Search

Your search keyword '"TELECOMMUNICATION security"' showing total 36 results
Start Over Descriptor "TELECOMMUNICATION security" Database OAIster
36 results on '"TELECOMMUNICATION security"'

1. Cybersecurity considerations for communication based train control

Author

Soderi, S. (S.), Masti, D. (D.), Hämäläinen, M. (M.), Iinatti, J. (J.), Soderi, S. (S.), Masti, D. (D.), Hämäläinen, M. (M.), and Iinatti, J. (J.)

Abstract

The CENELEC TS 50701 is the first encompassing standard aiming at governing cybersecurity risk management processes within the railway industry. Although the technical maturity of this framework is undeniable, its application in practical projects is still an active field of discussion among practitioners, especially when dealing the communication-heavy subsystems. Among such subsystems, signaling is among the most critical ones. Both Communication-based Train Control (CBTC) and European Railway Traffic Management Systems (ERTMS) heavily rely on wireless communications for their operation. This paper describes two cybersecurity attack scenarios regarding wireless communications for CBTCs that can impact the safety of these systems using the lens of the framework provided by the novel CENELEC TS 50701. In doing so, we discuss the implications of using such guidance, especially concerning the different interpretations found in the literature regarding zoning communication systems, to assess and mitigate the cybersecurity risk and improve the posture of CBTC systems concerning the examined attacks. Experimental tests conducted in controlled laboratory environments and high fidelity simulations have been conducted to support the cybersecurity analysis.

Published
2023

2. Stability‐guaranteed dynamic ElGamal cryptosystem for encrypted control systems

Author

Kaoru, Teranishi, Naoki, Shimada, Kiminao, Kogiso, Kaoru, Teranishi, Naoki, Shimada, and Kiminao, Kogiso

Abstract

Despite the importance of cyber-security for networked control systems, no suitable cryptosystem exists for networked control systems that guarantees stability and has low computational complexity. This study proposes a novel dynamic ElGamal cryptosystem for encrypted control systems. The proposed cryptosystem is a multiplicative homomorphic cryptosystem, and it updates key pairs and ciphertexts by simple updating rules with modulo operations at every sampling period. Furthermore, the authors modify the proposed cryptosystem by using a dynamic encoder and decoder so that the asymptotic stability of the encrypted control systems is guaranteed. Numerical simulations demonstrate that the encrypted controller with the proposed cryptosystem achieves asymptotic stability while randomly updating key pairs and ciphertexts. The feasibility of the proposed encrypted control system is evaluated through regulation control with a positioning table testbed. The processing time of the proposed encrypted control system is on the order of milliseconds, indicating that the system achieves real-time control., source:https://doi.org/10.1049/iet-cta.2019.0729

Published
2021

3. Polar coding for the wiretap broadcast channel with multiple messages

Author

Universitat Politècnica de Catalunya. Doctorat en Teoria del Senyal i Comunicacions, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Universitat Politècnica de Catalunya. SPCOM - Grup de Recerca de Processament del Senyal i Comunicacions, Olmo Alòs, Jaume del, Rodríguez Fonollosa, Javier, Universitat Politècnica de Catalunya. Doctorat en Teoria del Senyal i Comunicacions, Universitat Politècnica de Catalunya. Departament de Teoria del Senyal i Comunicacions, Universitat Politècnica de Catalunya. SPCOM - Grup de Recerca de Processament del Senyal i Comunicacions, Olmo Alòs, Jaume del, and Rodríguez Fonollosa, Javier

Abstract

© 2020 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes,creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works., A polar coding scheme is proposed for the Wiretap Broadcast Channel with two legitimate receivers and one eaves-dropper. We consider a model in which the transmitter wishes to to reliably send different confidential and private messages to the different legitimate receivers, and the confidential message must also be (strongly) secured from the eavesdropper. There are two different inner-bounds on the achievable region of this model in the literature. Both are characterized by using Marton's coding and the only difference between them is the decoding strategy: one is characterized by using joint decoding, while the other uses successive decoding. In this paper we present a polar coding scheme that achieves the larger inner-bound, and we show that polar-based joint decoding is crucial for this purpose., This work has been funded by the AEI of Ministerio de Ciencia, Innovación y Universidades of Spain, TEC2016-75067-C4-2-R, RED2018-102668-T with ESF and PID2019-104958RB-C41 and Dept. d’Empresa i Coneixement de la Generalitat de Catalunya, 2017 SGR 578 AGAUR and 001-P-001644 QuantumCAT with ERDF., Peer Reviewed, Postprint (author's final draft)

