Showing papers on "Internet security published in 2017"
TL;DR: This survey will explore the most relevant limitations of IoT devices and their solutions, and present the classification of IoT attacks, and analyze the security issues in different layers.
Abstract: Internet-of-Things (IoT) are everywhere in our daily life. They are used in our homes, in hospitals, deployed outside to control and report the changes in environment, prevent fires, and many more beneficial functionality. However, all those benefits can come of huge risks of privacy loss and security issues. To secure the IoT devices, many research works have been conducted to countermeasure those problems and find a better way to eliminate those risks, or at least minimize their effects on the user’s privacy and security requirements. The survey consists of four segments. The first segment will explore the most relevant limitations of IoT devices and their solutions. The second one will present the classification of IoT attacks. The next segment will focus on the mechanisms and architectures for authentication and access control. The last segment will analyze the security issues in different layers.
804 citations
TL;DR: This survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing.
Abstract: Internet of Things (IoT), also referred to as the Internet of Objects, is envisioned as a transformative approach for providing numerous services. Compact smart devices constitute an essential part of IoT. They range widely in use, size, energy capacity, and computation power. However, the integration of these smart things into the standard Internet introduces several security challenges because the majority of Internet technologies and communication protocols were not designed to support IoT. Moreover, commercialization of IoT has led to public security concerns, including personal privacy issues, threat of cyber attacks, and organized crime. In order to provide a guideline for those who want to investigate IoT security and contribute to its improvement, this survey attempts to provide a comprehensive list of vulnerabilities and countermeasures against them on the edge-side layer of IoT, which consists of three levels: (i) edge nodes, (ii) communication, and (iii) edge computing. To achieve this goal, we first briefly describe three widely-known IoT reference models and define security in the context of IoT. Second, we discuss the possible applications of IoT and potential motivations of the attackers who target this new paradigm. Third, we discuss different attacks and threats. Fourth, we describe possible countermeasures against these attacks. Finally, we introduce two emerging security challenges not yet explained in detail in previous literature.
547 citations
TL;DR: A new signature-based authenticated key establishment scheme for the IoT environment that provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.
Abstract: Internet of Things (IoT) is a network of all devices that can be accessed through the Internet. These devices can be remotely accessed and controlled using existing network infrastructure, thus allowing a direct integration of computing systems with the physical world. This also reduces human involvement along with improving accuracy and efficiency, resulting in economic benefit. The devices in IoT facilitate the day-to-day life of people. However, the IoT has an enormous threat to security and privacy due to its heterogeneous and dynamic nature. Authentication is one of the most challenging security requirements in the IoT environment, where a user (external party) can directly access information from the devices, provided the mutual authentication between user and devices happens. In this paper, we present a new signature-based authenticated key establishment scheme for the IoT environment. The proposed scheme is tested for security with the help of the widely used Burrows-Abadi–Needham logic, informal security analysis, and also the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool. The proposed scheme is also implemented using the widely accepted NS2 simulator, and the simulation results demonstrate the practicability of the scheme. Finally, the proposed scheme provides more functionality features, and its computational and communication costs are also comparable with other existing approaches.
320 citations
TL;DR: This work presents a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry and presents a comprehensive heuristic security analysis to show that the protocol is secure against all the possible attacks and provides the desired security features.
Abstract: Wireless sensor networks (WSNs) will be integrated into the future Internet as one of the components of the Internet of Things, and will become globally addressable by any entity connected to the Internet. Despite the great potential of this integration, it also brings new threats, such as the exposure of sensor nodes to attacks originating from the Internet. In this context, lightweight authentication and key agreement protocols must be in place to enable end-to-end secure communication. Recently, Amin et al. proposed a three-factor mutual authentication protocol for WSNs. However, we identified several flaws in their protocol. We found that their protocol suffers from smart card loss attack where the user identity and password can be guessed using offline brute force techniques. Moreover, the protocol suffers from known session-specific temporary information attack, which leads to the disclosure of session keys in other sessions. Furthermore, the protocol is vulnerable to tracking attack and fails to fulfill user untraceability. To address these deficiencies, we present a lightweight and secure user authentication protocol based on the Rabin cryptosystem, which has the characteristic of computational asymmetry. We conduct a formal verification of our proposed protocol using ProVerif in order to demonstrate that our scheme fulfills the required security properties. We also present a comprehensive heuristic security analysis to show that our protocol is secure against all the possible attacks and provides the desired security features. The results we obtained show that our new protocol is a secure and lightweight solution for authentication and key agreement for Internet-integrated WSNs.
