No. 4 (2015)

Published: 2015-12-30

Preface

ARTICLES FROM THIS ISSUE

  • Intrusion Detection in Software Defined Networks with Self-organized Maps

    Abstract

    The Software Defined Network (SDN) architecture provides new opportunities to implement security mechanisms in terms of unauthorized activities detection. At the same time, there are certain risks associated with this technology. The presented approach covers a conception of the measurement method, virtual testbed and classification mechanism for SDNs. The paper presents a measurement method which allows collecting network traffic flow parameters, generated by a virtual SDN environment. The collected dataset can be used in machine learning methods to detect unauthorized activities.

    Damian Jankowski, Marek Amanowicz
    3-9

  • Intrusion Detection in Heterogeneous Networks of Resource-Limited Things

    Abstract

    The paper discusses the threats to networks of resource-limited things such as wireless sensors and the different mechanisms used to deal with them. A novel approach to threat detection is proposed. MOTHON is a movementassisted threat detection system using mobility to enhance a global threat assessment and provide a separate physical secure channel to deliver collected information.

    Adam Kozakiewicz, Krzysztof Lasota, Michał Marks
    10-14

  • Quaternion Feistel Cipher with an Infinite Key Space Based on Quaternion Julia Sets

    Abstract

    In this paper Quaternion Feistel Cipher (QFC) with an infinite key space based on quaternion Julia sets is proposed. The basic structure of the algorithm is based on the scheme proposed in 2012 by Sastry and Kumar. The proposed algorithm uses special properties of quaternions to perform rotations of data sequences in 3D space for each of the cipher rounds. It also uses Julia sets to form an infinite key space. The plaintext is divided into two square matrices of equal size and written using Lipschitz quaternions. A modular arithmetic was implemented for operations with quaternions. A computer-based analysis has been carried out and obtained results are shown at the end of this paper.

    Mariusz Dzwonkowski, Roman Rykaczewski
    15-21

  • Evaluation of the Cyber Security Provision System for Critical Infrastructure

    Abstract

    The paper presents an assessment of the functional mechanisms that are part of the security system for the power grid control. The security system, its components, and the real time processes for the control of electricity supply were defined. In particular, SCADA protocols used in the control system and mechanisms for transferring them between the control center and actuators were identified. The paper also includes presentation of a test environment that is used for developed security mechanisms evaluation. In the last fragment of the paper, the test scenarios were formulated and the results obtained in the cyber security system were shown, which cover security probes reaction delay, forged malicious IEC 60870-5-104 traffic detection, DarkNet and HoneyPot interception of adversary actions, and dynamic firewall rules creation.

    Jacek Jarmakiewicz, Krzysztof Maślanka, Krzysztof Parobczak
    22-29

  • Detecting Security Violations Based on Multilayered Event Log Processing

    Abstract

    The article proposes a log analysis approach to detection of security violations, based on a four layer design. First layer, named the event source layer, describes sources of information that can be used for misuse investigation. Transport layer represents the method of collecting event data, preserving it in the form of logs and passing it to another layer, called the analysis layer. This third layer is responsible for analyzing the logs’ content, picking relevant information and generating security alerts. Last layer, called normalization layer, is custom software which normalizes and correlates produced alerts to raise notice on more complex attacks. Logs from remote hosts are collected by using rsyslog software and OSSEC HIDS with custom decoders and rules is used on a central log server for log analysis. A novel method of handling OSSEC HIDS alerts by their normalization and correlation is proposed. The output can be optionally suppressed to protect the system against alarm flood and reduce the count of messages transmitted in the network.

    Przemysław Malec, Anna Piwowar
    30-36

  • SHaPe: A Honeypot for Electric Power Substation

    Abstract

    Supervisory Control and Data Acquisition (SCADA) systems play a crucial role in national critical infrastructures, and any failure may result in severe damages. Initially SCADA networks were separated from other networks and used proprietary communications protocols that were well known only to the device manufacturers. At that time such isolation and obscurity ensured an acceptable security level. Nowadays, modern SCADA systems usually have direct or indirect Internet connection, use open protocols and commercial-off-the-shelf hardware and software. This trend is also noticeable in the power industry. Present substation automation systems (SASs) go beyond traditional SCADA and employ many solutions derived from Information and Communications Technology (ICT). As a result electric power substations have become more vulnerable for cybersecurity attacks and they need ICT security mechanisms adaptation. This paper shows the SCADA honeypot that allows detecting unauthorized or illicit traffic in SAS which communication architecture is defined according to the IEC 61850 standard.

    Kamil Kołtyś, Robert Gajewski
    37-43

  • Uniqueness and Reproducibility of Traffic Signatures

    Abstract

    Usable user authentication is an important research topic. The traffic signature-based approach is a new authentication technology that identifies the devices used by online users based on traffic signatures, where the traffic signature is a statistic of the video stream delivered by the authentication server to the user device. This approach has two advantages. First, users need not do any operations regarding the device identification. Second, users need not be sensitive to the privacy loss and computer theft. In this paper, an author evaluates the uniqueness and reproducibility of the signature by introducing a function that quantifies the distance between two signatures. Through number of experiments is demonstrated that the process interference approach has the advantage of generating new signatures that are sufficiently distinguishable from one another.

