https://www.mdu.se/

mdu.sePublications
Planned maintenance
A system upgrade is planned for 10/12-2024, at 12:00-13:00. During this time DiVA will be unavailable.
Change search
Refine search result
1 - 19 of 19
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Bagci, Ibrahim Ethem
    et al.
    School of Computing and Communications, Lancaster University, Lancaster, UK.
    Raza, Shahid
    Swedish Institute of Computer Science, Kista, Sweden.
    Chung, Tony
    School of Computing and Communications, Lancaster University, Lancaster, UK.
    Roedig, Utz
    School of Computing and Communications, Lancaster University, Lancaster, UK.
    Voigt, Thiemo
    Swedish Institute of Computer Science, Kista, Sweden.
    Combined Secure Storage and Communication for the Internet of Things2013Conference paper (Refereed)
    Abstract [en]

    The future Internet of Things (IoT) may be based on the existing and established Internet Protocol (IP). Many IoT application scenarios will handle sensitive data. However, as security requirements for storage and communication are addressed separately, work such as key management or cryp- tographic processing is duplicated. In this paper we present a framework that allows us to combine secure storage and secure communication in the IP-based IoT. We show how data can be stored securely such that it can be delivered securely upon request without further cryptographic processing. Our prototype implementation shows that combined secure storage and communication can reduce the security-related processing on nodes by up to 71% and energy consumption by up to 32.1%. 

  • 2.
    Eklund, D.
    et al.
    RISE Research Institutes of Sweden, Box 1263, Kista, 16429, Sweden.
    Iacovazzi, A.
    RISE Research Institutes of Sweden, Box 1263, Kista, 16429, Sweden.
    Wang, H.
    RISE Research Institutes of Sweden, Box 1263, Kista, 16429, Sweden.
    Pyrgelis, A.
    RISE Research Institutes of Sweden, Box 1263, Kista, 16429, Sweden.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. RISE Research Institutes of Sweden, Box 1263, Kista, 16429, Sweden.
    BMI: Bounded Mutual Information for Efficient Privacy-Preserving Feature Selection2024In: Lecture Notes in Computer Science, Vol. 14983, Springer Science and Business Media Deutschland GmbH , 2024, p. 353-373Conference paper (Refereed)
    Abstract [en]

    We introduce low complexity bounds on mutual information for efficient privacy-preserving feature selection with secure multi-party computation (MPC). Considering a discrete feature with N possible values and a discrete label with M possible values, our approach requires O(N) multiplications as opposed to O(NM) in a direct MPC implementation of mutual information. Our experimental results show that for regression tasks, we achieve a computation speed up of over 1,000× compared to a straightforward MPC implementation of mutual information, while achieving similar accuracy for the downstream machine learning model. 

  • 3.
    Höglund, Joel
    et al.
    RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden.
    Furuhed, Martin
    Nexus Group, Telefonv. 26, Stockholm, 12626, Sweden.
    Raza, Shahid
    RISE Research Institutes of Sweden, Isafjordsgatan 22, Kista, Stockholm, 16440, Sweden.
    Lightweight certificate revocation for low-power IoT with end-to-end security2023In: Journal of Information Security and Applications, ISSN 2214-2126, Vol. 73, p. 103424-103424, article id 103424Article in journal (Refereed)
    Abstract [en]

    Public key infrastructure (PKI) provides the basis of authentication and access control in most networked systems. In the Internet of Things (IoT), however, security has predominantly been based on pre-shared keys (PSK), which cannot be revoked and do not provide strong authentication. The prevalence of PSK in the IoT is due primarily to a lack of lightweight protocols for accessing PKI services. Principal among these services are digital certificate enrollment and revocation, the former of which is addressed in recent research and is being pushed for standardization in IETF. However, no protocol yet exists for retrieving certificate status information on constrained devices, and revocation is not possible unless such a service is available. In this work, we start with implementing the Online Certificate Status Protocol (OCSP), the de facto standard for certificate validation on the Web, on state-of-the-art constrained hardware. In doing so, we demonstrate that the resource overhead of this protocol is unacceptable for highly constrained environments. We design, implement and evaluate a lightweight alternative to OCSP, TinyOCSP, which leverages recently standardized IoT protocols, such as CoAP and CBOR. In our experiments, validating eight certificates with TinyOCSP required 41% less energy than validating just one with OCSP on an ARM Cortex-M3 SoC. Moreover, validation transactions encoded with TinyOCSP are at least 73% smaller than the OCSP equivalent. We design a protocol for compressed certificate revocation lists (CCRL) using Bloom filters which together with TinyOCSP can further reduce validation overhead. We derive a set of equations for computing the optimal filter parameters, and confirm these results through empirical evaluation.

