Joona Kannisto

Tailored Security: Building Nonrepudiable Security Service-Level Agreements

The security features of current digital services are mostly defined and dictated by the service provider (SP). A user can always decline to use a service whose terms do not fulfill the expected criteria, but in many cases, even a simple negotiation might result in a more satisfying outcome. This article aims at building nonrepudiable security service-level agreements (SSLAs) between a user and an SP. The proposed mechanism provides a means to describe security requirements and capabilities in different dimensions, from overall targets and risks to technical specifications, and it also helps in translating between the dimensions. A negotiation protocol and a decision algorithm are then used to let the parties agree on the security features used in the service. This article demonstrates the feasibility and usability of the mechanism by describing its usage scenario and proof-of-concept implementation and analyzes its nonrepudiability and security aspects.

Safe, Secure Executions at the Network Edge: Coordinating Cloud, Edge, and Fog Computing

System design where cyber-physical applications are securely coordinated from the cloud may simplify the development process. However, all private data are then pushed to these remote “swamps,” and human users lose actual control as compared to when the applications are executed directly on their devices. At the same time, computing at the network edge is still lacking support for such straightforward multidevice development, which is essential for a wide range of dynamic cyber-physical services. This article proposes a novel programming model as well as contributes the associated secure-connectivity framework for leveraging safe coordinated device proximity as an additional degree of freedom between the remote cloud and the safety-critical network edge, especially under uncertain environment constraints. This article is part of a special issue on Software Safety and Security Risk Mitigation in Cyber-physical Systems.

Facilitating the Delegation of Use for Private Devices in the Era of the Internet of Wearable Things

The Internet undergoes a fundamental transformation as billions of connected “things” surround us and embed themselves into the fabric of our everyday lives. However, this is only the beginning of true convergence between the realm of humans and that of machines, which materializes with the advent of connected machines worn by humans, or wearables. The resulting shift from the Internet of Things to the Internet of Wearable Things (IoWT) brings along a truly personalized user experience by capitalizing on the rich contextual information, which wearables produce more than any other today’s technology. The abundance of personally identifiable information handled by wearables creates an unprecedented risk of its unauthorized exposure by the IoWT devices, which fuels novel privacy challenges. In this paper, after reviewing the relevant contemporary background, we propose efficient means for the delegation of use applicable to a wide variety of constrained wearable devices, so that to guarantee privacy and integrity of their data. Our efficient solutions facilitate contexts when one would like to offer their personal device for temporary use (delegate it) to another person in a secure and reliable manner. In connection to the proposed protocol suite for the delegation of use, we also review the possible attack surfaces related to advanced wearables.

Observing Hidden Service Directory Spying with a Private Hidden Service Honeynet

Tors location hidden services (HS) are a tool for anonymous publishing, with the feature that the sites cannot be brought down without taking down the whole Tor network. People run HSs for a multitude of reasons. Some like them to be public, but others want to keep them their existence as private. We have run private unannounced HSs to detect whether the HS directory is spied on. Our results show that the hidden service directory is monitored for new addresses. This paper details the observations made from the scanning activity.

A non-repudiable negotiation protocol for security service level agreements

Security service level agreements SSLAs provide a systematic way for end users at home or in the office to guarantee sufficient security level when doing business or exchanging sensitive personal or organizational data with an online service. In this paper, we propose an SSLA negotiation protocol that implements non-repudiation with cryptographic identities and digital signatures and includes features that make it resistant to denial of service attacks. The basic version of the protocol does not rely on the use of a trusted third party, and it can be used for all kinds of simple negotiations. For the negotiation about SSLAs, the protocol provides an option to use an external knowledge base that may help the user in the selection of suitable security measures. We have implemented a prototype of the system, which uses JSON Web Signature for the message exchange and made some performance tests with it. The results show that the computational effort required by the cryptographic operations of the negotiation protocol remains at a reasonable level. Copyright

Safe and Secure Execution at the Network Edge: A Framework for Coordinating Cloud, Fog, and Edge

System design where cyber-physical applications are securely coordinated from the cloud may simplify the development process. However, all private data are then pushed to these remote ‘swamps’, and human users lose the actual control as compared to when the applications are executed directly on their devices. At the same time, computing at the network edge is still lacking support for such straightforward multi-device development, which is essential for a wide range of dynamic cyber-physical services. In this work, we propose a novel programming model as well as contribute the associated secure connectivity framework for leveraging safe coordinated device proximity as an additional degree of freedom between the remote cloud and the safety-critical network edge, especially under uncertain environment constraints.

The Time Will Tell on You: Exploring Information Leaks in SSH Public Key Authentication

SSH client public key authentication method is one of the most used public key client authentication methods. Despite its popularity, the precise protocol is not very well known, and even advanced users may have misconceptions of its functionality. We describe the SSH public key authentication protocol, and identify potential weak points for client privacy. We further review parts of the OpenSSH implementation of the protocol, and identify possible timing attack information leaks. To evaluate the severity of these leaks we built a modified SSH-library that can be used to query the authentication method with arbitary public key blobs and measure the response time. We then use the resulting query timing differences to enumerate valid users and their key types. Furthermore, to advance the knowledge on remote timing attacks, we study the timing signal exploitability over a Tor Hidden Service (HS) connection and present filtering methods that make the attack twice as effective in the HS setting.

IPsec and IKE as Functions in SDN Controlled Network

Currently IPsec performance in high-speed networks is problematic. Traditionally the connections are established between some multifunction network devices which are typically inefficient already in 10 Gbps packet delivery and do not have high-availability nor scalability features. In the Software-Defined Networking, packets only travel through the desired dedicated networking devices. However, few high-speed stand-alone IPsec solutions exists that can be hooked up with the SDN. In this paper we propose a design which will utilize the IPsec in SDN fashion by separating IKE and packet encryption. Experimental results show that high-availability and scalability goals are reached and per-client throughput is increased. The IPsec protocol suite can thus face the on-going need for faster packet processing rate.

Implementation Experiences and Design Challenges for Resilient SDN Based Secure WAN Overlays

Mobile computing devices, industrial control systems, and service provider clouds often need to be connected to each other over wide area networks. However, reliability, quality of services and confidentiality are challenging in such setups. Moreover, isolated appliances and physical equipment face harsh environment conditions. In this paper we explore designing secure layer 2 overlay networks using Software Defined Networking (SDN), and challenges in implementing them with open source tools.

Programming Model Perspective on Security and Privacy of Social Cyber-physical Systems

Both number and diversity of computer-enabled physical objects in our surroundings is rapidly increasing. Such objects offer connectivity and are programmable, which forms basis for new kinds of cyber-physical computing environments. This has inspired us to propose a programming model called Action-Oriented Programming (AcOP), where focus is at simplifying the creation of applications that build on sharing data and interactions between the devices. However, such co-operative multi-device programs are a huge challenge for security and privacy. Therefore, fine grained control over the publicity of event data and control over the actions are required. Fortunately, a lot can be achieved on the framework side to facilitate developers use of security and privacy enhancing mechanisms. In this paper, we address this challenge in the context of AcOP.