259 citations
TL;DR: A lightweight anonymous mutual authentication and key agreement scheme for centralized two-hop WBANs is proposed, which allows sensor nodes attached to the patient’s body to authenticate with the local server/hub node and establish a session key in an anonymous and unlinkable manner.
249 citations
TL;DR: This paper discusses in detailphishing attacks, history of phishing attacks and motivation of attacker behind performing this attack, and provides taxonomy of various solutions proposed in the literature to detect and defend fromPhishing attacks.
Abstract: In the last few years, phishing scams have rapidly grown posing huge threat to global Internet security. Today, phishing attack is one of the most common and serious threats over Internet where cyber attackers try to steal user's personal or financial credentials by using either malwares or social engineering. Detection of phishing attacks with high accuracy has always been an issue of great interest. Recent developments in phishing detection techniques have led to various new techniques, specially designed for phishing detection where accuracy is extremely important. Phishing problem is widely present as there are several ways to carry out such an attack, which implies that one solution is not adequate to address it. Two main issues are addressed in our paper. First, we discuss in detail phishing attacks, history of phishing attacks and motivation of attacker behind performing this attack. In addition, we also provide taxonomy of various types of phishing attacks. Second, we provide taxonomy of various solutions proposed in the literature to detect and defend from phishing attacks. In addition, we also discuss various issues and challenges faced in dealing with phishing attacks and spear phishing and how phishing is now targeting the emerging domain of IoT. We discuss various tools and datasets that are used by the researchers for the evaluation of their approaches. This provides better understanding of the problem, current solution space and future research scope to efficiently deal with such attacks.
178 citations
TL;DR: A provably secure three-factor user authentication and key agreement protocol for wireless healthcare sensor networks and the simulation through the widely-known Automated Validation of Internet Security Protocols and Applications (AVISPA) tool shows that the scheme is also secure.
171 citations
19 Apr 2017
TL;DR: A definition of the Internet of things is given, its architecture is dissected to give a state of the art of security in the field of internet of things (Faults detected in each layer …), and the solutions proposed until now are mentioned to help researchers start their researches on internet ofThings security subject.
Abstract: The consequences of security problems are increasingly serious These problems can now lead to personal injury, prolonged downtime and irreparable damage to capital goods To achieve this, systems require end-to-end security solutions that cover the layers of connectivity, furthermore, guarantee the privatization and protection of data circulated via networks In this paper, we will give a definition to the Internet of things, try to dissect its architecture (protocols, layers, entities …), thus giving a state of the art of security in the field of internet of things (Faults detected in each layer …), finally, mention the solutions proposed until now to help researchers start their researches on internet of things security subject
147 citations
TL;DR: This paper aims to propose a novel biometric‐based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme, and shows through the rigorous security analysis that the scheme is secure and satisfies the desirable security requirements.
Abstract: Summary
User authentication is a prominent security requirement in wireless sensor networks (WSNs) for accessing the real-time data from the sensors directly by a legitimate user (external party). Several user authentication schemes are proposed in the literature. However, most of them are either vulnerable to different known attacks or they are inefficient. Recently, Althobaiti et al. presented a biometric-based user authentication scheme for WSNs. Although their scheme is efficient in computation, in this paper, we first show that their scheme has several security pitfalls such as (i) it is not resilient against node capture attack; (ii) it is insecure against impersonation attack; and (iii) it is insecure against man-in-the-middle attack. We then aim to propose a novel biometric-based user authentication scheme suitable for WSNs in order to withstand the security pitfalls found in Althobaiti et al. scheme. We show through the rigorous security analysis that our scheme is secure and satisfies the desirable security requirements. Furthermore, the simulation results for the formal security verification using the most widely used and accepted Automated Validation of Internet Security Protocols and Applications tool indicate that our scheme is secure. Our scheme is also efficient compared with existing related schemes. Copyright © 2015 John Wiley & Sons, Ltd.
