Kubra Kalkan

Privacy in mobile computing for location-sharing-based services

Location-Sharing-Based Services (LSBS) complement Location-Based Services by using locations from a group of users, and not just individuals, to provide some contextualized service based on the locations in the group. However, there are growing concerns about the misuse of location data by third-parties, which fuels the need for more privacy controls in such services. We address the relevant problem of privacy in LSBSs by providing practical and effective solutions to the privacy problem in one such service, namely the fair rendezvous point (FRVP) determination service. The privacy preserving FRVP (PPFRVP) problem is general enough and nicely captures the computations and privacy requirements in LSBSs. In this paper, we propose two privacy-preserving algorithms for the FRVP problem and analytically evaluate their privacy in both passive and active adversarial scenarios. We study the practical feasibility and performance of the proposed approaches by implementing them on Nokia mobile devices. By means of a targeted user-study, we attempt to gain further understanding of the popularity, the privacy and acceptance of the proposed solutions.

Privacy-Preserving Optimal Meeting Location Determination on Mobile Devices

Equipped with state-of-the-art smartphones and mobile devices, todays highly interconnected urban population is increasingly dependent on these gadgets to organize and plan their daily lives. These applications often rely on current (or preferred) locations of individual users or a group of users to provide the desired service, which jeopardizes their privacy; users do not necessarily want to reveal their current (or preferred) locations to the service provider or to other, possibly untrusted, users. In this paper, we propose privacy-preserving algorithms for determining an optimal meeting location for a group of users. We perform a thorough privacy evaluation by formally quantifying privacy-loss of the proposed approaches. In order to study the performance of our algorithms in a real deployment, we implement and test their execution efficiency on Nokia smartphones. By means of a targeted user-study, we attempt to get an insight into the privacy-awareness of users in location-based services and the usability of the proposed solutions.

A highly resilient and zone-based key predistribution protocol for multiphase wireless sensor networks

Pairwise key distribution among the sensor nodes is an essential problem for providing security in Wireless Sensor Networks (WSNs). The common approach for this problem is random key predistribution, which suffers from resiliency issues in case of node captures by adversaries. In the literature, the resiliency problem is addressed by zone-based deployment models that use prior deployment knowledge. Another remedy in the literature, which is for multiphase WSNs, aims to provide self-healing property via periodic deployments of sensor nodes with fresh keys over the sensor field. However, to the best of our knowledge, these two approaches have never been combined before in the literature. In this paper, we propose a zone-based key predistribution approach for multiphase WSNs. Our approach combines the best parts of these approaches and provides self-healing property with up to 9-fold more resiliency as compared to an existing scheme. Moreover, our scheme ensures almost 100% secure connectivity, which means a sensor node shares at least one key with almost all of its neighbors.

A distributed filtering mechanism against DDoS attacks

Traffic filtering is an essential technique that is used as a prevention mechanism against network attacks. This paper presents a proactive and collaborative filtering based defense mechanism against Distributed Denial of Service (DDoS) attacks. Proactivity provides prevention of attacks before it spreads whereas collaboration enables getting knowledge about different points of the network and deciding filters together. The proposed model called ScoreForCore is a statistical mechanism that is inspired from another proactive but individual model. The most distinctive property of our model is the selection of the most appropriate attributes during current attack traffic. We compared our results with the existing model. Our results suggest that the success of systems behavior on legal and attack packets are increased considerably. In addition, most of the attack packets are stonewalled near the source of the attack.

Securing Internet of Things (IoT) with Software Defined Networking (SDN)

We present a comprehensive survey on how SDN technology can provide security for the IoT environment. We analyze several recently proposed SDN architectures and assess their benefits and drawbacks, and we present a classification to help network security analysts and researchers choose the most appropriate security mechanism according to their security requirements. Additionally, we propose a role based security controller architecture (called Rol-Sec) for the SDN-IoT environment. Finally, we discuss future research challenges that should be addressed when deploying SDN-based solutions for improving IoT security.

