SlideShare a Scribd company logo

SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN

Mahmud Hossain
Mahmud Hossain

The document presents a security scheme called SecuPAN to mitigate fragmentation-based network attacks in 6LoWPAN. It proposes using cryptographically generated IPv6 addresses to prevent spoofing, adding nonce and MAC fields to packet fragments for integrity and freshness verification, and a reputation-based buffer management system to protect devices from buffer exhaustion attacks. The scheme was evaluated and shown to improve packet delivery ratio, end-to-end delay, throughput and energy efficiency while enhancing security against replay, alteration, spoofing, and duplication attacks.

Technology
1 of 22
Download to read offline
SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain, Yasser Karim, and Ragib Hasan SECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain http://secret.cis.uab.edu IoT SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN
SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision
SECuRE and Trustworthy Computing Lab Source: Zinnov Zones (2016) IoT Forecasts and Market Estimates 3  Estimation of connected things by 2020  20.8 billion (Gartner)  26.3 billion (Cisco)  28 billion (Ericson)  34 billion (Business Insider) Source: ZStatista (2018)
SECuRE and Trustworthy Computing Lab Protocols for IoT network  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN)  Zigbee  Bluetooth  Z-Wave  Sigfox  Wi-Fi 4
SECuRE and Trustworthy Computing Lab 6LoWPAN: Protocol Stack  IEEE 802.15.4  IPv6 5
SECuRE and Trustworthy Computing Lab Fragmentation in 6LoWPAN  Maximum Transmission Unit (MTU) size 127 octets(bytes).  IPv6 packets are usually larger than 127 octets. (Maximum 1280 octets) 6
SECuRE and Trustworthy Computing Lab Vulnerabilities of 6LoWPAN Fragmentation Mechanism  Fragment authentication  Fragment freshness verification  Payload integrity verification  Source IP-Address validation 7
SECuRE and Trustworthy Computing Lab Threat Model  Capability of Target and Malicious Devices  Resource Constrained  Location  Within Radio Range (Mallory)  Via Gateway (Eve)  Via Internet (Malice)  Extract key materials  Memory Probing 8
SECuRE and Trustworthy Computing Lab Threat Model  Network External Attacks  Attackers conduct activity from outside via Internet.  No resource limitation  Attackers can easily send large number of packets which are further broken into fragments.  Gateway can prevent such attack by employing an authenticated tunnel, such as IPsec.  Secure rate limiting mechanisms for large packets from authenticated sources. 9
SECuRE and Trustworthy Computing Lab Threat Model  Network Internal Attacks 10 Replay Alteration Spoofing Duplicate Buffer exhaustion
SECuRE and Trustworthy Computing Lab SecuPAN : Proposed Solutions  Nonce field in the FRAG1 header.  MAC-based scheme.  Cryptographic datagram-tag and cryptographically generated IPv6 address (CGA-IPv6).  Reputation-based buffer management mechanism. 11
SECuRE and Trustworthy Computing Lab Proposed Datagram Tag, Nonce & MAC fields 12  Crypto Datagram Tag 16 bits.  MAC (N || Hash (Payload added to FRAG1)  Nonce 16 bits.  MAC field 32 bits.  MAC (Hash (Payload added to FRAGN))  Ensures fragments integrity and freshness.
SECuRE and Trustworthy Computing Lab Cryptographic IPv6 Address Assignment  A CGA is an Internet Protocol Version 6 (IPv6) address that contains a host identifier computed from a cryptographic hash function.  In our proposed solution, a Border Router in a 6LoWPAN network assigns a CGA-IPv6 address to joining device.  Prevent address spoofing. 13
SECuRE and Trustworthy Computing Lab Secure Transfer of Packet Fragmentations  Public Key Retrieval  Secure Fragmentation 14
SECuRE and Trustworthy Computing Lab Operational Model 15 Verify Crypto Datagram Tag MACK (N) =? Hash Yes
SECuRE and Trustworthy Computing Lab SecuPAN : Secure Management of Reassembly Buffer  A reputation point based buffer management scheme  Reputation point, 𝑟𝑗 is defined as follows: 𝑟𝑗 = min 𝑟𝑗 + 1 2 , 1 max 𝑟𝑗 − 𝑏𝑢𝑓𝑗 𝑟𝑗 1 − μ 𝑗 , 0.1  Here, 𝜇 𝑗 = 𝑇𝑜𝑡𝑎𝑙 𝑏𝑦𝑡𝑒𝑠 𝑟𝑒𝑐𝑒𝑖𝑣𝑒𝑑 𝑇𝑜𝑡𝑎𝑙 𝑙𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑐𝑘𝑒𝑡 and 𝑏𝑢𝑓𝑗 = 𝑇𝑜𝑡𝑎𝑙 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑝𝑜𝑟𝑡𝑖𝑜𝑛 𝑜𝑓 𝑡ℎ𝑒 𝑏𝑢𝑓𝑓𝑒𝑟(𝑏𝑢𝑓𝑎) 𝑇𝑜𝑡𝑎𝑙 𝑠𝑖𝑧𝑒 𝑜𝑓 𝑡ℎ𝑒 𝑏𝑢𝑓𝑓𝑒𝑟  A receiver allocates 𝑏𝑢𝑓𝑎 for a fragmented packet as: 𝑏𝑢𝑓𝑎 = 𝑝 + 𝑞, 𝑝 = 𝑟𝑗 ∗ 𝑑𝑎𝑡𝑎𝑔𝑟𝑎𝑚_𝑠𝑖𝑧𝑒, 𝑎𝑛𝑑 𝑞 = 𝑝 + 8 𝑚𝑜𝑑 8  Packet discard policy: Uncertainty Point ucP = 𝑓 𝑟 +𝑡𝑟+𝑛𝑠 𝑟 𝑠 16 If a sender sends all the fragments. If the receiver fails receiving all the packet fragments before time expires
SECuRE and Trustworthy Computing Lab Experimental Setup 17
SECuRE and Trustworthy Computing Lab Evaluation 18 Packet Delivery Ratio (buffer reservation) Effective Packet Number
SECuRE and Trustworthy Computing Lab Evaluation 19 End to End Delay Throughput Energy Consumption for Communications
SECuRE and Trustworthy Computing Lab Security Analysis  Replay  Nonce field  Alteration  MAC field  Spoofing  CGA-IPv6  Duplication  MAC field  Buffer exhaustion  Reputation point based system 20
SECuRE and Trustworthy Computing Lab Conclusion  Fragmentation mechanism enables vulnerabilities in 6LoWPAN.  Proposed a security mechanism based on Cryptographically Generated IPv6 Address to mitigate impersonation attacks.  MAC-based fragmentation scheme to verify authenticity and integrity of packet fragments.  Reputation-based buffer management scheme to protect resource-limited devices from buffer overflow. 21
SECuRE and Trustworthy Computing Lab Thank You 22 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu

Recommended

Seattle Scalability Meetup 6-26-13
Seattle Scalability Meetup 6-26-13Seattle Scalability Meetup 6-26-13
Seattle Scalability Meetup 6-26-13
specialk29
 
Classical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structureClassical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structure
Adri Jovin
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
IJERA Editor
 
Datagrams
DatagramsDatagrams
Datagrams
rajshreemuthiah
 
M021201092098
M021201092098M021201092098
M021201092098
theijes
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption Systems
Christopher Frenz
 
Hardware Attacks and Security
Hardware Attacks and SecurityHardware Attacks and Security
Hardware Attacks and Security
Priyanka Aash
 
Privacy and integrity-preserving range queries in sensor networks
Privacy and integrity-preserving range queries in sensor networksPrivacy and integrity-preserving range queries in sensor networks
Privacy and integrity-preserving range queries in sensor networks
IMPULSE_TECHNOLOGY
 

Recommended

Seattle Scalability Meetup 6-26-13
Seattle Scalability Meetup 6-26-13Seattle Scalability Meetup 6-26-13
Seattle Scalability Meetup 6-26-13
specialk29
 
Classical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structureClassical cryptographic techniques, Feistel cipher structure
Classical cryptographic techniques, Feistel cipher structure
Adri Jovin
 
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
Design and Implementation of Ipv6 Address Using Cryptographically Generated A...
IJERA Editor
 
Datagrams
DatagramsDatagrams
Datagrams
rajshreemuthiah
 
M021201092098
M021201092098M021201092098
M021201092098
theijes
 
Searchable Encryption Systems
Searchable Encryption SystemsSearchable Encryption Systems
Searchable Encryption Systems
Christopher Frenz
 
Hardware Attacks and Security
Hardware Attacks and SecurityHardware Attacks and Security
Hardware Attacks and Security
Priyanka Aash
 
