The security and constraints stemming from the limited resources of sensor nodes have been investigated in EU projects extensively. [1] constitutes one such attempt at trying to tackle these issues with [2] providing a more detailed look into the smart-home applications.
In terms of network technologies, the utilization of Trusted Platform Modules and Virtualization techniques is an emerging pattern in relevant EU projects. [3] examines the aforementioned topics in combination, aiming to provide a reference design of a Trusted Computing, light-weight virtualization framework specifically aimed at cloud applications.
Anonymous Authentication and Anonymity schemes in general are another key area of current research, since privacy is essential in many applications (e.g. social, medical etc.). An analysis of how Trusted Computing technologies can be used for anonymous authentication and how they can be integrated into common security frameworks (e.g. Java Crypto Architecture) can be found in [4]. A Direct Anonymous Attestation protocol utilizing NFC-equipped mobile devices and RFIDs is presented in [5] while [6] proposes an anonymization scheme for trusted third parties which overcome the need for a trusted third party while relying on the TPM’s DAA functionality.
Secure routing protocols is a critical research area of networking technologies. [7] provides an overview of security issues and current trends in trusted routing for ad-hoc networks, judging the applicability in WSNs. A secure routing protocol is proposed in [8] where the geographical location of nodes along with other parameters (e.g. their remaining energy for better load balancing and lifetime extension) are taken into account. The interactions between secure routing protocols and the Service Discovery functionality are investigated in [9], which concludes that in some situations there is an efficiency gain if routing protocols allow the higher layers to override the routing decisions.
Intrusion Detections Systems (IDS) are a key tool in safeguarding distributed ES networks. In [10] and [11] dynamic and distributed IDS schemes are proposed, which utilizes agents as local monitors for their neighbours. Defensive techniques for sensor networks based on the nodes’ locations are presented in [12], analysing concepts of robust statistics to localize a node in the presence of malicious beacons.
The aspect of reconfigurability and its repercussions on security are considered in [13] and a security architecture is proposed which, based on a middleware layer, offers secure reconfiguration and communication, authenticated downloading from a remote source as well as a rekeying service for key distribution and revocation.
Trusted Software is another important area of middleware layer research and [14] proposes a Trusted Software Stack (TSS) to be integrated into existing security framework (facilitating the adaptation to Trusted Computing technology), including a prototype developed in the .NET programming environment.
A software architecture featuring enforceable security policies along with virtualization provisions is presented in [15].
In [16] a middleware called MWSAN is proposed, that provides high-level services for sensor and actor networks. It follows the component-oriented paradigm and it leaves it up to the developers to configure it according to the actor and sensor resources, by taking into consideration issues such as the network configuration, the quality of service and coordination among actors.
The main features of a secure middleware for embedded peer-to-peer systems, in order to face the various security challenges of the Internet of Things (IoT) are presented in [17]. The presented service model and component-based middleware satisfies necessary principles such as security, heterogeneity, interoperability, scalability and so on.
An extensive overview of a particular category of middleware, the context-aware middleware, is presented in [18], whereas [19] covers service composition mechanisms in ubiquitous computing.
An ontology-based approach has been followed using the Web Ontology Language (OWL) and Semantic Web Rule Language (SWRL) in order to develop monitoring and diagnosis rules [20]. In this way, any malfunctions can be detected and self-healing procedures can be invoked, in an effective, extensible and scalable way. A similar ontology-based approach was also presented in [21].
Finally, middleware can also be used in Kahn Process Networks (KPN) implemented over a Network on Chip (NoC). In [1], a methodology for identifying requirements and implementing fault tolerance and adaptivity is presented.
6.2.1References -
M. Adler, “Trade-offs in probabilistic packet marking for IP traceback”, in the Journal of the ACM, Vol. 52, No. 2, pp. 217-244, March 2005
-
N. Ansari, “Directed geographical traceback”, in Proceedings of the IEEE ITRE, 2005
-
A. Belenky and N. Ansari, “IP Traceback with deterministic packet marking”, in IEEE Communications Letters, Vol. 7, No. 4, pp. 162-164, April 2003
-
S. Bellovin et al, “ICMP Traceback messages”, IETF Internet Draft, 2003
-
H. Burch and B. Cheswick, “Tracing anonymous packets to their approximate source”, in LISA XVI, December 2000
-
Z. Chen and M. Lee, “A simplified algebraic marking scheme for IP traceback”, 2003
-
D. Dean, M. Franklin and A. Stubblefield, “An algebraic approach to IP traceback”, in ACM Transactions on Information and System Security, Vol. 5, No. 2, May 2002
-
P. Ferguson and D. Senie, “Network ingress filtering: Defeating denial-of-service attacks which employ IP source address spoofing”, RFC 2827, 2000
-
S. Floyd, S. Bellovin, J. Ioannidis, K. Kompella, R. Mahajan, V. Paxson, “Pushback message for controlling aggregates in the network”, Internet Draft, 2001
-
J. Gomes, F. Jin, H. Choi and H. Choi, “Enchanced probabilistic packet marking for IP traceback”, in Proceedings of the IEEE Workshop on Information Assurance and Security, pp. 30-37, June 2002
-
H. Lee, “Advanced packet marking mechanism with pushback for IP traceback”, in ACNS ’04, LNCS 3089, pp. 426-438, 2004
-
H. C. J. Lee, V. L. L. Thing, Y. Xu and M. Ma, “ICMP Traceback with cumulative path, an efficient solution for IP traceback”, in ICICS 2003, LNCS 2836, pp. 124-135, 2003
-
S. Savage, D. Wetherall, A. Karlin and T. Anderson, “Network support for IP traceback” in IEEE Transactions on Networking, Vol. 9, No. 3, pp. 226-237, June 2001
-
M. Shung and J. Xu, “IP traceback-based intelligent packet filtering a novel technique for defending against Internet DDoS attacks”, in IEEE Transactions on Parallel and Distributed Systems, Vol. 14, No. 9, pp. 861-872, September 2003
-
A. C. Snoeren, C. Partridge, . A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent and W. T. Strayer, “Single-packet IP traceback”, in IEEE/ACM Transactions on Networking, Vol. 10, No. 6, pp. 721-734, December 2002
-
D. X. Song and A. Perrig, “Advanced and authenticated marking schemes for IP traceback”, in Proceedings of the IEEE INFOCOM, 2001
-
K. Stefanidis and D. N. Serpanos, “Packet-marking scheme for DDoS attack prevention”, in Proceedings of Security and Protection of Information, 2005
-
R. Stone, “CenterTrack: An IP overlay network for tracking DoS floods”, in proceedings of 9th Usenix Security Symposium, August 2000
-
Y. K. Tseng and W. S. Hsieh, “CPPM – Compensated probabilistic packet marking for IP trace backing”, IEICE Transactions on Communications, Vol. E87-B, No. 10, pp. 3096-3098, October 2004
-
U. K. Tupakula and V. Varadharajan, “A practical method to counteract denial of service attacks”, in Proceedings of the ACSC2003, Vol. 16, 2003
Share with your friends: |