Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856673
L. Tawalbeh, T. Al-Somani, Hilal Houssain
There are many recent revolutionary technologies and advances in wireless communication and networking that changed the lives of millions of people around us. The wide spread of the Internet and the smart mobile devices which is equipped with wireless technologies to access the Internet, enabled people to contact each other regardless of their geographic location. These communications involve sharing and transferring sensitive information that must be protected. Therefore, there is an increasing need to secure the individuals and organizations data which is considered a big challenge in communication and networking systems nowadays. The cryptographic algorithms are used to provide many security services to secure the communication channels and networks such as authentication, data integrity and confidentiality. But, recently, there are cyber attacks on these crypto-functions and their implementations, mainly Side Channel Attacks. So, compromising the security of these algorithms implies compromising the security of the communication systems that are using them. Among the most known asymmetric encryption algorithms is the Elliptic Curve Cryptography which is used to protect sensitive data in many financial and government applications. In this research, we present most recent Side channel attacks on Elliptic Curve Cryptography. Also, we discuss the suitable effective countermeasures used to protect from these cyber attacks towards obtaining more secure communication systems.
{"title":"Towards secure communications: Review of side channel attacks and countermeasures on ECC","authors":"L. Tawalbeh, T. Al-Somani, Hilal Houssain","doi":"10.1109/ICITST.2016.7856673","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856673","url":null,"abstract":"There are many recent revolutionary technologies and advances in wireless communication and networking that changed the lives of millions of people around us. The wide spread of the Internet and the smart mobile devices which is equipped with wireless technologies to access the Internet, enabled people to contact each other regardless of their geographic location. These communications involve sharing and transferring sensitive information that must be protected. Therefore, there is an increasing need to secure the individuals and organizations data which is considered a big challenge in communication and networking systems nowadays. The cryptographic algorithms are used to provide many security services to secure the communication channels and networks such as authentication, data integrity and confidentiality. But, recently, there are cyber attacks on these crypto-functions and their implementations, mainly Side Channel Attacks. So, compromising the security of these algorithms implies compromising the security of the communication systems that are using them. Among the most known asymmetric encryption algorithms is the Elliptic Curve Cryptography which is used to protect sensitive data in many financial and government applications. In this research, we present most recent Side channel attacks on Elliptic Curve Cryptography. Also, we discuss the suitable effective countermeasures used to protect from these cyber attacks towards obtaining more secure communication systems.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114799849","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856702
Aspen Olmsted
The focus of this research work is to investigate the problem of providing partition tolerance in cloud-based applications while maintaining application data integrity. This study looks at developing a cloud application to track sales of admission tickets to a battlefield as a motivating example. Web browsers are run inside the premises of the enterprise selling the tickets, while the rest of the application architecture is stored in the cloud. The internet connection represents a single point of failure for the application. Often humanities attractions such as battlefields are physically located in rural areas where internet redundancy is expensive at best. Developing a cloud application that can tolerate network partitions needs to be considered in the modeling phase of cloud software project.
{"title":"Modeling cloud applications for partition contingency","authors":"Aspen Olmsted","doi":"10.1109/ICITST.2016.7856702","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856702","url":null,"abstract":"The focus of this research work is to investigate the problem of providing partition tolerance in cloud-based applications while maintaining application data integrity. This study looks at developing a cloud application to track sales of admission tickets to a battlefield as a motivating example. Web browsers are run inside the premises of the enterprise selling the tickets, while the rest of the application architecture is stored in the cloud. The internet connection represents a single point of failure for the application. Often humanities attractions such as battlefields are physically located in rural areas where internet redundancy is expensive at best. Developing a cloud application that can tolerate network partitions needs to be considered in the modeling phase of cloud software project.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"557 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116110267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856712
Gaseb Alotibi, N. Clarke, Fudong Li, S. Furnell
Insider misuse has become a significant issue for organisations. Traditional information security has focussed upon threats from the outside rather than employees. A wide range of research has been undertaken to develop approaches to detect the insider - often referred to as Data Loss Prevention (DLP) tools. Unfortunately, the fundamental limitation of these tools is that they provide information resolved to IP addresses rather than people. This assumes the IP is static and linkable to an individual, which is often not the case. IPs are increasingly unreliable due to the mobile natural of devices and the dynamic allocation of IP addresses. This paper builds upon prior work to propose and investigate a biometric-based behavioural profile created from a novel feature extraction process that identifies user's application-level interactions (e.g. not simply that they are accessing Facebook but whether they are posting, reading or watching a video) from raw network traffic metadata. It also proceeds to describe various types of user's interactions that can be derived from applications. Validation of the model was conducted by collecting 62 GBs of metadata over a 2 months period from 27 participants. The average results of identifying users at first rank in the top three applications Skype, Hotmail and BBC are scored 98.1%, 96.2% and 81.8% respectively.
