| 1. |
- Gisdakis, Stylianos, 1986-
(författare)
-
Secure and Privacy Preserving Urban Sensing Systems
- 2016
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The emergence of resource-rich mobile devices and smart vehicles has paved the way for Urban Sensing. In this new paradigm, users, leveraging their sensing-capable devices, sense their environment and become part of an unprecedented large-scale network of sensors, with extensive spatial and temporal coverage, that enables the collection and dissemination of real-time information, potentially, from anywhere, about anything and at anytime. Urban sensing will facilitate the deployment of innovative applications aiming to address the ever-growing concerns for citizens' well-being by offering a better understanding of our activities and environment.Nevertheless, the openness of such systems (ideally anyone can participate) and the richness of the data users contribute unavoidably raise significant concerns both about the security of urban sensing applications and the privacy of the participating users. More specifically, users participating in urban sensing applications are expected to contribute sensed data tagged, in many cases, with spatio-temporal information. Misusing such information could reveal sensitive user-specific attributes including their whereabouts, health condition, and habits and lead to extensive and unsolicited user profiling. At the same time, the participation of large numbers of users possessing sensing- capable devices is a double-edged sword: devices can be compromised or faulty or users can be adversarial seeking to manipulate urban sensing systems by submitting intelligently crafted faulty information.This thesis considers security, resilience and privacy for urban sensing notably in two application domains: intelligent transportation systems and generic smartphone based crowd-sourced sensing applications. For these domains, we design, implement and evaluate provably secure and privacy-preserving solutions capable of protecting the users from the system (i.e., ensuring their privacy in the presence of untrustworthy infrastructure) and the system from malicious users (i.e., holding them accountable for possible system-offending actions)
|
|
| 2. |
- Gülgün, Ziya, 1992-
(författare)
-
GNSS and Massive MIMO : Spoofing, Jamming and Robust Receiver Design for Impulsive Noise
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- In this thesis, we focus on vulnerabilities and robustness of two wireless communication technologies: global navigation satellite system (GNSS), a technology that provides position-velocity-time information, and massive multiple-input-multiple-output (MIMO), a core cellular 5G technology. In particular, we investigate spoofing and jamming attacks to GNSS and massive MIMO, respectively, and the robust massive MIMO receiver against impulsive noises. In this context, spoofing refers to the situation in which a receiver identifies falsified signals, that are transmitted by the spoofers, as legitimate or trustable signals.Jamming, on the other hand, refers to the transmission of radio signals that disrupt communications by decreasing the signal to interference plus noise ratio (SINR) on the receiver side.The reason why we investigate impulsive noises is that the standard wireless receivers assume that the noise has Gaussian distribution. However, the impulsive noises may appear in any communication link. The difference between impulsive noises and standard Gaussian noises is that it is more likely to observe outliers in impulsive noises. Therefore, we question whether the standard Gaussian receivers are robust against impulsive noises and design robust receivers against impulsive noises.More specifically, in paper A we analyze the effects of distributed jammers on massive MIMO and answer the following questions: Is massive MIMO more robust to distributed jammers compared with previous generation's cellular networks? Which jamming attack strategies are the best from the jammer's perspective, and can the jamming power be spread over space to achieve more harmful attacks?In paper B, we propose a detector for GNSS receivers that is able to detect multiple spoofers without having any prior information about the attack strategy or the number of spoofers in the environment.In paper C and D, we design robust receivers for massive MIMO against impulsive noise. In paper C, we model the noise having a Cauchy distribution and present a channel estimation technique, achievable rates and soft-decision metrics for coded signals. The main observation in paper C is that the proposed receiver works well in the presence of Cauchy and Gaussian noises, although the standard Gaussian receiver performs very bad when the noise has Cauchy distribution. In paper D, we compare two types of receivers, the Gaussian-mixture and the Cauchy-based, when the noise has symmetric alpha-stable (SαS) distributions. Based on the numerical results, the Gaussian-mixture receiver outperforms the Cauchy-based receiver.
|
|
| 3. |
- Boeira, Felipe, 1992-
(författare)
-
Authentic Communication and Trustworthy Location in Mobile Networks
- 2023
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Widespread mobile network connectivity has changed society and, consequently, increased our dependency on its proper functioning for transportation, safety, finance, and more. This thesis is concerned with improving the security of mobile networks and focuses on two such instances: vehicular and cellular networks. We aim at mitigating certain security risks even in the presence of strong attackers, which could be manifested in the form of internal malicious agents in cellular network providers or connected vehicles compromised with malicious software, to mention a couple of examples. Within this scope, we target two main challenges: proving that a selected set of security protocols in vehicular and cellular networks guarantee the expected security properties and improving the trustworthiness of location information shared by neighbouring vehicles. Our contributions to security protocols involve employing formal methods to verify security properties in the vehicular communication protocol Ensemble and in the fifth generation of cellular networks (5G). The Ensemble protocol aims to enable multi-brand truck platooning and is currently in a prestandardisation effort in Europe. We report a potential weakness that was resolved in the latest versions and verify that strong security properties are fulfilled. To make verification tractable, we propose a strategy based on the hierarchy of cryptographic keys which may also be employed in protocols that have similar keying structures. In 5G, we identify a weakness that could be exploited to frame people into suspicion of serious crimes when lawful interception operations are conducted. We then design the changes required to guarantee non-frameability in 5G and formally verify the expected security properties. In the context of location trustworthiness, we design and evaluate a proof-of-location scheme tailored for vehicular networks called Vouch+. Vouch+ can operate in centralised or decentralised modes and combines location information shared by neighbouring vehicles (or the infrastructure) with a plausibility model to ensure the validity of the position claimed by other vehicles. Furthermore, we propose and evaluate reaction strategies that mitigate the studied position falsification attacks on vehicular platooning. Through our results, we demonstrate how mobile networks may benefit from employing rigorous methods to obtain higher assurance about their expected security properties. Furthermore, we show how considering increasing adversarial capabilities supports the assessment of these networks’ resilience and the design of new security mechanisms.