Published
2020

4. Multi-location virtual smart grid laboratory with testbed for analysis of secure communication and remote co-simulation : concept and application to integration of Berlin, Stockholm, Helsinki

Author

Wiezorek, Christian, Parisio, Alessandra, Kyntaja, Timo, Elo, Joonas, Gronau, Markus, Johannson, Karl Henrik, Strunz, Kai, Wiezorek, Christian, Parisio, Alessandra, Kyntaja, Timo, Elo, Joonas, Gronau, Markus, Johannson, Karl Henrik, and Strunz, Kai

Abstract

The process of advancement and validation of smart grid technologies and systems calls for the availability of diverse expertise and resources. In response to this consideration, the virtual smart grid laboratory (VSGL) was developed as described in this study. At the core of the VSGL is a novel communication platform for seamlessly connecting geographically distributed laboratories with distinct competences. The platform has the dual purpose of opening access to resources of remote partner laboratory sites and offering the capability to emulate, analyse, and test smart grid communication networks involved in linking the distributed laboratory resources. The VSGL implementation is validated through a use case, in which the resources of R&D laboratories in three European countries are connected to form an aggregated system of distributed energy resources. The operation of the latter was coordinated through an energy management system based on model predictive control (MPC). The VSGL was found to be very suitable to meet the communication-specific requirements of such type of study. In addition, for this particular case the effectiveness of the MPC subject to diverse implementations of communication links was substantiated., QC 20190211

Published
2017
Full Text
View/download PDF

5. The hidden mailman and his mailbag : Routing path analysis from a European perspective

Author

Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, Carlsson, Niklas, Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, and Carlsson, Niklas

Abstract

The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

Published
2017
Full Text
View/download PDF

6. The hidden mailman and his mailbag : Routing path analysis from a European perspective

Author

Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, Carlsson, Niklas, Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, and Carlsson, Niklas

Abstract

The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

Published
2017
Full Text
View/download PDF

7. The hidden mailman and his mailbag : Routing path analysis from a European perspective

Author

Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, Carlsson, Niklas, Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, and Carlsson, Niklas

Abstract

The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

Published
2017
Full Text
View/download PDF

8. The hidden mailman and his mailbag : Routing path analysis from a European perspective

Author

Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, Carlsson, Niklas, Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, and Carlsson, Niklas

Abstract

The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

Published
2017
Full Text
View/download PDF

9. The hidden mailman and his mailbag : Routing path analysis from a European perspective

Author

Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, Carlsson, Niklas, Gustafsson, Josef, Hiran, Rahul, Krishnamoorthi, Vengatanathan, and Carlsson, Niklas

Abstract

The postal system is often used as an analogy when describing Internet routing. However, in addition to similarities, there are some significant differences. First, and most importantly, the Autonomous Systems (ASes) that operate the routers along the end-to-end path of a packet can often inspect and manipulate the packet and its content. Second, due to lack of secure routing mechanisms, packet paths can be diverted through additional non-trusted ASes. Although we often know the first network we connect through and the service that we access, we seldom know the networks that forward our packets. We can think of these networks as hidden mailmen. To better understand these networks and their potential access to information, we characterize the ASes along the paths of typical Internet packets between European example clients and the most popular web domains. We also identify ASes and countries with higher path coverage and investigate if there are differences in the HTTPS usage among paths that may take additional detours. Our results highlight the role played by North American (typically US-based) ASes and glean insights into how vulnerable the detoured traffic is to man-in-the-middle attacks compared to regular traffic.

