Wearables Security 2022 - Mobile devices such as smartphones are increasingly being used to record personal, delicate, and security information such as images, emails, and payment information due to the growth of wearable computing. It is becoming more vital to employ smartphone sensor-based identification to safeguard this kind of information from unwanted parties. In this study, we propose a sensor-based user identification approach based on individual walking patterns and use the sensors that are pervasively embedded into smartphones to accomplish this. Individuals were identified using a convolutional neural network (CNN). Four data augmentation methods were utilized to produce synthetically more data. These approaches included jittering, scaling, and time-warping. We evaluate the proposed identification model’s accuracy, precision, recall, F1-score, FAR, and FRR utilizing a publicly accessible dataset named the UIWADS dataset. As shown by the experiment findings, the CNN with the timewarping approach operates with very high accuracy in user identification, with the lowest false positive rate of 8.80\% and the most incredible accuracy of 92.7\%.
Authored by Sakorn Mekruksavanich, Ponnipa Jantawong, Anuchit Jitpattanakul
Named Data Network Security - Design of the English APP security verification framework based on fusion IP-Address-MAC data features is studied in the paper. APP is named the client application, including third-party applications on PCs and mobile terminals, that is, smartphones. At present, Praat has become a software commonly used by researchers in the world of experimental phonetics, linguistics, language investigation, language processing and other related fields. Under this background, our target is selected to be the English AP. For the design of the framework, node forms a corresponding topology table according to the neighbor list detected by itself and the topology information obtained from the received TC message. To deal with the challenge of the high robustness, the IP and MAC data analysis are both considered. Through the data collection, processing and the further fusion, the comprehensive system is implemented. The proposed model is tested under different testing scenarios.
Authored by Jinxun Yu, Kai Xia
Named Data Network Security - Internet of Things (IoT) is becoming an important approach to accomplish healthcare monitoring where critical medical data retrieval is essential in a secure and private manner. Nevertheless, IoT devices have constrained resources. Therefore, acquisition of efficient, secure and private data is very challenging. The current research on applying architecture of Named Data Networking (NDN) to IoT design reveals very promising results. Therefore, we are motivated to combine NDN and IoT, which we call NDN-IoT architecture, for a healthcare application. Inspired by the idea, we propose a healthcare monitoring groundwork integrating NDN concepts into IoT in Contiki NG OS at the network layer that we call µNDN as it is a micro and light-weight implementation. We quantitatively explore the usage of the NDN-IoT approach to understand its efficiency for medical data retrieval. Reliability and delay performances were evaluated and analyzed for a remote health application. Our results, in this study, show that the µNDN architecture performs better than IP architecture when retrieving medical data. Thus, it is worth exploring the µNDN architecture further.
Authored by Alper Demir, Gokce Manap
Named Data Network Security - This article provides an overview of the security of VANET, which is a vehicle network. When reviewing this topic, publications of various researchers were considered. The article provides information security requirements for VANET, an overview of security research, an overview of existing attacks, methods for detecting attacks and appropriate countermeasures against such threats.
Authored by Halimjon Khujamatov, Amir Lazarev, Nurshod Akhmedov, Nurbek Asenbaev, Aybek Bekturdiev
Named Data Network Security - In networking, the data transmission rate is the coreelement to measure the network performance capability. A stable network infrastructure should support high transmission capacity with guaranteed network quality. In Named Data Networking (NDN), the performance of producer has been a hot topic to be discussed due to its transmission challenges. Hence in this paper, an analysis of transmission delay for single and multiple producers are discussed in detail. The simulation of network transmission delay for single producer and multiple producers is carried out using ndnSIM simulator. The factors that impacting network transmissions, such as sequence number and retransmission times are highlighted. The simulation results provide acceptable data to assist the development of more complextopology for NDN producers.
Authored by Zhang Wenhua, Wan Azamuddin, Azana Aman
Named Data Network Security - This research focuses on the interest flooding attack model and its impact on the consumer in the Named Data Networking (NDN) architecture. NDN is a future internet network architecture has advantages compared to the current internet architecture. The NDN communication model changes the communication paradigm from a packet delivery model based on IP addresses to names. Data content needed is not directly taken from the provider but stored in a distributed manner on the router. Other consumer request data can served by nearest router. It will increase the speed of data access and reduce delay. The changes communication model also have an impact on the existing security system. One attack that may occur is the threat of a denial of service (DoS) known as an interest flooding attack. This attack makes the network services are being unavailable. This paper discussed examining the interest flooding attack model that occurred and its impact on the performance of NDN. The result shows that interest flooding attacks can decrease consumer satisfied interest.
