A Study On Privacy Over Security And Privacy Enhancing Networks

Conway, Everett Lee

01 June 2024

With rapid developments in communication technologies and awareness of security and privacy risks online, Security and Privacy Enhancing Networks (SPENs) have become increasingly popular. Especially during the COVID-19 pandemic, workplaces encouraged employees to take additional security measures, such as VPNs. In this work, we conduct a comprehensive study on website fingerprinting attacks. A comprehensive system model and threat model based on two types of SPENs (Virtual Private Networks and Tor Networks) are presented. Moreover, we demonstrate a website fingerprinting attack by ethically collecting website fetch data and analyzing the collected data using five different machine learning classification models including k nearest neighbors, decision tree, ada boost, and random forest. We find that SPENs are still vulnerable to website fingerprinting attacks which enable attackers to violate users’ behavioral privacy. However, it is not easy to get accurate results, especially over a large number of websites. Furthermore, we discuss a series of recommendations for SPENs to increase behavioral privacy for their customers. Finally, we cover a variety of directions that future work could take.

Behavioral Privacy

Virtual Private Networks

Machine Learning

Network Security

Computer and Systems Architecture

Digital Communications and Networking

Enhancing Zero Trust models in the financial industry through blockchain integration: A proposed framework

Daah, Clement, Qureshi, Amna, Awan, Irfan, Konur, Savas

16 August 2024

Yes / As financial institutions navigate an increasingly complex cyber threat landscape and regulatory ecosystem, there is a pressing need for a robust and adaptive security architecture. This paper introduces a comprehensive, Zero Trust model-based framework specifically tailored for the finance industry. It encompasses identity and access management (IAM), data protection, and device and network security and introduces trust through blockchain technology. This study provides a literature review of existing Zero Trust paradigms and contrasts them with cybersecurity solutions currently relevant to financial settings. The research adopts a mixed methods approach, combining extensive qualitative analysis through a literature review and assessment of security assumptions, threat modelling, and implementation strategies with quantitative evaluation using a prototype banking application for vulnerability scanning, security testing, and performance testing. The IAM component ensures robust authentication and authorisation processes, while device and network security measures protect against both internal and external threats. Data protection mechanisms maintain the confidentiality and integrity of sensitive information. Additionally, the blockchain-based trust component serves as an innovative layer to enhance security measures, offering both tamper-proof verification and increased integrity. Through analysis of potential threats and experimental evaluation of the Zero Trust model’s performance, the proposed framework offers financial institutions a comprehensive security architecture capable of effectively mitigating cyber threats and fostering enhanced consumer trust.

Zero Trust

Identity and access management

Device and network security

Data protection

Blockchain

A Federation Of Sentries: Secure And Efficient Trusted Hardware Element Communication

Ward, Blake A

01 June 2024

Previous work introduced TrustGuard, a design for a containment architecture that allows only the result of the correct execution of approved software to be outputted. A containment architecture prevents results from malicious hardware or software from being communicated externally. At the core of TrustGuard is a trusted, pluggable device that sits on the path between an untrusted processor and the outside world. This device, called the Sentry, is responsible for validating the correctness of all communication before it leaves the system. This thesis seeks to leverage the correctness guarantees that the Sentry provides to enable efficient secure communication between two systems each protected by their own Sentry. This thesis reviews the literature for methods of enabling secure communication between two computer-Sentry pairs. It categorizes the pieces of the solution into three sections: attestation, establishing a tunnel, and communicating securely. Attestation in this context provides evidence of identity. It proposes a new configurable design for a secure network architecture, which includes a new version of the Sentry with a hardware accelerator for secure symmetric encryption, ring oscillator-based physically unclonable functions, and random number generators for attestation and key generation. These design elements are then evaluated based on how they might affect the overall system in terms of resource constraints, performance impacts, and scalability.

