A Lightweight Protocol for Secure Video Streaming

A Reversible Watermarking System for Medical Color Images: Balancing Capacity, Imperceptibility, and Robustness

The authenticity and integrity of medical images in telemedicine has to be protected. Robust reversible watermarking (RRW) algorithms provide copyright protection and the original images can be recovered at the receiver’s end. However, the existing algorithms have limitations in their ability to balance the tradeoff among robustness, imperceptibility, and embedded capacity. Some of them are even not completely reversible. Besides, most medical image watermarking algorithms are not designed for color images. To improve their performance in protecting medical color image information, we propose a novel RRW scheme based on the discrete wavelet transform (DWT). First, the DWT provides a robust solution. Second, the modification of the wavelet domain coefficient guarantees the changes of integer values in the spatial domain and ensures the reversibility of the watermarking scheme. Third, the embedding scheme makes full use of the characteristics of the original image and watermarking. This reduces the modification of the original image and ensures better imperceptibility. Lastly, the selection of the Zernike moments order for geometric correction is optimized to predict attack parameters more accurately by using less information. This enhances the robustness of the proposed scheme against geometric attacks such as rotation and scaling. The proposed scheme is robust against common and geometric attacks and has a high embedding capacity without obvious distortion of the image. The paper contributes towards improving the security of medical images in remote healthcare.

Towards secure and network state aware bitrate adaptation at IoT edge

Video streaming is critical in IoT systems, enabling a variety of applications such as traffic monitoring and health caring. Traditional adaptive bitrate streaming (ABR) algorithms mainly focus on improving Internet video streaming quality where network conditions are relatively stable. These approaches, however, suffer from performance degradation at IoT edge. In IoT systems, the wireless channels are prone to interference and malicious attacks, which significantly impacts Quality-of-Experience (QoE) for video streaming applications. In this paper, we propose a secure and network-state-aware solution, SASA, to address these challenges. We first study the buffer-level constraint when increasing bitrate. We then analyze the impact of throughput overestimation in bitrate decisions. Based on these results, SASA is designed to consist of both an offline and an online phase. In the offline phase, SASA precomputes the best configurations of ABR algorithms under various network conditions. In the online phase, SASA adopts an online Bayesian changepoint detection method to detect network changes and apply precomputed configurations to make bitrate decisions. We implement SASA and evaluate its performance using 429 real network traces. We show that the SASA outperforms state-of-the-art ABR algorithms such as RobustMPC and Oboe in the IoT environment through extensive experiments.

Covert Timing Channel Analysis Either as Cyber Attacks or Confidential Applications

Covert timing channels are an important alternative for transmitting information in the world of the Internet of Things (IoT). In covert timing channels data are encoded in inter-arrival times between consecutive packets based on modifying the transmission time of legitimate traffic. Typically, the modification of time takes place by delaying the transmitted packets on the sender side. A key aspect in covert timing channels is to find the threshold of packet delay that can accurately distinguish covert traffic from legitimate traffic. Based on that we can assess the level of dangerous of security threats or the quality of transferred sensitive information secretly. In this paper, we study the inter-arrival time behavior of covert timing channels in two different network configurations based on statistical metrics, in addition we investigate the packet delaying threshold value. Our experiments show that the threshold is approximately equal to or greater than double the mean of legitimate inter-arrival times. In this case covert timing channels become detectable as strong anomalies.

Access Latency Reduction in the QUIC Protocol Based on Communication History

Internet traffic is experiencing rapid growth, with the majority of traffic generated from video steaming, web data services and Internet of Things. As these services include the transmission of small data, such as web pages, video chunks and sensing data, data latency affects the quality of experience rather than the throughput. Therefore, this study aims to decrease latency to improve the quality of the user experience. To this end, we measure the web service delay and throughput in mobile networks. The results indicate a low quality experience for mobile users, even though mobile networks support a large throughput. We therefore propose a light-weight latency reduction scheme for the Quick UDP Internet Connections (QUIC) protocol. The proposed scheme calculates the average congestion window, which is utilized as the initial congestion window when a new connection is established. The proposed scheme is evaluated through experiments on a testbed. The results show that our scheme reduces latency significantly. The results of this study can help improve user experiences of video streaming and web data services.

An Edge-Fog Secure Self-Authenticable Data Transfer Protocol

Development of the Internet of Things (IoT) opens many new challenges. As IoT devices are getting smaller and smaller, the problems of so-called “constrained devices” arise. The traditional Internet protocols are not very well suited for constrained devices comprising localized network nodes with tens of devices primarily communicating with each other (e.g., various sensors in Body Area Network communicating with each other). These devices have very limited memory, processing, and power resources, so traditional security protocols and architectures also do not fit well. To address these challenges the Fog computing paradigm is used in which all constrained devices, or Edge nodes, primarily communicate only with less-constrained Fog node device, which collects all data, processes it and communicates with the outside world. We present a new lightweight secure self-authenticable transfer protocol (SSATP) for communications between Edge nodes and Fog nodes. The primary target of the proposed protocol is to use it as a secure transport for CoAP (Constrained Application Protocol) in place of UDP (User Datagram Protocol) and DTLS (Datagram Transport Layer Security), which are traditional choices in this scenario. SSATP uses modified header fields of standard UDP packets to transfer additional protocol handling and data flow management information as well as user data authentication information. The optional redundant data may be used to provide increased resistance to data losses when protocol is used in unreliable networks. The results of experiments presented in this paper show that SSATP is a better choice than UDP with DTLS in the cases, where the CoAP block transfer mode is used and/or in lossy networks.

A Study on Security and Privacy Guidelines, Countermeasures, Threats: IoT Data at Rest Perspective

The Internet of Things (IoT) makes our lives much easier, more valuable, and less stressful due to the development of many applications around us including smart cities, smart cars, and smart grids, offering endless services and solutions. Protecting IoT data of such applications at rest either on the objects or in the cloud is an indispensable requirement for achieving a symmetry in the handling and protection of the IoT, as we do with data created by persons and applications. This is because unauthorised access to such data may lead to harmful consequences such as linkage attacks, loss of privacy, and data manipulation. Such undesired implications may jeopardise the existence of IoT applications if protection measures are not taken, and they stem from two main factors. One is that IoT objects have limited capabilities in terms of memory capacity, battery life, and computational power that hamper the direct implementation of conventional Internet security solutions without some modifications (e.g., traditional symmetric algorithms). Another factor is the absence of widely accepted IoT security and privacy guidelines for IoT data at rest and their appropriate countermeasures, which would help IoT stakeholders (e.g., developers, manufacturers) to develop secure IoT systems and therefore enhance IoT security and privacy by design. Toward this end, we first briefly describe the main IoT security goals and identify IoT stakeholders. Moreover, we briefly discuss the most well-known data protection frameworks (e.g., General Data Protection Regulation (GDPR), Health Insurance Portability (HIPAA)). Second, we highlight potential attacks and threats against data at rest and show their violated security goals (e.g., confidentiality and integrity). Third, we review a list of protection measures by which our proposed guidelines can be accomplished. Fourth, we propose a framework of security and privacy guidelines for IoT data at rest that can be utilised to enhance IoT security and privacy by design and establish a symmetry with the protection of user-created data. Our framework also presents the link between the suggested guidelines, mitigation techniques, and attacks. Moreover, we state those IoT stakeholders (e.g., manufacturers, developers) who will benefit most from these guidelines. Finally, we suggest several open issues requiring further investigation in the future, and we also discuss the limitations of our suggested framework.

A Comprehensive Study of Security and Privacy Guidelines, Threats, and Countermeasures: An IoT Perspective

As Internet of Things (IoT) involvement increases in our daily lives, several security and privacy concerns like linkability, unauthorized conversations, and side-channel attacks are raised. If they are left untouched, such issues may threaten the existence of IoT. They derive from two main reasons. One is that IoT objects are equipped with limited capabilities in terms of computation power, memory, and bandwidth which hamper the direct implementation of traditional Internet security techniques. The other reason is the absence of widely-accepted IoT security and privacy guidelines and their appropriate implementation techniques. Such guidelines and techniques would greatly assist IoT stakeholders like developers and manufacturers, paving the road for building secure IoT systems from the start and, thus, reinforcing IoT security and privacy by design. In order to contribute to such objective, we first briefly discuss the primary IoT security goals and recognize IoT stakeholders. Second, we propose a comprehensive list of IoT security and privacy guidelines for the edge nodes and communication levels of IoT reference architecture. Furthermore, we point out the IoT stakeholders such as customers and manufacturers who will benefit most from these guidelines. Moreover, we identify a set of implementation techniques by which such guidelines can be accomplished, and possible attacks against previously-mentioned levels can be alleviated. Third, we discuss the challenges of IoT security and privacy guidelines, and we briefly discuss digital rights management in IoT. Finally, through this survey, we suggest several open issues that require further investigation in the future. To the best of the authors’ knowledge, this work is the first survey that covers the above-mentioned objectives.