145 citations
TL;DR: This work proposes a framework for modeling and assessing the security of the IoT and provides a formal definition of the framework, and uses the analysis results to show the capabilities of the proposed framework for finding potential attack paths and mitigating the impact of attacks.
133 citations
TL;DR: It is demonstrated through the experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception.
Abstract: A leading cause of security breaches is a basic human vulnerability: our susceptibility to deception. Hackers exploit this vulnerability by sending phishing emails that induce users to click on malicious links that then download malware or trick the victim into revealing personal confidential information to the hacker. Past research has focused on human susceptibility to generic phishing emails or individually targeted spear-phishing emails. This study addresses how contextualization of phishing emails for targeted groups impacts their susceptibility to phishing. We manipulated the framing and content of email messages and tested the effects on users’ susceptibility to phishing. We constructed phishing emails to elicit either the fear of losing something valuable (e.g., course registrations, tuition assistance) or the anticipation of gaining something desirable (e.g., iPad, gift card, social networks). We designed the emails’ context to manipulate human psychological weaknesses such as greed, social needs, and so on. We sent fictitious (benign) emails to 7,225 undergraduate students and recorded their responses. Results revealed that contextualizing messages to appeal to recipients’ psychological weaknesses increased their susceptibility to phishing. The fear of losing or anticipation of gaining something valuable increased susceptibility to deception and vulnerability to phishing. The results of our study provide important contributions to information security research, including a theoretical framework based on the heuristic-systematic processing model to study the susceptibility of users to deception. We demonstrate through our experiment that several situational factors do, in fact, alter the effectiveness of phishing attempts.
TL;DR: This paper proposes a provably secure authentication scheme for distributed mobile cloud computing services and shows that the proposed scheme achieves SK-security and strong credentials’ privacy and prevents all well-known attacks including the impersonation attack and ephemeral secrets leakage attack.
TL;DR: A novel lightweight phishing detection approach completely based on the URL, which uses only six URL features to perform the recognition and improves the overall recognition rate by 21.8%.
Abstract: The phishing is a technique used by cyber-criminals to impersonate legitimate websites in order to obtain personal information. This paper presents a novel lightweight phishing detection approach completely based on the URL (uniform resource locator). The mentioned system produces a very satisfying recognition rate which is 95.80%. This system, is an SVM (support vector machine) tested on a 2000 records data-set consisting of 1000 legitimate and 1000 phishing URLs records. In the literature, several works tackled the phishing attack. However those systems are not optimal to smartphones and other embed devices because of their complex computing and their high battery usage. The proposed system uses only six URL features to perform the recognition. The mentioned features are the URL size, the number of hyphens, the number of dots, the number of numeric characters plus a discrete variable that correspond to the presence of an IP address in the URL and finally the similarity index. Proven by the results of this study the similarity index, the feature we introduce for the first time as input to the phishing detection systems improves the overall recognition rate by 21.8%.
01 Feb 2017
TL;DR: An overview of Security principles, Security Threats and Security challenges at the application layer and its countermeasures to overcome those challenges is represented.
Abstract: The Internet of things aspires to connect anyone with anything at any point of time at any place. Internet of Thing is generally made up of three-layer architecture. Namely Perception, Network and Application layers. A lot of security principles should be enabled at each layer for proper and efficient working of these applications. This paper represents the overview of Security principles, Security Threats and Security challenges at the application layer and its countermeasures to overcome those challenges. The Application layer plays an important role in all of the Internet of Thing applications. The most widely used application layer protocol is MQTT. The security threats for Application Layer Protocol MQTT is particularly selected and evaluated. Comparison is done between different Application layer protocols and security measures for those protocols. Due to the lack of common standards for IoT protocols, a lot of issues are considered while choosing the particular protocol.
TL;DR: This paper aims to review the advances on issues of security and privacy in IoV, includingSecurity and privacy requirements, attack types, and the relevant solutions, and discuss challenges and future trends in this area.
