-
Message Type Identification of Binary Network Protocols using Continuous Segment Similarity
Authors:
Stephan Kleber,
Rens Wouter van der Heijden,
Frank Kargl
Abstract:
Protocol reverse engineering based on traffic traces infers the behavior of unknown network protocols by analyzing observable network messages. To perform correct deduction of message semantics or behavior analysis, accurate message type identification is an essential first step. However, identifying message types is particularly difficult for binary protocols, whose structural features are hidden…
▽ More
Protocol reverse engineering based on traffic traces infers the behavior of unknown network protocols by analyzing observable network messages. To perform correct deduction of message semantics or behavior analysis, accurate message type identification is an essential first step. However, identifying message types is particularly difficult for binary protocols, whose structural features are hidden in their densely packed data representation. We leverage the intrinsic structural features of binary protocols and propose an accurate method for discriminating message types.
Our approach uses a similarity measure with continuous value range by comparing feature vectors where vector elements correspond to the fields in a message, rather than discrete byte values. This enables a better recognition of structural patterns, which remain hidden when only exact value matches are considered. We combine Hirschberg alignment with DBSCAN as cluster algorithm to yield a novel inference mechanism. By applying novel autoconfiguration schemes, we do not require manually configured parameters for the analysis of an unknown protocol, as required by earlier approaches.
Results of our evaluations show that our approach has considerable advantages in message type identification result quality and also execution performance over previous approaches.
△ Less
Submitted 7 November, 2022; v1 submitted 9 February, 2020;
originally announced February 2020.
-
Multi-Source Fusion Operations in Subjective Logic
Authors:
Rens Wouter van der Heijden,
Henning Kopp,
Frank Kargl
Abstract:
The purpose of multi-source fusion is to combine information from more than two evidence sources, or subjective opinions from multiple actors. For subjective logic, a number of different fusion operators have been proposed, each matching a fusion scenario with different assumptions. However, not all of these operators are associative, and therefore multi-source fusion is not well-defined for these…
▽ More
The purpose of multi-source fusion is to combine information from more than two evidence sources, or subjective opinions from multiple actors. For subjective logic, a number of different fusion operators have been proposed, each matching a fusion scenario with different assumptions. However, not all of these operators are associative, and therefore multi-source fusion is not well-defined for these settings. In this paper, we address this challenge, and define multi-source fusion for weighted belief fusion (WBF) and consensus & compromise fusion (CCF). For WBF, we show the definition to be equivalent to the intuitive formulation under the bijective mapping between subjective logic and Dirichlet evidence PDFs. For CCF, since there is no independent generalization, we show that the resulting multi-source fusion produces valid opinions, and explain why our generalization is sound. For completeness, we also provide corrections to previous results for averaging and cumulative belief fusion (ABF and CBF), as well as belief constraint fusion (BCF), which is an extension of Dempster's rule. With our generalizations of fusion operators, fusing information from multiple sources is now well-defined for all different fusion types defined in subjective logic. This enables wider applicability of subjective logic in applications where multiple actors interact.
△ Less
Submitted 3 May, 2018;
originally announced May 2018.
-
VeReMi: A Dataset for Comparable Evaluation of Misbehavior Detection in VANETs
Authors:
Rens W. van der Heijden,
Thomas Lukaseder,
Frank Kargl
Abstract:
Vehicular networks are networks of communicating vehicles, a major enabling technology for future cooperative and autonomous driving technologies. The most important messages in these networks are broadcast-authenticated periodic one-hop beacons, used for safety and traffic efficiency applications such as collision avoidance and traffic jam detection. However, broadcast authenticity is not suffici…
▽ More
Vehicular networks are networks of communicating vehicles, a major enabling technology for future cooperative and autonomous driving technologies. The most important messages in these networks are broadcast-authenticated periodic one-hop beacons, used for safety and traffic efficiency applications such as collision avoidance and traffic jam detection. However, broadcast authenticity is not sufficient to guarantee message correctness. The goal of misbehavior detection is to analyze application data and knowledge about physical processes in these cyber-physical systems to detect incorrect messages, enabling local revocation of vehicles transmitting malicious messages. Comparative studies between detection mechanisms are rare due to the lack of a reference dataset. We take the first steps to address this challenge by introducing the Vehicular Reference Misbehavior Dataset (VeReMi) and a discussion of valid metrics for such an assessment. VeReMi is the first public extensible dataset, allowing anyone to reproduce the generation process, as well as contribute attacks and use the data to compare new detection mechanisms against existing ones. The result of our analysis shows that the acceptance range threshold and the simple speed check are complementary mechanisms that detect different attacks. This supports the intuitive notion that fusion can lead to better results with data, and we suggest that future work should focus on effective fusion with VeReMi as an evaluation baseline.
