A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

LATEST ADVANCES ON SECURITY ARCHITECTURE FOR 5G TECHNOLOGY AND SERVICES

The roll out of the deployment of the 5G technology has been ongoing globally. The deployment of the technologies associated with 5G has seen mixed reaction as regards its prospects to improve communication services in all spares of life amid its security concerns. The security concerns of 5G network lies in its architecture and other technologies that optimize the performance of its architecture. There are many fractions of 5G security architecture in the literature, a holistic security architectural structure will go a long way in tackling the security challenges. In this paper, the review of the security challenges of the 5G technology based on its architecture is presented along with their proposed solutions. This review was carried out with some keywords relating to 5G securities and architecture; this was used to retrieve appropriate literature for fitness of purpose. The 5G security architectures are mojorly centered around the seven network security layers; thereby making each of the layers a source of security concern on the 5G network. Many of the 5G security challenges are related to authentication and authorization such as denial-of-service attacks, man in the middle attack and eavesdropping. Different methods both hardware (Unmanned Aerial Vehicles, field programmable logic arrays) and software (Artificial intelligence, Machine learning, Blockchain, Statistical Process Control) has been proposed for mitigating the threats. Other technologies applicable to 5G security concerns includes: Multi-radio access technology, smart-grid network and light fidelity. The implementation of these solutions should be reviewed on a timely basis because of the dynamic nature of threats which will greatly reduce the occurrence of security attacks on the 5G network

Certificateless Algorithm for Body Sensor Network and Remote Medical Server Units Authentication over Public Wireless Channels

Wireless sensor networks process and exchange mission-critical data relating to patients’ health status. Obviously, any leakages of the sensed data can have serious consequences which can endanger the lives of patients. As such, there is need for strong security and privacy protection of the data in storage as well as the data in transit. Over the recent past, researchers have developed numerous security protocols based on digital signatures, advanced encryption standard, digital certificates and elliptic curve cryptography among other approaches. However, previous studies have shown the existence of many security and privacy gaps that can be exploited by attackers to cause some harm in these networks. In addition, some techniques such as digital certificates have high storage and computation complexities occasioned by certificate and public key management issues. In this paper, a certificateless algorithm is developed for authenticating the body sensors and remote medical server units. Security analysis has shown that it offers data privacy, secure session key agreement, untraceability and anonymity. It can also withstand typical wireless sensor networks attacks such as impersonation, packet replay and man-in-the-middle. On the other hand, it is demonstrated to have the least execution time and bandwidth requirements

SCC5G: A PQC-based Architecture for Highly Secure Critical Communication over Cellular Network in Zero-Trust Environment

5G made a significant jump in cellular network security by offering enhanced subscriber identity protection and a user-network mutual authentication implementation. However, it still does not fully follow the zero-trust (ZT) requirements, as users need to trust the network, 5G network is not necessarily authenticated in each communication instance, and there is no mutual authentication between end users. When critical communications need to use commercial networks, but the environment is ZT, specific security architecture is needed to provide security services that do not rely on any 5G network trusted authority. In this paper, we propose SCC5G Secure Critical-mission Communication over a 5G network in ZT setting. SCC5G is a post-quantum cryptography (PQC) security solution that loads an embedded hardware root of authentication (HRA), such as physically unclonable functions (PUF), into the users' devices, to achieve tamper-resistant and unclonability features for authentication and key agreement. We evaluate the performance of the proposed architecture through an exhaustive simulation of a 5G network in an ns-3 network simulator. Results verify the scalability and efficiency of SCC5G by showing that it poses only a few kilobytes of traffic overhead and adds only an order of $O(0.1)$ second of latency under the normal traffic load

A Comprehensive Survey on Exiting Solution Approaches towards Security and Privacy Requirements of IoT

