E-Business and Telecommunications

Internet routing relies completely on the Border Gateway Protocol (BGP) which is inherently insecure and allow the deployment of route hijacking attacks. The client side detection of such type of attacks can be achieved by detecting Round Trip Time (RTT) deviations from multiple points on the Internet to the target network. However, the localization of the autonomous systems where the attack originates can only be performed with an underlying realistic and precise model of the Internet interconnections. A usable and useful realistic Internet interconnections model does not exist. The existing interconnection models are to simplistic to be applicable in real scenarios and/or incorporate to much uncorrelated information that cannot be used due to its complexity.

This work presents a client side methodology to locate the source of BGP hijack attacks based on a quasi-realist graph that models the Internet as an all. The construction of such graph builds upon all known Internet exchange points (IX) and landing points of all known submarine cables. The lack of information about interconnections between Internet exchangers (IX) nodes and landing points is extrapolated from simple rules that take in consideration Earth geographic characteristics. This approach results in a graph that includes all major corner stones of the Internet while maintaining a simple structure. This underlying quasi-realist graph model of the Internet will allow the search for IX nodes where a false route could be injected to create a similar RTT anomaly observed during an attack.

With very simplistic assumptions as similar node, link loads and symmetric routing by the shortest path, and calibration using a relatively small set of world-scale measurements, the proof-of-concept results show that the model allows to locate the source of routing hijack attacks within a reasonable degree of efficiency.

The 5G standardization activities are going to be finalized. The full set of specifications for the next generation telecommunication systems, which will be based on flexible network management and new services definition, is expected for mid 2018 (release 15) and for mid 2019 (release 16). At the same time, High Throughput Satellite (HTS) platforms faced a wide adoption for the provision of Internet access and are recently gaining a significant interest as complementary connectivity able to support 5G architectures, leading to significant investments for the development and deployment of future platforms. In the view of a synergy between terrestrial and satellite networks to provide 5G services, the satellite access can play a meaningful role to support/complement terrestrial networks for its peculiar characteristics of coverage, broadcasting/multicasting, synchronization, etc. To this aim, the system availability and bandwidths available must be carefully assessed when the hybrid network is tailored to specific 5G services. The Athena Fidus system has been realized to support civil and governmental services and is today operational. In this paper, the characteristics of Athena Fidus DVB-S2/DVB-RCS links are considered to identify the set of services that will be possible to offer, focusing on nominal IP-based bandwidth and availability. The objective is to draw the operational context to be considered for the potential utilization of Athena Fidus in the next communication systems.

This paper studies the security for Voice over IP in peer-to-peer (P2P) networks. Instead of taking a general approach to security in P2P, we focus on a specific use case, namely private (e.g. military) mobile ad hoc networks. This allows for security measures that are not necessarily applicable to general P2P networks, but elegantly solve the issues in the given context. We propose security measures for two different approaches to the P2P version of the Session Initiation Protocol in such networks, provide their implementations and present results from performing experimentations in a simulator.

Marketer-generated content influence the fans’ responses to social media. Provide the right content to the right target audiences at the right time could increase online engagement. Brands existing in online social media could attain brand awareness and engagement. Therefore, this paper aims to analyze the factors determining consumer awareness and interactions with the brand-posted content and consequences of this awareness and interactions, by collecting the objective measures from the secondary sources. Data such as posts per day, engagement rate, PTAT are collected from almost 300 famous national and international brand fan pages from 9 industries in Thailand. An empirical analysis using simple and multiple linear regression is conducted to test the proposed hypotheses. The results show the insights of social media strategies among 9 brand categories. Pictures and videos are popularly used as the content strategies. However, the percentage of the picture and video posts do not directly affect the engagement rate. Total fans significantly determine the consumer awareness and interactions (PTAT), which later drive more of the new likes. This study contributes to the existing literature in terms of using objective measures and widely exploring brands in various categories, filling the research gaps with interesting results and guiding what should be added for brands in each category.

