scholarly journals Multi-level authentication protocol for enabling secure communication in IoT

2021 ◽  
Author(s):  
Khushal Singh ◽  
Nanhay Singh
Keyword(s):  
Secure Communication ◽  
Denial Of Service ◽  
Authentication Protocol ◽  
Communication Overhead ◽  
Simulation Environment ◽  
Dos Attacks ◽  
Multi Level ◽  
Two Phases ◽  
Hashing Function ◽  
Registration Phase

Abstract Internet of Things (IoT) is the domain of interest for the researchers at the present with the exponential growth in technology. Security in IoT is a prime factor, which highlights the need for authentication to tackle various attackers and hackers. Authentication is the process that uniquely identifies the incoming user and this paper develops an authentication protocol based on the chebyshev polynomial, hashing function, session password, and Encryption. The proposed authentication protocol is named as, proposed Elliptic, chebyshev, Session password, and Hash function (ECSH)-based multilevel authentication. For authenticating the incoming user, there are two phases, registration and authentication. In the registration phase, the user is registered with the server and Authentication center (AC), and the authentication follows, which is an eight-step criterion. The authentication is duly based on the scale factor of the user and server, session password, and verification messages. The authentication at the eight levels assures the security against various types of attacks and renders secure communication in IoT with minimal communication overhead and packet-loss. The performance of the method is analyzed using black-hole and Denial-of-service (DOS) attacks with 50 and 100 nodes in the simulation environment. The proposed ECSH-based multilevel authentication acquired the maximal detection rate, PDR, and QOS of 15.2%, 35.7895%, and 26.4623%, respectively in the presence of 50 nodes and DOS attacks, whereas the minimal delay of 135.922 ms is acquired in the presence of 100 nodes and DOS attacks.

scholarly journals Using FDAD to Prevent DAD Attack in SEcure Neighbor Discovery Protocol

2020 ◽  
Vol 2020 ◽  
pp. 1-15
Author(s):  
Guangjia Song ◽  
Hui Wang ◽  
Fuquan Liu
Keyword(s):  
Tracking System ◽  
Denial Of Service ◽  
Communication Overhead ◽  
Neighbor Discovery ◽  
Dos Attacks ◽  
Feedback Information ◽  
Denial Of Service Attack ◽  
Ipv6 Address ◽  
Service Attack ◽  
Malicious Host

The It is very important for the corresponding author to have a linked ORCID (Open Researcher and Contributor ID) account on MTS. To register a linked ORCID account, please go to the Account Update page (http://mts.hindawi.com/update/) in our Manuscript Tracking System and after you have logged in click on the ORCID link at the top of the page. This link will take you to the ORCID website where you will be able to create an account for yourself. Once you have done so, your new ORCID will be saved in our Manuscript Tracking System automatically."?>SEND uses CGA as its address configuration method. CGA binds the IPv6 address with multiple auxiliary parameters, thereby making the dependency relationship between IPv6 address and host provable, which prevents address embezzlement. Owing to the considerable overhead in CGA parameter verification, the malicious host can use this point to carry out DoS attacks. To prevent DoS, the paper proposes a new duplicate address detection method in an SDN environment called FDAD. Two additional mechanisms are added to the FDAD, namely, query and feedback; messages used by the new mechanisms are also designed. Through these two mechanisms, on the one hand, the host can query the MAC address of the suspect host to the controller. On the other hand, if the CGA parameter verification fails, the controller will use feedback information to suppress malicious host from its source port in order to prevent subsequent attacks. Experiments show that the CPU overhead of FDAD is much lower than the normal CGA when suffering Denial of Service attack. The increased CPU consumption and memory overhead of the controller are also within acceptable range, and the network communication overhead is greatly reduced.

scholarly journals Is Secure Communication in the R2I (Robot-to-Infrastructure) Model Possible? Identification of Threats

Energies ◽  
2021 ◽  
Vol 14 (15) ◽  
pp. 4702
Author(s):  
Karolina Krzykowska-Piotrowska ◽  
Ewa Dudek ◽  
Mirosław Siergiejczyk ◽  
Adam Rosiński ◽  
Wojciech Wawrzyński
Keyword(s):  
Secure Communication ◽  
Denial Of Service ◽  
Ieee 802.11P ◽  
Dos Attacks ◽  
New Approach ◽  
Dedicated Short Range Communications ◽  
Man In The Middle ◽  
Satellite Signal ◽  
Vehicle To Infrastructure