Privacy and integrity-preserving range queries in sensor networks
Privacy and integrity-preserving range queries in sensor networksPrivacy and integrity-preserving range queries in sensor networks
Privacy and integrity-preserving range queries in sensor networks
IMPULSE_TECHNOLOGY
 
Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power Analysis
Andrej Šimko
 
Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18
Aritra Sarkar
 
Hardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for CryptanalysisHardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for Cryptanalysis
ijcisjournal
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum World
Siri Murthy
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Encryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source addressEncryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source address
IAEME Publication
 
NS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research AssistanceNS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research Assistance
Network Simulation Tools
 
Ben herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksBen herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacks
ChungSC_tw
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis Attacks
Lee Stewart
 
Narrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaNarrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullidea
Rifad Mohamed
 
Enabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPCEnabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPC
inside-BigData.com
 
Searchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search PrivacySearchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search Privacy
JAYAPRAKASH JPINFOTECH
 
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Pance Cavkovski
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
IEEEFINALSEMSTUDENTSPROJECTS
 
Qo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networksQo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networks
Iffat Anjum
 
6Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_20166Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_2016
Pascal Thubert
 
Network Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge RoutersNetwork Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge Routers
Ankur Singhal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Eswar Publications
 
A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...
IJECEIAES
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
Praveen Joshi
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 

More Related Content

What's hot

Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power Analysis
Andrej Šimko
 
Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18
Aritra Sarkar
 
Hardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for CryptanalysisHardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for Cryptanalysis
ijcisjournal
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum World
Siri Murthy
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
inventionjournals
 
Encryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source addressEncryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source address
IAEME Publication
 
NS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research AssistanceNS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research Assistance
Network Simulation Tools
 
Ben herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksBen herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacks
ChungSC_tw
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis Attacks
Lee Stewart
 
Narrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaNarrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullidea
Rifad Mohamed
 
Enabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPCEnabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPC
inside-BigData.com
 
Searchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search PrivacySearchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search Privacy
JAYAPRAKASH JPINFOTECH
 

What's hot (12)

Models and approaches for Differential Power Analysis
Models and approaches for Differential Power AnalysisModels and approaches for Differential Power Analysis
Models and approaches for Differential Power Analysis
 
Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18Virus, Vaccines, Genes and Quantum - 2020-06-18
Virus, Vaccines, Genes and Quantum - 2020-06-18
 
Hardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for CryptanalysisHardware Implementation of Algorithm for Cryptanalysis
Hardware Implementation of Algorithm for Cryptanalysis
 
Technical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum WorldTechnical Seminar on Securing the IoT in the Quantum World
Technical Seminar on Securing the IoT in the Quantum World
 
International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)International Journal of Engineering and Science Invention (IJESI)
International Journal of Engineering and Science Invention (IJESI)
 
Encryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source addressEncryption & steganography in i pv6 source address
Encryption & steganography in i pv6 source address
 
NS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research AssistanceNS2 Network Simulation Example Research Assistance
NS2 Network Simulation Example Research Assistance
 
Ben herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacksBen herzberg/incapsula trends of cyber attacks
Ben herzberg/incapsula trends of cyber attacks
 
Power Analysis Attacks
Power Analysis AttacksPower Analysis Attacks
Power Analysis Attacks
 
Narrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullideaNarrow bicliques cryptanalysisoffullidea
Narrow bicliques cryptanalysisoffullidea
 
Enabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPCEnabling a Secure Multi-Tenant Environment for HPC
Enabling a Secure Multi-Tenant Environment for HPC
 
Searchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search PrivacySearchable Symmetric Encryption with Forward Search Privacy
Searchable Symmetric Encryption with Forward Search Privacy
 

Similar to SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN

Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Pance Cavkovski
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEEGLOBALSOFTSTUDENTPROJECTS
 
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
IEEEFINALSEMSTUDENTSPROJECTS
 
Qo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networksQo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networks
Iffat Anjum
 
6Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_20166Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_2016
Pascal Thubert
 
Network Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge RoutersNetwork Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge Routers
Ankur Singhal
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Eswar Publications
 
A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...
IJECEIAES
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
Praveen Joshi
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
jpstudcorner
 
Mixed Scanning and DFT Techniques for Arithmetic Core
Mixed Scanning and DFT Techniques for Arithmetic CoreMixed Scanning and DFT Techniques for Arithmetic Core
Mixed Scanning and DFT Techniques for Arithmetic Core
IJERA Editor
 
