Security Flaws Research Articles

Network intrusion detection in software defined networking with self-organized constraint-based intelligent learning framework

With the advent of internet and communication system, a huge number of opportunities have been presented to humans, however, its vision will not be easy and comfortable. Instead the current network systems are filled up with slew of problems that must be addressed on timely basis. One of the prominent concerns in IoT is security. A number of security methods have been proposed but they are still in their lowest levels and needs upgrade. One such solution is Software defined network (SDN). Although SDN is anticipated to provide a favorable atmosphere for different security activities in IoT, there is still so much progress to be made because SDN cannot solve security challenges on its own. Furthermore, the SDN inherently imposes additional security flaws. Because of the large susceptibility area in SDN-based IoT systems, a wide range of faults like DOS, DDOS, U2R etc., are directed against them. In addition to this, majority of the current IDS were based on machine learning techniques, however, the problem with such methods was that they generated high false rates and were not producing effective results when datasets were non-linear. Moreover, overfitting caused by the noisy data also hindered the performance of ML based systems. Therefore, the objective is to review and provide an effective and efficient intrusion detection techniques that solves the issues addressed.

STAKEHOLDERS' PERSPECTIVES ON WEARABLE INTERNET OF MEDICAL THINGS PRIVACY AND SECURITY

The Internet of Medical Things (IoMT) is, in fact, a fast-developing healthcare technology that has a great deal of room for improvement in terms of security. Like any other device that is linked to the internet, IoMT is susceptible to security flaws. These breaches have the potential to have an influence not just on the operation of the device, but also on the security and privacy of the data (S&P). The fallout from these violations may have potentially catastrophic and even life-threatening effects. A stakeholder-centric approach was used in the technique that was developed, with the goal of increasing the level of security of transportable IoMT devices. The suggested technique to measure the level of security present inside wearable IoMT’s is based on a combination of S&P characteristics that have been defined for such devices. Second, a technique was developed for measuring the level of security included inside such devices. At the end of the presentation, a case study was given to show how the conceptual framework may be used to the grading of Wearable IoMT’s with regard to features of S&P. The purpose of this paper is to assist hesitant consumers in choosing an IoMT device that is secure, to encourage healthy competition among makers of IoMT devices, and to ultimately raise the bar for the safety of mobile IoMT devices

SAPWSN: A Secure Authentication Protocol for Wireless Sensor Networks

With the advancement of RFID systems, there is a need for secure RFID authentication that can provide security against a variety of attacks, so designing a perfectly safe protocol has become a security challenge. The most remarkable security challenges may be information leakage, traceability, and tag impersonation. Several researchers have attempted to address this security demand by proposing ultra-lightweight solutions that use only very low-cost operations such as bit-wise operations. However, approximately all of the presented previous ultra-lightweight authentication schemes are vulnerable to a variety of attacks. For this purpose, Chiou and Chang recently proposed an EPC Class 1 Gen-2-based RFID authentication protocol and claimed it is resistant against replay attacks and also other known active and passive attacks. They also stated that their proposed protocol does not require features such as a secure channel, time parameters, or virtual IDs. In this paper, we will investigate the security of the Chiou and Chang authentication scheme and demonstrate that it is completely insecure. Specifically, we will present the security faults of this scheme. In addition, we will present an enhanced protocol called SAPWSN. The proposed protocol presents precise authentication and highly secure transfers. We demonstrate the proposed protocol’s security in the formal and informal methods. In the formal method, we use the Compromise version of Scyther tool.

Security of a PUF Mutual Authentication and Session Key Establishment Protocol for IoT Devices

Recently, Zerrouki et al. proposed a Physically Unclonable Function (PUF) mutual authentication and session key establishment protocol for IoT (Internet of Things) devices. Zerrouki et al.’s PUF protocol is interesting because it does not require the storage of any sensitive information on the local memory of the IoT device, which avoids many potential attacks, especially side-channel attacks. Therefore, we carefully investigate the security of Zerrouki et al.’s PUF protocol under the leakage assumption of the session key. Our findings are in the following. First, Zerrouki et al.’s PUF protocol fails to provide known-key security. That is, the adversary can impersonate not only the server to cheat the IoT device but also the IoT device to cheat the server when the adversary corrupts a session key between the server and the IoT device. Second, Zerrouki et al.’s PUF protocol suffers from the key-compromise impersonation attack. It means that the adversary can impersonate the IoT device to cheat the server if the adversary discloses the server’s secret key. Third, Zerrouki et al.’s PUF protocol does not support backward secrecy for the session key. That is, the adversary is always able to derive the session key from the previous session key. We also suggest the root cause of these security flaws in Zerrouki et al.’s PUF protocol. As a case study, our cryptanalysis results would promote a security model for more robust and efficient PUF authentication and session key establishment protocol. Moreover, our idea of the key compromise can be used to evaluate other novel PUF protocol designs.

