Radio Frequency Identification (RFID) technology is expected to play a key role in the Internet of Things (IoT) and has applications in a wide variety of domains ranging from automation to healthcare systems. Therefore, the security and privacy of RFID communication is critical. In this paper, we analyze two recent RFID protocols proposed by researchers. Specifically we show that the ownership transfer protocol proposed by Wang et al., is vulnerable to tracing attacks while the mutual authentication protocol proposed by Cho et al. is vulnerable to key disclosure and backward traceable attacks. We propose secure improvements to these protocols to address the vulnerabilities, and improve the scalability of these schemes making them suitable for large-scale deployments.
相似文献Machine-to-machine (M2M) is an important part of Internet of Things (IoT), and is used to describe those technologies applied in wireless communication automatically between mechanics or electronics instruments. With the rapid development and wide application of the Internet of Things, IETF is assigned to design IPv6 over low power wireless personal area network (6LoWPAN). The address of IPv6 is indefinite, which means it can satisfy addressing requirements for M2M. The 6LoWPAN standard has clarified important issues in M2M, but communication security has not been effectively resolved. In this article, we analyzed the existing security protocol for M2M communication in 6LoWPAN. The analysis result shows that the protocol has the defect of data leakage after the node is captured. In addition, the EAKES6Lo protocol is also vulnerable to sinkhole attacks and plaintext-chosen attacks. Based on the above analysis, an M2M communication mutual authentication protocol based on 6LoWPAN in unattended operation is proposed. The protocol establishes a reasonable secret key distribution mechanism and designs an anti-capture attack detection method for unattended nodes to resist attacks, such as replay attacks, sinkhole attacks, plaintext-chosen attacks, and physical capture attacks. Finally, the security of the protocol is proved by BAN.
相似文献Nicanfar and Leung proposed a multilayer consensus elliptic curve based password authenticated key-exchange (MCEPAK) protocol for smart grid. They claimed that their protocol is secure against possible attacks. In this paper, we show that the MCEPAK protocol is vulnerable to the dictionary attack and an adversary can obtain the passwords of the appliances by eavesdropping the communicated messages in the protocol. Moreover, we state that the passwords can be discovered by curious operators of the building area networks and the neighbor area networks. Theses weaknesses motivated us to introduce a chaotic maps based authenticated key exchange protocol for smart grid. To the best of our knowledge, the chaotic maps based key exchange protocol has not yet been devised for smart grid and the same objective has been fulfilled in this paper. In addition, we prove the security of the proposed protocol by a formal analysis.
相似文献In recent times, a phishing attack has become one of the most prominent attacks faced by internet users, governments, and service-providing organizations. In a phishing attack, the attacker(s) collects the client’s sensitive data (i.e., user account login details, credit/debit card numbers, etc.) by using spoofed emails or fake websites. Phishing websites are common entry points of online social engineering attacks, including numerous frauds on the websites. In such types of attacks, the attacker(s) create website pages by copying the behavior of legitimate websites and sends URL(s) to the targeted victims through spam messages, texts, or social networking. To provide a thorough understanding of phishing attack(s), this paper provides a literature review of Artificial Intelligence (AI) techniques: Machine Learning, Deep Learning, Hybrid Learning, and Scenario-based techniques for phishing attack detection. This paper also presents the comparison of different studies detecting the phishing attack for each AI technique and examines the qualities and shortcomings of these methodologies. Furthermore, this paper provides a comprehensive set of current challenges of phishing attacks and future research direction in this domain.
相似文献The Internet of Things is an emerging area which deals with transfer of the data through the wired or wireless network. The prime thing that needs to be addressed in this is the security of the data that must be transferred within the optimized time limit. In this paper, throughput and time delay are need to be considered for the optimized data transfer and while concentrating on this, there is a possibility of allowing the data to be vulnerable to attacks. Security algorithms currently available may be adequate for the wired system and not as the same for wireless scenario. PRESENT cipher is a one of the popular cryptosystem used in wireless which falls under the light weight cryptography category. Gift cipher is an enhanced version of PRESENT cipher. Which aims that maximizing the throughput. In this, iteration structure used for encryption. This can still be improved and optimized in terms of increased data rate and reduced time delay. In this paper, implements the optimization technique of the existing GIFT cipher and throughput is considered as the performance metrics. Pipeline and sub-stage pipeline techniques are used for enhancing the architecture.
相似文献The wireless capabilities of modern Implantable Medical Devices (IMDs) make them vulnerable to security attacks. One prominent attack, which has disastrous consequences for the patient’s wellbeing, is the battery Denial-of-Service attack whereby the IMD is occupied with continuous authentication requests from an adversary with the aim of depleting its battery. Zero-Power Defense (ZPD), based on energy harvesting, is known to be an excellent protection against these attacks. This paper raises essential design considerations for employing ZPD techniques in commercial IMDs, offers a critical review of ZPD techniques found in literature and, subsequently, gives crucial recommendations for developing comprehensive ZPD solutions.
