Jiaqing Luo

Unreconciled Collisions Uncover Cloning Attacks in Anonymous RFID Systems

Cloning attacks threaten radio-frequency identification (RFID) applications but are hard to prevent. Existing cloning attack detection methods are enslaved to the knowledge of tag identifiers (IDs). Tag IDs, however, should be protected to enable and secure privacy-sensitive applications in anonymous RFID systems. In a first step, this paper tackles cloning attack detection in anonymous RFID systems without requiring tag IDs as a priori. To this end, we leverage unreconciled collisions to uncover cloning attacks. An unreconciled collision is probably due to responses from multiple tags with the same ID, exactly the evidence of cloning attacks. This insight inspires GREAT, our pioneer protocol for cloning attack detection in anonymous RFID systems. We evaluate the performance of GREAT through theoretical analysis and extensive simulations. The results show that GREAT can detect cloning attacks in anonymous RFID systems fairly fast with required accuracy. For example, when only six out of 50,000 tags are cloned, GREAT can detect the cloning attack in 75.5 s with a probability of at least 0.99.

Modeling and analysis of self-stopping BTWorms using dynamic hit list in P2P networks

Worm propagation analysis, including exploring mechanisms of worm propagation and formulating effects of network/worm parameters, has great importance for worm containment and host protection in P2P networks. Previous work only focuses on topological worm propagation where worms search a hosts neighbor-list to find new victims. In BitTorrent (BT) networks, the information from servers or trackers, however, could be fully exploited to design effective worms. In this paper, we propose a new approach for worm propagation in BT-like P2P networks. The worm, called Dynamic Hit-List (DHL) worm, locates new victims and propagates itself by requesting a tracker to build a dynamic hit list, which is a self-stopping BT worm to be stealthy. We construct an analytical model to study the propagation of such a worm: breadth-first propagation and depth-first propagation. The analytical results provide insights of the worm design into choosing parameters that enable the worm to stop itself after compromising a large fraction of vulnerable peers in a P2P network. We finally evaluate the performance of DHL worm through simulations. The simulation results verify the correctness of our model and show the effectiveness of the worm by comparing it with the topological worm.

Deterministic Detection of Cloning Attacks for Anonymous RFID Systems

Cloning attacks seriously impede the security of radio-frequency identification (RFID) applications. This paper tackles deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. This paper proposes three protocols-BASE, DeClone, and DeClone+-toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through rearbitration. For DeClone to achieve detection certainty, this paper designs breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. DeClone+ further incorporates optimization techniques that promise faster clone detection when clone ratio is relatively high. The performance of the proposed protocols is validated through analysis and simulation. This paper also suggests feasible extensions to enrich their applicability to distributed design.

Detecting Malware Variants by Byte Frequency

In order to make lots of new malwares fast and cheaply, attacker can simply modify the existing malwares based on their binary files to produce new ones, malware variants. Malware variants refer to all the new malwares manually or automatically produced from any existing malware. However, such simple approach to produce malwares can change signatures of the original malware so that the new malware variants can confuse and bypass most of popular signature-based anti-malware tools. In this paper we propose a novel byte frequency based detecting model (BFBDM) to deal with the malware variants identification issue. The byte frequency of software refers to the frequency of the different unsigned bytes in the corresponding binary file. In order to implement BFBDM, two metrics, the distance and the similarity between the suspicious software and base sample, a known malware, are defined and calculated. According to the experimental results, we found out that if the distance is low and the similarity is high, the suspicious software is a variant of the selected malware with very high probability. The primary experimental results show that our model is efficient and effective for the identification of malware variants, especially for the manual variant.

Malware variants identification based on byte frequency

Malware variants refer to all the new malwares manually or automatically produced from any existing malware. However, such simple approach to produce malwares can change signatures of the original malware to confuse and bypass most of popular signature-based anti-malware tools. In this paper we propose a novel byte frequency based detecting model (BFBDM) to deal with the malware variants identification issue. The primary experimental results show that our model is efficient and effective for the identification of malware variants, especially for the manual variant.