IFKMS: Inverse Function-based Key Management Scheme for IoT networks

Due to the rapid growth of the Internet of Things (IoT), secure communication is becoming a significant concern. Nodes that compose such a dynamic network need to exchange sensitive and valuable data. The data must be kept safe against attacks. This protection requires the development of efficient key management protocols. However, this task is challenging because of the high resource constraints of most IoT devices in terms of storage, communication, processing, and energy capabilities. Some existing key management techniques have certain weaknesses since sensitive parameters are not protected during transmission, and cryptographic keys are stored in plain text and usually renewed at a fixed period of time. This paper proposes a new key management protocol aiming to secure communications before and after key establishment. Our scheme uses hash and one–one functions to achieve security during the key establishment process. The symmetrical character of the invertible functions is thus exploited to conceal critical data and pairwise keys stored in nodes’ memories. Moreover, the key refresh period is variable, which can be adjusted according to the number of occurred attacks in the network. BAN (Burrows Abadi Needham) logic is employed to assess the correctness of the proposed scheme. The results show that our scheme operates correctly and does not have redundancies or security flaws. Furthermore, the security and performance analysis point out that the proposed scheme is resilient against well-known attacks, and efficient in terms of storage, communication, computation overhead, and energy consumption.

Provable Secure Authentication Protocol in Fog-Enabled Smart Home Environment

People can access and obtain services from smart home devices conveniently through fog-enabled smart home environments. The security and privacy-preserving authentication protocol play an important role. However, many proposed protocols have one or more security flaws. In particular, almost all the existing protocols for the smart home cannot resist gateway compromised attacks. The adversary can not only know the user’s identity but also launch impersonation attacks. Designing a provable secure authentication protocol that avoids all known attacks on smart homes is challenging. Recently Guo et al. proposed an authentication scheme based on symmetric polynomials in the fog-enabled smart home environment. However, we found that their scheme suffers from gateway compromised attack, desynchronization attack, mobile device loss/stolen and attack, and has no untraceability and perfect forward secrecy. Therefore, we adopt a Physical Unclonable Function (PUF) to resist gateway compromised attack, adopt Elliptic Curve Diffie–Hellman (ECDH) key exchange protocol to achieve perfect forward secrecy, and propose a secure and privacy-preserving authentication protocol, which is provably secure under the random oracle model. According to the comparisons with some related protocols, the proposed protocol has better security and transmission efficiency with the same computation cost level.

A Secure LEACH-PRO Protocol Based on Blockchain.

Wireless Sensor Networks (WSNs) are becoming more popular for many applications due to their convenient services. However, sensor nodes may suffer from significant security flaws, leading researchers to propose authentication schemes to protect WSNs. Although these authentication protocols significantly fulfill the required protection, security enhancement with less energy consumption is essential to preserve the availability of resources and secure better performance. In 2020, Youssef et al. suggested a scheme called Enhanced Probabilistic Cluster Head Selection (LEACH-PRO) to extend the sensors' lifetime in WSNs. This paper introduces a new variant of the LEACH-PRO protocol by adopting the blockchain security technique to protect WSNs. The proposed protocol (SLEACH-PRO) performs a decentralized authentication mechanism by applying a blockchain to multiple base stations to avoid system and performance degradation in the event of a station failure. The security analysis of the SLEACH-PRO is performed using Burrows-Abadi-Needham (BAN) logic and Automated Validation of Internet Security Protocols and Applications (AVISPA) tool. Moreover, the SLEACH-PRO is evaluated and compared to related protocols in terms of computational cost and security level based on its resistance against several attacks. The comparison results showed that the SLEACH-PRO protocol is more secure and requires less computational cost compared to other related protocols.

Understanding Security Risks of Embedded Devices Through Fine-Grained Firmware Fingerprinting

An increasing number of embedded devices are connecting to the Internet, ranging from cameras, routers to printers, while an adversary can exploit security flaws already known to compromise those devices. Security patches are usually associated with the device firmware, which relies on the device vendors and products. Due to compatibility and release-time issues, many embedded devices are still using outdated firmware with known vulnerabilities or flaws. In this article, we conduct a systematic study on device vulnerabilities by leveraging firmware fingerprints. Specifically, we use a web crawler to gather 9,716 firmware images from official websites of device vendors, and 347,685 security reports scattered across data archives, blogs, and forums. We propose to generate fine-grained fingerprints based on the subtle differences between the filesystems of various firmware images. Furthermore, machine learning algorithms and regex are used to identify device vulnerabilities and corresponding device firmware fingerprints. We perform real-world experiments to validate the performance of the firmware fingerprint, which yields high accuracy of 91% precision and 90% recall. We reveal that 6,898 reports have the firmware and related vulnerability information, and there are more than 10% of firmware vulnerabilities without any patches or solutions for mitigating underlying security risks.

Simple Lightweight Cryptographic Algorithm to Secure Imbedded IoT Devices

The internet of things (IoT) revolution has been sparked by the exponential increase in connected devices caused by recent advances in wireless technology. These embedded devices gather, analyze, and send vast data via the network. Data transmission security is a primary problem in IoT networks. Several lightweight encryption/decryption algorithms have been developed for such resource-constraint devices. One of most effective and fast lightweight encryption algorithms for IoT applications is the Tiny Encryption Algorithm (TEA). TEA has few lines source of codes to implement and based on Feistel structure to provide cryptographic primitive confusion and diffusion features in order to hide statistical aspects of plaintext. However, it is vulnerable to assaults using equivalent and related key attacks. This study suggested modifying TEA by employing a new proposed generating keys function using two Linear Feedback Shift Registers (LFSRs) as a combination to address the security flaw caused by utilizing different keys for each round function. The key sensitivity, Avalanche effect, and a completeness test were used to evaluate its security performance. The key sensitivity of the proposed modified TEA outperforms original TEA by 50.18 % to 44.88 %. The modified TEA avalanche effect outperforms TEA by 52.57 % to 47.69 %, and its completeness test outperforms TEA by 51.75 % to 48.36 %. Experimental results indicates that, the encryption performance of proposed modified TEA is better than original TEA.

SEAF: A Scalable, Efficient, and Application-independent Framework for container security detection

Container technology has become a popular development that can conveniently accelerate building, running, and sharing applications. However, a container image packaging a collection of software usually lurks various defects threatening consumer safety, such as embedded malware, software vulnerability, privacy leakage, etc. Moreover, developers and users share container images through a centralized, public, and massive repository (e.g., Docker Hub), which can magnify the impact of these security defects in a fast-spreading way. Unfortunately, existing detection methods cannot effectively or efficiently discover such hidden flaws among the numerous images.This paper proposes a novel method to effectively detect and measure container security flaws embedded in images. Based on the crucial insight that container images are constructed hierarchically, each image depends on layers of forwarding image and adds updated content in layers of itself. Our work mines a Global Relationship Tree (GRT) based on dependency among the images that contain common layers. Meanwhile, by traversing the GRT and leveraging content differential analysis, we can locate the changing content in an image corresponding to defects. Therefore, when checking flaws among numerous images, we make a layer-sensitive detection by reusing common layers’ detection results in iterative processes to boost detection and accurately measure the influence scope of defects. Finally, we summarize and develop a set of detection primitives for scaling our approach to handle various flaws that may lead to multiple risks in potential.Depending upon this method, we implemented SEAF, a Scalable, Efficient, and Application-independent Framework, and evaluated it on popular images of diverse applications in Docker Hub. The experiment result shows that SEAF can discover different security flaws fast. Compared to the state-of-the-art tool, Clair, SEAF is more efficient and can find significantly more types of defects.

TEBDS: A Trusted Execution Environment-and-Blockchain-supported IoT data sharing system

Data sharing services based on massive IoT data have been widely used in various fields such as health monitoring and image recognition, providing users with more reliable, efficient, and flexible data services and significantly improving the user service quality. With the popularization of IoT applications, the usage rate of IoT data is getting higher and higher. Due to the dangerous network environment, the security of IoT data faces challenges. On the one hand, attacks such as data tampering can lead to the failure of IoT tasks, and on the other hand, the intrusion of malicious users can lead to the collapse of the entire IoT network. In recent years, many protection schemes used for IoT data security have been proposed. However, security flaws still exist in these schemes. Therefore, to solve the data security and identity security issues in the IoT data sharing process, in this paper, we propose a TEE-and-Blockchain-supported IoT data sharing architecture(TEBDS), which combines on-chain and off-chain methods to meet the security requirements of the IoT data sharing framework. Therein, the consortium blockchain realizes the protection of on-chain IoT data and the access control of IoT users. An Intel SGX-based Distributed Storage System (SDSS) is proposed to secure off-chain data. Besides, an incentive mechanism is developed to facilitate the whole system. Security analysis shows that TEBDS meets the requirements of data security and identity security. Experimental results show that TEBDS has better performance than the centralized method SPDS.

A Noval and Efficient ECC-Based Authenticated Key Agreement Scheme for Smart Metering in the Smart Grid

With the gradual maturity of the smart grid (SG), security challenges have become one of the important issues that needs to be addressed urgently. In SG, the identity authentication and key agreement protocol between a smart meter (SMSM) and an aggregator (AGAG) is a prerequisite for both parties to establish a secure communication. Some of the existing solutions require high communication cost, some have key escrow problems and security defects. Elliptic curve cryptosystem (ECC) holds the feature of low-key requirement and high security to make it more suitable for the security solutions to the communications in SG. In this paper, we propose a mutual anonymous authentication with an ECC-based key agreement scheme to secure the communications in SG. In addition, we compare our scheme with other existing schemes by the number of encryption operations, the computation delay, and the communication cost. The results indicate that our scheme is more efficient without the loss of safety properties.

A comprehensive review of the security flaws of hashing algorithms

A comprehensive review of the security flaws of hashing algorithms

Attack Dynamics: An Automatic Attack Graph Generation Framework Based on System Topology, CAPEC, CWE, and CVE Databases

Through a built-in security analysis feature based on metadata, this article provides a novel framework that starts with a scenario input and produces a collection of visualizations based on Common Attack Pattern Enumeration and Classification (CAPEC) and Common Weakness Enumeration (CWE) Standards. It immediately links enterprise mitigations from MITRE ATT&CK framework to the security flaws it discovered. It’s also integrated with a third-party optimization tool targeted at cutting security costs for businesses, which it can perform in real-time or later using JSON output in the preferred format, depending on the execution mode. All of these stages are conducted without human intervention. Adaptive metadata with a variety of rules for capturing different sorts of known or prospective attack types allows for the production of attack graphs. It can be used as a quick and practical what-if analysis tool to detect potential intrusions for a variety of network configuration setups and assigned access privileges. As a threat modeler, it is suitable for both novice and expert users. Due to the easy input scheme and human-readable outputs, it can also be utilized as an educational tool.

Literature Review of Mobile Security Enhancement

Abstract: The presented article provides an overview of related literature on the subject of mobile security. The issue was selected as a result of the increase in mobile applications and the underdeveloped discussion surrounding the security of those applications. Cell phones and tablets with mobile operating systems are regarded as mobile devices for the purposes of this essay. More specifically, these are BlackBerry OS (RIM)., iOS, and Android from Google, respectively Even though it's crucial to understand these concepts, the security flaws in the Android OS are the main subject of this literature review. Malware that changes to be somewhat different from the previous version is referred to as polymorphic. Although the malware's functioning is unaffected by the automated code changes, they may make traditional anti-virus detection technologies ineffectual.

Multifactor Authentication Key Management System based Security Model Using Effective Handover Tunnel with IPV6

In the current modern world, the way of life style is being completely changed due to the emerging technologies which are reflected in treating the patients too. As there is a tremendous growth in population, the existing e-Healthcare methods are not efficient enough to deal with numerous medical data. There is a delay in caring of patient health as communication networks are poor in quality and moreover smart medical resources are lacking and hence severe causes are experienced in the health of patient. However, authentication is considered as a major challenge ensuring that the illegal participants are not permitted to access the medical data present in cloud. To provide security, the authentication factors required are smart card, password and biometrics. Several approaches based on these are authentication factors are presented for e-Health clouds so far. But mostly serious security defects are experienced with these protocols and even the computation and communication overheads are high. Thus, keeping in mind all these challenges, a novel Multifactor Key management-based authentication by Tunnel IPv6 (MKMA- TIPv6) protocol is introduced for e-Health cloud which prevents main attacks like user anonymity, guessing offline password, impersonation, and stealing smart cards. From the analysis, it is proved that this protocol is effective than the existing ones such as Pair Hand (PH), Linear Combination Authentication Protocol (LCAP), Robust Elliptic Curve Cryptography-based Three factor Authentication (RECCTA) in terms storage cost, Encryption time, Decryption time, computation cost, energy consumption and speed. Hence, the proposed MKMA- TIPv6 achieves 35bits of storage cost, 60sec of encryption time, 50sec decryption time, 45sec computational cost, 50% of energy consumption and 80% speed.

Hybrid Red Deer Algorithm with Physical Unclonable Function for Security Enhancement in IoT-WSN

In this modern era, Wireless Sensor Network (WSNs) have turned out to be a more attractive option, because of the advancements in communication. If the network is insecure, an attacker can intercept messages and break the sensor nodes’ security; as well as duplicate the authentication codes to launch a variety of attacks. As a result, Physical Unclonable Functions (PUFs) with unpredictable features are encouraged to be used in the development of lightweight cryptographic protocols. This work introduced the Red Deer Algorithm (RDA) with PUF as a new mutual authentication system. When a sensor receives a challenge from the gateway, the inbuilt PUF generates a key and distributes it to the sensor by providing complete resilience against malicious attacks. PUF is resistant to node acquisition, cloning, and malicious attacks, as well as node physical security flaws. Key distribution is moving too quickly and the adversary won’t be able to conduct a harmful attack in time. Furthermore, PUF’s unclonability and unexpected qualities provide key uniqueness and two-way authentication for improving the security. When compared to existing Tunicate Swarm Grey Wolf optimization (TSGWO) and PUF-Based Mutual-Authenticated Key Distribution (PUF-MAKD), the proposed RDA-PUF demonstrated better results. The simulation results are obtained in terms of minimizing energy consumption as 0.7 J, end-to-end delay as 7 sec, packet delivery ratio of 97%, increasing network lifetime to 1330 sec, and improving secure connectivity to 1.211.

SYSTEMATIC LITERATURE REVIEW FOR LIGHTWEIGHT AUTHENTICATION ALGORITHM IN THE IoT

The Internet of Things (IoT) being a promising technology of the future is expected to generate a tremendous amount of data that may be exposed to security flaws. Hence, to protect IoT applications from hackers, lightweight cryptography has been identified as one of the suitable mechanisms since it is designed to fulfil security demands in resource-constrained hardware and software. This paper aims to analyse the current security requirements in designing lightweight cryptography for IoT applications, specifically for integrity and authentication algorithms. There are three objectives to focus on: Determine the current state of integrity and authentication research, investigate the integrity and authentication requirements, and analyse the lightweight authentication algorithm currently used. The Kitchenham systematic review method was adopted using a four-step process. The selected articles in this study were retrieved from four reputable databases and 57 of them were deemed suitable for analysis after meeting the selection criteria. From this systematic literature review, it was discovered that there were three active research focuses on the IoT. The research focuses were mostly on cyberattacks against IoT applications, system security requirements and algorithms for lightweight authentication. Furthermore, the analysis also revealed the convergence of lightweight authentication algorithms to ensure the future sustainability of applications. This study may provide researchers with a reference in designing lightweight authentication algorithms to achieve the desired security requirements for sustainable security management in IoT.

Lightweight Anonymous Authentication and Key Agreement Protocol Based on CoAP of Internet of Things.

To solve the problem regarding the lack of a lightweight and secure authentication and key agreement protocol in the Constrained Application Protocol of the Internet of Things environment, we explore the security flaws and applicability problems in the current related research. Then, we propose a new lightweight authentication and key agreement protocol based on the CoAP framework. The scheme adopts shared secret and elliptic curve public key technology, which ensures the anonymity of the communicators and provides strong security and anti-attack capacity. In terms of security analysis, the Dolev–Yao Adversary model and a security model checking analysis method based on CPN Tools are improved, in order to verify the correctness and security of the proposed scheme. Compared with other schemes, regarding communication overhead, computational cost, and security, the proposed scheme provides a robust and comprehensive security guarantee, although it is not the lightest.

Cyber-Attack Detection in Autonomous Vehicle Networks by Energy Aware Optimal Data Transmission with Game Fuzzy Q-Learning based Heuristic Routing Protocol

The automotive sector has seen a dramatic transition due to rapid technological advancement. Network connection has improved, enabling the transfer of the cars' technologies from being fully machine- to software-controlled. Controller area network (CAN) bus protocol manages network for autonomous vehicles. However, due to the intricacy of data and traffic patterns that facilitate unauthorised access to a can bus and many sorts of assaults, the autonomous vehicle network still has security flaws as well as vulnerabilities. This research proposes novel technique in cyber attack detection in autonomous vehicle networks enhanced data transmission based optimization and routing technique. Here the autonomous vehicle network optimal data transmission has been carried out using energy aware lagrangian multipliers based optimal data transmission. The cyber attack detection has been carried out using fuzzy q-learning based heuristic routing protocol. The experimental results has been carried out based on optimal data transmission and attack detection in terms of throughput of 95%, PDR of 94%, End-end delay of 46%, energy efficiency of 96%, network lifetime of 95%, attack detection rate of 88%.