SCA security verification on wireless sensor network node

Side Channel Attack (SCA) differs from traditional mathematic attacks. It gets around of the exhaustive mathematic calculation and precisely pin to certain points in the cryptographic algorithm to reveal confidential information from the running crypto-devices. Since the introduction of SCA by Paul Kocher et al [1], it has been considered to be one of the most critical threats to the resource restricted but security demanding applications, such as wireless sensor networks. In this paper, we focus our work on the SCA-concerned security verification on WSN (wireless sensor network). A detailed setup of the platform and an analysis of the results of DPA (power attack) and EMA (electromagnetic attack) is presented. The setup follows the way of low-cost setup to make effective SCAs. Meanwhile, surveying the weaknesses of WSNs in resisting SCA attacks, especially for the EM attack. Finally, SCA-Prevention suggestions based on Differential Security Strategy for the FPGA hardware implementation in WSN will be given, helping to get an improved compromise between security and cost.

MEIA SYSTEMS: Membrane Encrypted Information Applications Systems

Membrane computing is a recent area that belongs to natural computing. This field works on computational models based on nature's behavior to process the information. Recently, numerous models have been developed and implemented with this purpose. P-systems are the structures which have been defined,developed and implemented to simulate the behavior and the evolution of membrane systems which we find in nature. What we show in this paper is a new model that deals with encrypted information which provides security the membrane systems communication. Moreover we find non deterministic and random applications in nature that are suitable to MEIA systems. The inherent parallelism and non determinism make this applications perfect object to implement MEIA systems.

Security of plug-and-play QKD arrangements with finite resources

The security of a passive plug-and-play QKD arrangement in the case of finite (resources) key lengths is analysed. It is assumed that the eavesdropper has full access to the channel so an unknown and untrusted source is assumed. To take into account the security of the BB84 protocol under collective attacks within the framework of quantum adversaries, a full treatment provides the well-known equations for the secure key rate. A numerical simulation keeping a minimum number of initial parameters constant as the total error sought and the number of pulses is carried out. The remaining parameters are optimized to produce the maximum secure key rate. Two main strategies are addressed: with and without two-decoy-states including the optimization of signal to decoy relationship.

Evaluation, energy optimization, and spectrum analysis of an artificial noise technique to improve CWSN security

This paper presents the security evaluation, energy consumption optimization, and spectrum scarcity analysis of artificial noise techniques to increase physical-layer security in Cognitive Wireless Sensor Networks (CWSNs). These techniques introduce noise into the spectrum in order to hide real information. Nevertheless, they directly affect two important parameters in Cognitive Wireless Sensor Networks (CWSNs), energy consumption and spectrum utilization. Both are affected because the number of packets transmitted by the network and the active period of the nodes increase. Security evaluation demonstrates that these techniques are effective against eavesdropper attacks, but also optimization allows for the implementation of these approaches in low-resource networks such as Cognitive Wireless Sensor Networks. In this work, the scenario is formally modeled and the optimization according to the simulation results and the impact analysis over the frequency spectrum are presented.

Fundamental finite key limits for information reconciliation in quantum key distribution

The security of quantum key distribution protocols is guaranteed by the laws of quantum mechanics. However, a precise analysis of the security properties requires tools from both classical cryptography and information theory. Here, we employ recent results in non-asymptotic classical information theory to show that information reconciliation imposes fundamental limitations on the amount of secret key that can be extracted in the finite key regime. In particular, we find that an often used approximation for the information leakage during one-way information reconciliation is flawed and we propose an improved estimate.