Abstract: As a typical application of Internet of Things (IoT) in the field of transportation, Internet of Vehicles (IoV) aims at achieving an integrated intelligent transportation system to enhance traffics efficiency, avoid accidents, ensure road safety, and improve driving experiences by using new IoT technologies. Different from other Internet, it is characterized by dynamic topological structures, huge network scale, non-uniform distribution of nodes, and mobile limitation. Due to these characteristics, IoV systems face various types of attacks, such as authentication and identification attacks, availability attacks, confidentiality attacks, routing attacks, data authenticity attacks, etc., which result in several challenging requirements in security and privacy. Many security scientists made numerous efforts to ensure the security and privacy for the Internet of Vehicles in recent years. This paper aims to review the advances on issues of security and privacy in IoV, including security and privacy requirements, attack types, and the relevant solutions, and discuss challenges and future trends in this area.
TL;DR: Off-the-Hook is a new approach for detecting phishing webpages in real-time as they are visited by a browser that relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage.
Abstract: Phishing is a major problem on the Web. Despite the significant attention it has received over the years, there has been no definitive solution. While the state-of-the-art solutions have reasonably good performance, they suffer from several drawbacks including potential to compromise user privacy, difficulty of detecting phishing websites whose content change dynamically, and reliance on features that are too dependent on the training data. To address these limitations we present a new approach for detecting phishing webpages in real-time as they are visited by a browser. It relies on modeling inherent phisher limitations stemming from the constraints they face while building a webpage. Consequently, the implementation of our approach, Off-the-Hook , exhibits several notable properties including high accuracy, brand-independence and good language-independence, speed of decision, resilience to dynamic phish and resilience to evolution in phishing techniques. Off-the-Hook is implemented as a fully-client-side browser add-on, which preserves user privacy. In addition, Off-the-Hook identifies the target website that a phishing webpage is attempting to mimic and includes this target in its warning. We evaluated Off-the-Hook in two different user studies. Our results show that users prefer Off-the-Hook warnings to Firefox warnings.
TL;DR: A novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography is proposed and it is proved that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows–Abadi–Needham logic.
Abstract: Three-factor mutually authenticated key agreement protocols for multi-server environments have gained momentum in recent times due to advancements in wireless technologies and associated constraints. Several authors have put forward various authentication protocols for multi-server environment during the past decade. Wang et al. recently proposed a biometric-based authentication with key agreement protocol for multi-server environment and claimed that their protocol is efficient and resistant to prominent security attacks. The careful investigation of this paper shows that Wang et al. protocol’s users are sharing personal identifiable information with the application servers during the registration and authentication process. This nature of disclosing credentials leads to severe threats particularly insider attacks, user impersonation attacks, and server impersonation attacks. As a remedy of the aforementioned problems, this paper proposes a novel biometric-based mutually authenticated key agreement protocols for multi-server architecture based on elliptic curve cryptography. We prove that the proposed protocol achieves secure mutual authentication property using the broadly used Burrows–Abadi–Needham logic. The formal security of the proposed protocol is verified using the widely accepted automated validation of Internet security protocols and applications tool to show that our protocol can withstand active and passive attacks including the replay and man-in-the-middle attacks. The proposed protocol is robust and efficient compared with the existing related protocols.
01 Jan 2017
TL;DR: This paper reviews the current IoT technologies, approaches and models and finds the security gap in existing communication technologies, application interfaces, and data security.
Abstract: The Internet of Things (IoT) refers to the physical devices that are embedded with Internet, electronics, software, sensors, actuators, and network connectivity. This includes many different systems, for instance, healthcare, wellbeing, smart home, building, smart meters, and so on. The Internet-based technical architecture, IP-based communication protocols, and technologies are facilitating the exchange of smart object services over the insecure channels, therefore, security and privacy of the involved stakeholder is the prime concern. In this paper we analyse available IoT security in three forms: (i) security in communication, (ii) security at application interface, and (iii) data security. This paper reviews the current IoT technologies, approaches and models and finds the security gap in existing communication technologies, application interfaces, and data security. Another focus of the paper is to provide an overview of the related work in IoT, together with the open challenges and future research directions me”.