TrustGuard

Hardware Security

Network Security

PUF

Computer Architecture

Computer and Systems Architecture

<b>USER-CENTERED DATA ACCESS CONTROL TECHNIQUES FOR SECURE AND PRIVACY-AWARE MOBILE SYSTEMS</b>

Reham Mohamed Sa Aburas (18857674)

25 June 2024

<p dir="ltr">The pervasive integration of mobile devices in today’s modern world, e.g., smartphones, IoT, and mixed-reality devices, has transformed various domains, enhancing user experiences, yet raising concerns about data security and privacy. Despite the implementation of various measures, such as permissions, to protect user privacy-sensitive data, vulnerabilities persist. These vulnerabilities pose significant threats to user privacy, including the risk of side-channel attacks targeting low-permission sensors. Additionally, the introduction of new permissions, such as the App Tracking Transparency framework in iOS, seeks to enhance user transparency and control over data sharing practices. However, these framework designs are accompanied by ambiguous developer guidelines, rendering them susceptible to deceptive patterns. These patterns can influence user perceptions and decisions, undermining the intended purpose of these permissions. Moreover, the emergence of new mobile technologies, e.g., mixed-reality devices, presents novel challenges in ensuring secure data sharing among multiple users in collaborative environments, while preserving usability.</p><p dir="ltr">In this dissertation, I focus on developing user-centered methods for enhancing the security and privacy of mobile system, navigating through the complexities of unsolicited data access strategies and exploring innovative approaches to secure device authentication and data sharing methodologies.</p><p dir="ltr">To achieve this, first, I introduce my work on the iStelan system, a three-stage side-channel attack. This method exploits the low-permission magnetometer sensor in smartphones to infer user sensitive touch data and application usage patterns. Through an extensive user study, I demonstrate the resilience of iStelan across different scenarios, surpassing the constraints and limitations of prior research efforts.</p><p dir="ltr">Second, I present my analysis and study on the App Tracking Transparency permission in iOS. Specifically, my work focuses on analyzing and detecting the dark patterns employed by app developers in the permission alerts to obtain user consent. I demonstrate my findings on the dark patterns observed in permission alerts on a large-scale of apps collected from Apple’s store, using both static and dynamic analysis methods. Additionally, I discuss the application of a between-subject user study to evaluate users’ perceptions and understanding when exposed to different alert patterns.</p><p dir="ltr">Lastly, I introduce StareToPair, a group pairing system that leverages multi-modal sensing technologies in mixed-reality devices to enable secure data sharing in collaborative settings. StareToPair employs a sophisticated threat model capable of addressing various real-world scenarios, all while ensuring high levels of scalability and usability.</p><p dir="ltr">Through rigorous investigation, theoretical analysis and user studies, my research endeavors enhance the field of security and privacy for mobile systems. The insights gained from these studies offer valuable guidance for future developments in mobile systems, ultimately contributing to the design of user-centered secure and privacy-aware mobile ecosystems.</p>

Data security and protection

System and network security

Mobile computing

Mobile Security & Privacy

Usable Security

Towards Resilient and Secure Beyond-5G Non-Terrestrial Networks (B5G-NTNs): An End-to-End Cloud-Native Framework