△ Less
Submitted 18 April, 2018;
originally announced April 2018.
-
Blackchain: Scalability for Resource-Constrained Accountable Vehicle-to-X Communication
Authors:
Rens Wouter van der Heijden,
Felix Engelmann,
David Mödinger,
Franziska Schönig,
Frank Kargl
Abstract:
In this paper, we propose a new Blockchain-based message and revocation accountability system called Blackchain. Combining a distributed ledger with existing mechanisms for security in V2X communication systems, we design a distributed event data recorder (EDR) that satisfies traditional accountability requirements by providing a compressed global state. Unlike previous approaches, our distributed…
▽ More
In this paper, we propose a new Blockchain-based message and revocation accountability system called Blackchain. Combining a distributed ledger with existing mechanisms for security in V2X communication systems, we design a distributed event data recorder (EDR) that satisfies traditional accountability requirements by providing a compressed global state. Unlike previous approaches, our distributed ledger solution provides an accountable revocation mechanism without requiring trust in a single misbehavior authority, instead allowing a collaborative and transparent decision making process through Blackchain. This makes Blackchain an attractive alternative to existing solutions for revocation in a Security Credential Management System (SCMS), which suffer from the traditional disadvantages of PKIs, notably including centralized trust. Our proposal becomes scalable through the use of hierarchical consensus: individual vehicles dynamically create clusters, which then provide their consensus decisions as input for road-side units (RSUs), which in turn publish their results to misbehavior authorities. This authority, which is traditionally a single entity in the SCMS, responsible for the integrity of the entire V2X network, is now a set of authorities that transparently perform a revocation, whose result is then published in a global Blackchain state. This state can be used to prevent the issuance of certificates to previously malicious users, and also prevents the authority from misbehaving through the transparency implied by a global system state.
△ Less
Submitted 24 October, 2017;
originally announced October 2017.
-
Analyzing Attacks on Cooperative Adaptive Cruise Control (CACC)
Authors:
Rens Wouter van der Heijden,
Thomas Lukaseder,
Frank Kargl
Abstract:
Cooperative Adaptive Cruise Control (CACC) is one of the driving applications of vehicular ad-hoc networks (VANETs) and promises to bring more efficient and faster transportation through cooperative behavior between vehicles. In CACC, vehicles exchange information, which is relied on to partially automate driving; however, this reliance on cooperation requires resilience against attacks and other…
▽ More
Cooperative Adaptive Cruise Control (CACC) is one of the driving applications of vehicular ad-hoc networks (VANETs) and promises to bring more efficient and faster transportation through cooperative behavior between vehicles. In CACC, vehicles exchange information, which is relied on to partially automate driving; however, this reliance on cooperation requires resilience against attacks and other forms of misbehavior. In this paper, we propose a rigorous attacker model and an evaluation framework for this resilience by quantifying the attack impact, providing the necessary tools to compare controller resilience and attack effectiveness simultaneously. Although there are significant differences between the resilience of the three analyzed controllers, we show that each can be attacked effectively and easily through either jamming or data injection. Our results suggest a combination of misbehavior detection and resilient control algorithms with graceful degradation are necessary ingredients for secure and safe platoons.
△ Less
Submitted 8 December, 2017; v1 submitted 16 October, 2017;
originally announced October 2017.