Defense Mechanisms against DDoS Attacks in SDN Environment

SDN is a pivotal technology that relies on the fundamental idea of decoupling control and data planes in the network. This property provides several advantages such as flexibility, simplification, and lower costs. However, it also brings several drawbacks that are largely induced by the centralized control paradigm. Security is one of the most significant challenges related to centralization. In that regard, DDoS attacks are particularly pertinent to the SDN environment. This article presents a concise survey on solutions against DDoS attacks in software-defined networks. Moreover, several mechanisms are analyzed, and a comparative classification is provided for rendering the current state of the art in the literature. This analysis will help researchers to address weaknesses of these solutions and thus mitigate such attacks using more effective defense mechanisms.

Filtering-Based Defense Mechanisms Against DDoS Attacks: A Survey

This paper presents a comprehensive survey on filtering-based defense mechanisms against distributed denial of service (DDoS) attacks. Several filtering techniques are analyzed and their advantages and disadvantages are presented. In order to help network security analysts choose the most appropriate mechanism according to their security requirements, a comparative classification of these methods is provided. The relevant research efforts are identified and discussed for rendering the current state of the art in the literature. This classification will also serve researchers to address weaknesses of these filtering methods, and thus mitigate DDoS attacks using more effective defense mechanisms.

Key distribution scheme for peer-to-peer communication in mobile underwater wireless sensor networks

Wireless Sensor Networks (WSN) consist of small battery-limited devices called sensor nodes. The communication between sensor nodes is a type of peer-to-peer communication, since each node has the same capability and role. One of the recent application areas of these nodes is underwater sensing. Communication in Underwater Wireless Sensor Networks (UWSN) is challenging since radio frequencies cannot be used. Instead acoustic waves, which cause extra challenges, are used in UWSN. Since UWSNs are deployed in hostile environment, nodes can be captured by an adversary. In order to secure UWSNs, key distribution problem must be addressed. Moreover, UWSNs are inherently mobile since the nodes may be drifted in the sea. In this paper, we propose a key distribution model which is applied for two group mobility models, namely nomadic mobility model and meandering mobility model. In both schemes hierarchical structure is used and communication is handled via well-known Blom’s key distribution scheme. Our simulation results show that mobility causes some temporary decreases in the connectivity, but our schemes help to heal the connectivity performance in time. Moreover, our schemes show good resiliency performance such that capture of some nodes by an adversary only causes very small amount of links between uncaptured nodes to be compromised.

An Approach for Classifying Program Failures

In this work, we leverage hardware performance counters-collected data to automatically group program failures that stem from closely related causes into clusters, which can in turn help developers prioritize failures as well as diagnose their causes. Hardware counters have been used for performance analysis of software systems in the past. By contrast, in this paper they are used as abstraction mechanisms for program executions. The results of our feasibility studies conducted on two widely-used applications suggest that hardware counters-collected data can be used to reliably classify failures.

SDNScore: A statistical defense mechanism against DDoS attacks in SDN environment

Software Defined Networking (SDN) is a promising solution for addressing challenges of future networks. Despite its advantages such as flexibility, simplification and low costs, it has several drawbacks that are largely induced by the centralized control paradigm. Security is one of the most significant challenges related to centralization. In that regard, Distributed Denial of Service (DDoS) attacks pose crucial security questions in software-defined networks. In SDN architecture, switches send all packets to the controller if they do not have any applicable rules in their flow tables. Basically, controller is the key place that can take initiative in decisions. However, this characteristic results in large communication overhead and delay until a DDoS attack is detected and an appropriate action is activated against attack packets. Therefore, in this work we propose a hybrid mechanism, namely SDNScore, where switches are not simply data forwarders. Instead, they can collect statistics and decide if DDoS attack is in action. Then they coordinate with the controller and act on attack packets in cooperation. SDNScore is a statistical and packet-based defense mechanism against DDoS attacks in SDN environment. Since it has a statistical scoring method, it can detect not only known but also unknown attacks entailing packets that are alike in terms of TCP and IP layer properties. In addition, it does not drop all packets in a flow which includes both attack and legal packets, but rather filters out attack packets using packet-based analysis.