AN ENHANCED LID ROUTING SECURITY SCHEME FOR MOBILE AD-HOC NETWORKS

In this work we present novel security architecture for MANETs that merges the clustering and the threshold key management techniques. The proposed distributed authentication architecture reacts with the frequently changing topology of the network and enhances the process of assigning the node's public key. In the proposed architecture, the overall network is divided into clusters where the cluster heads (CH) are connected by virtual networks and share the private key of the Central Authority (CA) using Lagrange interpolation. Experimental results show that the proposed architecture reaches to almost 95.5% of all nodes within an ad-hoc network that are able to communicate securely, 9 times faster than other architectures, to attain the same results. Moreover, the solution is fully decentralized to operate in a large-scale mobile network. We also proposing a special security routing architecture called Local Intrusion Detection (LID) to detect Black Hole Attack (BHA) over Ad hoc On Demand Distance Vector (AODV) MANET routing protocol. In LID security routing mechanism, the intrusion detection is performed locally using the previous node of the attacker node instead of performing the intrusion detection via the source node as in Source Intrusion Detection (SID) security routing mechanism. By performing LID security routing mechanism, the security mechanism overhead would be decreased

Unified architecture of mobile ad hoc network security (MANS) system

In this dissertation, a unified architecture of Mobile Ad-hoc Network Security (MANS) system is proposed, under which IDS agent, authentication, recovery policy and other policies can be defined formally and explicitly, and are enforced by a uniform architecture. A new authentication model for high-value transactions in cluster-based MANET is also designed in MANS system. This model is motivated by previous works but try to use their beauties and avoid their shortcomings, by using threshold sharing of the certificate signing key within each cluster to distribute the certificate services, and using certificate chain and certificate repository to achieve better scalability, less overhead and better security performance. An Intrusion Detection System is installed in every node, which is responsible for colleting local data from its host node and neighbor nodes within its communication range, pro-processing raw data and periodically broadcasting to its neighborhood, classifying normal or abnormal based on pro-processed data from its host node and neighbor nodes. Security recovery policy in ad hoc networks is the procedure of making a global decision according to messages received from distributed IDS and restore to operational health the whole system if any user or host that conducts the inappropriate, incorrect, or anomalous activities that threaten the connectivity or reliability of the networks and the authenticity of the data traffic in the networks. Finally, quantitative risk assessment model is proposed to numerically evaluate MANS security

SDN based architecture for IoT and improvement of the security

—With the exponential growth of devices connected to the Internet, security networks as one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In this article, we first present a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. A single domain includes wired network, wireless network and Ad-Hoc networks. Next, we propose a second architecture to include sensor networks in an SDN-based network and in a domain. Third, we interconnect multiple domains and we describe how we can enhanced the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we propose a new secure and distributed architecture for IoT (Internet of Things).—With the exponential growth of devices connected to the Internet, security networks as one of the hardest challenge for network managers. Maintaining and securing such large scale and heterogeneous network is a challenging task. In this context, the new networking paradigm, the Software Defined Networking (SDN), introduces many opportunities and provides the potential to overcome those challenges. In this article, we first present a new SDN based architecture for networking with or without infrastructure, that we call an SDN domain. A single domain includes wired network, wireless network and Ad-Hoc networks. Next, we propose a second architecture to include sensor networks in an SDN-based network and in a domain. Third, we interconnect multiple domains and we describe how we can enhanced the security of each domain and how to distribute the security rules in order not to compromise the security of one domain. Finally, we propose a new secure and distributed architecture for IoT (Internet of Things)

Security management for mobile ad hoc network of networks (MANoN

Mobile Ad hoc Network of Networks (MANoN) are a group of large autonomous wireless nodes communicating on a peer-to-peer basis in a heterogeneous environment with no pre-defined infrastructure. In fact, each node by itself is an ad hoc network with its own management. MANoNs are evolvable systems, which mean each ad hoc network has the ability to perform separately under its own policies and management without affecting the main system; therefore, new ad hoc networks can emerge and disconnect from the MANoN without conflicting with the policies of other networks. The unique characteristics of MANoN makes such networks highly vulnerable to security attacks compared with wired networks or even normal mobile ad hoc networks. This thesis presents a novel security-management system based upon the Recommendation ITU-T M.3400, which is used to evaluate, report on the behaviour of our MANoN and then support complex services our system might need to accomplish. Our security management will concentrate on three essential components: Security Administration, Prevention and Detection and Containment and Recovery. In any system, providing one of those components is a problem; consequently, dealing with an infrastructure-less MANoN will be a dilemma, yet we approached each set group of these essentials independently, providing unusual solutions for each one of them but concentrating mainly on the prevention and detection category. The contributions of this research are threefold. First, we defined MANoN Security Architecture based upon the ITU-T Recommendations: X.800 and X.805. This security architecture provides a comprehensive, end-to-end security solution for MANoN that could be applied to every wireless network that satisfies a similar scenario, using such networks in order to predict, detect and correct security vulnerabilities. The security architecture identifies the security requirements needed, their objectives and the means by which they could be applied to every part of the MANoN, taking into consideration the different security attacks it could face. Second, realising the prevention component by implementing some of the security requirements identified in the Security Architecture, such as authentication, authorisation, availability, data confidentiality, data integrity and non-repudiation has been proposed by means of defining a novel Security Access Control Mechanism based on Threshold Cryptography Digital Certificates in MANoN. Network Simulator (NS-2) is a real network environment simulator, which is used to test the performance of the proposed security mechanism and demonstrate its effectiveness. Our ACM-MANoN results provide a fully distributed security protocol that provides a high level of secure, available, scalable, flexible and efficient management services for MANoN. The third contribution is realising the detection component, which is represented by providing a Behavioural Detection Mechanism based on nodes behavioural observation engaged with policies. This behaviour mechanism will be used to detect malicious nodes acting to bring the system down. This approach has been validated using an attacks case study in an unknown military environment to cope with misbehaving nodes

Genomics-Based Security Protocols: From Plaintext to Cipherprotein

The evolving nature of the internet will require continual advances in authentication and confidentiality protocols. Nature provides some clues as to how this can be accomplished in a distributed manner through molecular biology. Cryptography and molecular biology share certain aspects and operations that allow for a set of unified principles to be applied to problems in either venue. A concept for developing security protocols that can be instantiated at the genomics level is presented. A DNA (Deoxyribonucleic acid) inspired hash code system is presented that utilizes concepts from molecular biology. It is a keyed-Hash Message Authentication Code (HMAC) capable of being used in secure mobile Ad hoc networks. It is targeted for applications without an available public key infrastructure. Mechanics of creating the HMAC are presented as well as a prototype HMAC protocol architecture. Security concepts related to the implementation differences between electronic domain security and genomics domain security are discussed

Fault tolerant mechanism for multimedia flows in wireless ad hoc networks based on fast switching paths

Multimedia traffic can be forwarded through a wireless ad hoc network using the available resources of the nodes. Several models and protocols have been designed in order to organize and arrange the nodes to improve transmissions along the network. We use a cluster-based framework, called MWAHCA architecture, which optimizes multimedia transmissions over a wireless ad hoc network. It was proposed by us in a previous research work. This architecture is focused on decreasing quality of service (QoS) parameters like latency, jitter, and packet loss, but other network features were not developed, like load balance or fault tolerance. In this paper, we propose a new fault tolerance mechanism, using as a base the MWAHCA architecture, in order to recover any multimedia flow crossing the wireless ad hoc network when there is a node failure. The algorithm can run independently for each multimedia flow. The main objective is to keep the QoS parameters as low as possible. To achieve this goal, the convergence time must be controlled and reduced. This paper provides the designed protocol, the analytical model of the algorithm, and a software application developed to test its performance in a real laboratory.This work has been partially supported by Instituto de Telecomunicacoes, Next Generation Networks and Applications Group (NetGNA), Covilha Delegation, and by National Funding from the FCT-Fundacao para a Ciencia e a Tecnologia through the Pest-OE/EEI/LA0008/2013 Project.Díaz Santos, JR.; Lloret, J.; Jimenez, JM.; Sendra, S.; Rodrigues, JJPC. (2014). Fault tolerant mechanism for multimedia flows in wireless ad hoc networks based on fast switching paths. Mathematical Problems in Engineering. 2014:1-12. doi:10.1155/2014/361543S1122014Sendra, S., Lloret, J., Garcia, M., & Toledo, J. F. (2011). Power Saving and Energy Optimization Techniques for Wireless Sensor Neworks (Invited Paper). Journal of Communications, 6(6). doi:10.4304/jcm.6.6.439-459Lloret, J., Garcia, M., Bri, D., & Sendra, S. (2009). A Wireless Sensor Network Deployment for Rural and Forest Fire Detection and Verification. Sensors, 9(11), 8722-8747. doi:10.3390/s91108722Lloret, J., Bosch, I., Sendra, S., & Serrano, A. (2011). A Wireless Sensor Network for Vineyard Monitoring That Uses Image Processing. Sensors, 11(6), 6165-6196. doi:10.3390/s110606165Akyildiz, I., Melodia, T., & Chowdury, K. (2007). Wireless multimedia sensor networks: A survey. IEEE Wireless Communications, 14(6), 32-39. doi:10.1109/mwc.2007.4407225Lloret, J., Garcia, M., Bri, D., & Diaz, J. (2009). A Cluster-Based Architecture to Structure the Topology of Parallel Wireless Sensor Networks. Sensors, 9(12), 10513-10544. doi:10.3390/s91210513Diaz, J. R., Lloret, J., Jimenez, J. M., & Rodrigues, J. J. P. C. (2014). A QoS-Based Wireless Multimedia Sensor Cluster Protocol. International Journal of Distributed Sensor Networks, 10(5), 480372. doi:10.1155/2014/480372Diaz, J. R., Lloret, J., Jimenez, J. M., & Sendra, S. (2014). MWAHCA: A Multimedia Wireless Ad Hoc Cluster Architecture. The Scientific World Journal, 2014, 1-14. doi:10.1155/2014/913046Sadiq, A. S., Bakar, K. A., Ghafoor, K. Z., Lloret, J., & Khokhar, R. (2013). An Intelligent Vertical Handover Scheme for Audio and Video Streaming in Heterogeneous Vehicular Networks. Mobile Networks and Applications, 18(6), 879-895. doi:10.1007/s11036-013-0465-8Diaz, J. R., Lloret, J., Jiménez, J. M., & Hammoumi, M. (2014). A new multimedia-oriented architecture and protocol for wireless ad hoc networks. International Journal of Ad Hoc and Ubiquitous Computing, 16(1), 14. doi:10.1504/ijahuc.2014.062486Pagani, E., & Rossi, G. P. (1999). Mobile Networks and Applications, 4(3), 175-192. doi:10.1023/a:1019198815518Xue, Y., & Nahrstedt, K. (2004). Providing Fault-Tolerant Ad hoc Routing Service in Adversarial Environments. Wireless Personal Communications, 29(3/4), 367-388. doi:10.1023/b:wire.0000047071.75971.cdBoukerche, A., Werner Nelem Pazzi, R., & Borges Araujo, R. (2006). Fault-tolerant wireless sensor network routing protocols for the supervision of context-aware physical environments. Journal of Parallel and Distributed Computing, 66(4), 586-599. doi:10.1016/j.jpdc.2005.12.007Bheemarjuna Reddy, T., Sriram, S., Manoj, B. S., & Siva Ram Murthy, C. (2006). MuSeQoR: Multi-path failure-tolerant security-aware QoS routing in Ad hoc wireless networks. Computer Networks, 50(9), 1349-1383. doi:10.1016/j.comnet.2005.05.035Chao, H. L., & Chang, C. L. (2008). A fault-tolerant routing protocol in wireless sensor networks. International Journal of Sensor Networks, 3(1), 66. doi:10.1504/ijsnet.2008.016463Melamed, R., Keidar, I., & Barel, Y. (2007). Octopus: A fault-tolerant and efficient ad-hoc routing protocol. Wireless Networks, 14(6), 777-793. doi:10.1007/s11276-006-0013-6Lopes, P., Salvador, P., & Nogueira, A. (2013). Methodologies for Network Topology Discovery and Detection of MAC and IP Spoofing Attacks. Network Protocols and Algorithms, 5(3), 153. doi:10.5296/npa.v5i3.431

A Secure and Efficient Communications Architecture for Global Information Grid Users via Cooperating Space Assets

With the Information Age in full and rapid development, users expect to have global, seamless, ubiquitous, secure, and efficient communications capable of providing access to real-time applications and collaboration. The United States Department of Defense’s (DoD) Network-Centric Enterprise Services initiative, along with the notion of pushing the “power to the edge,” aims to provide end-users with maximum situational awareness, a comprehensive view of the battlespace, all within a secure networking environment. Building from previous AFIT research efforts, this research developed a novel security framework architecture to address the lack of efficient and scalable secure multicasting in the low earth orbit satellite network environment. This security framework architecture combines several key aspects of different secure group communications architectures in a new way that increases efficiency and scalability, while maintaining the overall system security level. By implementing this security architecture in a deployed environment with heterogeneous communications users, reduced re-keying frequency will result. Less frequent re-keying means more resources are available for throughput as compared to security overhead. This translates to more transparency to the end user; it will seem as if they have a “larger pipe” for their network links. As a proof of concept, this research developed and analyzed multiple mobile communication environment scenarios to demonstrate the superior re-keying advantage offered by the novel “Hubenko Security Framework Architecture” over traditional and clustered multicast security architectures. For example, in the scenario containing a heterogeneous mix of user types (Stationary, Ground, Sea, and Air), the Hubenko Architecture achieved a minimum ten-fold reduction in total keys distributed as compared to other known architectures. Another experiment demonstrated the Hubenko Architecture operated at 6% capacity while the other architectures operated at 98% capacity. In the 80% overall mobility experiment with 40% Air users, the other architectures re-keying increased 900% over the Stationary case, whereas the Hubenko Architecture only increased 65%. This new architecture is extensible to numerous secure group communications environments beyond the low earth orbit satellite network environment, including unmanned aerial vehicle swarms, wireless sensor networks, and mobile ad hoc networks