-
Electrically driven quantum light emission in electromechanically-tuneable photonic crystal cavities
Authors:
M. Petruzzella,
F. M. Pagliano,
Z. Zobenica,
S. Birindelli,
M. Cotrufo,
F. W. M van Otten,
R. W. van der Heijden,
A. Fiore
Abstract:
A single quantum dot deterministically coupled to a photonic crystal environment constitutes an indispensable elementary unit to both generate and manipulate single-photons in next-generation quantum photonic circuits. To date, the scaling of the number of these quantum nodes on a fully-integrated chip has been prevented by the use of optical pumping strategies that require a bulky off-chip laser…
▽ More
A single quantum dot deterministically coupled to a photonic crystal environment constitutes an indispensable elementary unit to both generate and manipulate single-photons in next-generation quantum photonic circuits. To date, the scaling of the number of these quantum nodes on a fully-integrated chip has been prevented by the use of optical pumping strategies that require a bulky off-chip laser along with the lack of methods to control the energies of nano-cavities and emitters. Here, we concurrently overcome these limitations by demonstrating electrical injection of single excitonic lines within a nano-electro-mechanically tuneable photonic crystal cavity. When an electrically-driven dot line is brought into resonance with a photonic crystal mode, its emission rate is enhanced. Anti-bunching experiments reveal the quantum nature of these on-demand sources emitting in the telecom range. These results represent an important step forward in the realization of integrated quantum optics experiments featuring multiple electrically-triggered Purcell-enhanced single-photon sources embedded in a reconfigurable semiconductor architecture.
△ Less
Submitted 8 October, 2017; v1 submitted 18 June, 2017;
originally announced June 2017.
-
Enhanced Position Verification for VANETs using Subjective Logic
Authors:
Rens W. van der Heijden,
Ala'a Al-Momani,
Frank Kargl,
Osama M. F. Abu-Sharkh
Abstract:
The integrity of messages in vehicular ad-hoc networks has been extensively studied by the research community, resulting in the IEEE~1609.2 standard, which provides typical integrity guarantees. However, the correctness of message contents is still one of the main challenges of applying dependable and secure vehicular ad-hoc networks. One important use case is the validity of position information…
▽ More
The integrity of messages in vehicular ad-hoc networks has been extensively studied by the research community, resulting in the IEEE~1609.2 standard, which provides typical integrity guarantees. However, the correctness of message contents is still one of the main challenges of applying dependable and secure vehicular ad-hoc networks. One important use case is the validity of position information contained in messages: position verification mechanisms have been proposed in the literature to provide this functionality. A more general approach to validate such information is by applying misbehavior detection mechanisms. In this paper, we consider misbehavior detection by enhancing two position verification mechanisms and fusing their results in a generalized framework using subjective logic. We conduct extensive simulations using VEINS to study the impact of traffic density, as well as several types of attackers and fractions of attackers on our mechanisms. The obtained results show the proposed framework can validate position information as effectively as existing approaches in the literature, without tailoring the framework specifically for this use case.
△ Less
Submitted 31 March, 2017; v1 submitted 30 March, 2017;
originally announced March 2017.
-
Survey on Misbehavior Detection in Cooperative Intelligent Transportation Systems
Authors:
Rens W. van der Heijden,
Stefan Dietzel,
Tim Leinmüller,
Frank Kargl
Abstract:
Cooperative Intelligent Transportation Systems (cITS) are a promising technology to enhance driving safety and efficiency. Vehicles communicate wirelessly with other vehicles and infrastructure, thereby creating a highly dynamic and heterogeneously managed ad-hoc network. It is these network properties that make it a challenging task to protect integrity of the data and guarantee its correctness.…
▽ More
Cooperative Intelligent Transportation Systems (cITS) are a promising technology to enhance driving safety and efficiency. Vehicles communicate wirelessly with other vehicles and infrastructure, thereby creating a highly dynamic and heterogeneously managed ad-hoc network. It is these network properties that make it a challenging task to protect integrity of the data and guarantee its correctness. A major component is the problem that traditional security mechanisms like PKI-based asymmetric cryptography only exclude outsider attackers that do not possess key material. However, because attackers can be insiders within the network (i.e., possess valid key material), this approach cannot detect all possible attacks. In this survey, we present misbehavior detection mechanisms that can detect such insider attacks based on attacker behavior and information analysis. In contrast to well-known intrusion detection for classical IT systems, these misbehavior detection mechanisms analyze information semantics to detect attacks, which aligns better with highly application-tailored communication protocols foreseen for cITS. In our survey, we provide an extensive introduction to the cITS ecosystem and discuss shortcomings of PKI-based security. We derive and discuss a classification for misbehavior detection mechanisms, provide an in-depth overview of seminal papers on the topic, and highlight open issues and possible future research trends.