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Jakub Botwicz
 
Implementation on Data Security Approach in Dynamic Multi Hop Communication
Implementation on Data Security Approach in Dynamic Multi Hop Communication Implementation on Data Security Approach in Dynamic Multi Hop Communication
Implementation on Data Security Approach in Dynamic Multi Hop Communication
IJCSIS Research Publications
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET Journal
 
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
IJECEIAES
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel
 
A NOVEL ROBUST ROUTER ARCHITECTURE
A NOVEL ROBUST ROUTER ARCHITECTURE A NOVEL ROBUST ROUTER ARCHITECTURE
A NOVEL ROBUST ROUTER ARCHITECTURE
IJERA Editor
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
LogicMindtech Nologies
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
LogicMindtech Nologies
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
LogicMindtech Nologies
 

Similar to SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN (20)

Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
Gluing the IoT world with Java and LoRaWAN (Jfokus 2018)
 
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
IEEE 2014 JAVA NETWORKING PROJECTS Receiver based flow control for networks i...
 
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
2014 IEEE JAVA NETWORKING PROJECT Receiver based flow control for networks in...
 
Qo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networksQo s based mac protocol for medical wireless body area sensor networks
Qo s based mac protocol for medical wireless body area sensor networks
 
6Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_20166Tisch telecom_bretagne_2016
6Tisch telecom_bretagne_2016
 
Network Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge RoutersNetwork Bottleneck Avoidance Using Edge Routers
Network Bottleneck Avoidance Using Edge Routers
 
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
Markle Tree Based Authentication Protocol for Lifetime Enhancement in Wireles...
 
A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...A hybrid modified lightweight algorithm for achieving data integrity and con...
A hybrid modified lightweight algorithm for achieving data integrity and con...
 
Client server computing in mobile environments part 2
Client server computing in mobile environments part 2Client server computing in mobile environments part 2
Client server computing in mobile environments part 2
 
A lightweight secure scheme for detecting
A lightweight secure scheme for detectingA lightweight secure scheme for detecting
A lightweight secure scheme for detecting
 
Mixed Scanning and DFT Techniques for Arithmetic Core
Mixed Scanning and DFT Techniques for Arithmetic CoreMixed Scanning and DFT Techniques for Arithmetic Core
Mixed Scanning and DFT Techniques for Arithmetic Core
 
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
 
Implementation on Data Security Approach in Dynamic Multi Hop Communication
Implementation on Data Security Approach in Dynamic Multi Hop Communication Implementation on Data Security Approach in Dynamic Multi Hop Communication
Implementation on Data Security Approach in Dynamic Multi Hop Communication
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
 
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
Design and implementation of proposed 320 bit RC6-cascaded encryption/decrypt...
 
IS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
 
A NOVEL ROBUST ROUTER ARCHITECTURE
A NOVEL ROBUST ROUTER ARCHITECTURE A NOVEL ROBUST ROUTER ARCHITECTURE
A NOVEL ROBUST ROUTER ARCHITECTURE
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
 
High throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networksHigh throughput reliable multicast in multi-hop wireless mesh networks
High throughput reliable multicast in multi-hop wireless mesh networks
 

More from Mahmud Hossain

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Mahmud Hossain
 
CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming Service
Mahmud Hossain
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Mahmud Hossain
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Mahmud Hossain
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Mahmud Hossain
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Mahmud Hossain
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Mahmud Hossain
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Mahmud Hossain
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Mahmud Hossain
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
Mahmud Hossain
 
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
Mahmud Hossain
 
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
Mahmud Hossain
 

More from Mahmud Hossain (12)

Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
Towards a Holistic Framework for Secure, Privacy-aware, and Trustworthy Inter...
 
CACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming ServiceCACROS: A Context-Aware Cloud Content Roaming Service
CACROS: A Context-Aware Cloud Content Roaming Service
 
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
Aura: An IoT based Cloud Infrastructure for Localized Mobile Computation Outs...
 
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
Trust-IoV: A Trustworthy Forensic Investigation Framework for the Internet of...
 
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the CloudSecprov: Trustworthy and Efficient Provenance Management in the Cloud
Secprov: Trustworthy and Efficient Provenance Management in the Cloud
 
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
Rosaic: A Round-wise Fair Scheduling Approach for Mobile Clouds Based on Task...
 
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
Probe-IoT: A Public Digital Ledger Based Forensic Investigation Framework for...
 
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service AuthJugo: A Generic Architecture for Composite Cloud as a Service Auth
Jugo: A Generic Architecture for Composite Cloud as a Service Auth
 
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
Towards an Analysis of Security Issues, Challenges, and Open Problems in the ...
 
