Global ETD Search

21	Countering the collusion attack with a multidimensional decentralized trust and reputation model in disconnected MANETs Qureshi, Basit I., Min, Geyong, Kouvatsos, Demetres D. January 2013 (has links) No / The FIRE trust and reputation model is a de-centralized trust model that can be applied for trust management in unstructured Peer-to-Peer (P2P) overlays. The FIRE model does not, however, consider malicious activity and possible collusive behavior in nodes of network and it is therefore susceptible to collusion attacks. This investigation reveals that FIRE is vulnerable to lying and cheating attacks and presents a trust management approach to detect collusion in direct and witness interactions among nodes based on colluding node's history of interactions. A witness ratings based graph building approach is utilized to determine possibly collusive behavior among nodes. Furthermore, various interaction policies are defined to detect and prevent collaborative behavior in colluding nodes. Finally a multidimensional trust model FIRE+ is devised for avoiding collusion attacks in direct and witness based interactions. The credibility of the proposed trust management scheme as an enhancement of the FIRE trust model is verified by extensive simulation experiments.
22	Recommendation based trust model with an effective defence scheme for MANETs Shabut, Antesar R.M., Dahal, Keshav P., Bista, Sanat K., Awan, Irfan U. January 2015 (has links) Yes / The reliability of delivering packets through multi-hop intermediate nodes is a significant issue in the mobile ad hoc networks (MANETs). The distributed mobile nodes establish connections to form the MANET, which may include selfish and misbehaving nodes. Recommendation based trust management has been proposed in the literature as a mechanism to filter out the misbehaving nodes while searching for a packet delivery route. However, building a trust model that relies on the recommendations from other nodes in the network is vulnerable to the possible dishonest behaviour, such as bad-mouthing, ballot-stuffing, and collusion, of the recommending nodes. . This paper investigates the problems of attacks posed by misbehaving nodes while propagating recommendations in the existing trust models. We propose a recommendation based trust model with a defence scheme that utilises clustering technique to dynamically filter attacks related to dishonest recommendations within certain time based on number of interactions, compatibility of information and node closeness. The model is empirically tested in several mobile and disconnected topologies in which nodes experience changes in their neighbourhoods and consequently face frequent route changes. The empirical analysis demonstrates robustness and accuracy of the trust model in a dynamic MANET environment.
23	Trust-based Service Management of Internet of Things Systems and Its Applications Guo, Jia 18 April 2018 (has links) A future Internet of Things (IoT) system will consist of a huge quantity of heterogeneous IoT devices, each capable of providing services upon request. It is of utmost importance for an IoT device to know if another IoT service is trustworthy when requesting it to provide a service. In this dissertation research, we develop trust-based service management techniques applicable to distributed, centralized, and hybrid IoT environments. For distributed IoT systems, we develop a trust protocol called Adaptive IoT Trust. The novelty lies in the use of distributed collaborating filtering to select trust feedback from owners of IoT nodes sharing similar social interests. We develop a novel adaptive filtering technique to adjust trust protocol parameters dynamically to minimize trust estimation bias and maximize application performance. Our adaptive IoT trust protocol is scalable to large IoT systems in terms of storage and computational costs. We perform a comparative analysis of our adaptive IoT trust protocol against contemporary IoT trust protocols to demonstrate the effectiveness of our adaptive IoT trust protocol. For centralized or hybrid cloud-based IoT systems, we propose the notion of Trust as a Service (TaaS), allowing an IoT device to query the service trustworthiness of another IoT device and also report its service experiences to the cloud. TaaS preserves the notion that trust is subjective despite the fact that trust computation is performed by the cloud. We use social similarity for filtering recommendations and dynamic weighted sum to combine self-observations and recommendations to minimize trust bias and convergence time against opportunistic service and false recommendation attacks. For large-scale IoT cloud systems, we develop a scalable trust management protocol called IoT-TaaS to realize TaaS. For hybrid IoT systems, we develop a new 3-layer hierarchical cloud structure for integrated mobility, service, and trust management. This architecture supports scalability, reconfigurability, fault tolerance, and resiliency against cloud node failure and network disconnection. We develop a trust protocol called IoT-HiTrust leveraging this 3-layer hierarchical structure to realize TaaS. We validate our trust-based IoT service management techniques developed with real-world IoT applications, including smart city air pollution detection, augmented map travel assistance, and travel planning, and demonstrate that our trust-based IoT service management techniques outperform contemporary non-trusted and trust-based IoT service management solutions. / Ph. D. Trust management Internet of Things (IoT) systems mobile cloud computing service management security scalability performance analysis
