Risk based Security Enforcement in Software Defined Network

基于风险的软件定义网络安全策略

Computers & Security, Volume 78, September 2018, Pages 321-335

Bata Krishna Tripathy, Debi Prasad Das, Swagat Kumar Jena, Padmalochan Bera

摘要：Software Defined Network (SDN) paradigm provides intelligent and efficient management of different network control functions (NF) depending on changes in traffic behavior, service providers’ requirements and application context. However, the logical centralization of controllers’ functions opens up challenges towards enforcing security perimeter over the underlying network and the assets involved. In this paper, we propose a risk assessment model for pro-active secure flow control and routing of traffic in SDN. The proposed model determines threat value of different SDN entities by analyzing vulnerability and exposure with respect to Common Vulnerability Scoring System (CVSS). The risk of a given traffic is calculated as cumulative threat values of the SDN entities that guides the flow and routing control functions in generating secure flow rules for the forwarding switches. The efficacy of the proposed model is demonstrated through extensive case studies of an enterprise network.

Unpredictable cryptographic primitives for the Robust Wireless Network Security  

基于无法预测密码原语的鲁棒无线网络安全

Procedia Computer Science, Volume 134, 2018, Pages 316-321

Younes Asimi, Ahmed Asimi, Azidine Guezzaz, Zakariae Tbatou, Yassine Sadqi

摘要：A robust stream cipher algorithm is defined as unpredictable and random generator of the keystreams under minimal perturbations over its inputs. It provides too strong encryption resisting to the attacks founded on the correlation of the regenerated keystreams. The robustness of a wireless network security requires efficient cryptographic primitives and security protocols able to prove the integrity, authentication and confidentiality of the sensitive information. In this paper, we aim to enhance the data confidentiality and integrity of the wireless network. To highlight the data integrity, we introduce a dynamic integrity check code that calculates a checksum from primitive polynomials generator. In our contribution, we focus on the dynamist, unpredictability and non-traceability of sensitive information. We progress our system by a process of regeneration of the primitive polynomials proper to any communication session without touching the internal behavior of the habitual systems. We aim also to introduce a solution which influences by any minimal perturbation on the sensitive elements. It inspires its robustness by its aptitude to regenerate lightweight, dynamic and robust cryptographic primitives able to ensure robust wireless network security.

Mobile Network Security and Privacy in WSN  

无线传感器网络中的移动网络安全

Procedia Computer Science, Volume 129, 2018, Pages 324-330

Yuan Gao, Hong Ao, Zenghui Feng, Weigui Zhou, Wanbin Tang

摘要：This paper discuss the term threats, attacks and vulnerabilities in Wireless Sensor Networks followed by a model that relates the three entities. Based on the model, a framework of Trusted Wireless Sensor node is presented consisting of two major sections which are platform security enhancement and Trusted Authentication protocol to enhance sensor nodes security features and confirm the fidelity of node joining the network respectively. The design of the framework is in line with Trusted Computing Group specifications toward trusted platform implementation. Finally, brief analysis on the proposed framework is presented.

A novel security scheme for Body Area Networks compatible with smart vehicles  

兼容体域网的智能车辆安全方案

Computer Networks, Volume 143, 9 October 2018, Pages 74-81

Junchao Wang, Kaining Han, Anastasios Alexandridis, Zeljko Zilic, Gwanggil Jeon

摘要：The growth of Body Area Networks (BANs) has caused significant academic and industrial research attention, as the concept of BANs provides a feasible solution for real-time health condition monitoring. Meanwhile, Vehicle Area Networks (VANs) support communications in smart vehicles and intelligent traffic systems. In practical situations, the two areas overlap in multiple circumstances and their combination could offer a variety of services that benefit from their complementary nature. The rapid development of BAN and VAN requires advanced security techniques to protect communications since both BANs and VANs are transmitting increasingly mission-critical and private data. Therefore, a novel security scheme consisting of enhanced authentication and encryption solutions, which is dedicated in the overlapping area of VAN and BAN, is proposed in this paper. The key aspects of the security scheme were implemented and evaluated in a Field-Programmable Gate Array (FPGA). The evaluation results illustrate that the proposed security scheme has the advantages of low power consumption, low latency, and low resource utilization.

Enabling individually entrusted routing security for open and decentralized community networks  

开放与分散式社区网络的个体委托路由安全

Ad Hoc Networks, Volume 79, October 2018, Pages 20-42

Axel Neumann, Leandro Navarro, Llorenç Cerdà-Alabern

摘要：Routing in open and decentralized networks relies on cooperation. However, the participation of unknown nodes and node administrators pursuing heterogeneous trust and security goals is a challenge. Community-mesh networks are good examples of such environments due to their open structure, decentralized management, and ownership. As a result, existing community networks are vulnerable to various attacks and are seriously challenged by the obligation to find consensus on the trustability of participants within an increasing user size and diversity. We propose a practical and novel solution enabling a secured but decentralized trust management. This work presents the design and analysis of securely-entrusted multi-topology routing (SEMTOR), a set of routing-protocol mechanisms that enable the cryptographically secured negotiation and establishment of concurrent and individually trusted routing topologies for infrastructure-less networks without relying on any central management. The proposed mechanisms have been implemented, tested, and evaluated for their correctness and performance to exclude non-trusted nodes from the network. Respective safety and liveness properties that are guaranteed by our protocol have been identified and proven with formal reasoning. Benchmarking results, based on our implementation as part of the BMX7 routing protocol and tested on real and minimal (OpenWRT, 10 Euro) routers, qualify the behaviour, performance, and scalability of our approach, supporting networks with hundreds of nodes despite the use of strong asymmetric cryptography.