  • 4.
    Karlsson, August
    et al.
    RISE Res Inst Sweden, Gothenburg, Sweden..
    Höglund, Rikard
    RISE Res Inst Sweden, Gothenburg, Sweden.;Uppsala Univ, Uppsala, Sweden..
    Wang, Han
    RISE Res Inst Sweden, Gothenburg, Sweden..
    Iacovazzi, Alfonso
    RISE Res Inst Sweden, Gothenburg, Sweden..
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. RISE Res Inst Sweden, Gothenburg, Sweden..
    Enabling Cyber Threat Intelligence Sharing for Resource Constrained IoT2024In: 2024 IEEE INTERNATIONAL CONFERENCE ON CYBER SECURITY AND RESILIENCE, CSR, IEEE, 2024, p. 82-89Conference paper (Refereed)
    Abstract [en]

    Cyber Threat Intelligence (CTI) development has largely overlooked the IoT - network-connected devices like sensors. These devices' heterogeneity, poor security, and memory and energy constraints make them prime cyber attack targets. Enhancing CTI for IoT is crucial. Currently, CTI for IoT is derived from honeypots mimicking IoT devices or extrapolated from standard computing systems. These methods are not ideal for resource-constrained devices. This study addresses this gap by introducing tinySTIX and tinyTAXII. TinySTIX is a data format designed for efficient sharing of CTI directly from resource-constrained devices. TinyTAXII is a lightweight implementation of the TAXII protocol, utilizing CoAP with OSCORE. Two implementations were assessed: one for integration into the MISP platform and the other for execution on network-connected devices running the Contiki operating system. Results demonstrated that tinySTIX reduces message size by an average of 35%, while tinyTAXII reduces packet count and session size by 85% compared to reference OpenTAXII implementations.

  • 5.
    Khurshid, Anum
    et al.
    RISE Research Institutes of Sweden, Stockholm, Sweden.
    Raza, Shahid
    RISE Research Institutes of Sweden, Stockholm, Sweden.
    AutoCert: Automated TOCTOU-secure digital certification for IoT with combined authentication and assurance2023In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 124, p. 102952-102952, article id 102952Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) network is comprised of heterogeneous devices which are part of critical infrastructures throughout the world. To enable end-to-end security, the Public Key Infrastructure (PKI) is undergoing advancements to incorporate IoT devices globally which primarily provides device authen-tication. In addition to this, integrity of the software-state is vital, where Remote Attestation (RA) and Integrity Certificates play an important role. Though, Integrity Certificate verifies the software-state in-tegrity of the device at the time of execution of the remote attestation process, it does not provide mechanisms to validate that the current software-state corresponds to the attested state. This issue is referred to as the Time-Of-Check to Time-Of-Use (TOCTOU) problem and remains unsolved in the con-text of Integrity Certificates.In this paper, we propose AutoCert, the first TOCTOU-secure mechanism to combine software-state in-tegrity with PKI for IoT which resolves the TOCTOU problem in RA and Integrity Certificates. To this end, we utilize the IETF Remote Attestation Procedures architecture and standard X509 IoT profile certificates to ensure both device authentication and software assurance for IoT. We implement and evaluate the per-formance of the AutoCert proof-of-concept on a real IoT device, the OPTIGA TPM Evaluation Kit, to show its practicality and usability. AutoCert can validate the attested state of an IoT device in approximately 4746 milliseconds, with a minimal network overhead of 350 bytes.