TL;DR: A new authentication scheme for medicine anti-counterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms) and is suitable for mobile environment, which also provides efficient NFC update phase.
Abstract: A counterfeit drug is a medication or pharmaceutical product which is manufactured and made available on the market to deceptively represent its origin, authenticity and effectiveness, etc., and causes serious threats to the health of a patient. Counterfeited medicines have an adverse effect on the public health and cause revenue loss to the legitimate manufacturing organizations. In this paper, we propose a new authentication scheme for medicine anti-counterfeiting system in the Internet of Things environment which is used for checking the authenticity of pharmaceutical products (dosage forms). The proposed scheme utilizes the near field communication (NFC) and is suitable for mobile environment, which also provides efficient NFC update phase. The security analysis using the widely accepted real-or-random model proves that the proposed scheme provides the session key security. The proposed scheme also protects other known attacks which are analyzed informally. Furthermore, the formal security verification using the broadly accepted automated validation of Internet security protocols and applications tool shows that the proposed scheme is secure. The scheme is efficient with respect to computation and communication costs, and also it provides additional functionality features when compared to other existing schemes. Finally, for demonstration of the practicality of the scheme, we evaluate it using the broadly accepted NS2 simulation.
TL;DR: The results show that the proposed approach is capable of providing secure transmission by resolving the RO problem in PMIPv6 along with the reduction in handover latency, end to end delay and packet loss, and enhancement in throughput and transmission rate even during the handover phase.
Abstract: The communication in the Smart Home Internet of Things (SH-IoT) comprising various electronic devices and sensors is very sensitive and crucial In addition, the key requirements of the SH-IoT include channel security, handover support, mobility management, and consistent data rates Proxy mobile IPv6 (PMIPv6) is considered as one of the core solutions to handle extreme mobility; however, the default PMIPv6 cannot ensure performance enhancement in SH-IoT scenarios, ie, Route Optimization (RO) The existing security protocols for PMIPv6 cannot support secure RO for smart home IoT services, where mobile nodes (MNs) communicate with home IoT devices not belonging to their domain Motivated by this, a secure protocol is proposed, which uses trust between PMIPv6 domain and smart home to ensure security as well as performance over the path between MNs and home IoT devices The proposed protocol includes steps for secure RO and handover management, where mutual authentication, key exchange, perfect forward secrecy, and privacy are supported The correctness of the proposed protocol is formally analyzed using BAN-logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) Furthermore, network simulations are conducted to evaluate the performance efficiency of the proposed protocol The results show that the proposed approach is capable of providing secure transmission by resolving the RO problem in PMIPv6 along with the reduction in handover latency, end to end delay and packet loss, and enhancement in throughput and transmission rate even during the handover phase
TL;DR: This work designs a symmetric key based authentication protocol for WMSN environment that uses only computationally efficient operations to achieve lightweight attribute and demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack.
Abstract: Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.
TL;DR: This is the first installment of the new "Security and Privacy Matters" column in IEEE Consumer Electronics Magazine, which aims to provide insight on various aspects of security and privacy in the CE industry.
Abstract: This is the first installment of the new "Security and Privacy Matters" column in IEEE Consumer Electronics Magazine. Security and privacy are always at the heart of everything that happens in the Consumer Electronics (CE) industry. This column aims to provide insight on various aspects of security and privacy in the CE industry.
TL;DR: In this paper, a secure biometrics-based user authentication scheme in WMSNs using smart card is presented and it is shown that the scheme is secure against possible known attacks.
