• Convergence Security Journal
• /
• v.8 no.1
• /
• pp.19-26
• /
• 2008

In wireless sensor networks, an adversary can launch the wormhole attacks, where a malicious node captures packets at one location and tunnels them to a colluding node, which retransmits them locally. The wormhole attacks are very dangerous against routing protocols since she might launch these attacks during neighbor discovery phase. A strategic placement of a wormhole can result in a significant breakdown in communication across the network. This paper presents a compromise-resilient tunneled packet filtering method for sensor networks. The proposed method can detect a tunneled message with hop count alteration by a comparison between the hop count of the message and one of the encrypted hop counts attached in the message. Since the proposed method limits the amount of security information assigned to each node, the impact of wormhole attacks using compromised nodes can be reduced.

• Journal of applied mathematics & informatics
• /
• v.30 no.5_6
• /
• pp.847-864
• /
• 2012

In recent years, using computer networks (wired and wireless networks) has been widespread in many applications. As computer networks become increasingly complex, the accompanied potential threats also grow to be more sophisticated and as such security has become one of the major concerns in them. Prevention methods alone are not sufficient to make them secure; therefore, detection should be added as another defense before an attacker can breach the system. Intrusion Detection Systems (IDSs) have become a key component in ensuring systems and networks security. An IDS monitors network activities in order to detect malicious actions performed by intruders and then initiate the appropriate countermeasures. In this paper, we present a survey and taxonomy of intrusion detection systems and then evaluate and compare them.

• Journal of Communications and Networks
• /
• v.18 no.1
• /
• pp.105-111
• /
• 2016

Trust models in the literature of MANETs commonly assume that packets have different security requirements. Before a node forwards a packet, if the recipient's trust level does not meet the packet's requirement level, then the recipient must perform certain security association procedures, such as re-authentication. We present in this paper an analysis of the epidemic broadcast delay in such context. The network, mobility and trust models presented in this paper are quite generic and allow us to obtain the delay component induced only by the security associations along a path. Numerical results obtained by simulations also confirm the accuracy of the analysis. In particular, we can observe from both simulation's and analysis results that, for large and sparsely connected networks, the delay caused by security associations is very small compared to the total delay of a packet. This also means that parameters like network density and nodes' velocity, rather than any trust model parameter, have more impact on the overall delay.

• International Journal of Computer Science & Network Security
• /
• v.24 no.4
• /
• pp.155-162
• /
• 2024

Anonymity online has been an ever so fundamental topic among journalists, experts, cybersecurity professionals, corporate whistleblowers. Highest degree of anonymity online can be obtained by mimicking a normal everyday user of the internet. Without raising any flags of suspicion and perfectly merging with the masses of public users. Online Security is a very diverse topic, with new exploits, malwares, ransomwares, zero-day attacks, breaches occurring every day, staying updated with the latest security measures against them is quite expensive and resource intensive. Network security through anonymity focuses on being unidentifiable by disguising or blending into the public to become invisible to the targeted attacks. By following strict digital discipline, we can avoid all the malicious attacks as a whole. In this paper we have demonstrated a proof of concept and feasibility of securing yourself on a network by being anonymous.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.1
• /
• pp.139-144
• /
• 2007

A broadcast authentication is important and fundamental consideration for security in wireless sensor networks. Perigg et al suggests ${\mu}-TESLA$ used a key chain. But it is unavoidable the delay of time to authenticate packets. so it is hard to meet the property that most application of sensor are performed in real-time. To cope with these problems we propose an efficient broadcast authentication scheme which has no delay of time and provides re-keying mechanism. we also describe an analysis of security and efficiency for this scheme.

