Efficient Mobile Personal Health Data Sharing in Resource Constrained Environments,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 411–416, 24–27 March 2015. doi:10.1109/WAINA.2015.113
Abstract: Although personal health record (PHR) systems are widely used in the developed world, little has been done to explore the utility of these PHR systems in the developing world. One of the key reasons behind this is the fact that a lot of areas in the developing world suffer from technological impediments that are a result of poor infrastructure, low literacy, intermittent power connectivity, and unstable bandwidth connectivity. In technological resource constrained environments such as these, deploying standard PHR systems is challenging and so it makes sense to redesign these systems to cope with the environmental limitations in order to offer users a usable and reliable platform. Furthermore, healthcare data is inherently privacy and security sensitive so, in re-designing the PHR system the security and privacy requirements need also be taken into consideration. The idea in this case, is to opt for security mechanisms that offer the same levels of security as is the case in the standard PHR systems that are used in the developed world, but that are also lightweight in terms of performance and storage overhead. In this paper, based on the observation that mobile phone use is widely proliferated in developing countries, we propose an access control framework supported by identity-based encryption for a secure Mobile-PHR system. Results from our prototype evaluation (laboratory and field studies) indicate that the proposed IBE scheme effectively secures PHRs beyond the healthcare provider’s security domain and is efficient performance-wise.
Keywords: access control; biomedical communication; cryptography; health care; mobile handsets; personal communication networks; telecommunication network reliability; IBE scheme; access control framework; healthcare providers security domain; identity-based encryption; intermittent power connectivity; mobile PHR system security; mobile personal health data sharing security efficiency; mobile phone; performance-wise efficiency; personal health record systems; privacy sensitivity; reliability systems; resource constrained environments; security sensitivity mechanism; storage overhead; technological impediments; unstable bandwidth connectivity; usability systems; Cryptography; Hospitals; Mobile communication; Mobile handsets; Servers; Identity-Based Encryption; Mobile; Personal Health Records; Resource Constrained Computing; Usable Security (ID#: 15-6756)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096210&isnumber=7096097
Ahmad, M.; Pervez, Z.; Byeong Ho Kang; Sungyoung Lee, “O-Bin: Oblivious Binning for Encrypted Data over Cloud,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 352–357,
24–27 March 2015. doi:10.1109/AINA.2015.206
Abstract: In recent years, the data growth rate has been observed growing at a staggering rate. Considering data search as a primitive operation and to optimize this process on large volume of data, various solution have been evolved over a period of time. Other than finding the precise similarity, these algorithms aim to find the approximate similarities and arrange them into bins. Locality sensitive hashing (LSH) is one such algorithm that discovers probable similarities prior calculating the exact similarity thus enhance the overall search process in high dimensional search space. Realizing same strategy for encrypted data and that too in public cloud introduces few challenges to be resolved before probable similarity discovery. To address these issues and to formalize a similar strategy like LSH, in this paper we have formalized a technique O-Bin that is designed to work over encrypted data in cloud. By exploiting existing cryptographic primitives, O-Bin preserves the data privacy during the similarity discovery for the binning process. Our experimental evaluation for O-Bin produces results similar to LSH for encrypted data.
Keywords: cloud computing; cryptography; data privacy; information retrieval; LSH; O-Bin; approximate similarities; cryptographic primitives; data growth rate; data search; encrypted data; high dimensional search space; locality sensitive hashing; oblivious binning process; probable similarity discovery; public cloud; search process; Cloud computing; Data privacy; Encryption; Outsourcing; Servers; Binning; Cloud; Security and Privacy; Similarity discovery (ID#: 15-6757)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097991&isnumber=7097928
Peng Chen; Jun Ye; Xiaofeng Chen, “A New Efficient Request-Based Comparable Encryption Scheme,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on , vol., no., pp. 436–439, 24–27 March 2015. doi:10.1109/WAINA.2015.10
Abstract: Privacy-preserving comparisons over encrypted database is a hot topic in the current academic research. Recently, Furukawa [7] introduced a new primitive called request-based comparable encryption (comparable encryption for short) to achieve this target. However, one disadvantage of comparable encryption is that huge of the token and cipher text are required in the scheme and thus the computation and storage overload is heavy. In this paper, we propose an improved comparable encryption scheme by using the sliding window method, which is more efficient in the computation and storage workload than Furukawa’s scheme. Besides, the proposed scheme allows the users to obtain a variable trade-off between security and efficiency through adaptively setting the window size.