24	Software Defined Secure Ad Hoc Wireless Networks Alqallaf, Maha 24 May 2016 (has links) No description available. Computer Engineering Computer Science MANET Security Challenges Trust Management Challenges SDN OpenFlow SDN Security Issues and Mechanisms Trust Management SDNMANET Architecture
25	Trust management for P2P application in delay tolerant mobile ad-hoc networks : an investigation into the development of a trust management framework for peer to peer file sharing applications in delay tolerant disconnected mobile ad-hoc networks Qureshi, Basit I. January 2011 (has links) Security is essential to communication between entities in the internet. Delay tolerant and disconnected Mobile Ad Hoc Networks (MANET) are a class of networks characterized by high end-to-end path latency and frequent end-to-end disconnections and are often termed as challenged networks. In these networks nodes are sparsely populated and without the existence of a central server, acquiring global information is difficult and impractical if not impossible and therefore traditional security schemes proposed for MANETs cannot be applied. This thesis reports trust management schemes for peer to peer (P2P) application in delay tolerant disconnected MANETs. Properties of a profile based file sharing application are analyzed and a framework for structured P2P overlay over delay tolerant disconnected MANETs is proposed. The framework is implemented and tested on J2ME based smart phones using Bluetooth communication protocol. A light weight Content Driven Data Propagation Protocol (CDDPP) for content based data delivery in MANETs is presented. The CDDPP implements a user profile based content driven P2P file sharing application in disconnected MANETs. The CDDPP protocol is further enhanced by proposing an adaptive opportunistic multihop content based routing protocol (ORP). ORP protocol considers the store-carry-forward paradigm for multi-hop packet delivery in delay tolerant MANETs and allows multi-casting to selected number of nodes. Performance of ORP is compared with a similar autonomous gossiping (A/G) protocol using simulations. This work also presents a framework for trust management based on dynamicity aware graph re-labelling system (DA-GRS) for trust management in mobile P2P applications. The DA-GRS uses a distributed algorithm to identify trustworthy nodes and generate trustable groups while isolating misleading or untrustworthy nodes. Several simulations in various environment settings show the effectiveness of the proposed framework in creating trust based communities. This work also extends the FIRE distributed trust model for MANET applications by incorporating witness based interactions for acquiring trust ratings. A witness graph building mechanism in FIRE+ is provided with several trust building policies to identify malicious nodes and detect collusive behaviour in nodes. This technique not only allows trust computation based on witness trust ratings but also provides protection against a collusion attack. Finally, M-trust, a light weight trust management scheme based on FIRE+ trust model is presented. 621.382
26	A privacy-preserving reputation scheme for trust management on VANETs applications / Um esquema de reputação preservando a privacidade para o gerenciamento de confiança em aplicações VANETs Jaimes, Luz Marina Santos 10 August 2017 (has links) Vehicles will use pseudonyms instead of relying on long-term certificates to provide security and privacy. Pseudonyms are short-term public key certificates that do not contain identity-linking information about the vehicle. However, there is a constant risk that authorised vehicles may send fake messages or behave selfishly, and this can affect the performance of the Vehicular Ad hoc NETwork (VANET). In this context, trust management is another important component of security services in VANETs, which provides a unified system for establishing a relationship between the nodes and helps by keeping record of the behaviour of the vehicles. Nevertheless, it is a challenging task to monitor the evolving pattern of the vehicular behaviour, since communication between the vehicles is anonymous. It is not easy to find a balanced solution that meets the requirements of security, privacy, and trust management in VANET. In view of this, we put forward a Preserving-Privacy Reputation Scheme (PPRS) applied to VANETs, in which a reputation server through a Roadside Unit receives feedback about the behaviour of the vehicles. The server