-
Exploring Post-Quantum Cryptographic Schemes for TLS in 5G Nb-IoT: Feasibility and Recommendations
Authors:
Kadir Sabanci,
Mumin Cebe
Abstract:
Narrowband Internet of Things (NB-IoT) is a wireless communication technology that enables a wide range of applications, from smart cities to industrial automation. As a part of the 5G extension, NB-IoT promises to connect billions of devices with low-power and low-cost requirements. However, with the advent of quantum computers, the incoming NB-IoT era is already under threat by these devices, wh…
▽ More
Narrowband Internet of Things (NB-IoT) is a wireless communication technology that enables a wide range of applications, from smart cities to industrial automation. As a part of the 5G extension, NB-IoT promises to connect billions of devices with low-power and low-cost requirements. However, with the advent of quantum computers, the incoming NB-IoT era is already under threat by these devices, which might break the conventional cryptographic algorithms that can be adapted to secure NB-IoT devices on large scale. In this context, we investigate the feasibility of using post-quantum key exchange and signature algorithms for securing NB-IoT applications. We develop a realistic ns-3 environment to represent the characteristics of NB-IoT networks and analyze the usage of post-quantum algorithms to secure communication. Our findings suggest that using NIST-selected post-quantum key-exchange protocol Kyber does not introduce significant overhead, but post-quantum signature schemes can result in impractical latency times and lower throughputs
△ Less
Submitted 6 September, 2023;
originally announced September 2023.
-
A Survey on Security Issues in Modern Implantable Devices: Solutions and Future Issues
Authors:
Emmanuel Kwarteng,
Dr. Mumin Cebe
Abstract:
Implantable Medical Devices (IMD) is a fast pace growing medical field and continues to grow in the foreseeable future. Advancement in science and technology has led to the IMD devices offering advanced medical treatments. Modern IMDs can automatically monitor and manage different patients' health conditions without any manual intervention from medical professionals. While IMDs are also becoming m…
▽ More
Implantable Medical Devices (IMD) is a fast pace growing medical field and continues to grow in the foreseeable future. Advancement in science and technology has led to the IMD devices offering advanced medical treatments. Modern IMDs can automatically monitor and manage different patients' health conditions without any manual intervention from medical professionals. While IMDs are also becoming more connected to enhance the delivery of care remotely and provide the means for both patients and physicians to adjust therapy at the comfort of their homes, it also increases security related concerns. Adversaries could take advantage and exploit device vulnerabilities to manipulate device settings remotely from anywhere around the world. This manuscript reviews the current threats, security goals, and proposed solutions by comparing them with their strengths and limitations. We also highlight the emerging IMD technologies and innovative ideas for new designs and implementations to improve the security of IMDs. Finally, we conclude the article with future research directions toward securing IMD systems to light the way for researchers.
△ Less
Submitted 2 May, 2022;
originally announced May 2022.
-
D-LNBot: A Scalable, Cost-Free and Covert Hybrid Botnet on Bitcoin's Lightning Network
Authors:
Ahmet Kurt,
Enes Erdin,
Kemal Akkaya,
A. Selcuk Uluagac,
Mumin Cebe
Abstract:
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we s…
▽ More
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we first propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. Exploiting various anonymity features of LN, we show the feasibility of a scalable two-layer botnet which completely anonymizes the identity of the botmaster. In the first layer, the botmaster anonymously sends the commands to the command and control (C&C) servers through regular LN payments. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multi-hop LN payments, where the commands are either encoded with the payments or attached to the payments to provide covert communications. In the second layer, C&C servers further relay those commands to the bots in their mini-botnets to launch any type of attacks to victim machines. We further improve on this design by introducing D-LNBot; a distributed version of LNBot that generates its C&C servers by infecting users on the Internet and forms the C&C connections by opening channels to the existing nodes on LN. In contrary to the LNBot, the whole botnet formation phase is distributed and the botmaster is never involved in the process. By utilizing Bitcoin's Testnet and the new message attachment feature of LN, we show that D-LNBot can be run for free and commands are propagated faster to all the C&C servers compared to LNBot. We presented proof-of-concept implementations for both LNBot and D-LNBot on the actual LN and extensively analyzed their delay and cost performance. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot and D-LNBot activities and minimize their impacts.
△ Less
Submitted 22 May, 2023; v1 submitted 14 December, 2021;
originally announced December 2021.
-
A Cost-efficient IoT Forensics Framework with Blockchain
Authors:
Suat Mercan,
Mumin Cebe,
Ege Tekiner,
Kemal Akkaya,
Melissa Chang,
Selcuk Uluagac
Abstract:
IoT devices have been adopted widely in the last decade which enabled collection of various data from different environments. The collected data is crucial in certain applications where IoT devices generate data for critical infrastructure or systems whose failure may result in catastrophic results. Specifically, for such critical applications, data storage poses challenges since the data may be c…
▽ More
IoT devices have been adopted widely in the last decade which enabled collection of various data from different environments. The collected data is crucial in certain applications where IoT devices generate data for critical infrastructure or systems whose failure may result in catastrophic results. Specifically, for such critical applications, data storage poses challenges since the data may be compromised during the storage and the integrity might be violated without being noticed. In such cases, integrity and data provenance are required in order to be able to detect the source of any incident and prove it in legal cases if there is a dispute with the involved parties. To address these issues, blockchain provides excellent opportunities since it can protect the integrity of the data thanks to its distributed structure. However, it comes with certain costs as storing huge amount of data in a public blockchain will come with significant transaction fees. In this paper, we propose a highly cost effective and reliable digital forensics framework by exploiting multiple inexpensive blockchain networks as a temporary storage before the data is committed to Ethereum. To reduce Ethereum costs,we utilize Merkle trees which hierarchically stores hashes of the collected event data from IoT devices. We evaluated the approach on popular blockchains such as EOS, Stellar, and Ethereum by presenting a cost and security analysis. The results indicate that we can achieve significant cost savings without compromising the integrity of the data.
