Academic & Scientific Articles

Permanent URI for this communityhttp://dl.cerist.dz/handle/CERIST/3

Browse

Subject: search.filters.subject.Security

Search Results

Now showing 1 - 9 of 9
  • Thumbnail Image
    Item
    IoT-DMCP: An IoT data management and control platform for smart cities
    (SCITEPRESS – Science and Technology Publications, 2019) Boulkaboul, Sahar; Djenouri, Djamel; Bouhafs, Sadmi; Belaid, Mohand
    This paper presents a design and implementation of a data management platform to monitor and control smart objects in the Internet of Things (IoT). This is through IPv4/IPv6, and by combining IoT specific features and protocols such as CoAP, HTTP and WebSocket. The platform allows anomaly detection in IoT devices and real-time error reporting mechanisms. Moreover, the platform is designed as a standalone application, which targets at extending cloud connectivity to the edge of the network with fog computing. It extensively uses the features and entities provided by the Capillary Networks with a micro-services based architecture linked via a large set of REST APIs, which allows developing applications independently of the heterogeneous devices. The platform addresses the challenges in terms of connectivity, reliability, security and mobility of the Internet of Things through IPv6. The implementation of the platform is evaluated in a smart home scenario and tested via numeric results. The results show low latency, at the order of few ten of milliseconds, for building control over the implemented mobile application, which confirm realtime feature of the proposed solution.
  • Thumbnail Image
    Item
    An Adaptive Anonymous Authentication for Cloud Environment
    (IEEE Xplore Digital labrary, 2015-06-02) Djellalbia, Amina; Benmeziane, Souad; Badache, Nadjib; Bensimessaoud, Sihem
    Preserving identity privacy is a significant challenge for the security in cloud services. Indeed, an important barrier to the adoption of cloud services is user fear of privacy loss in the cloud. One interesting issue from a privacy perspective is to hide user’s usage behavior or meta-information which includes access patterns and frequencies when accessing services. Users may not want the cloud provider to learn which resources they access and how often they use a service by making them anonymous. In this paper, we will propose an adaptive and flexible approach to protect the identity privacy through an anonymous authentication scheme.
  • Thumbnail Image
    Item
    An end-to-end secure key management protocol for e-health applications
    (Elsevier, 2015) Abdmeziem, Mohammed Riyadh; Tandjaoui, Djamel
    Key distribution is required to secure e-health applications in the context of Internet of Things (IoT). However, resources constraints in IoT make these applications unable to run existing key management protocols. In this paper, we propose a new lightweight key management protocol. This protocol is based on collaboration to establish a secure end-to-end communication channel between a highly resource constrained node and a remote entity. The secure channel allows the constrained node to transmit captured data while ensuring confidentiality and authentication. To achieve this goal, we propose offloading highly consuming cryptographic primitives to third parties. As a result, the constrained node obtains assistance from powerful entities. To assess our protocol, we conduct a formal validation regarding security properties. In addition, we evaluate both communication and computational costs to highlight energy savings. The results show that our protocol provides a considerable gain in energy while its security properties are ensured.
  • Thumbnail Image
    Item
    A Lightweight Key Management Scheme for E-health applications in the context of Internet of Things
    (CERIST, 2014-03-15) Abdmeziem, Riad; Tandjaoui, Djamel
    In the context of Internet of Things where real world objects will automatically be part of the Internet, ehealth applications have emerged as a promising approach to provide unobtrusive support for elderly and frail people based on their situation and circumstances. However, due to the limited resource available in such systems and privacy concerns that might rise from the capture of personal data, security issues constitute a major obstacle to their deployment. Authentication of the different entities involved and data confidentiality constitute the main concerns for users that need to be addressed. In this paper, we propose a new key management scheme for an ehealth application to allow sensors and the Base Station (BS) to negotiate certain security credentials that will be used to protect the information flow. Our prtocol provides a strong level of security guaranteeing authentication and data confidentiality while the scarcity of resources is taken into consideration. The scheme is based on a lightweight Public Key Infrastructure (PKI) where the sensors have to perform only one Elliptic Curve Cryptography (ECC) decryption in the key establishment process. Data exchanges are then secured by the use of symmetric encryption. In addition, Time Stamps are used to prevent replay attacks along with Message Code Authentication (MAC) to ensure integrity.
  • Thumbnail Image
    Item
    Securing Distance Vector Routing Protocols for Hybrid Wireless Mish Networks
    (CERIST, 2010-04) Babakhouya, Abdelaziz; Challal, Yacine; Bouabdallah, Abdelmadjid; Gharout, Said