  • 6.
    Khurshid, Anum
    et al.
    Cybersecurity Unit, RISE Research Institutes of Sweden, Stockholm, Sweden.
    Yalew, Sileshi Demesie
    Cybersecurity Unit, RISE Research Institutes of Sweden, Stockholm, Sweden.
    Aslam, Mudassar
    Cybersecurity Unit, RISE Research Institutes of Sweden, Stockholm, Sweden.
    Raza, Shahid
    Cybersecurity Unit, RISE Research Institutes of Sweden, Stockholm, Sweden.
    ShieLD: Shielding Cross-Zone Communication Within Limited-Resourced IoT Devices Running Vulnerable Software Stack2023In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 20, no 2, p. 1031-1047Article in journal (Refereed)
    Abstract [en]

    Securing IoT devices is gaining attention as the security risks associated with these devices increase rapidly. TrustZone-M, a Trusted Execution Environment (TEE) for Cortex-M processors, ensures stronger security within an IoT device by allowing isolated execution of security-critical operations, without trusting the entire software stack. However, TrustZone-M does not guarantee secure cross-world communication between applications in the Normal and Secure worlds. The cryptographic protection of the communication channel is an obvious solution; however, within a low-power IoT device, it incurs high overhead if applied to each cross-world message exchange. We present ShieLD, a framework that enables a secure communication channel between the two TrustZone-M worlds by leveraging the Memory Protection Unit (MPU). ShieLD guarantees confidentiality, integrity and authentication services without requiring any cryptographic operations. We implement and evaluate ShieLD using a Musca-A test chip board with Cortex-M33 that supports TrustZone-M. Our empirical evaluation shows, among other gains, the cross-zone communication protected with ShieLD is 5 times faster than the conventional crypto-based communication.

  • 7.
    Kianpour, Mazaher
    et al.
    RISE Research Institutes of Sweden, Stockholm, Sweden.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    More than malware: unmasking the hidden risk of cybersecurity regulations2024In: International Cybersecurity Law Review, ISSN 2662-9720Article in journal (Refereed)
    Abstract [en]

    Cybersecurity investments are made within a complex and ever-evolving environment, where regulatory changes represent a significant risk factor. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies. This paper explores the determinants and implications of regulatory risks associated with cybersecurity, aiming to provide a deeper understanding of how these risks influence strategic decision-making. The study delves into the suggestion of preventive and mitigative controls that enable businesses to adapt to and mitigate potential disruptions caused by regulatory changes, thereby preserving their established cybersecurity practices. Another key contribution of this study is the introduction of a stochastic econometric model that illustrates how regulatory risks and uncertainties can affect investment behaviors, often prompting a “wait-and-see” stance. This model synthesizes the complex relationship among investment choices, regulatory changes, and cybersecurity risks, providing insights into the dynamic nature of cybersecurity investment strategies. The research findings offer valuable guidance for risk management and strategic planning in cybersecurity investments. By comprehensively understanding the drivers and impacts of regulatory risks, businesses and policymakers can develop more effective risk evaluation and management approaches. This is essential for sustaining a strong cybersecurity posture while navigating the changing regulatory environment. 

    Download full text (pdf)
    fulltext
  • 8.
    Ramadan, Mohammed
    et al.
    RISE Research Institutes of Sweden, Stockholm, Sweden.
    Raza, Shahid
    RISE Research Institutes of Sweden, Stockholm, Sweden.
    Secure Equality Test Technique Using Identity-Based Signcryption for Telemedicine Systems2023In: IEEE Internet of Things Journal, E-ISSN 2327-4662, Vol. 10, no 18, p. 16594-16604Article in journal (Refereed)
    Abstract [en]