• Journal of Communications and Networks
• /
• v.16 no.6
• /
• pp.592-599
• /
• 2014

Cloud computing enables users to easily store their data and simply share data with others. Due to the security threats in an untrusted cloud, users are recommended to compute verification metadata, such as signatures, on their data to protect the integrity. Many mechanisms have been proposed to allow a public verifier to efficiently audit cloud data integrity without receiving the entire data from the cloud. However, to the best of our knowledge, none of them has considered about the efficiency of public verification on multi-owner data, where each block in data is signed by multiple owners. In this paper, we propose a novel public verification mechanism to audit the integrity of multi-owner data in an untrusted cloud by taking the advantage of multisignatures. With our mechanism, the verification time and storage overhead of signatures on multi-owner data in the cloud are independent with the number of owners. In addition, we demonstrate the security of our scheme with rigorous proofs. Compared to the straightforward extension of previous mechanisms, our mechanism shows a better performance in experiments.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.18 no.3
• /
• pp.779-800
• /
• 2024

Unmanned Aerial Vehicle (UAV) networks, also known as drone networks, have gained significant attention for their potential in various applications, including communication. UAV networks for communication involve using a fleet of drones to establish wireless connectivity and provide communication services in areas where traditional infrastructure is lacking or disrupted. UAV communication networks need to be highly secured to ensure the technology's security and the users' safety. The proposed survey provides a comprehensive overview of the current state-of-the-art UAV network security solutions. In this paper, we analyze the existing literature on UAV security and identify the various types of attacks and the underlying vulnerabilities they exploit. Detailed mitigation techniques and countermeasures for the protection of UAVs are described in this paper. The survey focuses on the implementation of novel technologies like Q-learning, blockchain, IRS, and mmWave. This paper discusses network simulation tools that range in complexity, features, and programming capabilities. Finally, future research directions and challenges are highlighted.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.2 no.5
• /
• pp.265-277
• /
• 2008

In spite of previous common assumptions about the incompatibility of public key cryptography (PKC) schemes with wireless sensor networks (WSNs), recent works have shown that they can be utilized for such networks in some manner. The major challenge of employing a PKC-based scheme in a wireless sensor network is posed by the resource limitations of the tiny sensors. Considering this sensor feature, in this paper we propose an efficient PKC-based security architecture with relatively lower resource requirements than those of previously proposed PKC schemes for WSN. In addition, our scheme aims to provide robust security in the network. Our security architecture comprises two basic components; a key handshaking scheme based on simple, linear operations and the derivation of a decryption key by a receiver node. Our architecture enables node-to-base-station and node-to-node secure communications. Analysis and simulation results show that our proposed architecture ensures a good level of security for network communications, and can be effectively implemented with the limited computational, memory, and energy budgets of current-generation sensor nodes.

• Journal of Communications and Networks
• /
• v.13 no.6
• /
• pp.583-590
• /
• 2011

Full-mesh IPSec tunnels pass through a black ("unsecure") network (B-NET) to any red ("secure") networks (RNETs). These are needed in military environments, because they enable dynamically changing R-NETs to be reached from a BNET. A dynamically reconfiguring security policy database (SPD) is very difficult to manage, since the R-NETs are mobile. This paper proposes advertisement process technologies in association with the tunnel gateway's protocol that sends 'hello' and 'prefix advertisement (ADV)' packets periodically to a multicast IP address to solve mobility and security issues. We focus on the tunnel gateway's security policy (SP) adaptation protocol that enables R-NETs to adapt to mobile environments and allows them to renew services rapidly soon after their redeployment. The prefix ADV process enables tunnel gateways to gather information associated with the dynamic changes of prefixes and the tunnel gateway's status (that is, 'down'/restart). Finally, we observe two different types of performance results. First, we explore the effects of different levels of R-NET movements on SP adaptation latency. Next, we derive the other SP adaptation latency. This can suffer from dynamic deployments of tunnel gateways, during which the protocol data traffic associated with the prefix ADV protocol data unit is expected to be severe, especially when a certain tunnel gateway restarts.

• Journal of Digital Contents Society
• /
• v.16 no.1
• /
• pp.1-12
• /
• 2015

In this paper, we analyze the research trend and problems of the existing virtualization technology and present the most applicable virtualization technology in order to apply the technology to the operation of novel reliable networks. By using the virtualization technology, there is advantage in that the utilization of resource becomes higher and maintenance cost goes down. While, from the security perspective, there exist advantage in using the virtualization, it also introduces new vulnerabilities due to the adoption. Thus it is necessary to analyze the problem and establish the strategy to solve it. Therefore we derive threat elements to the virtualized system, analyze and describe the virtualization security policy.