Authored by Jupriyadi, Syaiful Ahdan, Adi Sucipto, Eki Hamidi, Hasan Arifin, Nana Syambas
Named Data Network Security - Named Data Networking (NDN) is a network with a future internet architecture that changes the point of view in networking from host-centric to data-centric. Named data networking provides a network system where the routing system is no longer dependent on traditional IP. Network packets are routed through nodes by name. When many manufacturers produce packages with different names for several consumers, routing with load balancing is necessary. The case study carried out is to conduct a simulation by connecting all UIN campuses into a topology with the name UIN Topology in Indonesia, using several scenarios to describe the effectiveness of the load balancer on the UIN topology in Indonesia. This study focuses on load balancer applications to reduce delays in Named Data Networking (NDN), the topology of UIN in Indonesia.
Authored by Eki Hamidi, Syaiful Ahdan, Jupriyadi, Adi Sucinto, Hasan Arifin, Nana Syambas
Named Data Network Security - The concept of the internet in the future will prioritize content, by reducing delays in data transmission. Named Data Networking (NDN) is a content-based future internet concept that changes the paradigm of using IP. Inside the NDN router, there are three data structures, namely Content Store (CS), Pending Interest Table (PIT), and Forwarding Information Base (FIB). Pending Interest Table (PIT) contains a list of unfulfilled interests. This condition occurs when the node has not received a response after the interest forwarding process. Measurable and fast PIT performance is a challenge in Named Data Networks. In this study, we will try to do a simulation to measure and analyze the performance of PIT in NDN in the Palapa Ring topology. The research was conducted using the NDNSim simulator, to see the performance in the PIT. The simulation and analysis of the results show that the granularity of a prefix has an effect on In Satisfied Interest in an NDN network. At the number of interests of 100, the result obtained from the simulation is that there is a decrease in the percentage of interest data served, amounting to more than 20\%. At the amount of interest in 1000 about more than 30\%. The length of the prefix and the number of interest sent by the consumer affect the performance of the PIT, seen from the number of In Satisfied Interests.
Authored by Adi Sucipto, Jupriyadi, Syaiful Ahdan, Hasan Arifin, Eki Hamidi, Nana Syambas
Named Data Network Security - With the growing recognition that current Internet protocols have significant security flaws; several ongoing research projects are attempting to design potential next-generation Internet architectures to eliminate flaws made in the past. These projects are attempting to address privacy and security as their essential parameters. NDN (Named Data Networking) is a new networking paradigm that is being investigated as a potential alternative for the present host-centric IP-based Internet architecture. It concentrates on content delivery, which is probably underserved by IP, and it prioritizes security and privacy. NDN must be resistant to present and upcoming threats in order to become a feasible Internet framework. DDoS (Distributed Denial of Service) attacks are serious attacks that have the potential to interrupt servers, systems, or application layers. Due to the probability of this attack, the network security environment is made susceptible. The resilience of any new architecture against the DDoS attacks which afflict today s Internet is a critical concern that demands comprehensive consideration. As a result, research on feature selection approaches was conducted in order to use machine learning techniques to identify DDoS attacks in NDN. In this research, features were chosen using the Information Gain and Data Reduction approach with the aid of the WEKA machine learning tool to identify DDoS attacks. The dataset was tested using KNearest Neighbor (KNN), Decision Table, and Artificial Neural Network (ANN) algorithms to categorize the selected features. Experimental results shows that Decision Table classifier outperforms well when compared to other classification algorithms with the with the accuracy of 85.42\% and obtained highest precision and recall score with 0.876 and 0.854 respectively when compared to the other classification techniques.
Authored by Subasri I, Emil R, Ramkumar P
Named Data Network Security - With the continuous development of network technology as well as science and technology, artificial intelligence technology and its related scientific and technological applications, in this process, were born. Among them, artificial intelligence technology has been widely used in information detection as well as data processing, and has remained one of the current hot research topics. Those research on artificial intelligence, recently, has focused on the application of network security processing of data as well as fault diagnosis and anomaly detection. This paper analyzes, aiming at the network security detection of students real name data, the relevant artificial intelligence technology and builds the model. In this process, this paper firstly introduces and analyzes some shortcomings of clustering algorithm as well as mean algorithm, and then proposes a cloning algorithm to obtain the global optimal solution. This paper, on this basis, constructs a network security model of student real name data information processing based on trust principle and trust model.
Authored by Wenyan Ye
Middleware Security - Online advertisements are a significant element of the Internet ecosystem. Businesses monitor their customers via pushing advertising (Ads). Within minutes, cybercriminals try to defraud and steal data through advertisements. Therefore, the issue of ads must be solved. Ads are obtrusive, a security risk, and they hinder performance and efficiency. Hence, the goal is to create an ad-blocker that would operate across the entire network and prevent advertisement on any website s web pages. To put it another way, it s a little computer with such a SoC (System - On - chip) also referred to as a Raspberry Pi that is merged with a networking system, for which we need to retrain the advertisements. On the home network, software named Pi Hole is used to block websites with advertisements. Any network traffic that passes via devices connected to the home network now passes through the Pi. As a result, the adverts are finally checked out during the Raspberry Pi before they reach the users machine and they will be blocked.
