A biometric security scheme for wireless body area networks

无线体域网生物特征安全方案

Journal of Information Security and Applications, Volume 41, August 2018, Pages 62-74

Peyman Dodangeh, Amir Hossein Jahangir

摘要：Wireless body area networks (WBANs) are receiving significant interest as the next generation of wireless networks and emerging technology in the field of health monitoring. One of the most important factors for the acceptance of WBANs is the provision of appropriate security and access control mechanisms. Due to its nature in transferring the patients' sensitive data, WBAN has both classical and specific security requirements. In this paper, we survey such requirements and propose a new security scheme for satisfying them in WBANs. The proposed scheme deals with the overall network architecture, including intra- and inter-WBAN tiers, and proposes two mutual authentication and key exchange protocols for diverse WBAN environments. In our scheme, we use biometrics as one part of the solution for authentication and key exchange, and the simple password three-party key exchange protocol as the other part of the WBAN security. Our scheme meets security requirements along with energy-constraint considerations. We verify our scheme through BAN Logic. Unlike the majority of the existing security protocols, our scheme proposes a solution for entire WBANs communications, from biosensors to the medical server as a trusted third party.

Visual Cryptography Based Multilevel Protection Scheme for Visualization of Network Security Situation

基于视觉密码的网络安全态势可视化多级保护方案

Procedia Computer Science, Volume 131, 2018, Pages 204-212

Hao Hua, Yuling Liu, Yongwei Wang, Dexian Chang, Qiang Leng

摘要：Visualization technology for network security situation adopts images to present the massive abstract data regarding network events. It reduces the workload of data analysis and benefits the manager to grasp the overall network status and trend. Secret information in the visual image requires confidentiality protection while transmitting. Comparing with some conventional methods realized by complicated encryptions such as DES and AES, we present a novel multilevel protection scheme based on visual cryptography (VC) with the beauty of decryption done only via the human eyes without using more computing devices. Essentially, a region incrementing VC scheme (RIVCS) is proposed in this paper dealing with the encoding of a secret situation image regarding network security. The secret image includes a number of regions, where each region is allocated with a certain secrecy level. Different secrecy levels can be decoded incrementally when different combinations of participants are gained. Firstly, we develop the model called the general AS (GAS) based RIVCS. Secondly, we design the algorithm for allocating secrecy levels. Thirdly, we construct the encoding matrices for sharing the secret pixels. Experimental results show that our method is more suitable to visualization data protection for network security situation with lower cost, higher reliability and richer application scenarios.

On PLC Network Security

可编程逻辑控制器网络安全

International Journal of Critical Infrastructure Protection, In press, accepted manuscript, Available online 11 June 2018

Asem Ghaleb, Sami Zhioua, Ahmad Almulhem

摘要：Programmable Logic Controller (PLC) is an important component in modern Industrial Control Systems (ICS) in particular Supervisory Control and Data Acquisition (SCADA) systems. Disturbing the normal operation of PLCs can lead to significant damages ranging from minor annoyance to large scale incidents threatening the life of people. While most of existing work in the SCADA security literature focused on the communication between PLCs and field devices, this paper presents a network security analysis of the communication between PLCs and the engineering stations in charge of setting up and configuring them. Interestingly, this aspect of SCADA security was exploited by the most famous SCADA attack, namely, Stuxnet. Using a testbed with a common PLC device, we successfully carried out three network attacks leading to serious compromise of typical PLCs.

GRBC-based Network Security Functions placement scheme in SDS for 5G security

基于GRBC软件定义安全系统的5G网络安全功能布局方案

Journal of Network and Computer Applications, Volume 114, 15 July 2018, Pages 48-56

Jianfeng Guan, Zhijun Wei, Ilsun You

摘要：With the paradigm shift of 5G in terms of computing and infrastructure, 5G security is confronted with new challenges due to the promising introduction of Software Defined Networks (SDN), Network Function Virtualization (NFV) and Cloud Computing. While most of current works on 5G security are focused on high-level analysis of challenges and threats to satisfy the emerging use cases. Software Defined Security (SDS), as a new security paradigm which provides flexible and centralized security protection for varieties of networks especially for SDN and Cloud environment, can be a potential security solution in 5G. Lots of work have focused on the implementations and details of SDS, and most researchers, however, are focusing on the controller design and security policy design. There are few work on the placement strategy of Network Security Functions (NSFs) and devices, which plays a significant role in SDS to improve the optimize defence effects. Most of existing placement schemes are modelled as Integer Linear Programming (ILP) by considering the constrains in terms of resource, time, security and so on, and introduce various heuristic algorithm to reduce its computing complexity. While in this paper, we propose a placement scheme of NSFs and devices in SDS based on underlying routing characteristic and evaluate its performance defending virus attack. The proposed scheme adopts Group Routing Betweenenss Centrality (GRBC) as a metric and introduces a successive algorithm to compute the GRBC. Different to traditional Routing Betweenness Centrality which only considers the importance of single node, the proposed scheme can find the key group of nodes in a SDS underlying network, where the NSFs and security devices should be deployed. In the performance evaluation, we apply our scheme to the scenario of computer virus and worms control in SDS, and the results show that the proposed scheme can improve the performance of security functions in SDS system.

M-Tesla-Based Security Assessment in Wireless Sensor Network

基于M-Tesla的无线传感器网络安全评估

Procedia Computer Science, Volume 132, 2018, Pages 1154-1162

Sudeep Tanwar, Kenny Thakkar, Ruchi Thakor, Pradeep Kr Singh

摘要：Wireless Sensor Network (WSN) are in huge demand since last few years, we have seen a wide growth of wireless devices in many applications ranging from agriculture to aviation industry are few of them. It comprises of the number of sensor nodes (SN), which sense the physical phenomena from the environment and send this sensed information to the base station (BS) for further processing. Here, energy of the SN play an important role for lifetime of the overall network and to maintain security during the process of communication between each SNs is also crucial. Considering the aforementioned points, there is need to design a routing algorithm, which reduces the energy consumption as well as maintain the security. In this paper, a brief overview of routing challenges in WSN along with energy efficient cluster-based protocol named LEACH with its vulnerabilities are presented. The primary objective of a cluster-based protocol is to reduce the delay in the system and also consumption of less energy. It achieves scalable routing and energy proficient and fair access for nodes. This protocol has quite a few deficiencies with respect to security, which can be solved by extending it. This paper also highlights improved version of LEACH protocol with its advantages and limitations as compared to the Sec-LEACH protocol. We have compared the LEACH and Sec-LEACH protocols by varying the number of nodes per round. The Sec-LEACH protocol is used to reduce the security attacks from the outsider intruders in a cluster, increases the lifetime of the network, and reduces the number of compromised nodes and energy consumption, thereby improving the overall performance of LEACH protocol.