BANBAD

Anomaly detection is an important aspect of any security mechanism. We present an efficient anomaly detection algorithm, named BANBAD. Using Belief Networks (BNs), the algorithm identifies abnormal behavior of a feature, like inappropriate energy consumption of a node in a network. By applying structure learning techniques to training dataset, BANBAD establishes a joint probability distribution among relevant features, such as average velocity, displacement, local computation and communication time, energy consumption, and response time of a node of the network. A directed acyclic graph (DAG) is used to represent the features and their dependencies. Using a training process, BANBAD maintains dynamic, updated profiles of network node behaviors and uses specific Bayesian inference algorithm to distinguish abnormal behavior during testing. BANBAD works especially well in ad hoc networks. Extensive simulation results demonstrate that a centralized BANBAD achieves low false alarm rates, below 5%, and high detection rates, greater than 95%. We also show that BANBAD detects anomaly efficiently and accurately in two real datasets. The key for achieving such high performance is bounding the false alarm rate at certain predefined threshold value. By fine-tuning at the threshold, we can achieve high detection rate as well.

Security and Attacks in Wireless Sensor Networks

Understanding data security is crucial to the daily operation of Wireless Sensor Networks (WSNs) as well as to the further advancement of security solutions in the research community. Unlike many surveys in literature that handle the topic in close relationship to a particular communication protocol, we provide a general view of vulnerabilities, attacks, and countermeasures in WSNs, enabling a broader audience to benefit from the presented material. We compare salient characteristics and applications of common wireless technologies to those of WSNs. As the main focus of the chapter, we thoroughly describe the characteristics of attacks and their countermeasures in WSNs. In addition, we qualitatively illustrate the multi-dimensional relationship among various properties including the effectiveness of these attacks (i.e., caused damage), the resources needed by adversaries to accomplish their intended attacks (i.e., consumed energy and time), and the resources required to defend against these attacks (i.e., energy overhead).

Security Assessment of Networks

In this chapter, a novel performance model for assessing security of a layered network has been proposed. The work is motivated by the fact that there is a need for a reference framework to account for all threats to a networked system. There are few such models available, and one of them is recommended by the International Telecommunications Union (ITU). The proposed assessment model is based on the ITU security framework, recommended in the ITU-T Recommendation X.805. We employ this model to quantify network security against five threat categories mentioned in the recommendations. The quantification has been done based on the recommended measures against all threats. A threat vector has been proposed that defines required measures for a particular threat category. Other vectors, such as the security implementation vector define how effectively these measures are implemented in a given device, system, or network. As a simple application of the proposed model, the security provided by the IEEE 802.15.4 standard is analyzed, viewing it as an ‘end-to-end’ system (e.g., for ad hoc sensor network applications). The proposed security assessment model can be applied to any type of network (wireless, wired, optical, service oriented, transport, etc.). The model can be employed to obtain security assessment in the form of five security metrics, one for each threat category (destruction, corruption, removal, disclosure, and interruption). An expression for the overall security against all threats has also been derived.

Privacy Preserving Data Gathering in Wireless Sensor Network

Sensor devices provide sophisticated services in collecting data in various applications, some of which are privacy sensitive; others are ordinary. This chapter emphasizes the necessity and some mechanisms of privacy preserving data gathering techniques in wireless sensor network communication. It also introduces a new solution for privacy preserving data gathering in wireless sensor networks. By using perturbation technique in a semi-trusted server model, this new solution is capable of reducing a significant amount of computation in data collection process. In this technique, data of a sensor is perturbed into two components which are unified into two semi-trusted servers. Servers are assumed not to collude each other. Neither of them have possession of any individual data. Therefore, they cannot discover individual data. There are many real life applications in which the proposed model can be applied. Moreover, this chapter also shows a technique to collect grouped data from distributed sources keeping the privacy preserved. Security proofs show that any of the servers or any individual sensor neither can discover any individual data nor can associate any data to an individual sensor. Thus, the privacy of individual data is preserved.

