Authenticated wireless roaming via tunnels : making mobile guests feel at home

In wireless roaming a mobile device obtains a service from some foreign network while being registered for the similar service at its own home network. However, recent proposals try to keep the service provider role behind the home network and let the foreign network create a tunnel connection through which all service requests of the mobile device are sent to and answered directly by the home network. Such Wireless Roaming via Tunnels (WRT) others several (security) benefits but states also new security challenges on authentication and key establishment, as the goal is not only to protect the end-to-end communication between the tunnel peers but also the tunnel itself. In this paper we formally specify mutual authentication and key establishment goals for WRT and propose an efficient and provably secure protocol that can be used to secure such roaming session. Additionally, we describe some modular protocol extensions to address resistance against DoS attacks, anonymity of the mobile device and unlinkability of its roaming sessions, as well as the accounting claims of the foreign network in commercial scenarios

An Effective Authentication Scheme for Distributed Mobile Cloud Computing Services using a Single Private Key

Mobile cloud computing comprises of cloud computing, mobile computing and wireless network. Providing secure and convenience for the mobile users to access multiple cloud computing services is essential. This paper furnish an effective way of providing the authentication for the mobile users to access multiple cloud computing services. The proposed scheme outfit a secure and expediency for mobile users to access several cloud computing services from multiple service providers using a single private key. Our proposed scheme is based on bilinear pairing cryptosystem. In addition, the scheme also supports mutual authentication, key exchange, user anonymity. To overcome the vulnerabilities of traditional methods, from system implementation point of view, the proposed scheme eliminates the usage of verification tables that are required to store the user credentials(user ID and password) which are the part of smart card generator service and cloud computing service provider

A framework for secure mobility in wireless overlay networks

Various wireless networks are widely deployed world wide. Current technologies employed in these networks vary widely in terms of bandwidths, latencies, frequencies, and media access methods. Most existing wireless network technologies can be divided into two categories: those that provide a low-bandwidth service over a wide geographic area, for example UMTS, and those that provide a high bandwidth service over a narrow geographic area, for example 802.11. Although it would be desirable to provide a high- bandwidth service over a wide coverage region to mobile users all the time, no single wireless network technology simultaneously satisfies these require- ments. Wireless Overlay Networks, a hierarchical structure of wireless personal area, local area, and wide area data networks, is considered as an efficient and scalable way to solve this problem. Due to the wide deployment of UMTS and 802.11 WLAN, this study attempts to combine them to implement the concept of Wireless Overlay Net- works. Furthermore, the information transmitted over this Wireless Overlay Networks is protected in terms of authentication, integrity and confidentiality. To achieve this goal, this study aims to combine GPRS, Mobile IP and IPSec to propose a framework for secure mobility in Wireless Overlay Networks. The framework is developed in three steps: Firstly, this study addresses the problem of combining GPRS and Mo- bile IP, so that GPRS users are provided with Mobile IP service. This results in presenting a uniform Mobile IP interface to peers regardless of whether mobile users use UMTS or 802.11 WLAN. Secondly, this study discovers the existing problem when combining Mobile IP and IPSec, and proposes a Dual Home Agent Architecture to achieve secure mobility. Finally, based on the output of the previous two steps, a complete framework is proposed, which achieves secure mobility in Wireless Overlay Networks, specifically, in UMTS and 802.11 WLAN. The framework also implements seamless handover when mobile users switch between UMTS and 802.11. This results in UMTS and 802.11 WLAN looking like a single network when participating in this framework, and presents seamless and secure mobility

IPTV Service Framework Based on Secure Authentication and Lightweight Content Encryption for Screen-Migration in Cloud Computing