Abstract: A wireless medical sensor network (WMSN ) is a professional application of the traditional wireless body area sensor networks in medicine. Using WMSNs, the parameters of patients' vital signs can be gathered from the sensor nodes deployed on the body of the patients and accessed by the healthcare professionals by using a mobile device. Due to wireless communication, securing communication becomes a vital issue in WMSNs. Since the vital signs parameters are sensitive to the patients' health status and these information must not be revealed to the others except the healthcare professionals, the protection of patients' privacy becomes another key issue for WMSNs applications. Thus, user authentication with anonymity property is the most basic and commonly used method in order to resolve the security and privacy issues of WMSNs. He et al. presented a user authentication protocol for healthcare applications using WMSNs to protect the security and privacy problems. However, Li et al. showed that their scheme is incorrect in authentication and session key agreement phase, has no wrong password detection mechanism and is vulnerable to denial of service caused by password change with wrong password. In this paper, we review Li et al.'s scheme and show that their scheme is still vulnerable to privileged-insider attack, sensor node capture attack and fails to provide user anonymity property. Moreover, we find that He et al.'s scheme is still vulnerable to the same attacks as we find out in Li et al.'s scheme. In order to remedy the security weaknesses found in both He et al.'s scheme and Li et al.'s scheme, we present a secure biometrics-based user authentication scheme in WMSNs using smart card. Through the rigorous formal and informal security analysis, we show that our scheme is secure against possible known attacks. In addition, we simulate our scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results reveal that our scheme is secure. Our scheme is also efficient in computation and communication as compared to He et al.'s scheme, Li et al.'s scheme and other related schemes.
DOI•
30 Apr 2017TL;DR: This work describes the ongoing efforts in Everest (The Everest VERified End-to-end Secure Transport) a project that aims to build and deploy a verified version of TLS and other components of HTTPS, replacing the current infrastructure with proven, secure software.
Abstract: The HTTPS ecosystem is the foundation on which Internet security is built. At the heart of this ecosystem is the Transport Layer Security (TLS) protocol, which in turn uses the X.509 public-key infrastructure and numerous cryptographic constructions and algorithms. Unfortunately, this ecosystem is extremely brittle, with headline-grabbing attacks and emergency patches many times a year. We describe our ongoing efforts in Everest (The Everest VERified End-to-end Secure Transport) a project that aims to build and deploy a verified version of TLS and other components of HTTPS, replacing the current infrastructure with proven, secure software.
Aiming both at full verification and usability, we conduct high-level code-based, game-playing proofs of security on cryptographic implementations that yield efficient, deployable code, at the level of C and assembly. Concretely, we use F*, a dependently typed language for programming, meta-programming, and proving at a high level, while relying on low-level DSLs embedded within F* for programming low-level components when necessary for performance and, sometimes, side-channel resistance. To compose the pieces, we compile all our code to source-like C and assembly, suitable for deployment and integration with existing code bases, as well as audit by independent security experts.
Our main results so far include (1) the design of Low*, a subset of F* designed for C-like imperative programming but with high-level verification support, and KreMLin, a compiler that extracts Low* programs to C; (2) an implementation of the TLS-1.3 record layer in Low*, together with a proof of its concrete cryptographic security; (3) Vale, a new DSL for verified assembly language, and several optimized cryptographic primitives proven functionally correct and side-channel resistant. In an early deployment, all our verified software is integrated and deployed within libcurl, a widely used library of networking protocols.
14 May 2017
TL;DR: This paper proposes EdgeSec, the design of a novel security service which is deployed at the Edge layer to enhance the security of IoT systems and demonstrates the effectiveness of EdgeSec in the context of a typical IoT application, Smart Home.
Abstract: With the widespread availability of connected smart devices, Internet of Things (IoT) is becoming the world's largest computing platform. These large-scale, heterogeneous and resource-constrained devices bring many significant new challenges to the design of efficient and reliable IoT systems. Security is one of the most crucial ones that need to be effectively addressed for the wide adoption of IoT systems. In this paper, we first present an in-depth analysis of security challenges in IoT. Then, we propose EdgeSec, the design of a novel security service which is deployed at the Edge layer to enhance the security of IoT systems. EdgeSec consists of seven major components that work together to systematically handle specific security challenges in IoT systems. Finally, the effectiveness of EdgeSec is demonstrated in the context of a typical IoT application, Smart Home.
22 Mar 2017
TL;DR: This paper explores browser extension discovery, through a non-behavioral technique, based on detecting extensions' web accessible resources, being able to detect over 50% of the top 1,000 free Chrome extensions, including popular security- and privacy-critical extensions such as AdBlock, LastPass, Avast Online Security, and Ghostery.
