Abdelkader Lahmadi

Outsourcing Mobile Security in the Cloud

In order to prevent attacks against smartphones and tablets, dedicated security applications are deployed on the mobile devices themselves. However, these applications may have a significant impact on the device resources. Users may be tempted to uninstall or disable them with the objective of increasing battery lifetime and avoiding configuration operations and updates. In this paper, we propose a new approach for outsourcing mobile security functions as cloud-based services. The outsourced functions are dynamically activated, configured and composed using software-defined networking and virtualization capabilities. We detail also preliminary results and point out future research efforts.

Topological analysis and visualisation of network monitoring data: Darknet case study

Network monitoring is a primordial source of data in cyber-security since it may reveal abnormal behaviors of users or applications. Indeed, security analysts and tools like IDS (Intrusion Detection system) or SIEM (security information and event management) rely on them as a single source of information or combined with others. In this paper, we propose a visualisation method derived from the Mapper algorithm that has been developed in the field of Topological Data Analysis (TDA). The developed method and its associated tool are able to analyze a large number of IP packets in order to make malicious activities patterns easily observable by security analysts. We applied our method to darknet data, i.e. from an entire and supposed not used subnetwork in Internet and we have found that those observable patterns have been missed by Suricata, a widely used State-of-the-Art IDS.

Named data aggregation in wireless sensor networks

In this paper, we present a novel named data aggregation method dedicated to wireless sensor networks. The method relies on an adaptation of the CCNx protocol implementation that we have extended with in-network processing functions to aggregate named data efficiently. We have implemented and tested our solution with the Contiki operating system which is an operating system for resources-constrained embedded systems and wireless sensor networks. Our simulation and measurement results using the Cooja simulator and physical nodes show that our solution has a small overhead in terms of exchanged messages and provides acceptable data retrieval delays.

Measurement-based Analysis of the Effect of Duty Cycle in IEEE 802.15.4 MAC Performance

IEEE 802.15.4 protocol stack is the basis of many wireless sensor networks (WSN) and has been proposed for low data rate and low power applications. The standard defines a duty cycle in order to allow devices to achieve efficient energy consumption. Defining the best duty cycle configuration becomes important to extend the network life time. Several works have been done in order to study the behavior of the protocol when considering duty cycle configuration and how this configuration impacts its performance parameters. Usually, the analysis is evaluated by using simulation tools. The objective of this paper is to bring an analysis of the IEEE 802.15.4 duty cycle when considering a real scenario over TinyOS and Telosb motes instead of using a simulation approach. We show through measurement how duty cycle impacts in performance metrics such as average delay and packet drop rate in realistic scenarios.

A platform for the analysis and visualization of network flow data of android environments

In this demo, we present a monitoring platform dedicated to the collection, storage, analysis and visualization of logs and network flow data of mobile applications. The platform relies on a set of on-device probes to monitor network and system activities of these applications. The data are collected from these probes and parsed through generic and flexible collectors relying on Flume agents that we have adapted and extended. We are storing the collected data using a column oriented Hbase storage engine which is the Hadoop database. Finally, after being parsed, the data are made available within the Elasticsearch engine to search and visualize them using the Kibana tool.

Monitoring and Securing New Functions Deployed in a Virtualized Networking Environment

Network operators are currently very cautious before deploying a new network equipment. This is done only if the new networking solution is fully monitored, secured and can provide rapid revenues (short Return of Investment). For example, the NDN (Named Data Networking) solution is admitted as promising but still uncertain, thus making network operators reluctant to deploy it. Having a flexible environment would allow network operators to initiate the deployment of new network solutions at low cost and low risk. The virtualization techniques, appeared a few years ago, can help to provide such a flexible networking architecture. However, with it, emerge monitoring and security issues which should be solved. In this paper, we present our secure virtualized networking environment to deploy new functions and protocol stacks in the network, with a specific focus on the NDN use-case as one of the potential Future Internet technology. As strong requirements for a network operator, we then focus on monitoring and security components, highlighting where and how they can be deployed and used. Finally, we introduce our preliminary evaluation, with a focus on security, before presenting the test bed, involving end-users consuming real contents, that we will set up for the assessment of our approach.

Towards performance analysis of wireless sensor networks using Process Mining Techniques

Performance analysis of wireless sensor networks is a difficult task because of the high dynamic of networks and the use of duty-cycled MAC protocols. Markov-based modelling is an interesting approach to deal with this problem. However, existing Markov-based analytic models, being MAC protocol-centric rather than network-centric, work under strong assumptions and do not allow to encompassing important network parameters like radio channel fading and capture effect, or actual implementation optimizations (not always specified in the protocol description). In this paper we propose a novel approach to obtain a Markov chain model for networks running different MAC protocols by means of Process Mining Techniques. We present the main aspects of our approach together with the results obtained for the standard IEEE 802.15.4. The obtained Markov model can be used to evaluate various performance parameters. The approach can also be extended to a wider range of protocols.

Combining Analytical and Simulation Approaches for Estimating End-to-End Delay in Multi-hop Wireless Networks

In this work, we present an empirical support of an analytical approach which employs a frequency domain analysis for estimating end-to-end delay in multi-hop networks. The proposed analytical results of the end-to-end delay distribution are validated through simulation and compared with queueing based analysis by defining two concrete scenarios. Our results demonstrate that an analytical prediction schema is insufficient to provide an adequate estimation of the end-to-end delay distribution function, but it requires to be combined with a simulation method for detailed links and nodes latencies distribution.

Automated verification of security chains in software-defined networks with synaptic

Software-defined networks provide new facilities for deploying security mechanisms dynamically. In particular, it is possible to build and adjust security chains to protect the infrastructures, by combining different security functions, such as firewalls, intrusion detection systems and services for preventing data leakage. It is important to ensure that these security chains, in view of their complexity and dynamics, are consistent and do not include security violations. We propose in this paper an automated strategy for supporting the verification of security chains in software-defined networks. It relies on an architecture integrating formal verification methods for checking both the control and data planes of these chains, before their deployment. We describe algorithms for translating specifications of security chains into formal models that can then be verified by SMT1 solving or model checking. Our solution is prototyped as a package, named Synaptic, built as an extension of the Frenetic family of SDN programming languages. The performances of our approach are evaluated through extensive experimentations based on the CVC4, veriT, and nuXmv checkers.

Extracting Markov chain models from protocol execution traces for end to end delay evaluation in wireless sensor networks

Many WSN industrial applications impose requirements in terms of end to end delay. However, the end to end delay estimation in WSNs is not a simple task because of the high dynamic of networks, the use of duty-cycled MAC protocols as well as the impact of the routing protocols. Markov-based modelling is an interesting approach to deal with this problem aiming to provide an analytical model useful for understanding protocols behavior and to estimate the end to end delay, among other performance parameters. However, existing Markov-based analytic models abstract the reality simplifying the analysis and thus resulting models are not accurate enough for estimating the end to end delay. Furthermore, establishing an accurate Markov model using classic approaches is very difficult considering the highly dynamic behavior of the sensor nodes. In this paper, we propose a novel approach to obtain the Markov chain model of sensor nodes by means of Process Mining techniques through the code execution trace. End to end delay is then computed based on this Markov chain. Experimentations were done using IoT-LAB testbed platform. Comparisons in terms of delay are presented for two different metrics of the RPL protocol (hop count and ETX).