The increase in the role of companion robots in everyday life is inevitable, and their safe communication with the infrastructure is one of the fundamental challenges faced by designers. There are many challenges in the robot’s communication with the environment, widely described in the literature on the subject. The threats that scientists believe have the most significant impact on the robot’s communication include denial-of-service (DoS) attacks, satellite signal spoofing, external eavesdropping, spamming, broadcast tampering, and man-in-the-middle attacks. In this article, the authors attempted to identify communication threats in the new robot-to-infrastructure (R2I) model based on available solutions used in transport, e.g., vehicle-to-infrastructure (V2I), taking into account the threats already known affecting the robot’s sensory systems. For this purpose, all threats that may occur in the robot’s communication with the environment were analyzed. Then the risk analysis was carried out, determining, in turn, the likelihood of potential threats occurrence, their consequence, and ability of detection. Finally, specific methods of responding to the occurring threats are proposed, taking into account cybersecurity aspects. A critical new approach is the proposal to use communication and protocols so far dedicated to transport (IEEE 802.11p WAVE, dedicated short-range communications (DSRC)). Then, the companion’s robot should be treated as a pedestrian and some of its sensors as an active smartphone.

scholarly journals Cybersecurity for next generation healthcare in Qatar

2021 ◽  
Vol 2021 (2) ◽  
Author(s):  
Mohammad Zubair ◽  
Devrim Unal ◽  
Abdulla Al-Ali ◽  
Thomas Reimann ◽  
Guillaume Alinier
Keyword(s):  
Deep Learning ◽  
Management System ◽  
Secure Communication ◽  
Identity Management ◽  
Detection System ◽  
Denial Of Service ◽  
Learning System ◽  
Dos Attacks ◽  
Privacy And Security ◽  
Identity Management System

Background: IoMT (Internet of Medical Things) devices (often referred to IoMT domain) have the potential to quickly diagnose and monitor patients outside the hospital by transmitting information through the cloud domain using wireless communication to remotely located medical professionals (user domain). shows the proposed IoMT framework designed to improve the privacy and security of the healthcare infrastructure. Methods: The framework consists of four modules: 1. Intrusion Detection System (IDS) using deep learning (DL) to identify bluetooth-based Denial-of-Service (DoS)-attacks on IoMT devices and is deployed on edge-computing to secure communication between IoMT and edge. 2. IDS is backed up with identity-based cryptography to encrypt the data and communication path. 3. Besides the identity-management system (to authenticate users), it is modeled with aliveness detection using face authentication techniques at the edge to guarantee the confidentiality, integrity, and availability (CIA) of the framework. 4. At the cloud level, another IDS using MUSE (Merged-Hierarchical-Deep-Learning-System-with-Layer-Reuse) is proposed to protect the system against Man-In-The-Middle attacks, while the data is transferred between IoMT-EDGE-CLOUD. Results: These four modules are developed independently by precisely analyzing dependencies. The performance of IDS in terms of precision is 99% and for the identity-management system, the time required to encrypt and decrypt 256-bit key is 66 milliseconds and 220 milliseconds respectively. The true positive rate is 90.1%, which suggests real-time detection and authentication rate. IDS (2) using MUSE (12-layer) the accuracy is >95%, and it consumes 15.7% to 27.63% less time to train than the smaller four-layer model. Conclusion: Our designed models suit edge devices and cloud-based cybersecurity systems and support the fast diagnosis and care required by critically ill patients in the community.

scholarly journals AN INTELLIGENT SOFTWARE DEFINED NETWORKING CONTROLLER COMPONENT TO DETECT AND MITIGATE DENIAL OF SERVICE ATTACKS

2020 ◽  
Vol 20 ◽  
Author(s):  
Huseyin Polat ◽  
Onur Polat
Keyword(s):  
Network Performance ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Security Threats ◽  
Simulation Environment ◽  
Dos Attacks ◽  
Device Identification ◽  
Intelligent Software ◽  
And Performance ◽  
Sdn Controller