|
|
| 4. |
- Khodaei, Mohammad
(författare)
-
Secure and Privacy Preserving Vehicular Communication Systems: Identity and Credential Management Infrastructure
- 2016
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- Vehicular Communication (VC) systems can greatly enhance road safety and transportation efficiency. Vehicles are equipped with sensors to sense their surroundings and the internal Controller Area Network (CAN) bus. Hence, vehicles are becoming part of a large-scale network, the so-called Internet of Vehicles (IoV). Deploying such a large-scale VC system cannot materialize unless the VC systems are secure and do not expose their users’ privacy. Vehicles could be compromised or their sensors become faulty, thus disseminating erroneous information across the network. Therefore, participating vehicles should be accountable for their actions. Moreover, user privacy is at stake: vehicles should disseminate spatio-temporal information frequently. Due to openness of the wireless communication, an observer can eavesdrop the communication to infer users’ sensitive information, thus profiling users. The objective is to secure the communication, i.e., prevent malicious or compromised entities from affecting the system operation, and ensure user privacy, i.e., keep users anonymous to any external observer but also for security infrastructure entities and service providers.In this thesis, we focus on the identity and credential management infrastructure for VC systems, taking security, privacy, and efficiency into account. We begin with a detailed investigation and critical survey of the standardization and harmonization efforts. We point out the remaining challenges to be addressed in order to build a Vehicular Public-Key Infrastructure (VPKI). We provide a VPKI design that improves upon existing proposals in terms of security and privacy protection and efficiency. More precisely, our scheme facilitates multi-domain operations in VC systems and enhances user privacy, notably preventing linking of pseudonyms based on timing information and offering increased protection in the presence of honest-but-curious VPKI entities. We further extensively evaluate the performance of the full-blown implementation of our VPKI for a large-scale VC deployment. Our results confirm the efficiency, scalability and robustness of our VPKI.
|
|
| 5. |
- Lisova, Elena
(författare)
-
Monitoring for Securing Clock Synchronization
- 2018
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- In today's society, more and more embedded computer systems are connecting. There are many different types of embedded systems including industrial networks, Internet of Things (IoT), distributed control systems, connected vehicles, etc. Most such cyber-physical systems (CPS), regardless of their specifics, have a communication part that enables data exchange between system entities and external entities. Today, many commercial systems adopt heterogeneous solutions including a combination of wired and wireless communication. Using both technologies together brings benefits in terms of flexibility and reliability, but it also imposes new challenges, such as maintaining system security. Security of connected CPS therefore becomes paramount to address.One of the most critical properties of CPS is related to timing, as the vast majority of all CPS have real-time requirements due to interaction with a physical process, and communication therefore follows some kind of schedule with deadlines. In time-triggered networks, transmissions occur at pre-defined instants in time, but also in event-driven communication, data usefulness can be based on a timestamp, and consequently, to judge data validity and order of events, nodes need to interpret the received timestamp based on its own time. Both implementations make clock synchronization an essential network asset. Therefore, the first step in securing CPS is an investigation of ways to break clock synchronization. The next step is development of a solution that allows detection of malicious influence in the system and mitigates its consequences.In this thesis, a threat model and a vulnerability analysis of clock synchronization is built upon IEEE 1588, a standard widely used in industry for establishing and maintaining clock synchronization. As a mitigation strategy, a distributed monitoring solution is proposed to detect if an adversary is influencing clock synchronization in the network. The monitor strategy is based on dynamic rules for switching between different network states: no adversary present, quarantine mode and attack detected. Next, game theory is used to investigate the interaction between an adversary and the monitor. Furthermore, the time chase between an adversary and the monitor is examined to see how the monitor strategy influences the outcome of the adversary actions. Safety and security interaction is also considered to see which implications the proposed security solution has on the safety domain. Finally, the monitoring approach is abstracted and analyzed for different estimations of channel reliability to investigate the applicability of the solution in different settings, and as a result a methodology for black channel state manager design is presented.
|
|
| 6. |
- Punal, Pablo
(författare)
-
An Efficient Access Control Method for Resource Constrained Embedded Systems
- 2014
-
Licentiatavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The way to communicate and distribute the information in Wireless Sensor Networks (WSN) is constantly under evolution; at beginning the networks sent the information using proprietary protocols; but today, using IP protocol has become widely used to improve the interoperability and to standardize. These nodes often are constrained re- source devices and are not able to use the same mechanisms that a normal computer uses, because the processing performance and memory capacity are smaller than a nor- mal computer.With standardized protocols, like CoAP, an embedded device is able to create and offer resources to others. In some applications the data is confidential and must be pro- tected against intruders, for this reason the use of encryption techniques is mandatory; but even with encryption there is no mechanism to control the access to each resource and with method is used to access. Also standard computing solutions are not directly applicable, because the power consumption and processing performance. Therefore all resources are accessible to anyone with permissions to connect to the embedded device.In this thesis a new method of access control for resource-constrained devices is pro- posed as a extension of CoAP protocol. Which keep the original concepts of low-power and small processing overhead.This method can be a small step forward on the WSNs evolution. The results obtained are only about the method, the integration of this method into a complete access control framework is part of future work.
|
|