Recent advancements in technology have enabled businesses to automate their structured business processes, thus requiring minimum intervention from end-users. This has shifted attention towards less structured processes, which are ad-hoc, often undocumented and demand frequent human decision-making. These processes are referred to as Unstructured Business Processes (UBP). Currently available tools and technologies are mainly focused on structured processes and therefore not optimally suited for management of UBP. With a representative example, we performed an experiment to compare and assess the ability of existing process support paradigms, i.e. Business Process Management and Case Management, to manage UBP. Moreover, we also investigated the limitations of Business Process Model and Notation (BPMN) and Case Management Model and Notation (CMMN) for modeling UBP. Based on our findings, a set of requirements are derived that are needed for optimally managing and modeling UBP. These requirements allow to express end-to-end business processes while providing flexibility for run-time changes. The requirements are also demonstrated with a possible extension of BPMN.

The exploitation of the spatial domain with the concept of multiple-input multiple-output (MIMO) is a promising approach to further improve the cost efficiency in fiber-optic communications. Historically, the first optical MIMO systems utilized multi-mode couplers for the purpose of mode multiplexing (MUX) and demultiplexing (DEMUX). However, their high insertion losses and asymmetries demand for alternative components. Nowadays, next to optical couplers, photonic lanterns have become considerably more attractive offering low insertion losses and being able to excite individual modes. Therefore, they are in the focus of this contribution. A setup of 6-port photonic lanterns is evaluated by measurements and compared with other multiplexing components. The measurement results and the simulated bit-error rate performances highlight that photonic lanterns are well-suited for optical MIMO communications.

The output of modern cryptographic primitives like pseudorandom generators and block or stream ciphers is frequently required to be indistinguishable from a truly random data. The existence of any distinguisher provides a hint about the insufficient confusion and diffusion property of an analyzed function. In addition to targeted cryptoanalysis, statistical tests included in batteries such as NIST STS, Dieharder or TestU01 are frequently used to assess the indistinguishability property. However, the tests included in these batteries are either too simple to spot the common biases (like the Monobit test) or overly complex (like the Fourier Transform test) requiring an extensive amount of data. We propose a simple, yet surprisingly powerful method called BoolTest for the construction of distinguishers based on an exhaustive search for boolean function(s). The BoolTest typically constructs distinguisher with fewer input data required and directly identifies the function’s biased output bits. We analyze the performance on four input generation strategies: counter-based, low hamming weight, plaintext-ciphertext block combination and bit-flips to test strict avalanche criterion. The BoolTest detects bias and thus constructs distinguisher in a significantly higher number of rounds in the round-reduced versions of DES, 3-DES, MD5, MD6 and SHA-256 functions than the state-of-the-art batteries. Finally, we provide a precise interpretation of BoolTest verdict (provided in the form of Z-score) about the confidence of a distinguisher found. The BoolTest clear interpretation is a significant advantage over standard batteries consisting of multiple tests, where not only a statistical significance of a single test but also aggregated decision over multiple, potentially correlated tests, needs to be correctly performed.

Pairing-based cryptography (PBC) has been significantly studied over the last decade, both in the areas of computational performance and in establishing security and privacy protocols. PBC implementations on embedded devices are exposed to physical attacks such as side channel attacks. Such attacks which are able to recover the secret input used in some PBC-based schemes are our main focus in this paper. Various countermeasures have consequently been proposed in the literature. The present paper provides an updated review of the state of the art countermeasures against side channel attacks against PBC implementations. We especially focus on a technique based on point blinding using randomization. Furthermore, we propose a collision based side-channel attack against an implementation embedding the point randomization countermeasure. This raises questions about the validation of countermeasures for complex cryptographic schemes such as PBC. We also discuss about ways of defeat our attack. This article is in part an extension of the paper [20] published at Secrypt 2017.