These days, the advancing of smart devices (e.g. smart phones, tablets, PC, etc.) capabilities and the increase of internet bandwidth enables IPTV service provider to extend their services to smart mobile devices. User can just receive their IPTV service using any smart devices by accessing the internet via wireless network from anywhere anytime in the world which is convenience for users. However, wireless network communication has well a known critical security threats and vulnerabilities to user smart devices and IPTV service such as user identity theft, reply attack, MIM attack, and so forth. A secure authentication for user devices and multimedia protection mechanism is necessary to protect both user devices and IPTV services. As result, we proposed framework of IPTV service based on secure authentication mechanism and lightweight content encryption method for screen-migration in Cloud computing. We used cryptographic nonce combined with user ID and password to authenticate user device in any mobile terminal they passes by. In addition we used Lightweight content encryption to protect and reduce the content decode overload at mobile terminals. Our proposed authentication mechanism reduces the computational processing by 30% comparing to other authentication mechanism and our lightweight content encryption reduces encryption delay to 0.259 second

Survey on EAACK - A Secure Intrusion-Detection System for MANETs

The past few decade migration to wireless network from wired network has been a global trend. Wireless network made it possible in many applications to have mobility and scalability. Among all the modern wireless networks, Mobile Ad hoc NETwork (MANET) is one of the most important and unique applications. MANET is more popular now days. On the conflicting to traditional network architecture, MANET not has a fixed network infrastructure; every single node works as both a transmitter and a receiver. Nodes within same communication range are communicated directly with each other. Otherwise, they depend on their neighbors to relay messages. Because of the self-configuring ability of nodes in MANET made it popular among critical mission applications like military use or emergency recovery. Now days, security has become a very important service in Mobile Adhoc Network. As Compared with other networks, MANETs are more vulnerable to various types of attacks. This paper presents an overview of Secure Intrusion-Detection Systems for discovering malicious nodes and attacks on MANETs. Because of some special characteristics of MANETs, prevention mechanisms alone are not satisfied to manage the secure networks. In this, detection should be focused as another part before an attacker can damage the structure of the system. This paper gives an overall overview of IDS architecture for improving the security level of MANETs. For enhancing the security based on security attributes and then various algorithms like RSA and DSA

Models and Protocols for Resource Optimization in Wireless Mesh Networks

Wireless mesh networks are built on a mix of fixed and mobile nodes interconnected via wireless links to form a multihop ad hoc network. An emerging application area for wireless mesh networks is their evolution into a converged infrastructure used to share and extend, to mobile users, the wireless Internet connectivity of sparsely deployed fixed lines with heterogeneous capacity, ranging from ISP-owned broadband links to subscriber owned low-speed connections. In this thesis we address different key research issues for this networking scenario. First, we propose an analytical predictive tool, developing a queuing network model capable of predicting the network capacity and we use it in a load aware routing protocol in order to provide, to the end users, a quality of service based on the throughput. We then extend the queuing network model and introduce a multi-class queuing network model to predict analytically the average end-to-end packet delay of the traffic flows among the mobile end users and the Internet. The analytical models are validated against simulation. Second, we propose an address auto-configuration solution to extend the coverage of a wireless mesh network by interconnecting it to a mobile ad hoc network in a transparent way for the infrastructure network (i.e., the legacy Internet interconnected to the wireless mesh network). Third, we implement two real testbed prototypes of the proposed solutions as a proof-of-concept, both for the load aware routing protocol and the auto-configuration protocol. Finally we discuss the issues related to the adoption of ad hoc networking technologies to address the fragility of our communication infrastructure and to build the next generation of dependable, secure and rapidly deployable communications infrastructures

An adaptive approach to service discovery in ad hoc networks

Service discovery allows the interaction between network nodes to cooperate in activities or to share resources in client-server, multi-layer, as well as in peer-to-peer architectures. Ad hoc networks pose a great challenge in the design of efficient mechanisms for service discovery. The lack of infrastructure along with node mobility makes it difficult to build robust, scalable and secure mechanisms for ad hoc networks. This paper proposes a scalable service discovery architecture based on directory nodes organized in an overlay network. In the proposed architecture, directory nodes are dynamically created with the aim of uniformly covering the entire network while decreasing the query latency for a service (QoS) and the number of control messages for the sake of increased scalability.8th IFIP/IEEE International conference on Mobile and Wireless CommunicationRed de Universidades con Carreras en Informática (RedUNCI