Despite many advantages of software defined networking (SDN) such as manageability, scalability, and performance, it has inherent security threats. In particular, denial of service (DoS) attacks are major threats to SDN. The controller’s processing and communication abilities are overwhelmed by DoS attacks. The capacity of the flow tables in the switching device is exhausted due to excess flows created by the controller because of malicious packets. DoS attacks on the controller cause the network performance to drop to a critical level. In this paper, a new SDN controller component was proposed to detect and mitigate DoS attacks in the SDN controller. POX layer three controller component was used for underlying a testbed for PacketIn messages. Any packet from the host was incremented to measure the rate of packet according to its device identification and its input port number. Considering the rate of packets received by the controller and threshold set, malicious packets could be detected and mitigated easily. A developed controller component was tested in a Mininet simulation environment with an hping3 tool to build artificial DoS attacks. Using the enhanced controller component, DoS packets were prevented from accessing the controller and thus, the data plane (switching devices) was prevented from being filled with unwanted flows.

scholarly journals Analysis of Attack Scenarios in Trust Authentication Protocols

2019 ◽  
Vol 9 (2S2) ◽  
pp. 848-858
Keyword(s):  
Black Hole ◽  
Wireless Sensor Network ◽  
Sensor Network ◽  
Secure Communication ◽  
Authentication Protocol ◽  
Secure Routing ◽  
Wireless Sensor ◽  
Simulation Environment ◽  
Authentication Protocols ◽  
Perfect Security

The inducing popularity of Wireless Sensor Network (WSN) is more concern with security factors. Secure communication is essential for demanding applications of WSN. Authentication being the crucial service due to deployment of nodes in unattended environment, this paper focus on analysis of popular trust authentication protocols such Trust Aware Routing Framework (TARF), Trust Aware Secure Routing Framework (TSRF), Trust Based Routing Scheme (TRS), Trust Guaranteed Routing (TGR) and Pair Key Based Trust Authentication Protocol (PTAP). Their performance is measured in sample simulation environment. To ensure perfect security in terms of authentication service, analysis of attack scenarios are performed. To implement this, fake attacks are created and the remaining number of legitimate nodes is measured in presence of attacks such as Sybil, black hole, replication and tampering. The analysis results in showing how each protocol withstand with different attack scenarios.

scholarly journals A Secure Protocol against Selfish and Pollution Attacker Misbehavior in Clustered WSNs

Electronics ◽  
2021 ◽  
Vol 10 (11) ◽  
pp. 1244
Author(s):  
Hana Rhim ◽  
Damien Sauveron ◽  
Ryma Abassi ◽  
Karim Tamine ◽  
Sihem Guemara
Keyword(s):  
Denial Of Service ◽  
Base Station ◽  
Hierarchical Organization ◽  
Secure Routing ◽  
Sensor Nodes ◽  
Dos Attacks ◽  
Linear Network ◽  
Secure Protocol ◽  
Misbehaving Nodes ◽  
Pollution Attacks

Wireless sensor networks (WSNs) have been widely used for applications in numerous fields. One of the main challenges is the limited energy resources when designing secure routing in such networks. Hierarchical organization of nodes in the network can make efficient use of their resources. In this case, a subset of nodes, the cluster heads (CHs), is entrusted with transmitting messages from cluster nodes to the base station (BS). However, the existence of selfish or pollution attacker nodes in the network causes data transmission failure and damages the network availability and integrity. Mainly, when critical nodes like CH nodes misbehave by refusing to forward data to the BS, by modifying data in transit or by injecting polluted data, the whole network becomes defective. This paper presents a secure protocol against selfish and pollution attacker misbehavior in clustered WSNs, known as (SSP). It aims to thwart both selfish and pollution attacker misbehaviors, the former being a form of a Denial of Service (DoS) attack. In addition, it maintains a level of confidentiality against eavesdroppers. Based on a random linear network coding (NC) technique, the protocol uses pre-loaded matrices within sensor nodes to conceive a larger number of new packets from a set of initial data packets, thus creating data redundancy. Then, it transmits them through separate paths to the BS. Furthermore, it detects misbehaving nodes among CHs and executes a punishment mechanism using a control counter. The security analysis and simulation results demonstrate that the proposed solution is not only capable of preventing and detecting DoS attacks as well as pollution attacks, but can also maintain scalable and stable routing for large networks. The protocol means 100% of messages are successfully recovered and received at the BS when the percentage of lost packets is around 20%. Moreover, when the number of misbehaving nodes executing pollution attacks reaches a certain threshold, SSP scores a reception rate of correctly reconstructed messages equal to 100%. If the SSP protocol is not applied, the rate of reception of correctly reconstructed messages is reduced by 90% at the same case.