    Kazumasa Oida
    44-53

  • On Providing Cloud-awareness to Client's DASH Application by Using DASH over HTTP/2

    Abstract

    Mobile Cloud Networks group together mobile users and clouds containing content servers. Hence, they are an ideal framework for media content delivery. Streamswitching adaptive video players cope well with some limitations of Mobile Cloud Networks as low bandwidth and bandwidth variability in access network. Nonetheless, other limitations, as cloud congestion, are difficult to be managed by the video players. This paper presents a system for discovering fault situations at the cloud (e.g., cloud congestion) and notifying to the video player, which will take appropriate actions for saving the quality of media transmission. In proposed implementation the video application is DASH-capable and adaptation action may be both stream rate adaptation and content server adaptation. The communication between client and server uses “bidirectional” communication feature of HTTP/2 thanks to the new deployed modules running DASH over HTTP/2 in both client’s and server’s applications.

    Jordi Mongay Batalla, Piotr Krawiec, Daniel Negru, Joachim Bruneau-Queyreix, Eugen Borcoci, Andrzej Bęben, Piotr Wiśniewski
    54-64

  • Analysis of Burst Ratio in Concatenated Channels

    Abstract

    Burst ratio is a parameter that quantifies packet loss patterns in transmission networks. It has been defined for an end-to-end scenario, therefore burst ratio can be determined only if the characteristics of the whole transmission path are known. In this paper, the burst ratio parameter applicability to cases when the transmission path consists of a series of transmission channels with known packet loss rate and burst ratio values is extended. The paper also presents the results of simulations performed with NS2 software, demonstrating the validity of the burst ratio analysis. Consequently, the research makes it possible to determine the value of the burst ratio parameter in concatenated packet networks, which in turn supports delivering higher quality VoIP services.

    Jakub Rachwalski, Zdzisław Papir
    65-73

  • Measured Interference of LTE Uplink Signals on DVB-T Channels

    Abstract

    Because of the decision, taken during the ITU WRC-07, to allocate the upper part of the so-called digital dividend spectrum for mobile services on a co-primary basis with TV broadcast services, the involved stakeholders have a great interest in avoiding any interference caused by signals transmitted in adjacent bands. In this context the paper presents some experimental results of a study addressed to assess the effects produced by an interferential LTE signal transmitted from a user terminal when it is in proximity of a television antenna that receives DVB-T signals. The study has been conducted in the context of collaboration between Fondazione Ugo Bordoni and ISCTI, the scientific and technical body of the Italian Ministry of Economic Development, using high professional laboratory equipments and considering different experimental simulation test setups. Several simulation scenarios have been analyzed and results in terms of protection ratio and protection distance have been carried out.

    Massimo Celidonio, Pier Giorgio Masullo, Lorenzo Pulcini, Manuela Vaser
    74-85

  • The Integration, Analysis and Visualization of Sensor Data from Dispersed Wireless Sensor Network Systems Using the SWE Framework

    Abstract

    Wireless Sensor Networks (WSNs) have been used in numerous applications to remotely gather real-time data on important environmental parameters. There are several projects where WSNs are deployed in different locations and operate independently. Each deployment has its own models, encodings, and services for sensor data, and are integrated with different types of visualization/analysis tools based on individual project requirements. This makes it difficult to reuse these services for other WSN applications. A user/system is impeded by having to learn the models, encodings, and services of each system, and also must integrate/interoperate data from different data sources. Sensor Web Enablement (SWE) provides a set of standards (web service interfaces and data encoding/model specifications) to make sensor data publicly available on the web. This paper describes how the SWE framework can be extended to integrate disparate WSN systems and to support standardized access to sensor data. The proposed system also introduces a web-based data visualization and statistical analysis service for data stored in the Sensor Observation Service (SOS) by integrating open source technologies. A performance analysis is presented to show that the additional features have minimal impact on the system. Also some lessons learned through implementing SWE are discussed.

    Yong Jin Lee, Jarrod Trevathan, Ian Atkinson, Wayne Read
    86-97

  • Lorentzian Operator for Angular Source Localization with Large Array

    Abstract

    Source localization problem consists of an ensemble of techniques that are used to obtain spatial information of present radiation in given medium of propagation, with a constraint of the antenna geometry and the characteristics of radiating sources. This condition gives multitude of cases to study, hence several methods were proposed in the literature. In this paper, a new algorithm for estimating the Direction of Arrival (DoA) of narrowband and far field punctual sources is introduced. By exploiting the spectrum of covariance matrix of received data, the Lorentzian function on spectral matrix to filter the eigenvalues is applied. This filtering process eliminates the eigenvalues belonging to signal subspace. Parameters of Lorentz function are adjusted using first and second statistics of eigenvalues. The algorithm requires the knowledge of minimum eigenvalue and is performing when the dimension of antenna is relatively large which is confirmed by several Monte Carlo simulations.

    Said Safi, Miloud Frikel
    98-105

  • Maintenance of Lead-acid Batteries Used in Telecommunications Systems

    Abstract

    The article presents numerous problems with standby batteries used in telecommunications systems, with a particular emphasis placed on the assessment of their real capacity. The methods used to evaluate the technical condition of batteries and to measure their real capacity are presented. Also, the a new test device which measures the actual battery capacity is presented. The said measurement is based on the discharge test method and is performed with the use of a new TBA-A automated test unit. The article is targeted for electronic designers, managers and telecommunications hardware maintenance personnel, as well as for other telecommunications systems experts.

    Ryszard Kobus, Paweł Kliś , Paweł Godlewski
    106-113