Network Security Auditing

As people increasingly rely on computer systems and networks for services such as online banking, online shopping, and socialization, information security for identity protection and privacy has become more important today than ever. Businesses and organizations are also obligated to provide such security to comply with state and federal laws and regulations. Managing security risks and ensuring compliance with information security regulations and industry standards have become important for businesses and organizations. Security auditing is an effective process to assess policies, procedures, and controls in identifying risks associated with networks and various operating systems. This chapter emphasizes network security audits and discusses various auditing procedures and technologies to identify and examine threats and vulnerabilities in computer networks, and to determine how to assess and manage risk posed to a network.

Key Management

In secure communications, key management is not as simple as metal key management which is supposed to be in a key ring or simply put in a pocket. Suppose Alice wants to transmit some confidential information to Bob over the public networks such as the Internet, Alice could simply encrypt the message using a known cipher such as AES, and then transmit the ciphertext to Bob. However, in order to enable Bob to decrypt the ciphertext to get the original message, in traditional cipher system, Bob needs to have the encryption key. How to let Alice securely and efficiently transmit the encryption key to Bob is a problem of key management. An intuitive approach would be to use a secure channel for the key transmission; this worked in earlier years, but is not a desirable solution in today’s electronic world. Since the invention of public key cryptography, the key management problem with respect to secret key transmission has been solved, which can either employ the Diffie-Hellman key agreement scheme or to use a public key cryptographic algorithm to encrypt the encryption key (which is often known as a session key). This approach is secure against passive attacks, but is vulnerable against active attacks (more precisely the man-in-the-middle attacks). So there must be a way to authenticate the identity of the communication entities. This leads to public key management where the public key infrastructure (PKI) is a typical set of practical protocols, and there is also a set of international standards about PKI. With respect to private key management, it is to prevent keys to be lost or stolen. To prevent a key from being lost, one way is to use the secret sharing, and another is to use the key escrow technique. Both aspects have many research outcomes and practical solutions. With respect to keys being stolen, another practical solution is to use a password to encrypt the key. Hence, there are many password-based security protocols in different applications. This chapter presents a comprehensive description about how each aspect of the key management works. Topics on key management covered by this chapter include key agreement, group-based key agreement and key distribution, the PKI mechanisms, secret sharing, key escrow, password associated key management, and key management in PGP and UMTS systems.

Security Issues for Multi-Domain Resource Reservation

The chapter is completed with a case study on the authentication and authorization framework designed in the context of a Pan-European network resource reservation service, in the Geant academic and research network.

Public Key Infrastructure

Electronic forms of communications are becoming increasingly pervasive. The Internet links not only senders and receivers of e-mail, but also consumers to suppliers, businesses to businesses, citizens to governments, and so forth. The potential for communications to be intercepted, hijacked, emulated, or otherwise manipulated for nefarious purposes is an area of grave concern. The security of message traffic relies heavily upon encryption. Encryption relies upon keys. Public key infrastructure (PKI) addresses keys – how they are used, how they are exchanged, and how they are validated. Furthermore, public key cryptography provides confidentiality, integrity, authentication, and non-repudiation. In general, PKI is a broad subject matter and is constantly evolving to meet the rapid growth in today’s information world. This chapter is intended to reveal the mystery, and perhaps misconceptions, of the PKI as well as offering readers a broad high-level view of the PKI.

Healthcare Employees and Passwords

The healthcare industry has benefitted from its employees’ ability to view patient data, but at the same time, this access allows for patient’s healthcare records to be easily captured or stolen. Although access to and transmission of patient data may improve care, increase delivery time of services, and reduce healthcare costs, security of that information may be jeopardized due to the innocent sharing of personal and non-personal data with the wrong person. Through the tactic of social engineering, hackers are able to obtain information from employees that may allow them access into the hospitals networked information system. In this study, we simulated a social engineering attack in hospitals of varying sizes with the goal of obtaining employees passwords. If employees are willing to share their passwords, serious questions and concerns about the state of employee security awareness within the healthcare system must be raised.

Basic Device and Protocol Security

Security texts often focus on encryption techniques, firewalls and security for servers. Often missing are the inherent weaknesses in the very building blocks of modern local area networks. This chapter discusses the devices and protocols common to every single production network running today in terms of their basic security vulnerabilities and provides some techniques for reducing security threats. Specifically, this chapter will cover the operation of routers, switches and access points with a brief mention of hubs. Protocols covered will include the spanning tree, internet control message, address resolution, management, and routing protocols. Packet captures and screenshots will be used to illustrate some of the protocols.