SurvSec Security Architecture for Reliable Surveillance WSN Recovery from Base Station Failure

Megahed, Mohamed Helmy Mostafa

January 2014

Surveillance wireless sensor networks (WSNs) are highly vulnerable to the failure of the base station (BS) because attackers can easily render the network useless for relatively long periods of time by only destroying the BS. The time and effort needed to destroy the BS is much less than that needed to destroy the numerous sensing nodes. Previous works have tackled BS failure by deploying a mobile BS or by using multiple BSs, which requires extra cost. Moreover, despite using the best electronic countermeasures, intrusion tolerance systems and anti-traffic analysis strategies to protect the BSs, an adversary can still destroy them. The new BS cannot trust the deployed sensor nodes. Also, previous works lack both the procedures to ensure network reliability and security during BS failure such as storing then sending reports concerning security threats against nodes to the new BS and the procedures to verify the trustworthiness of the deployed sensing nodes. Otherwise, a new WSN must be re-deployed which involves a high cost and requires time for the deployment and setup of the new WSN. In this thesis, we address the problem of reliable recovery from a BS failure by proposing a new security architecture called Surveillance Security (SurvSec). SurvSec continuously monitors the network for security threats and stores data related to node security, detects and authenticates the new BS, and recovers the stored data at the new BS. SurvSec includes encryption for security-related information using an efficient dynamic secret sharing algorithm, where previous work has high computations for dynamic secret sharing. SurvSec includes compromised nodes detection protocol against collaborative work of attackers working at the same time where previous works have been inefficient against collaborative work of attackers working at the same time. SurvSec includes a key management scheme for homogenous WSN, where previous works assume heterogeneous WSN using High-end Sensor Nodes (HSN) which are the best target for the attackers. SurvSec includes efficient encryption architecture against quantum computers with a low time delay for encryption and decryption, where previous works have had high time delay to encrypt and decrypt large data size, where AES-256 has 14 rounds and high delay. SurvSec consists of five components, which are: 1. A Hierarchical Data Storage and Data Recovery System. 2. Security for the Stored Data using a new dynamic secret sharing algorithm. 3. A Compromised-Nodes Detection Algorithm at the first stage. 4. A Hybrid and Dynamic Key Management scheme for homogenous network. 5. Powerful Encryption Architecture for post-quantum computers with low time delay. In this thesis, we introduce six new contributions which are the followings: 1. The development of the new security architecture called Surveillance Security (SurvSec) based on distributed Security Managers (SMs) to enable distributed network security and distributed secure storage. 2. The design of a new dynamic secret sharing algorithm to secure the stored data by using distributed users tables. 3. A new algorithm to detect compromised nodes at the first stage, when a group of attackers capture many legitimate nodes after the base station destruction. This algorithm is designed to be resistant against a group of attackers working at the same time to compromise many legitimate nodes during the base station failure. 4. A hybrid and dynamic key management scheme for homogenous network which is called certificates shared verification key management. 5. A new encryption architecture which is called the spread spectrum encryption architecture SSEA to resist quantum-computers attacks. 6. Hardware implementation of reliable network recovery from BS failure. The description of the new security architecture SurvSec components is done followed by a simulation and analytical study of the proposed solutions to show its performance.

Surveillance Wireless Sensor Network

Security manager (SM)

Backup security manager (BKSM)

Network trustworthiness

Efficient dynamic secret sharing

Distributed users tables (DUT)

Node compromise attack

Hybrid key management

Dynamic key management

Homogenous network

High end Sensor Nodes (HSNs)

Network scalability

Network connectivity

Unpredictability principal

PRNG

Resistant to quantum computer

Sistemas de arquivos paralelos: alternativas para a redução do gargalo no acesso ao sistema de arquivos / Parallel File Systems: alternatives to reduce the bottleneck in accessing the file system