Password-based Authenticated Key-Exchange (PAKE) protocols allow the establishment of secure communication entirely based on the knowledge of a shared password. Over the last two decades, we have witnessed the debut of a number of prominent security models for PAKE protocols, whose aim is to capture the desired security properties that such protocols must satisfy when executed in the presence of an active adversary. These models are usually classified into (i) indistinguishability-based (IND-based) or (ii) simulation-based (SIM-based). However, the relation between these two security notions is unclear and mentioned as a gap in the literature. In this work, we prove that SIM-BMP security from Boyko et al. (EUROCRYPT 2000) implies IND-RoR security from Abdalla et al. (PKC 2005) and that IND-RoR security is equivalent to a slightly modified version of SIM-BMP security. We also investigate whether IND-RoR security implies (unmodified) SIM-BMP security. The results obtained also hold when forward secrecy is incorporated into the security models in question.

Distributed Denial-of-Service (DDoS) attack has been identified as one of the most serious threats to Internet services. The attack denies service to legitimate users by flooding and consuming network resources of the target server. We propose a distributed defense mechanism that filters out malicious traffic and allows significant legitimate traffic during an actual attack. We investigate the features of network traffic that can be used to do such filtration and describe a history-based profiling algorithm to identify legitimate traffic. We use Bloom filters to efficiently implement the history-based profile model, which serves to reduce the communication and computation costs. To further improve communication and computation costs, we describe two optimizations: (a) using only three octets of the IP address to generate the history profile, and (b) a data structure called Compacted Bloom Filter, which is a modified version of a regular Bloom filter. We use these notions as building blocks to describe a distributed framework called Collaborative Filtering for filtering attack traffic as far away as possible from the target server. The proposed techniques identify a set of nodes that are best suited for filtering attack traffic, and places the Bloom filters in these locations. The approach is evaluated on different real-world data sets from Auckland University, CAIDA, and Colorado State University. Under different experimental settings, we demonstrate that 70–95% attack traffic can be filtered by our approach while allowing the flow of a similar percentage of legitimate traffic.

A public-key infrastructure (PKI) binds public keys to identities of entities. Usually, this binding is established through a process of registration and issuance of certificates by a certificate authority (CA) where the validation of the registration is performed by a registration authority. In this paper, we propose an alternative scheme, called LocalPKI , where the binding is performed by a local authority and the issuance is left to the end user or to the local authority. The role of a third entity is then to register this binding and to provide up-to-date status information on this registration. The idea is that many more local actors could then take the role of a local authority, thus allowing for an easier spread of public-key certificates in the population. Moreover, LocalPKI represents also an appropriate solution to be deployed in the Internet of Things context. Our scheme’s security is formally proven with the help of Tamarin, an automatic verification tool for cryptographic protocols.

Symmetric Searchable Encryption (\(\mathrm {SSE}\)) schemes enable clients to securely outsource their data while maintaining the ability to perform keywords search over it. The security of these schemes is based on an explicit leakage profile [1], has initiated the investigation into how much information could be deduced in practice from this leakage. In this paper, after recalling the leakage hierarchy introduced in 2015 by Cash et al. and the passive attacks of [1] on \(\mathrm {SSE}\) schemes. We demonstrate the effectiveness of these attacks on a wider set of real-world datasets than previously shown. On the other hand, we show that the attacks are inefficient against some types of datasets. Finally, we used what we learned from the unsuccessful datasets to give insight into future countermeasures.

Audio information can be represented in a wide range of formats that need to be further processed. This is the case of data which are obtained from devices addressed to measure human listening levels. The current paper describes the computer-based analysis of different types of data related to the listening level measures coming from TLTS (Tomatis Listening Test System) devices. Such data can be classified into several formats such as images displaying listening graphical curves or spreadsheets collecting digitized values from those device measurements. In the first case, image analysis techniques were used to process listening curves gathered through the TLTS tests in the context of a collaboration project with the Isora Solutions company where the proposed system was applied. In the case of the spreadsheet data, a web-based tool was developed to complement the information processing of listening data sources which were gathered from the TLTS devices. The obtained results show the suitability of the implemented software tools to analyze different kind of information associated to the measurement of listening levels in the TLTS.