Reliable navigation of mobile sensors in wireless sensor networks without localization service

This paper deals with the problem of guiding mobile sensors (or robots) to a phenomenon across a region covered by static sensors. We present a distributed, reliable and energy-efficient algorithm to construct a smoothed moving trajectory for a mobile robot. The reliable trajectory is realized by first constructing among static sensors a distributed hop count based artificial potential field (DH-APF) with only one local minimum near the phenomenon, and then navigating the robot to that minimum by an attractive force following the reversed gradient of the constructed field. Besides the attractive force towards the phenomenon, our algorithm adopts an additional repulsive force to push the robot away from obstacles, exploiting the fast sensing devices carried by the robot. Compared with previous navigation algorithms that guide the robot along a planned path, our algorithm can (1) tolerate the potential deviation from a planned path, since the DH-APF covers the entire deployment region; (2) mitigate the trajectory oscillation problem; (3) avoid the potential collision with obstacles; (4) save the precious energy of static sensors by configuring a large moving step size, which is not possible for algorithms neglecting the issue of navigation reliability. Our theoretical analysis of the above features considers practical sensor network issues including radio irregularity, packet loss and radio conflict. We implement the proposed algorithm over TinyOS and test its performance on the simulation platform with a high fidelity provided by TOSSIM and Tython. Simulation results verify the reliability and energy efficiency of the proposed mobile sensor navigation algorithm.

Toward Fast and Deterministic Clone Detection for Large Anonymous RFID Systems

Cloning attacks seriously impede the security of Radio-Frequency Identification (RFID) applications. In this paper, we tackle deterministic clone detection for anonymous RFID systems without tag identifiers (IDs) as a priori. Existing clone detection protocols either cannot apply to anonymous RFID systems due to necessitating the knowledge of tag IDs or achieve only probabilistic detection with a few clones tolerated. We propose two protocols, BASE and DeClone, toward fast and deterministic clone detection for large anonymous RFID systems. BASE leverages the observation that clone tags make tag cardinality exceed ID cardinality. DeClone is built on a recent finding that clone tags cause collisions that are hardly reconciled through re-arbitration. For DeClone to achieve detection certainty, we design breadth first tree traversal toward quickly verifying unreconciled collisions and hence the cloning attack. We validate their detection performance through analysis and simulation. The results show that BASE delivers faster detection for small systems while DeClone for large ones especially when clone ratio increases.

EDJam: Effective Dynamic Jamming against IEEE 802.15.4-Compliant Wireless Personal Area Networks

With the development of various wireless personal area networks (WPANs), the issue of security has become a crucial problem for their applications. Jamming is one of the most important methods of attack to deprive or reduce the communication service of WPANs. Most existing jamming attacks can cause negative interference, but the attack strategies are usually not adjusted against the countermeasures that are currently taken. This paper proposes an effective dynamic jamming attack (EDJam) in an 802.15.4-compliant WPAN. In this attack, a jammer who is aware of a change in the network defense strategy, e.g. the use of a dynamic retransmission mechanism, may choose a better strategy to make more damage to the network with less cost. Similarly, a well-protected network can change its defense strategy against the EDJam. This procedure of competition between the EDJam attacker and defending networks is modeled and formulated as a Stackelberg game, and a unique Nash Equilibrium point is derived in analytical format. Based on an equilibrium analysis, we discuss the condition under which a defense strategy will increase the utility of the network and a dynamic retransmission mechanism defense strategy is proposed accordingly. The simulation results show that EDjam can be more cost-efficient than continuous, random and fixed-period jamming.

A Range-Free Localization of Passive RFID Tags Using Mobile Readers

Recently, there has been growing interest in indoor localization, because numerous applications depend on the rapid and accurate position estimation of tagged objects. While RFID-based indoor localization is attractive, the need for a large-scale and high-density deployment of readers and reference tags is costly. Being the range-free localization, our schemes depend solely on mobile readers without reference tags or other devices, and it avoids the need of distance estimation according to RSSI or phase difference. We propose two novel algorithms, continuous scanning and category-based scheduling, for locating single and multiple tagged objects, respectively. Our primary experimental results show that the system can achieve high time efficiency and localization accuracy.

A general approach for the intensive RFID reader deployment

We usually need to deploy a large number of readers to cover a certain area due to the limited read region of RFID readers. The challenge of the intensive reader deployment lies in that the collision among readers decreases the read rate and speed. In this paper, we propose a general approach to reduce the collision among readers and the number of readers. The basic idea of the approach is to maximise the coverage rate and minimise the overlapping rate. Such an approach contains two parts: grid-based model and PSO-based algorithm. We first build a grid-based model to describe both deployment area and read region. In particular, we divide them into small grids, and express grid graphs in a matrix form. Then, we propose a PSO-based algorithm to optimise the intensive reader deployment. Our simulation results show that the general approach can achieve high coverage rate and low overlapping rate.