    For telemedicine, wireless body area network (WBAN) offers enormous benefits where a patient can be remotely monitored without compromising the mobility of remote treatments. With the advent of high capacity and reliable wireless networks, WBANs are used in several remote monitoring systems, limiting the COVID-19 spread. The sensitivity of telemedicine applications mandates confidentiality and privacy requirements. In this article, we propose a secure WBAN-19 telemedicine system to overcome the pervasiveness of contagious deceases utilizing a novel aggregate identity-based signcryption scheme with an equality test feature. We demonstrate a security analysis regarding indistinguishable adaptive chosen-ciphertext attack (IND-CCA2), one-way security against adaptive chosen-ciphertext attack (OW-CCA2), and unforgeability against adaptive chosen-message attack (EUF-CMA) under the random oracle model. The security analysis of the scheme is followed by complexity evaluations where the computation cost and communication overhead are measured. The evaluation demonstrates that the proposed model is efficient and applicable in telemedicine systems with high-performance capacities.

  • 9.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering.
    Design and Implementation of a Security Manager for WirelessHART Networks2009In: Mobile Adhoc and Sensor Systems, 2009. MASS '09. IEEE 6th International Conference on, 2009, p. 995-1004Conference paper (Refereed)
    Abstract [en]

    WirelessHART is the first open standard for wireless sensor networks designed specifically for industrial process automation and control systems. WirelessHART is a secure protocol; however, it relies on a Security Manager for the management of the security keys and the authentication of new devices. The WirelessHART standard does not provide the specification and design of the Security Manager. Also, the security specifications in the standard are not well organized and are dispersed throughout the standard which makes an implementation of the standard more difficult. In this paper we provide the detailed specification and design as well as an implementation of the Security Manager for theWirelessHART standard. We evaluate our security manager against different cryptographic algorithms and measure the latency between the Network Manager and the SecurityManager. Our evaluation shows that the proposed security manager meets theWirelessHART requirements. Our analysis shows that the provided Security Manager is capable of securing both the wireless and wired part of the WirelessHART network.

    Download full text (pdf)
    fulltext
  • 10.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering. SICS Swedish ICT, Kista, Stockholm.
    Lightweight Security Solutions for the Internet of Things2013Doctoral thesis, comprehensive summary (Other academic)
    Abstract [en]

    The future Internet will be an IPv6 network interconnecting traditional computers and a large number of smart object or networks such as Wireless Sensor Networks (WSNs). This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operations.

    Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. The traditional Internet has established and tested ways of securing networks. The IoT is a hybrid network of the Internet and resource-constrained networks, and it is therefore reasonable to explore the options of using security mechanisms standardized for the Internet in the IoT.

    The IoT requires multi-facet security solutions where the communication is secured with confidentiality, integrity, and authentication services; the network is protected against intrusions and disruptions; and the data inside a sensor node is stored in an encrypted form. Using standardized mechanisms, communication in the IoT can be secured at different layers: at the link layer with IEEE 802.15.4 security, at the network layer with IP security (IPsec), and at the transport layer with Datagram Transport Layer Security (DTLS). Even when the IoT is secured with encryption and authentication, sensor nodes are exposed to wireless attacks both from inside the WSN and from the Internet. Hence an Intrusion Detection System (IDS) and firewalls are needed. Since the nodes inside WSNs can be captured and cloned, protection of stored data is also important.

    This thesis has three main contributions. (i) It enables secure communication in the IoT using lightweight compressed yet standard compliant IPsec, DTLS, and IEEE 802.15.4 link layer security; and it discusses the pros and cons of each of these solutions. The proposed security solutions are implemented and evaluated in an IoT setup on real hardware. (ii) This thesis also presents the design, implementation, and evaluation of a novel IDS for the IoT. (iii) Last but not least, it also provides mechanisms to protect data inside constrained nodes.

    The experimental evaluation of the different solutions shows that the resource-constrained devices in the IoT can be secured with IPsec, DTLS, and 802.15.4 security; can be efficiently protected against intrusions; and the proposed combined secure storage and communication mechanisms can significantly reduce the security-related operations and energy consumption.