△ Less
Submitted 29 November, 2018; v1 submitted 21 October, 2016;
originally announced October 2016.
-
InP-based two-dimensional photonic crystals filled with polymers
Authors:
R. van der Heijden,
C. F. Carlstrom,
J. A. P. Snijders,
R. W. van der Heijden,
F. Karouta,
R. Notzel,
H. W. M. Salemink,
B. K. C. Kjellander,
C. W. M. Bastiaansen,
D. J. Broer,
E. van der Drift
Abstract:
Polymer filling of the air holes of Indium Phosphide based two-dimensional photonic crystals is reported. After infiltration of the holes with a liquid monomer and solidification of the infill in situ by thermal polymerization, complete filling is proven using scanning electron microscopy. Optical transmission measurements of a filled photonic crystal structure exhibit a redshift of the air band…
▽ More
Polymer filling of the air holes of Indium Phosphide based two-dimensional photonic crystals is reported. After infiltration of the holes with a liquid monomer and solidification of the infill in situ by thermal polymerization, complete filling is proven using scanning electron microscopy. Optical transmission measurements of a filled photonic crystal structure exhibit a redshift of the air band, confirming the complete filling.
△ Less
Submitted 16 March, 2006;
originally announced March 2006.
-
Observation of the screening signature in the lateral photovoltage of electrons in the Quantum Hall regime
Authors:
H. van Zalinge,
B. Oezyilmaz,
A. Boehm,
R. W. van der Heijden,
J. H. Wolter,
P. Wyder
Abstract:
The lateral photovoltage generated in the plane of a two-dimensional electron system (2DES) by a focused light spot, exhibits a fine-structure in the quantum oscillations in a magnetic field near the Quantum Hall conductivity minima. A double peak structure occurs near the minima of the longitudinal conductivity oscillations. This is the characteristic signature of the interplay between screenin…
▽ More
The lateral photovoltage generated in the plane of a two-dimensional electron system (2DES) by a focused light spot, exhibits a fine-structure in the quantum oscillations in a magnetic field near the Quantum Hall conductivity minima. A double peak structure occurs near the minima of the longitudinal conductivity oscillations. This is the characteristic signature of the interplay between screening and Landau quantization.
△ Less
Submitted 5 September, 2001;
originally announced September 2001.
-
Hall magnetocapacitance in two-dimensional electron systems
Authors:
A. M. C. Valkering,
P. K. H. Sommerfeld,
R. A. M. van de Ven,
R. W. van der Heijden,
F. A. P. Blom,
M. J. Lea,
F. M. Peeters
Abstract:
The magnetocapacitance of a two-dimensional electron system (2DES) is investigated experimentally, both under and away from Quantum Hall (QH) conditions, at frequencies between 1 kHz and 100 MHz. The nature of the capacitive signal in a bounded 2DES is determined by a resistive cut-off frequency 1/$τ\propto σ_{xx}$, the longitudinal magnetoconductivity. A new response mechanism is reported for a…
▽ More
The magnetocapacitance of a two-dimensional electron system (2DES) is investigated experimentally, both under and away from Quantum Hall (QH) conditions, at frequencies between 1 kHz and 100 MHz. The nature of the capacitive signal in a bounded 2DES is determined by a resistive cut-off frequency 1/$τ\propto σ_{xx}$, the longitudinal magnetoconductivity. A new response mechanism is reported for angular frequencies $ω> 1/τ$, which is controlled by the $\em transverse$ or Hall conductivity $σ_{xy}$ and the boundaries of the sample, even at frequencies far below those of the Edge Magnetoplasma resonances and away from the QH-conditions.
△ Less
Submitted 28 October, 1998;
originally announced October 1998.