scholarly journals Drone Secure Communication Protocol for Future Sensitive Applications in Military Zone

Sensors ◽  
2021 ◽  
Vol 21 (6) ◽  
pp. 2057
Author(s):  
Yongho Ko ◽  
Jiyoon Kim ◽  
Daniel Gerbi Duguma ◽  
Philip Virgil Astillo ◽  
Ilsun You ◽  
...  
Keyword(s):  
Performance Evaluation ◽  
Secure Communication ◽  
Communication Protocol ◽  
Denial Of Service ◽  
Mutual Authentication ◽  
Information Leakage ◽  
Security Protocol ◽  
Security Requirements ◽  
Forward Secrecy ◽  
Perfect Forward Secrecy

Unmanned Aerial Vehicle (UAV) plays a paramount role in various fields, such as military, aerospace, reconnaissance, agriculture, and many more. The development and implementation of these devices have become vital in terms of usability and reachability. Unfortunately, as they become widespread and their demand grows, they are becoming more and more vulnerable to several security attacks, including, but not limited to, jamming, information leakage, and spoofing. In order to cope with such attacks and security threats, a proper design of robust security protocols is indispensable. Although several pieces of research have been carried out with this regard, there are still research gaps, particularly concerning UAV-to-UAV secure communication, support for perfect forward secrecy, and provision of non-repudiation. Especially in a military scenario, it is essential to solve these gaps. In this paper, we studied the security prerequisites of the UAV communication protocol, specifically in the military setting. More importantly, a security protocol (with two sub-protocols), that serves in securing the communication between UAVs, and between a UAV and a Ground Control Station, is proposed. This protocol, apart from the common security requirements, achieves perfect forward secrecy and non-repudiation, which are essential to a secure military communication. The proposed protocol is formally and thoroughly verified by using the BAN-logic (Burrow-Abadi-Needham logic) and Scyther tool, followed by performance evaluation and implementation of the protocol on a real UAV. From the security and performance evaluation, it is indicated that the proposed protocol is superior compared to other related protocols while meeting confidentiality, integrity, mutual authentication, non-repudiation, perfect forward secrecy, perfect backward secrecy, response to DoS (Denial of Service) attacks, man-in-the-middle protection, and D2D (Drone-to-Drone) security.

scholarly journals A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Shanshan Yu ◽  
Jicheng Zhang ◽  
Ju Liu ◽  
Xiaoqing Zhang ◽  
Yafeng Li ◽  
...  
Keyword(s):  
Ensemble Learning ◽  
Denial Of Service ◽  
Attack Detection ◽  
Coarse Grained ◽  
Communication Overhead ◽  
Detection Scheme ◽  
Fine Grained ◽  
Ddos Attack ◽  
Network Status ◽  
Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

scholarly journals Secure and DoS-Resilient Fragment Authentication in CCN-Based Vehicular Networks

2018 ◽  
Vol 2018 ◽  
pp. 1-12
Author(s):  
Sangwon Hyun ◽  
Hyoungshick Kim
Keyword(s):  
Vehicular Networks ◽  
Denial Of Service ◽  
Content Delivery ◽  
Dos Attacks ◽  
Promising Alternative ◽  
Content Centric Networking ◽  
Transmission Unit ◽  
Communication Environments ◽  
Maximum Transmission

Content-Centric Networking (CCN) is considered as a promising alternative to traditional IP-based networking for vehicle-to-everything communication environments. In general, CCN packets must be fragmented and reassembled based on the Maximum Transmission Unit (MTU) size of the content delivery path. It is thus challenging to securely protect fragmented packets against attackers who intentionally inject malicious fragments to disrupt normal services on CCN-based vehicular networks. This paper presents a new secure content fragmentation method that is resistant to Denial-of-Service (DoS) attacks in CCN-based vehicular networks. Our approach guarantees the authenticity of each fragment through the immediate fragment verification at interim nodes on the routing path. Our experiment results demonstrate that the proposed approach provides much stronger security than the existing approach named FIGOA, without imposing a significant overhead in the process. The proposed method achieves a high immediate verification probability of 98.2% on average, which is 52% higher than that of FIGOA, while requiring only 14% more fragments than FIGOA.

Sign in / Sign up

Export Citation Format

Share Document