Tsegaye, Henok Berhanu

13 November 2024

Integrating Terrestrial and Non-Terrestrial Networks (NTNs) within Beyond-5G (B5G) and future 6G ecosystems represents a transformative advancement in achieving ubiquitous, resilient, and scalable communication services. NTNs, including Low Earth Orbit (LEO) satellites, Unmanned Aerial Vehicles (UAVs), and High Altitude Platform Systems (HAPS), extend traditional terrestrial networks by providing continuous connectivity in remote, underserved, and connection-critical scenarios such as disaster-hit regions and rural areas. This thesis deals with an end-to-end cloud-native framework that leverages cutting-edge technologies, including Multi-Access Edge Computing (MEC), Software Defined Networking (SDN), Network Function Virtualization (NFV), blockchain, and advanced AI/ML models, to enhance service availability, security, and Quality of Service (QoS) in 3D NTN environments. The research first explores the deployment of disaggregated Next-Generation Radio Access Networks (NGRANs) across terrestrial and non-terrestrial domains using a Kubernetes-based architecture. A Graph Neural Network (GNN) model is developed to monitor and manage these networks, detecting link failures and optimizing traffic routing paths between terrestrial and satellite components. The GNN model achieves an 85% accuracy in link failure detection and significantly reduces end-to-end delays in NTN deployments, highlighting the potential of AI-driven network management in enhancing overall network resilience. To address the challenge of dynamic resource management in NTNs, this thesis investigates the implementation of functional splits, such as F1 and E1 interfaces, between terrestrial control units (gNB-CU) and satellite-based distributed units (gNB-DU). The study employs Long Short-Term Memory (LSTM) neural networks to predict resource utilization, specifically CPU, memory, and bandwidth of satellite payloads. These predictive models enable proactive monitoring and resource allocation decisions, ensuring efficient use of limited computational resources and maintaining high levels of network performance. Security remains a critical concern in NTNs due to decentralized and open 5G satellite communications. A blockchain-based authentication framework is proposed to mitigate these risks, enhancing the security of data exchanges and remote firmware updates in LEO satellite constellations. Blockchain technology provides a decentralized, transparent, and immutable security framework, improving authentication efficiency and protecting against unauthorized access, though with trade-offs in network performance, such as increased latency and reduced throughput. This approach makes the hybrid B5G NTN network secure, reinforcing the integrity and confidentiality of communication channels, which is essential for emerging services and applications. Furthermore, this thesis comprehensively evaluates MEC-based experimental testbeds that demonstrate service resiliency in NTNs during terrestrial network outages. The MEC deployments allow seamless transitions to satellite access networks, ensuring service continuity and improving QoS. These testbeds showcase the capability of cloud native technologies in maintaining service availability, highlighting their critical role in resilient NTN networks. The findings of this thesis demonstrate that integrating cloud-native architectures, blockchain-based security mechanisms, and advanced AI/ML models significantly enhances the resilience, security, and resource efficiency of NTNs. These innovations pave the way for robust, adaptive, and secure communication systems, supporting the seamless deployment of critical B5G and 6G applications across diverse and challenging environments. This research provides valuable insights into designing and implementing resilient NTNs, setting the foundation for future advancements in global connectivity and intelligent network management.

Heterogeneous Networks: from integration to mobility

Qachri, Naïm

16 September 2015

Français:La notion de réseaux hétérogènes correspond à l’intégration de plusieurs technologies de transmission de données sans-fil dans le but d’accroitre la qualité de service des communications dans les réseaux mobiles.Historiquement, les mécanismes de sécurité des réseaux mobiles et sans-fil ont été largement focalisés sur la protection d’équipement utilisateur au niveau du dernier saut de communication et sur base d’une connectivité simple et unique. Cette connectivité, réduite à sa plus simple expression, a restraint le développement des protocoles de sécurité à des protocoles bi-parties, qui couvrent l’authentification des équipements utilisateurs et le chiffrement sur des communicationsLes mécanismes de sécurité et de cryptographie ne sont donc pas suffisants pour protéger correctement et efficacement des connections parallèles ou leur mobilité au sein de réseaux hétérogènes. Le but de cette thèse de doctorat, à travers quatre contributions personnelles, est d’apporter de nouveaux mécanismes et protocoles de sécurité afin de protéger au mieux les réseaux hétérogènes:• La première contribution se focalise sur le développement d’une nouvelle primitive cryptographique pour la protection des transmissions sans-fil. La propriété principale de celle-ci est de protéger les trames en cas de capture. Cette primitive introduit, notamment, la notion de force brute probabiliste (ce qui veut dire qu’un attaquant ne peut pas choisir parmi différentes clés équiprobables laquelle est effectivement utilisée).• La seconde contribution propose un nouveau protocole pour gérer d’une manière sure et efficace la mobilité des équipements utilisateurs entre différentes technologies au sein de réseaux hétérogènes.• La troisième contribution couvre la gestion des clés maîtres des utilisateurs, embarqués au sein des cartes SIM, utilisées au sein des réseaux d’opérateurs mobiles. Nos protocoles et mécanismes automa- tisent des changements réguliers et sûrs de la clé maître, et ajoutent de la diversité dans la gestion des clés de sessions pour minimiser l’impact en cas de révélation de ces dernières (par le biais d’un vol de base de donnée, par exemple)• La quatrième contribution introduit un nouveau paradigme de connectivité pour les réseaux mo- biles basé sur des communications 1−à−n. Le paradigme redéfinit les frontières de sécurité et place l’équipement utilisateur au centre d’un groupe authentifié mobile. Par conséquent, le changement de paradigme mène à la création de nouveaux protocoles pour l’authentification, la gestion de la mo- bilité et la négociation protégées de clés afin de fournir une protection de bout en bout entre deux équipements utilisateurs ou plus. / English:Heterogeneous Networks (HetNets) is the integration of multiple wireless technologies to increase the quality of service of the communications in mobile networks. This evolution is the next generation of Public Land Mobile Networks (PLMNs).Mobile and wireless network security mechanisms have largely focused on the protection of the User Equipment (UE) within the last mile (the last hop of the communication in the chain of connected devices) and on single connections. The single connectivity has reduced the development of the security to two party protocols, and they cover the authentication of the UE to the mobile network and the encryption on a single channel based on homogeneous communications through a unique technology.The current security and cryptographic mechanisms are not sufficient to protect correctly, and efficiently, parallel connections or their mobility in HetNets. The purpose of the PhD Thesis is to bring new security protocols and mechanisms to protect HetNets.The contributions, that are brought by the thesis, follow the evolution of HetNets through 4 contributions by starting from the wireless transmissions to the largest frame of HetNets architecture:• The first contribution focuses on the development of an new cryptographic primitives for wireless transmissions. The main property is to protect the frame from eavesdropping. The primitive introduces the notion of probabilistic brute force (meaning that an attacker cannot decide among different keys which the used one).• The second contribution proposes a new protocol to manage efficiently and securely the mobility of the UEs between different technologies inside HetNets.• The third contribution covers the management of the master secrets, embedded within the Universal Subscriber Identity Module (USIM), in large PLMNs. Our mechanisms and protocols automate regular and secure changes of the master secret, and they add diversity in the management of session keys to minimize the impact of key leakages (in case of credential database theft, for instance).• The fourth contribution introduces a new connectivity paradigm for mobile networks based on one-to- many communications. The paradigm redesigns the security borders and puts the UE in the center of a mobile authenticated group. Therefore, the paradigm shift leads to new security protocols for authentication, mobility management, and secure negotiation to provide end-to-end encryption between two or more UEs. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished

Sciences exactes et naturelles

Technologie de la sécurité

Informatique générale

sécurité informatique

réseaux hétérogénes

sécurité

mobile network security

wireless network security

computer security

security architecture

protocols

cryptography

protocoles

cryptographie

heterogeneous networks

HetNets

A framework for higher academic institutions in the republic of South Africa to mitigate network security threats and attacks.

Mohapi, Matrinta Josephine

06 1900

M. Tech. (Department of Information and Communication Technology, Faculty of Applied and Computer Sciences), Vaal University of Technology. / The computer networks of higher academic institutions play a significant role in the academic lives of students and staff in terms of offering them an environment for teaching and learning. These institutions have introduced several educational benefits such as the use of digital libraries, cluster computing, and support for distance learning. As a result, the use of networking technologies has improved the ability of students to acquire knowledge, thereby providing a supportive environment for teaching and learning. However, academic networks are constantly being attacked by viruses, worms, and the intent of malicious users to compromise perceived secured systems. Network security threats and cyber-attacks are significant challenges faced by higher academic institutions that may cause a negative impact on systems and Information and Communications Technology (ICT) resources. For example, the infiltration of viruses and worms into academic networks can destroy or corrupt data and by causing excessive network traffic, massive delays may be experienced. This weakens the ability of the institution to function properly, and results in prolonged downtime and the unavailability of Information Technology (IT) services. This research determines challenges faced by higher academic institutions, identifies the type of security measures used at higher academic institutions, and how network security could be addressed and improved to protect against network security threats and attacks. Two research approaches were adopted, namely a survey and an experiment. Survey questionnaires were distributed to IT technical staff at higher academic institutions in Gauteng province to determine the challenges they face in terms of securing their networks. It is crucial that network security takes on a prominent role when managing higher academic institutions‘ networks. The results of the study reveal several challenges such as budget constraints, inadequate security measures, lack of enforcing network security policies, and lack of penetration testing on systems and the network. The results also reveal that the implementation of security measures can and does address network security threats and attacks. It is therefore extremely important for higher academic institutions to implement proper security measures to help mitigate network security threats and attacks. The framework proposed is based on the results from the research study to help mitigate network security threats and attacks at higher academic institutions.

Academic networks

Cyber-attacks

Higher academic institutions

Network

Network security attacks

Network security threats

Vulnerabilities

Dissertations, Academic -- South Africa

Computer networks -- Security measures

Computer security

Cyberspace -- Security measures

Computer crimes -- Prevention

Advancing DDoS Detection in 5GNetworks Through Machine Learningand Deep Learning Techniques

Bomidika, Sai Teja Reddy

January 2024

This thesis explores the development and validation of advanced Machine Learning (ML) and Deep Learning (DL) algorithms for detecting Distributed Denial of Service (DDoS) attacks within 5th Generation (5G) telecommunications networks. As 5G technologies expand, the vulnerability of these networks to cyber threats that compromise service integrity increases, necessitating robust detection mechanisms. The primary aim of this research is to develop and validate ML and DL algorithms that effectively detect DDoS attacks within 5G telecommunications networks. These algorithms will leverage real-time data processing to enhance network security protocols and improve resilience against cyber threats. A robust simulated environment using free 5GC and UERANSIM was established to mimic the complex dynamics of 5G networks. This facilitated the controlled testing of various ML and DL models under both normal and attack conditions. The models developed and tested include Bidirectional Encoder Representations from Transformer (BERT), Bidirectional Long Short-Term Memory (BiLSTM), Multilayer Perceptron (MLP), a Custom Convolutional Neural Network (CNN), Random Forest, Support Vector Machine (SVM), and XGBoost. The ensemble model combining Random Forest and XGBoost showed superior performance, making it suitable for the dynamic 5G environment. However, the study also highlights the complications of ensemble models, such as increased computational complexity and resource demands, which may limit their practicality in resource-constrained settings. This thesis addresses a critical research gap by evaluating modern DL techniques, traditional ML models, and ensemble methods within a simulated 5G environment. This comparative analysis helps identify the most effective approach for real-time DDoS detection, balancing accuracy, complexity, and resource efficiency. The findings indicate that the tailored ML, DL and Ensemble models developed are highly effective in detecting DDoS attacks, demonstrating high accuracy and efficiency in real-time threat detection. This highlights the potential for these models to be adapted for real-world applications in modern telecommunications infrastructures. In conclusion, this thesis contributes substantially to the field of cybersecurity in 5G networks by demonstrating that ML and DL models, developed and tested in a sophisticated simulated environment, can significantly enhance network security protocols. These models offer promising approaches to securing emerging telecommunications infrastructures against continuously evolving cyber threats, thus supporting the stability and reliability of 5G networks globally.

5G Telecommunications Networks

DDoS detection

machine learning

deep learning

network security

Simulation-based Analysis

Network Security

Ensemble mechanism

Recurrent Neural Network (RNN)

BERT

BiLSTM

Attack Detection Performance.

Telecommunications

Telekommunikation

A comprehensive approach to enterprise network security management

Homer, John

January 1900

Doctor of Philosophy / Department of Computing and Information Sciences / Xinming (Simon) Ou / Enterprise network security management is a vitally important task, more so now than ever before. Networks grow ever larger and more complex, and corporations, universities, government agencies, etc. rely heavily on the availability of these networks. Security in enterprise networks is constantly threatened by thousands of known software vulnerabilities, with thousands more discovered annually in a wide variety of applications. An overwhelming amount of data is relevant to the ongoing protection of an enterprise network. Previous works have addressed the identification of vulnerabilities in a given network and the aggregated collection of these vulnerabilities in an attack graph, clearly showing how an attacker might gain access to or control over network resources. These works, however, do little to address how to evaluate or properly utilize this information. I have developed a comprehensive approach to enterprise network security management. Compared with previous methods, my approach realizes these issues as a uniform desire for provable mitigation of risk within an enterprise network. Attack graph simplification is used to improve user comprehension of the graph data and to enable more efficient use of the data in risk assessment. A sound and effective quantification of risk within the network produces values that can form a basis for valuation policies necessary for the application of a SAT solving technique. SAT solving resolves policy conflicts and produces an optimal reconfiguration, based on the provided values, which can be verified by a knowledgeable human user for accuracy and applicability within the context of the enterprise network. Empirical study shows the effectiveness and efficiency of these approaches, and also indicates promising directions for improvements to be explored in future works. Overall, this research comprises an important step toward a more automated security management initiative.

Enterprise network security analysis

Risk assessment

Attack Graph

Security metric

Computer Science (0984)

A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment

Pagna Disso, Jules Ferdinand

January 2010

Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes.

004