Martine Bellaiche

VANET security surveys

Abstract Vehicular ad hoc networks (VANETs), a subset of Mobile Ad hoc NETworks (MANETs), refer to a set of smart vehicles used on the road. These vehicles provide communication services among one another or with Road Side Infrastructure (RSU) based on wireless Local Area Network (LAN) technologies. The main benefits of VANETs are that they enhance road safety and vehicle security while protecting drivers’ privacy from attacks perpetrated by adversaries. Security is one of the most critical issues related to VANETs since the information transmitted is distributed in an open access environment. VANETs face many challenges. This paper presents a survey of the security issues and the challenges they generate. The various categories of applications in VANETs are introduced, as well as some security requirements, threats and certain architectures are proposed to solve the security problem. Finally, global security architecture for VANETs is proposed.

SYN Flooding Attack Detection Based on Entropy Computing

We present an original approach to detect SYN flooding attacks from the victims side, by monitoring unusual handshake sequences. Detection is done in real-time to allow quick protection and help guarantee a proper defence. Our detection system uses an entropy measure to detect changes in the balance of TCP handshakes. Experiment results show that our method can detect SYN flooding attacks with better accuracy and robustness than traditional stateless methods, and with manageable overhead.

Avoiding DDoS with active management of backlog queues

TCP (Transmission Control Protocol) is the dominant end to end transport protocol of the Internet, with a wide range of applications including Web, mail or peer to peer traffic. The TCP stack implements a “backlog queue” for new connections, which contains an entry for every clients connection setup received by the server. If the TCP handshake is not completed, the pending half-open connection stays in the backlog queue until a time-out expires and, if that time-out value is too big, the half-open connection stays in the queue longer than necessary. We present a technique to assign and find a suitable connection-establishment time-out value to reduce the risks of an overflow of the backlog queue in situations of SYN flooding attacks. We evaluate from experimental traces that our technique can reduce the size of the backlog queue size up to 50% while preserving normal connections.

Towards quantification and evaluation of security of Cloud Service Providers

Security is still the main obstacle preventing companies and businesses which deal with private information and confidential data from migrating towards the Cloud. Cloud Service Providers should continuously perform security self-evaluation and assess the level of their security services in order to identify their limitations and improve their performance. We propose in this paper, a methodology for performance quantification and evaluation of Cloud security services, based on a set of quantitative evaluation metrics which we developed using the Goal-Question-Metric (GQM) paradigm. We also make use of a case study scenario in order to demonstrate the efficiency and practicability of the proposed methodology.

A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing

Cloud Computing is a computing model that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain.

SYN flooding attack detection by TCP handshake anomalies

We present an original approach to identify synchronize (SYN) flooding attacks from the victims side, on the basis of a classification of the different forms that TCP handshakes can take during a connection set-up between a client and a server (e.g. for Web traffic). We first identify the unusual handshake sequences that result from an attack and show how such observations can be used for SYN flooding attack detection. We then introduce a data structure to monitor, in real time, the state of the TCP handshake and study its performance. In addition, we explain the management of the data structure for operations such as initialization, adding and removing flows. Finally, we analyse the effectiveness of our TCP handshake monitoring to identify the presence of SYN flooding attacks by applying it to real traffic traces. To allow quick protection and help guarantee a proper defence, the detection is done in real time. Our detection system uses a non-parametric cumulative sum algorithm (CUSUM), which has the benefit of not requiring a detailed model of the normal and attack traffic while achieving excellent detection levels. Copyright

Measuring Defense Systems Against Flooding Attacks

Denial of service (DoS) attacks strive to deny service access to legitimate users. A flooding attack uses massive volumes of otherwise useless traffic to occupy all the resources of a service, or the bandwidth of the network access links. There are many techniques, some implemented in commercial products, which are supposed to protect services against DDoS attacks. Our main contribution in this paper is to present a set of methods, together with their well-known related metrics, for evaluating defence systems against flooding attacks, and thus be able to compare them. We propose and justify that it is important to measure a defence system on several aspects: performance evaluation, deployment costs, degradation and robustness costs, both under and without attacks. We introduce composite metrics to measure the performance and the costs. Finally, another contribution is to proposed guidelines for a testing methodology. This methodology identifies all experiments required for collecting all the metrics and associated costs.

An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment

Cloud Computing enables providers to rent out space on their virtual and physical infrastructures. Denial of Service (DoS) attacks threaten the ability of the cloud to respond to clients requests, which results in considerable economic losses. The existing detection approaches are still not mature enough to satisfy a cloud-based detection systems requirements since they overlook the changing/dynamic environment, that characterises the cloud as a result of its inherent characteristics. Indeed, the patterns extracted and used by the existing detection models to identify attacks, are limited to the current VMs infrastructure but do not necessarily hold after performing new adjustments according to the pay-as-you-go business model. Therefore, the accuracy of detection will be negatively affected. Motivated by this fact, we present a new approach for detecting DoS attacks in a virtualized cloud under changing environment. The proposed model enables monitoring and quantifying the effect of resources adjustments on the collected data. This helps filter out the effect of adjustments from the collected data and thus enhance the detection accuracy in dynamic environments. Our solution correlates as well VMs application metrics with the actual resources load, which enables the hypervisor to distinguish between benignant high load and DoS attacks. It helps also the hypervisor identify the compromised VMs that try to needlessly consume more resources. Experimental results show that our model is able to enhance the detection accuracy under changing environments.

Evaluation and selection of Cloud security services based on Multi-Criteria Analysis MCA

Security is still the main obstacle that is preventing businesses from moving towards the Cloud, which makes choosing the right Cloud service provider CSP a critical decision. We propose in this paper a methodology for evaluation and selection of Cloud security services based on a Multi-Criteria Analysis (MCA) process using a set of evaluation criteria and quantitative metrics. We then give a general overview of the design and requirements of a future implementation of Cloud security evaluation architecture.

A broker-based framework for standardization and management of Cloud Security-SLAs

Abstract Security is still one of the main barriers discouraging companies and businesses which deal with sensitive information and confidential data from migrating toward the Cloud. Recent efforts have tried to specify the security level of the Cloud service with the help of Security Service Level Agreements (Security-SLAs). However, Security-SLAs in their current format and with their present terms are not fully measurable and are hard to monitor. Quantification and standardization of Security-SLAs will surely speed up the Cloud adoption process and attract more customers to benefit from the advantages of Cloud computing in a more confident and secure fashion. In this paper, we propose a broker-based framework that manages the Cloud Security-SLA. We first develop a standard, quantitative, and measurable form to represent the agreement. Then we propose an evaluation and selection model that is fundamentally based on computing the adequate trade-off between the security CIA triad attributes (Confidentiality, Integrity, and Availability) in the context of a multi-objective optimization problem. Simulation results show the set of Pareto-optimal solutions and how the customer can select the most suitable service provider using higher level information that is related to the nature of the service and financial cost.