-
Supervising Smart Home Device Interactions: A Profile-Based Firewall Approach
Authors:
François De Keersmaeker,
Ramin Sadre,
Cristel Pelsser
Abstract:
Internet of Things devices can now be found everywhere, including in our households in the form of Smart Home networks. Despite their ubiquity, their security is unsatisfactory, as demonstrated by recent attacks. The IETF's MUD standard has as goal to simplify and automate the secure deployment of end devices in networks. A MUD file contains a device specific description of allowed network activit…
▽ More
Internet of Things devices can now be found everywhere, including in our households in the form of Smart Home networks. Despite their ubiquity, their security is unsatisfactory, as demonstrated by recent attacks. The IETF's MUD standard has as goal to simplify and automate the secure deployment of end devices in networks. A MUD file contains a device specific description of allowed network activities (e.g., allowed IP ports or host addresses) and can be used to configure for example a firewall. A major weakness of MUD is that it is not expressive enough to describe traffic patterns representing device interactions, which often occur in modern Smart Home platforms. In this article, we present a new language for describing such traffic patterns. The language allows writing device profiles that are more expressive than MUD files and take into account the interdependencies of traffic connections. We show how these profiles can be translated to efficient code for a lightweight firewall leveraging NFTables to block non-conforming traffic. We evaluate our approach on traffic generated by various Smart Home devices, and show that our system can accurately block unwanted traffic while inducing negligible latency.
△ Less
Submitted 23 January, 2024; v1 submitted 5 October, 2023;
originally announced October 2023.
-
Data Availability Sampling in Ethereum: Analysis of P2P Networking Requirements
Authors:
Michał Król,
Onur Ascigil,
Sergi Rene,
Etienne Rivière,
Matthieu Pigaglio,
Kaleem Peeroo,
Vladimir Stankovic,
Ramin Sadre,
Felix Lange
Abstract:
Despite their increasing popularity, blockchains still suffer from severe scalability limitations. Recently, Ethereum proposed a novel approach to block validation based on Data Availability Sampling (DAS), that has the potential to improve its transaction per second rate by more than two orders of magnitude. DAS should also significantly reduce per-transaction validation costs. At the same time,…
▽ More
Despite their increasing popularity, blockchains still suffer from severe scalability limitations. Recently, Ethereum proposed a novel approach to block validation based on Data Availability Sampling (DAS), that has the potential to improve its transaction per second rate by more than two orders of magnitude. DAS should also significantly reduce per-transaction validation costs. At the same time, DAS introduces new communication patterns in the Ethereum Peer-to-Peer (P2P) network. These drastically increase the amount of exchanged data and impose stringent latency objectives. In this paper, we review the new requirements for P2P networking associated with DAS, discuss open challenges, and identify new research directions.
△ Less
Submitted 20 June, 2023;
originally announced June 2023.
-
Deep Learning Segmentation of Complex Features in Atomic-Resolution Phase Contrast Transmission Electron Microscopy Images
Authors:
Robbie Sadre,
Colin Ophus,
Anstasiia Butko,
Gunther H Weber
Abstract:
Phase contrast transmission electron microscopy (TEM) is a powerful tool for imaging the local atomic structure of materials. TEM has been used heavily in studies of defect structures of 2D materials such as monolayer graphene due to its high dose efficiency. However, phase contrast imaging can produce complex nonlinear contrast, even for weakly-scattering samples. It is therefore difficult to dev…
▽ More
Phase contrast transmission electron microscopy (TEM) is a powerful tool for imaging the local atomic structure of materials. TEM has been used heavily in studies of defect structures of 2D materials such as monolayer graphene due to its high dose efficiency. However, phase contrast imaging can produce complex nonlinear contrast, even for weakly-scattering samples. It is therefore difficult to develop fully-automated analysis routines for phase contrast TEM studies using conventional image processing tools. For automated analysis of large sample regions of graphene, one of the key problems is segmentation between the structure of interest and unwanted structures such as surface contaminant layers. In this study, we compare the performance of a conventional Bragg filtering method to a deep learning routine based on the U-Net architecture. We show that the deep learning method is more general, simpler to apply in practice, and produces more accurate and robust results than the conventional algorithm. We provide easily-adaptable source code for all results in this paper, and discuss potential applications for deep learning in fully-automated TEM image analysis.
△ Less
Submitted 9 December, 2020;
originally announced December 2020.
-
A Public Network Trace of a Control and Automation System
Authors:
Gorby Kabasele Ndonda,
Ramin Sadre
Abstract:
The increasing number of attacks against automation systems such as SCADA and their network infrastructure have demonstrated that there is a need to secure those systems. Unfortunately, directly applying existing ICT security mechanisms to automation systems is hard due to constraints of the latter, such as availability requirements or limitations of the hardware. Thus, the solution privileged by…
▽ More
The increasing number of attacks against automation systems such as SCADA and their network infrastructure have demonstrated that there is a need to secure those systems. Unfortunately, directly applying existing ICT security mechanisms to automation systems is hard due to constraints of the latter, such as availability requirements or limitations of the hardware. Thus, the solution privileged by researchers is the use of network-based intrusion detection systems (N-IDS). One of the issue that many researchers encounter is how to validate and evaluate their N-IDS. Having access to a real and large automation systems for experimentation is almost impossible as companies are not inclined to give access to their systems due to obvious concerns. The few public traffic datasets that could be used for off-line experiments are either synthetic or collected at small testbeds. In this paper, we will describe and characterize a public traffic dataset collected at the HVAC management system of a university campus. Although the dataset contains only packet headers, we believe that it can help researchers, in particular designers of flow-based IDS, to validate their solutions under more realistic conditions. The traces can be found on https://github.com/gkabasele/HVAC_Traces.
△ Less
Submitted 6 August, 2019;
originally announced August 2019.