Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

Design of interface selection protocols for multi-homed wireless networks

This thesis was submitted for the degree of Doctor of Philosophy and was awarded by Brunel University on 10 December 2010.The IEEE 802.11/802.16 standards conformant wireless communication stations have multi-homing transmission capability. To achieve greater communication efficiency, multi-homing capable stations use handover mechanism to select appropriate transmission channel according to variations in the channel quality. This thesis presents three internal-linked handover schemes, (1) Interface Selection Protocol (ISP), belonging to Wireless Local Area Network (WLAN)- Worldwide Interoperability for Microwave Access (WiMAX) environment (2) Fast Channel Scanning (FCS) and (3) Traffic Manager (TM), (2) and (3) belonging to WiMAX Environment. The proposed schemes in this thesis use a novel mechanism of providing a reliable communication route. This solution is based on a cross-layer communication framework, where the interface selection module uses various network related parameters from Medium Access Control (MAC) sub-layer/Physical Layer (PHY) across the protocol suite for decision making at the Network layer. The proposed solutions are highly responsive when compared with existing multi-homed schemes; responsiveness is one of the key factors in the design of such protocols. Selected route under these schemes is based on the most up to date link-layer information. Therefore, such a route is not only reliable in terms of route optimization but it also fulfils the application demands in terms of throughput and delay. Design of ISP protocol use probing frames during the route discovery process. The 802.11 mandates the use of different rates for data transmission frames. The ISP-metric can be incorporated into various routing aspects and its applicability is determined by the possibility of provision of MAC dependent parameters that are used to determine the best path metric values. In many cases, higher device density, interference and mobility cause variable medium access delays. It causes creation of ‘unreachable zones’, where destination is marked as unreachable. However, by use of the best path metric, the destination has been made reachable, anytime and anywhere, because of the intelligent use of the probing frames and interface selection algorithm implemented. The IEEE 802.16e introduces several MAC level queues for different access categories, maintaining service requirement within these queues; which imply that frames from a higher priority queue, i.e. video frames, are serviced more frequently than those belonging to lower priority queues. Such an enhancement at the MAC sub-layer introduces uneven queuing delays. Conventional routing protocols are unaware of such MAC specific constraints and as a result, these factors are not considered which result in channel performance degradation. To meet such challenges, the thesis presents FCS and TM schemes for WiMAX. For FCS, Its solution is to improve the mobile WiMAX handover and address the scanning latency. Since minimum scanning time is the most important issue in the handover process. This handover scheme aims to utilize the channel efficiently and apply such a procedure to reduce the time it takes to scan the neighboring access stations. TM uses MAC and physical layer (PHY) specific information in the interface metric and maintains a separate path to destination by applying an alternative interface operation. Simulation tests and comparisons with existing multi-homed protocols and handover schemes demonstrate the effectiveness of incorporating the medium dependent parameters. Moreover, show that suggested schemes, have shown better performance in terms of end-to-end delay and throughput, with efficiency up to 40% in specific test scenarios

