Special issue | Cybersecurity in Networking

Vol. 74, n° 3-4, March-April 2019
Content available on Springerlink

Guest editors

Rida Khatoun, Telecom ParisTech, France
Diogo Menezes Ferrazani Mattos, UFF, Brazil
Otto Carlos Muniz Bandeira Duarte, UFRJ, Brazil


Cybersecurity in Networking

Rida Khatoun, Diogo Menezes Ferrazani Mattos, Otto Carlos Muniz Bandeira Duarte

Cache nFace: a simple countermeasure for the producer-consumer collusion attack in Named Data Networking

André Nasserala1,2, Ian Vilar Bastos1, Igor Monteiro Moraes1

(1) Laboratório MídiaCom, PGC-TCC, Instituto de Computação, Universidade Federal Fluminense, Niterói, Brazil
(2) Centro de Ciências Exatas e Tecnológicas, Universidade Federal do Acre, Rio Branco, Brazil

Abstract We propose, in this paper, a countermeasure against the producer-consumer collusion attack in Named Data Networking (NDN). In this attack, malicious nodes act in collusion by generating content requests at high rate and thus changing content popularity. The goal of the attack is to reduce in-network caching efficiency by increasing the probability of legitimate consumers to retrieve contents directly from the producer. The proposed countermeasure, called Cache nFace, mitigates this attack by dividing the cache of a node into sub-caches. Each sub-cache only stores contents requested through one specific network interface. Our assumption is that malicious requests do not arrive simultaneously at all interfaces of a content router very often. Results show that cache nFace reduces up to 50% the effectiveness of the attack and outperforms another proposal found in the literature in all the analyzed scenarios.

Keywords Collusion attack, Network security, Named Data Networking

A fast unsupervised preprocessing method for network monitoring

Martin Andreoni Lopez1,2, Diogo M. F. Mattos3, Otto Carlos M. B. Duarte1,
Guy Pujolle2

(1) Universidade Federal do Rio de Janeiro – GTA/COPPE/UFRJ, Rio de Janeiro, Brazil
(2) CNRS, Laboratoire d’Informatique de Paris 6, Sorbonne Université, F-75005 Paris, France
(3) Universidade Federal de Fluminense – (UFF), Niteroi, Brazil

Abstract Identifying a network misuse takes days or even weeks, and network administrators usually neglect zero-day threats until a large number of malicious users exploit them. Besides, security applications, such as anomaly detection and attack mitigation systems, must apply real-time monitoring to reduce the impacts of security incidents. Thus, information processing time should be as small as possible to enable an effective defense against attacks. In this paper, we present a fast preprocessing method for network traffic classification based on feature correlation and feature normalization. Our proposed method couples a normalization and feature selection algorithms. We evaluate the proposed algorithms against three different datasets for eight different machine learning classification algorithms. Our proposed normalization algorithm reduces the classification error rate when compared with traditional methods. Our feature selection algorithm chooses an optimized subset of features improving accuracy by more than 11% within a 100-fold reduction in processing time when compared to traditional feature selection and feature reduction algorithms. The preprocessing method is performed in batch and streaming data, being able to detect concept-drift.

Keywords Feature selection, Machine learning, Normalization, Data preprocessing, Network Monitoring

Additively homomorphic encryption and fragmentation scheme for data aggregation inside unattended wireless sensor networks

Katarzyna Kapusta1, Gerard Memmi1, Hassan Noura2

(1) LTCI, Telecom ParisTech, Paris, France
(2) Department of Electrical and Computer Engineering, American University of Beirut, Beirut, Lebanon

Abstract Data fragmentation and dispersion is recognized as a way of providing confidentiality and availability of data stored inside unattended wireless sensor networks. This paper introduces an additively homomorphic encryption and fragmentation scheme (AHEF). AHEF replaces additively homomorphic secret sharing used in state-of-the-art techniques with additively homomorphic fragmentation. This change has a significant impact on the volume of data stored inside the sensors which in turn supports lower transmission costs. Both, storage and transmission costs are reduced by a factor of at least 2. Moreover, by reducing the number of required computations, AHEF allows sensors to save energy.

Keywords Unattended wireless sensor networks, Internet-of-Things, IoT, UWSN,
Data fragmentation, Data aggregation, Data protection,
Additively homomorphic encryption, Information dispersal

A cooperative approach with improved performance for a global intrusion detection systems for internet service providers

Renato S. Silva, Luís F. M. de Moraes

Ravel Laboratory – PESC / Coppe-UFRJ, Avenida Horácio Macedo, 2030 Cidade Universitária, 21941-914 Rio de Janeiro, RJ Brazil

Abstract Typical perimeter-based intrusion detection systems do not provide the user with the necessary preventive protection measures. In addition, many of the available solutions still need to improve their true-positive detection rates and reduce the proportion of false-positive alarms. Therefore, internet service providers, utilising this type of device to defend their assets and subscribers against malicious traffic, may be induced by them to make incorrect decisions. In this paper, we propose a global intrusion detection system, based upon the BGP protocol that establishes a cooperative federation whose members are distributed autonomous intrusion detection elements. These elements are able to propagate alarms of potential threatening flows traversing their respective autonomous systems. We present the architecture for the described approach and an analytical model based upon Dempster-Shafer’s combination rule, in order to evaluate specific performance metrics. The results show significant improvements over the assessed metrics, highlighting the advantage of using the proposed solution as a frontline to prevent cyberattacks.

Keywords Cyberattacks, Federation, BGP, Intrusion detection systems, Dempster-Shafer, Fusion, Flow-spec

Anonymous roaming authentication protocol for wireless network with backward unlinkability and natural revocation

Mohit Gupta, Narendra S. Chaudhari

Department of Computer Science, Engineering, VNIT, Nagpur, India

Abstract An anonymous secure roaming authentication protocol can be used in wireless network for authentication between a mobile device and a foreign server when the mobile device is away from its home network and wants to use the services of the foreign network. In a two-party roaming authentication protocol, a mobile user and a foreign server authenticate each other without the active help of the home server. Group signature-based protocols are the obvious choice for the design of two-party protocol due to inherent anonymous nature of group signature. Among the existing group signature-based roaming authentication protocols, only the protocol of Liu et al. supports natural revocation without periodic updates of the master public key at the mobile user and foreign server, but it does not support backward unlinkability. Therefore, we propose a two-party anonymous roaming authentication protocol in which the mobile user supports natural revocation along with backward unlinkability without periodic updates of either public key or private key. In addition, the proposed protocol is provably secure in the random oracle model.

Keywords Anonymous, Untraceability, Authentication, Roaming, Revocation,
Wireless network

A situation-driven framework for dynamic security management

Romain Laborde, Arnaud Oglaza, Ahmad Samer Wazan, François Barrère, Abdelmalek Benzekri

University Paul Sabatier, 118 Route de Narbonne, 31062 Toulouse CEDEX 9, France

Abstract We present a dynamic security management framework where security policies are specified according to situations. Situation-based policies easily express complex dynamic security measures, are closer to business, and simplify the policy life cycle management. Situations are specified using complex event processing techniques. The framework is supported by a modular event–based infrastructure where a dedicated situation manager maintains active situations allowing the command center to take dynamic situation–based authorization and obligation decisions. The whole framework has been implemented and showed good performance by simulation. Finally, we detail two real experiments.

Keywords Dynamic security management, Situation awareness,
Policy-based management, Complex event processing, Attribute-based access control, XACMLv3

Isolation in cloud computing infrastructures: new security challenges

Mohammad-Mahdi Bazm1, Marc Lacoste1, Mario Südholt2, Jean-Marc Menaud2

(1) Orange Labs, 44 Avenue de la République, 92320 Châtillon, France
(2) IMT Atlantique, 4 Rue Alfred Kastler, 44307 Nantes, France

Abstract Cloud computing infrastructures share hardware resources among different clients, leveraging virtualization to multiplex physical resources among several self-contained execution environments such as virtual machines or Linux containers. Isolation is a core security challenge for such a computing paradigm. It may be threatened by side-channels, created due to the sharing of physical resources like processor caches, or by mechanisms implemented in the virtualization layer. Side-channel attacks (SCAs) exploit and use such leaky channels to obtain sensitive data such as kernel information. This paper aims to clarify the nature of this threat for cloud infrastructures. Current SCAs are performed locally and exploit isolation challenges of virtualized environments to retrieve sensitive information. This paper also clarifies the concept of distributed side-channel attack (DSCA). We explore how such attacks can threaten isolation of any virtualized environments such as cloud computing infrastructures. Finally, we study a set of different applicable countermeasures for attack mitigation in cloud infrastructures.

