 |
Sybil Attacks 2015 |
A Sybil attack occurs when a node in a network claims multiple identities. The attacker may subvert the entire reputation system of the network by creating a large number of false identities and using them to gain influence. For the Science of Security community, these attacks are relevant to resilience, metrics, and composability. The research cited here was presented in 2015.
K. Rabieh, M. M. E. A. Mahmoud, T. N. Guo and M. Younis, “Cross-Layer Scheme for Detecting Large-Scale Colluding Sybil Attack in VANETs,” 2015 IEEE International Conference on Communications (ICC), London, 2015, pp. 7298-7303. doi: 10.1109/ICC.2015.7249492
Abstract: In Vehicular Ad Hoc Networks (VANETs), the roadside units (RSUs) need to know the number of vehicles in their vicinity to be used in traffic management. However, an attacker may launch a Sybil attack by pretending to be multiple simultaneous vehicles. This attack is severe when a vehicle colludes with others to use valid credentials to authenticate the Sybil vehicles. If RSUs are unable to identify such an attack, they will report wrong number of vehicles to the traffic management center, which may result in disseminating wrong traffic instructions to vehicles. In this paper, we propose a cross-layer scheme to enable the RSUs to identify such Sybil vehicles. Since Sybil vehicles do not exist in their claimed locations, our scheme is based on verifying the vehicles' locations. A challenge packet is sent the vehicle's claimed location using directional antenna to detect the presence of a vehicle. If the vehicle is at the expected location, it should be able to receive the challenge and send back a valid response packet. In order to reduce the overhead and instead of sending challenge packets to all the vehicles all the time, packets are sent only when there is a suspicion of Sybil attack. We also discuss several Sybil attack alarming techniques. The evaluation results demonstrate that our scheme can achieve high detection rate with low probability of false alarm. Additionally, the scheme requires acceptable communication and computation overhead.
Keywords: antenna radiation patterns; directive antennas; probability; road safety; road traffic; vehicular ad hoc networks; Sybil attack alarming technique; VANET; cross-layer scheme; directional antenna; false alarm probability; large-scale colluding Sybil attack detection; road side unit; traffic management; vehicular ad hoc network; Accidents; Directional antennas; Information systems; Public key; Roads; Vehicles; Location verification; Sybil attack; cross layer scheme; false location reporting attack (ID#: 16-10105)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249492&isnumber=7248285
M. Mulla and S. Sambare, “Efficient Analysis of Lightweight Sybil Attack Detection Scheme in Mobile Ad Hoc Networks,” Pervasive Computing (ICPC), 2015 International Conference on, Pune, 2015, pp. 1-6. doi: 10.1109/PERVASIVE.2015.7086988
Abstract: Mobile Ad hoc Networks (MANETs) are vulnerable to different kinds of attacks like Sybil attack. In this paper we are aiming to present practical evaluation of efficient method for detecting lightweight Sybil Attack. In Sybil attack, network attacker disturbs the accuracy count by increasing its trust and decreasing others or takes off the identity of few mobile nodes in MANET. This kind of attack results into major information loss and hence misinterpretation in the network, it also minimizes the trustworthiness among mobile nodes, data routing disturbing with aim of dropping them in network etc. There are many methods previously presented by different researchers with aim of mitigating such attacks from MANET with their own advantage and disadvantages. In this research paper, we are introducing the study of efficient method of detecting the lightweight Sybil attack with aim of identifying the new identities of Sybil attackers and without using any additional resources such as trusted third party or any other hardware. The method which we are investigating in this paper is based on use of RSS (Received Signal Strength) to detect Sybil attacker. This method uses the RSS in order to differentiate between the legitimate and Sybil identities. The practical analysis of this work is done using Network Simulator (NS2) by measuring throughput, end to end delay, and packet delivery ratio under different network conditions.
Keywords: mobile ad hoc networks; MANET; RSS; lightweight Sybil attack detection scheme; major information loss; network simulator; received signal strength; trustworthiness; Delays; Hardware; Mobile ad hoc networks; Mobile computing; Security; Throughput; DCA: Distributed Certificate authority; Mobile Ad hoc Network; Packet Delivery Ratio; Received Signal Strength; Sybil Attack; Threshold; UB: Upper bound (ID#: 16-10106)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7086988&isnumber=7086957
M. AlRubaian, M. Al-Qurishi, S. M. M. Rahman and A. Alamri, “A Novel Prevention Mechanism for Sybil Attack in Online Social Network,” Web Applications and Networking (WSWAN), 2015 2nd World Symposium on, Sousse, 2015, pp. 1-6. doi: 10.1109/WSWAN.2015.7210347
Abstract: In Online Social Network (OSN) one of the major attacks is Sybil attack, in which an attacker subverts the system by creating a large number of pseudonymous identities (i.e. fake user accounts) and using them to establish as many as possible of friendships with honest users to have disproportionately large influence in the network. Finally, the Sybil accounts led to many malicious activities in the online social network. To detect these kinds of fake accounts in online social network is a big challenge. In this paper, we propose a prevention mechanism for Sybil attack in OSN based on pairing and identity-based cryptography. During the formation of a group when any user wants to join the group, a user needs to pass a trapdoor which is built based on pairing-based cryptography and consists of a challenge and response mechanism (process). Only the authenticated users can pass the trapdoor and the fake users cannot pass the process, therefore, exclusively the genuine users can join a group. Thus, the Sybil nodes would not be able to join the group and the Sybil attack would be prevented in the OSN.
Keywords: cryptography; data analysis; social networking (online); OSN; Sybil attack; identity-based cryptography; online social network; pairing cryptography; prevention mechanism; Authentication; Computers; Cryptography; Peer-to-peer computing; Protocols; Social network services; Online Social Network (OSN); Pairing-based cryptography; Sybil Attack (ID#: 16-10107)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7210347&isnumber=7209078
M. K. Saggi and R. Kaur, “Isolation of Sybil Attack in VANET Using Neighboring Information,” Advance Computing Conference (IACC), 2015 IEEE International, Banglore, 2015, pp. 46-51. doi: 10.1109/IADCC.2015.7154666
Abstract: The advancement of wireless communication leads researchers to conceive and develop the idea of vehicular networks, also known as vehicular ad hoc networks (VANETs). In Sybil attack, the WSN is destabilized by a malicious node which create an innumerable fraudulent identities in favor of disrupting networks protocols. In this paper, a novel technique has been proposed to detect and isolate Sybil attack on vehicles resulting in proficiency of network. It will work in two-phases. In first phase RSU registers the nodes by identifying their credentials offered by them. If they are successfully verified, second phase starts & it allots identification to vehicles thus, RSU gathers information from neighboring nodes & define threshold speed limit to them & verify the threshold value is exceed the defined limit of speed. A multiple identity generated by Sybil attack is very harmful for the network & can be misused to flood the wrong information over network. Simulation results show that proposed detection technique increases the possibilities of detection and reduces the percentage of Sybil attack.
Keywords: computer network security; vehicular ad hoc networks; RSU; Sybil attack; VANET; credentials; fraudulent identities; malicious node; neighboring nodes; networks protocols disruption; threshold speed limit; threshold value; Mobile nodes; Monitoring; Protocols; Roads; Routing; Vehicles; Vehicular ad hoc networks; Collision; MANET; Malicious node; Sybil Attack; V2V communication (ID#: 16-10108)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7154666&isnumber=7154658
S. J. Samuel and B. Dhivya, “An Efficient Technique to Detect and Prevent Sybil Attacks in Social Network Applications,” Electrical, Computer and Communication Technologies (ICECCT), 2015 IEEE International Conference on, Coimbatore, 2015, pp. 1-3. doi: 10.1109/ICECCT.2015.7226059
Abstract: Sybil attack is an attack where malicious users obtain multiple fake identities and access the system from multiple different modes. It is an attack wherein a reputation system is destroyed by falsifying identities in peer to peer networks. Communication between the users of networks only requires the users to be part of the same network. All kinds of distributed systems are capable of being wounded to Sybil attacks. An attacker can easily create a number of duplicate identities (called as Sybil) to impure the system with fake information and affect the exact performance of the system. In this paper, we propose an algorithm to improve the efficiency of blocking a Sybil attack by combining neighborhood similarity method and improved Knowledge Discovery tree based algorithm. This algorithm is proposed to block Sybil attacks in social websites like Facebook, Twitter.