Cognitive strategies for security in wireless sensor networks

Las redes de sensores inalámbricas son uno de los sectores con más crecimiento dentro de las redes inalámbricas. La rápida adopción de estas redes como solución para muchas nuevas aplicaciones ha llevado a un creciente tráfico en el espectro radioeléctrico. Debido a que las redes inalámbricas de sensores operan en las bandas libres Industrial, Scientific and Medical (ISM) se ha producido una saturación del espectro que en pocos años no permitirá un buen funcionamiento. Con el objetivo de solucionar este tipo de problemas ha aparecido el paradigma de Radio Cognitiva (CR). La introducción de las capacidades cognitivas en las redes inalámbricas de sensores permite utilizar estas redes para aplicaciones con unos requisitos más estrictos respecto a fiabilidad, cobertura o calidad de servicio. Estas redes que aúnan todas estas características son llamadas redes de sensores inalámbricas cognitivas (CWSNs). La mejora en prestaciones de las CWSNs permite su utilización en aplicaciones críticas donde antes no podían ser utilizadas como monitorización de estructuras, de servicios médicos, en entornos militares o de vigilancia. Sin embargo, estas aplicaciones también requieren de otras características que la radio cognitiva no nos ofrece directamente como, por ejemplo, la seguridad. La seguridad en CWSNs es un aspecto poco desarrollado al ser una característica no esencial para su funcionamiento, como pueden serlo el sensado del espectro o la colaboración. Sin embargo, su estudio y mejora es esencial de cara al crecimiento de las CWSNs. Por tanto, esta tesis tiene como objetivo implementar contramedidas usando las nuevas capacidades cognitivas, especialmente en la capa física, teniendo en cuenta las limitaciones con las que cuentan las WSNs. En el ciclo de trabajo de esta tesis se han desarrollado dos estrategias de seguridad contra ataques de especial importancia en redes cognitivas: el ataque de simulación de usuario primario (PUE) y el ataque contra la privacidad eavesdropping. Para mitigar el ataque PUE se ha desarrollado una contramedida basada en la detección de anomalías. Se han implementado dos algoritmos diferentes para detectar este ataque: el algoritmo de Cumulative Sum y el algoritmo de Data Clustering. Una vez comprobado su validez se han comparado entre sí y se han investigado los efectos que pueden afectar al funcionamiento de los mismos. Para combatir el ataque de eavesdropping se ha desarrollado una contramedida basada en la inyección de ruido artificial de manera que el atacante no distinga las señales con información del ruido sin verse afectada la comunicación que nos interesa. También se ha estudiado el impacto que tiene esta contramedida en los recursos de la red. Como resultado paralelo se ha desarrollado un marco de pruebas para CWSNs que consta de un simulador y de una red de nodos cognitivos reales. Estas herramientas han sido esenciales para la implementación y extracción de resultados de la tesis. ABSTRACT Wireless Sensor Networks (WSNs) are one of the fastest growing sectors in wireless networks. The fast introduction of these networks as a solution in many new applications has increased the traffic in the radio spectrum. Due to the operation of WSNs in the free industrial, scientific, and medical (ISM) bands, saturation has ocurred in these frequencies that will make the same operation methods impossible in the future. Cognitive radio (CR) has appeared as a solution for this problem. The networks that join all the mentioned features together are called cognitive wireless sensor networks (CWSNs). The adoption of cognitive features in WSNs allows the use of these networks in applications with higher reliability, coverage, or quality of service requirements. The improvement of the performance of CWSNs allows their use in critical applications where they could not be used before such as structural monitoring, medical care, military scenarios, or security monitoring systems. Nevertheless, these applications also need other features that cognitive radio does not add directly, such as security. The security in CWSNs has not yet been explored fully because it is not necessary field for the main performance of these networks. Instead, other fields like spectrum sensing or collaboration have been explored deeply. However, the study of security in CWSNs is essential for their growth. Therefore, the main objective of this thesis is to study the impact of some cognitive radio attacks in CWSNs and to implement countermeasures using new cognitive capabilities, especially in the physical layer and considering the limitations of WSNs. Inside the work cycle of this thesis, security strategies against two important kinds of attacks in cognitive networks have been developed. These attacks are the primary user emulator (PUE) attack and the eavesdropping attack. A countermeasure against the PUE attack based on anomaly detection has been developed. Two different algorithms have been implemented: the cumulative sum algorithm and the data clustering algorithm. After the verification of these solutions, they have been compared and the side effects that can disturb their performance have been analyzed. The developed approach against the eavesdropping attack is based on the generation of artificial noise to conceal information messages. The impact of this countermeasure on network resources has also been studied. As a parallel result, a new framework for CWSNs has been developed. This includes a simulator and a real network with cognitive nodes. This framework has been crucial for the implementation and extraction of the results presented in this thesis.