updates and certifies the reputation of the vehicles by matching their anonymous identities with their real ones. Our scheme introduces geographical areas of security, in which the security of an area can be adapted to higher or lower levels depending on the reputation of the vehicles. In addition, complex reputation is examined, in which the reputation of a vehicle is linked to several behavioural factors. A further key area that is explored is the performance evaluation of PPRS which is conducted through a set of simulations in a grid scenario, based on an opportunistic message forwarding application. The results showed the effectiveness of PPRS in terms of assessing the behaviour of the vehicles and taking measures against the misbehaving vehicles. We used SUMO to simulate the mobility model; OMNET++ and Veins supported the simulation of the network model. In addition, Crypto++ was used to implement the elliptical curve cryptographic functions of signature and verification of messages, as recommended by the security standards. Finally, we employ a pseudonym changing strategy in which the reputation is discretised at two levels of reputation. The strategy was implemented in a realistic traffic simulation scenario, and was compared with the so called status and synchronous strategies through a serie of simulations. The results showed that the number of pseudonyms used in our strategy is lower than the strategies mentioned above, and maintains the rate of success of changing pseudonym achieved by the synchronous strategy. / Os veículos usarão pseudônimos em vez de certificados de longo prazo para fornecer segurança e privacidade. Os pseudônimos são certificados de chaves públicas de curto prazo que não contêm informação da identidade do veículo. No entanto, existe risco que veículos autorizados possam enviar mensagens falsas ou se comportar de maneira egoísta, e isso pode afetar o desempenho das redes veiculares (VANETs). Nesse contexto, o gerenciamento de confiança é um importante serviço de segurança nas VANETs, o qual fornece um sistema unificado para estabelecer relações entre os nós e ajuda a manter um registro do comportamento dos veículos. No entanto, é uma tarefa desafiante monitorar o padrão evolutivo do comportamento veicular, já que a comunicação entre os veículos é anônima. Não é uma tarefa fácil encontrar uma solução equilibrada que atenda aos requisitos de segurança, privacidade e gerenciamento de confiança em VANET. Em vista disso, apresentamos um Esquema de Reputação Preservando a Privacidade (ERPP) aplicado a VANETs, no qual um servidor de reputação através de uma unidade de acostamento recebe avaliações sobre o comportamento dos veículos. O servidor atualiza e certifica a reputação dos veículos relacionando seus identidades anônimas com as reais. ERPP introduz áreas geográficas de segurança, na qual a segurança de uma área pode ser adaptada a níveis mais elevados ou mais baixos dependendo da reputação dos veículos. Além, uma reputação complexa é examinada, na qual a reputação de um veículo está vinculada a vários fatores do comportamento. Uma outra área que é explorada é a avaliação de desempenho do ERPP o qual é conduzida através de simulações em um cenário urbano, com base na aplicação de encaminhamento oportunista de mensagens. Os resultados mostraram a eficácia do ERPP em termos de avaliar o comportamento dos veículos e tomar medidas contra os veículos mal comportados. Utilizamos SUMO para simular o modelo de mobilidade; OMNET++ e Veins suportaram o modelo de red; and Crypto++ foi usado para implementar as funções criptográficas de curvas elípticas de assinatura e verificação de mensagens como recomendam os padrões de segurança. Finalmente, empregamos uma estratégia de mudança de pseudônimo na qual a reputação é discretizada em dois níveis de reputação. A estratégia foi implementada em um cenário de simulação de tráfego realista e foi comparada com as estratégias nomeadas de estado e síncrona mediante simulações. Os resultados mostraram que o número de pseudônimos utilizados em nossa estratégia é menor que os esquemas mencionados, e mantém a taxa de sucesso de mudança de pseudônimo alcançada pela estratégia síncrona. Gerenciamento de confiança Mobile network Rede móvel Rede veicular Reputation system Security Seguridade Sistema de reputação Trust management Vehicular network
27	Design and Management of Collaborative Intrusion Detection Networks Fung, Carol January 2013 (has links) In recent years network intrusions have become a severe threat to the privacy and safety of computer users. Recent cyber attacks compromise a large number of hosts to form botnets. Hackers not only aim at harvesting private data and identity information from compromised nodes, but also use the compromised nodes to launch attacks such as distributed denial-of-service (DDoS) attacks. As a counter measure, Intrusion Detection Systems (IDS) are used to identify intrusions by comparing observable behavior against suspicious patterns. Traditional IDSs monitor computer activities on a single host or network traffic in a sub-network. They do not have a global view of intrusions and are not effective in detecting fast spreading attacks, unknown, or new threats. In turn, they can achieve better detection accuracy through collaboration. An Intrusion Detection Network (IDN) is such a collaboration network allowing IDSs to exchange information with each other and to benefit from the collective knowledge and experience shared by others. IDNs enhance the overall accuracy of intrusion assessment as well as the ability to detect new intrusion types. Building an effective IDN is however a challenging task. For example, adversaries may compromise some IDSs in the network and then leverage the compromised nodes to send false information, or even attack others in the network, which can compromise the efficiency of the IDN. It is, therefore, important for an IDN to detect and isolate malicious insiders. Another challenge is how to make efficient intrusion detection assessment based on the collective diagnosis from other IDSs. Appropriate selection of collaborators and incentive-compatible resource management in support of IDSs' interaction with others are also key challenges in IDN design. To achieve efficiency, robustness, and scalability, we propose an IDN architecture and especially focus on the design of four of its essential components, namely, trust management, acquaintance management, resource management, and feedback aggregation. We evaluate our proposals and compare them with prominent ones in the literature and show their superiority using several metrics, including efficiency, robustness, scalability, incentive-compatibility, and fairness. Our IDN design provides guidelines for the deployment of a secure and scalable IDN where effective collaboration can be established between IDSs. Intrusion Detection Network Collaboration network Computer Security Network Management Trust Management Resource Management Game Theory Bayesian Decision Computer Science
28	Design and Management of Collaborative Intrusion Detection Networks Fung, Carol January 2013 (has links) In recent years network intrusions have become a severe threat to the privacy and safety of computer users. Recent cyber attacks compromise a large number of hosts to form botnets. Hackers not only aim at harvesting private data and identity information from compromised nodes, but also use the compromised nodes to launch attacks such as distributed denial-of-service (DDoS) attacks. As a counter measure, Intrusion Detection Systems (IDS) are used to identify intrusions by comparing observable behavior against suspicious patterns. Traditional IDSs monitor computer activities on a single host or network traffic in a sub-network. They do not have a global view of intrusions and are not effective in detecting fast spreading attacks, unknown, or new threats. In turn, they can achieve better detection accuracy through collaboration. An Intrusion Detection Network (IDN) is such a collaboration network allowing IDSs to exchange information with each other and to benefit from the collective knowledge and experience shared by others. IDNs enhance the overall accuracy of intrusion assessment as well as the ability to detect new intrusion types. Building an effective IDN is however a challenging task. For example, adversaries may compromise some IDSs in the network and then leverage the compromised nodes to send false information, or even attack others in the network, which can compromise the efficiency of the IDN. It is, therefore, important for an IDN to detect and isolate malicious insiders. Another challenge is how to make efficient intrusion detection assessment based on the collective diagnosis from other IDSs. Appropriate selection of collaborators and incentive-compatible resource management in support of IDSs' interaction with others are also key challenges in IDN design. To achieve efficiency, robustness, and scalability, we propose an IDN architecture and especially focus on the design of four of its essential components, namely, trust management, acquaintance management, resource management, and feedback aggregation. We evaluate our proposals and compare them with prominent ones in the literature and show their superiority using several metrics, including efficiency, robustness, scalability, incentive-compatibility, and fairness. Our IDN design provides guidelines for the deployment of a secure and scalable IDN where effective collaboration can be established between IDSs. Intrusion Detection Network Collaboration network Computer Security Network Management Trust Management Resource Management Game Theory Bayesian Decision Computer Science