Keywords: data mining; peer-to-peer computing; security of data; social networking (online); trusted computing; Facebook; P2P network; Sybil attack prevention; Sybil trust detection; Twitter; distributed system; knowledge discovery tree based algorithm; neighborhood similarity method; peer to peer network; social network application; Peer-to-peer computing; P2P Security; Security with Trusted Relationship; Social Network Security; Sybil attack (ID#: 16-10109)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7226059&isnumber=7225915
P. Li and R. Lu, “A Sybil Attack Detection Scheme for Privacy-Preserving Mobile Social Networks,” 2015 10th International Conference on Information, Communications and Signal Processing (ICICS), Singapore, 2015, pp. 1-5. doi: 10.1109/ICICS.2015.7459922
Abstract: With the pervasiveness of smart phones, mobile social networking (MSN) has received extensive attention in recent years. However, while providing many opportunities to mobile users, MSN also poses new security challenges, and Sybil attack is one of such challenges, in which a malicious user can interact with other mobile users multiple times by creating fake identities and misleading them into making decisions that benefit the malicious user himself. In this paper, we consider a privacy-preserving MSN and propose a Sybil attack detection scheme, called SADS, to effectively prevent sybil attack and allow all mobile users to detect malicious users while the user's privacy is still preserved in MSN. Specifically, based on Paillier homomorphic encryption technique, the proposed SADS scheme can efficiently detect Sybil attack in MSN. Detailed security analysis shows that the user's privacy can be well-protected in the proposed SADS scheme. In addition, the system optimizing design is further proposed to improve the system performance.
Keywords: cryptography; data privacy; mobile computing; optimisation; smart phones; social networking (online); telecommunication security; Paillier homomorphic encryption technique; SADS; malicious user; mobile social networks; mobile users; privacy-preserving MSN; sybil attack detection scheme; user privacy; Encryption; Mobile communication; Mobile computing; Privacy; Social network services; Mobile social network; Paillier cryptosystem; Privacy-preserving; Sybil attack (ID#: 16-10110)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7459922&isnumber=7459813
M. Alimohammadi and A. A. Pouyan, “Sybil Attack Detection Using a Low Cost Short Group Signature In VANET,” Information Security and Cryptology (ISCISC), 2015 12th International Iranian Society of Cryptology Conference on, Rasht, 2015, pp. 23-28. doi: 10.1109/ISCISC.2015.7387893
Abstract: Vehicular ad hoc network (VANET) has attracted the attention of many researchers in recent years. It enables value-added services such as road safety and managing traffic on the road. Security issues are the challenging problems in this network. Sybil attack is one of the serious security threats that attacker tries to forge some identities. One of the main purposes for creating invalid identities is disruption in voting based systems. In this paper we propose a secure protocol for solving two conflicting goals privacy and Sybil attack in vehicle to vehicle (V2V) communications in VANET. The proposed protocol is based on the Boneh-Shacham (BS) short group signature scheme and batch verification. Experimental results demonstrate efficiency and applicability of the proposed protocol for providing the requirements of privacy and Sybil attack detection in V2V communications in VANET.
Keywords: protocols; road safety; road traffic; vehicular ad hoc networks; Boneh-Shacham short group signature scheme; Sybil attack detection; V2V communications; VANET; batch verification; protocol; traffic management; value-added services; vehicle to vehicle communications; vehicular ad hoc network; voting based systems; Authentication; Privacy; Protocols; Vehicles; Vehicular ad hoc networks; Yttrium; Sybil attack; Vehicular ad-hoc network; privacy; vehicle to vehicle communication (ID#: 16-10111)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7387893&isnumber=7387888
S. Thawani and H. Upadhyay, “Securing TORA Against Sybil Attack in MANETs,” Futuristic Trends on Computational Analysis and Knowledge Management (ABLAZE), 2015 International Conference on, Noida, 2015, pp. 475-478. doi: 10.1109/ABLAZE.2015.7155042
Abstract: Mobile Ad-hoc Network (MANET) is a quite challenging to ensures security because if it's open nature, lack of infrastructure, and high mobility of nodes. MANETs is a fast changing network in a form of decentralized wireless system. It requires a unique, distinct and persistent identity per node in order to provide their security and also has become an indivisible part for communication for mobile device. In this phase of dissertation, we have focused giving security to Temporally Ordered Routing Protocol Algorithm (TORA) from Sybil attack. TORA is based on a family of link reversal algorithm. It is highly adaptive distributing routing algorithm used in MANET that is able to provide multiple loop-free routes to any destination using the Route Creation, Route Maintenance and Route Erasure functions. Sybil attack is a serious threat for wireless networks. This type of attacker comes in the network and they start creating multiple identities. From that multiple identities they are disrupting the network by participating in communication with line breaking nodes. This cause huge loss in network resources. These networks can be protected using network failure and firewall detection schemes for detecting the attack and minimizing their effects. Proposed approach is expected to secure TORA through the implementation. Performance factor of network would be taken into consideration in order to verify the efficiency of modified TORA in MANET environment.
Keywords: mobile ad hoc networks; routing protocols; telecommunication security; MANETs; Sybil attack; TORA; adaptive distributing routing algorithm; firewall detection schemes; link reversal algorithm; mobile ad-hoc network; network failure schemes; route creation functions; route erasure functions; route maintenance functions; temporally ordered routing protocol algorithm; Ad hoc networks; Mobile communication; Mobile computing; Peer-to-peer computing; Routing; Routing protocols; Security; Mobile Ad-hoc Networks; Security; Sybil Attack (ID#: 16-10112)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7155042&isnumber=7154914
R. John, J. P. Cherian and J. J. Kizhakkethottam, “A Survey of Techniques to Prevent Sybil Attacks,” Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, Coimbatore, 2015, pp. 1-6. doi: 10.1109/ICSNS.2015.7292385
Abstract: Any decentralized, distributed network is vulnerable to the Sybil attack wherein a malicious node masquerade as several different nodes, called Sybil nodes disrupting the proper functioning of the network. A Sybil attacker can create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thus promoting lack of accountability in the network. In this paper, different types of Sybil attacks, including those occurring in peer-to-peer reputation systems, self-organizing networks and social network systems are discussed. Also, various methods that have been suggested over time to decrease or eliminate their risk completely are also analysed.
Keywords: computer network security; Sybil attack prevention; Sybil nodes; coordinated attack; decentralized-distributed network; malicious node; peer-to-peer reputation systems; physical device; self-organizing networks; social network systems; Access control; Ad hoc networks; Computers; Peer-to-peer computing; Social network services; Wireless sensor networks; Identity-based attacks; MANET; Sybil attack (ID#: 16-10113)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292385&isnumber=7292366
A. S. Lal and R. Nair, “Region Authority Based Collaborative Scheme to Detect Sybil Attacks in VANET,” 2015 International Conference on Control Communication & Computing India (ICCC), Trivandrum, 2015, pp. 664-668. doi: 10.1109/ICCC.2015.7432979
Abstract: Vehicular ad hoc networks (VANETs) are increasingly used for traffic control, accident avoidance, and management of toll stations and public areas. Security and privacy are two major concerns in VANETs. Most privacy preserving schemes are susceptible to Sybil attack in which a malicious user generates multiple identities to simulate multiple vehicles. This paper proposes an improvement for the scheme CP2DAP [1], which detects Sybil attacks by the cooperation of a central authority and a set of fixed nodes called road-side units (RSUs). The modification proposed is a region authority based collaborative scheme for detecting Sybil attacks and a revocation method using bloom filter to prevent further attacks from malicious vehicles. The detection of Sybil attack in this manner does not require any vehicle to disclose its identity; hence privacy is preserved at all times.
Keywords: security of data; vehicular ad hoc networks; RSU; Sybil attacks; VANET; bloom filter; privacy preserving schemes; region authority based collaborative scheme; road-side units; Privacy; Radiofrequency identification; Roads; Security; Trajectory; Vehicles; Vehicular ad hoc networks; Bloom filter; Region Authority; Sybil Attack (ID#: 16-10114)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7432979&isnumber=7432856
G. Noh and H. Oh, “AuRo-Rec: An Unsupervised and Robust Sybil Attack Defense in Online Recommender Systems,” SAI Intelligent Systems Conference (IntelliSys), 2015, London, 2015, pp. 1017-1024. doi: 10.1109/IntelliSys.2015.7361268
Abstract: With the explosive growth of online social networks (OSNs), the social commerce and online stores facilitating recommender systems (RSs) are a popular way of providing users customized information such as friends, books, goods, and so on. The major function of RSs is recommending items to their system users (i.e., potential consumers), however, malicious users attempt to continuously attack the RSs with fake identities (i.e., Sybils) by injecting false information. In this paper, we propose an Unsupervised and Robust Sybil attack defense in online Recommender systems (AuRo-Rec) which exploits dynamic auto-configuration of system parameters on top of the admission control concept. AuRo-Rec firstly provides highly trusted recommendations regardless of whether ratings are given by Sybils or not. To build the automatic parameter configuration required by Auto-Rec, we propose an unsupervised approach: Dynamic Threshold Auto-configuration (DTA). To evaluate our approaches, we conducted experiments against four possible Sybil attacks. The experimental results confirm that AuRo-Rec works robustly in terms of prediction shift (PS).