Published
2017
Full Text
View/download PDF

10. Application of dynamic programming in planning costs of telecommunication security operations to provide aid to civilian authorities

Author

Mihajlović, Milan, Karović, Samed, Ristić, Slobodan, Radovanović, Goran, Mihajlović, Milan, Karović, Samed, Ristić, Slobodan, and Radovanović, Goran

Abstract

The problem in planning costs of an operation, i.e., the problem of determining an optimal capacity of units used in time is a highly complex problem whose solution can be obtained in different ways, depending on what is taken as an optimality criterion and the types of limiting factors that are present during an operation's realization. The main goal of this paper is to show the practical application of dynamic programming with the aim of improving planning and organizing forces and costs during the realization of the Serbian army's third mission. Data on the use of Serbian Military's units after the earthquake in the area of Kraljevo in 2010 were analysed. The paper covers the use of dynamic programming, namely, the complex optimization problem of using military units, which depends on a large number of variables and can be extremely difficult to solve, is disassembled into several smaller partial problems that depend on one variable and are simpler to solve. The model of using the military is based on mission usage and represented as one of possible scenarios of natural disasters that engulfed a part of the Serbian territory.

Published
2016

11. A Random Access Procedure Based on Tunable Puzzles

Author

Näslund, Mats, Dubrova, Elena, Selander, Göran, Lindqvist, Fredrik, Näslund, Mats, Dubrova, Elena, Selander, Göran, and Lindqvist, Fredrik

Abstract

In a radio network, a denial-of-service attack or an attach storm after a temporary outage may cause severe access network overload. Unavailability of radio network services for its subscribing users causes dissatisfaction among the users and should be prevented. The problem is likely to become even more acute with the growth of Internet-of-Things applications that are expected to support critical infrastructure. In this paper, we present a new random access procedure based on tunable puzzles. Tunable puzzles provide the means to balance the load on the access network, prioritize certain devices, and localize radio resources for subsequent transmissions. By tuning the difficulty of puzzles, a base station can control the period of time before a device can send its next message. The prioritization by means of puzzles creates considerably less extra load on the base station compared to other alternatives, e.g. by using authentication. Encoding of radio resources in the puzzle solution enables a more efficient use of communication and processing resources. In addition, it gives malicious devices no incentive to guess the solution, since any solution other than the intended one fails to convey the information enabling the device to proceed further., QC 20160414

Published
2015
Full Text
View/download PDF

12. Certain aspects of provoding use of police units in actions of protection and rescuing in case of natural disasters

Author

Milojković, Boban, Milojević, Saša, Vučković, Goran, Janković, Bojan, Gligorijević, Milan, Jokić, Nebojša, Milojković, Boban, Milojević, Saša, Vučković, Goran, Janković, Bojan, Gligorijević, Milan, and Jokić, Nebojša

Abstract

Police officers represent significant and very respectable force of the system for protection and rescue of people, material and cultural values from consequences caused by natural disasters. Effectiveness and efficiency of police forces depend on various factors, such as degree of abruptness, type, scale, intensity, phase and consequences of natural disaster, quality of training and equipping police officers, availability of response action plans and stable financial resources. However, experiences of the police in protection and rescue actions during the floods in May 2014, led to importance of exploring visibly present but not sufficiently explained theoretical aspects of the use of police units during natural disasters of catastrophic proportions. Regarding this, the paper elaborates the issues concerning organization and functioning of telecommunications and geo topographic ensuring use of police units in actions of protection and rescue during catastrophic floods on examples from Obrenovac and Šabac. At the end of the paper, the concrete suggestions for improving the treated issues are given.

Published
2015

13. Route leak identification: a step toward making inter-domain routing more reliable

Author

Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. ANA - Grup d'Arquitectures Avançades de Xarxes, Siddiqui, Muhammad Shuaib, Montero, D., Yannuzzi, Marcelo, Serral Gracià, René, Masip Bruin, Xavier, Universitat Politècnica de Catalunya. Departament d'Arquitectura de Computadors, Universitat Politècnica de Catalunya. ANA - Grup d'Arquitectures Avançades de Xarxes, Siddiqui, Muhammad Shuaib, Montero, D., Yannuzzi, Marcelo, Serral Gracià, René, and Masip Bruin, Xavier

Abstract

Route leaks are one of the anomalies of inter-domain routing that have the capacity to produce large Internet service disruptions. Route leaks are caused because of violation of routing policies among Autonomous Systems. Unfortunately, there are not many studies that formally and thoroughly analyze the route leak problem. There exist few conventional solutions that can be used as a first line of defense, such as route filters. However, these palliatives become unfeasible in terms of scalability, mainly due to the administrative overhead and cost of maintaining the filters updated. As a result, a significant part of the Internet is defenseless against route leak attacks. In this paper, we define, describe, and examine the different types of route leaks that threaten the security and reliability of the routing system. Our main contributions can be summarized as follows. We develop a rather basic theoretical framework, which, under realistic assumptions, enables a domain to autonomously determine if a particular route advertisement received corresponds to a route leak. We reason the possible occurrence of route leaks in different scenarios, with the aim of formulating requirements for their identification, and hence thereof prevention to improve routing reliability, Peer Reviewed, Postprint (published version)