Authored by Harshal Sonawane, Manasi Patil, Shashank Patil, Uma Thakur, Bhavin Patil, Abha Marathe
Information Centric Networks - This paper proposes a Mobile IoT optimization method for Next-Generation networks by evaluating a series of named-based techniques implemented in Information-Centric Networking (ICN). The idea is based on the possibility to have a more suitable naming and forwarding mechanism to be implemented in IoT. The main advantage of the method is in achieving a higher success packet rate and data rate by following the proposed technique even when the device is mobile / roaming around. The proposed technique is utilizing a root prefix naming which allows faster process and dynamic increase for content waiting time in Pending Interest Table (PIT). To test the idea, a simulation is carried out by mimicking how IoT can be implemented, especially in smart cities, where a user can also travel and not be static. Results show that the proposed technique can achieve up to a 13\% interest success rate and an 18.7\% data rate increase compared to the well-known implementation algorithms. The findings allow for possible further cooperation of data security factors and ensuring energy reduction through leveraging more processes at the edge node.
Authored by Cutifa Safitri, Quang Nguyen, Media Ayu, Teddy Mantoro
With the rapid development of the Internet of Things (IoT), a large amount of data is exchanged between various communicating devices. Since the data should be communicated securely between the communicating devices, the network security is one of the dominant research areas for the 6LoWPAN IoT applications. Meanwhile, 6LoWPAN devices are vulnerable to attacks inherited from both the wireless sensor networks and the Internet protocols. Thus intrusion detection systems have become more and more critical and play a noteworthy role in improving the 6LoWPAN IoT networks. However, most intrusion detection systems focus on the attacked areas in the IoT networks instead of precisely on certain IoT nodes. This may lead more resources to further detect the compromised nodes or waste resources when detaching the whole attacked area. In this paper, we therefore proposed a new precisional detection strategy for 6LoWPAN Networks, named as PDS-6LoWPAN. In order to validate the strategy, we evaluate the performance and applicability of our solution with a thorough simulation by taking into account the detection accuracy and the detection response time.
Authored by Bacem Mbarek, Mouzhi Ge, Tomás Pitner
Advanced metamorphic malware and ransomware use techniques like obfuscation to alter their internal structure with every attack. Therefore, any signature extracted from such attack, and used to bolster endpoint defense, cannot avert subsequent attacks. Therefore, if even a single such malware intrudes even a single device of an IoT network, it will continue to infect the entire network. Scenarios where an entire network is targeted by a coordinated swarm of such malware is not beyond imagination. Therefore, the IoT era also requires Industry-4.0 grade AI-based solutions against such advanced attacks. But AI-based solutions need a large repository of data extracted from similar attacks to learn robust representations. Whereas, developing a metamorphic malware is a very complex task and requires extreme human ingenuity. Hence, there does not exist abundant metamorphic malware to train AI-based defensive solutions. Also, there is currently no system that could generate enough functionality preserving metamorphic variants of multiple malware to train AI-based defensive systems. Therefore, to this end, we design and develop a novel system, named X-Swarm. X-Swarm uses deep policy-based adversarial reinforcement learning to generate swarm of metamorphic instances of any malware by obfuscating them at the opcode level and ensuring that they could evade even capable, adversarial-attack immune endpoint defense systems.
Authored by Mohit Sewak, Sanjay Sahay, Hemant Rathore
Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an ’air-gap .’In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.
Authored by Mordechai Guri
Companies store increasing amounts of data, requiring the implementation of mechanisms to protect them from malicious people. There are techniques and procedures that aim to increase the security of computer systems, such as network protection services, firewalls. They are intended to filter packets that enter and leave a network. Its settings depend on security policies, which consist of documents that describe what is allowed to travel on the network and what is prohibited. The transcription of security policies into rules, written in native firewall language, that represent them, is the main source of errors in firewall configurations. In this work, concepts related to security between networks and firewalls are presented. Related works on security policies and their translations into firewall rules are also referenced. Furthermore, the developed tool, named Fireasy, is presented, which allows the modeling of security policies through graphic elements, and the maintenance of rules written in native firewall language, also representing them in graphic elements. Finally, a controlled experiment was conducted to validate the approach, which indicated, in addition to the correct functioning of the tool, an improvement in the translation of security policies into firewall rules using the tool. In the task of understanding firewall rules, there was a homogenization of the participants' performance when they used the tool.