Keywords Cloud security, Isolation, Side-channel attacks, Distributed side-channel attacks, Moving target defense

Open Topics

Oblique projection-based interference suppression for MIMO power line communication

Xiaoyu Hu1, Zhe Chen1, Fuliang Yin1, Gongjun Yan2, Gary Black2

(1) School of Information and Communication Engineering, Dalian University of Technology, Dalian 116023, China
(2) Department of Computer Science, University of Southern Indiana, Evansville, IN 47712, USA

Abstract In this paper, it is proved that in multi-conductor power line communication (PLC), spatial multiplexing can be achieved not only in different transmission modes but also in a same transmission mode, which means that spatial multiplexing technique can suppress the interference from any transmission modes. With this conclusion, a co-channel interference (CCI) suppression method based on oblique projection is proposed for multi-conductor PLC. In this method, the oblique projection operator which maps the received signal to the signal space along the interference space is estimated based on second-order statistics of the received data, and then the CCI can be suppressed by the oblique projection operator. The simulation results reveal the validity of the proposed method.

Keywords Power line communication, Multiple input multiple output,
Interference suppression, Oblique projection

A high gain S-band slot antenna with MSS for CubeSat

Faisel Tubbal1,2, Raad Raad1, Kwan-Wu Chin1, Ladislau Matekovits3,
Brenden Butters4, Gianluca Dassano3

(1) School of Electrical, Computer and Telecommunications Engineering, University of Wollongong, Wollongong, New South Wales 2522, Australia
(2) Technological Projects Department, The Libyan Center for Remote Sensing and Space Science, Tripoli, Libya
(3) Department of Electronics and Telecommunications, Politecnico di Torino, 10129 Torino, Italy
(4) Department of Electrical Engineering and Computer Science, Massachusetts Institute of Technology, 77 Massachusetts Ave, Cambridge, MA 02139, USA

Abstract Cube satellites, aka CubeSats, are a class of tiny satellites that have become popular for space programs. This is because they can be built relatively cheaply using commercial off-the-shelf components. Moreover, CubeSats can communicate with each other, and assemble into swarms to carry out different functions: e.g., wide area measurements and sensing. Swarms of CubeSats also have the effect of increasing the contact period with ground stations allowing for a longer communications window. These capabilities require CubeSats to be equipped with an efficient, high gain, small antenna to facilitate cross-link or inter-satellite communications. Henceforth, this paper presents a high gain coplanar waveguide (CPW)–fed slot antenna for CubeSats. A key feature is the use of a metasurface superstrate structure (MSS) to significantly improve gain and reduce back-lobe emissions. This also has the advantage of minimizing interference to components inside a CubeSat. We have comprehensively evaluated the antenna using the high-frequency simulator structure (HFSS) as well as a carrying out testing on a 3 U (10 × 10 × 30 cm3) CubeSat platform. We have studied the effect of MSS element sets and their position and the effect of a 3-U CubeSat body on the performance of the proposed antenna. The experimental results confirm that our antenna achieves a return loss of 21.5 dB and a fractional impedance bandwidth (BW) of 55.91% with S11≤10 dB and has a simulated and measured gains of 9.71 and 8.8 dBi respectively at the desired frequency of 2.45 GHz. In contrast, amongst all previous S-band planar antennas that are suitable for CubeSats, the best gain is only 5.96 dB at 2.45 GHz.

Keywords CubeSat, Metasurface superstrate, S-band, Gain improvement, Satellite,
Slot antenna