7th International Workshop on Emerging Network Security
  • Date
    Jul 30, 2024
  • Location
  • Duration
    13:00 — 18:30
Workshops Lettering

Workshop Chairs

Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo Workshop Chairs Logo
  • → Wojciech Mazurczyk
  • → Pascal Bisson
  • → Krzysztof Cabaj
  • → Edgardo Montes de Oca
  • → Ilsun You

Detail ENS 01/05

Topics of interest for current and emerging networks (5G & Beyond, 6G, …) include, but are not limited to 02/05

  • Security Architecture and Technologies
  • Security Management and its automation
  • Attack & Threat Detection
  • DDoS Detection & Mitigation
  • Security Frameworks for Various Applications & Scenarios
  • Access Control Security
  • Security Protocols
  • Security Management and Orchestration of NFV and SDN Elements
  • Software Defined Security
  • Security as a Service
  • Trusted Computing with NFV and SDN
  • Physical Layer Security
  • Wireless Communications Security
  • SDN/NFV Security
  • Core Network Security
  • Terminal and Edge Computing
  • Security of MEC Infrastructure
  • Malware Attack Detection and Prevention Techniques
  • Information Sharing and Data Protection
  • Big Data Security and Analytics
  • AI-enabled Security
  • Cloud Technologies Security
  • Privacy Preservation and Enhancement
  • Intrusion Detection and Content Access Control
  • Trust Management in Heterogeneous
  • Identity Management and Trustworthiness
  • Intelligent Security Provisioning
  • Trust Collaboration
  • Liability in Current and Emerging Networks
  • Compliance with legislation and regulation that apply IoT security and trust
  • 5G/6G, etc. and Artificial Intelligence
  • Named Data Networking

Workshop Chairs 03/05

Workshop Chairs

Workshop Chairs Logo
Wojciech Mazurczyk
Warsaw University of Technology, Poland (SILVANUS Project)
Workshop Chairs Logo
Pascal Bisson
Thales, France (5GDrones & INSPIRE-5Gplus H2020 Project, 5G IA SEC WG chair)
Workshop Chairs Logo
Krzysztof Cabaj
Warsaw University of Technology, Poland (SILVANUS Project)
Workshop Chairs Logo
Edgardo Montes de Oca
Montimage, France (Networld Europe steering board member, H2020 INSPIRE-5Gplus and SANCUS projects)
Workshop Chairs Logo
Ilsun You
Kookmin University, South Korea

Program Committee

Mustafa Albado | DELL, Ireland
Chafika Benzaid | University of Oulu, Finland
Daniele Bringhenti | Politecnico di Torino, Italy
Luca Caviglione | IMATI CNR, Italy
Michal Choras | ITTI Ltd., Poland
Marcin Gregorczyk | Warsaw University of Technology, Poland
Gilles Guette | Rennes University, France
Georgios Karopoulos | European Commission, Joint Research Centre (JRC), Greece
Zbigniew Kotulski | Warsaw University of Technology, Poland
Rafal Kozik | Bydgoszcz University of Science and Technology, Poland
Sławomir Kukliński | Warsaw University of Technology, Poland
Thomas Lagkas | Democritus University of Thrace, Greece
Diego R. Lopez | Telefónica I+D, Spain
Amitabh Mishra | University of Delaware, USA
Marek Pawlicki | Bydgoszcz University of Science and Technology, Poland
Pawel Rajba | University of Wroclaw, Poland
Leonardo Regano | Università degli Studi di Cagliari, Italy
Stavros Shiaeles | University of Portsmouth, UK
Jani Suomalainen | VTT, Finland
Roberta Terruggia | Ricerca sul Sistema Energetico, Italy
Hui Tian | National Huaqiao University, China
Reza Tourani | Saint Louis University, US

Submission 04/05

Important Dates

Extended Submission Deadline May 14, 2024
Author Notification Jun 02, 2024
Proceedings Version Jun 18, 2024
ARES EU Projects Symposium Jul 30, 2024
Conference Jul 30 — Aug 02, 2024

Accepted Paper

SoK: A Taxonomy for Hardware-Based Fingerprinting in the Internet of Things
Christian Spinnler (Siemens AG, FAU Erlangen-Nürnberg, Germany), Torsten Labs (Siemens AG, Germany), Norman Franchi (FAU Erlangen-Nürnberg, Chair of Electrical Smart City Systems, AIN, Germany)
Full Paper
In IoT applications, embedded devices acquire and transmit data to control and optimize industrial processes. In order to trust this data, the trustworthiness of the data acquisition system, such as the sensors and the integrated signal processing components, is a crucial requirement. Software authenticity is provided with concepts like measured boot. Expanding authenticity to hardware components requires and motivates new approaches like hardware fingerprinting.