Keywords: recommender systems; security of data; social networking (online); AuRo-Rec; DTA; OSN; admission control concept; dynamic threshold autoconfiguration; online recommender systems; online social networks; prediction shift; robust Sybil attack defense; Admission control; Electronic mail; Intelligent systems; Manuals; Recommender systems; Robustness; Social network services; Auto updating; Fuzzy rules; Sybil attack (ID#: 16-10115)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7361268&isnumber=7361074
R. Bhumkar and D. J. Pete, “Reduction of Error Rate in Sybil Attack Detection for MANET,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-6. doi: 10.1109/ISCO.2015.7282328
Abstract: Mobile ad hoc networks (MANETs) require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. Fully self-organized MANETs represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop security solutions. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations, we are able to demonstrate that our proposed scheme detects Sybil identities with 95% accuracy (true positive) and about 5% error rate (false positive) even in the presence of mobility.
Keywords: emergency management; mobile ad hoc networks; protocols; telecommunication security; MANET; Sybil attack detection; complex distributed system; crisis management operation; error rate reduction; identity-based attack; mobile ad hoc network; resource constraint node; security protocol; Handheld computers; IEEE 802.11 Standard; Mobile ad hoc networks; Mobile computing; Identity-based attacks; Sybil attacks; intrusion detection (ID#: 16-10116)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282328&isnumber=7282219
S. Marian and P. Mircea, “Sybil Attack Type Detection in Wireless Sensor Networks Based on Received Signal Strength Indicator Detection Scheme,” Applied Computational Intelligence and Informatics (SACI), 2015 IEEE 10th Jubilee International Symposium on, Timisoara, 2015, pp. 121-124. doi: 10.1109/SACI.2015.7208183
Abstract: A Wireless Sensor network is very exposed to different type of attacks and the most common one is the Sybil attack. A Sybil node tries to assume a false identity of other nodes from a network by broadcasting packets with multiple node IDs in order to get access into that network. Once it gains access into that network, it can lead to other type of attacks. As an alternative to other solutions which are based on random key distribution, trusted certification and other classic security schemes, we present a solution which is robust and lightweight enough for Sybil attack type detection, based on RSSI (received signal strength indicator). In today's modern wireless sensor networks, there are two known indicators for link quality estimation: Received Signal Strength Indicator and Link Quality Indicator (LQI). We show trough experiments that RSSI is stable enough when used in static environments and with good transceivers. According to wireless channel models, received power should be a function of distance, but we used it to localize Sybil nodes.
Keywords: telecommunication security; wireless channels; wireless sensor networks; LQI; RSSI; Sybil attack type detection; Sybil node; Sybil nodes; broadcasting packets; link quality estimation; link quality indicator; random key distribution; received signal strength indicator; received signal strength indicator detection scheme; trusted certification; wireless channel models; wireless sensor networks; Hardware; Receivers; Standards; Wireless communication; Wireless sensor networks; Zigbee (ID#: 16-10117)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7208183&isnumber=7208165
K. M. Ponsurya, R. P. Priyanka and S. Vairachilai, “Transparent User Identity and Overcoming Sybil Attack for Secure Social Networks,” Soft-Computing and Networks Security (ICSNS), 2015 International Conference on, Coimbatore, 2015, pp. 1-4. doi: 10.1109/ICSNS.2015.7292379
Abstract: The secure social networks are online based services that permit unique users to build a public profile, to build the number of users with whom they want to communicate and see the connections within the system. Many social networks are online based and it gives the users to communicate via the internet, such as electronic mailing, quick messaging, sharing photos and videos, uploading the thoughts of the users etc. Such social networks are easily affected by attackers (i.e Sybil attack). The Sybil attack is a kind of security threat and it cause when an insecure system is hijacked to claim various identities. The huge scale peer to peer systems meets security thread from damaged calculating fundamentals. The Robust Recommendation algorithm is used to overcome the Sybil attack that affects the application but it fails when the attacker knows about the profiles of authenticate users. The proposed methodology has to eliminate such constraints by using the combination of session management and face detection and recognition techniques. By using these procedures, the application is secured effectively.
Keywords: Internet; face recognition; peer-to-peer computing; recommender systems; security of data; social networking (online); Internet; Sybil attack; electronic mailing; face detection; face recognition technique; insecure system; online based service; peer to peer system; photo sharing; public profile; quick messaging; robust recommendation algorithm; secure social networks; security thread; security threat; session management; transparent user identity; video sharing; Authentication; Face detection; Face recognition; Protocols; Social network services; Webcams; Webcam; face detection and recognition; profile matching (ID#: 16-10118)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292379&isnumber=7292366
F. Medjek, D. Tandjaoui, M. R. Abdmeziem and N. Djedjig, “Analytical Evaluation of the Impacts of Sybil Attacks Against RPL Under Mobility,” Programming and Systems (ISPS), 2015 12th International Symposium on, Algiers, 2015, pp. 1-9. doi: 10.1109/ISPS.2015.7244960
Abstract: The Routing Protocol for Low-Power and Lossy Networks (RPL) is the standardized routing protocol for constrained environments such as 6LoWPAN networks, and is considered as the routing protocol of the Internet of Things (IoT), However, this protocol is subject to several attacks that have been analyzed on static case. Nevertheless, IoT will likely present dynamic and mobile applications. In this paper, we introduce potential security threats on RPL, in particular Sybil attack when the Sybil nodes are mobile. In addition, we present an analytical analysis and a discussion on how network performances can be affected. Our analysis shows, under Sybil attack while nodes are mobile, that the performances of RPL are highly affected compared to the static case. In fact, we notice a decrease in the rate of packet delivery, and an increase in control messages overhead. As a result, energy consumption at constrained nodes increases. Our proposed attack demonstrate that a Sybil mobile node can easily disrupt RPL and overload the network with fake messages making it unavailable.
Keywords: computer network performance evaluation; computer network security; mobile computing; routing protocols; 6LoWPAN networks; Internet of Things; IoT; RPL; Sybil attacks; constrained environments; dynamic application; energy consumption; lossy network; low-power network; mobile application; network performance; routing protocol; security threats; Maintenance engineering; Mobile nodes; Routing; Routing protocols; Security; Topology (ID#: 16-10119)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7244960&isnumber=7244951
M. A. Jan, P. Nanda, X. He and R. P. Liu, “A Sybil Attack Detection Scheme for a Centralized Clustering-Based Hierarchical Network,” Trustcom/BigDataSE/ISPA, 2015 IEEE, Helsinki, 2015, pp. 318-325. doi: 10.1109/Trustcom.2015.390
Abstract: Wireless Sensor Networks (WSNs) have experienced phenomenal growth over the past decade. They are typically deployed in remote and hostile environments for monitoring applications and data collection. Miniature sensor nodes collaborate with each other to provide information on an unprecedented temporal and spatial scale. The resource-constrained nature of sensor nodes along with human-inaccessible terrains poses various security challenges to these networks at different layers. In this paper, we propose a novel detection scheme for Sybil attack in a centralized clustering-based hierarchical network. Sybil nodes are detected prior to cluster formation to prevent their forged identities from participating in cluster head selection. Only legitimate nodes are elected as cluster heads to enhance utilization of the resources. The proposed scheme requires collaboration of any two high energy nodes to analyze received signal strengths of neighboring nodes. The simulation results show that our proposed scheme significantly improves network lifetime in comparison with existing clustering-based hierarchical routing protocols.