Published
2014

14. Energy-efficient physical layer packet authenticator for machine-to-machine networks

Author

Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Universitat Politècnica de Catalunya. SERTEL - Serveis Telemàtics, Bartoli, Andrea, Hernández Serrano, Juan, León Abarca, Olga, Kountouris, Apostolous, Barthel, Dominique, Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Universitat Politècnica de Catalunya. SERTEL - Serveis Telemàtics, Bartoli, Andrea, Hernández Serrano, Juan, León Abarca, Olga, Kountouris, Apostolous, and Barthel, Dominique

Abstract

Machine-to-machine networks are spreading over every sector of our society due to their self-organisation capabilities. In these networks, thousands of devices are left unattended for years of operation without the possibility of human intervention. In this sense, every step forward into avoiding early exhaustion of the network nodes is of paramount importance. We have introduced a novel authentication scheme that is able to discard non-intended and/or non-legitimate packets just after the reception of the physical preamble. This proposal was shown to yield enormous energy saving with regard to both node exhaustion attacks and normal network operation. In this paper, we extend that work with a novel synchronisation protocol that addresses previous desynchronisation issues. Besides, we analyse and propose the more appropriate deployment parameters that maximise the overall energy savings. We also detail the necessary key generation and key updating processes required to manage the in use keying material. Moreover, we show how to fit the proposed mechanism into the IEEE 802.15.4e amendment to the IEEE 802.15.4-2006 standard, as many companies have decide to go for this technology for the development of machine-to-machine networks, Peer Reviewed, Postprint (published version)

Published
2013

15. Secure Neighbor Position Discovery in Vehicular Networks

Author

Fiore, M., Casetti, C., Chiasserini, C. -F, Papadimitratos, Panos, Fiore, M., Casetti, C., Chiasserini, C. -F, and Papadimitratos, Panos

Abstract

In vehicular ad hoc networks, knowledge of neighbor positions is a requirement in a number of important tasks. However, distributed techniques to perform secure neighbor position discovery, suitable for highly mobile ad hoc environments, are missing. In this paper, we address this need by proposing a lightweight distributed protocol that relies only on information exchange among neighbors, without any need of a-priori trustworthy nodes. We present a detailed security analysis of our protocol in presence of one or multiple adversaries, and we evaluate its performance in a realistic vehicular environment., QC 20120220

Published
2011
Full Text
View/download PDF

16. Secure lossless aggregation for Smart Grid M2M networks

Author

Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Universitat Politècnica de Catalunya. SERTEL - Serveis Telemàtics, Bartoli, Andrea, Hernández Serrano, Juan, Soriano Ibáñez, Miguel, Dohler, Mischa, Kountouris, Apostolous, Barthel, Dominique, Universitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica, Universitat Politècnica de Catalunya. SERTEL - Serveis Telemàtics, Bartoli, Andrea, Hernández Serrano, Juan, Soriano Ibáñez, Miguel, Dohler, Mischa, Kountouris, Apostolous, and Barthel, Dominique

Abstract

Whilst security is generally perceived as an important constituent of communication systems, this paper offers a viable security-communication-tradeoff particularly tailored to Advanced Metering Infrastructures (AMIs) in Smart Grid systems. These systems, often composed of embedded nodes with highly constrained resources, require e.g. metering data to be delivered efficiently whilst neither jeopardizing communication nor security. Data aggregation is a natural choice in such settings, where the challenge is to facilitate per-hop as well as end-to-end security. The prime contribution of this paper is to propose a secure aggregation protocol that meets the requirements of Smart Grids, and to analyze its efficiency considering various system configurations as well as the impact of the wireless channel through packet error rates. Relying on analysis and corroborative simulations, unprecedented design guidelines are derived which determine the operational point beyond which aggregation is useful as well quantifying the superiority of our protocol w.r.t. non-aggregated solutions., Postprint (published version)