In this paper, we review and systematize current research and trends in hardware fingerprinting. We provide insights to current research directions by reviewing multiple survey and review papers and derive a common definition for fingerprinting based on the reviewed literature.

We identify three different fingerprinting techniques: Hardware Fingerprinting, Behavior Fingerprinting and Radio Frequency Fingerprinting, which can be used for multiple application scenarios. By decomposing a common embedded system architecture, we provide four trust domains from which we can create a hardware fingerprint: Main Processing Domain, On-Device Communication Domain, Peripheral Domain and Environmental Domain.

With this in mind, a new fingerprinting taxonomy is developed, taking into account different data sources and evaluation techniques. We distinguish between intrinsic and extrinsic data sources and direct and indirect data evaluation.

In order to get an understanding of the scope of the fingerprinting techniques w.r.t. their trust domain and application scenarios, a new categorization model is created which binds the data sources to a physical asset of the device, thus making it possible to determine to what extend a device's components can be trusted and in which applications it may be applicable.
Workshop ENS
Identity and Access Management Architecture in the SILVANUS Project
Pawel Rajba (Warsaw University of Technology, Poland), Natan Orzechowski (Warsaw University of Technology, Poland), Karol Rzepka (Warsaw University of Technology, Poland), Przemysław Szary (Warsaw University of Technology, Poland), Dawid Nastaj (Warsaw University of Technology, Poland), Krzysztof Cabaj (Warsaw University of Technology, Poland)
Full Paper
SILVANUS is a scientific collaboration EU-funded project with the goal to mitigate the growing impact of wildfires caused by global climate change by implementing a comprehensive global fire prevention strategy. Due to the significant complexity and collaborative nature of the project which involves more than 50 parties, it is a challenge to ensure unified and governed security especially that the platform is based on heterogeneous and multi-component architecture. To ensure that the expectations are delivered, different architecture perspectives need to be considered and one of these is identity and access management.

In this paper we describe the identity and access management architecture perspective of the SILVANUS project. We start with the high level overview supported by requirements expresses as policies, introduce the identity governance and administration as well as access management areas, and then analyze the next level of the IAM architectuer based on XACML concept. We also cover IAM processes and monitoring which are inherent constituents of the complete solution. Finally, in certain aspects we consider different maturity levels and position appropriately the current development stage.
Workshop ENS
Future-proofing Secure V2V Communication against Clogging DoS Attacks
Hongyu Jin (KTH Royal Institute of Technology, Sweden), Zhichao Zhou (KTH Royal Institute of Technology, Sweden), Panos Papadimitratos (KTH Royal Institute of Technology, Sweden)
Full Paper
Clogging Denial of Service (DoS) attacks have disrupted or disabled various networks, in spite of security mechanisms. External adversaries can severely harm networks, especially when high-overhead security mechanisms are deployed in resource-constrained systems. This can be especially true in the emerging standardized secure Vehicular Communication (VC) systems: mandatory message signature verification can be exploited to exhaust resources and prevent validating information that is, critical, often, for transportation safety. Although efficient message verification schemes and better provisioned devices could serve as potential remedies, we point out the limitations of existing solutions, challenges to address for scalable and resilient secure VC systems, and, most notably, the need for integrating defense mechanisms against clogging DoS attacks. We position that the existing secure VC protocols are vulnerable to clogging DoS attacks and recommend symmetric key chain based pre-validation with mandatory signature verification to thwart clogging DoS attacks, while maintaining all key security properties, including non-repudiation to enable accountability.
Workshop ENS
Introducing a Multi-Perspective xAI Tool for Better Model Explainability
Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Damian Puchalski (ITTI Sp. z o.o., Poland), Sebastian Szelest (ITTI Sp. z o.o., Poland), Aleksandra Pawlicka (ITTI Sp. z o.o., Poland), Rafal Kozik (Bydgoszcz University of Science and Technology, Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
This paper introduces an innovative tool equipped with a multiperspective, user-friendly dashboard designed to enhance the explainability of AI models, particularly in cybersecurity. By enabling users to select data samples and apply various xAI methods, the tool provides insightful views into the decision-making processes

of AI systems. These methods offer diverse perspectives and deepen the understanding of how models derive their conclusions, thus demystifying the "black box" of AI. The tool’s architecture facilitates easy integration with existing ML models, making it accessible to users regardless of their technical expertise. This approach promotes transparency and fosters trust in AI applications by aligning decision-making with domain knowledge and mitigating potential biases.
Workshop ENS
Leveraging Overshadowing for Time-Delay Attacks in 4G/5G Cellular Networks: An Empirical Assessment
Virgil Hamici-Aubert (IMT Atlantique, IRISA, UMR CNRS 6074, France), Julien Saint-Martin (IMT Atlantique, IRISA, UMR CNRS 6074, France), Renzo E. Navas (IMT Atlantique, IRISA, UMR CNRS 6074, France), Georgios Z. Papadopoulos (IMT Atlantique, IRISA, UMR CNRS 6074, France), Guillaume Doyen (IMT Atlantique, IRISA, UMR CNRS 6074, France), Xavier Lagrange (IMT Atlantique, IRISA, UMR CNRS 6074, France)
Full Paper
Ensuring both reliable and low-latency communications over 4G or 5G Radio Access Network (RAN) is a key feature for services such as smart power grids and the metaverse. However, the lack of appropriate security mechanisms at the lower-layer protocols of the RAN--a heritage from 4G networks--opens up vulnerabilities that can be exploited to conduct stealthy Reduction-of-Quality attacks against the latency guarantees. This paper presents an empirical assessment of a proposed time-delay attack that leverages overshadowing to exploit the reliability mechanisms of the Radio Link Control (RLC) in Acknowledged Mode. By injecting falsified RLC Negative Acknowledgements, an attacker can maliciously trigger retransmissions at the victim User Equipment (UE), degrading the uplink latency of application flows. Extensive experimental evaluations on open-source and commercial off-the-shelf UEs demonstrate the attack's effectiveness in increasing latency, network load, and buffer occupancy. The attack impact is quantified by varying the bitrate representing different applications and the number of injected negative acknowledgments controlling the attack intensity. This work studies a realistic threat against the latency quality of service in 4G/5G RANs and highlights the urgent need to revisit protocol security at the lower-RAN layers for 5G (and beyond) networks.
Workshop ENS
Enhancing Network Security Through Granular Computing: A Clustering-by-Time Approach to NetFlow Traffic Analysis
Mikołaj Komisarek (ITTI Sp. z o.o., Poland), Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Salvatore D'Antonio (Naples University Parthenope, Italy), Rafał Kozik (Bydgoszcz University of Science and Technology, Poland), Aleksandra Pawlicka (Warsaw University, POLAND, Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
This paper presents a study of the effect of the size of the time window from which network features are derived on the predictive ability of a Random Forest classifier implemented as a network intrusion detection component. The network data is processed using granular computing principles, gradually increasing the time windows to allow the detection algorithm to find patterns in the data at different levels of granularity. Experiments were conducted iteratively with time windows ranging in size from 2 to 1024 seconds. Each iteration involved time-based clustering of the data, followed by splitting into training and test sets at a ratio of 67% - 33%. The

Random Forest algorithm was applied as part of a 10-fold cross-validation. Assessments included standard detection metrics: accuracy, precision, F1 score, BCC, MCC and recall. The results show a statistically significant improvement in the detection of cyber attacks in network traffic with a larger time window size (p-value 0.001953125). These results highlight the effectiveness of using longer time intervals in network data analysis, resulting in increased anomaly detection.
Workshop ENS
Trustworthy AI-based Cyber-Attack Detector for Network Cyber Crime Forensics
Damian Puchalski (ITTI Sp. z o.o., Poland), Marek Pawlicki (Bydgoszcz University of Science and Technology, Poland), Rafał Kozik (Bydgoszcz University of Science and Technology, Poland), Rafał Renk (ITTI Sp. z o.o., Poland), Michał Choraś (Bydgoszcz University of Science and Technology, Poland)
Full Paper
In recent years, the increasing sophistication and proliferation of cyberthreats have underscored the necessity for robust network security measures, as well as a comprehensive approach to cyberprotection at large. As cyberthreats are continuously more and more complex, and their detection, response and mitigation often involve dealing with big data, the need for novel solutions is present also in cyber-criminal law enforcement (LEA) and network forensics contexts. Traditional, anomaly-based or signature-based intrusion detection systems (IDS) often face challenges in adapting to the evolving cyberattack landscape. On the other hand, Machine Learning (ML) has emerged as a promising approach, proving its ability to detect complex patterns in big data, including applications such as intrusion detection and classification of threats in the network environment, with high accuracy and precision (reduced rate of false positives). In this paper we present the Trustworthy Cyberattack Detector tool (TCAD), benefiting from the machine learning algorithms for the detection and classification of cyberattacks. TCAD can be used for monitoring the network in real-time and for offline analysis of collected network data. We believe that the TCAD can be successfully applied for the task of detecting and classifying evidence during criminal investigations related to network cyber attacks, but also can be helpful for the correlation of discovered network-based events over time with other collected non-network evidence.
Workshop ENS
Register here!
Join us at ARES 2024 in Vienna, Austria