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
IoTbed: A Generic Architecture for Testbed as a Service for Internet of Thing...
 
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
HSC-IoT: A Hardware and Software Co-Verification based Authentication Scheme ...
 
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
BooT-IoT: A Privacy-Aware Authentication Scheme for Secure Bootstrapping of I...
 

Recently uploaded

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
innovationoecd
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Zilliz
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
Daiki Mogmet Ito
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
shyamraj55
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
Claudio Di Ciccio
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
Techgropse Pvt.Ltd.
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
panagenda
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
FODUU
 

Recently uploaded (20)

HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of GermanyPresentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalizationFull-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
How to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For FlutterHow to use Firebase Data Connect For Flutter
How to use Firebase Data Connect For Flutter
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with SlackLet's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
 
CAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on BlockchainCAKE: Sharing Slices of Confidential Data on Blockchain
CAKE: Sharing Slices of Confidential Data on Blockchain
 
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdfAI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
AI-Powered Food Delivery Transforming App Development in Saudi Arabia.pdf
 
TrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc Webinar - 2024 Global Privacy Survey
TrustArc Webinar - 2024 Global Privacy Survey
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUHCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Things to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUUThings to Consider When Choosing a Website Developer for your Website | FODUU
Things to Consider When Choosing a Website Developer for your Website | FODUU
 

SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN

  • 1. SECuRE and Trustworthy Computing Lab Authors Mahmud Hossain, Yasser Karim, and Ragib Hasan SECuRE and Trustworthy computing Lab (SECRETLab) University of Alabama at Birmingham Presenter: Mahmud Hossain http://secret.cis.uab.edu IoT SecuPAN: A Security Scheme to Mitigate Fragmentation-Based Network Attacks in 6LoWPAN
  • 2. SECuRE and Trustworthy Computing Lab 2 The Internet of Things (IoT)  A programmable world  Everyday objects are interconnected  Objects are smart enough to make decision
  • 3. SECuRE and Trustworthy Computing Lab Source: Zinnov Zones (2016) IoT Forecasts and Market Estimates 3  Estimation of connected things by 2020  20.8 billion (Gartner)  26.3 billion (Cisco)  28 billion (Ericson)  34 billion (Business Insider) Source: ZStatista (2018)
  • 4. SECuRE and Trustworthy Computing Lab Protocols for IoT network  IPv6 over Low-Power Wireless Personal Area Networks (6LoWPAN)  Zigbee  Bluetooth  Z-Wave  Sigfox  Wi-Fi 4
  • 5. SECuRE and Trustworthy Computing Lab 6LoWPAN: Protocol Stack  IEEE 802.15.4  IPv6 5
  • 6. SECuRE and Trustworthy Computing Lab Fragmentation in 6LoWPAN  Maximum Transmission Unit (MTU) size 127 octets(bytes).  IPv6 packets are usually larger than 127 octets. (Maximum 1280 octets) 6
  • 7. SECuRE and Trustworthy Computing Lab Vulnerabilities of 6LoWPAN Fragmentation Mechanism  Fragment authentication  Fragment freshness verification  Payload integrity verification  Source IP-Address validation 7
  • 8. SECuRE and Trustworthy Computing Lab Threat Model  Capability of Target and Malicious Devices  Resource Constrained  Location  Within Radio Range (Mallory)  Via Gateway (Eve)  Via Internet (Malice)  Extract key materials  Memory Probing 8
  • 9. SECuRE and Trustworthy Computing Lab Threat Model  Network External Attacks  Attackers conduct activity from outside via Internet.  No resource limitation  Attackers can easily send large number of packets which are further broken into fragments.  Gateway can prevent such attack by employing an authenticated tunnel, such as IPsec.  Secure rate limiting mechanisms for large packets from authenticated sources. 9
  • 10. SECuRE and Trustworthy Computing Lab Threat Model  Network Internal Attacks 10 Replay Alteration Spoofing Duplicate Buffer exhaustion
  • 11. SECuRE and Trustworthy Computing Lab SecuPAN : Proposed Solutions  Nonce field in the FRAG1 header.  MAC-based scheme.  Cryptographic datagram-tag and cryptographically generated IPv6 address (CGA-IPv6).  Reputation-based buffer management mechanism. 11
  • 12. SECuRE and Trustworthy Computing Lab Proposed Datagram Tag, Nonce & MAC fields 12  Crypto Datagram Tag 16 bits.  MAC (N || Hash (Payload added to FRAG1)  Nonce 16 bits.  MAC field 32 bits.  MAC (Hash (Payload added to FRAGN))  Ensures fragments integrity and freshness.
  • 13. SECuRE and Trustworthy Computing Lab Cryptographic IPv6 Address Assignment  A CGA is an Internet Protocol Version 6 (IPv6) address that contains a host identifier computed from a cryptographic hash function.  In our proposed solution, a Border Router in a 6LoWPAN network assigns a CGA-IPv6 address to joining device.  Prevent address spoofing. 13
  • 14. SECuRE and Trustworthy Computing Lab Secure Transfer of Packet Fragmentations  Public Key Retrieval  Secure Fragmentation 14
  • 15. SECuRE and Trustworthy Computing Lab Operational Model 15 Verify Crypto Datagram Tag MACK (N) =? Hash Yes
  • 16. SECuRE and Trustworthy Computing Lab SecuPAN : Secure Management of Reassembly Buffer  A reputation point based buffer management scheme  Reputation point, 𝑟𝑗 is defined as follows: 𝑟𝑗 = min 𝑟𝑗 + 1 2 , 1 max 𝑟𝑗 − 𝑏𝑢𝑓𝑗 𝑟𝑗 1 − μ 𝑗 , 0.1  Here, 𝜇 𝑗 = 𝑇𝑜𝑡𝑎𝑙 𝑏𝑦𝑡𝑒𝑠 𝑟𝑒𝑐𝑒𝑖𝑣𝑒𝑑 𝑇𝑜𝑡𝑎𝑙 𝑙𝑒𝑛𝑔𝑡ℎ 𝑜𝑓 𝑡ℎ𝑒 𝑝𝑎𝑐𝑘𝑒𝑡 and 𝑏𝑢𝑓𝑗 = 𝑇𝑜𝑡𝑎𝑙 𝑎𝑙𝑙𝑜𝑐𝑎𝑡𝑒𝑑 𝑝𝑜𝑟𝑡𝑖𝑜𝑛 𝑜𝑓 𝑡ℎ𝑒 𝑏𝑢𝑓𝑓𝑒𝑟(𝑏𝑢𝑓𝑎) 𝑇𝑜𝑡𝑎𝑙 𝑠𝑖𝑧𝑒 𝑜𝑓 𝑡ℎ𝑒 𝑏𝑢𝑓𝑓𝑒𝑟  A receiver allocates 𝑏𝑢𝑓𝑎 for a fragmented packet as: 𝑏𝑢𝑓𝑎 = 𝑝 + 𝑞, 𝑝 = 𝑟𝑗 ∗ 𝑑𝑎𝑡𝑎𝑔𝑟𝑎𝑚_𝑠𝑖𝑧𝑒, 𝑎𝑛𝑑 𝑞 = 𝑝 + 8 𝑚𝑜𝑑 8  Packet discard policy: Uncertainty Point ucP = 𝑓 𝑟 +𝑡𝑟+𝑛𝑠 𝑟 𝑠 16 If a sender sends all the fragments. If the receiver fails receiving all the packet fragments before time expires
  • 17. SECuRE and Trustworthy Computing Lab Experimental Setup 17
  • 18. SECuRE and Trustworthy Computing Lab Evaluation 18 Packet Delivery Ratio (buffer reservation) Effective Packet Number
  • 19. SECuRE and Trustworthy Computing Lab Evaluation 19 End to End Delay Throughput Energy Consumption for Communications
  • 20. SECuRE and Trustworthy Computing Lab Security Analysis  Replay  Nonce field  Alteration  MAC field  Spoofing  CGA-IPv6  Duplication  MAC field  Buffer exhaustion  Reputation point based system 20
  • 21. SECuRE and Trustworthy Computing Lab Conclusion  Fragmentation mechanism enables vulnerabilities in 6LoWPAN.  Proposed a security mechanism based on Cryptographically Generated IPv6 Address to mitigate impersonation attacks.  MAC-based fragmentation scheme to verify authenticity and integrity of packet fragments.  Reputation-based buffer management scheme to protect resource-limited devices from buffer overflow. 21
  • 22. SECuRE and Trustworthy Computing Lab Thank You 22 SECRETLab@UAB  Phone: 205.934.8643  Fax: 205.934.5473  Web: http://secret.cis.uab.edu/ Mahmud Hossain  Email: mahmud@uab.edu