An integrated security Protocol communication scheme for Internet of Things using the Locator/ID Separation Protocol Network

Internet of Things communication is mainly based on a machine-to-machine pattern, where devices are globally addressed and identified. However, as the number of connected devices increase, the burdens on the network infrastructure increase as well. The major challenges are the size of the routing tables and the efficiency of the current routing protocols in the Internet backbone. To address these problems, an Internet Engineering Task Force (IETF) working group, along with the research group at Cisco, are still working on the Locator/ID Separation Protocol as a routing architecture that can provide new semantics for the IP addressing, to simplify routing operations and improve scalability in the future of the Internet such as the Internet of Things. Nonetheless, The Locator/ID Separation Protocol is still at an early stage of implementation and the security Protocol e.g. Internet Protocol Security (IPSec), in particular, is still in its infancy. Based on this, three scenarios were considered: Firstly, in the initial stage, each Locator/ID Separation Protocol-capable router needs to register with a Map-Server. This is known as the Registration Stage. Nevertheless, this stage is vulnerable to masquerading and content poisoning attacks. Secondly, the addresses resolving stage, in the Locator/ID Separation Protocol the Map Server (MS) accepts Map-Request from Ingress Tunnel Routers and Egress Tunnel Routers. These routers in trun look up the database and return the requested mapping to the endpoint user. However, this stage lacks data confidentiality and mutual authentication. Furthermore, the Locator/ID Separation Protocol limits the efficiency of the security protocol which works against redirecting the data or acting as fake routers. Thirdly, As a result of the vast increase in the different Internet of Things devices, the interconnected links between these devices increase vastly as well. Thus, the communication between the devices can be easily exposed to disclosures by attackers such as Man in the Middle Attacks (MitM) and Denial of Service Attack (DoS). This research provided a comprehensive study for Communication and Mobility in the Internet of Things as well as the taxonomy of different security protocols. It went on to investigate the security threats and vulnerabilities of Locator/ID Separation Protocol using X.805 framework standard. Then three Security protocols were provided to secure the exchanged transitions of communication in Locator/ID Separation Protocol. The first security protocol had been implemented to secure the Registration stage of Locator/ID separation using ID/Based cryptography method. The second security protocol was implemented to address the Resolving stage in the Locator/ID Separation Protocol between the Ingress Tunnel Router and Egress Tunnel Router using Challenge-Response authentication and Key Agreement technique. Where, the third security protocol had been proposed, analysed and evaluated for the Internet of Things communication devices. This protocol was based on the authentication and the group key agreement via using the El-Gamal concept. The developed protocols set an interface between each level of the phase to achieve security refinement architecture to Internet of Things based on Locator/ID Separation Protocol. These protocols were verified using Automated Validation Internet Security Protocol and Applications (AVISPA) which is a push button tool for the automated validation of security protocols and achieved results demonstrating that they do not have any security flaws. Finally, a performance analysis of security refinement protocol analysis and an evaluation were conducted using Contiki and Cooja simulation tool. The results of the performance analysis showed that the security refinement was highly scalable and the memory was quite efficient as it needed only 72 bytes of memory to store the keys in the Wireless Sensor Network (WSN) device