Published
2010

17. P-CDN: Extending access control capabilities of P2P systems to provide CDN services

Author

Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, Bertino, Elisa, Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, and Bertino, Elisa

Abstract

New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent) from the owners of the resources used to offer such services. In comparison to centralized servers, P2P systems can conveniently offer higher availability and more bandwidth as they harness the computing and network resources of thousands of hosts in a decentralized fashion. Despite these useful features and their success in the research community, P2P systems are still not very popular in the business world. The main reason for such a skepticism is their lack of proper security. In this paper, we address this issue by motivating and explaining the benefits of adding access control in P2P systems to make them more suitable and flexible as a technical platform for providing third party services. We propose an architecture augmented with access control mechanisms to enable content delivery on a P2P system. The proposed architecture is shaped according to CDN requirements. We have also tested the feasibility of our approach with a prototype implementation and the preliminary results show that our system can scale well also in the presence of very large number of policies.

Published
2008

18. P-CDN: Extending access control capabilities of P2P systems to provide CDN services

Author

Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, Bertino, Elisa, Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, and Bertino, Elisa

Abstract

New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent) from the owners of the resources used to offer such services. In comparison to centralized servers, P2P systems can conveniently offer higher availability and more bandwidth as they harness the computing and network resources of thousands of hosts in a decentralized fashion. Despite these useful features and their success in the research community, P2P systems are still not very popular in the business world. The main reason for such a skepticism is their lack of proper security. In this paper, we address this issue by motivating and explaining the benefits of adding access control in P2P systems to make them more suitable and flexible as a technical platform for providing third party services. We propose an architecture augmented with access control mechanisms to enable content delivery on a P2P system. The proposed architecture is shaped according to CDN requirements. We have also tested the feasibility of our approach with a prototype implementation and the preliminary results show that our system can scale well also in the presence of very large number of policies.

Published
2008

19. P-CDN: Extending access control capabilities of P2P systems to provide CDN services

Author

Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, Bertino, Elisa, Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, and Bertino, Elisa

Abstract

New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent) from the owners of the resources used to offer such services. In comparison to centralized servers, P2P systems can conveniently offer higher availability and more bandwidth as they harness the computing and network resources of thousands of hosts in a decentralized fashion. Despite these useful features and their success in the research community, P2P systems are still not very popular in the business world. The main reason for such a skepticism is their lack of proper security. In this paper, we address this issue by motivating and explaining the benefits of adding access control in P2P systems to make them more suitable and flexible as a technical platform for providing third party services. We propose an architecture augmented with access control mechanisms to enable content delivery on a P2P system. The proposed architecture is shaped according to CDN requirements. We have also tested the feasibility of our approach with a prototype implementation and the preliminary results show that our system can scale well also in the presence of very large number of policies.

Published
2008

20. P-CDN: Extending access control capabilities of P2P systems to provide CDN services

Author

Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, Bertino, Elisa, Turkmen, Fatih, Mazzoleni, Pietro, Crispo, Bruno, and Bertino, Elisa

Abstract

New important emerging business paradigms, such as ldquoservice virtualizationrdquo can be made easy and convenient by the use of P2P systems. In these paradigms, often the owners of the services are different (and independent) from the owners of the resources used to offer such services. In comparison to centralized servers, P2P systems can conveniently offer higher availability and more bandwidth as they harness the computing and network resources of thousands of hosts in a decentralized fashion. Despite these useful features and their success in the research community, P2P systems are still not very popular in the business world. The main reason for such a skepticism is their lack of proper security. In this paper, we address this issue by motivating and explaining the benefits of adding access control in P2P systems to make them more suitable and flexible as a technical platform for providing third party services. We propose an architecture augmented with access control mechanisms to enable content delivery on a P2P system. The proposed architecture is shaped according to CDN requirements. We have also tested the feasibility of our approach with a prototype implementation and the preliminary results show that our system can scale well also in the presence of very large number of policies.