29	Distributed trust management mechanism for the internet of things using a multi-service approach Mendoza, Carolina Veronica Lezama January 2014 (has links) Orientador: Prof. Dr. João Henrique Kleinschmidt / Dissertação (mestrado) - Universidade Federal do ABC, Programa de Pós-Graduação em Engenharia da Informação, 2015. / Na Internet das Coisas os objetos físicos têm um componente virtual capaz de prover ou requisitar determinados serviços. É uma tendência que trará vantagens sem precedentes para a automação de processos e diversas aplicações. A análise de modelos de gerenciamento de confiança para IoT para detectar comportamentos maliciosos tem recebido poucas contribuições da comunidade científica. Alguns pesquisadores trataram desta questão, mas poucos trabalhos analisam os requisitos para a correta implementação da IoT. O objetivo desta dissertação é identificar o comportamento malicioso de nós e prevenir possíveis ataques que interrompam os serviços da rede. Neste trabalho são feitas diferentes abordagens para pesquisar um modelo de gerenciamento de confiança capaz de caracterizar o comportamento dos nós. O modelo proposto usa informações diretas geradas pelas comunicações entre os nós e recomendações de outros nós para calcular a confiança. Usa uma abordagem multi-serviço em que cada nó provê diversos serviços para os outros nós da rede. A habilidade de um nó em prover um serviço é recompensada, enquanto que um nó que não forneça um serviço corretamente é punido. Cada nó tem uma tabela de confiança dos seus vizinhos, que pode ser compartilhada com os outros nós como recomendações. A abordagem distribuída permite que os nós sejam completamente autônomos em tomar decisões sobre o comportamento dos nós. A avaliação de confiança dos nós é um meio efetivo de encorajar a colaboração na rede e ao mesmo tempo melhorar a segurança em redes distribuídas. Três ataques são testados para verificar a validade do modelo de confiança: ataque On-Off, ataque Seletivo e Bad mouthing. O modelo de gerenciamento de confiança foi implementado no Contiki, um sistema operacional desenvolvido para IoT e redes de sensores. Extensivas simulações foram feitas no simulador Cooja-Contiki para ilustrar os ataques e avaliar o desempenho do modelo proposto. Os resultados de simulação mostram que o modelo tem um bom desempenho em detectar os nós maliciosos. / In Internet of Things (IoT), the physical objects have a virtual component able to provide or require determined services. It is a trend that will bring unprecedented advantages to the process automation. The analysis of the trust management models for IoT to detect the malicious behavior on the network, has been undervalued and with little scientific contribution in the academic field. In spite of researchers has already addressed the issue, only few give a theoretic analysis on the requirements for the proper implementation of IoT. The purpose of this thesis work is to identify the malicious behavior of the nodes and prevent possible attacks that disrupt entire network to IoT context. In this thesis different approaches are followed to investigate a lightweight model of trust management able to characterize the behavior of the nodes with little effort. Our model use direct information generated from direct communication of nodes and recommendations of the others nodes to evaluate the trust. We use a multi-service approach where each node provides several services to others node. The ability to provide a service is rewarded and, punished when it is not provided. In our trust model each node has a trust table of their neighbors in the same radio coverage, which will be shared to others nodes as recommendations. This distributed approach allows nodes to be completely autonomous in making decisions about the behavior of other nodes. The trust evaluation of nodes is an effective method to encourage the collaboration on the network and at the same time to improve network security in distributed networks. In this thesis work, we present three attacks that can undermine the accuracy of trust evaluation. Based on our investigation on attacks and defense, we designed and implemented a trust management model based on the construction of Contiki, an operating system developed for IoT and sensor networks. Extensive simulations were performed using COOJA-Contiki to illustrate On-OFF attack, Selective attack and Bad mouthing attack, the effectiveness of the techniques used, and the overall performance of the proposed trust model. Simulation results shows effectiveness against these attacks and also a good performance to recognize the malicious nodes especially to the Bad mouthing attack when are used direct information and recommendations wherein is obtained a reduction time compared when is used only the direct information. INTERNET DAS COISAS SEGURANÇA DE REDES GERENCIAMENTO DE CONFIANÇA INTERNET OF THINGS DATA SECURITY TRUST MANAGEMENT
