Pedro Malagón

Improving Security for SCADA Sensor Networks with Reputation Systems and Self-Organizing Maps.

The reliable operation of modern infrastructures depends on computerized systems and Supervisory Control and Data Acquisition (SCADA) systems, which are also based on the data obtained from sensor networks. The inherent limitations of the sensor devices make them extremely vulnerable to cyberwarfare/cyberterrorism attacks. In this paper, we propose a reputation system enhanced with distributed agents, based on unsupervised learning algorithms (self-organizing maps), in order to achieve fault tolerance and enhanced resistance to previously unknown attacks. This approach has been extensively simulated and compared with previous proposals.

Improving security in WMNs with reputation systems and self-organizing maps

One of the most important problems of WMNs, that is even preventing them from being used in many sensitive applications, is the lack of security. To ensure security of WMNs, two strategies need to be adopted: embedding security mechanisms into the network protocols, and developing efficient intrusion detection and reaction systems. To date, many secure protocols have been proposed, but their role of defending attacks is very limited. We present a framework for intrusion detection in WMNs that is orthogonal to the network protocols. It is based on a reputation system, that allows to isolate ill-behaved nodes by rating their reputation as low, and distributed agents based on unsupervised learning algorithms (self-organizing maps), that are able to detect deviations from the normal behavior. An additional advantage of this approach is that it is quite independent of the attacks, and therefore it can detect and confine new, previously unknown, attacks. Unlike previous approaches, and due to the inherent insecurity of WMN nodes, we assume that confidentiality and integrity cannot be preserved for any single node.

Bio-inspired enhancement of reputation systems for intelligent environments

Providing security to the emerging field of ambient intelligence will be difficult if we rely only on existing techniques, given their dynamic and heterogeneous nature. Moreover, security demands of these systems are expected to grow, as many applications will require accurate context modeling. In this work we propose an enhancement to the reputation systems traditionally deployed for securing these systems. Different anomaly detectors are combined using the immunological paradigm to optimize reputation system performance in response to evolving security requirements. As an example, the experiments show how a combination of detectors based on unsupervised techniques (self-organizing maps and genetic algorithms) can help to significantly reduce the global response time of the reputation system. The proposed solution offers many benefits: scalability, fast response to adversarial activities, ability to detect unknown attacks, high adaptability, and high ability in detecting and confining attacks. For these reasons, we believe that our solution is capable of coping with the dynamism of ambient intelligence systems and the growing requirements of security demands.

SORU: A Reconfigurable Vector Unit for Adaptable Embedded Systems

In this article we describe SORU, a reconfigurable instruction set processor architecture (RISP) specially designed for run-time self-adaptation in environments with tight resource and power restrictions. It allows to accelerate computationally intensive multimedia processing on portable/embedded devices while maintaining a low energy consumption. The experimental results show a mean speedup of 4 with half the energy consumption. The main datapath can be left in a hibernate state during more than 75% of the execution time in our experiments, what leads also to a significant reduction of energy consumption in the I-cache and the main datapath, including the register file.

Image Processing Based Services for Ambient Assistant Scenarios

Guaranteeing ubiquity and appropriateness of security and monitoring services provision to the users constitutes a priority issue for the authorities. This paper presents an innovative Wireless Personal Area Network architecture that takes advantage of some of the features provided by Intelligent Environments -large number of devices, heterogeneous networks and mobility enhancement- in order to adapt and personalise ambient conditions to the user profile. This system is based on image processing and its main aim is to provide an AAL solution that is integrated with other control devices for the home to make everyday tasks easier for users.

Connectivity Brokerage: From coexistence to collaboration

The explosive growth in the density of wirelessly connected devices and their traffic load is creating interference and gradually leading to a severe spectrum shortage. Approaches to address this challenge include dynamic spectrum allocation (cognitive radio) and pro-active interference mitigation strategies requiring coordination between heterogeneous networking technologies. This paper describes a modular and scalable methodology and architecture, called Connectivity Brokerage, that enables proactive co-existence and collaboration between diverse technologies, making joint optimization of the scarce spectrum resources possible.

Dynamic environment evaluation for reliable AmI applications based on untrusted sensor

This paper evaluates the cost of encrypted communications for wireless sensor networks with tight resource constraints. We demonstrate that software encryption (3DES, AES, and Blowfish are evaluated) is not generally affordable, and therefore the whole system architecture should take into account that sensor data is not to be trusted. We propose a dynamic environment evaluation strategy for decision making in Ami applications, based on dynamic trusting levels of the sensor objects and documented decision chains.

Detecting and Confining Sybil Attack in Wireless Sensor Networks Based on Reputation Systems Coupled with Self-organizing Maps

The Sybil attack is one of the most aggressive and evasive attacks in sensor networks that can affect on many aspects of network functioning. Thus, its efficient detection is of highest importance. In order to resolve this issue, in this work we propose to couple reputation systems with agents based on self-organizing map algorithm trained for detecting outliers in data. The response of the system consists in assigning low reputation values to the compromised node rendering them isolated from the rest of the network. The main improvement of this work consists in the way of calculating reputation, which is more flexible and discriminative in distinguishing attacks from normal behavior. Self-organizing map algorithm deploys feature space based on sequences of sensor outputs. Our solution offers many benefits: scalable solution, fast response to adversarial activities, ability to detect unknown attacks, high adaptability and low consumption. The testing results demonstrate its high ability in detecting and confining Sybil attack.

Analysis and Design of an Object Tracking Service for Intelligent Environments

This paper describes the design and implementation of an object tracking service for indoor environments. First, the wireless indoor location estimation technology is overviewed presenting advantages and disadvantages. Second, the methodology of the study is presented. To estimate the position we use clues inserted by location clue injectors of the system. In our architecture one of these injectors is a ZigBee sensor network. As location algorithm we have developed a method combining statistical techniques (particle filter) and proximity sensing (nearest neighbour) to get better efficiency. The results obtained show that a good precision and reliability can be achieved with a low-cost solution.

CacheShield: Detecting Cache Attacks through Self-Observation

Microarchitectural attacks pose a great threat to any code running in parallel to other untrusted processes. Especially in public clouds, where system resources such as caches are shared across several tenants, microarchitectural attacks remain an unsolved problem. Cache attacks rely on evictions by the spy process, which alter the execution behavior of the victim process. Similarly, all attacks exploiting shared resource access will influence these resources, thereby influencing the process they are targeting. We show that hardware performance events reveal the presence of such attacks. Based on this observation, we propose CacheShield, a tool to protect legacy code by self-monitoring its execution and detecting the presence of microarchitectural attacks. CacheShield can be run by users and does not require alteration of the OS or hypervisor, while previously proposed software-based countermeasures require cooperation from the hypervisor. Unlike methods that try to detect malicious processes, our approach is lean, as only a fraction of the system needs to be monitored. It also integrates well into todays cloud infrastructure, as concerned users can opt to use CacheShield without support from the cloud service provider. Our results show that CacheShield detects attacks fast, with high reliability, and with few false positives, even in the presence of strong noise.