Now showing 1 - 6 of 6
  • Publication
    Survey on Multi-Access Edge Computing Security and Privacy
    The European Telecommunications Standards Institute (ETSI) has introduced the paradigm of Multi-Access Edge Computing (MEC) to enable efficient and fast data processing in mobile networks. Among other technological requirements, security and privacy are significant factors in the realization of MEC deployments. In this paper, we analyse the security and privacy of the MEC system. We introduce a thorough investigation of the identification and the analysis of threat vectors in the ETSI standardized MEC architecture. Furthermore, we analyse the vulnerabilities leading to the identified threat vectors and propose potential security solutions to overcome these vulnerabilities. The privacy issues of MEC are also highlighted, and clear objectives for preserving privacy are defined. Finally, we present future directives to enhance the security and privacy of MEC services.
      1909Scopus© Citations 169
  • Publication
    Anonymous Lightweight Proxy Based Key Agreement for IoT (ALPKA)
    The Internet of Things (IoT) technologies interconnect a broad range of network devices, differing in terms of size, weight, functionality, and resource capabilities. The main challenge is to establish the required security features in the most constrained devices, even if they are unknown to each other and do not share common pre-distributed key material. As a consequence, there is a high need for scalable and lightweight key establishment protocols. In this paper, we propose a key agreement protocol between two IoT devices without prior trust relation, using solely symmetric key based operations, by relying on a server or proxy based approach. This proxy is responsible for the verification of the authentication and the key agreement between the IoT devices, without being capable of deriving the established session key. We propose two versions. The first version does not require interactive input from the key distribution center to the proxy, but is not resistant if a compromised user and proxy are collaborating. The second version on the other hand is collision resistant, but needs an interactive key distribution center. In addition, we add the interesting features of anonymity and unlinkability of the sender and receiver in both protocol versions. The security properties of the proposed protocol are verified by using formal verification techniques.
    Scopus© Citations 14  499
  • Publication
    InSDN: A Novel SDN Intrusion Dataset
    Software-Defined Network (SDN) has been developed to reduce network complexity through control and manage the whole network from a centralized location. Today, SDN is widely implemented in many data center’s network environments. Nevertheless, emerging technology itself can lead to many vulnerabilities and threats which are still challenging for manufacturers to address it. Therefore, deploying Intrusion Detection Systems (IDSs) to monitor malicious activities is a crucial part of the network architecture. Although the centralized view of the SDN network creates new opportunities for the implementation of IDSs, the performance of these detection techniques relies on the quality of the training datasets. Unfortunately, there are no publicly available datasets that can be used directly for anomaly detection systems applied in SDN networks. The majority of the published studies use non-compatible and outdated datasets, such as the KDD’99 dataset. This manuscript aims to generate an attack-specific SDN dataset and it is publicly available to the researchers. To the best of our knowledge, our work is one of the first solutions to produce a comprehensive SDN dataset to verify the performance of intrusion detection systems. The new dataset includes the benign and various attack categories that can occur in the different elements of the SDN platform. Further, we demonstrate the use of our proposed dataset by performing an experimental evaluation using eight popular machine-learning-based techniques for IDSs.
    Scopus© Citations 149  498
  • Publication
    Security as a Service Platform Leveraging Multi-Access Edge Computing Infrastructure Provisions
    The mobile service platform envisaged by emerging IoT and 5G is guaranteeing gigabit-level bandwidth, ultra-low latency and ultra-high storage capacity for their subscribers. In spite of the variety of applications plausible with the envisaged technologies, security is a demanding objective that should be applied beyond the design stages. Thus, Security as a Service (SECaaS) is an initiative for a service model that enable mobile and IoT consumers with diverse security functions such as Intrusion Detection and Prevention (IDPaaS), Authentication (AaaS), and Secure Transmission Channel (STCaaS) as a Service. A well-equipped edge computing infrastructure is intrinsic to achieve this goal. The emerging Multi-Access Edge Computing (MEC) paradigm standardized by the ETSI is excelling among other edge computing flavours due to its well-defined structure and protocols. Thus, in our directive, we intend to utilize MEC as the edge computing platform to launch the SECaaS functions. Though, the actual development of a MEC infrastructure is highly dependent on the integration of virtualization technologies to enable dynamic creation, the deployment, and the detachment of virtualized entities that should feature interoperability to cater the heterogeneous IoT devices and services. To that extent, this work is proposing a security service architecture that offers these SECaaS services. Further, we validate our proposed architecture through the development of a virtualized infrastructure that integrates lightweight and hypervisor-based virtualization technologies. Our experiments prove the plausibility of launching multiple security instances on the developed prototype edge platform.
    Scopus© Citations 23  460
  • Publication
    Novel MEC based Approaches for Smart Hospitals to Combat COVID-19 Pandemic
    COVID-19 or Coronavirus has thrilled the entire world population with uncertainty over their survival and well-being. The impact this pathogen has caused over the globe has been profound due to its unique transmission features; that urges for contact-less strategies to interact and treat the infected. The impending 5G mobile technology is immersing the applications that enable the provisioning of medical and healthcare services in a contact-less manner. The edge computing paradigms offer a de-centralized and versatile networking infrastructure capable of adhering to the novel demands of 5G. In this article, we are considering Multi-Access Edge Computing (MEC) flavour of the edge paradigms for realizing the contact-less approaches that assist the mediation of COVID-19 and the future of healthcare. In order to formulate this ideology, we propose three use cases and discuss their implementation in the MEC context. Further, the requirements for launching these services are provided. Additionally, we validate our proposed approaches through simulations.
    Scopus© Citations 27  400
  • Publication
    AGE: authentication in gadget-free healthcare environments
    Mobile and sensor related technologies are significantly revolutionizing the medical healthcare sectors. In current healthcare systems, gadgets are the prominent way of acquiring medical services. However, the recent technological advancements in smart and ambient environments are offering users new ways to access the healthcare services without using any explicit gadgets. One of the key challenges in such gadget-free environments is performing secure user authentication with the intelligent surroundings. For example, a secure, efficient and user-friendly authentication mechanism is essential for elderly/disabled people or patients in critical conditions requiring medical services. Hence, modern authentication systems should be sophisticated enough to identify such patients without requiring their physical efforts or placing gadgets on them. This paper proposes an anonymous and privacy-preserving biometrics based authentication scheme for such gadget-free healthcare environment. We performed formal security verification of our proposed scheme using CDVT/AD tool and our results indicate that the proposed scheme is secure for such smart and gadget-free environments. We verify that the proposed scheme can resist against various well-known security attacks. Moreover, the proposed system showed better performance as compared with existing biometrics base remote user authentication schemes.
      266