30	A privacy-preserving reputation scheme for trust management on VANETs applications / Um esquema de reputação preservando a privacidade para o gerenciamento de confiança em aplicações VANETs Luz Marina Santos Jaimes 10 August 2017 (has links) Vehicles will use pseudonyms instead of relying on long-term certificates to provide security and privacy. Pseudonyms are short-term public key certificates that do not contain identity-linking information about the vehicle. However, there is a constant risk that authorised vehicles may send fake messages or behave selfishly, and this can affect the performance of the Vehicular Ad hoc NETwork (VANET). In this context, trust management is another important component of security services in VANETs, which provides a unified system for establishing a relationship between the nodes and helps by keeping record of the behaviour of the vehicles. Nevertheless, it is a challenging task to monitor the evolving pattern of the vehicular behaviour, since communication between the vehicles is anonymous. It is not easy to find a balanced solution that meets the requirements of security, privacy, and trust management in VANET. In view of this, we put forward a Preserving-Privacy Reputation Scheme (PPRS) applied to VANETs, in which a reputation server through a Roadside Unit receives feedback about the behaviour of the vehicles. The server updates and certifies the reputation of the vehicles by matching their anonymous identities with their real ones. Our scheme introduces geographical areas of security, in which the security of an area can be adapted to higher or lower levels depending on the reputation of the vehicles. In addition, complex reputation is examined, in which the reputation of a vehicle is linked to several behavioural factors. A further key area that is explored is the performance evaluation of PPRS which is conducted through a set of simulations in a grid scenario, based on an opportunistic message forwarding application. The results showed the effectiveness of PPRS in terms of assessing the behaviour of the vehicles and taking measures against the misbehaving vehicles. We used SUMO to simulate the mobility model; OMNET++ and Veins supported the simulation of the network model. In addition, Crypto++ was used to implement the elliptical curve cryptographic functions of signature and verification of messages, as recommended by the security standards. Finally, we employ a pseudonym changing strategy in which the reputation is discretised at two levels of reputation. The strategy was implemented in a realistic traffic simulation scenario, and was compared with the so called status and synchronous strategies through a serie of simulations. The results showed that the number of pseudonyms used in our strategy is lower than the strategies mentioned above, and maintains the rate of success of changing pseudonym achieved by the synchronous strategy. / Os veículos usarão pseudônimos em vez de certificados de longo prazo para fornecer segurança e privacidade. Os pseudônimos são certificados de chaves públicas de curto prazo que não contêm informação da identidade do veículo. No entanto, existe risco que veículos autorizados possam enviar mensagens falsas ou se comportar de maneira egoísta, e isso pode afetar o desempenho das redes veiculares (VANETs). Nesse contexto, o gerenciamento de confiança é um importante serviço de segurança nas VANETs, o qual fornece um sistema unificado para estabelecer relações entre os nós e ajuda a manter um registro do comportamento dos veículos. No entanto, é uma tarefa desafiante monitorar o padrão evolutivo do comportamento veicular, já que a comunicação entre os veículos é anônima. Não é uma tarefa fácil encontrar uma solução equilibrada que atenda aos requisitos de segurança, privacidade e gerenciamento de confiança em VANET. Em vista disso, apresentamos um Esquema de Reputação Preservando a Privacidade (ERPP) aplicado a VANETs, no qual um servidor de reputação através de uma unidade de acostamento recebe avaliações sobre o comportamento dos veículos. O servidor atualiza e certifica a reputação dos veículos relacionando seus identidades anônimas com as reais. ERPP introduz áreas geográficas de segurança, na qual a segurança de uma área pode ser adaptada a níveis mais elevados ou mais baixos dependendo da reputação dos veículos. Além, uma reputação complexa é examinada, na qual a reputação de um veículo está vinculada a vários fatores do comportamento. Uma outra área que é explorada é a avaliação de desempenho do ERPP o qual é conduzida através de simulações em um cenário urbano, com base na aplicação de encaminhamento oportunista de mensagens. Os resultados mostraram a eficácia do ERPP em termos de avaliar o comportamento dos veículos e tomar medidas contra os veículos mal comportados. Utilizamos SUMO para simular o modelo de mobilidade; OMNET++ e Veins suportaram o modelo de red; and Crypto++ foi usado para implementar as funções criptográficas de curvas elípticas de assinatura e verificação de mensagens como recomendam os padrões de segurança. Finalmente, empregamos uma estratégia de mudança de pseudônimo na qual a reputação é discretizada em dois níveis de reputação. A estratégia foi implementada em um cenário de simulação de tráfego realista e foi comparada com as estratégias nomeadas de estado e síncrona mediante simulações. Os resultados mostraram que o número de pseudônimos utilizados em nossa estratégia é menor que os esquemas mencionados, e mantém a taxa de sucesso de mudança de pseudônimo alcançada pela estratégia síncrona. Gerenciamento de confiança Rede móvel Rede veicular Seguridade Sistema de reputação Mobile network Reputation system Security Trust management Vehicular network

Search results