Keywords: RSSI; telecommunication security; wireless sensor networks; Sybil attack detection scheme; centralized clustering-based hierarchical network; clustering-based hierarchical routing protocols; neighboring nodes; received signal strengths; Base stations; Energy consumption; Routing protocols; Security; Sensors; Wireless sensor networks; Base Station; Cluster; Cluster Head; Sybil Attack; Wireless Sensor Network (ID#: 16-10120)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345298&isnumber=7345233
S. Goyal, T. Bhatia and A. K. Verma, “Wormhole and Sybil Attack in WSN: A Review,” Computing for Sustainable Global Development (INDIACom), 2015 2nd International Conference on, New Delhi, 2015, pp. 1463-1468. doi: (not provided)
Abstract: With the increasing popularity of mobile devices, recent developments in wireless communication and the deployment of wireless sensor networks in the hostile environment makes it the popular field of interest from research perspective. Sensor networks consist of `smart nodes' communicating wirelessly which are resources constrained in terms of memory, energy, computation power. The design of these networks must encounter all factors including fault tolerance capability, scalability, costs of production, operating environment, hardware constraints etc. However, due to wireless nature of these networks and no tamper-resistant hardware these are vulnerable to various types of attacks. In this paper, various types of attacks have been studied and defensive techniques of one of the severe attacks i.e. wormhole and Sybil are surveyed in major detail with the comparison of merits and demerits of several techniques.
Keywords: telecommunication security; wireless sensor networks; Sybil attack; WSN; fault tolerance; smart nodes; wormhole attack; Communication system security; Economics; Jamming; Routing protocols; Wireless communication; Wireless sensor networks; Attacks; Defensive Mechanisms; Wormhole attack (ID#: 16-10121)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7100491&isnumber=7100186
F. d. A. López-Fuentes and S. Balleza-Gallegos, “Evaluating Sybil Attacks in P2P Infrastructures for Online Social Networks,” 2015 IEEE 17th International Conference on High Performance Computing and Communications (HPCC), 2015 IEEE 7th International Symposium on Cyberspace Safety and Security (CSS), 2015 IEEE 12th International Conference on Embedded Software and Systems (ICESS), New York, NY, 2015, pp. 1262-1267. doi: 10.1109/HPCC-CSS-ICESS.2015.252
Abstract: In recent years, online social networks (OSN) have become very popular. These types of networks have been useful to find former classmates or to improve our interaction with friends. Currently, a huge amount of information is generated and consumed by millions of people from these types of networks. Most popular online social networks are based on centralized servers, which are responsible for the management and storage all information. Although online social networks introduce several benefits, these networks still face many challenges such as central control, privacy or security. P2P infrastructures have emerged as an alternative platform to deploy decentralized online social networks. However, decentralized distributed systems are vulnerable to malicious peers. In this work, we evaluate P2P infrastructures against Sybil attacks. In particular, we simulate and evaluate hybrid and distributed P2P architectures.
Keywords: computer network security; file servers; peer-to-peer computing; social networking (online); OSN; P2P infrastructure; Sybil attack evaluation; centralized server; decentralized distributed systems; decentralized online social network; distributed P2P architecture; hybrid P2P architecture; malicious peers; Bandwidth; Computational modeling; Flowcharts; Peer-to-peer computing; Protocols; Servers; Social network services; Sybil attack; online-social networks; peer-to-peer networks (ID#: 16-10122)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7336341&isnumber=7336120
Z. Saoud, N. Faci, Z. Maamar and D. Benslimane, “Impact of Sybil Attacks on Web Services Trust Assessment,” 2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS), Paris, 2015, pp. 1-6. doi: 10.1109/NOTERE.2015.7293495
Abstract: This paper discusses how Sybil attacks can undermine trust management systems and how to respond to these attacks using advanced techniques such as credibility and probabilistic databases. In such attacks end-users have purposely different identities and hence, can provide inconsistent ratings over the same Web Services. Many existing approaches rely on arbitrary choices to filter out Sybil users and reduce their attack capabilities. However this turns out inefficient. Our approach relies on non-Sybil credible users who provide consistent ratings over Web services and hence, can be trusted. To establish these ratings and debunk Sybil users techniques such as fuzzy-clustering, graph search, and probabilistic databases are adopted. A series of experiments are carried out to demonstrate robustness of our trust approach in presence of Sybil attacks.
Keywords: Web services; graph theory; pattern clustering; probability; trusted computing; Sybil attacks; Sybil user techniques; Web service trust assessment; attack capabilities; credibility; fuzzy-clustering; graph search; nonSybil credible users; probabilistic databases; trust management systems; Cost accounting; Gold; Nickel; Protocols; Radio frequency; Robustness; Web services (ID#: 16-10123)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7293495&isnumber=7293442
P. Thakur, R. Patel and N. Patel, “A Proposed Framework for Protection of Identity Based Attack in Zigbee,” Communication Systems and Network Technologies (CSNT), 2015 Fifth International Conference on, Gwalior, 2015, pp. 628-632. doi: 10.1109/CSNT.2015.243
Abstract: ZigBee is used for emerging standard of lowpower, low-rate wireless communication which aims at interoperability and covers a full range of devices even including low-end battery-powered nodes. Zigbee is a specification for a suite of high-level communication protocols used to create personal area network built from small network. Zigbee network are vulnerable to Sybil attack in which a Sybil node send forges multiple identities to trick the system and conduct harmful attack. We propose a Sybil attack detection and prevention method using distance and address of node in Zigbee. In this technique, trusted node verifies other nodes and identifies the malicious node. We will implement this technique using NS2 with AODV protocol for mesh topology.
Keywords: Zigbee; protocols; radiocommunication; telecommunication network topology; telecommunication security; AODV protocol; NS2; Sybil attack detection; Sybil node; high-level communication protocols; identity protection; low-end battery-powered nodes; mesh topology; personal area network; wireless communication; Ad hoc networks; IP networks; Protocols; Security; Wireless communication; Wireless sensor networks; Zigbee network; Trust center; Sybil attack (ID#: 16-10124)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7279994&isnumber=7279856
K. B. Kansara and N. M. Shekokar, “At a Glance of Sybil Detection in OSN,” 2015 IEEE International Symposium on Nanoelectronic and Information Systems, Indore, 2015, pp. 47-52. doi: 10.1109/iNIS.2015.46
Abstract: With increasing popularity of online social network (OSN), major threats are also emerging to challenge the security of OSN. One of the majors is Sybil attack, where malicious user unfairly creates multiple fake identities to penetrate the OSN security and integrity. Since last decades number of schemes have been developed for detecting ad defending Sybil attack. In this survey article, we aim to give an overview of researches against Sybil detection and suggested methodologies which have been implemented so far. Our survey aim to provide the foundation for the future researchers to trigger the significant Sybil defenses by overcoming the existing challenges.
Keywords: security of data; social networking (online); user interfaces; OSN; Sybil attack; Sybil detection; malicious user; online social network; security; threats; Information systems; Social Network; Survey (ID#: 16-10125)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7434396&isnumber=7434375
R. Pecori, “Trust-Based Storage in a Kademlia Network Infected by Sybils,” 2015 7th International Conference on New Technologies, Mobility and Security (NTMS), Paris, 2015, pp. 1-5. doi: 10.1109/NTMS.2015.7266529
Abstract: Coping with multiple false identities, also known as a Sybil attack, is one of the main challenges in securing structured peer-to-peer networks. Poisoning routing tables through these identities may make the process for storing and retrieving resources within a DHT (Distributed Hash Table) extremely difficult and time consuming. We investigate current possible countermeasures and propose a novel adaptive method for making the storage and retrieval process, in a Kademlia-based network, more secure. This is done through the use of a trust-based storage algorithm, exploiting reputation techniques. Our solution shows promising results in thwarting a Sybil attack in a Kademlia network, also in comparison with similar methods.
Keywords: computer network security; information retrieval; information storage; peer-to-peer computing; telecommunication network routing; trusted computing; DHT; Kademlia network; Sybil attack; distributed hash table; peer-to-peer networks; reputation techniques; retrieval process; routing tables; storage process; trust-based storage algorithm; Computational modeling; Conferences; Measurement; Peer-to-peer computing; Positron emission tomography; Routing; Standards; Incorrect storage; Kademlia; Structured peer-to-peer networks; Sybil attack; Trust and reputation (ID#: 16-10126)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7266529&isnumber=7266450
Roopashree H. R. and A. Kanavalli, “STREE: A Secured Tree Based Routing with Energy Efficiency in Wireless Sensor Network,” Computing and Communications Technologies (ICCCT), 2015 International Conference on, Chennai, 2015, pp. 25-30. doi: 10.1109/ICCCT2.2015.7292714
Abstract: The Wireless Sensor Network (WSN) applications are today not only limited to the research stage rather it has been adopted practically in many defense as well as general civilians applications. It has been witness that extensive research have been conducted towards energy efficient routing and communication protocols and it has been reached to an acceptable stages, but without having a secure communications wide acceptance of the application is not likely. Due to unique characteristics of WSN, the security schemes suggested for other wireless networks are not applicable to WSN. This paper introduces an novel tree based technique called as Secure Tree based Routing with Energy Efficiency or STREE using clustering approximation along with lightweight key broadcasting mechanism in hierarchical routing protocol. The outcome of the study was compared with standard SecLEACH to find that proposed system ensure better energy efficiency and security.
Keywords: cryptography; routing protocols; trees (mathematics); wireless sensor networks; STREE; WSN; clustering approximation; energy efficiency; energy efficient routing protocols; hierarchical routing protocol; lightweight key broadcasting mechanism; secured tree based routing; wireless sensor network; Algorithm design and analysis; Approximation methods; Batteries; Energy efficiency; Reactive power; Security; Wireless sensor networks; Clustering Approximation; SecLEACH; Sybil Attack; Tree Based approach; Wireless Sensor Network (ID#: 16-10127)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7292714&isnumber=7292708
W. Luis da Costa Cordeiro and L. P. Gaspary, “Limiting Fake Accounts in Large-Scale Distributed Systems Through Adaptive Identity Management,” 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), Ottawa, ON, 2015, pp. 1092-1098. doi: 10.1109/INM.2015.7140438
Abstract: Various online, networked systems offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can subvert the identity management scheme in place, obtain a multitude of fake accounts, and use them for malicious purposes. In this work, we approach the issue of fake accounts in large-scale, distributed systems, by proposing a framework for adaptive identity management. Instead of relying on users' personal information as a requirement for granting identities (unlike existing proposals), our key idea is to estimate a trust score for identity requests, and price them accordingly using a proof of work strategy. The research agenda that guided the development of this framework comprised three main items: (i) investigation of a candidate trust score function, based on an analysis of users' identity request patterns, (ii) combination of trust scores and proof of work strategies (e.g. cryptograhic puzzles) for adaptively pricing identity requests, and (iii) reshaping of traditional proof of work strategies, in order to make them more resource-efficient, without compromising their effectiveness (in stopping attackers).
Keywords: Internet; security of data; trusted computing; adaptive identity management; candidate trust score function; cryptographic puzzles; fake accounts; identity request patterns; large-scale distributed systems; online networked systems; proof of work strategy; Adaptation models; Complexity theory; Computational modeling; Cryptography; Green products; Mathematical model; Proposals; Identity management; collusion attacks; peer-to-peer; proof of work; sybil attack (ID#: 16-10128)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7140438&isnumber=7140257
R. K. Kapur and S. K. Khatri, “Analysis of Attacks on Routing Protocols in MANETs,” Computer Engineering and Applications (ICACEA), 2015 International Conference on Advances in, Ghaziabad, 2015, pp. 791-798. doi: 10.1109/ICACEA.2015.7164811
Abstract: Mobile Adhoc Networks (MANETs) are networks of mobile nodes which have limited resources in terms of processing power, memory and battery life. The traffic to the destination nodes which are beyond the range of source nodes are routed by the intermediate nodes. The routing in the MANETs is different from conventional infrastructure network since the nodes not only act as end devices but also act as routers. Owing to the resource constraint of the nodes the routing protocols for MANETs have to be light weight and assume a trusted environment. The absence of any infrastructure for security and ever changing topology of the network makes the routing protocols vulnerable to variety of attacks. These attacks may lead to either misdirection of data traffic or denial of services. The mitigation techniques to combat the attacks in MANETs have to work under severe constraints, and therefore it is imperative to study the vulnerabilities of the routing protocols and methods of launching the attack in detail. This paper attempts to do the same and has reviewed some current literature on mitigation of the routing attacks.
Keywords: mobile ad hoc networks; routing protocols; telecommunication security; MANET; data traffic misdirection; denial of service attack; routing protocol attacks; trusted environment; Ad hoc networks; Computer crime; Mobile computing; Routing; Routing protocols; Attacks on routing protocols; Blackhole attack; Flooding attak; Greyhole attack; MANETs; Routing Protocols; Rushing attack; Sybil Attack; Wormhole attack (ID#: 16-10129)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7164811&isnumber=7164643
P. Banerjee, T. Chatterjee and S. DasBit, “LoENA: Low-Overhead Encryption Based Node Authentication in WSN,” Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, Kochi, 2015, pp. 2126-2132. doi: 10.1109/ICACCI.2015.7275931
Abstract: Nodes in a wireless sensor network (WSN) are susceptible to various attacks primarily due to their nature of deployment and unguarded communication. Therefore, providing security in such networks is of utmost importance. The main challenge to achieve this is to make the security solution light weight so that it is feasible to implement in such resource constrained nodes in WSN. So far, data authentication has drawn more attention than the node authentication in WSN. A robust security solution for such networks must also facilitate node authentication. In this paper, a low overhead encryption based security solution is proposed for node authentication. The proposed node authentication scheme at the sender side consists of three modules viz. dynamic key generation, encryption and embedding of key hint. Performance of the scheme is primarily analyzed by using two suitably chosen parameters such as cracking probability and cracking time. This evaluation guides us in fixing the size of the unique id of a node so that the scheme incurs low-overhead as well as achieves acceptable robustness. The performance is also compared with a couple of recent works in terms of computation and communication overheads and that confirms our scheme's supremacy over competing schemes in terms of both the metrics.
Keywords: cryptography; probability; wireless sensor networks; LoENA; WSN; cracking probability; cracking time; data authentication; low-overhead encryption based node authentication; wireless sensor network; Authentication; Encryption; Heuristic algorithms; Receivers; Wireless sensor networks; Wireless sensor network; authentication; encryption; sybil attack; tampering (ID#: 16-10130)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7275931&isnumber=7275573
A. Quyoom, R. Ali, D. N. Gouttam and H. Sharma, “A Novel Mechanism of Detection of Denial of Service Attack (DoS) in VANET Using Malicious and Irrelevant Packet Detection Algorithm (MIPDA),” Computing, Communication & Automation (ICCCA), 2015 International Conference on, Noida, 2015, pp. 414-419. doi: 10.1109/CCAA.2015.7148411
Abstract: Security of Vehicular Ad Hoc Networks (VANET) plays a very important role in order to sustain critical life. VANET is a subtype of MANET. For the secure communication of critical life related information, network must need to be available at all the times. The network availability is exposed to several types of attacks and threads possible in VANET. These security attacks and threats include Sybil attacks, misbehaving nodes generate false information, jamming attacks, selfish driver attack, wrongs vehicle position information. These attacks make other vehicles unsecure. Among all these attacks, denial-of-service (DoS) attacks is a major threat to the information economy. In this paper, we proposed an Malicious and Irrelevant Packet Detection Algorithm (MIPDA) which is used to analyze and detect the Denial-of Service (DoS) attack. As a result, the attack is eventually confined within its source domains, thus avoiding wasteful attack traffic overloading the network infrastructure. It also reduces the overhead delay in the information processing, which increases the communication speed and also enhances the security in VANET.
Keywords: computer network security; signal detection; vehicular ad hoc networks; Denial of Service attack; DoS attack detection; MANET; MIPDA; Sybil attack; VANET; information economy; information processing overhead delay reduction; jamming attack; malicious and irrelevant packet detection algorithm; secure communication; selfish driver attack; vehicular ad hoc network; Computer crime; Jamming; Roads; Safety; Vehicles; Vehicular ad hoc networks (ID#: 16-10131)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7148411&isnumber=7148334
S. Bittl, A. A. Gonzalez, M. Myrtus, H. Beckmann, S. Sailer and B. Eissfeller, “Emerging Attacks on VANET Security Based on GPS Time Spoofing,” Communications and Network Security (CNS), 2015 IEEE Conference on, Florence, 2015, pp. 344-352. doi: 10.1109/CNS.2015.7346845
Abstract: Car2X communication is about to enter the mass market in upcoming years. So far all realization proposals heavily depend on the global positioning system for providing location information and time synchronization. However, studies on security impact of this kind of data input have focused on the possibility to spoof location information. In contrast, attacks on time synchronization have not received much attention so far. Thus, an analysis of the attack potential on vehicular ad-hoc network (VANET) realizations in regard to spoofed time information is provided in this work. Thereby, we show that this kind of attack allows for severe denial of service attacks. Moreover, by such attacks one can violate the non-repudiation feature of the security system by offering the possibility to misuse authentication features. Additionally, a sybil attack can be performed and reliability of the basic data sets of time and position inside VANET messages is highly questionable considering the outlined attacks. Mechanisms to avoid or limit the impact of outlined security flaws are discussed. An evaluation of the possibility to carry out the described attacks in practice using a current Car2X hardware solution is provided.
Keywords: Global Positioning System; synchronisation; telecommunication network reliability; vehicular ad hoc networks; Car2X communication; Car2X hardware solution; GPS time spoofing; VANET messages; VANET security; denial of service attacks; mass market; security system; spoof location information; spoofed time information; sybil attack; time synchronization; vehicular ad-hoc network; Receivers; Security; Standards; Synchronization; Vehicles; Vehicular ad hoc networks (ID#: 16-10132)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7346845&isnumber=7346791
O. Tibermacine, C. Tibermacine and F. Cherif, “Regression-Based Bootstrapping of Web Service Reputation Measurement,” Web Services (ICWS), 2015 IEEE International Conference on, New York, NY, 2015, pp. 377-384. doi: 10.1109/ICWS.2015.57
Abstract: In the literature, many solutions for measuring the reputation of web services have been proposed. These solutions help in building service recommendation systems. Nonetheless, there are still many challenges that need to be addressed in this context, such as the “cold start” problem, and the lack of estimation of the initial reputation values of newcomer web services. As reputation measurement depends on the previous reputation values, the lack of initial values can subvert the performance of the whole service recommendation system, making it vulnerable to different threats, like the Sybil attack. In this paper, we propose a new bootstrapping mechanism for evaluating the reputation of newcomer web services based on their initial Quality of Service (QoS) attributes, and their similarity with “long-standing” web services. Basically, the technique uses regression models for estimating the unknown reputation values of newcomer services from their known values of QoS attributes. The technique has been experimented on a large set of services, and its performance has been measured using some statistical metrics, such as the coefficient of determination (R2), Mean Absolute Error (MSE), and Percentage Error (PE).
Keywords: Web services; computer bootstrapping; computer crime; quality of service; recommender systems; regression analysis; MSE; QoS attributes; Sybil attack; Web service reputation measurement; bootstrapping mechanism; coefficient of determination; mean absolute error; percentage error; quality of service attributes; regression models; regression-based bootstrapping; reputation evaluation; reputation values; service recommendation systems; statistical metrics; threats; Estimation; Mathematical model; Measurement; Quality of service; Silicon; Time factors; Quality of Service; Regression Model; Reputation Bootstrapping; Reputation Measurement; Web Services (ID#: 16-10133)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7195592&isnumber=7195533
Ashritha M and Sridhar C S, “RSU Based Efficient Vehicle Authentication Mechanism for VANETs,” Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, Coimbatore, 2015, pp. 1-5. doi: 10.1109/ISCO.2015.7282299
Abstract: Security and privacy are the two major concerns in VANETs. Due to highly dynamic environment in VANETs computation time for authentication is more. At the same time most of the privacy preserving schemes is prone to Sybil attacks. In this paper we propose a lightweight authentication scheme between vehicle to RSU, vehicle to vehicles and to build a secure communication system. In this method we make use of timestamps approach and also reduce the computation cost for authentication in highly dense traffic zones. The privacy of the vehicle is preserved by not disclosing its real identity.
Keywords: cost reduction; data privacy; telecommunication security; telecommunication traffic; vehicular ad hoc networks; RSU; RSU based efficient vehicle authentication mechanism; Sybil attack; VANET; computation cost reduction; highly dense traffic zone; lightweight authentication scheme; privacy preserving scheme; secure communication system; timestamp approach; vehicle privacy; Authentication; Computers; Libraries; Privacy; Vehicular ad hoc networks; OBU; TMA; pseudo-id (ID#: 16-10134)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282299&isnumber=7282219
P. Sarigiannidis, E. Karapistoli and A. A. Economides, “VisIoT: A Threat Visualisation Tool for IoT Systems Security,” 2015 IEEE International Conference on Communication Workshop (ICCW), London, 2015, pp. 2633-2638. doi: 10.1109/ICCW.2015.7247576
Abstract: Without doubt, the Internet of Things (IoT) is changing the way people and technology interact. Fuelled by recent advances in networking, communications, computation, software, and hardware technologies, IoT has stepped out of its infancy and is considered as the next breakthrough technology in transforming the Internet into a fully integrated Future Internet. However, realising a network of physical objects accessed through the Internet brings a potential threat in the shadow of the numerous benefits. The threat is “security”. Given that Wireless Sensor Networks (WSNs) leverage the potential of IoT quite efficiently, this paper faces the challenge of security attention on a particular, yet broad, context of IP-enabled WSNs. In particular, it proposes a novel threat visualisation tool for such networks, called VisIoT. VisIoT is a human-interactive visual-based anomaly detection system that is capable of monitoring and promptly detecting several devastating forms of security attacks, including wormhole attacks, and Sybil attacks. Based on a rigorous, radial visualisation design, VisIoT may expose adversaries conducting one or multiple concurrent attacks against IP-enabled WSNs. The system's visual and anomaly detection efficacy in exposing complex security threats is demonstrated through a number of simulated attack scenarios.
Keywords: Internet of Things; data visualisation; security of data; wireless sensor networks; IP-enabled WSN; IoT systems security; Sybil attacks; VisIoT; complex security threats; concurrent attacks; hardware technologies; human-interactive visual-based anomaly detection system; physical objects; radial visualisation design; security attacks; simulated attack scenarios; software technologies; threat visualisation tool; visual detection efficacy; wormhole attacks; Data visualization; Engines; Monitoring; Routing; Security; Visualization; Wireless sensor networks (ID#: 16-10135)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247576&isnumber=7247062
K. Chen, G. Liu, H. Shen and F. Qi, “Sociallink: Utilizing Social Network and Transaction Links for Effective Trust Management in P2P File Sharing Systems,” Peer-to-Peer Computing (P2P), 2015 IEEE International Conference on, Boston, MA, 2015, pp. 1-10. doi: 10.1109/P2P.2015.7328527
Abstract: Current reputation systems for peer-to-peer (P2P) file sharing systems either fail to utilize existing trust within social networks or suffer from certain attacks (e.g., free-riding and collusion). To handle these problems, we introduce a trust management system, called SocialLink, that utilizes social network and historical transaction links. SocialLink manages file transactions through both the social network and a novel weighted transaction network, which is built based on previous file transaction history. First, SocialLink exploits the trust among friends in social networks by enabling two friends to share files directly. Second, the weighted transaction network is utilized to (1) deduce the trust of the client on a server in reliably providing the requested file and (2) check the fairness of the transaction. In this way, SocialLink prevents potential misbehaving transactions (i.e., providing faulty files), encourages nodes to contribute file resources to non-friends, and avoids free-riding. Furthermore, the weighted transaction network helps SocialLink resist whitewashing, collusion and Sybil attacks. Extensive simulation demonstrates that SocialLink can efficiently ensure trustable and fair P2P file sharing and resist the aforementioned attacks.
Keywords: client-server systems; peer-to-peer computing; social networking (online); transaction processing; trusted computing; SocialLink; Sybil attacks; client-server system; collusion attack; faulty files; file resources; file transaction management; free-riding attack; peer-to-peer file sharing systems; social network; transaction links; trust management system; trustable-fair P2P file sharing; weighted transaction network; whitewashing attack; Nickel; Peer-to-peer computing; Quality of service; Reliability; Resists; Servers; Social network services (ID#: 16-10136)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7328527&isnumber=7328510
J. Chen, H. Ma, D. S. L. Wei and D. Zhao, “Participant-Density-Aware Privacy-Preserving Aggregate Statistics for Mobile Crowd-Sensing,” Parallel and Distributed Systems (ICPADS), 2015 IEEE 21st International Conference on, Melbourne, VIC, 2015,
pp. 140-147. doi: 10.1109/ICPADS.2015.26
Abstract: Mobile crowd-sensing applications produce useful knowledge of the surrounding environment, which makes our life more predictable. However, these applications often require people to contribute, consciously or unconsciously, location-related data for analysis, and this gravely encroaches users' location privacy. Aggregate processing is a feasible way for preserving user privacy to some extent, and based on the mode, some privacy-preserving schemes have been proposed. However, existing schemes still cannot guarantee users' location privacy in the scenarios with low density participants. Meanwhile, user accountability also needs to be considered comprehensively to protect the system from malicious users. In this paper, we propose a participant-density-aware privacy-preserving aggregate statistics scheme for mobile crowd-sensing applications. In our scheme, we make use of multi-pseudonym mechanism to overcome the vulnerability due to low participant density. To further handle sybil attacks, based on the Paillier cryptosystem and non-interactive zero-knowledge verification, we advance and improve our solution framework, which also covers the problem of user accountability. Finally, the theoretical analysis indicates that our scheme achieves the desired properties, and the performance experiments demonstrate that our scheme can achieve a balance among accuracy, privacy-protection and computational overhead.
Keywords: cryptography; data privacy; mobile computing; statistics; Paillier cryptosystem; Sybil attacks; mobile crowd-sensing applications; multipseudonym mechanism; noninteractive zero-knowledge verification; participant-density-aware privacy-preserving aggregate statistics scheme; user accountability; Aggregates; Cryptography; Mobile handsets; Principal component analysis; Privacy; Sensors; Servers; aggregate statistics; mobile crowd-sensing; participant-density; privacy-preservation; user accountability
(ID#: 16-10137)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7384289&isnumber=7384203
A. Singh and P. Sharma, “A Novel Mechanism for Detecting DOS Attack in VANET Using Enhanced Attacked Packet Detection Algorithm (EAPDA),” 2015 2nd International Conference on Recent Advances in Engineering & Computational Sciences (RAECS), Chandigarh, India, 2015, pp. 1-5. doi: 10.1109/RAECS.2015.7453358
Abstract: Security is the major concern with respect to the critical information shared between the vehicles. Vehicular ad hoc network is a sub class of Mobile ad hoc network in which the vehicles move freely and communicate with each other and with the roadside unit (RSU) as well. Since the nodes are self organized, highly mobile and free to move therefore any nodes can interact with any other node which may or may not be trustworthy. This is the area of concern in the security horizon of VANETs. It is the responsibility of RSU to make the network available all the time to every node for secure communication of critical information. For this, network availability occurs as the major security requirement, which may be exposed to several threats or attacks. The vehicles and the RSU are prone to several security attacks such as masquerading, Sybil attack, alteration attack, Selfish driver attack, etc. Among these Denial of Service attack is the major threat to the availability of network. In order to shelter the VANET from DoS attack we have proposed Enhanced Attacked Packet Detection Algorithm which prohibits the deterioration of the network performance even under this attack. EAPDA not only verify the nodes and detect malicious nodes but also improves the throughput with minimized delay thus enhancing security. The simulation is done using NS2 and the results are compared with earlier done work.
Keywords: telecommunication security; vehicular ad hoc networks; DOS attack detection; NS2; Sybil; VANET; delay; denial of service attack; enhanced attacked packet detection algorithm; malicious nodes; mobile ad hoc network; network availability; roadside unit; secure communication; security; security horizon; selfish driver attack; vehicular ad hoc network; Computer crime; Delays; Detection algorithms; Roads; Vehicles; Vehicular ad hoc networks; Availability; DoS Attack; EAPDA; Security (ID#: 16-10138)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7453358&isnumber=7453273
J. Jose and Rigi C. R, “A Comparative Study of Topology Enabled and Topology Hiding Multipath Routing Protocols in MANETs,” Electrical, Electronics, Signals, Communication and Optimization (EESCO), 2015 International Conference on, Visakhapatnam, 2015, pp. 1-4. doi: 10.1109/EESCO.2015.7254001
Abstract: In the past few years, we have seen a rapid expansion in the area of mobile ad hoc networks due to the rapid increase in the number of inexpensive and widely available wireless devices. This type of network, operating as a stand-alone network or with one or multiple points of attachment to cellular networks paves the way for numerous new and exciting applications. MANETs are characterized by a multi-hop network topology that can change frequently due to mobility, efficient routing protocols are needed to establish communication paths between nodes. It is very important that the routing protocol used must provide a well secure routing architecture and should not provide single bit of loop holes. This is pointing towards the topology exposure problem of existing routing protocols and tells about the need of topology hiding. Routing security is one of the hottest research areas in MANET currently. This paper provides insight into a comparative study of well known AOMDV routing protocol with a topology hiding multipath protocol and the need of hiding topology information within the protocol to resist various kinds of attacks such as blackhole attack, Sybil attack and warmhole attack. This paper also discusses the technological challenges that protocol designers and network developers are faced with.
Keywords: cellular radio; mobile ad hoc networks; radio equipment; routing protocols; telecommunication network topology; telecommunication security; AOMDV routing protocol; MANET routing security; cellular network; mobile ad hoc network; multihop network topology exposure problem; topology enabled multipath routing protocol; topology hiding multipath routing protocol; wireless device; Ad hoc networks; Mobile computing; Network topology; Routing; Routing protocols; Topology; AODV; Routing Protocols; THMR; Topology hiding; formatting (ID#: 16-10139)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7254001&isnumber=7253613
K. Zhang, X. Liang, R. Lu, K. Yang and X. S. Shen, “Exploiting Mobile Social Behaviors for Sybil Detection,” 2015 IEEE Conference on Computer Communications (INFOCOM), Kowloon, 2015, pp. 271-279. doi: 10.1109/INFOCOM.2015.7218391
Abstract: In this paper, we propose a Social-based Mobile Sybil Detection (SMSD) scheme to detect Sybil attackers from their abnormal contacts and pseudonym changing behaviors. Specifically, we first define four levels of Sybil attackers in mobile environments according to their attacking capabilities. We then exploit mobile users' contacts and their pseudonym changing behaviors to distinguish Sybil attackers from normal users. To alleviate the storage and computation burden of mobile users, the cloud server is introduced to store mobile user's contact information and to perform the Sybil detection. Furthermore, we utilize a ring structure associated with mobile user's contact signatures to resist the contact forgery by mobile users and cloud servers. In addition, investigating mobile user's contact distribution and social proximity, we propose a semi-supervised learning with Hidden Markov Model to detect the colluded mobile users. Security analysis demonstrates that the SMSD can resist the Sybil attackers from the defined four levels, and the extensive trace-driven simulation shows that the SMSD can detect these Sybil attackers with high accuracy.
Keywords: cloud computing; hidden Markov models; learning (artificial intelligence); network servers; security of data; Sybil attackers; abnormal contacts; cloud server; hidden Markov model; mobile environments; mobile social behaviors; mobile user contact distribution; mobile user contact signatures; pseudonym changing behaviors; security analysis; semisupervised learning; social proximity; social-based mobile Sybil detection; trace-driven simulation; Aggregates; Computers; Hidden Markov models; Mobile communication; Mobile computing; Resists; Servers (ID#: 16-10140)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218391&isnumber=7218353
D. Gantsou, “On the Use of Security Analytics for Attack Detection in Vehicular Ad Hoc Networks,” Cyber Security of Smart Cities, Industrial Control System and Communications (SSIC), 2015 International Conference on, Shanghai, 2015, pp. 1-6. doi: 10.1109/SSIC.2015.7245674
Abstract: A vehicular ad hoc network (VANET) is a special kind of mobile ad hoc network built on top of the IEEE802.11p standard for a better adaptability to the wireless mobile environment. As it is used for both supporting vehicle-to-vehicle (V2V) as well as vehicle-to-infrastructure (V2I) communications, and connecting vehicles to external resources including cloud services, Internet, and user devices while improving the road traffic conditions, VANET is a Key component of intelligent transportation systems (ITS). As such, VANET can be exposed to cyber attacks related to the wireless environment, and those of traditional information technologies systems it is connected to. However, when looking at solutions that have been proposed to address VANET security issues, it emerges that guaranteeing security in VANET essentially amounts to resorting to cryptographic-centric mechanisms. Although the use of public key Infrastructure (PKI) fulfills most VANET' security requirements related to physical properties of the wireless transmissions, simply relying on cryptography does not secure a network. This is the case for vulnerabilities at layers above the MAC layer. Because of their capability to bypass security policy control, they can still expose VANET, and thus, the ITS to cyber attacks. Thereby, one needs security solutions that go beyond cryptographic mechanisms in order cover multiple threat vectors faced by VANET. In this paper focusing on attack detection, we show how using an implementation combining observation of events and incidents from multiple sources at different layers Sybil nodes can be detected regardless of the VANET architecture.
Keywords: intelligent transportation systems; telecommunication security; vehicular ad hoc networks; IEEE802.11p standard; VANET; attack detection; cryptographic-centric mechanisms; cyber attacks; mobile ad hoc network; security analytics; wireless mobile environment; Communication system security; Cryptography; IP networks; Vehicles; Vehicular ad hoc networks; Intelligent Transportation Systems (ITS); Vehicular ad hoc network (VANET) security (ID#: 16-10141)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7245674&isnumber=7245317
Y. Wang, Z. Ju, A. V. Vasilakos and J. Ma, “An Integrated Incentive Mechanism for Device to Device (D2D)-Enabled Cellular Traffic Offloading,” 2015 IEEE International Conference on Smart City/SocialCom/SustainCom (SmartCity), Chengdu, China, 2015, pp. 384-390. doi: 10.1109/SmartCity.2015.102
Abstract: Cooperative content offloading is a promising technology to relieve the heavy burden of wireless cellular networks, and meanwhile can improve the quality of downloading services. While various optimization frameworks have been intensively studied (e.g., maximizing the amount of cellular traffic that can be offloaded, etc.), little attention has been given to how to systematically accommodate various stakeholders' rational behaviors and incentivize their cooperation. In this paper, we propose an integrated incentive mechanism which incorporates the utilities of three rational stakeholders in traffic offloading: cellular provider and end users including waiting users and downloading users. This incentive mechanism explicitly includes two components. In the first component of reverse auction based incentive mechanism, the cellular provider can classify the general users into downloading users and waiting users, and the waiting users can get some rewards for waiting some time (i.e., delaying their downloading through cellular provider). Besides being involved in the reverse auction phase, in the second component of charge policy based incentive mechanism, the waiting users can obtain data from the downloading user in D2D way, and pay both downloading user and per intermediate node on the delivery path with parts of rewards earned from cellular providers. Preliminary theoretical analysis illustrates this integrated incentive mechanism has the following features: Cellular provide can offload traffic with minimum cost, users in reverse auction will truthfully report their valuations on traffic loading, downloading users can obtain extra reward from waiting users in sybil-proof way (i.e., thwarting edge insertion attack).
Keywords: cellular radio; commerce; cooperative communication; telecommunication network management; telecommunication traffic; D2D-enabled cellular traffic offloading; cellular provider; charge policy; cooperative content offloading; device to device-enabled cellular traffic offloading; downloading services; integrated incentive mechanism; rational stakeholders; reverse auction phase; stakeholders rational behaviors; sybil-proof way; wireless cellular networks; Cost accounting; Delays; Mobile communication; Mobile computing; Resource management; Stakeholders; Wireless communication; Cellular provider; Device to Device (D2D); Incentive mechanism; Reverse auction; Traffic offloading (ID#: 16-10142)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7463756&isnumber=7463653
Y. Qiu and M. Ma, “An Authentication and Key Establishment Scheme to Enhance Security for M2M in 6LoWPANs,” 2015 IEEE International Conference on Communication Workshop (ICCW), London, 2015, pp. 2671-2676. doi: 10.1109/ICCW.2015.7247582
Abstract: With the rapid development of wireless communication technologies, machine-to-machine (M2M) communications, which is an essential part of the Internet of Things (IoT), allows wireless and wired systems to monitor environments without human intervention. To extend the use of M2M applications, the standard of Internet Protocol version 6 (IPv6) over Low power Wireless Personal Area Networks (6LoWPAN), developed by The Internet Engineering Task Force (IETF), would be applied into M2M communication to enable IP-based M2M sensing devices to connect to the open Internet. Although the 6LoWPAN standard has specified important issues in the communication, security functionalities at different protocol layers have not been detailed. In this paper, we propose an enhanced authentication and key establishment scheme for 6LoWPAN networks in M2M communications. The security proof by the Protocol Composition Logic (PCL) and the formal verification by the Simple Promela Interpreter (SPIN) show that the proposed scheme in 6LoWPAN could enhance the security functionality with the ability to prevent malicious attacks such as replay attacks, man-in-the-middle attacks, impersonation attacks, Sybil attacks, and etc.
Keywords: Internet; Internet of Things; cryptographic protocols; personal area networks; transport protocols; 6LoWPAN; IETF; IPv6; Internet engineering task force; Internet protocol version 6; IoT; M2M communication; PCL; SPIN; authentication scheme; key establishment scheme; low power wireless personal area network; machine-to-machine communication; protocol composition logic; protocol layer; security enhancement; simple Promela interpreter; wireless communication technology; Authentication; Cryptography; Internet of things; Protocols; Servers; Authentication; M2M (ID#: 16-10143)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7247582&isnumber=7247062
A. Xu, X. Feng and Y. Tian, “Revealing, Characterizing, and Detecting Crowdsourcing Spammers: A Case Study in Community Q&A,” 2015 IEEE Conference on Computer Communications (INFOCOM), Kowloon, 2015, pp. 2533-2541. doi: 10.1109/INFOCOM.2015.7218643
Abstract: Crowdsourcing services have emerged and become popular on the Internet in recent years. However, evidence shows that crowdsourcing can be maliciously manipulated. In this paper, we focus on the “dark side” of the crowdsourcing services. More specifically, we investigate the spam campaigns that are originated and orchestrated on a large Chinese-based crowdsourcing website, namely ZhuBaJie.com, and track the crowd workers to their spamming behaviors on Baidu Zhidao, the largest community-based question answering (QA) site in China. By linking the spam campaigns, workers, spammer accounts, and spamming behaviors together, we are able to reveal the entire ecosystem that underlies the crowdsourcing spam attacks. We present a comprehensive and insightful analysis of the ecosystem from multiple perspectives, including the scale and scope of the spam attacks, Sybil accounts and colluding strategy employed by the spammers, workers' efforts and monetary rewards, and quality control performed by the spam campaigners, etc. We also analyze the behavioral discrepancies between the spammer accounts and the legitimate users in community QA, and present methodologies for detecting the spammers based on our understandings on the crowdsourcing spam ecosystem.
Keywords: Internet; Web sites; outsourcing; security of data; unsolicited e-mail; Baidu Zhidao; China; Chinese-based crowdsourcing Website; Sybil accounts; ZhuBaJie.com; community Q&A; community-based question answering site; crowd workers; crowdsourcing services; crowdsourcing spam attacks; crowdsourcing spammer characterization; crowdsourcing spammer detection; quality control; spam campaigns; spammer accounts; spamming behaviors; Computers; Conferences; Crowdsourcing; Ecosystems; Knowledge discovery; Unsolicited electronic mail (ID#: 16-10144)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218643&isnumber=7218353
D. U. S. Rajkumar and R. Vayanaperumal, “A Leader Based Intrusion Detection System for Preventing Intruder in Heterogeneous Wireless Sensor Network,” 2015 IEEE Bombay Section Symposium (IBSS), Mumbai, India, 2015, pp. 1-6. doi: 10.1109/IBSS.2015.7456671
Abstract: Nowadays communication and data transmission among various heterogeneous networks is growing speedily and drastically. More number of heterogeneous networks are created and deployed by government as well as by private firms. Due to the distance, mobility, behavior of nodes in the networks and dynamic in nature, it is essential to provide security for all the networks separately or distributed. Various existing approaches discuss about the security issues and challenges for heterogeneous networks. In this paper a Leader Based Intrusion Detection System [LBIDS] is proposed to detect and prevent DOS as well as other attacks such as Sybil and Sinkhole in the networks by deploying the Leader Based Intrusion Detection System into access points in the networks. The proposed approach utilizes three core security challenges such as Authentication, positive incentive provision and preventing DOS. In addition to that it will do packet verification and IP verification for improving the efficiency in terms of detection and prevention against attacks in heterogeneous networks. The simulation of our proposed approach is carried out in NS2 software and the results were given.
Keywords: computer network security; message authentication; wireless sensor networks; DOS prevention; IP verification; LBIDS; NS2 software; Sinkhole; Sybil; access points; authentication; data transmission; heterogeneous wireless sensor network; intruder prevention; leader based intrusion detection system; packet verification; positive incentive provision; private firms; Authentication; Heterogeneous networks; Intrusion detection; Routing; Sensors; Wireless sensor networks; Heterogeneous Networks; Intrusion Detection System; Leader Based Intrusion Detection System; Wireless Sensor Network (ID#: 16-10145)
URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7456671&isnumber=7456621
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.