{"title":"User profiling from network traffic via novel application-level interactions","authors":"Gaseb Alotibi, N. Clarke, Fudong Li, S. Furnell","doi":"10.1109/ICITST.2016.7856712","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856712","url":null,"abstract":"Insider misuse has become a significant issue for organisations. Traditional information security has focussed upon threats from the outside rather than employees. A wide range of research has been undertaken to develop approaches to detect the insider - often referred to as Data Loss Prevention (DLP) tools. Unfortunately, the fundamental limitation of these tools is that they provide information resolved to IP addresses rather than people. This assumes the IP is static and linkable to an individual, which is often not the case. IPs are increasingly unreliable due to the mobile natural of devices and the dynamic allocation of IP addresses. This paper builds upon prior work to propose and investigate a biometric-based behavioural profile created from a novel feature extraction process that identifies user's application-level interactions (e.g. not simply that they are accessing Facebook but whether they are posting, reading or watching a video) from raw network traffic metadata. It also proceeds to describe various types of user's interactions that can be derived from applications. Validation of the model was conducted by collecting 62 GBs of metadata over a 2 months period from 27 participants. The average results of identifying users at first rank in the top three applications Skype, Hotmail and BBC are scored 98.1%, 96.2% and 81.8% respectively.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"63 8","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120888133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856683
Prathap Siddavaatam, R. Sedaghat, M. Cheng
Algebraic cryptanalysis, uses a range of algebraic tools and techniques to assess the security of cryptosystems, which are essential for trusted communications over open networks. Recent trends in algebraic cryptanalysis tend to use Modular Addition 2n over logic Exclusive-OR as a mixing operator to guard against security threats. We propose a newly designed framework for Modular Addition over field GF(2) satisfying the algebraic properties of regular Modular Addition 2n albeit with cumulative security enhancements and increased complexity to address these challenges. Nevertheless, it has been observed that the complexity of Modular Addition can be drastically decreased with the appropriate formulation of polynomial equations and probabilistic conditions. In this article we propose a new extended design framework for advanced Modular Addition and it is characterized by user-specified extendable security which does not impose additional changes in existing layout of ciphers including both stream and block ciphers. This framework can be rapidly scaled to use-specific requirements which boosts the algebraic degree of the overall structure. This, in turn it thwarts the probabilistic conditions by retaining the original hardware complexity sans critical modifications of Modular Addition 2n.
{"title":"An adaptive security framework with extensible computational complexity for cipher systems","authors":"Prathap Siddavaatam, R. Sedaghat, M. Cheng","doi":"10.1109/ICITST.2016.7856683","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856683","url":null,"abstract":"Algebraic cryptanalysis, uses a range of algebraic tools and techniques to assess the security of cryptosystems, which are essential for trusted communications over open networks. Recent trends in algebraic cryptanalysis tend to use Modular Addition 2n over logic Exclusive-OR as a mixing operator to guard against security threats. We propose a newly designed framework for Modular Addition over field GF(2) satisfying the algebraic properties of regular Modular Addition 2n albeit with cumulative security enhancements and increased complexity to address these challenges. Nevertheless, it has been observed that the complexity of Modular Addition can be drastically decreased with the appropriate formulation of polynomial equations and probabilistic conditions. In this article we propose a new extended design framework for advanced Modular Addition and it is characterized by user-specified extendable security which does not impose additional changes in existing layout of ciphers including both stream and block ciphers. This framework can be rapidly scaled to use-specific requirements which boosts the algebraic degree of the overall structure. This, in turn it thwarts the probabilistic conditions by retaining the original hardware complexity sans critical modifications of Modular Addition 2n.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122889778","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856741
M. Alomari
To ensure a high level of participation by voters and their trust in the election process when using an e-voting system, the voters who are on the other side of the digital divide must be considered. Although the Jordanian government runs a campaign promoting voting in parliamentary elections, the voters' turnout to elections is not high. This research paper therefore introduces the concept of the digital divide and its impact on e-voting system adoption. A framework for e-voting digital divide factors is proposed which presents the main factors that would influence voters' intentions to use an online voting (e-voting) system. These factors comprise: age, education, income, and internet use. With the impact of these factors articulated, this research paper is significant in helping the Jordanian government to develop a strategy to ensure higher participation by voters in selecting their candidates. This research paper also provides a foundation for future empirical research on the influence of the digital divide on e-voting adoption.
{"title":"Digital divide impact on e-voting adoption in middle eastern country","authors":"M. Alomari","doi":"10.1109/ICITST.2016.7856741","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856741","url":null,"abstract":"To ensure a high level of participation by voters and their trust in the election process when using an e-voting system, the voters who are on the other side of the digital divide must be considered. Although the Jordanian government runs a campaign promoting voting in parliamentary elections, the voters' turnout to elections is not high. This research paper therefore introduces the concept of the digital divide and its impact on e-voting system adoption. A framework for e-voting digital divide factors is proposed which presents the main factors that would influence voters' intentions to use an online voting (e-voting) system. These factors comprise: age, education, income, and internet use. With the impact of these factors articulated, this research paper is significant in helping the Jordanian government to develop a strategy to ensure higher participation by voters in selecting their candidates. This research paper also provides a foundation for future empirical research on the influence of the digital divide on e-voting adoption.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132210438","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856742
N. A. Almubairik, G. Wills
The aim of this work is to propose a systematic penetration testing algorithm guided by a threat model. The use of the threat model in penetration testing ensures that all existing threats are checked and no threat is overlooked through the penetration test process. The objectives of this work are as follows: assembling a package of penetration testing tools (toolkit) to test the security of a equation system. Moreover, considering standard methodologies to design the automated penetration testing. A number of methodologies have been followed during the design of the algorithm. First, a threat model designed at the IT Innovation Centre was used extract threats. These threats were used as a starting point for the penetration testing. Second, the NIST 800-115 standard for penetration testing was followed. Applying the proposed automated penetration testing algorithm to a real system contributes to the reduction of consequences which can result from malicious attacks.
{"title":"Automated penetration testing based on a threat model","authors":"N. A. Almubairik, G. Wills","doi":"10.1109/ICITST.2016.7856742","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856742","url":null,"abstract":"The aim of this work is to propose a systematic penetration testing algorithm guided by a threat model. The use of the threat model in penetration testing ensures that all existing threats are checked and no threat is overlooked through the penetration test process. The objectives of this work are as follows: assembling a package of penetration testing tools (toolkit) to test the security of a equation system. Moreover, considering standard methodologies to design the automated penetration testing. A number of methodologies have been followed during the design of the algorithm. First, a threat model designed at the IT Innovation Centre was used extract threats. These threats were used as a starting point for the penetration testing. Second, the NIST 800-115 standard for penetration testing was followed. Applying the proposed automated penetration testing algorithm to a real system contributes to the reduction of consequences which can result from malicious attacks.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128737917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-12-01DOI: 10.1109/ICITST.2016.7856685
Roberto Nardone, R. Rodríguez, S. Marrone
Critical infrastructures as water treatment, power distribution, or telecommunications, provide daily services essential to our lifestyle. Any service discontinuity can have a high impact into our society and even into our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spoofing, flooding, or replay, to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to find counterexamples of security properties by model-checking. In particular, the original contribution of this paper is the formal demonstration of the existence of man-in-the-middle attacks in Modbus-based systems. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.