Securing IP Mobility Management for Vehicular Ad Hoc Networks

The proliferation of Intelligent Transportation Systems (ITSs) applications, such as Internet access and Infotainment, highlights the requirements for improving the underlying mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e., vehicles, with seamless communications, in which service continuity is guaranteed while vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless technologies. Due to its standardization and widely deployment, IP mobility (also called Mobile IP (MIP)) is the most popular mobility management protocol used for mobile networks including VANETs. In addition, because of the diversity of possible applications, the Internet Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However, many challenges have been posed for integrating IP mobility with VANETs, including the vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security perspective, we observe three main challenges: 1) each vehicle's anonymity and location privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer location privacy. In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can be revealed by other network entities and attackers. The mobile node's HoA and CoA represent its identity and its current location, respectively, therefore revealing an MN's HoA means breaking its anonymity while revealing an MN's CoA means breaking its location privacy. On one hand, some existing anonymity and location privacy schemes require intensive computations, which means they cannot be used in such time-restricted seamless communications. On the other hand, some schemes only achieve seamless communication through low anonymity and location privacy levels. Therefore, the trade-off between the network performance, on one side, and the MN's anonymity and location privacy, on the other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6 to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore, a mutual authentication between the MN and RN is required to thwart authentication attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure, which is used in public hotspots installed inside moving vehicles, protecting physical-layer location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily localize users by employing signals transmitted from these users. In this dissertation, we address those security challenges by proposing three security schemes to be employed for different mobility management scenarios in VANETs, namely, the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols. First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary sub-schemes: anonymous home binding update (AHBU) and anonymous return routability (ARR). In addition, anonymous mutual authentication and key establishment schemes have been proposed, to authenticate a mobile node to its foreign gateway and create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff between the networking performance and the achieved privacy level. Combining onion routing and the anonymizer in the ALPP scheme increases the achieved location privacy level, in which no entity in the network except the mobile node itself can identify this node's location. Using the entropy model, we show that ALPP achieves a higher degree of anonymity than that achieved by the mix-based scheme. Compared to existing schemes, the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both internal and external adversaries. Simulation results demonstrate that our sub-schemes have low control-packets routing delays, and are suitable for seamless communications. Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose EM3A, a novel mutual authentication scheme that guarantees the authenticity of both MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion, impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction with a proposed scheme for key establishment based on symmetric polynomials, to generate a shared secret key between an MN and an RN. This scheme achieves lower revocation overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP domain with n points of attachment and a symmetric polynomial of degree t, our scheme achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication schemes achieve only t-secrecy. Computation and communication overhead analysis as well as simulation results show that EM3A achieves low authentication delay and is suitable for seamless multi-hop IP communications. Furthermore, we present a case study of a multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming vehicle and its relay vehicle. Compared to other authentication schemes, we show that our MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication delay and communication overhead, respectively. Finally, we consider the physical-layer location privacy attacks in the NEMO-based VANETs scenario, such as would be presented by a public hotspot installed inside a moving vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and propose a new physical-layer location privacy scheme, the fake point-cluster based scheme, to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse the attackers by increasing the estimation errors of their Received Signal Strength (RSSs) measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted signals. We show that our scheme not only achieves higher location privacy, but also increases the overall network performance. Employing correctness, accuracy, and certainty as three different metrics, we analytically measure the location privacy achieved by our proposed scheme. In addition, using extensive simulations, we demonstrate that the fake point-cluster based scheme can be practically implemented in high-speed VANETs' scenarios

Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation wireless networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to service providers. As WMNs become an increasingly popular replacement technology for last-mile connectivity to the home networking, community and neighborhood networking, it is imperative to design efficient and secure communication protocols for these networks. However, several vulnerabilities exist in currently existing protocols for WMNs. These security loopholes can be exploited by potential attackers to launch attack on WMNs. The absence of a central point of administration makes securing WMNs even more challenging. The broadcast nature of transmission and the dependency on the intermediate nodes for multi-hop communications lead to several security vulnerabilities in WMNs. The attacks can be external as well as internal in nature. External attacks are launched by intruders who are not authorized users of the network. For example, an intruding node may eavesdrop on the packets and replay those packets at a later point of time to gain access to the network resources. On the other hand, the internal attacks are launched by the nodes that are part of the WMN. On example of such attack is an intermediate node dropping packets which it was supposed to forward. This chapter presents a comprehensive discussion on the current authentication and privacy protection schemes for WMN. In addition, it proposes a novel security protocol for node authentication and message confidentiality and an anonymization scheme for privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v

A Console GRID Leveraged Authentication and Key Agreement Mechanism for LTE/SAE

Growing popularity of multimedia applications, pervasive connectivity, higher bandwidth, and euphoric technology penetration among bulk of the human race that happens to be cellular technology users, has fueled the adaptation to long-term evolution (LTE)/system architecture evolution. The LTE fulfills the resource demands of the next generation applications for now. We identify security issues in authentication mechanism used in LTE that without countermeasures might give super user rights to unauthorized users. The LTE uses static LTE key to derive the entire key hierarchy, i.e., LTE follows Evolved Packet System–Authentication and Key Agreement based authentication, which discloses user identity, location, and other personally identifiable information. To counter this, we propose a public key cryptosystem named “International mobile subscriber identity Protected Console Grid based Authentication and Key Agreement (IPG-AKA) protocol” to address the vulnerabilities related to weak key management. From the data obtained from threat modeling and simulation results, we claim that the IPG-AKA scheme not only improves security of authentication procedures, but also shows improvements in authentication loads and reduction in key generation time. The empirical results and qualitative analysis presented in this paper prove that IPG-AKA improves security in authentication procedure and performance in the LTE

