AIU3 – Security and Reliability
Thursday, 5 June 2025, 16:00-17:30, room 1.B
Session Chair: Madhusanka Liyanage (University College Dublin, IE)
Mitigating DoS Attacks in mMTC: an Energy Efficiency Perspective
Shakthi Gimhana Hingurala Arachchige Don and Ijaz Ahmad (University of Oulu, Finland); Pawani Porambage (VTT Technical Research Centre of Finland, Finland); Erkki Harjula (University of Oulu, Finland)
Enhanced capabilities of 6G networks demand a secure and efficient computing continuum for data processing. Edge-cloud continuum utilization for hospital applications is an emerging research field. In the edge-cloud continuum, even though the local-edge tier provides benefits by bringing computing resources near the data source, resource limitation of that tier is a major concern for deploying security algorithms. Focusing on that technical obstacle, this paper provides an experimental analysis of the local edge tier for security aspects. This research utilizes a laboratory network testbed and considers remote patient monitoring (RPM) as the massive machine-type communications (mMTC) application scenario. Focused security aspects are profiling the energy consumption caused by denial of Service (DoS) attacks and energy-efficient deployments of the rate-limiting defense mechanism at the local-edge tier with experimental validations.
DEBAC: Dynamic Explainable Behavior-Based Access Control
Lucía Cabanillas Rodríguez (Telefónica Innovación Digital, Spain); Juan Manuel Montes-Lopez (Universidad Carlos III de Madrid, Spain); Diego Lopez (Telefonica I+D, Spain); Pablo Serrano (Universidad Carlos III de Madrid, Spain)
Traditional access control mechanisms rely on static policies that lack flexibility in adapting to dynamic security threats. In this paper, we present DEBAC: a Dynamic Explainable Behavior-based Access Control architecture, which supports a dynamic assessment of a device trust. Our approach leverages Explainable Boosting Machines (EBMs) to compute a trust score in real-time while providing human-interpretable explanations for access decisions. This dynamic and explainable trust evaluation serves as the cornerstone for defining adaptive access policies, supporting a dynamic response to behavioral deviations. We demonstrate the feasibility of DEBAC with real-life data from a campus WLAN, proving the ability of EBMs to accurately distinguishing between devices while providing a human interpretable explanation for the classification.
Optimizing Federated Learning on Non-IID Data with Clustering and Model Sharing
Qufei Zhang (University College Dublin, Ireland & Carnegie Mellon University, USA); Yunshuang Wang (Institute of Information Engineering, Chinese Academy of Sciences & School of Cyber Security, University of Chinese Academy of Sciences, China); Gengsheng Li (Institute of Automation, Chinese Academy of Sciences & School of Artificial Intelligence, University of Chinese Academy of Sciences, China); Barry G Cardiff and Pasika Ranaweera (University College Dublin, Ireland)
The increased amount of data generated by edge computing has necessitated the development of efficient methods to leverage this vast information. Federated Learning (FL) offers a promising solution by enabling distributed model training while preserving privacy. However, FL faces challenges with Non-Independent and Identically Distributed (Non-IID) data, which can impact model accuracy and convergence. To address this, we propose a three-stage framework that effectively trains models in Non-IID scenarios. Our approach effectively reduces the effect of Non-IID by classifying IID clients, evaluating model performance through model sharing, and dynamically adjusting the weighting of each client to perform client selection. We created extreme Non-IID environments with diverse client representation. Tested on the CIFAR-10 dataset, our method improves maximum accuracy by up to 3.03% compared to other state-of-the-art and traditional methods such as FedProx and FedAvg, demonstrating its effectiveness in Non-IID scenarios.
Identifying and Exploiting a Denial-of-Service Vulnerability in the NGAP Protocol in 5G Networks
Aya Moheddine (Inria, France); Valeria Loscrí (Inria Lille-Nord Europe, France)
With the rapid evolution of communication technologies, 5G networks promise to deliver a wide range of services and higher speeds. However, as these networks integrate into critical infrastructure, ensuring their security against malicious attacks is paramount. This paper focuses on a specific security vulnerability within the Next Generation Application Protocol (NGAP), which facilitates communication between Next- Generation Node B (gNB) and Access and Mobility Management Function (AMF) in the 5G Core Network (5GCN). Through an experimental study that draws on an open source testbed based on the latest Third Generation Partnership Project (3GPP) specifications, we identify and validate a Denial-of-Service (DoS) attack. The attack exploits the absence of mandatory security measures, such as IPSec, allowing a fake to impersonate a legitimated one and inject malicious NGAP messages, causing unintended user disconnections. Although the study is conducted on an open source implementation, we discuss its broader implications, emphasizing how similar vulnerabilities could raise in commercial deployments due to operator-specific configurations and optional security controls in 3GPP standards. Mitigation strategies, including enforcing mandatory security controls and improving gNB authentication mechanisms, are proposed to address these risks. This work highlights the need for stricter enforcement of security measures to safeguard the reliability of 5G networks
A Multi-Factor Reputation Management Approach Integrated with Blockchain for Smart Grid 2.0
Charithri Yapa (University of Sri Jayewardenepura, Sri Lanka); Chamitha De Alwis (University of Bedfordshire, United Kingdom (Great Britain)); Uditha L. Wijewardhana (University of Sri Jayewardenepura & Faculty of Engineering, Sri Lanka); Madhusanka Liyanage (University College Dublin, Ireland)
Smart Grid 2.0 underscores the need for a robust and secure reputation management system to instate trust in energy transactions while improving efficiency in grid operation, maintaining sustainable energy usage practices, and improving network capacity utilization. This paper proposes a multi-factor reputation scoring system, integrating factors directly reflecting individual behaviour and factors whose cumulative impact considering similar users, affects the grid operations. The proposed multi-factor reputation management framework for Peer-to-Peer energy trading is validated through tests, which indicate the correlation of the factors assessed in computing the reputation score. The algorithm is further deployed on the Sepolia blockchain test network to evaluate the associated transaction latency, which resulted in an average of 14 s.
Identity Management for Enhanced Security in Industrial Automation and Control Systems
Abdullah Aydeger (Florida Institute of Technology, USA); Engin Zeydan (CTTC, Spain); Luis Blanco (Centre Tecnològic de les Telecommunicacions de Catalunya (CTTC), Spain); Josep Mangues-Bafalluy (Centre Tecnològic de Telecomunicacions de Catalunya (CTTC), Spain); Tharaka Mawanane Hewa (University of Oulu, Finland); Madhusanka Liyanage (University College Dublin, Ireland)
This paper explores the integration of blockchain-based Self-Sovereign Identity (SSI) technologies into Industrial Automation and Control Systems (IACS) to strengthen cybersecurity and operational resilience. After an overview of the threats facing industrial systems, we present a logical framework for a layered defense incorporating SSI. The logical framework for integrating SSI into existing industrial automation reference architectures provides a detailed examination of multi-layered endpoint protection strategies that leverage SSI to improve security. The framework takes into account the requirements for authentication, authorization and secure communication in different industrial contexts. Key use cases illustrate the practical applications of blockchain-based SSI, including secure maintenance workstations, inter-zone communication interlocks, convenience ports, security networks and remote user authentication. These use cases demonstrate how SSI increases both security and efficiency in IACS environments. The paper concludes with insights into the integration aspects and transformative potential of blockchain-based SSI for industrial security.