{"title":"Formal security assessment of Modbus protocol","authors":"Roberto Nardone, R. Rodríguez, S. Marrone","doi":"10.1109/ICITST.2016.7856685","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856685","url":null,"abstract":"Critical infrastructures as water treatment, power distribution, or telecommunications, provide daily services essential to our lifestyle. Any service discontinuity can have a high impact into our society and even into our safety. Thus, security of these systems against intentional threats must be guaranteed. However, many of these systems are based on protocols initially designed to operate on closed, unroutable networks, making them an easy target for cybercriminals. In this regard, Modbus is a widely adopted protocol in control systems. Modbus protocol, however, lacks for security properties and is vulnerable to plenty of attacks (as spoofing, flooding, or replay, to name a few). In this paper, we propose a formal modeling of Modbus protocol using an extension of hierarchical state-machines that is automatically transformed to a Promela model. This model allows us to find counterexamples of security properties by model-checking. In particular, the original contribution of this paper is the formal demonstration of the existence of man-in-the-middle attacks in Modbus-based systems. Our approach also allows to formally evaluate security properties in future extensions of Modbus protocols.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128878963","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-10-20DOI: 10.1109/ICITST.2016.7856664
Amina Djellalbia, N. Badache, S. Benmeziane, Sihem Bensimessaoud
The adoption of an e-Health Cloud has different advantages especially allowing sharing and exchanging information between medical institutions, availability of information, reducing costs, etc. However, preserving identity privacy is a significant challenge of security in all environments, and constitutes particularly a very serious concern in Cloud environments. Indeed, an important barrier to the adoption of Cloud is user fear of privacy loss in the Cloud, particularly in an e-Health Cloud where users are patients. Users may not want to disclose their identities to the Cloud Service Provider, a way to protect them is making them anonymous. In this paper, we will propose an adaptive and flexible approach to protect the identity privacy of patients in an e-Health Cloud through an anonymous authentication scheme.
{"title":"Anonymous authentication scheme in e-Health Cloud environment","authors":"Amina Djellalbia, N. Badache, S. Benmeziane, Sihem Bensimessaoud","doi":"10.1109/ICITST.2016.7856664","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856664","url":null,"abstract":"The adoption of an e-Health Cloud has different advantages especially allowing sharing and exchanging information between medical institutions, availability of information, reducing costs, etc. However, preserving identity privacy is a significant challenge of security in all environments, and constitutes particularly a very serious concern in Cloud environments. Indeed, an important barrier to the adoption of Cloud is user fear of privacy loss in the Cloud, particularly in an e-Health Cloud where users are patients. Users may not want to disclose their identities to the Cloud Service Provider, a way to protect them is making them anonymous. In this paper, we will propose an adaptive and flexible approach to protect the identity privacy of patients in an e-Health Cloud through an anonymous authentication scheme.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-10-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122189139","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-03-01DOI: 10.1109/ICITST.2016.7856738
A. Sampedro, Shantanu Srivastava
Online systems typically provide a variety of different service offerings. For example, an internet search engine provides the service of searching web pages, videos, images, news, maps etc. Each offering can utilize different physical and/or virtual systems, networks, data centers, and so forth. Thus, a request to search videos may use some, but not all, of the resources used by a request to search images. Also, each video query will not use the same number of resources due to caching and ranking algorithms. Due to this it can become extremely difficult to ascertain the Cost to Serve (CTS) of an offering. CTS is required to understand cost of the product offerings for request per second (RPS), create rate card for partner deals, target efficiency areas and decide ROI of services. In this paper, we define the CTS methodology for Bing. In this methodology, CTS is calculated by determining operational RPS of each platform in Bing and the average number of times a type of request touches those platforms. Prior to this work, CTS was calculated by manually tagging capacity used by each offering and number of observed queries. The methodology described here can be applied to any other large scale online distributed system.