Securing IP Mobility Management for Vehicular Ad Hoc Networks

The proliferation of Intelligent Transportation Systems (ITSs) applications, such as Internet access and Infotainment, highlights the requirements for improving the underlying mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e., vehicles, with seamless communications, in which service continuity is guaranteed while vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless technologies. Due to its standardization and widely deployment, IP mobility (also called Mobile IP (MIP)) is the most popular mobility management protocol used for mobile networks including VANETs. In addition, because of the diversity of possible applications, the Internet Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However, many challenges have been posed for integrating IP mobility with VANETs, including the vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security perspective, we observe three main challenges: 1) each vehicle's anonymity and location privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer location privacy. In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can be revealed by other network entities and attackers. The mobile node's HoA and CoA represent its identity and its current location, respectively, therefore revealing an MN's HoA means breaking its anonymity while revealing an MN's CoA means breaking its location privacy. On one hand, some existing anonymity and location privacy schemes require intensive computations, which means they cannot be used in such time-restricted seamless communications. On the other hand, some schemes only achieve seamless communication through low anonymity and location privacy levels. Therefore, the trade-off between the network performance, on one side, and the MN's anonymity and location privacy, on the other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6 to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore, a mutual authentication between the MN and RN is required to thwart authentication attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure, which is used in public hotspots installed inside moving vehicles, protecting physical-layer location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily localize users by employing signals transmitted from these users. In this dissertation, we address those security challenges by proposing three security schemes to be employed for different mobility management scenarios in VANETs, namely, the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols. First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary sub-schemes: anonymous home binding update (AHBU) and anonymous return routability (ARR). In addition, anonymous mutual authentication and key establishment schemes have been proposed, to authenticate a mobile node to its foreign gateway and create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff between the networking performance and the achieved privacy level. Combining onion routing and the anonymizer in the ALPP scheme increases the achieved location privacy level, in which no entity in the network except the mobile node itself can identify this node's location. Using the entropy model, we show that ALPP achieves a higher degree of anonymity than that achieved by the mix-based scheme. Compared to existing schemes, the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both internal and external adversaries. Simulation results demonstrate that our sub-schemes have low control-packets routing delays, and are suitable for seamless communications. Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose EM3A, a novel mutual authentication scheme that guarantees the authenticity of both MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion, impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction with a proposed scheme for key establishment based on symmetric polynomials, to generate a shared secret key between an MN and an RN. This scheme achieves lower revocation overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP domain with n points of attachment and a symmetric polynomial of degree t, our scheme achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication schemes achieve only t-secrecy. Computation and communication overhead analysis as well as simulation results show that EM3A achieves low authentication delay and is suitable for seamless multi-hop IP communications. Furthermore, we present a case study of a multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming vehicle and its relay vehicle. Compared to other authentication schemes, we show that our MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication delay and communication overhead, respectively. Finally, we consider the physical-layer location privacy attacks in the NEMO-based VANETs scenario, such as would be presented by a public hotspot installed inside a moving vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and propose a new physical-layer location privacy scheme, the fake point-cluster based scheme, to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse the attackers by increasing the estimation errors of their Received Signal Strength (RSSs) measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted signals. We show that our scheme not only achieves higher location privacy, but also increases the overall network performance. Employing correctness, accuracy, and certainty as three different metrics, we analytically measure the location privacy achieved by our proposed scheme. In addition, using extensive simulations, we demonstrate that the fake point-cluster based scheme can be practically implemented in high-speed VANETs' scenarios

Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme

Remote Control of Unmanned Aerial Vehicles Through the Internet and IEEE 802.11

This dissertation focuses on real-time control of Unmanned Aerial Vehicles (UAVs) through TCP/IP/IEEE 802.11. Using the MAVLink protocol - an open-source protocol for micro air vehicles - a solution that allows the exchange, in real-time, of control messages between a UAV and a remote Control Station was implemented. In order to allow the UAV control by a remote user, the vehicle streams a real-time video feed captured by a video-camera on board. The main challenge of this dissertation is related about the designing and implementation of a fast handover solution that allows an uninterruptible communication