    Download full text (pdf)
    fulltext
  • 11.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering.
    Securing Communication in 6LoWPAN with Compressed IPsec2011In: 7th IEEE International Conference on Distributed Computing in Sensor Systems (IEEE DCOSS '11), 2011Conference paper (Refereed)
    Abstract [en]

    Real-world deployments of wireless sensor networks(WSNs) require secure communication. It is important that areceiver is able to verify that sensor data was generated bytrusted nodes. It may also be necessary to encrypt sensor datain transit. Recently, WSNs and traditional IP networks are moretightly integrated using IPv6 and 6LoWPAN. Available IPv6protocol stacks can use IPsec to secure data exchange. Thus, itis desirable to extend 6LoWPAN such that IPsec communicationwith IPv6 nodes is possible. It is beneficial to use IPsec becausethe existing end-points on the Internet do not need to be modifiedto communicate securely with the WSN. Moreover, using IPsec,true end-to-end security is implemented and the need for atrustworthy gateway is removed.In this paper we provide End-to-End (E2E) secure communicationbetween IP enabled sensor networks and the traditionalInternet. This is the first compressed lightweight design, implementation,and evaluation of 6LoWPAN extension for IPsec.Our extension supports both IPsec’s Authentication Header (AH)and Encapsulation Security Payload (ESP). Thus, communicationendpoints are able to authenticate, encrypt and check theintegrity of messages using standardized and established IPv6mechanisms.

    Download full text (pdf)
    fulltext
  • 12.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering.
    Securing Communication in IP-Connected Industrial Wireless Sensor Networks2011Licentiate thesis, comprehensive summary (Other academic)
    Abstract [en]

    With the advent of wireless sensor networks (WSN) and success of wirelesscommunication in the local and personal area networks such asWi-Fi and Bluetoothmore serious efforts to apply standard wireless communication in sensitiveindustrial networks were initiated. This effort resulted in the standardizationof WirelessHART. Other standardization efforts include ISA 100.11a andZigBee. Keeping in mind the nature of wireless communication and sensitivityof industrial environments security of these network gets greater importance.

    In this thesis we work on security issues in industrial WSN in general andIP-connected WSN in particular. Currently WirelessHART is the only approvedstandard for secure wireless communication in industrial WSNs. Westart our work with the analysis of security mechanisms in WirelessHART.We propose solutions for the security shortcomings in WirelessHART, and designand implement the missing security components. Particularly, we specify,design, implement, and evaluate the first open security manager for WirelessHARTnetworks.

    With the standardization of IP in WSNs (6LoWPAN) and birth of Internetof Things the need for IP communication in industrial WSN is getting importance.The recently proposed ISA 100.11a standard is IP-based since its inception.Also standardization efforts are in progress to apply IP in WirelessHARTand Zigbee. Recently, WSNs and traditional IP networks are more tightly integratedusing IPv6 and 6LoWPAN. We realize the importance of having aninteroperable standardized secure IP communication in industrial WSNs. IPSecurity (IPsec) is a mandatory security solution in IPv6. We propose to useIPsec for 6LoWPAN enabled industrial WSNs. However, it is not meaningfulto use IPsec in its current form in resource constrained WSNs. In additionto providing security solutions for WirelessHART, in this thesis we also specify,design, implement, and extensively evaluate lightweight IPsec that enablesend-to-end secure communication between a node in a 6LoWPAN and a device in the traditional Internet. Our results show that lightweight IPsec is a sensibleand practical solution for securing WSN.

    Download full text (pdf)
    fulltext
  • 13.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering.
    Security Considerations for the WirelessHART Protocol2009In: Emerging Technologies & Factory Automation, 2009. ETFA 2009. IEEE Conference on, 2009, p. 1-8Conference paper (Refereed)
    Abstract [en]

    WirelessHART is a secure and reliable communication standard for industrial process automation. The WirelessHART specifications are well organized in all aspects exceptsecurity: there are no separate specifications of security requirements or features. Rather,security mechanisms are described throughout the documentation. This hinders implementation of the standard and development of applications since it requires profound knowledge of all the core specifications on the part of the developer. In this paper we provide a comprehensive overview of WirelessHART security: we analyze the providedsecurity mechanisms against well known threats in the wireless medium, and propose recommendations to mitigate shortcomings. Furthermore, we elucidate the specifications of the security manager, its placement in the network, and interaction with the network manager.

  • 14.
    Raza, Shahid
    et al.
    Swedish Institute of Computer Science, Kista, Sweden.
    Duquennoy, Simon
    Swedish Institute of Computer Science, Kista, Sweden.
    Höglund, Joel
    Swedish Institute of Computer Science, Kista, Sweden.
    Roedig, Utz
    Lancaster University, School of Computing and Communications, Lancaster, UK.
    Voigt, Thiemo
    Swedish Institute of Computer Science, Kista, Sweden.
    Secure Communication for the Internet of Things - A Comparison of Link-Layer Security and IPsec for 6LoWPAN2014In: Security and Communication Networks, ISSN 1939-0114, E-ISSN 1939-0122, Vol. 7, no 12, p. 2654-2668Article in journal (Refereed)
    Abstract [en]

    The future Internet is an IPv6 network interconnecting traditional computers and a large number of smart objects. This Internet of Things (IoT) will be the foundation of many services and our daily life will depend on its availability and reliable operation. Therefore, among many other issues, the challenge of implementing secure communication in the IoT must be addressed. In the traditional Internet IPsec is the established and tested way of securing networks. It is therefore reasonable to explore the option of using IPsec as security mechanism for the IoT. Smart objects are generally added to the Internet using 6LoWPAN which defines IP communication for resource constrained networks. Thus, to provide security for the IoT based on the trusted and tested IPsec mechanism it is necessary to define an IPsec extension of 6LoWPAN. In this paper we present such a 6LoWPAN/IPsec extension and show the viability of this approach. We describe our 6LoWPAN/IPsec implementation which we evaluate and compare with our implementation of IEEE 802.15.4 link-layer security. We also show that it is possible to reuse crypto hardware within existing IEEE 802.15.4 transceivers for 6LoWPAN/IPsec. The evaluation results show that IPsec is a feasible option for securing the IoT in terms of packet size, energy consumption, memory usage, and processing time. Furthermore, we demonstrate that in contrast to common belief IPsec scales better than link-layer security as the data size and the number of hops grow, resulting in time and energy savings. 

  • 15.
    Raza, Shahid
    et al.
    Mälardalen University, School of Innovation, Design and Engineering. Swedish Institute of Computer Science, Kista, Sweden.
    Shafagh, Hossein
    Swedish Institute of Computer Science, Kista, Sweden.
    Hewage, Kasun
    Department of Information Technology, Uppsala University, Uppsala, Sweden.
    Rene, Hummen
    Communication and Distributed Systems, RWTH Aachen University, Germany.
    Voigt, Thiemo
    Swedish Institute of Computer Science, Kista, Sweden.
    Lithe: Lightweight Secure CoAP for the Internet of Things2013In: IEEE Sensors Journal, ISSN 1530-437X, E-ISSN 1558-1748, Vol. 13, no 10, p. 3711-3720Article in journal (Refereed)
    Abstract [en]

    The Internet of Things (IoT) enables a wide range of application scenarios with potentially critical actuating and sensing tasks, e.g., in the e-health domain. For communication at the application layer, resource-constrained devices are expected to employ the Constrained Application Protocol (CoAP) that is currently being standardized at the IETF. To protect the transmission of sensitive information, secure CoAP (CoAPs) mandates the use of Datagram TLS (DTLS) as the underlying security protocol for authenticated and confidential communica- tion. DTLS, however, was originally designed for comparably powerful devices that are interconnected via reliable, high- bandwidth links.

    In this paper, we present Lithe – an integration of DTLS and CoAP for the IoT. With Lithe, we additionally propose a novel DTLS header compression scheme that aims to significantly reduce the header overhead of DTLS leveraging the 6LoWPAN standard. Most importantly, our proposed DTLS header com- pression scheme does not compromise the end-to-end security properties provided by DTLS. At the same time, it considerably reduces the number of transmitted bytes while maintaining DTLS standard compliance. We evaluate our approach based on a DTLS implementation for the Contiki operating system. Our evaluation results show significant gains in terms of packet size, energy consumption, processing time, and network-wide response times, when compressed DTLS is enabled. 

  • 16.
    Raza, Shahid
    et al.
    Swedish Institute of Computer Science, Kista, Sweden.
    Wallgren, Linus
    Swedish Institute of Computer Science, Kista, Sweden.
    Voigt, Thiemo
    Swedish Institute of Computer Science, Kista, Sweden.
    SVELTE: Real-time Intrusion Detection in the Internet of Things2013In: Ad hoc networks, ISSN 1570-8705, E-ISSN 1570-8713, Vol. 11, no 8, p. 2661-2674Article in journal (Refereed)
    Abstract [en]

    In the Internet of Things (IoT), resource-constrained things are connected to the unreliable and untrusted Internet via IPv6 and 6LoWPAN networks. Even when they are secured with encryption and authentication, these things are exposed both to wireless attacks from inside the 6LoWPAN network and from the Internet. Since these attacks may succeed, Intrusion Detection Systems (IDS) are necessary. Currently, there are no IDSs that meet the requirements of the IPv6-connected IoT since the available approaches are either customized for Wireless Sensor Networks (WSN) or for the conventional Internet.

    In this paper we design, implement, and evaluate a novel intrusion detection system for the IoT that we call SVELTE. In our implementation and evaluation we primarily target routing attacks such as spoofed or altered information, sinkhole, and selective-forwarding. However, our approach can be extended to detect other attacks. We implement SVELTE in the Contiki OS and thoroughly evaluate it. Our evaluation shows that in the simulated scenarios, SVELTE detects all malicious nodes that launch our implemented sinkhole and/or selective forwarding attacks. However, the true positive rate is not 100%, i.e., we have some false alarms during the detection of malicious nodes. Also, SVELTE’s overhead is small enough to deploy it on constrained nodes with limited energy and memory capacity. 

  • 17.
    Wang, Han
    et al.
    RISE Research Institutes of Sweden, Sweden.
    Eklund, David
    RISE Research Institutes of Sweden, Sweden.
    Oprea, Alina
    Northeastern University, U.S.A..
    Raza, Shahid
    RISE Research Institutes of Sweden, Sweden.
    FL4IoT: IoT Device Fingerprinting and Identification Using Federated Learning2023In: ACM Transactions on Internet of Things, ISSN 2691-1914, Vol. 4, no 3, p. 1-24, article id 17Article in journal (Refereed)
    Abstract [en]

    Unidentified devices in a network can result in devastating consequences. It is, therefore, necessary to fingerprint and identify IoT devices connected to private or critical networks. With the proliferation of massive but heterogeneous IoT devices, it is getting challenging to detect vulnerable devices connected to networks. Current machine learning-based techniques for fingerprinting and identifying devices necessitate a significant amount of data gathered from IoT networks that must be transmitted to a central cloud. Nevertheless, private IoT data cannot be shared with the central cloud in numerous sensitive scenarios. Federated learning (FL) has been regarded as a promising paradigm for decentralized learning and has been applied in many different use cases. It enables machine learning models to be trained in a privacy-preserving way. In this article, we propose a privacy-preserved IoT device fingerprinting and identification mechanisms using FL; we call it FL4IoT. FL4IoT is a two-phased system combining unsupervised-learning-based device fingerprinting and supervised-learning-based device identification. FL4IoT shows its practicality in different performance metrics in a federated and centralized setup. For instance, in the best cases, empirical results show that FL4IoT achieves ∼99% accuracy and F1-Score in identifying IoT devices using a federated setup without exposing any private data to a centralized cloud entity. In addition, FL4IoT can detect spoofed devices with over 99% accuracy.

  • 18.
    Wang, Han
    et al.
    RISE Research Institutes of Sweden, Kista, Sweden.
    Muñoz-González, Luis
    Imperial College London, London, United Kingdom.
    Hameed, Muhammad Zaid
    IBM Research Europe, Dublin, Ireland.
    Eklund, David
    RISE Research Institutes of Sweden, Kista, Sweden.
    Raza, Shahid
    RISE Research Institutes of Sweden, Kista, Sweden.
    SparSFA: Towards robust and communication-efficient peer-to-peer federated learning2023In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 129, article id 103182Article in journal (Refereed)
    Abstract [en]

    Federated Learning (FL) has emerged as a powerful paradigm to train collaborative machine learning (ML) models, preserving the privacy of the participants’ datasets. However, standard FL approaches present some limitations that can hinder their applicability in some applications. Thus, the need of a server or aggregator to orchestrate the learning process may not be possible in scenarios with limited connectivity, as in some IoT applications, and offer less flexibility to personalize the ML models for the different participants. To sidestep these limitations, peer-to-peer FL (P2PFL) provides more flexibility, allowing participants to train their own models in collaboration with their neighbors. However, given the huge number of parameters of typical Deep Neural Network architectures, the communication burden can also be very high. On the other side, it has been shown that standard aggregation schemes for FL are very brittle against data and model poisoning attacks. In this paper, we propose SparSFA, an algorithm for P2PFL capable of reducing the communication costs. We show that our method outperforms competing sparsification methods in P2P scenarios, speeding the convergence and enhancing the stability during training. SparSFA also includes a mechanism to mitigate poisoning attacks for each participant in any random network topology. Our empirical evaluation on real datasets for intrusion detection in IoT, considering both balanced and imbalanced-dataset scenarios, shows that SparSFA is robust to different indiscriminate poisoning attacks launched by one or multiple adversaries, outperforming other robust aggregation methods whilst reducing the communication costs through sparsification.

  • 19.
    Yasin, A.
    et al.
    School of Software, Northwestern Polytechnical University, Shaanxi, Xian, 710072, China.
    Fatima, R.
    Department of Computer Science, Emerson University, Multan, Pakistan.
    JiangBin, Z.
    School of Software, Northwestern Polytechnical University, Shaanxi, Xian, 710072, China.
    Afzal, Wasif
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems.
    Raza, Shahid
    Mälardalen University, School of Innovation, Design and Engineering, Embedded Systems. RISE Research Institutes of Sweden, Sweden.
    Can serious gaming tactics bolster spear-phishing and phishing resilience?: Securing the human hacking in Information Security2024In: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 170, article id 107426Article in journal (Refereed)
    Abstract [en]

    Context: In the digital age, there is a notable increase in fraudulent activities perpetrated by social engineers who exploit individuals’ limited knowledge of digital devices. These actors strategically manipulate human psychology, targeting IT devices to gain unauthorized access to sensitive data. Objectives: Our study is centered around two distinct objectives to be accomplished through the utilization of a serious game: (i) The primary objective entails delivering training and educational content to participants with a focus on phishing attacks; (ii) The secondary objective aims to heighten participants’ awareness regarding the perils associated with divulging excessive information online. Methodology: To address these objectives, we have employed the following techniques and methods: (i) A comprehensive literature review was conducted to establish foundational knowledge in areas such as social engineering, game design, learning principles, human interaction, and game-based learning; (ii) We meticulously aligned the game design with the philosophical concept of social engineering attacks; (iii) We devised and crafted an advanced hybrid version of the game, incorporating the use of QR codes to generate game card data; (iv) We conducted an empirical evaluation encompassing surveys, observations, discussions, and URL assessments to assess the effectiveness of the proposed hybrid game version. Results: Quantitative data and qualitative observations suggest the “PhishDefend Quest” game successfully improved players’ comprehension of phishing threats and how to detect them through an interactive learning experience. The results highlight the potential of serious games to educate people about social engineering risks. Conclusion: Through the evaluation, we can readily arrive at the following conclusions: (i) Game-based learning proves to be a viable approach for educating participants about phishing awareness and the associated risks tied to the unnecessary disclosure of sensitive information online; (ii) Furthermore, game-based learning serves as an effective means of disseminating awareness among participants and players concerning prevalent phishing attacks.

1 - 19 of 19
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf