Today's Internet is experiencing a massive number of users with a continuously increasing need for data, which is the leading cause of introduced limitations among security and privacy issues. To ...overcome these limitations, a shift from host-centric to data-centric is proposed, and in this context, Information-Centric Networking (ICN) represents a promising solution. Nevertheless, unsettling the current Internet's network layer -i.e., Internet Protocol (IP) -with ICN is a challenging, expensive task since it requires worldwide coordination among Internet Service Providers (ISPs), backbone, and Autonomous Services (AS). Therefore, researchers foresee that the replacement process of the current Internet will transition through the coexistence of IP and ICN. In this perspective, novel architectures combine IP and ICN protocols. However, only a few of the proposed architectures place the security-by-design feature. Therefore, this article provides the first comprehensive Security and Privacy (SP) analysis of the state-of-the-art IP-ICN coexistence architectures by horizontally comparing the SP features among three deployment approaches -i.e., overlay, underlay, and hybrid -and vertically comparing among the ten considered SP features. Lastly, the article sheds light on the open issues and possible future directions for IP-ICN coexistence. Our analysis shows that most architectures fail to provide several SP features, including data and traffic flow confidentiality, availability, and anonymity of communication. Thus, this article shows the secure combination of current and future protocol stacks during the coexistence phase that the Internet will definitely walk across.
A survey on security and privacy issues of UAVs Mekdad, Yassine; Aris, Ahmet; Babun, Leonardo ...
Computer networks (Amsterdam, Netherlands : 1999),
April 2023, 2023-04-00, Letnik:
224
Journal Article
Recenzirano
Odprti dostop
In the 21st century, the industry of drones, also known as Unmanned Aerial Vehicles (UAVs), has witnessed a rapid increase with its large number of airspace users. The tremendous benefits of this ...technology in civilian applications such as hostage rescue and parcel delivery will integrate smart cities in the future. Nowadays, the affordability of commercial drones expands their usage on a large scale. However, the development of drone technology is associated with vulnerabilities and threats due to the lack of efficient security implementations. Moreover, the complexity of UAVs in software and hardware triggers potential security and privacy issues. Thus, posing significant challenges for the industry, academia, and governments.
In this paper, we extensively survey the security and privacy issues of UAVs by providing a systematic classification at four levels: Hardware-level, Software-level, Communication-level, and Sensor-level. In particular, for each level, we thoroughly investigate (1) common vulnerabilities affecting UAVs for potential attacks from malicious actors, (2) existing threats that are jeopardizing the civilian application of UAVs, (3) active and passive attacks performed by the adversaries to compromise the security and privacy of UAVs, (4) possible countermeasures and mitigation techniques to protect UAVs from such malicious activities. In addition, we summarize the takeaways that highlight lessons learned about UAVs’ security and privacy issues. Finally, we conclude our survey by presenting the critical pitfalls and suggesting promising future research directions for security and privacy of UAVs.
In recent years, the booming of Internet of Things (IoT) has populated the world with billions of smart devices that implement novel services and applications. The potential for cyberattacks on IoT ...systems have called for new solutions from the research community. Remote attestation is a widely used technique that allows a verifier to identify software compromise on a remote platform (called prover). Traditional challenge-response remote attestation protocols between the verifier and a single prover face a severe scalability challenge when they are applied to large scale IoT systems. To tackle this issue, recently researchers have started developing attestation schemes, which we refer to as Collective Remote Attestation (CRA) schemes, that are capable of remotely performing attestation of large networks of IoT devices. In this paper, after providing the reader with a background on remote attestation, we survey and analyze existing CRA schemes. We present an analysis of their advantages and disadvantages, as well as of their effectiveness against a reference attacker model. We focus our attention on CRA schemes' characteristics and adversarial mitigation capabilities. We finally highlight open research issues and give possible directions for mitigating both the limitations of existing schemes, and new emerging challenges. We believe this work can help guiding the design of current and future proposals for CRA.
We examine the interplay between learning and privacy over multiagent consensus networks. The learning objective of each individual agent consists of computing some global network statistic, and is ...accomplished by means of a consensus protocol. The privacy objective consists of preventing inference of the individual agents' data from the information exchanged during the consensus stages, and is accomplished by adding some artificial noise to the observations (obfuscation). An analytical characterization of the learning and privacy performance is provided, with reference to a consensus perturbing and to a consensus-preserving obfuscation strategy.
Federated Learning (FL) represents the de facto approach for distributed training of machine learning models. Nevertheless, researchers have identified several security and privacy FL issues. Among ...these, the lack of anonymity exposes FL to linkability attacks, representing a risk for model alteration and worker impersonation, where adversaries can explicitly select the attack target, knowing its identity. Named-Data Networking (NDN) is a novel networking paradigm that decouples the data from its location, anonymising the users. NDN embodies a suitable solution to ensure workers’ privacy in FL, thus fixing the abovementioned issues. However, several issues must be addressed to fit FL logic in NDN semantics, such as missing push-based communication in NDN and anonymous NDN naming convention. To this end, this paper contributes a novel anonymous-by-design FL framework with a customised communication protocol leveraging NDN. The proposed communication scheme encompasses an ad-hoc FL-oriented naming convention and anonymity-driven forwarding and enrollment procedures. The anonymity and privacy requirements considered during the framework definition are fully satisfied through a detailed analysis of the framework’s robustness. Moreover, we compare the proposed mechanism and state-of-the-art anonymity solutions, focusing on the communication efficiency perspective. The simulation results show latency and training time improvements up to ∼30%, especially when dealing with large models, numerous federations, and complex networks.
•Federated Learning has untackled anonymity issues, putting at risk users’ privacy.•The emerging Named-Data Networking protocol offers the privacy-by-design feature.•Building on top of Named-Data Networking, anonymous Federated Learning is achieved.•Named-Data Networking-based Federated Learning overcomes well-known privacy issues.•Named-Data Networking also improves communication efficiency for Federated Learning.
Privacy protection is a crucial problem in many biomedical signal processing applications. For this reason, particular attention has been given to the use of secure multiparty computation techniques ...for processing biomedical signals, whereby nontrusted parties are able to manipulate the signals although they are encrypted. This paper focuses on the development of a privacy preserving automatic diagnosis system whereby a remote server classifies a biomedical signal provided by the client without getting any information about the signal itself and the final result of the classification. Specifically, we present and compare two methods for the secure classification of electrocardiogram (ECG) signals: the former based on linear branching programs (a particular kind of decision tree) and the latter relying on neural networks. The paper deals with all the requirements and difficulties related to working with data that must stay encrypted during all the computation steps, including the necessity of working with fixed point arithmetic with no truncation while guaranteeing the same performance of a floating point implementation in the plain domain. A highly efficient version of the underlying cryptographic primitives is used, ensuring a good efficiency of the two proposed methods, from both a communication and computational complexity perspectives. The proposed systems prove that carrying out complex tasks like ECG classification in the encrypted domain efficiently is indeed possible in the semihonest model, paving the way to interesting future applications wherein privacy of signal owners is protected by applying high security standards.
Biometrics security is a dynamic research area spurred by the need to protect personal traits from threats like theft, non-authorised distribution, reuse and so on. A widely investigated solution to ...such threats consists of processing the biometric signals under encryption, in order to avoid any leakage of information towards non-authorised parties. In this study, the authors propose to leverage on the superior performance of multimodal biometric recognition to improve the efficiency of a biometric-based authentication protocol operating on encrypted data under the malicious security model. In the proposed protocol, authentication relies on both facial and iris biometrics, whose representation accuracy is specifically tailored to the trade-off between recognition accuracy and efficiency. From a cryptographic point of view, the protocol relies on Damgård et al. SPDZ. Experimental results show that the multimodal protocol is faster than corresponding unimodal protocols achieving the same accuracy.
Piecewise Function Approximation With Private Data Lazzeretti, Riccardo; Pignata, Tommaso; Barni, Mauro
IEEE transactions on information forensics and security,
2016-March, 2016-3-00, 20160301, Letnik:
11, Številka:
3
Journal Article
Recenzirano
Odprti dostop
We present two secure two party computation (STPC) protocols for piecewise function approximation on private data. The protocols rely on a piecewise approximation of the to-be-computed function ...easing the implementation in an STPC setting. The first protocol relies entirely on garbled circuits (GCs), while the second one exploits a hybrid construction where GC and homomorphic encryption are used together. In addition to piecewise constant and linear approximation, polynomial interpolation is also considered. From a communication complexity perspective, the full-GC implementation is preferable when the input and output variables can be represented with a small number of bits, while the hybrid solution is preferable otherwise. With regard to computational complexity, the full-GC solution is generally more convenient.
In the past few years, unmanned aerial vehicles (UAVs) have significantly gained attention and popularity from industry, government, and academia. With their rapid development and deployment into the ...civilian airspace, UAVs play an important role in different applications, including goods delivery, search‐and‐rescue, and traffic monitoring. Therefore, providing secure communication through authentication models for UAVs is necessary for a successful and reliable flight mission. To satisfy such requirements, numerous authentication mechanisms have been proposed in the literature. However, the literature lacks a comprehensive study evaluating the security and performance of these solutions. In this article, we analyze the security and performance of 27 recent UAV authentication works by considering ten different key metrics. First, in the performance analysis, we show that the majority of UAV authentication schemes are lightweight in their communication cost. However, the storage overhead or the energy consumption is not reported by many authentication studies. Then, we reveal in the security analysis the widely employed formal models (i.e., description of an authentication protocol through a mathematical model), while most of the studies lack coverage of many attacks that can target UAV systems. Afterwards, we highlight the challenges that need to be addressed in order to design and implement secure and reliable UAV authentication schemes. Finally, we summarize the lessons learned on the authentication strategies for UAVs to motivate promising direction for further research.