End-to-end throughput is a major concern in wireless networks. One key approach for enhancing throughput is the optimisation of link quality. This can be efficiently done via power control. Link quality metrics, such as the Expected Transmission Count (ETX), promotes throughput maximisation, since it employs bidirectional links and it is additive by nature. This means that the ETX from the basestation to a node is the sum of all the ETX values across the route. Definitely, nodes behave selfishly, in most cases, in order to satisfy their benefits from their strategies. The methodology that describes this kind of behaviour more accurately is game theory. Thus, we consider nodes to be individual players that operate to maximise their utilities. In this paper, we propose a distributed game-theoretic algorithm, which attempts to keep the reliability of transmission to high standards, while reducing energy consumption. The actions of the nodes are transmission power levels that reside on a finite space; hence, we proceed with majorisation properties and the concavity of the utility function to indicate convergence. Furthermore, we employ the Fictitious Play learning methodology, which is a very well-known learning algorithm for game theoretic approaches, to show some learning properties of our approach. We provide simulations to highlight the efficiency of our approach.

In wireless networked control systems (WNCS), sensors, controllers, and actuators exchange data to solve control tasks. Operation of WNCS usually occurs under real-time constraints, in particular regarding synchronicity of value sampling, transmission latencies, and packet losses. This calls for deterministic protocols as well as for real-time-capable implementations of these protocols. In this paper, we present the protocol framework BiPS (Black-burst integrated Protocol Stack), which provides real-time protocol and operating system functionalities, and its implementation on the Imote 2 hardware platform hosting the transceiver CC 2420. Furthermore, we present the application and deployment of BiPS in an industrial environment.

In the current globalisation framework where electronic transactions and data sharing is a common activity, cyber-risks analysis, protection and avoidance have become a key aspect which must be book and prioritised on the business agenda in companies. Nevertheless, this issue is difficult to analyse given the dimension of the problem and the company units and individuals and infrastructures which are involved. In consequence, cyber-insurance is considered as the appropriate mean to avoid financial losses caused by information technologies infrastructures and procedures security breaches. This paper analyses and describes how costumers and their cyber-risks should be assessed by an insurance company in order to establish the company status and implement the required actions to fix the issue. This work describes the three phases required to complete a full cyber-risk assessment and the risks evaluation. Furthermore, the paper highlights the resources that the insurer should keep in its road-map to implement the risk assessment and, thus, to determine the company insurability, and the requirements to reach such condition. After the risk analysis completion at the customer’s premises, it must be evaluated subsequently at all levels. Among other factors, this evaluation is based on 63 question criteria. In the risk assessment criteria weights are not uniformly distributed and weighting is applied according to the relevance. In particular, criteria that should receive a special attention are referred to as showstoppers.

The information revolution has caused many aspects of human activity to critically depend on a wide variety of physically existing or virtual technological achievements such as electronic devices, computer systems, algorithms, cloud resources, artificial intelligence hardware and software entities etc. Many of these systems are used in highly sensitive contexts, such as military applications. This implies the existence of an increasing number of unintentional disturbances or malicious attacks. Successful operation requires qualities such as robustness, fault tolerance, reliability, availability and security. All these may be summarized by the title of survivability. Survivability of critical systems working for sensitive applications involves the ability to provide uninterrupted operation under severe disturbances, gracefully degrade when limiting conditions are reached and maintain the ability to resume normal service once the disturbances have been removed. Survivability is an important, even - though non – functional, lifecycle property of many engineering systems. Further desirable elements of survivability include the ability of systems to recognize and resist attacks or accidents, adapt in order to avoid them and modify their behavior in order to diminish the effects of similar future occurrences. This chapter presents a quantitative approach to assessing survivability and an account of survivability in military systems. A scheme for survivability via replica diversity in the implementation of the AES algorithm is then presented. Following that, an algorithm for adaptive attack aversion in user authentication systems is presented that is based on Boolean transformations. An approach for increased survivability in Internet of Things (IoT) systems is then presented. Finally, an algorithm for secure data storage in cloud resources is presented that allows attack detection and avoidance.