Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions

Sensor networks and Internet of Things (IoT) are useful for many purposes such as military defense, sensing in smart homes, precision agriculture, underwater monitoring in aquaculture, and ambient-assisted living for healthcare. Efficient and secure data forwarding is essential to maintain seamless communications and to provide fast services. However, IoT devices and sensors usually have low processing capabilities and vulnerabilities. For example, attacks such as the Distributed Denial of Service (DDoS) can easily hinder sensor networks and IoT devices. In this context, the current approach presents an agent-based simulation solution for exploring strategies for defending from different DDoS attacks. The current work focuses on obtaining low-consuming defense strategies in terms of processing capabilities, so that these can be applied in sensor networks and IoT devices. The experimental results show that the simulator was useful for (a) defining defense and attack strategies, (b) assessing the effectiveness of defense strategies against attack ones, and (c) defining efficient defense strategies with low response times.

show abstract

“…Thus, these are more difficult to be tracked. This attack would use the well-known man-in-the-middle attack [14] to acquire these message.…”

Section: Substitute Attackmentioning

confidence: 99%

ABS‐DDoS: An Agent‐Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices

González-Landero¹,

García‐Magariño

Lacuesta

et al. 2018

Wireless Communications and Mobile Computing

View full text Add to dashboard Cite

show abstract

“…A portion of the HLPN model shown in Figure 3 is depicted in Figure 4, which represents the registration process of domains on the DS. ∶= sp-cr [10], sp-r [2] ∶= sp-cr [11], sp-r [3] ∶= sp-cr [12], sp-r [4] ∶= sp-cr [13], sp-r [10] ∶= sp-cr [14], sp-r [13] ∶= sp-cr [9], sp-r [25] ∶= sp-cr [24], sp-r [11] ∶= CR − REG − DID (sp-cr [17], sp-cr [10]), sp-r [12] ∶= CR − REG − SK (sp-cr [17], sp-cr [10]), sp-cr [15] ∶= sp-r [11], sp-cr [16] ∶= sp-r [12], sp-ua [1] ∶= sp-r [11], sp-ua [2] ∶= sp-r [12], Sp − Cr ′ = Sp − Cr ∪ (sp-cr [15], sp-cr [16]) ∧ Sp − R ′ = Sp − R ∪ (sp-r [1], sp-r [2], sp-r [3], sp-r [4], sp-r [10], sp-r [13], sp-r [11], sp-r [12], sp-r [25]…”

Section: Modeling and Analysis Of Xdauth Protocolmentioning

confidence: 99%

“…R (Publish) = ∀c-pub ∈ C − P ub, ∀ia-pub ∈ Ia − P ub, ∀ ds-c-pub ∈ Ds − C − P ub ia-pub [17] = ds-c-pub [6] → ds-c-pub [15] ∶= c-pub [1], ds-c-pub [17] ∶= c-pub [2], ds-c-pub [18] ∶= c-pub [3], ds-c-pub [16] ∶= c-pub [4], ds-c-pub [14] ∶= c-pub [5], ds-c-pub [19] ∶= c-pub [6], ds-c-pub [13] ∶= ia-pub [9], ds-c-pub [24] ∶= CR − CDP − ID(c-pub [2]), [15], ds-c-pub [17], ds-c-pub [18], ds-c-pub [16], ds-c-pub [14], ds-c-pub [19], ds-c-pub [13], ds-c-pub [24]) (9)…”

Section: Storesmentioning

confidence: 99%

See 1 more Smart Citation

Formal Verification of the xDAuth Protocol

Alam

Tabbasum

Malik

et al. 2016

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Service Oriented Architecture (SOA) offers a flexible paradigm for information flow among collaborating organizations. As information moves out of an organization boundary, various security concerns may arise, such as confidentiality, integrity, and authenticity that needs to be addressed. Moreover, verifying the correctness of the communication protocol is also an important factor. This paper focuses on the formal verification of the xDAuth protocol, which is one of the prominent protocols for identity management in cross domain scenarios. We have modeled the information flow of xDAuth protocol using High Level Petri Nets (HLPN) to understand protocol information flow in a distributed environment. We analyze the rules of information flow using Z language while Z3 SMT solver is used for verification of the model. Our formal analysis and verification results reveal the fact that the protocol fulfills its intended purpose and provides the security for the defined protocol specific properties, e.g. secure secret key authentication, Chinese wall security policy and secrecy specific properties, e.g. confidentiality, integrity, authenticity.

show abstract

“…Similarly, when we design a software, do not forget diverse security concerns (Akhunzada et al, 2015d, Akhunzada et al, 2015a to ensure that the software design supports penetration testing (ethical hacking) against hacking (Chang and Ramachandran, 2016).…”

Section: Introductionmentioning

confidence: 99%

A survey on Test Suite Reduction frameworks and tools

Khan

Lee

Ahmad

et al. 2016

International Journal of Information Management

Self Cite

View full text Add to dashboard Cite

Abstract-Software testing is a widely accepted practice that ensures the quality of a System under Test (SUT). However, the gradual increase of the test suite size demands high portion of testing budget and time. Test Suite Reduction (TSR) is considered a potential approach to deal with the test suite size problem. Moreover, a complete automation support is highly recommended for software testing to adequately meet the challenges of a resource constrained testing environment. Several TSR frameworks and tools have been proposed to efficiently address the test-suite size problem. The main objective of the paper is to comprehensively review the state-of-the-art TSR frameworks to highlights their strengths and weaknesses. Furthermore, the paper focuses on devising a detailed thematic taxonomy to classify existing literature that helps in understanding the underlying issues and proof of concept. Moreover, the paper investigates critical aspects and related features of TSR frameworks and tools based on a set of defined parameters. We also rigorously elaborated various testing domains and approaches followed by the extant TSR frameworks. The results reveal that majority of TSR frameworks focused on randomized unit testing, and a considerable number of frameworks lacks in supporting multi-objective optimization problems. Moreover, there is no generalized framework, effective for testing applications developed in any programming domain. Conversely, Integer Linear Programming (ILP) based TSR frameworks provide an optimal solution for multi-objective optimization problems and improve execution time by running multiple ILP in parallel. The study concludes with new insights and provides an unbiased view of the state-of-the-art TSR frameworks. Finally, we present potential research issues for further investigation to anticipate efficient TSR frameworks.

show abstract

Man-At-The-End attacks: Analysis, taxonomy, human aspects, motivation and future directions

Cited by 73 publications

References 64 publications

ABS‐DDoS: An Agent‐Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices

ABS‐DDoS: An Agent‐Based Simulator about Strategies of Both DDoS Attacks and Their Defenses, to Achieve Efficient Data Forwarding in Sensor Networks and IoT Devices

Formal Verification of the xDAuth Protocol

A survey on Test Suite Reduction frameworks and tools

Contact Info

Product

Resources

About