    Hybrid Wireless Mesh Networks (HWMNs) are currently emerging as a promising technology for a wide range of applications such as public safety, emergency response, and disaster recovery operations. HWMNs combine the concepts of mesh networks and ad hoc networks to maintain network connectivity. Routing is essential for HWMN in order to discover the network topology and built routes. The problem of all the current ad hoc routing protocols is that they trust all nodes and assume that they behave properly; therefore they are more vulnerable to nodes misbehavior. Misbehaving nodes can advertise incorrect routing information and disturb the topology building process. This attack is difficult to detect in distance vector routing protocols since nodes have no information regarding the network topology beyond the immediate neighbors. In this paper we propose a Consistency Check protocol for Distance Vector routing in HWMN environment. Our Consistency Check protocol can detect and reject false routes under the assumption that some mesh routers are trusted and do not cheat. Trough security analysis and simulation, we show that our approach is resilient to false accusation attacks while inducing an acceptable routing overhead.
  • Thumbnail Image
    Item
    Efficient Monitoring Mechanisms for Cooperative Storage in Mobile Ad-Hoc Networks : Detection Time and Accuracy Tradeoffs
    (CERIST, 2009-02) Derhab, Abdelouahid; Senouci, Mustapha Reda; Badache, Nadjib
    Distributed cooperative storage systems are designed to share the storage resources of network nodes for the common good of everyone, especially in dynamic ad hoc networks (MANETs) where the risk of data loss is high. In ad hoc networks, as mobile nodes operate on low-power battery and use limited storage capacity, data holders might behave selfishly by discarding some data they promised to store for other nodes in order to optimize their storage space for their own usage. To detect such a behavior, a monitoring mechanism, which checks whether a data is still held by the data holder, must be used. In this paper, we propose novel monitoring mechanisms that consider MANETs constraints and overcome the limitations of the existing monitors. Simulation results show that the proposed mechanism can o er a good trade-off between the rate of false positives and the time to detect misbehaved nodes.
  • Thumbnail Image
    Item
    A New Low Cost Sessions-Based Misbehaviour Detection Protocol (SMDP) for MANE
    (IEEE Computer Society, 2007-05) Djenouri, Djamel; Fahad, Tarek; Askwith, Robert; Merabti, Madjid
    There is a strong motivation for a node to deny packet forwarding to others and being selfish in MANET. Recently, some solutions have been proposed, but almost all of these solutions rely on the watchdog technique, which suffers from many drawbacks, particularly when using the power control technique. To overcome this problem with a moderate communication overhead, this paper introduces a new approach for detecting misbehaving nodes that drop data packets in MANET. It consists of two stages: (i) the monitoring stage in which each node monitors its direct neighbours with respect to forwarding data packets of a traffic session in the network, and (ii) the decision stage, in which direct neighbouring nodes decide whether the monitored node misbehaves or not. Our new approach is able to detect the misbehaviour in case of power control employment, with a low communication overhead compared to the existing approaches.
  • Thumbnail Image
    Item
    On Eliminating Packet Droppers in MANET: A Modular Solution
    (Elsevier, 2009-08) Djenouri, Djamel; Badache, Nadjib
    In this paper we deal with misbehaving nodes in mobile ad hoc networks (MANETs) that drop packets supposed to be relayed, whose purpose may be either saving their resources or launching a DoS attack. We propose a new solution to monitor, detect, and safely isolate such misbehaving nodes, structured around five modules: (i) The monitor, responsible for controlling the forwarding of packets, (ii) the detector, which is in charge of detecting the misbehaving of monitored nodes, (iii) the isolator, basically responsible for isolating misbehaving nodes detected by the detector, (iv) the investigator, which investigates accusations before testifying when the node has not enough experience with the accused, and (v) finally the witness module that responds to witness requests of the isolator. These modules are based on new approaches, aiming at improving the efficiency in detecting and isolating misbehaving nodes with a minimum overhead. We describe these modules in details, and their interactions as well. We also mathematically analyze our solution and assess its performance by simulation, and compare it with the watchdog, which is a monitoring technique employed by almost all the current solutions.
  • Thumbnail Image
    Item
    Towards Immunizing MANET’s Source Routing Protocols Against Packet Droppers
    (World Scientific, 2009-03) Djenouri, Djamel; Mahmoudi, Othmane; Bouamama, Mohamed
    This paper deals with security of routing protocols of Mobile Ad hoc Networks (MANETs), and proposes a solution to immunize such protocols against packet dropping misbehavior. Most of the current secure protocols are vulnerable to packet dropping misbehavior, which can be exploited by selfish nodes and malicious ones as well. For example, simply by dropping RREQ (Route Request) packets a selfish node can exclude itself from routes and thereby avoid receiving data packets to forward. On the other hand, a malicious node can drop RERR (Route Error) packets to keep the use of failed routes, possibly resulting in a denial of service. To mitigate this vulnerability we propose a hybrid solution that secures routing protocols against the dropping of both directed and broadcast control packets, in which a different approach is adapted for each kind of packets. Dealing with control packets represents the main contribution in this manuscript, as all the current proposals in the context of selfish nodes only consider data packets. Our solution can be integrated with any source routing protocol. In this work it was implemented with one of the most secure protocols, namely ENDAIR. The resulting new extended secure protocol was assessed and analyzed through an extensive simulation study.