79 research outputs found
iPDA: An Integrity-Protecting Private Data Aggregation Scheme for Wireless Sensor Networks
Data aggregation is an efficient mechanism widely used in wireless sensor networks (WSN) to collect statistics about data of interests. However, the shared-medium nature of communication makes the WSNs are vulnerable to eavesdropping and packet tampering/injection by adversaries. Hence, how to protect data privacy and data integrity are two major challenges for data aggregation in wireless sensor networks. In this paper, we present iPDA??????an integrity-protecting private data aggregation scheme. In iPDA, data privacy is achieved through data slicing and assembling technique; and data integrity is achieved through redundancy by constructing disjoint aggregation paths/trees to collect data of interests. In iPDA, the data integrity-protection and data privacy-preservation mechanisms work synergistically. We evaluate the iPDA scheme in terms of the efficacy of privacy preservation, communication overhead, and data aggregation accuracy, comparing with a typical data aggregation scheme--- TAG, where no integrity protection and privacy preservation is provided. Both theoretical analysis and simulation results show that iPDA achieves the design goals while still maintains the efficiency of data aggregation
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Recommended from our members
Key management for beyond 5G mobile small cells: a survey
The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project âSECRETâ introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells
Advance of the Access Methods
The goal of this paper is to outline the advance of the access methods in the last ten years as well as
to make review of all available in the accessible bibliography methods
Hop-by-hop Channel - Alert Routing to Congestion Control in Wireless Sensor Networks
One of the major challenges in wireless sensor networks (WSNs) research is to prevent traffic congestion without compromising with the energy of the sensor nodes. Network congestion leads to packet loss, throughput impairment, and energy waste. To address this issue in this paper, a distributed traffic-aware routing scheme with a capacity of adjusting the data transmission rate of nodes is proposed for multi-sink wireless sensor networks that effectively distribute traffic from the source to sink nodes. Our algorithm is designed through constructing a hybrid virtual gradient field using depth and normalized traffic loading to routing and providing a balance between optimal paths and possible congestion on routes toward those sinks. The simulation results indicate that the proposed solution can improve the utilization of network resources, reduce unnecessary packet retransmission, and significantly improve the performance of WSNs. Keywords: Wireless sensor networks; Traffic-aware; Routing; Data transmission rate; Congestion; Gradien
Revealing Encryption for Partial Ordering
We generalize the cryptographic notion of Order Revealing Encryption (ORE) to arbitrary functions and we present a construction that allows to determine the (partial) ordering of two vectors i.e., given E(x) and E(y) it is possible to learn whether x is less than or equal to y, y is less than or equal to x or whether x and y are incomparable. This is the first non-trivial example of a Revealing Encryption (RE) scheme with output larger than one bit, and which does not rely on cryptographic obfuscation or multilinear maps
Secure Inter-domain Routing and Forwarding via Verifiable Forwarding Commitments
The Internet inter-domain routing system is vulnerable. On the control plane,
the de facto Border Gateway Protocol (BGP) does not have built-in mechanisms to
authenticate routing announcements, so an adversary can announce virtually
arbitrary paths to hijack network traffic; on the data plane, it is difficult
to ensure that actual forwarding path complies with the control plane
decisions. The community has proposed significant research to secure the
routing system. Yet, existing secure BGP protocols (e.g., BGPsec) are not
incrementally deployable, and existing path authorization protocols are not
compatible with the current Internet routing infrastructure. In this paper, we
propose FC-BGP, the first secure Internet inter-domain routing system that can
simultaneously authenticate BGP announcements and validate data plane
forwarding in an efficient and incrementally-deployable manner. FC-BGP is built
upon a novel primitive, name Forwarding Commitment, to certify an AS's routing
intent on its directly connected hops. We analyze the security benefits of
FC-BGP in the Internet at different deployment rates. Further, we implement a
prototype of FC-BGP and extensively evaluate it over a large-scale overlay
network with 100 virtual machines deployed globally. The results demonstrate
that FC-BGP saves roughly 55% of the overhead required to validate BGP
announcements compared with BGPsec, and meanwhile FC-BGP introduces a small
overhead for building a globally-consistent view on the desirable forwarding
paths.Comment: 16 pages, 17 figure
Network Simulation Cradle
This thesis proposes the use of real world network stacks instead of protocol
abstractions in a network simulator, bringing the actual code used in
computer systems inside the simulator and allowing for greater simulation
accuracy. Specifically, a framework called the Network Simulation
Cradle is created that supports the kernel source code from FreeBSD, OpenBSD
and Linux to make the network stacks from these systems available to the
popular network simulator ns-2.
Simulating with these real world network stacks reveals situations where the
result differs significantly from ns-2's TCP models. The simulated
network stacks are able to be directly compared to the same operating system
running on an actual machine, making validation simple. When measuring the
packet traces produced on a test network and in simulation the results are
nearly identical, a level of accuracy previously unavailable using traditional
TCP simulation models. The results of simulations run comparing ns-2 TCP
models and our framework are presented in this dissertation along with
validation studies of our framework showing how closely simulation resembles
real world computers.
Using real world stacks to simulate TCP is a complementary approach to using
the existing TCP models and provides an extra level of validation. This way of
simulating TCP and other protocols provides the network researcher or engineer
new possibilities. One example is using the framework as a protocol
development environment, which allows user-level development of protocols with
a standard set of reproducible tests, the ability to test scenarios which are
costly or impossible to build physically, and being able to trace and debug
the protocol code without affecting results
Optimal route reflection topology design
An Autonomous System (AS) is a group of Internet Protocol-based networks with a single and clearly defined external routing policy, usually under single ownership, trust or administrative control. The AS represents a connected group of one or more blocks of IP addresses, called IP prefixes, that have been assigned to that organization and provides a single routing policy to systems outside the AS.
The Internet is composed of the interconnection of several thousands of ASes, which use the Border Gateway Protocol (BGP) to exchange network prefixes (aggregations of IP addresses) reachability advertisements. BGP advertisements (or updates) are sent over BGP sessions administratively set between pairs of routers.
BGP is a path vector routing protocol and is used to span different ASes. A path vector protocol defines a route as a pairing between a destination and the attributes of the path to that destination. Interior Border Gateway Protocol (iBGP) refers to the BGP neighbor relationship within the same AS. When BGP neighbor relationship are formed between two peers belonging to different AS are called Exterior Border Gateway Protocol (eBGP). In the last case, BGP routers are called Autonomous System Border Routers (ASBRs), while those running only iBGP sessions are referred to as Internal Routers (IRs).
Traditional iBGP implementations require a full-mesh of sessions among routers of each AS
- âŠ