{"title":"Cost to serve of large scale online systems","authors":"A. Sampedro, Shantanu Srivastava","doi":"10.1109/ICITST.2016.7856738","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856738","url":null,"abstract":"Online systems typically provide a variety of different service offerings. For example, an internet search engine provides the service of searching web pages, videos, images, news, maps etc. Each offering can utilize different physical and/or virtual systems, networks, data centers, and so forth. Thus, a request to search videos may use some, but not all, of the resources used by a request to search images. Also, each video query will not use the same number of resources due to caching and ranking algorithms. Due to this it can become extremely difficult to ascertain the Cost to Serve (CTS) of an offering. CTS is required to understand cost of the product offerings for request per second (RPS), create rate card for partner deals, target efficiency areas and decide ROI of services. In this paper, we define the CTS methodology for Bing. In this methodology, CTS is calculated by determining operational RPS of each platform in Bing and the average number of times a type of request touches those platforms. Prior to this work, CTS was calculated by manually tagging capacity used by each offering and number of observed queries. The methodology described here can be applied to any other large scale online distributed system.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-03-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132092105","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2016-02-16DOI: 10.1109/ICITST.2016.7856708
Jarkko Kuusijärvi, R. Savola, Pekka T. Savolainen, Antti Evesti
Securing the growing amount of IoT devices is a challenge for both the end-users bringing IoT devices into their homes, as well as the corporates and industries exposing these devices into the Internet as part of their service or operations. The exposure of these devices, often poorly configured and secured, offers malicious actors an easy access to the private information of their users, or potential to utilize the devices in further activities, e.g., attacks on other devices via Distributed Denial of Service. This paper discusses the current security challenges of IoT devices and proposes a solution to secure these devices via a trusted Network Edge Device. NED offloads the security countermeasures of the individual devices into the trusted network elements. The major benefit of this approach is that the system can protect the IoT devices with user-defined policies, which can be applied to all devices regardless of the constraints of computing resources in the IoT tags. Additional benefit is the possibility to manage the countermeasures of multiple IoT devices/gateways at once, via a shared interface, thus largely avoiding the per-device maintenance operations.
{"title":"Mitigating IoT security threats with a trusted Network element","authors":"Jarkko Kuusijärvi, R. Savola, Pekka T. Savolainen, Antti Evesti","doi":"10.1109/ICITST.2016.7856708","DOIUrl":"https://doi.org/10.1109/ICITST.2016.7856708","url":null,"abstract":"Securing the growing amount of IoT devices is a challenge for both the end-users bringing IoT devices into their homes, as well as the corporates and industries exposing these devices into the Internet as part of their service or operations. The exposure of these devices, often poorly configured and secured, offers malicious actors an easy access to the private information of their users, or potential to utilize the devices in further activities, e.g., attacks on other devices via Distributed Denial of Service. This paper discusses the current security challenges of IoT devices and proposes a solution to secure these devices via a trusted Network Edge Device. NED offloads the security countermeasures of the individual devices into the trusted network elements. The major benefit of this approach is that the system can protect the IoT devices with user-defined policies, which can be applied to all devices regardless of the constraints of computing resources in the IoT tags. Additional benefit is the possibility to manage the countermeasures of multiple IoT devices/gateways at once, via a shared interface, thus largely avoiding the per-device maintenance operations.","PeriodicalId":258740,"journal":{"name":"2016 11th International Conference for Internet Technology and Secured Transactions (ICITST)","volume":"40 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-02-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116345293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: