Open Access
submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Indexed in Scopus

Journal of Cyber Security and Mobility

Ashutosh Dutta, Johns Hopkins University, USA
Ruby Lee, Princeton University, USA
Neeli R. Prasad, International Technological University, San Jose, USA
Wojciech Mazurczyk, Warsaw University of Technology, Poland

Associate Editor:
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur, India

ISSN: 2245-1439 (Print Version),

ISSN: 2245-4578 (Online Version)
Vol: 6   Issue: 2

Published In:   April 2017

Publication Frequency: Quarterly

Search Available Volume and Issue for Journal of Cyber Security and Mobility

Journal Description        Read Full Articles        Editorial Board        Subscription        Indexed       Opinions

Steganography for Cyber-physical Systems

Steffen Wendzel1,2, Wojciech Mazurczyk3 and Georg Haas1

1Worms University of Applied Sciences, Germany
2Fraunhofer FKIE, Germany
3Warsaw University of Technology, Poland

Abstract: [+]    |    Download File [ 1286KB ]    |   Read Article Online

Abstract: Cyber-physical Systems (CPS) have raised serious security concerns and thus have been subjected to intensive security research lately. Recent publications have shown that there is a potential to transfer hidden information through CPS environments. In comparison to these existing studies, we demonstrate that CPS cannot only be used to covertly transfer secret data but also to store secret data. Using an analogy to the biological concept of animal scatter hoarding behavior we exemplify CPS secret data storage using automated buildings.

Keywords: Cyber-physical Systems (CPS), Internet of Things (IoT), Steganography, Covert Channels, Information Hiding, Smart Home, Smart Building, BACnet.

An Anonymous Inter-Network Routing Protocol for the Internet of Things

Paolo Palmieri1, Luca Calderoni2 and Dario Maio2

1Cranfield University, Centre for Electronic Warfare Information
and Cyber Shrivenham, Swindon SN6 8LA, United Kingdom
2University of Bologna, Dept. of Computer Science and Engineering Cesena, 47521, Italy

Abstract: [+]    |    Download File [ 421KB ]    |   Read Article Online

Abstract: With the diffusion of the Internet of Things (IoT), computing is becoming increasingly pervasive, and different heterogeneous networks are integrated into larger systems. However, as different networks managed by different parties and with different security requirements are interconnected, security becomes a primary concern. IoT nodes, in particular, are often deployed “in the open”, where an attacker can gain physical access to the device. As nodes can be deployed in unsurveilled or even hostile settings, it is crucial to avoid escalation from successful attacks on a single node to the whole network, and from there to other connected networks. It is therefore necessary to secure the communication within IoT networks, and in particular, maintain context information private, including the network topology and the location and identity of the nodes.

In this paper, we propose a protocol achieving anonymous routing between different interconnected networks, designed for the Internet of Things and based on the spatial Bloom filter (SBF) data structure. The protocol enables private communication between the nodes through the use of anonymous identifiers, which hide their location and identity within the network. As routing information is encrypted using a homomorphic encryption scheme, and computed only in the encrypted domain, the proposed routing strategy preserves context privacy, preventing adversaries from learning the network structure and topology. This, in turn, significantly reduces their ability to gain valuable network information from a successful attacks on a single node of the network, and reduces the potential for attack escalation.

Keywords: Internet of Things, Privacy-preserving Technologies, Anonymous Routing, Spatial Bloom Filters.

Enhanced Ant Colony-Inspired Parallel Algorithm to Improve Cryptographic PRNGs

Jörg Keller1, Gabriele Spenger1, and Steffen Wendzel1

1FernUniversit¨at in Hagen, Germany
2Worms University of Applied Science, Germany

Abstract: [+]    |    Download File [ 3211KB ]    |   Read Article Online

Abstract: We present and motivate a parallel algorithm to compute promising candidate states for modifying the state space of a pseudo-random number generator in order to increase its cycle length. This is important for generators in low-power devices where increase of state space to achieve longer cycles is not an alternative. The runtime of the parallel algorithm is improved by an analogy to ant colony behavior: if two paths meet, the resulting path is followed at accelerated speed just as ants tend to reinforce paths that have been used by other ants. We evaluate our algorithm with simulations and demonstrate high parallel efficiency that makes the algorithm well-suited even for massively parallel systems like GPUs. Furthermore, the accelerated path variant of the algorithm achieves a runtime improvement of up to 4% over the straightforward implementation.

Keywords: Pseudo-Random Generators, Parallel Efficiency, Ant Colony, Lightweight Cryptography.

Machine Learning Approach for Detection of nonTor Traffic

Elike Hodo1, Xavier Bellekens2, Ephraim Iorkyase1, Andrew Hamilton1, Christos Tachtatzis1 and Robert Atkinson1

1University of Strathclyde, Scotland
2University of Abertay Dundee, Scotland

Abstract: [+]    |    Download File [ 2505KB ]    |   Read Article Online

Abstract: Intrusion detection has attracted a considerable interest from researchers and industry. After many years of research the community still faces the problem of building reliable and efficient intrusion detection systems (IDS) capable of handling large quantities of data with changing patterns in real time situations. The Tor network is popular in providing privacy and security to end user by anonymizing the identity of internet users connecting through a series of tunnels and nodes. This work identifies two problems; classification of Tor traffic and nonTor traffic to expose the activities within Tor traffic that minimizes the protection of users in using the UNB-CIC Tor Network Traffic dataset and classification of the Tor traffic flow in the network. This paper proposes a hybrid classifier; Artificial Neural Network in conjunction with Correlation feature selection algorithm for dimensionality reduction and improved classification performance. The reliability and efficiency of the propose hybrid classifier is compared with Support Vector Machine and naïve Bayes classifiers in detecting nonTor traffic in UNB-CIC Tor Network Traffic dataset. Experimental results show the hybrid classifier, ANN-CFS proved a better classifier in detecting nonTor traffic and classifying the Tor traffic flow in UNB-CIC Tor Network Traffic dataset.

Keywords: Artificial neural network, support vector machines, intrusion detection systems, Naïve Bayes, Tor and nonTor, UNB-CIC Tor Network Traffic dataset.

Rethinking the Use of Resource Hints in HTML5: Is Faster Always Better!?

N. Vlajic, X. Y. Shi, H. Roumani and P. Madani

Department of Electrical Engineering and Computer Science, York University, Toronto, Canada

Abstract: [+]    |    Download File [ 4700KB ]    |   Read Article Online

Abstract: To date, much of the development in Web-related technologies has been driven by the users' quest for ever faster and more intuitive WWW. One of the most recent trends in this development is built around the idea that a user's WWW experience can further be improved by predicting and/or preloading Web resources that are likely sought by the user, ahead of time. Resource hints is a set of features introduced in HTML5 and intended to support the idea of predictive preloading in the WWW. Inspite of the fact that resource hints were originally intended to enhance the online user experience, their introduction has unfortunately created a vulnerability that can be exploited to attack the user's privacy, security and reputation, or to turn the user's computer into a bot that can compromise the integrity of business analytics.

In this article we outline six different scenarios (i.e., attacks) in which the resource hints could end up turning the browser into a dangerous tool that acts without the knowledge of and/or against its very own user. What makes these attacks particularly concerning is the fact that they are extremely easy to execute, and they do not require that any form of client-side malware be implanted on the user machine. While one of the attacks is (just) a new form of the well-known cross-site request forgery attacks, the other attacks have not been addressed much or at all in the research literature. Through this work, we ultimate hope to make the wider Internet community critically rethink the way the resource hints are implemented and used in today's WWW.

Keywords: Resource hints, Unsolicited Web requests, User privacy, User reputation, Browser forensics,Web attacks, HTML5, Chrome.

River Publishers: Journal of Cyber Security and Mobility