Olga León

A new cross-layer attack to TCP in cognitive radio networks

Cognitive radio is a promising technology aiming to improve the utilization of the radio electromagnetic spectrum. A cognitive radio device uses general purpose computer processors that run radio applications software to perform signal processing. The use of this software enables the device to sense and understand its environment and actively change its mode of operation based on its observations. Unfortunately, this solution entails new security challenges. In this paper we present a new cross-layer attack to TCP connections in cognitive radio networks and propose potential countermeasures to mitigate it.

Modeling the lion attack in cognitive radio networks

Cognitive radio is a promising technology aiming to improve the utilization of the radio electromagnetic spectrum. A cognitive radio is a smart device which runs radio applications software to perform signal processing. The use of this software enables the device to sense and understand its environment and actively change its mode of operation based on its observations. Unfortunately, this solution entails new security challenges. In this paper, we present a cross-layer attack to TCP connections in cognitive radio networks, analyze its impact on TCP throughput via analytical model and simulation, and propose potential countermeasures to mitigate it.

Cooperative detection of primary user emulation attacks in CRNs

Cognitive radio networks (CRNs) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. With such purpose, coexistence mechanisms among CRN nodes or secondary users and legitimate users of the spectrum or primary users are defined. However, due to the particular features of CRNs, new security threats arise, such as the primary user emulation (PUE) attack, which is the most challenging among all. With the aim of detecting such kind of attacks, in this paper we propose a cooperative localization method specifically suited to CRNs which relies on TDoA measurements and Taylor-series estimations. Simulations results show the goodness of the proposed method and its suitability to typical CRN scenarios.

Towards a cooperative intrusion detection system for cognitive radio networks

Cognitive Radio Networks (CRNs) arise as a promising solution to the scarcity of spectrum. By means of cooperation and smart decisions influenced by previous knowledge, CRNs are able to detect and profit from the best spectrum opportunities without interfering primary licensed users. However, besides the well-known attacks to wireless networks, new attacks threat this type of networks. In this paper we analyze these threats and propose a set of intrusion detection modules targeted to detect them. Provided method will allow a CRN to identify attack sources and types of attacks, and to properly react against them.

The Olympic Service Model: Issues and Architecture

The Olympic Service Model is a proposal for providing service differentiation in the Internet. With this model, those users who pay more receive a higher amount of network resources, based on a three class granularity (bronze, silver, gold). However, the amount of resources received by a user is not specified, and depends on the level of congestion at a given time. In this paper we analyze the validity and limitations of the Olympic Service Model. We then propose an architecture, the SSD architecture, which provides service differentiation according to this model, both for the intra-domain and the inter-domain cases. Finally, we compare via simulation our approach with other existing architectures of the Olympic Service Model.

Energy-efficient physical layer packet authenticator for machine-to-machine networks

Machine-to-machine networks are spreading over every sector of our society due to their self-organisation capabilities. In these networks, thousands of devices are left unattended for years of operation without the possibility of human intervention. In this sense, every step forward into avoiding early exhaustion of the network nodes is of paramount importance. We have introduced a novel authentication scheme that is able to discard non-intended and/or non-legitimate packets just after the reception of the physical preamble. This proposal was shown to yield enormous energy saving with regard to both node exhaustion attacks and normal network operation. In this paper, we extend that work with a novel synchronisation protocol that addresses previous desynchronisation issues. Besides, we analyse and propose the more appropriate deployment parameters that maximise the overall energy savings. We also detail the necessary key generation and key updating processes required to manage the in use keying material. Moreover, we show how to fit the proposed mechanism into the IEEE 802.15.4e amendment to the IEEE 802.15.4-2006 standard, as many companies have decide to go for this technology for the development of machine-to-machine networks

Robust detection of primary user emulation attacks in IEEE 802.22 networks

Cognitive Radio (CR) technology constitutes a new paradigm where wireless devices can access the spectrum left unused by licensed or primary users in an opportunistic way. This feature opens the door to a main new threat: the Primary User Emulation (PUE) attack, in which a malicious user transmits a fake primary signal preventing a Cognitive Radio Network (CRN) from using the available spectrum. Cooperative location of a primary source can be a valuable tool for distinguishing between a legitimate transmission and a PUE attack whenever the position of primary users is known, as it is the case of TV towers in the IEEE 802.22 standard. However, the location process can be undermined due to false data provided by malicious or faulty nodes. In this paper, we analyze the effect of forged reports on the location process of a given emitter and provide a set of countermeasures in order to make it robust to undesired behaviors.

On the Road to Secure and Privacy-Preserving IoT Ecosystems

The Internet of Things (IoT) is on the rise. Today, various IoT platforms are already available, giving access to myriads of things. Initiatives such as BIG IoT are bringing those IoT platforms together in order to form ecosystems. BIG IoT aims to facilitate cross-platform and cross-domain application developments and establish centralized marketplaces to allow resource monetization. This combination of multi-platform applications, heterogeneity of the IoT, as well as enabling marketing and accounting of resources results in crucial challenges for security and privacy. Hence, this article analyses the requirements for security in IoT ecosystems and outlines solutions followed in the BIG IoT project to tackle those challenges. Concrete analysis of an IoT use case covering aspects such as public, private transportation, and smart parking is also presented.

The TAMESIS Project: Enabling Technologies for the Health Status Monitoring and Secure Exchange of Clinical Record

Personal Health Systems (PHS) allow to move the point of care from hospitals to the patients home. Moreover, a PHS usually handles much more information and provides more appropriate diagnostic and personalized treatments to individuals. In this paper, we present the objectives, structure and expected innovations of the TAMESIS project. TAMESIS aims to contribute in advancing the state of the art of some of the technologies needed for the development of Personal Health Systems. Specifically, we propose techniques for preventing denial of service, sensor node malfunctioning and traffic injection. In addition, we explore a protocol that makes use of mobile agents for the exchange of medical records between networked databases. As a novel aspect, the protocol will not only support bilateral agreements, already existing in the literature, but multilateral agreements. In reference to clinical data, is critical to preserve the privacy and intimacy of patients. Thus, the data, at the time of being collected as for when it is exchanged, should be processed so as to avoid leakage of information that is not strictly necessary for the parties to fulfill their task correctly. A privacy metric suitable for PHS, and the incorporation of mechanisms needed for privacy and intimacy are also key objectives of this project. Finally, usability aspects of all the system interfaces will be considered.

WiMAX-based robust localization in the presence of misbehaving and/or malicious base stations

The use of WiMAX cellular networks has arisen as a promising solution in order to provide broadband access over large, often shadowed, areas. As in other cellular networks, localization of users is extremely useful for many services and even essential for some civilian and/or military logistic operations. In a cellular WiMAX network, a node can obtain its position from beacons received by several cell base stations. Therefore, securing the localization method against potential false or erroneous feedback is of paramount importance in order to allow the nodes to get reliable position estimations. This fact implies not only making the localization method robust against erroneous or forged measurements, but also identifying which WiMAX base stations are providing such measurements. In this paper, we propose a robust localization method that can identify up to k malicious or misbehaving base stations and provide with an accurate estimation of the node position even in their presence. Simulation results prove that this proposal outperforms other existing detection techniques.