Bubbles of Trust: A decentralized blockchain-based authentication system for IoT

Security has become the primary concern in many telecommunications industries today as risks can have high consequences. Especially, as the core and enable technologies will be associated with 5G network, the confidential information will move at all layers in future wireless systems. Several incidents revealed that the hazard encountered by an infected wireless network, not only affects the security and privacy concerns, but also impedes the complex dynamics of the communications ecosystem. Consequently, the complexity and strength of security attacks have increased in the recent past making the detection or prevention of sabotage a global challenge. From the security and privacy perspectives, this paper presents a comprehensive detail on the core and enabling technologies, which are used to build the 5G security model; network softwarization security, PHY (Physical) layer security and 5G privacy concerns, among others. Additionally, the paper includes discussion on security monitoring and management of 5G networks. This paper also evaluates the related security measures and standards of core 5G technologies by resorting to different standardization bodies and provide a brief overview of 5G standardization security forces. Furthermore, the key projects of international significance, in line with the security concerns of 5G and beyond are also presented. Finally, a future directions and open challenges section has included to encourage future research.

/pdf/a-survey-on-security-and-privacy-of-5g-technologies-1hq5wqw2pb.pdf

A Survey on Security and Privacy of 5G Technologies: Potential Solutions, Recent Advancements, and Future Directions

Quality of experience (QoE) is the perceptual quality of service (QoS) from the users' perspective. For video service, the relationship between QoE and QoS (such as coding parameters and network statistics) is complicated because users' perceptual video quality is subjective and diversified in different environments. Traditionally, QoE is obtained from subjective test, where human viewers evaluate the quality of tested videos under a laboratory environment. To avoid high cost and offline nature of such tests, objective quality models are developed to predict QoE based on objective QoS parameters, but it is still an indirect way to estimate QoE. With the rising popularity of video streaming over the Internet, data-driven QoE analysis models have newly emerged due to availability of large-scale data. In this paper, we give a comprehensive survey of the evolution of video quality assessment methods, analyzing their characteristics, advantages, and drawbacks. We also introduce QoE-based video applications and, finally, identify the future research directions of QoE.

From QoS to QoE: A Tutorial on Video Quality Assessment

DDoS attacks in cloud computing

Information-Centric Networking (ICN) is a new networking paradigm, which replaces the widely used host-centric networking paradigm in communication networks (e.g., Internet, mobile ad hoc networks) with an information-centric paradigm, which prioritizes the delivery of named content, oblivious of the contents origin. Content and client security are more intrinsic in the ICN paradigm versus the current host centric paradigm where they have been instrumented as an after thought. By design, the ICN paradigm inherently supports several security and privacy features, such as provenance and identity privacy, which are still not effectively available in the host-centric paradigm. However, given its nascency, the ICN paradigm has several open security and privacy concerns, some that existed in the old paradigm, and some new and unique. In this article, we survey the existing literature in security and privacy research sub-space in ICN. More specifically, we explore three broad areas: security threats, privacy risks, and access control enforcement mechanisms. 
We present the underlying principle of the existing works, discuss the drawbacks of the proposed approaches, and explore potential future research directions. In the broad area of security, we review attack scenarios, such as denial of service, cache pollution, and content poisoning. In the broad area of privacy, we discuss user privacy and anonymity, name and signature privacy, and content privacy. ICN's feature of ubiquitous caching introduces a major challenge for access control enforcement that requires special attention. In this broad area, we review existing access control mechanisms including encryption-based, attribute-based, session-based, and proxy re-encryption-based access control schemes. We conclude the survey with lessons learned and scope for future work.

Security, Privacy, and Access Control in Information-Centric Networking: A Survey

In terms of scalability, cost and ease of deployment, the Peer-to-Peer (P2P) approach has emerged as a promising solution for video streaming applications. Its architecture enables end-hosts, called peers, to relay the video stream to each other. P2P systems are in fact networks of users who control peers. Thus, user behavior is crucial to the performance of these systems because it directly impacts the streaming flow. To understand user behavior, several measurement studies have been carried out over different video streaming systems. Each measurement analyzes a particular system focusing on specific metrics and presents insights. However, a single study based on a particular system and specific metrics is not sufficient to provide a complete model of user behavior considering all of its components and the impact of external factors on them. In this paper, we propose a comparison and a synthesis of these measurements. First of all, we review video streaming architectures, followed by a survey on the user behavior measurements in these architectures. Then, we gather insights revealed in these measurements and compare them for consensual and contrasting points. Finally, we extract components of user behavior, their external impacting factors and relationships among them. We also point out those aspects of user behavior which require further investigations.

/pdf/a-survey-and-synthesis-of-user-behavior-measurements-in-p2p-3rf71lqdqs.pdf

A Survey and Synthesis of User Behavior Measurements in P2P Streaming Systems

Confronting the changing demand of users, the current Internet is revealing its limitations. Information Centric Network (ICN) are Future Internet proposals which are based on named data objects. In order to actually replace its predecessor, ICN must be able to resist existent threats in the current Internet, especially the Denial of Service (DoS) attack. In this paper, we focus on Interest flooding — a new type of DoS attack in Content Centric Network (CCN). Several solutions for this threat have been introduced, but they do not solve the problem in a satisfying way because of some drawbacks in either their detection performance, scalability support or restricted scenario of usage. Our goal is to design a reliable, low resources-consuming detection method against Interest flooding attack in CCN. A detection scheme must be attended since a lot of resources consumed by unnecessarily continuous countermeasure can be saved by a dependable detector. Like no other detectors in proposed solutions, our detector is based on statistical hypotheses testing theory. The achieved result is a low resources-consuming detector that can be deployed globally on each CCN router. The false alarm probability of our detector can be controlled at will. Its statistical power can be theoretically established and evaluated precisely. To validate our contribution, numerical results show the relevance of the proposed approach and the sharpness of theoretical results.

https://hal.archives-ouvertes.fr/hal-02407688/document

An optimal statistical test for robust detection against interest flooding attacks in CCN

Information Centric Networking (ICN) is seen as a promising solution to re-conciliate the Internet usage with its core architecture. However, to be considered as a realistic alternative to IP, ICN must evolve from a pure academic proposition deployed in test environments to an operational solution in which security is assessed from the protocol design to its running implementation. Among ICN solutions, Named Data Networking (NDN), together with its reference implementation NDN Forwarding Daemon (NFD), acts as the most mature proposal but its vulnerability against the Content Poisoning Attack (CPA) is considered as a critical threat that can jeopardize this architecture. So far, existing works in that area have fallen into the pit of coupling a biased and partial phenomenon analysis with a proposed solution, hence lacking a comprehensive understanding of the attack's feasibility and impact in a real network. In this paper, we demonstrate through an experimental measurement campaign that CPA can easily and widely affect NDN. Our contribution is threefold: (1) we propose three realistic attack scenarios relying on both protocol design and implementation weaknesses; (2) we present their implementation and evaluation in a testbed based on the latest NFD version; and (3) we analyze their impact on the different ICN nodes (clients, access and core routers, content provider) composing a realistic topology.

/pdf/content-poisoning-in-named-data-networking-comprehensive-1u93smsh6x.pdf

Content Poisoning in Named Data Networking: Comprehensive characterization of real deployment

With the rapid growth of Internet traffic, new emerging network architectures are under deployment Those architectures will substitute the current IP/TCP network only if they can ensure better security Currently, the most advanced proposal for future Internet architecture is Named Data Networking (NDN) However, new computer network architectures bring new types of attacks This paper focuses on the detection against Interest flooding - one of the most threatening attacks in NDN The statistical detection is studied within the framework of hypothesis testing First, we address the case in which all traffic parameters are known In this context, the optimal test is designed and its statistical performance is given This allows providing an upper bound on the highest detection accuracy one can expect Then, a linear parametric model is proposed to estimate unknown parameters and to design a practical test for which the statistical performance is also provided Numerical results show the relevance of the proposed methodology

Detection of interest flooding attacks in Named Data Networking using hypothesis testing

Named data networking (NDN) is a disruptive yet promising architecture for the future Internet, in which the content diffusion mechanisms are shifted from the conventional host-centric to content-centric ones so that the data delivery can be significantly improved. After a decade of research and development, NDN and the related NDN forwarding daemon implementations are now mature enough to enable stakeholders, such as telcos, to consider them for a real deployment. Consequently, NDN and IP will likely cohabit, and the future Internet may be formed of isolated administrative domains, each deploying one of these two network paradigms. The security question of the resulting architecture naturally arises. In this paper, we consider the case of denial of service. Even though the interest flooding attack (IFA) has been largely studied and mitigated through NACK packets in pure NDN networks, we demonstrate in this paper through experimental assessments that there are still some ways to mount such an attack, and especially in the context of coupling NDN with IP, which can hardly be addressed by current solutions. Subsequently, we leverage the hypothesis testing theory to develop a generalized likelihood ratio test adapted to evolve IFA attacks. Simulations show the relevance of the proposed model for guaranteeing the prescribed probability of false alarm and highlight the trade-off between detection power and delay. Finally, we consider a real deployment scenario where NDN is coupled with IP to carry HTTP traffic. We show that the model of IFA attacks is not very accurate in practice and further develops a sequential detector to keep a high detection accuracy. By considering data from the testbed, we show the efficiency of the overall detection method.

/pdf/reliable-detection-of-interest-flooding-attack-in-real-10tadx7mqi.pdf

Guillaume Doyen

Papers

A Survey and Synthesis of User Behavior Measurements in P2P Streaming Systems

An optimal statistical test for robust detection against interest flooding attacks in CCN

Content Poisoning in Named Data Networking: Comprehensive characterization of real deployment

Detection of interest flooding attacks in Named Data Networking using hypothesis testing

Reliable Detection of Interest Flooding Attack in Real Deployment of Named Data Networking