Detecting Man-in-the-Middle Attack in Fog Computing for Social Media

Fog computing(FC)is a networking paradigm where wireless devices known as fog nodes are placed at the edge of the network(close to the Internet of Things(IoT)devices).Fog nodes provide services in lieu of the cloud.Thus,improving the performance of the network and making it attractive to social media-based systems.Security issues are one of the most challenges encountered in FC.In this paper,we propose an anomalybased Intrusion Detection and Prevention System(IDPS)against Man-in-theMiddle(MITM)attack in the fog layer.The system uses special nodes known as Intrusion Detection System(IDS)nodes to detect intrusion in the network.They periodically monitor the behavior of the fog nodes in the network.Any deviation from normal network activity is categorized as malicious,and the suspected node is isolated.ExponentiallyWeighted Moving Average(EWMA)is added to the system to smooth out the noise that is typically found in social media communications.Our results(with 95%confidence)show that the accuracy of the proposed system increases from 80%to 95%after EWMA is added.Also,with EWMA,the proposed system can detect the intrusion from 0.25–0.5 s seconds faster than that without EWMA.However,it affects the latency of services provided by the fog nodes by at least 0.75–1.3 s.Finally,EWMA has not increased the energy overhead of the system,due to its lightweight.

论Man-in-the-Middle Attack对“云”资源威胁

本文主要论述了Man-in-the-Middle Attack(中间人攻击)原理以及中间人攻击如何对"云"资源进行攻击可行性,并讨论了相应的防御机制,最后对云资源安全做出了总结和展望。

Developing a platform to evaluate and assess the security of wearable devices

Operating in a body area network around a smartphone user, wearables serve a variety of commercial, medical and personal uses. Depending on a certain smartphone application, a wearable can capture sensitive data about the user and provide critical, possibly life-or-death, functionality. When using wearables, security problems might occur on hardware/software of wearables, connected phone apps or web services devices, or Bluetooth channels used for communication. This paper develops an open source platform called SecuWear for identifying vulnerabilities in these areas and facilitating wearable security research to mitigate them. SecuWear supports the creation, evaluation, and analysis of security vulnerability tests on actual hardwares. Extending earlier results, this paper includes an empirical evaluation that demonstrates proof of concept attacks on commercial wearable devices and shows how SecuWear captures the information necessary for identifying such attacks. Also included is a process for releasing attack and mitigation information to the security community.

A Dual Detection Method for Siemens Inverter Motor Modbus RTU Attack

Since the Modbus RTU wired communication protocol of Siemens variable frequency motors is unstable and lacks a protection mechanism, there is a risk of user information leakage. Aiming at the problems of insufficient flexibility of traditional defense methods and poor defense effects, The present work proposed a new dual detection method based on MODBUS RTU, which combines the dual monitoring mechanism of “Address Resolution Protocol (ARP) request detection” and “ARP response detection”. In order to improve detection efficiency, two real-time updated linear tables are introduced, which can effectively deal with the three ARP spoofing methods of updating the ARP buffer. Based on the analysis of the hidden dangers of the Modbus RTU wired communication protocol, a wired connection between the S7-1200 PLC and the variable frequency motor was established, and a real experimental platform was constructed to demonstrate the attack. The intensity of ARP attacks has gradually increased over time. Through comparative experiments with traditional defense methods, it is proved that the algorithm enhances the protocol mechanism in principle, and is more flexible and reliable than traditional methods.

A Security Patch for a Three-Party Key Exchange Protocol

The CLC protocol （proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short） is a new three-party password-authenticated key exchange （3PAKE） protocol. This CLC protocol provides a superior round efficiency （only three rounds）, and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.

Security Analysis of Application Layer Protocols on Wireless Local Area Networks

This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users' connection, the connection managers will automatically research the last access point's extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users' access points, they can pass AL's authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users' account details, passwords, data and privacy.