An algorithm to hide information in binary images

The objective of this paper is to develop a method to hide information inside a binary image. An algorithm to embed data in scanned text or figures is proposed, based on the detection of suitable pixels, which verify some conditions in order to be not detected. In broad terms, the algorithm locates those pixels placed at the contours of the figures or in those areas where some scattering of the two colors can be found. The hidden information is independent from the values of the pixels where this information is embedded. Notice that, depending on the sequence of bits to be hidden, around half of the used pixels to keep bits of data will not be modified. The other basic characteristic of the proposed scheme is that it is necessary to take into consideration the bits that are modified, in order to perform the recovering process of the information, which consists on recovering the sequence of bits placed in the proper positions. An application to banking sector is proposed for hidding some information in signatures.

A system to communicate hidden information using color images

The objective of this paper is to present a system to communicate hidden information among different users by means of images. The tasks that the system is able to carry on can be divided in two different groups of utilities, implemented in java. The first group of utilities are related with the possibility to hide information in color images, using a steganographic function based on the least significant bit (LSB) methods. The second group of utilities allows us to communicate with other users with the aim to send or receive images, where some information have been previously embedded. Thus, this is the most significant characteristic of the implementation, we have built an environment where we join the email capabilities to send and receive text and images as attached files, with the main objective of hiding information.

A Cloud-based Framework for Security Analysis of Browser Extensions

In today's internet world, web browsers are an integral part of our day-to-day activities. Therefore, web browser security is a serious concern for all of us. Browsers can be breached in different ways. Because of the over privileged access, extensions are responsible for many security issues. Browser vendors try to keep safe extensions in their official extension galleries. However, their security control measures are not always effective and adequate. The distribution of unsafe extensions through different social engineering techniques is also a very common practice. Therefore, before installation, users should thoroughly analyze the security of browser extensions. Extensions are not only available for desktop browsers, but many mobile browsers, for example, Firefox for Android and UC browser for Android, are also furnished with extension features. Mobile devices have various resource constraints in terms of computational capabilities, power, network bandwidth, etc. Hence, conventional extension security analysis techniques cannot be efficiently used by end users to examine mobile browser extension security issues. To overcome the inadequacies of the existing approaches, we propose CLOUBEX, a CLOUd-based security analysis framework for both desktop and mobile Browser EXtensions. This framework uses a client-server architecture model. In this framework, compute-intensive security analysis tasks are generally executed in a high-speed computing server hosted in a cloud environment. CLOUBEX is also enriched with a number of essential features, such as client-side analysis, requirements-driven analysis, high performance, and dynamic decision making. At present, the Firefox extension ecosystem is most susceptible to different security attacks. Hence, the framework is implemented for the security analysis of the Firefox desktop and Firefox for Android mobile browser extensions. A static taint analysis is used to identify malicious information flows in the Firefox extensions. In CLOUBEX, there are three analysis modes. A dynamic decision making algorithm assists us to select the best option based on some important parameters, such as the processing speed of a client device and network connection speed. Using the best analysis mode, performance and power consumption are improved significantly. In the future, this framework can be leveraged for the security analysis of other desktop and mobile browser extensions, too.

The EU’s Paradoxical Efforts at Tracking the Financing of Terrorism: From criticism to imitation of dataveillance. CEPS Paper in Liberty and Security No. 56, August 2013

In July 2011, the European Commission published a Communication aimed at setting out different options for establishing a European terrorist finance tracking system (TFTS). The Communication followed the adoption of the EU-US agreement on the US Terrorist Finance Tracking Program (TFTP) in 2010. The agreement concluded various series of national, European and transatlantic negotiations after the disclosure through public media of the US TFTP in 2006. This paper takes stock of the wide range of controversies surrounding this security-focused programme with dataveillance capabilities. After stressing the impact of the US TFTP on international relations, the paper argues that the EU-US agreement primarily has the effect of shifting information-sharing practices from the justice/judicial/penal/criminal investigation framework into the security/intelligence/administrative/prevention context as the main rationale. The paper then questions the TFTP-related conception of mass intelligence through large-scale databases and transnational communication of bulk data in the name of targeted surveillance. Following an examination of the project creating an EU system equivalent to the TFTP, the paper emphasises the fundamental paradox of transatlantic security matters, in which European criticism of American programmes tends to be ultimately translated into EU imitation of US dataveillance practices.