△ Less
Submitted 30 April, 2020;
originally announced April 2020.
-
LNBot: A Covert Hybrid Botnet on Bitcoin Lightning Network for Fun and Profit
Authors:
Ahmet Kurt,
Enes Erdin,
Mumin Cebe,
Kemal Akkaya,
A. Selcuk Uluagac
Abstract:
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bit…
▽ More
While various covert botnets were proposed in the past, they still lack complete anonymization for their servers/botmasters or suffer from slow communication between the botmaster and the bots. In this paper, we propose a new generation hybrid botnet that covertly and efficiently communicates over Bitcoin Lightning Network (LN), called LNBot. LN is a payment channel network operating on top of Bitcoin network for faster Bitcoin transactions with negligible fees. Exploiting various anonymity features of LN, we designed a scalable two-layer botnet which completely anonymize the identity of the botmaster. In the first layer, the botmaster sends commands anonymously to the C&C servers through LN transactions. Specifically, LNBot allows botmaster's commands to be sent in the form of surreptitious multihop LN payments, where the commands are encoded with ASCII or Huffman encoding to provide covert communications. In the second layer, C&C servers further relay those commands to the bots they control in their mini-botnets to launch any type of attacks to victim machines. We implemented a proof-of-concept on the actual LN and extensively analyzed the delay and cost performance of LNBot. Our analysis show that LNBot achieves better scalibility compared to the other similar blockchain botnets with negligible costs. Finally, we also provide and discuss a list of potential countermeasures to detect LNBot activities and minimize its impacts.
△ Less
Submitted 25 April, 2020; v1 submitted 22 December, 2019;
originally announced December 2019.
-
Communication-efficient Certificate Revocation Management for Advanced Metering Infrastructure and IoT
Authors:
Mumin Cebe,
Kemal Akkaya
Abstract:
Advanced Metering Infrastructure forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication between smart meters could be secured utilizing public-key cryptography, however, public-key cryptography still has certain challenges in terms of certificate revocation and management particularly related distribution and storage overhead of revoked…
▽ More
Advanced Metering Infrastructure forms a communication network for the collection of power data from smart meters in Smart Grid. As the communication between smart meters could be secured utilizing public-key cryptography, however, public-key cryptography still has certain challenges in terms of certificate revocation and management particularly related distribution and storage overhead of revoked certificates. To address this challenge, in this paper, we propose a novel revocation management approach by utilizing cryptographic accumulators which reduces the space requirements for revocation information significantly and thus enables efficient distribution of such information to all smart meters. We implemented the proposed approach on both ns-3 network simulator and a testbed. We demonstrated its superior performance with respect to traditional methods for revocation management.
△ Less
Submitted 5 August, 2020; v1 submitted 12 February, 2019;
originally announced February 2019.
-
Block4Forensic: An Integrated Lightweight Blockchain Framework for Forensics Applications of Connected Vehicles
Authors:
Mumin Cebe,
Enes Erdin,
Kemal Akkaya,
Hidayet Aksu,
Selcuk Uluagac
Abstract:
Today's vehicles are becoming cyber-physical systems that do not only communicate with other vehicles but also gather various information from hundreds of sensors within them. These developments help create smart and connected (e.g., self-driving) vehicles that will introduce significant information to drivers, manufacturers, insurance companies and maintenance service providers for various applic…
▽ More
Today's vehicles are becoming cyber-physical systems that do not only communicate with other vehicles but also gather various information from hundreds of sensors within them. These developments help create smart and connected (e.g., self-driving) vehicles that will introduce significant information to drivers, manufacturers, insurance companies and maintenance service providers for various applications. One such application that is becoming crucial with the introduction of self-driving cars is the forensic analysis for traffic accidents. The utilization of vehicle-related data can be instrumental in post-accident scenarios to find out the faulty party, particularly for self-driving vehicles. With the opportunity of being able to access various information on the cars, we propose a permissioned blockchain framework among the various elements involved to manage the collected vehicle-related data. Specifically, we first integrate Vehicular Public Key Management (VPKI) to the proposed blockchain to provide membership establishment and privacy. Next, we design a fragmented ledger that will store detailed data related to vehicle such as maintenance information/history, car diagnosis reports, etc. The proposed forensic framework enables trustless, traceable and privacy-aware post-accident analysis with minimal storage and processing overhead.
△ Less
Submitted 9 July, 2018; v1 submitted 2 February, 2018;
originally announced February 2018.
