Inshil Doh

Denial-of-service (DoS) detection through practical entropy estimation on hierarchical sensor networks

Wireless sensor networks face acute security concerns in applications. To achieve security in sensor networks, it is important to be able to defend against denial-of-service (DoS) attack recently considered as an extremely threatening attack. In this paper, we propose a DoS detection method via practical entropy estimation on hierarchical sensor networks reflecting the resource constraints of sensors. In order to enhance the accuracy of detection even in the various deployments of attack agents, we deploy hierarchically entropy estimators according to network topology, and a main estimator synthesizes localized computation. This entropy estimator is simplified by only multiplication calculation instead of logarithm, in addition to providing higher estimation precision of entropy compared to the conventional entropy estimation. Our simulation results indicate that this hierarchical defense is a feasible method

An efficient defense mechanism for spoofed IP attack in SDN based CDNi

In recent years enhancing the capability of network services automatically and dynamically through SDN and CDN/CDNi networks has become a new field of research. These future network architectures pose both a blessing and a threat in the network field. Such network architectures can optimize the overall network services by analyzing the topology, traffic paths, packet handling and so on and also can create a potential target for spoofed IP attacks. We, therefore, propose an architecture for an SDN based CDNi network to detect spoofed ip and create a defense against attacks created by them. We also propose ALTO like servers in our architecture which enable mapping a very big network to provide a summarized view. In the ALTO server we propose an additional map named the mark map as a mechanism to detect spoofed IP addresses. SDN switches are utilized to extract rules associated with the ALTO server mark map and follow a mechanism of spoofed IP detection fed to them by the SDN controller application layer.

Secure Authentication for Structured Smart Grid System

An important application area for M2M (Machine to Machine) or IoT (Internet of Things) technology is smart grid system which plays an important role in electric power transmission, electricity distribution, and demand-driven control for the energy. To make the smart grid system more reliable and stable, security is the major issue to be provided with the main technologies. In this work, we propose an authentication mechanism between the utility system and the smart meters which gather the energy consumption data from electrical devices in layered smart grid system. Our proposal enhances the smart grid system integrity, availability and robustness by providing security with low overhead.

Key Establishment and Management for Secure Cellular Machine-to-Machine Communication

M2M(Machine-to-Machine) communication is considered to be one of the major issues in future network. Especially, M2M will bring various benefits in wireless communications when it is interconnected with cellular network. Considering the characteristics of cellular M2M network, traditional security solutions are not practical to apply because the cellular M2M network is more vulnerable to various attacks. In this work, we consider security aspects for cellular M2M communication and propose a key management. Our proposal can provide reliability and efficiency for secure cellular M2M communication network.

An Improved Security Approach Based on Kerberos for M2M Open IPTV System

Open IPTV has attracted considerable attention and is expected to bring great changes in the IPTV service area. However, because of its openness and IP network characteristics, security is one of the major issues hindering its commercialization. For IPTV, several security mechanisms for user authentication and content protection have been applied to make the service reliable. These traditional security mechanisms cannot be adopted in the IPTV area, because in the many-to-many environment the security and hence the system performance is influenced by numerous factors. In our work, we propose a mechanism for secure user authentication and key distribution based on Kerberos for open IPTV and for secure M2M three-screen service in home networks. Our proposal provides an efficient authentication process and secure transfer of contents among users, and it further decreases the authentication time compared with the other mechanisms.

Key establishment and authentication mechanism for secure sensor networks

For secure sensor network communication, we propose a key establishment mechanism applying polynomial-based key predistribution scheme under the clustered sensor network architecture, and propose authentication mechanism. Every pair of neighboring nodes can calculate its own pairwise key using polynomial shares predistributed. Gateway nodes interconnecting the clusters play the role of stepping stones. For hop-by-hop authentication, every node adds MAC computed using pairwise key between its upstream node and itself. Broadcast authentication can be achieved using one-time digital signature.

Radio Resource Management Scheme for Relieving Interference to MUEs in Relay-Based Cellular Networks

Relay nodes (RNs) have been recently introduced as a cost-effective solution to achieve ubiquitous high data rates in cellular networks. By providing a two-hop link between evolved nodeB (eNB) and user equipment (UE), RNs can improve the UEs signal-to-interference-plus-noise ratio (SINR) and throughput. A typical relay-based cellular network is comprised of macro UEs (MUEs) that are served directly by eNB and relay UEs (RUEs) that are served via RNs. The performance of the entire network is degraded if the interference between RNs and MUEs is not carefully managed. In this paper, we propose a radio resource management scheme that effectively exploits the advantages of RNs without causing severe interference to MUEs, which yields a better overall network and cell-edge user throughput. To improve channel quality of MUEs located nearby RNs, the proposed scheme determines a specific set of subchannels to be used by each RN. Second, the proposed scheme assigns subchannels to UEs and RNs considering channel quality, average UE data rate, and the number of required subchannels at RNs. For resource allocation, we formulate a binary integer linear programming (BILP) problem and propose a novel heuristic algorithm to reduce its computational complexity. Our simulation results show that the heuristic algorithm achieves similar performance with the BILP. In addition, we discuss a detailed procedure for control signal exchange and data transmission and analyze the lower bound of SINR gain of MUEs obtained from the proposed scheme. It has been shown that the proposed scheme improves the overall network throughput and the cell-edge user throughput compared with existing schemes.

Multi-defense Mechanism against DDoS in SDN Based CDNi

Lately enhancing the capability of network services automatically and dynamically through SDN and CDN/CDNi networks has become a recent topic of research. While, in one hand, these systems can be very beneficial to control and optimize the overall network services that studies the topology, traffic paths, packet handling and such others, on the other hand, the servers in such architectures can also be a potential target for DoS and/or DDoS attacks. We, therefore, propose a mechanism for the SDN based CDNi networks to securely deliver services with a multi-defense strategy against DDoS attacks. Addition of ALTO like servers in such architectures enables mapping a very big network to provide a birds eye view. We propose an additional marking path map in the ALTO server to trace the request packets. The next defense is a protection switch to protect the main servers. A Management Information Base (MIB) is also proposed in the SDN controller to compare and assess the request traffic coming to the protection switches.

Secure Aggregation and Attack Detection for Smart Grid System

Smart grid is a very efficient and intelligent system for managing and monitoring the electricity usage and it can be applied in many useful areas. It supports energy producers and consumers efficiently by supporting the estimation and provision of the proper amount of electricity in proper time. However, when the information is altered or forged by the attackers, it could cause the system malfunction. In addition to that, some attacks could waste the system resources on purpose and could lead to disastrous results. In this work, we propose a secure data aggregation mechanism providing verification of the aggregated data and detection of the compromised node to prevent the DoS(Denial of Service) attack based on the homomorphic encryption.

Code updates based on minimal backbone and group key management for secure sensor networks

Abstract Code update in sensor networks is a useful technology to update codes to change the functionality or to correct bugs of the existing code. However, sensor networks are susceptible to various attacks because they are deployed in open and unprotected environments. It is necessary to use effective mechanisms to protect sensor nodes against attacks. In this paper, we propose a secure code update mechanism over the energy-efficient minimum virtual backbone reducing the number of broadcasting packets using RSSI (Received Signal Strength Indicator) values. We also propose a group key establishment and rekeying mechanism which provides authentication among the entities for code update. Our mechanism considers all security requirements such as confidentiality, integrity and authentication to defend the battery exhaustion attack, DoS attacks, the routing attacks, etc. during the code update. Simulation results show that our mechanism significantly reduces the number of transmitted messages, the energy consumption and the computation overhead for the secure code update in comparison to other existing secure code update mechanisms. We also prove that our group key mechanism is efficient and much more secure than compared ones.