| 1. |
- Babaheidarian, P., et al.
(författare)
-
Preserving confidentiality in the Gaussian broadcast channel using compute-and-forward
- 2017
-
Ingår i: 2017 51st Annual Conference on Information Sciences and Systems, CISS 2017. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781509047802
-
Konferensbidrag (refereegranskat)abstract
- We study the transmission of confidential messages across a wireless broadcast channel with K > 2 receivers and K helpers. The goal is to transmit all messages reliably to their intended receivers while keeping them confidential from the unintended receivers. We design a codebook based on nested lattice structure, cooperative jamming, lattice alignment, and i.i.d. coding. Moreover, we exploit the asymmetric compute-and-forward decoding strategy to handle finite SNR regimes. Unlike previous alignment schemes, our achievable rates are attainable at any finite SNR value. Also, we show that our scheme achieves the optimal sum secure degrees of freedom of 1 for the K-receiver Gaussian broadcast channel with K confidential messages and K helpers.
|
|
| 2. |
- Forsby, Filip, et al.
(författare)
-
Lightweight X.509 Digital Certificates for the Internet of Things
- 2018
-
Ingår i: Lect. Notes Inst. Comput. Sci. Soc. Informatics Telecommun. Eng.. - Cham : Springer International Publishing. - 9783319937960 ; , s. 123-133
-
Konferensbidrag (refereegranskat)abstract
- X.509 is the de facto digital certificate standard used in building the Public Key Infrastructure (PKI) on the Internet. However, traditional X.509 certificates are too heavy for battery powered or energy harvesting Internet of Things (IoT) devices where it is crucial that energy consumption and memory footprints are as minimal as possible. In this paper we propose, implement, and evaluate a lightweight digital certificate for resource-constrained IoT devices. We develop an X.509 profile for IoT including only the fields necessary for IoT devices, without compromising the certificate security. Furthermore, we also propose compression of the X.509 profiled fields using the contemporary CBOR encoding scheme. Most importantly, our solutions are compatible with the existing X.509 standard, meaning that our profiled and compressed X.509 certificates for IoT can be enrolled, verified and revoked without requiring modification in the existing X.509 standard and PKI implementations. We implement our solution in the Contiki OS and perform evaluation of our profiled and compressed certificates on a state-of-the-art IoT hardware.
|
|
| 3. |
- Gerami, Majid, et al.
(författare)
-
Optimal secure partial-repair in distributed storage systems
- 2017
-
Ingår i: 2017 51st Annual Conference on Information Sciences and Systems, CISS 2017. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781509047802
-
Konferensbidrag (refereegranskat)abstract
- Consider a distributed storage system where parts of the source file fragments in storage nodes are lost. We denote a storage node that lost a part of its fragments as a faulty storage node and a storage node that lost non of its fragment as a complete storage node. In a process, termed as partial repair, a set of storage nodes (among faulty and complete storage nodes) transmit repairing fragments to other faulty storage nodes to recover the lost fragments. We first investigate the optimal partial repair in which the required bandwidth for recovering the lost fragments is minimal. Next, we assume that an eavesdropper wiretaps a subset of links connecting storage nodes, and overhears a number of repairing fragments. We then study optimal secure partial-repair in which the partial-repair bandwidth is minimal and the eavesdropper obtains no information about the source file by overhearing the repairing fragments. We propose optimal secure codes for exact partial-repair in a special scenario.
|
|
| 4. |
- Gülgün, Ziya, 1992-, et al.
(författare)
-
Statistical method for spoofing detection at mobile GNSS receivers
- 2019
-
Ingår i: Proceedings of the International Symposium on Wireless Communication Systems. - : VDE Verlag GmbH. - 9781728125275 - 9781728125282 ; , s. 677-681
-
Konferensbidrag (refereegranskat)abstract
- We consider Global Navigation Satellite Systems (GNSS) spoofing attacks and devise a countermeasure appropriate for mobile GNSS receivers. Our approach is to design detectors that, operating after the signal acquisition, enable the victim receiver to determine with high probability whether it is under a spoofing attack. Namely, the binary hypothesis is that either the GNSS receiver tracks legitimate satellite signals, ℋ0, or spoofed signals, ℋ1. We estimate power and angle of arrival (AOA) of received signals. A key assumption on the attacker sophistication: Spoofed signals come from one signal source, typically the attacker radio, instead of multiple sources, the satellites, for legitimate signals. We analyze and compare the detectors performance and we derive some lower bounds on the estimation quality for unknown parameters. Based on the simulation results, the detectors can operate on low SNR that is applicable for GNSS.
|
|
| 5. |
- Islami, Lejla, et al.
(författare)
-
Capturing drivers' privacy preferences for intelligent transportation systems : An intercultural perspective
- 2022
-
Ingår i: Computers & security (Print). - : Elsevier BV. - 0167-4048 .- 1872-6208. ; 123, s. 102913-
-
Tidskriftsartikel (refereegranskat)abstract
- While recent research on intelligent transportation systems including vehicular communication systems has focused on technical aspects, little research work has been conducted on drivers' privacy perceptions and preferences. Understanding the driver's privacy perceptions and preferences will allow researchers to design usable privacy and identity management systems offering user privacy choices and controls for intelligent transportation systems. We conducted in-depth semi-structured interviews with 17 Swedish drivers to analyse their privacy perceptions and preferences for intelligent transportation systems, partic-ularly for user control and for privacy trade-offs with cost, safety and usability. We also compare our re-sults from the interviews with Swedish drivers with results from interviews that we conducted previously with South African drivers. Our cross-cultural comparison shows that perceived privacy implications, the drivers' willingness to share location information under certain conditions with other parties, as well as their appreciation of Privacy Enhancing Technologies differ significantly across drivers with different cultural backgrounds. We further discuss the cultural impact on privacy preferences, including those for privacy trade-offs, and the implications of our results for usable privacy-enhancing Identity Management for future vehicular communication systems. In particular, we provide recommendations for suitable pre-defined privacy options to be offered to users with different cultural backgrounds enabling them to easily make privacy-related control choices.
|
|
| 6. |
- Jin, Hongyu, et al.
(författare)
-
Resilient privacy protection for location-based services through decentralization
- 2019
-
Ingår i: ACM Transactions on Privacy and Security. - : Association for Computing Machinery. - 2471-2566 .- 2471-2574. ; 22:4
-
Tidskriftsartikel (refereegranskat)abstract
- Location-Based Services (LBSs) provide valuable services, with convenient features for mobile users. However, the location and other information disclosed through each query to the LBS erodes user privacy. This is a concern especially because LBS providers can be honest-but-curious, collecting queries and tracking users' whereabouts and infer sensitive user data. This motivated both centralized and decentralized location privacy protection schemes for LBSs: anonymizing and obfuscating LBS queries to not disclose exact information, while still getting useful responses. Decentralized schemes overcome disadvantages of centralized schemes, eliminating anonymizers, and enhancing users' control over sensitive information. However, an insecure decentralized system could create serious risks beyond private information leakage. More so, attacking an improperly designed decentralized LBS privacy protection scheme could be an effective and low-cost step to breach user privacy. We address exactly this problem, by proposing security enhancements for mobile data sharing systems. We protect user privacy while preserving accountability of user activities, leveraging pseudonymous authentication with mainstream cryptography. We show our scheme can be deployed with off-the-shelf devices based on an experimental evaluation of an implementation in a static automotive testbed.
|
|
| 7. |
- Poturalski, M., et al.
(författare)
-
Formal Analysis of Secure Neighbor Discovery in Wireless Networks
- 2013
-
Ingår i: IEEE Transactions on Dependable and Secure Computing. - 1545-5971 .- 1941-0018. ; 10:6, s. 355-367
-
Rapport (refereegranskat)abstract
- We develop a formal framework for the analysis of security protocols in wireless networks. The framework captures characteristics necessary to reason about neighbor discovery protocols, such as the neighbor relation, device location, and message propagation time. We use this framework to establish general results about the possibility of neighbor discovery. In particular, we show that time-based protocols cannot in general provide secure neighbor discovery. Given this insight, we also use the framework to prove the security of four concrete neighbor discovery protocols, including two novel time-and-location based protocols. We mechanize the model and some proofs in the theorem prover Isabelle.
|
|
| 8. |
- Raza, Shahid, et al.
(författare)
-
SecureSense : End-to-end secure communication architecture for the cloud-connected Internet of Things
- 2017
-
Ingår i: Future generations computer systems. - : Elsevier BV. - 0167-739X .- 1872-7115. ; 77:Dec, s. 40-51
-
Tidskriftsartikel (refereegranskat)abstract
- Constrained Application Protocol (CoAP) has become the de-facto web standard for the IoT. Unlike traditional wireless sensor networks, Internet-connected smart thing deployments require security. CoAP mandates the use of the Datagram TLS (DTLS) protocol as the underlying secure communication protocol. In this paper we implement DTLS-protected secure CoAP for both resource-constrained IoT devices and a cloud backend and evaluate all three security modes (pre-shared key, raw-public key, and certificate-based) of CoAP in a real cloud-connected IoT setup. We extend SicsthSense– a cloud platform for the IoT– with secure CoAP capabilities, and compliment a DTLS implementation for resource-constrained IoT devices with raw-public key and certificate-based asymmetric cryptography. To the best of our knowledge, this is the first effort toward providing end-to-end secure communication between resource-constrained smart things and cloud back-ends which supports all three security modes of CoAP both on the client side and the server side. SecureSense– our End-to-End (E2E) secure communication architecture for the IoT– consists of all standard-based protocols, and implementation of these protocols are open source and BSD-licensed. The SecureSense evaluation benchmarks and open source and open license implementation make it possible for future IoT product and service providers to account for security overhead while using all standardized protocols and while ensuring interoperability among different vendors. The core contributions of this paper are: (i) a complete implementation for CoAP security modes for E2E IoT security, (ii) IoT security and communication protocols for a cloud platform for the IoT, and (iii) detailed experimental evaluation and benchmarking of E2E security between a network of smart things and a cloud platform.
|
|
| 9. |
- Tsoupidi, Rodothea Myrsini, et al.
(författare)
-
Securing Optimized Code Against Power Side Channels
- 2023
-
Ingår i: 2023 IEEE 36TH COMPUTER SECURITY FOUNDATIONS SYMPOSIUM, CSF. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 340-355
-
Konferensbidrag (refereegranskat)abstract
- Side-channel attacks impose a serious threat to cryptographic algorithms, including widely employed ones, such as AES and RSA. These attacks take advantage of the algorithm implementation in hardware or software to extract secret information via side channels. Software masking is a mitigation approach against power side-channel attacks aiming at hiding the secret-revealing dependencies from the power footprint of a vulnerable implementation. However, this type of software mitigation often depends on general-purpose compilers, which do not preserve non-functional properties. Moreover, microarchitectural features, such as the memory bus and register reuse, may also leak secret information. These abstractions are not visible at the high-level implementation of the program. Instead, they are decided at compile time. To remedy these problems, security engineers often sacrifice code efficiency by turning off compiler optimization and/or performing local, post-compilation trans-formations. This paper proposes Secure by Construction Code Generation (SecCG), a constraint-based compiler approach that generates optimized yet protected against power side channels code. SecCG controls the quality of the mitigated program by efficiently searching the best possible low-level implementation according to a processor cost model. In our experiments with twelve masked cryptographic functions up to 100 lines of code on Mips32 and ARM Thumb, SecCG speeds up the generated code from 77% to 6.6 times compared to non-optimized secure code with an overhead of up to 13% compared to non-secure optimized code at the expense of a high compilation cost. For security and compiler researchers, this paper proposes a formal model to generate power side channel free low-level code. For software engineers, SecCG provides a practical approach to optimize performance critical and vulnerable cryptographic implementations that preserve security properties against power side channels.
|
|
| 10. |
- Vaas, C., et al.
(författare)
-
Nowhere to hide? : Mix-Zones for Private Pseudonym Change using Chaff Vehicles
- 2018
-
Ingår i: IEEE Vehicular Networking Conference, VNC. - : Institute of Electrical and Electronics Engineers (IEEE). - 9781538694282
-
Konferensbidrag (refereegranskat)abstract
- In vehicular communication systems, cooperative awareness messages provide contextual information required for transportation safety and efficiency applications. However, without the appropriate design, these messages introduce a new attack vector to compromise passenger privacy. The use of ephemeral credentials - pseudonyms - was therefore proposed, essentially to split a journey into unlinkable segments. To protect segment transitions, encrypted mix-zones provide regions where vehicles can covertly change their pseudonyms. While previous work focused on the placement, shape, and protocols for mix-zones, attacks that correlate vehicles entering and existing these zones still remain a problem. Furthermore, existing schemes have only considered homogeneous traffic, disregarding variations in vehicle density due to differences in driver population, road layout, and time of day. Without realistic experimental results, any conclusion on real-world applicability is precarious. In this paper, we address this challenge and present a novel scheme that works independent of vehicles' mobility patterns. More precisely, our system generates fictive chaff vehicles when needed and broadcasts their traces, while it remains unobtrusive if sufficiently many vehicles are present. This greatly improves privacy protection in situations with inherently low traffic density, e.g., suburban areas, and during low traffic periods. Our scheme ensure that an external attacker cannot distinguish between real and chaff vehicles, while legitimate vehicles can recognize chaff messages; this is important, because chaff vehicles (and messages) must not affect the operation of safety applications. In our evaluation, we compare our chaff-based approach with an existing cryptographic mix-zone scheme. Our results under realistic traffic conditions show that by introducing fictive vehicles, traffic flow variations can be smoothed and privacy protection can be enhanced up to 76%.
|
|