Authentication Protocols for Internet of Things: A Comprehensive Survey

In this paper, a comprehensive survey of authentication protocols for Internet of Things (IoT) is presented. Specifically more than forty authentication protocols developed for or applied in the context of the IoT are selected and examined in detail. These protocols are categorized based on the target environment: (1) Machine to Machine Communications (M2M), (2) Internet of Vehicles (IoV), (3) Internet of Energy (IoE), and (4) Internet of Sensors (IoS). Threat models, countermeasures, and formal security verification techniques used in authentication protocols for the IoT are presented. In addition a taxonomy and comparison of authentication protocols that are developed for the IoT in terms of network model, specific security goals, main processes, computation complexity, and communication overhead are provided. Based on the current survey, open issues are identified and future research directions are proposed

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Design of interface selection protocols for multi-homed wireless networks

The IEEE 802.11/802.16 standards conformant wireless communication stations have multi-homing transmission capability. To achieve greater communication efficiency, multi-homing capable stations use handover mechanism to select appropriate transmission channel according to variations in the channel quality. This thesis presents three internal-linked handover schemes, (1) Interface Selection Protocol (ISP), belonging to Wireless Local Area Network (WLAN)- Worldwide Interoperability for Microwave Access (WiMAX) environment (2) Fast Channel Scanning (FCS) and (3) Traffic Manager (TM), (2) and (3) belonging to WiMAX Environment. The proposed schemes in this thesis use a novel mechanism of providing a reliable communication route. This solution is based on a cross-layer communication framework, where the interface selection module uses various network related parameters from Medium Access Control (MAC) sub-layer/Physical Layer (PHY) across the protocol suite for decision making at the Network layer. The proposed solutions are highly responsive when compared with existing multi-homed schemes; responsiveness is one of the key factors in the design of such protocols. Selected route under these schemes is based on the most up to date link-layer information. Therefore, such a route is not only reliable in terms of route optimization but it also fulfils the application demands in terms of throughput and delay. Design of ISP protocol use probing frames during the route discovery process. The 802.11 mandates the use of different rates for data transmission frames. The ISP-metric can be incorporated into various routing aspects and its applicability is determined by the possibility of provision of MAC dependent parameters that are used to determine the best path metric values. In many cases, higher device density, interference and mobility cause variable medium access delays. It causes creation of ‘unreachable zones’, where destination is marked as unreachable. However, by use of the best path metric, the destination has been made reachable, anytime and anywhere, because of the intelligent use of the probing frames and interface selection algorithm implemented. The IEEE 802.16e introduces several MAC level queues for different access categories, maintaining service requirement within these queues; which imply that frames from a higher priority queue, i.e. video frames, are serviced more frequently than those belonging to lower priority queues. Such an enhancement at the MAC sub-layer introduces uneven queuing delays. Conventional routing protocols are unaware of such MAC specific constraints and as a result, these factors are not considered which result in channel performance degradation. To meet such challenges, the thesis presents FCS and TM schemes for WiMAX. For FCS, Its solution is to improve the mobile WiMAX handover and address the scanning latency. Since minimum scanning time is the most important issue in the handover process. This handover scheme aims to utilize the channel efficiently and apply such a procedure to reduce the time it takes to scan the neighboring access stations. TM uses MAC and physical layer (PHY) specific information in the interface metric and maintains a separate path to destination by applying an alternative interface operation. Simulation tests and comparisons with existing multi-homed protocols and handover schemes demonstrate the effectiveness of incorporating the medium dependent parameters. Moreover, show that suggested schemes, have shown better performance in terms of end-to-end delay and throughput, with efficiency up to 40% in specific test scenarios.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Hybrid LTE-Vanets Based Optimal Radio Access Selection

The access technology selection,that a user can associate with any radio access technology (RAT) with the availability of multiple RATs available,has been intensively investigated by vehicular Ad hoc Network (VANET).In particular it carries and distributes information,inter-communicates and is capable of communicating with other stationary units deployed along roadways.The current study proposed hybrid optimal radio access selection algorithm (ORAS) for LTE/VANETs network. The periodically broadcasted network information supports mobile users to make their selection decisions;mobiles consider their own individual preferences,cost and partial QoS information signaled by the network while making their decision.The switches algorithm between VANET and LTE based on the load value of network and quality of service requirements were proposed.The simulation results have shown that the proposed algorithm has better performance compared with LTE and VANETs separately in terms of packet delivery ratio,latency and application-level throughput