536 research outputs found
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation wireless networks such as providing flexible,
adaptive, and reconfigurable architecture while offering cost-effective
solutions to service providers. As WMNs become an increasingly popular
replacement technology for last-mile connectivity to the home networking,
community and neighborhood networking, it is imperative to design efficient and
secure communication protocols for these networks. However, several
vulnerabilities exist in currently existing protocols for WMNs. These security
loopholes can be exploited by potential attackers to launch attack on WMNs. The
absence of a central point of administration makes securing WMNs even more
challenging. The broadcast nature of transmission and the dependency on the
intermediate nodes for multi-hop communications lead to several security
vulnerabilities in WMNs. The attacks can be external as well as internal in
nature. External attacks are launched by intruders who are not authorized users
of the network. For example, an intruding node may eavesdrop on the packets and
replay those packets at a later point of time to gain access to the network
resources. On the other hand, the internal attacks are launched by the nodes
that are part of the WMN. On example of such attack is an intermediate node
dropping packets which it was supposed to forward. This chapter presents a
comprehensive discussion on the current authentication and privacy protection
schemes for WMN. In addition, it proposes a novel security protocol for node
authentication and message confidentiality and an anonymization scheme for
privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's
previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v
Seamless connectivity architecture and methods for IoT and wearable devices
Wearable and Internet of Things (IoT) devices have the potential to improve lifestyle, personalize receiving treatments or introduce assisted living for elderly people. However, service delivery depends on maintaining and troubleshooting device connectivity to smartphones, where user engagement and technology proficiency represent a possible barrier that prevents a wider adoption, especially in the elderly and disabled population. Low-cost and low-power wearable and IoT devices face challenges when operating out of range of known home networks or pared devices. We propose an architecture and methods to provide seamless connectivity (Se-Co) between devices and wireless networks while maintaining low-power, low-cost and standards compatibility. Through Se-Co, the devices connect without user interaction both in home and in unknown roaming networks while maintaining anonymity, privacy and security. Roaming networks approve data limited connectivity to unknown devices that are able to provide a valid anonymized certificate of compliance and no harm through a home provider. Se-Co enables shifting data processing, such as pattern processing using artificial intelligence, from a wearable device or smartphone towards the cloud. The proposed Se-Co architecture could provide solutions to increase usability of wearable devices and improve their wider adoption, while keeping low the costs of devices, development and services
Migration control for mobile agents based on passport and visa
Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system
Securing IP Mobility Management for Vehicular Ad Hoc Networks
The proliferation of Intelligent Transportation Systems (ITSs) applications, such as
Internet access and Infotainment, highlights the requirements for improving the underlying
mobility management protocols for Vehicular Ad Hoc Networks (VANETs). Mobility
management protocols in VANETs are envisioned to support mobile nodes (MNs), i.e.,
vehicles, with seamless communications, in which service continuity is guaranteed while
vehicles are roaming through different RoadSide Units (RSUs) with heterogeneous wireless
technologies.
Due to its standardization and widely deployment, IP mobility (also called Mobile IP
(MIP)) is the most popular mobility management protocol used for mobile networks including
VANETs. In addition, because of the diversity of possible applications, the Internet
Engineering Task Force (IETF) issues many MIP's standardizations, such as MIPv6 and
NEMO for global mobility, and Proxy MIP (PMIPv6) for localized mobility. However,
many challenges have been posed for integrating IP mobility with VANETs, including the
vehicle's high speeds, multi-hop communications, scalability, and ef ficiency. From a security
perspective, we observe three main challenges: 1) each vehicle's anonymity and location
privacy, 2) authenticating vehicles in multi-hop communications, and 3) physical-layer
location privacy.
In transmitting mobile IPv6 binding update signaling messages, the mobile node's Home
Address (HoA) and Care-of Address (CoA) are transmitted as plain-text, hence they can
be revealed by other network entities and attackers. The mobile node's HoA and CoA
represent its identity and its current location, respectively, therefore revealing an MN's HoA
means breaking its anonymity while revealing an MN's CoA means breaking its location
privacy. On one hand, some existing anonymity and location privacy schemes require
intensive computations, which means they cannot be used in such time-restricted seamless
communications. On the other hand, some schemes only achieve seamless communication
through low anonymity and location privacy levels. Therefore, the trade-off between the
network performance, on one side, and the MN's anonymity and location privacy, on the
other side, makes preservation of privacy a challenging issue. In addition, for PMIPv6
to provide IP mobility in an infrastructure-connected multi-hop VANET, an MN uses a
relay node (RN) for communicating with its Mobile Access Gateway (MAG). Therefore,
a mutual authentication between the MN and RN is required to thwart authentication
attacks early in such scenarios. Furthermore, for a NEMO-based VANET infrastructure,
which is used in public hotspots installed inside moving vehicles, protecting physical-layer
location privacy is a prerequisite for achieving privacy in upper-layers such as the IP-layer. Due to the open nature of the wireless environment, a physical-layer attacker can easily
localize users by employing signals transmitted from these users.
In this dissertation, we address those security challenges by proposing three security
schemes to be employed for different mobility management scenarios in VANETs, namely,
the MIPv6, PMIPv6, and Network Mobility (NEMO) protocols.
First, for MIPv6 protocol and based on the onion routing and anonymizer, we propose
an anonymous and location privacy-preserving scheme (ALPP) that involves two complementary
sub-schemes: anonymous home binding update (AHBU) and anonymous return
routability (ARR). In addition, anonymous mutual authentication and key establishment
schemes have been proposed, to authenticate a mobile node to its foreign gateway and
create a shared key between them. Unlike existing schemes, ALPP alleviates the tradeoff
between the networking performance and the achieved privacy level. Combining onion
routing and the anonymizer in the ALPP scheme increases the achieved location privacy
level, in which no entity in the network except the mobile node itself can identify this
node's location. Using the entropy model, we show that ALPP achieves a higher degree of
anonymity than that achieved by the mix-based scheme. Compared to existing schemes,
the AHBU and ARR sub-schemes achieve smaller computation overheads and thwart both
internal and external adversaries. Simulation results demonstrate that our sub-schemes
have low control-packets routing delays, and are suitable for seamless communications.
Second, for the multi-hop authentication problem in PMIPv6-based VANET, we propose
EM3A, a novel mutual authentication scheme that guarantees the authenticity of both
MN and RN. EM3A thwarts authentication attacks, including Denial of service (DoS), collusion,
impersonation, replay, and man-in-the-middle attacks. EM3A works in conjunction
with a proposed scheme for key establishment based on symmetric polynomials, to generate
a shared secret key between an MN and an RN. This scheme achieves lower revocation
overhead than that achieved by existing symmetric polynomial-based schemes. For a PMIP
domain with n points of attachment and a symmetric polynomial of degree t, our scheme
achieves t x 2^n-secrecy, whereas the existing symmetric polynomial-based authentication
schemes achieve only t-secrecy. Computation and communication overhead analysis as well
as simulation results show that EM3A achieves low authentication delay and is suitable
for seamless multi-hop IP communications. Furthermore, we present a case study of a
multi-hop authentication PMIP (MA-PMIP) implemented in vehicular networks. EM3A
represents the multi-hop authentication in MA-PMIP to mutually authenticate the roaming
vehicle and its relay vehicle. Compared to other authentication schemes, we show that our
MA-PMIP protocol with EM3A achieves 99.6% and 96.8% reductions in authentication
delay and communication overhead, respectively.
Finally, we consider the physical-layer location privacy attacks in the NEMO-based
VANETs scenario, such as would be presented by a public hotspot installed inside a moving
vehicle. We modify the obfuscation, i.e., concealment, and power variability ideas and
propose a new physical-layer location privacy scheme, the fake point-cluster based scheme,
to prevent attackers from localizing users inside NEMO-based VANET hotspots. Involving
the fake point and cluster based sub-schemes, the proposed scheme can: 1) confuse
the attackers by increasing the estimation errors of their Received Signal Strength (RSSs)
measurements, and 2) prevent attackers' monitoring devices from detecting the user's transmitted
signals. We show that our scheme not only achieves higher location privacy, but
also increases the overall network performance. Employing correctness, accuracy, and certainty
as three different metrics, we analytically measure the location privacy achieved by
our proposed scheme. In addition, using extensive simulations, we demonstrate that the
fake point-cluster based scheme can be practically implemented in high-speed VANETs'
scenarios
- …