832 research outputs found
Securing Handover in Wireless IP Networks
In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources.
Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors.
In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test
Reconfigurable Security: Edge Computing-based Framework for IoT
In various scenarios, achieving security between IoT devices is challenging
since the devices may have different dedicated communication standards,
resource constraints as well as various applications. In this article, we first
provide requirements and existing solutions for IoT security. We then introduce
a new reconfigurable security framework based on edge computing, which utilizes
a near-user edge device, i.e., security agent, to simplify key management and
offload the computational costs of security algorithms at IoT devices. This
framework is designed to overcome the challenges including high computation
costs, low flexibility in key management, and low compatibility in deploying
new security algorithms in IoT, especially when adopting advanced cryptographic
primitives. We also provide the design principles of the reconfigurable
security framework, the exemplary security protocols for anonymous
authentication and secure data access control, and the performance analysis in
terms of feasibility and usability. The reconfigurable security framework paves
a new way to strength IoT security by edge computing.Comment: under submission to possible journal publication
An identity aware wimax personalization for pervasive computing services
Mobile Internet access is becoming more and more pervasive in the new 4G scenarios, where WiMAX is to play a crucial role. WiMax has advantages when considering both
energy consumption and bandwidth, when compared with
HSDPA and LTE. However, we have found some limitations in
IEEE 802.16 security support, which may limit authentication
and authorization mechanisms for ubiquitous service
development. In this article we analyze weaknesses and
vulnerabilities we have found in WiMAX security. WiMax,
with the adequate identity management support, could be
invaluable for developing new pervasive computing services.
We propose the introduction of identity management in WiMAX, as a pervious step to the definition of identity aware
WiMax personalization of pervasive computing servicesProyecto CCG10-UC3M/TIC-4992 de la Comunidad Autónoma de Madrid y la Universidad Carlos III de Madri
Towards 5G Zero Trusted Air Interface Architecture
5G is destined to be supporting large deployment of Industrial IoT (IIoT)
with the characteristics of ultra-high densification and low latency. 5G
utilizes a more intelligent architecture, with Radio Access Networks (RANs) no
longer constrained by base station proximity or proprietary infrastructure. The
3rd Generation Partnership Project (3GPP) covers telecommunication technologies
including RAN, core transport networks and service capabilities. Open RAN
Alliance (O-RAN) aims to define implementation and deployment architectures,
focusing on open-source interfaces and functional units to further reduce the
cost and complexity. O-RAN based 5G networks could use components from
different hardware and software vendors, promoting vendor diversity,
interchangeability and 5G supply chain resiliency. Both 3GPP and O-RAN 5G have
to manage the security and privacy challenges that arose from the deployment.
Many existing research studies have addressed the threats and vulnerabilities
within each system. 5G also has the overwhelming challenges in compliance with
privacy regulations and requirements which mandate the user identifiable
information need to be protected.
In this paper, we look into the 3GPP and O-RAN 5G security and privacy
designs and the identified threats and vulnerabilities. We also discuss how to
extend the Zero Trust Model to provide advanced protection over 5G air
interfaces and network components
Federated identity architecture of the european eID system
Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments
Telecommunications Networks
This book guides readers through the basics of rapidly emerging networks to more advanced concepts and future expectations of Telecommunications Networks. It identifies and examines the most pressing research issues in Telecommunications and it contains chapters written by leading researchers, academics and industry professionals. Telecommunications Networks - Current Status and Future Trends covers surveys of recent publications that investigate key areas of interest such as: IMS, eTOM, 3G/4G, optimization problems, modeling, simulation, quality of service, etc. This book, that is suitable for both PhD and master students, is organized into six sections: New Generation Networks, Quality of Services, Sensor Networks, Telecommunications, Traffic Engineering and Routing
Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Networks
The convergence of diverse but complementary wireless access technologies and inter-operation among administrative domains have been envisioned as crucial for the next generation wireless networks that will provide support for end-user devices to seamlessly roam across domain boundaries. The integration of existing and emerging heterogeneous wireless networks to provide such seamless roaming requires the design of a handover scheme that provides uninterrupted service continuity while facilitating the establishment of authenticity of the entities involved. The existing protocols for supporting re-authentication of a mobile node during a handover across administrative domains typically involve several round trips to the home domain, and hence introduce long latencies. Furthermore, the existing methods for negotiating roaming agreements to establish inter-domain trust rely on a lengthy manual process, thus, impeding seamless roaming across multiple domains in a truly heterogeneous wireless network. In this thesis, we present a new proof-token based authentication protocol that supports quick re-authentication of a mobile node as it moves to a new foreign domain without involving communication with the home domain. The proposed proof-token based protocol can also support establishment of spontaneous roaming agreements between a pair of domains that do not already have a direct roaming agreement, thus allowing flexible business models to be supported. We describe details of the new authentication architecture, the proposed protocol, which is based on EAP-TLS and compare the proposed protocol with existing protocols
A Review of Authentication Protocols
Authentication is a process that ensures and confirms a users identity. Authorization is the process of giving someone permissions to do or have something. There are different types of authentication methods such as local password authentication, server-based-password authentication, certificate-based authentication, two-factor authentication etc. Authentication protocol developed for Password Authentication Protocol (PAP), Challenge-Handshake Authentication Protocol (CHAP), and Extensible Authentication Protocol (EAP). There are different types of application for authentications are as follows: 1.protocols developed for PPP Point-to-Point Protocol 2. Authentication, Authorization and Accounting 3.Kerberos
Accessing the Internet through Moving Networks
Poster at IST Mobile & Wireless Communications Summit 2007, Budapest, Hungary, 1-5 July 2007.The success of cellular communications networks
shows the interest of users in mobility. Host mobility support in
IP networks is a first step in the adaptation of these networks to
the needs of users in this field. But, there exists also the need of
supporting the movement of a complete network that changes its
point of attachment to the fixed infrastructure. This paper
describes the architecture designed in the EU DAIDALOS II
project to provide Internet access through moving networks. The
designed moving networks architecture support the following
main features: Route Optimisation, Multicast traffic delivery,
security and authentication integration, end-to-end QoS and
interaction with Localised Mobility Management solutions.Publicad
- …