Authored by Leandro Queiróz, Rogério Garcia, Danilo Eler, Ronaldo Correia
Global traffic data are proliferating, including in Indonesia. The number of internet users in Indonesia reached 205 million in January 2022. This data means that 73.7% of Indonesia’s population has used the internet. The median internet speed for mobile phones in Indonesia is 15.82 Mbps, while the median internet connection speed for Wi-Fi in Indonesia is 20.13 Mbps. As predicted by many, real-time traffic such as multimedia streaming dominates more than 79% of traffic on the internet network. This condition will be a severe challenge for the internet network, which is required to improve the Quality of Experience (QoE) for user mobility, such as reducing delay, data loss, and network costs. However, IP-based networks are no longer efficient at managing traffic. Named Data Network (NDN) is a promising technology for building an agile communication model that reduces delays through a distributed and adaptive name-based data delivery approach. NDN replaces the ‘where’ paradigm with the concept of ‘what’. User requests are no longer directed to a specific IP address but to specific content. This paradigm causes responses to content requests to be served by a specific server and can also be served by the closest device to the requested data. NDN router has CS to cache the data, significantly reducing delays and improving the internet network’s quality of Service (QoS). Motivated by this, in 2019, we began intensive research to achieve a national flagship product, an NDN router with different functions from ordinary IP routers. NDN routers have cache, forwarding, and routing functions that affect data security on name-based networks. Designing scalable NDN routers is a new challenge as NDN requires fast hierarchical name-based lookups, perpackage data field state updates, and large-scale forward tables. We have a research team that has conducted NDN research through simulation, emulation, and testbed approaches using virtual machines to get the best NDN router design before building a prototype. Research results from 2019 show that the performance of NDN-based networks is better than existing IP-based networks. The tests were carried out based on various scenarios on the Indonesian network topology using NDNsimulator, MATLAB, Mininet-NDN, and testbed using virtual machines. Various network performance parameters, such as delay, throughput, packet loss, resource utilization, header overhead, packet transmission, round trip time, and cache hit ratio, showed the best results compared to IP-based networks. In addition, NDN Testbed based on open source is free, and the flexibility of creating topology has also been successfully carried out. This testbed includes all the functions needed to run an NDN network. The resource capacity on the server used for this testbed is sufficient to run a reasonably complex topology. However, bugs are still found on the testbed, and some features still need improvement. The following exploration of the NDN testbed will run with more new strategy algorithms and add Artificial Intelligence (AI) to the NDN function. Using AI in cache and forwarding strategies can make the system more intelligent and precise in making decisions according to network conditions. It will be a step toward developing NDN router products by the Bandung Institute of Technology (ITB) Indonesia.
Authored by Nana Syambas, Tutun Juhana, Hendrawan, Eueung Mulyana, Ian Edward, Hamonangan Situmorang, Ratna Mayasari, Ridha Negara, Leanna Yovita, Tody Wibowo, Syaiful Ahdan, Galih Nurkahfi, Ade Nurhayati, Hafiz Mulya, Mochamad Budiana
Cloud security has become a serious challenge due to increasing number of attacks day-by-day. Intrusion Detection System (IDS) requires an efficient security model for improving security in the cloud. This paper proposes a game theory based model, named as Game Theory Cloud Security Deep Neural Network (GT-CSDNN) for security in cloud. The proposed model works with the Deep Neural Network (DNN) for classification of attack and normal data. The performance of the proposed model is evaluated with CICIDS-2018 dataset. The dataset is normalized and optimal points about normal and attack data are evaluated based on the Improved Whale Algorithm (IWA). The simulation results show that the proposed model exhibits improved performance as compared with existing techniques in terms of accuracy, precision, F-score, area under the curve, False Positive Rate (FPR) and detection rate.
Authored by Ashima Jain, Khushboo Tripathi, Aman Jatain, Manju Chaudhary
In covert communication systems, covert messages can be transmitted without being noticed by the monitors or adversaries. Therefore, the covert communication technology has emerged as a novel method for network authentication, copyright protection, and the evidence of cybercrimes. However, how to design the covert communication in the physical layer of wireless networks and how to improve the channel capacity for the covert communication systems are very challenging. In this paper, we propose a wireless covert communication system, where data streams from the antennas of the transmitter are coded according to a code book to transmit covert and public messages. We adopt a modulation scheme, named covert quadrature amplitude modulation (QAM), to modulate the messages, where the constellation of covert information bits deviates from its normal coordinates. Moreover, the covert receiver can detect the covert information bits according to the constellation departure. Simulation results show that proposed covert communication system can significantly improve the covert data rate and reduce the covert bit error rate, in comparison with the traditional covert communication systems.
Authored by Wei Li, Jie Liao, Yuwen Qian, Xiangwei Zhou, Yan Lin