Published
2008

21. Wireless sensor networks for intrusion detection: packet traffic modeling

Author

Universitat Politècnica de Catalunya. Departament d'Enginyeria Minera, Industrial i TIC, Universitat Politècnica de Catalunya. WNG - Grup de xarxes sense fils, Demirkol, Ilker Seyfettin, Alagoz, Fatih, Delic, Hakan, Ersoy, Cem, Universitat Politècnica de Catalunya. Departament d'Enginyeria Minera, Industrial i TIC, Universitat Politècnica de Catalunya. WNG - Grup de xarxes sense fils, Demirkol, Ilker Seyfettin, Alagoz, Fatih, Delic, Hakan, and Ersoy, Cem

Abstract

Performance evaluation of wireless sensor network (WSN) protocols requires realistic data traffic models since most of the WSNs are application specific. In this letter, a sensor network packet traffic model is derived and analyzed for intrusion detection applications. Presented analytical work is also validated using simulations., Peer Reviewed, Postprint (published version)

Published
2006

22. A defense system against DDoS attacks by large-scale IP traceback

Author

He, X., Hintz, T., Piccardi, M., Wu, Q., Huang, M., Tien, D., Xiang, Yang, Zhou, Wanlei, He, X., Hintz, T., Piccardi, M., Wu, Q., Huang, M., Tien, D., Xiang, Yang, and Zhou, Wanlei

Abstract

In this paper, we present a new approach, called Flexible Deterministic Packet Marking (FDPM), to perform a large-scale IP traceback to defend against Distributed Denial of Service (DDoS) attacks. In a DDoS attack the victim host or network is usually attacked by a large number of spoofed IP packets coming from multiple sources. IP traceback is the ability to trace the IP packets to their sources without relying on the source address field of the IP header. FDPM provides many flexible features to trace the IP packets and can obtain better tracing capability than current IP traceback mechanisms, such as Probabilistic Packet Marking (PPM), and Deterministic Packet Marking (DPM). The flexibilities of FDPM are in two ways, one is that it can adjust the length of marking field according to the network protocols deployed; the other is that it can adjust the marking rate according to the load of participating routers. The implementation and evaluation demonstrates that the FDPM needs moderately only a small number of packets to complete the traceback process; and can successfully perform a large-scale IP traceback, for example, trace up to 110,000 sources in a single incident response. It has a built-in overload prevention mechanism, therefore this scheme can perform a good traceback process even it is heavily loaded.

Published
2005

29. RBWA : an efficient random-bit window-based authentication protocol

Author

Zhao, Fan, Shin, Yongjoo, Wu, Felix, Johnson, Henric, Nilsson, Arne A., Zhao, Fan, Shin, Yongjoo, Wu, Felix, Johnson, Henric, and Nilsson, Arne A.

Abstract

Given the wide and rapid depolyment of "visitor networks", how to authenticate the user and account the usage on the per-packet basis securely and yet efficiently is still a challenging problem. In this paper, we explore the tradoff between performance and security, and propose a per-data-packet authentication and access control called RBWA (Random Bit Window based Authentication). Deployed in the IP layer, RBWA can work with various underlying link layer specific mechanisms and network topologies. And comparing to IPSec, it dramatically reduces the overhead and power consumption by adding only a few bits to each packet. Furthermore, RBWA is strong against a suite of attacks such as replay attack, Denial-of-Service attack and spoofing etc. In particular, a robust anti-replay window scheme is developed to counter the svere packet reordering. The performance of RBWA is evaluated via the simulation.

Published
2003

36. Secrecy transmission capacity of decentralized wireless networks

Author

Ganti, Radha Krishna, Andrews, Jeffrey G, Hjørungnes, Are, Zhou, Xiangyun, Ganti, Radha Krishna, Andrews, Jeffrey G, Hjørungnes, Are, and Zhou, Xiangyun

Abstract

Secure communication over large-scale decentralized wireless networks is an extremely challenging task due to the cost and difficulty in establishing secret keys among all the nodes in a distributed manner. For this reason, the notion of physical layer security has recently drawn significant attention, which may assist with key exchange and provide an additional layer of protection in such networks. In this paper, we investigate how the physical layer security constraints affect the network throughput. We consider a random network in which the legitimate and eavesdropper nodes are located according to independent Poisson point processes. We introduce a new metric "secrecy transmission capacity" to characterize the network throughput in terms of the area spectral efficiency of secure transmissions, subject to constraints on both the quality of service and the level of security. This capacity framework allows us to quantitatively study the throughput cost of physical layer security constraints. We observe that the throughput cost of achieving a moderate level of security is quite low, while throughput must be significantly sacrificed to realize a highly secure network.

Catalog

Books, media, physical & digital resources
See catalog results