Abstract: Browser extensions provide a powerful platform to enrich browsing experience. At the same time, they raise important security questions. From the point of view of a website, some browser extensions are invasive, removing intended features and adding unintended ones, e.g. extensions that hijack Facebook likes. Conversely, from the point of view of extensions, some websites are invasive, e.g. websites that bypass ad blockers. Motivated by security goals at clash, this paper explores browser extension discovery, through a non-behavioral technique, based on detecting extensions' web accessible resources. We report on an empirical study with free Chrome and Firefox extensions, being able to detect over 50% of the top 1,000 free Chrome extensions, including popular security- and privacy-critical extensions such as AdBlock, LastPass, Avast Online Security, and Ghostery. We also conduct an empirical study of non-behavioral extension detection on the Alexa top 100,000 websites. We present the dual measures of making extension detection easier in the interest of websites and making extension detection more difficult in the interest of extensions. Finally, we discuss a browser architecture that allows a user to take control in arbitrating the conflicting security goals.
TL;DR: Findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.
Abstract: Purpose
The paper addresses various cyber threats and their effects on the internet. A review of the literature on intrusion detection systems (IDSs) as a means of mitigating internet attacks is presented, and gaps in the research are identified. The purpose of this paper is to identify the limitations of the current research and presents future directions for intrusion/malware detection research.
Design/methodology/approach
The paper presents a review of the research literature on IDSs, prior to identifying research gaps and limitations and suggesting future directions.
Findings
The popularity of the internet makes it vulnerable against various cyber-attacks. Ongoing research on intrusion detection methods aims to overcome the limitations of earlier approaches to internet security. However, findings from the literature review indicate a number of different limitations of existing techniques: poor accuracy, high detection time, and low flexibility in detecting zero-day attacks.
Originality/value
This paper provides a review of major issues in intrusion detection approaches. On the basis of a systematic and detailed review of the literature, various research limitations are discovered. Clear and concise directions for future research are provided.
TL;DR: The rigorous formal and informal security analysis and simulation of the proposed remote user authentication scheme using smart card for multi-server environment shows that the proposed scheme is secure against possible known attacks.
Abstract: The growth of the Internet and telecommunication technology has facilitated remote access. During the last decade, numerous remote user authentication schemes based on dynamic ID have been proposed for the multi-server environment using smart cards. Recently, Shunmuganathan et al. pointed out that Li et al.’s scheme is defenseless in resisting the password guessing attack, stolen smart card attack and forgery attack. Furthermore, they showed the poor repairability and no two-factor security in Li et al.’s scheme. To surmount these security disadvantages, Shunmuganathan et al. proposed a remote user authentication scheme using smart card for multi-server environment and claimed that their scheme is secure and efficient. In this paper, we show that Shunmuganathan et al.’s scheme is also defenseless in resisting the password guessing attack, stolen smart card attack, user impersonation attack, forgery attack, forward secrecy and session key secrecy. Moreover, the two-factor security is also not preserved in their scheme. In our proposed scheme, a user is free to choose his/her login credentials such as user id and password. And also a user can regenerate the password any time. Simultaneously the proposed scheme preserves the merits of Shunmuganathan et al.’s scheme and also provides better functionality and security features, such as mutual authentication, session key agreement and perfect forward secrecy. The security analysis using the widely accepted Burrows–Abadi–Needham logic shows that the proposed scheme provides the mutual authentication proof between a user and a server. Through the rigorous formal and informal security analysis, we show that the proposed scheme is secure against possible known attacks. In addition, we carry out the simulation of the proposed scheme using the most-widely accepted and used Automated Validation of Internet Security Protocols and Applications tool and the simulation results clearly indicate that our scheme is secure.
TL;DR: This survey on energy-efficient mechanisms used in IoT security services goes further than the previous surveys which focus more on the energy- efficient solutions themselves, and is the first work that tackles IoT security from this perspective.
26 Mar 2017
TL;DR: The different applications of IOT and the security threats involved are discussed, including the threat to privacy, which is always a threat to the authors' privacy.
Abstract: Today, the world is influenced by new emerging technologies. As a result we are surrounded by a number of smart devices. These smart devices make our life easy and convenient. On the contrary, we are exposed to a number of threats and cyber attacks. There is always a threat to our privacy. In this paper, we discuss the different applications of IOT and the security threats involved.