Keywords: cryptography; user interfaces; Furukawa scheme; ciphertext; computation and storage workload; database encryption; privacy-preserving comparisons; request-based comparable encryption scheme efficiency; sliding window method; window size; Computational efficiency; Conferences; Databases; Electronic mail; Encryption; comparable encryption; efficiency; security; sliding window (ID#: 15-6758)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096214&isnumber=7096097
Iso, Y.; Saito, T., “A Proposal and Implementation of an ID Federation that Conceals a Web Service from an Authentication Server,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 347–351, 24–27 March 2015. doi:10.1109/AINA.2015.205
Abstract: Recently, it is becoming more common for a website to authenticate its users with an external identity provider by using Open ID Authentication or Security Assertion Markup Language. However, such authentication schemes tell the identity provider where the user is going. Consequently, for instance, an identity provider can track its users and refuse access to services offered by competitors. In this paper, we propose an authentication method whereby an identity provider cannot track users.
Keywords: Web services; XML; authorisation; ID Federation; OpenID authentication; Web service; authentication method; authentication server; identity provider; security assertion markup language; Authentication; Browsers; Cryptography; Privacy; Servers; Uniform resource locators; Federated identity; OpenID; Single Sign-On (ID#: 15-6759)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7097990&isnumber=7097928
Tao Li; Hao Yang; Yilei Wang; Qiuliang Xu, “The Electronic Voting in the Presence of Rational Voters,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 293–296, 24–27 March 2015. doi:10.1109/WAINA.2015.15
Abstract: The most distinct character of electronic voting is that voters need not to vote at a certain ballot box. With the development of Internet, electronic voting is becoming an important field in electronic commerce. The basic security requirements for electronic voting are anonymity of the voters, privacy and fairness of the votes. In fact, electronic voting can be regarded as a multi-party computation, where distributed parties wish to securely compute the votes in electronic voting systems. In this paper, we redefined the types of parties in electronic voting by using definitions in rational multi-party computation. More specifically, voters are regarded as rational other than honest or malicious, where voting is considered as a social choice. Rational voters care about their utilities when they decide to vote. We first present a rational secret sharing scheme (RSSS) and then construct an electronic voting protocol based on this RSSS.
Keywords: game theory; government data processing; security of data; RSSS; electronic voting protocol; rational secret sharing scheme; rational voters; social choice; Cryptography; Electronic voting; Electronic voting systems; Game theory; Privacy; Protocols; Nash equilibrium; Rational secret sharing; Utility (ID#: 15-6760)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096190&isnumber=7096097
Sakpere, A.B.; Kayem, A.V.D.M.; Ndlovu, T., “A Usable and Secure Crime Reporting System for Technology Resource Constrained Context,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 424–429, 24–27 March 2015. doi:10.1109/WAINA.2015.97
Abstract: Crime in technology resource constrained environments has been shown to adversely affect economic growth by deterring investment and triggering emigration. To address this secure reporting channels are being investigated to encouraging anonymous crime reporting. In this paper, we present a system (Cry Help App) developed to enable residents of a university community situated in technology resource constrained environment to facilitate secure and covert crime reporting. We focus primarily on the usability of the application. The system was developed on the basis of user centric iterative approach. Deployment and evaluation results of our prototype system demonstrate that overall the system scored a 77.06% usability rating with a standard deviation of 0.05 for contributing scores on System Use, Information Quality and Interface Quality. This is indicative of the fact that users found the system to be very usable.