The Political and Judicial Life of Metadata: Digital Rights Ireland and the Trail of the Data Retention Directive. CEPS Paper in Liberty and Security No. 65, May 2014

This paper examines the challenges facing the EU regarding data retention, particularly in the aftermath of the judgment Digital Rights Ireland by the Court of Justice of the European Union (CJEU) of April 2014, which found the Data Retention Directive 2002/58 to be invalid. It first offers a brief historical account of the Data Retention Directive and then moves to a detailed assessment of what the judgment means for determining the lawfulness of data retention from the perspective of the EU Charter of Fundamental Rights: what is wrong with the Data Retention Directive and how would it need to be changed to comply with the right to respect for privacy? The paper also looks at the responses to the judgment from the European institutions and elsewhere, and presents a set of policy suggestions to the European institutions on the way forward. It is argued here that one of the main issues underlying the Digital Rights Ireland judgment has been the role of fundamental rights in the EU legal order, and in particular the extent to which the retention of metadata for law enforcement purposes is consistent with EU citizens’ right to respect for privacy and to data protection. The paper offers three main recommendations to EU policy-makers: first, to give priority to a full and independent evaluation of the value of the data retention directive; second, to assess the judgment’s implications for other large EU information systems and proposals that provide for the mass collection of metadata from innocent persons, in the EU; and third, to adopt without delay the proposal for Directive COM(2012)10 dealing with data protection in the fields of police and judicial cooperation in criminal matters.

‘Wrong number?’ The Use and Misuse of Asylum Data in the European Union. CEPS Paper in Liberty and Security in Europe No. 69/December 2014

The Common European Asylum System (CEAS) is an EU policy area that is particularly evocative of the ‘politics of numbers’. The European Union has at its disposal a wide array of sources providing detailed information about the capacities and pressures of its member states’ asylum systems. This paper discusses the content of asylum data and the evolving interaction between its different sources, ranging from the United Nations High Commissioner for Refugees to the European Commission’s EUROSTAT and DG HOME, the European Asylum Support Office, FRONTEX, the European Migration Network (EMN) and national databases. However, the way in which such data are often misused, or even omitted, in political debate affects the soundness of policy decisions in the CEAS. Drawing on debates over the contested phenomenon of ‘asylum shopping’ and the exemption of victims of torture and unaccompanied minors from accelerated and border procedures in the recast asylum procedures Directive, this briefing paper argues that solid data-based evidence is often absent from political negotiations on CEAS measures affecting refugees and asylum-seekers.

Best Practices in Involuntary Loss of Nationality in the EU. CEPS Liberty and Security in Europe No. 73/November 2014

This paper was prepared as a ILEC Policy Brief for discussion at the final conference of the project on Involuntary Loss of European Citizenship: Exchanging Knowledge and Identifying Guidelines for Europe, 11-12 December 2014. Co-funded by the European Commission’s DG for Justice, Citizenship and Fundamental Rights, the ILEC project has aimed to establish a framework for debate on international norms on involuntary loss of nationality. For more information visit: www.ilecproject.eu.

European Citizenship at the Crossroads: Enhancing European Cooperation on Acquisition and Loss of Nationality. CEPS Liberty and Security in Europe No. 73/December 2014

This paper was prepared as a Policy Brief for discussion at the final conference of the project on Involuntary Loss of European Citizenship: Exchanging Knowledge and Identifying Guidelines for Europe, 11-12 December 2014. Co-funded by the European Commission’s DG for Justice, Citizenship and Fundamental Rights, the ILEC project has aimed to establish a framework for debate on international norms on involuntary loss of nationality. For more information visit: www.ilecproject.eu.

How to deal with quasi-loss of nationality situations? Learning from promising practices. CEPS Liberty and Security in Europe No. 71/December 2014

This paper was prepared as a Policy Brief for discussion at the final conference of the project on Involuntary Loss of European Citizenship: Exchanging Knowledge and Identifying Guidelines for Europe, 11-12 December 2014. Co-funded by the European Commission’s DG for Justice, Citizenship and Fundamental Rights, the ILEC project has aimed to establish a framework for debate on international norms on involuntary loss of nationality. For more information visit: www.ilecproject.eu.