Carvalho, Roberto Pires de

23 September 2005

Nos últimos anos, a evolução dos processadores e redes para computadores de baixo custo foi muito maior se comparada com o aumento do desempenho dos discos de armazenamento de dados. Com isso, muitas aplicações estão encontrando dificuldades em atingir o pleno uso dos processadores, pois estes têm de esperar até que os dados cheguem para serem utilizados. Uma forma popular para resolver esse tipo de empecílio é a adoção de sistemas de arquivos paralelos, que utilizam a velocidade da rede local, além dos recursos de cada máquina, para suprir a deficiência de desempenho no uso isolado de cada disco. Neste estudo, analisamos alguns sistemas de arquivos paralelos e distribuídos, detalhando aqueles mais interessantes e importantes. Por fim, mostramos que o uso de um sistema de arquivos paralelo pode ser mais eficiente e vantajoso que o uso de um sistema de arquivos usual, para apenas um cliente. / In the last years, the evolution of the data processing power and network transmission for low cost computers was much bigger if compared to the increase of the speed of getting the data stored in disks. Therefore, many applications are finding difficulties in reaching the full use of the processors, because they have to wait until the data arrive before using. A popular way to solve this problem is to use a parallel file system, which uses the local network speed to avoid the performance bottleneck found in an isolated disk. In this study, we analyze some parallel and distributed file systems, detailing the most interesting and important ones. Finally, we show the use of a parallel file system can be more efficient than the use of a usual local file system, for just one client.

acesso concorrente

afs

afs

availability

bridge

bridge

ceft-pvfs

ceft-pvfs

coda

coda

computação distribuída

computação paralela

concurrent access

disco magnético

disco rígido

disponibilidade

distributed computing

distributed file system

escalabilidade

fail over

file replication

file service

file system

file system bottleneck

gargalo no sistema de arquivos

gfs

gfs

hard disk

ide

ide

latência

latency

magnetic disk

nfs

nfs

nfsp

nfsp

parallel computing

parallel file system

pio

pio

pvfs

pvfs

pvfs2

pvfs2

replicação de arquivos

sad

scalability

scsi

scsi

security

segurança

serviço de arquivos

sistema de arquivos

sistema de arquivos distribuídos

sistema de arquivos paralelos

sprite

sprite

sva

sva

tolerância a falhas

Sistemas de arquivos paralelos: alternativas para a redução do gargalo no acesso ao sistema de arquivos / Parallel File Systems: alternatives to reduce the bottleneck in accessing the file system

Roberto Pires de Carvalho

23 September 2005

Nos últimos anos, a evolução dos processadores e redes para computadores de baixo custo foi muito maior se comparada com o aumento do desempenho dos discos de armazenamento de dados. Com isso, muitas aplicações estão encontrando dificuldades em atingir o pleno uso dos processadores, pois estes têm de esperar até que os dados cheguem para serem utilizados. Uma forma popular para resolver esse tipo de empecílio é a adoção de sistemas de arquivos paralelos, que utilizam a velocidade da rede local, além dos recursos de cada máquina, para suprir a deficiência de desempenho no uso isolado de cada disco. Neste estudo, analisamos alguns sistemas de arquivos paralelos e distribuídos, detalhando aqueles mais interessantes e importantes. Por fim, mostramos que o uso de um sistema de arquivos paralelo pode ser mais eficiente e vantajoso que o uso de um sistema de arquivos usual, para apenas um cliente. / In the last years, the evolution of the data processing power and network transmission for low cost computers was much bigger if compared to the increase of the speed of getting the data stored in disks. Therefore, many applications are finding difficulties in reaching the full use of the processors, because they have to wait until the data arrive before using. A popular way to solve this problem is to use a parallel file system, which uses the local network speed to avoid the performance bottleneck found in an isolated disk. In this study, we analyze some parallel and distributed file systems, detailing the most interesting and important ones. Finally, we show the use of a parallel file system can be more efficient than the use of a usual local file system, for just one client.

acesso concorrente

afs

bridge

ceft-pvfs

coda

computação distribuída

computação paralela

disco magnético

disco rígido

disponibilidade

escalabilidade

gargalo no sistema de arquivos

gfs

ide

latência

nfs

nfsp

pio

pvfs

pvfs2

replicação de arquivos

sad

scsi

segurança

serviço de arquivos

sistema de arquivos

sistema de arquivos distribuídos

sistema de arquivos paralelos

sprite

sva

tolerância a falhas

afs

availability

bridge

ceft-pvfs

coda

concurrent access

distributed computing

distributed file system

fail over

file replication

file service

file system

file system bottleneck

gfs

hard disk

ide

latency

magnetic disk

nfs

nfsp

parallel computing

parallel file system

pio

pvfs

pvfs2

scalability

scsi

security

sprite

sva

GIS-based Episode Reconstruction Using GPS Data for Activity Analysis and Route Choice Modeling / GIS-based Episode Reconstruction Using GPS Data