相似文献In delay-tolerant networks (DTNs), intermittent network connectivity and lack of global system information pose serious challenges to achieve effective data forwarding. Most state-of-the-art DTN routing algorithms are based on hill-climbing heuristics in order to select the best available next hop to achieve satisfactory network throughput and routing efficiency. An adverse consequence of this approach is that a small subset of good users take on most of the forwarding tasks. This can quickly deplete scarce resources (e.g. storage, battery, etc.) in heavily utilized devices which degrades the network reliability. A system with a significant amount of traffic carried by a small number of users is not robust to denial of service attacks and random failures. To overcome these deficiencies, this paper proposes a new routing algorithm, DTN-Balance, that takes the forwarding capacity and forwarding queue of the relay nodes into account to achieve a better load distribution in the network. For this, we defined a new routing metric called message forwarding utility combining nodal available bandwidth and forwarding workload. Applying small world theory, we impose an upper bound on the end-to-end hop count that results in a sharp increase in routing efficiency. Queued messages in a forwarding node are arranged by DTN-Balance based on message dropping utility metric for a more intelligent decision in the case of a message drop. The performance of our method is compared with that of the existing algorithms by simulations on real DTN traces. The results show that our algorithm provides outstanding forward efficiency at the expense of a small drop in the throughput.
相似文献In the routing discovery phase of the Mobile Ad hoc Networks (MANETs), the source node tries to find a fast and secure path to transmit data. However, the adversaries attempt to get the rights of routing during this phase ,then the networks can easily be paralyzed during the data transmission phase. During the routing discovery phase, finding a good path is already a challenge and verifying the security of the established path without revealing any privacy of the nodes adds a new dimension to the problem. In this paper, we present SRDPV, an approach that helps the source find the benign destination dynamically and conducts privacy-preserving verification of the path. Our approach first finds the benign destination. Then, it spreads the verification tasks across multiple nodes and verifies the log entries without revealing private data of the nodes. Unlike the traditional debugging system to detect the faults or misbehaviors of the nodes after the attacks, SRDPV can guarantee the source to avoid transmitting data through malicious nodes at the beginning and perform the verification without introducing a third party. We demonstrate the effectiveness of the approach by applying SRDPV in two scenarios: resisting the collaborative black-hole attack of the AODV protocol and detecting injected malicious intermediated routers which commit active and passive attacks in MANETs. We compared our approach with the existing secure routing algorithms and the results show that our approach can detect the malicious nodes, and the overhead of SRDPV is moderate.
相似文献Authentication schemes are widely used mechanisms to thwart unauthorized access of resources over insecure networks. Several smart card based password authentication schemes have been proposed in the literature. In this paper, we demonstrate the security limitations of a recently proposed password based authentication scheme, and show that their scheme is still vulnerable to forgery and offline password guessing attacks and it is also unable to provide user anonymity, forward secrecy and mutual authentication. With the intention of fixing the weaknesses of that scheme, we present a secure authentication scheme. We show that the proposed scheme is invulnerable to various attacks together with attacks observed in the analyzed scheme through both rigorous formal and informal security analysis. Furthermore, the security analysis using the widely-accepted Real-Or-Random (ROR) model ensures that the proposed scheme provides the session key (SK) security. Finally, we carry out the performance evaluation of the proposed scheme and other related schemes, and the result favors that the proposed scheme provides better trade-off among security and performance as compared to other existing related schemes.
相似文献Internet of Things (IoT) and its applications are the most popular research areas at present. The characteristics of IoT on one side make it easily applicable to real-life applications, whereas on the other side expose it to cyber threats. Denial of Service (DoS) is one of the most catastrophic attacks against IoT. In this paper, we investigate the prospects of using machine learning classification algorithms for securing IoT against DoS attacks. A comprehensive study is carried on the classifiers which can advance the development of anomaly-based intrusion detection systems (IDSs). Performance assessment of classifiers is done in terms of prominent metrics and validation methods. Popular datasets CIDDS-001, UNSW-NB15, and NSL-KDD are used for benchmarking classifiers. Friedman and Nemenyi tests are employed to analyze the significant differences among classifiers statistically. In addition, Raspberry Pi is used to evaluate the response time of classifiers on IoT specific hardware. We also discuss a methodology for selecting the best classifier as per application requirements. The main goals of this study are to motivate IoT security researchers for developing IDSs using ensemble learning, and suggesting appropriate methods for statistical assessment of classifier’s performance.
相似文献Intrusion Detection System (IDS) is crucial to protect smartphones from imminent security breaches and ensure user privacy. Android is the most popular mobile Operating System (OS), holding above 85% market share. The traffic generated by smartphones is expected to exceed the one generated by personal computers by 2021. Consequently, this prevalent mobile OS will stay one of the most attractive targets for potential attacks on fifth generation mobile networks (5G). Although Android malware detection has received considerable attention, offered solutions mostly rely on performing resource intensive analysis on a server, assuming a continuous connection between the device and the server, or on employing supervised Machine Learning (ML) algorithms for profiling the malware’s behaviour, which essentially require a training dataset consisting of thousands of examples from both benign and malicious profiles. However, in practice, collecting malicious examples is tedious since it entails infecting the device and collecting thousands of samples in order to characterise the malware’s behaviour and the labelling has to be done manually. In this paper, we propose a novel Host-based IDS (HIDS) incorporating statistical and semi-supervised ML algorithms. The advantage of our proposed IDS is two folds. First, it is wholly autonomous and runs on the mobile device, without needing any connection to a server. Second, it requires only benign examples for tuning, with potentially a few malicious ones. The evaluation results show that the proposed IDS achieves a very promising accuracy of above 0.9983, reaching up to 1.
相似文献