Keywords: police data processing; security of data; Cry Help App; covert crime reporting; information quality; interface quality; secure crime reporting system; technology resource constrained environment; university community; usable crime reporting system; user centric iterative approach; Androids; Humanoid robots; Mobile communication; Mobile handsets; Privacy; Prototypes; Standards (ID#: 15-6761)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096212&isnumber=7096097
Carnielli, A.; Aiash, M., “Will ToR Achieve Its Goals in the ‘Future Internet’? An Empirical Study of Using ToR with Cloud Computing,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 135–140, 24–27 March 2015. doi:10.1109/WAINA.2015.78
Abstract: With the wide development and deployment of mobile devices and gadgets, a larger number of users go online in so many aspects of their daily lives. The challenge is to enjoy the conveniences of online activities while limiting privacy scarifies. In response to the increasing number of online-hacking scandals, mechanisms for protecting users privacy continue to evolve. An example of such mechanisms is the Onion Router (ToR), a free software for enabling online anonymity and resisting censorship. Despite the fact that ToR is a dominant anonymizer in the current Internet, the emergence of new communication and inter-networking trends such as Cloud Computing, Software Defined Networks and Information Centric Networks places a question mark whether ToR will fulfil its promises with these trend of the “Future Internet”. This paper aims at answering the question by implementing ToR on a number of Cloud platforms and discussing the security properties of ToR.
Keywords: cloud computing; data protection; security of data; Internet; ToR; communication trends; dominant anonymizer; information centric networks; internetworking trends; mobile devices; mobile gadgets; online activities; online anonymity; online-hacking scandals; security properties; software defined networks; the onion router; user privacy protection; Cloud computing; IP networks; Public key; Relays; Servers; (ID#: 15-6762)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096160&isnumber=7096097
Kaneko, Y.; Saito, T.; Kikuchi, H., “Cryptographic Operation Load-Balancing between Cryptographic Module and CPU,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 698–705,
24–27 March 2015. doi:10.1109/AINA.2015.256
Abstract: Mobile devices such as smartphones and tables have permeated into our daily lives and are now often indispensable because of the constant Internet access they provide. Furthermore, with ever increasing concerns regarding privacy and security, it has become popular to utilize cryptographic operations when accessing Web application servers from such devices. However, since such operations cause high loading on the central processing units (CPUs) of personal computers (PCs) or servers, mobile device CPUs now often come equipped with hardware cryptographic modules. These cryptographic modules are frequently utilized by many mobile device applications via a process known as offloading. However, when all cryptographic operations can be offloaded to cryptographic modules, device CPUs may become idle, which is an ineffective use of total computing resources. In this paper, we propose the simultaneous balanced offloading of cryptographic operations to the cryptographic module of an AM3358 processor and CPU via load-balancing and then evaluate the performance of our implementation. We evaluated our proposed system and concluded that while it is capable of working effectively, in most cases files smaller than approximately 1000 bytes can be executed faster via the CPU alone, whereas when files are larger than 1000 bytes, the proposed system is faster. In the case of encrypting or decrypting a 7 Kbyte file, our proposed system is twice as fast as ‘CPU only’ operation.
Keywords: Internet; cryptography; microcomputers; resource allocation; smart phones; AM3358 processor; CPU; PC privacy; Web application servers; central processing units; constant Internet access; cryptographic operation load balancing; decryption process; encryption process; hardware cryptographic module; mobile device security; personal computer; Arrays; Central Processing Unit; Encryption; Engines; Linux; Mobile handsets; cryptographic module; offloading (ID#: 15-6763)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098041&isnumber=7097928
Hyunsu Jang; Jaehoon Jeong; Hyoungshick Kim; Jung-Soo Park, “A Survey on Interfaces to Network Security Functions in Network Virtualization,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 160–163, 24–27 March 2015. doi:10.1109/WAINA.2015.103
Abstract: Network Functions Virtualization (NFV) opens new opportunities and challenges for security community. Unlike existing physical network infrastructure, in a virtualized network platform, security services can be dynamically deployed and maintained to cope with the threat of sophisticated network attacks that are increasing over time. This paper surveys the activity that many security vendors and Internet service providers are trying to define common interfaces for NFV-based security services through the analysis of use cases and related technologies. This activity is currently lead by Internet Engineering Task Force (IETF) that is an international Internet standardization organization.
Keywords: Internet; security of data; user interfaces; virtualisation; IETF; Internet Engineering Task Force; Internet service providers; NFV; common interfaces; international Internet standardization organization; network attacks; network functions virtualization; security community; security services; security vendors; Communication networks; Hardware; Mobile computing; Security; Software; Standards; Virtualization; Interfaces; Network Security Functions; Network Virtualization (ID#: 15-6764)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096165&isnumber=7096097
Bernardo, D.V.; Bee Bee Chua, “Introduction and Analysis of SDN and NFV Security Architecture (SN-SECA),” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 796–801, 24–27 March 2015. doi:10.1109/AINA.2015.270
Abstract: There have been a few literature published about the security risks expected on the implementations of SDN and NFV (SN), however, no formal Security Architecture with practical attributes was proposed until recently. The first of its kind SN-Security Architecture (SN-SECA) was presented as an IETF draft. This draft presents the architecture with specific ascription to ensure effective security evaluation and integration on the SDN/NVF designs and implementations. This paper briefly introduces the proposed architecture and employs methods to analyze and verify its underlying security attributes. A unified method to review SN-SECA through symbolic analysis previews traffic process flow behavior across an infrastructure with SDN and NFV frameworks. The result of this work highlights the fundamental but important role of each attribute and its flow, and overall viability of the proposed architecture for SDN and NFV that protractedly useful to security practitioners.
Keywords: computer network security; software defined networking; virtualisation; IETF draft; SDN and NFV security architecture; network function virtualization; software defined networking; traffic process flow behavior; Computer architecture; Industries; Protocols; Security; Semantics; Software; Technological innovation; NFV; OpenFlow; SDN; SN-SECA; Security Architecture; rewrite; symbolic analysis (ID#: 15-6765)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098055&isnumber=7097928
Flauzac, O.; Gonzalez, C.; Hachani, A.; Nolot, F., “SDN Based Architecture for IoT and Improvement of the Security,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 688–693, 24–27 March 2015. doi:10.1109/WAINA.2015.110
Abstract: With the exponential growth of devices connected to the Internet, security networks as one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In this article, we first present a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. A single domain includes wired network, wireless network and Ad-Hoc networks. Next, we propose a second architecture to include sensor networks in an SDN-based network and in a domain. Third, we interconnect multiple domains and we describe how we can enhanced the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we propose a new secure and distributed architecture for IoT (Internet of Things).
Keywords: Internet; Internet of Things; ad hoc networks; computer network security; software defined networking; IoT; SDN; ad-hoc network; exponential growth; heterogeneous network; multiple domain; networking paradigm; security network; sensor network; software defined networking; wired network; wireless network; Ad hoc networks; Computer architecture; Security; Software; Switches; Internet of Things (IoT) (ID#: 15-6766)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096257&isnumber=7096097
Inaba, T.; Elmazi, D.; Yi Liu; Sakamoto, S.; Barolli, L.; Uchida, K., “Integrating Wireless Cellular and Ad-Hoc Networks Using Fuzzy Logic Considering Node Mobility and Security,” in Advanced Information Networking and Applications Workshops (WAINA), 2015 IEEE 29th International Conference on, vol., no., pp. 54–60, 24–27 March 2015. doi:10.1109/WAINA.2015.116
Abstract: Several solutions have been proposed for improving the Quality of Service (QoS) in wireless cellular networks, such as Call Admission Control (CAC) and handover strategies. However, none of them considers the usage of different interfaces for different conditions. In this work, we propose a Fuzzy-Based Multi-Interface System (FBMIS), where each node is equipped with two interfaces: the traditional cellular network interface and Mobile Ad hoc Networks (MANET) interface. The proposed FBMIS system is able to switch from cellular to ad-hoc mode and vice versa. We consider four input parameters: Distance Between Nodes (DBN), Node Mobility (NM), Angle between Node and Base station (ANB), and User Request Security (URS). We evaluated the performance of the proposed system by computer simulations using MATLAB. The simulation results show that our system has a good performance.
Keywords: cellular radio; fuzzy logic; mobile ad hoc networks; mobility management (mobile radio); quality of service; telecommunication congestion control; telecommunication security; ANB; CAC; DBN; FBMIS system; MANET; Matlab; NM; QoS; URS; angle between node and base station; call admission control; cellular network interface; distance between node; fuzzy-based multiinterface system; handover strategy; mobile ad hoc network; node mobility; user request security; wireless cellular network integration; Conferences; Fuzzy logic; Optical wavelength conversion; Security; Ad-Hoc Networks; Cellular Networks; Fuzzy Logic; Intelligent Systems; QoS (ID#: 15-6769)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7096147&isnumber=7096097
Heurtefeux, K.; Erdene-Ochir, O.; Mohsin, N.; Menouar, H., “Enhancing RPL Resilience Against Routing Layer Insider Attacks,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 802–807, 24–27 March 2015. doi:10.1109/AINA.2015.271
Abstract: To gather and transmit data, low cost wireless devices are often deployed in open, unattended and possibly hostile environment, making them particularly vulnerable to physical attacks. Resilience is needed to mitigate such inherent vulnerabilities and risks related to security and reliability. In this paper, Routing Protocol for Low-Power and Lossy Networks (RPL) is studied in presence of packet dropping malicious compromised nodes. Random behavior and data replication have been introduced to RPL to enhance its resilience against such insider attacks. The classical RPL and its resilient variants have been analyzed through Cooja simulations and hardware emulation. Resilient techniques introduced to RPL have enhanced significantly the resilience against attacks providing route diversification to exploit the redundant topology created by wireless communications. In particular, the proposed resilient RPL exhibits better performance in terms of delivery ratio (up to 40%), fairness and connectivity while staying energy efficient.
Keywords: computer network security; radio networks; risk analysis; routing protocols; Cooja simulations; RPL resilience enhancement; data gathering; data replication; data transmission; hardware emulation; hostile environment; insider attacks; low cost wireless devices; low-power and lossy networks; packet dropping malicious compromised nodes; physical attacks; random behavior; redundant topology; risks mitigation; route diversification; routing layer insider attacks; routing protocol; wireless communications; Energy consumption; Resilience; Routing; Routing protocols; Security; Wireless sensor networks; RPL; Wireless Network (ID#: 15-6770)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098056&isnumber=7097928
Hyeryun Lee; Kyunghee Choi; Kihyun Chung; Jaein Kim; Kangbin Yim, “Fuzzing CAN Packets into Automobiles,” in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, vol., no., pp. 817–821, 24–27 March 2015. doi:10.1109/AINA.2015.274
Abstract: There have been many warnings that automobiles are vulnerable to the attacks through the network, CAN which connects the ECUs (Electrical Control Units) embedded in the automobiles. Some previous studies showed that the warnings were actual treats. They analyzed the packets flowing on the network and used the packets constructed based on the analysis. We show that it is possible to attack automobiles without any in-depth knowledge about automobiles and specially designed tools to analyze the packets. Experiments are performed in two phases. In the first phase, the victims automobiles are attacked with the packets constructed with the CAN IDs gathered from the sniffed packets flowing in the automobiles. It is not a problem at all to gather CAN IDs since CAN is an open simple standard protocol and there are many tools to sniff CAN packets in the Internet. In the second phase, the attack packets are constructed in a completely random manner without any previous information such as CAN IDs. The packets are injected into the network via Bluetooth, a wireless channel. Through the experiments, we show the network vulnerability of automobiles.
Keywords: Internet; automobiles; automotive electronics; computer network security; controller area networks; Bluetooth; CAN ID; ECU; electrical control units; fuzzing CAN packets; network vulnerability; sniff CAN packets; sniffed packets; wireless channel; Automobiles; Bluetooth; Monitoring; Ports (Computers); Security; Wireless communication; Automobile; CAN; Cyber attack; Fuzzing (ID#: 15-6771)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7098059&isnumber=7097928
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.