Dalumpines, Ron

26 September 2014

Most transportation problems arise from individual travel decisions. In response, transportation researchers had been studying individual travel behavior – a growing trend that requires activity data at individual level. Global positioning systems (GPS) and geographical information systems (GIS) have been used to capture and process individual activity data, from determining activity locations to mapping routes to these locations. Potential applications of GPS data seem limitless but our tools and methods to make these data usable lags behind. In response to this need, this dissertation presents a GIS-based toolkit to automatically extract activity episodes from GPS data and derive information related to these episodes from additional data (e.g., road network, land use). The major emphasis of this dissertation is the development of a toolkit for extracting information associated with movements of individuals from GPS data. To be effective, the toolkit has been developed around three design principles: transferability, modularity, and scalability. Two substantive chapters focus on selected components of the toolkit (map-matching, mode detection); another for the entire toolkit. Final substantive chapter demonstrates the toolkit’s potential by comparing route choice models of work and shop trips using inputs generated by the toolkit. There are several tools and methods that capitalize on GPS data, developed within different problem domains. This dissertation contributes to that repository of tools and methods by presenting a suite of tools that can extract all possible information that can be derived from GPS data. Unlike existing tools cited in the transportation literature, the toolkit has been designed to be complete (covers preprocessing up to extracting route attributes), and can work with GPS data alone or in combination with additional data. Moreover, this dissertation contributes to our understanding of route choice decisions for work and shop trips by looking into the combined effects of route attributes and individual characteristics. / Dissertation / Doctor of Philosophy (PhD)

GPS

time use diary

episode extraction

multinomial logit

travel behavior

mode detection

episode reconstruction

GIS

map-matching

route choice

path size logit

potential path area

scale estimation

Python

ArcGIS

activity analysis

trip reconstruction

smartphone

global positioning system

geographic information system

toolkit

work trip

shop trip

potential activity location

land use

activity episode

travel episode

stop episode

transferability

scalability

modularity

scripting

big data

travel survey

respondent burden

preprocessing

multipath error

tracking

purpose detection

segmentation

data filter

data smoothing

fuzzy logic

neural network

decision tree

rule-based algorithm

trajectory

point

road network

network dataset

gateway

shortest path

horizontal dilution of precision

HDOP

commonality factor

mode transfer point

Halifax

Nova Scotia

Space-Time Activity Research

variance inflation factor

shapefile

comma-separated values

traveling salesman problem

data mining

branch-and-bound algorithm

pedestrian network

alternative route

observed route

route efficiency

route attributes

distance

time

heading

bearing

duration

acceleration

latitude

longitude

coordinate

overlay analysis

intersect

shopping

module

data logger

walk

likelihood ratio test

classification table

path generation

kappa statistic

degrees

data collection

transportation research

automate

framework

ArcToolbox

spatio-temporal

navigation

positioning

trace path

spatial data

topology

horizontal accuracy

SPSS

Stata

spatial resolution

temporal resolution

household survey

trip reporting

proximity analysis

DMTI

Desktop Mapping Technologies Inc.

road intersection

route overlap

left turn

right turn

location analysis

time geography

spatial statistics

buffer analysis

cycling

bus transit

public transportation

GEOIDE

AGILE

data need

raw data

urban canyon

endpoint

data cleaning

elevation

satellite

outliers

automatic processing

nearest node

classifier

classification method

short trip

multi-point

Streamlining Certification Management with Automation and Certification Retrieval : System development using ABP Framework, Angular, and MongoDB / Effektivisering av certifikathantering med automatisering och certifikathämtning : Systemutveckling med ABP Framework, Angular och MongoDB