Survivability, Scalability and Security of Mobility Protocols

Today mobile computing has become a necessity and we are witnessing explosive growth in the number of mobile devices accessing the Internet. To facilitate continuous Internet connectivity for nodes and networks in motion, mobility protocols are required and they exchange various signaling messages with the mobility infrastructure for protocol operation. Proliferation in mobile computing has raised several research issues for the mobility protocols. First, it is essential to perform cost and scalability analysis of mobility protocols to find out their resource requirement to cope with future expansion. Secondly, mobility protocols have survivability issues and are vulnerable to security threats, since wireless communication media can be easily accessible to intruders. The third challenge in mobile computing is the protection ofsignaling messages against losses due to high bandwidth requirementof multimedia in mobile environments. However, there is lack of existing works that focus on the quantitative analysis of cost, scalability, survivability and security of mobility protocols.In this dissertation, we have performed comprehensive evaluation ofmobility protocols. We have presented tools and methodologies required for the cost, scalability, survivability and security analysis of mobilityprotocols. We have proposed a dynamic scheduling algorithm to protect mobility signaling message against losses due to increased multimedia traffic in mobile environments and have also proposed a mobile networkarchitecture that aims at maximizing bandwidth utilization. The analysis presented in this work can help network engineers compare different mobility protocols quantitatively, thereby choose one that is reliable, secure, survivable and scalable

Mobility management across converged IP-based heterogeneous access networks

In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Mobility management across converged IP-based heterogeneous access networks

In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Failure Analysis in Next-Generation Critical Cellular Communication Infrastructures

The advent of communication technologies marks a transformative phase in critical infrastructure construction, where the meticulous analysis of failures becomes paramount in achieving the fundamental objectives of continuity, security, and availability. This survey enriches the discourse on failures, failure analysis, and countermeasures in the context of the next-generation critical communication infrastructures. Through an exhaustive examination of existing literature, we discern and categorize prominent research orientations with focuses on, namely resource depletion, security vulnerabilities, and system availability concerns. We also analyze constructive countermeasures tailored to address identified failure scenarios and their prevention. Furthermore, the survey emphasizes the imperative for standardization in addressing failures related to Artificial Intelligence (AI) within the ambit of the sixth-generation (6G) networks, accounting for the forward-looking perspective for the envisioned intelligence of 6G network architecture. By identifying new challenges and delineating future research directions, this survey can help guide stakeholders toward unexplored territories, fostering innovation and resilience in critical communication infrastructure development and failure prevention

IP Mobility Support in Multi-hop Vehicular Communications Networks

The combination of infrastructure-to-vehicle and vehicle-to-vehicle communications, namely the multi-hop Vehicular Communications Network (VCN) , appears as a promising solution for the ubiquitous access to IP services in vehicular environments. In this thesis, we address the challenges of multi-hop VCN, and investigate the seamless provision of IP services over such network. Three different schemes are proposed and analyzed. First, we study the limitations of current standards for the provision of IP services, such as 802.11p/WAVE, and propose a framework that enables multi-hop communications and a robust IP mobility mechanism over WAVE. An accurate analytical model is developed to evaluate the throughput performance, and to determine the feasibility of the deployment of IP-based services in 802.11p/WAVE networks. Next, the IP mobility support is extended to asymmetric multi-hop VCN. The proposed IP mobility and routing mechanisms react to the asymmetric links, and also employ geographic location and road traffic information to enable predictive handovers. Moreover, since multi-hop communications suffer from security threats, it ensures that all mobility signalling is authenticated among the participant vehicles. Last, we extend our study to a heterogeneous multi-hop VCN, and propose a hybrid scheme that allows for the on-going IP sessions to be transferred along the heterogeneous communications system. The proposed global IP mobility scheme focuses on urban vehicular scenarios, and enables seamless communications for in-vehicle networks, commuters, and pedestrians. The overall performance of IP applications over multi-hop VCN are improved substantially by the proposed schemes. This is demonstrated by means of analytical evaluations, as well as extensive simulations that are carried out in realistic highway and urban vehicular scenarios. More importantly, we believe that our dissertation provides useful analytical tools, for evaluating the throughput and delay performance of IP applications in multi-hop vehicular environments. In addition, we provide a set of practical and efficient solutions for the seamless support of IP tra c along the heterogeneous and multi-hop vehicular network, which will help on achieving ubiquitous drive-thru Internet, and infotainment traffic access in both urban and highway scenarios