Hassan, Nour Al Dine

January 2024

This thesis examines the certification management challenge faced by Integrity360. The decentralized approach, characterized by manual processes and disparate data sources, leads to inefficient tracking of certification status and study progress. The main objective of this project was to construct a system that automates data retrieval, ensures a complete audit, and increases security and privacy.  Leveraging the ASP.NET Boilerplate (ABP) framework, Angular, and MongoDB, an efficient and scalable system was designed, developed, and built based on DDD (domain-driven design) principles for a modular and maintainable architecture. The implemented system automates data retrieval from the Credly API, tracks exam information, manages exam vouchers, and implements a credible authentication system with role-based access control.  With the time limitations behind the full-scale implementation of all the planned features, such as a dashboard with aggregated charts and automatic report generation, the platform significantly increases the efficiency and precision of employee certification management. Future work will include these advanced functionalities and integrations with external platforms to improve the system and increase its impact on operations in Integrity360.

Certification Management

Automation

Certification Retrieval

ABP Framework

Angular

MongoDB

Credly API

Exam Information

Exam Vouchers

Authentication

Role-Based Access Control

Data Retrieval

Audit

Security

Privacy

Efficiency

Accuracy

Scalability

Maintainability

Domain-Driven Design

Software Development

User Interface

Data Encryption

HTTPS

Input Validation

Identity Management

Audit Logging

Cybersecurity

Education

Training

Employee Certification

Study Progress

Centralized Platform

Data Integration

Consolidated View

Graphs

Bar Charts

Manual Data Entry

Information Silos

Decision Making

Compliance

Industry Standards

Partner Levels

Financial Penalties

Reputation Damage

Business Opportunities

NoSQL Database

Unstructured Data

Semi-structured Data

Software Architecture

Layered Architecture

Presentation Layer

Application Layer

Domain Layer

Entities

Value Objects

Aggregates

Repositories

Domain Services

Data Transfer Objects (DTOs)

Business Logic

Domain Semantics

Modern Web Applications

User Authentication

Authorization

Audit Logging

Dynamic Web Applications

Component-Based

TypeScript

Type Safety

Code Quality

Maintainability

Active Community

Charts

Graphs

Secure Submission

LeptonX Lite

Responsive Design

Navigation Sidebar

Menu Bar

Tabs

Table

Attributes

Properties

Buttons

Modal Dialogs

Profile Settings

System Admin Panel

Account Management

Permissions

System Settings

Certifikathantering

Automatisering

Certifikathämtning

ABP Framework

Angular

MongoDB

Credly API

Examinformation

Examenvouchers

Autentisering

Rollbaserad åtkomstkontroll

Datahämtning

Granskning

Säkerhet

Integritet

Effektivitet

Noggrannhet

Skalbarhet

Underhållbarhet

Domändriven design

Programvaruutveckling

Användargränssnitt

Datakryptering

HTTPS

Indata validering

Identitetshantering

Granskningsloggning

Cybersäkerhet

Utbildning

Träning

Medarbetarcertifiering

Studie Framsteg

Centraliserad plattform

Dataintegration

Konsoliderad vy

Grafer

Stapeldiagram

Manuell datainmatning

Informationssilos

Beslutsfattande

Efterlevnad

Branschstandarder

Partnernivåer

Ekonomiska påföljder

Ryktesskada

Affärsmöjligheter

NoSQL-databas

Ostrukturerad data

Semistrukturerad data

Programvaruarkitektur

Skiktad arkitektur

Presentationslager

Applikationslager

Domänlager

Entiteter

Värdeobjekt

Aggregat

Repositories

Domäntjänster

Dataöverföringsobjekt (DTO)

Affärslogik

Domänsemantik

Moderna webbapplikationer

Användarautentisering

Auktorisering

Granskningsloggning

Dynamiska webbapplikationer

Komponentbaserad

TypeScript

Typsäkerhet

Kodkvalitet

Underhållbarhet

Aktiv gemenskap

Diagram

Grafer

Säker inlämning

LeptonX Lite

Responsiv design

Navigering Sidofält

Menyrad

Flikar

Tabell

Attribut

Egenskaper

Knappar

Modala dialogrutor

Profilinställningar

Systemadministratörspanel

Kontohantering

Behörigheter

Systeminställningar

Software Engineering

Programvaruteknik