‘Internet of Things (IoT)’emerged as an intelligent collaborative computation and communication between a set of objects capable of providing on-demand services to other objects anytime anywhere. A large-scale deployment of data-driven cloud applications as well as automated physical things such as embed electronics, software, sensors and network connectivity enables a joint ubiquitous and pervasive internet-based computing systems well capable of interacting with each other in an IoT. IoT, a well-known term and a growing trend in IT arena certainly bring a highly connected global network structure providing a lot of beneficial aspects to a user regarding business productivity, lifestyle improvement, government efficiency, etc. It also generates enormous heterogeneous and homogeneous data needed to be analyzed properly to get insight into valuable information. However, adoption of this new reality (i.e., IoT) by integrating it with the internet invites a certain challenges from security and privacy perspective. At present, a much effort has been put towards strengthening the security system in IoT still not yet found optimal solutions towards current security flaws. Therefore, the prime aim of this study is to investigate the qualitative aspects of the conventional security solution approaches in IoT. It also extracts some open research problems that could affect the future research track of IoT arena

Security for network services delivery of 5G enabled device-to-device communications mobile network

The increase in mobile traffic led to the development of Fifth Generation (5G) mobile network. 5G will provide Ultra Reliable Low Latency Communication (URLLC), Massive Machine Type Communication (mMTC), enhanced Mobile Broadband (eMBB). Device-to-Device (D2D) communications will be used as the underlaying technology to offload traffic from 5G Core Network (5GC) and push content closer to User Equipment (UE). It will be supported by a variety of Network Service (NS) such as Content-Centric Networking (CCN) that will provide access to other services and deliver content-based services. However, this raises new security and delivery challenges. Therefore, research was conducted to address the security issues in delivering NS in 5G enabled D2D communications network. To support D2D communications in 5G, this thesis introduces a Network Services Delivery (NSD) framework defining an integrated system model. It incorporates Cloud Radio Access Network (C-RAN) architecture, D2D communications, and CCN to support 5G’s objectives in Home Network (HN), roaming, and proximity scenarios. The research explores the security of 5G enabled D2D communications by conducting a comprehensive investigation on security threats. It analyses threats using Dolev Yao (DY) threat model and evaluates security requirements using a systematic approach based on X.805 security framework. Which aligns security requirements with network connectivity, service delivery, and sharing between entities. This analysis highlights the need for security mechanisms to provide security to NSD in an integrated system, to specify these security mechanisms, a security framework to address the security challenges at different levels of the system model is introduced. To align suitable security mechanisms, the research defines underlying security protocols to provide security at the network, service, and D2D levels. This research also explores 5G authentication protocols specified by the Third Generation Partnership Project (3GPP) for securing communication between UE and HN, checks the security guarantees of two 3GPP specified protocols, 5G-Authentication and Key Agreement (AKA) and 5G Extensive Authentication Protocol (EAP)-AKA’ that provide primary authentication at Network Access Security (NAC). The research addresses Service Level Security (SLS) by proposing Federated Identity Management (FIdM) model to integrate federated security in 5G, it also proposes three security protocols to provide secondary authentication and authorization of UE to Service Provider (SP). It also addresses D2D Service Security (DDS) by proposing two security protocols that secure the caching and sharing of services between two UEs in different D2D communications scenarios. All protocols in this research are verified for functional correctness and security guarantees using a formal method approach and semi-automated protocol verifier. The research conducts security properties and performance evaluation of the protocols for their effectiveness. It also presents how each proposed protocol provides an interface for an integrated, comprehensive security solution to secure communications for NSD in a 5G enabled D2D communications network. The main contributions of this research are the design and formal verification of security protocols. Performance evaluation is supplementary

A Blockchain-Based Multi-Factor Authentication Model for a Cloud-Enabled Internet of Vehicles.

Continuous and emerging advances in Information and Communication Technology (ICT) have enabled Internet-of-Things (IoT)-to-Cloud applications to be induced by data pipelines and Edge Intelligence-based architectures. Advanced vehicular networks greatly benefit from these architectures due to the implicit functionalities that are focused on realizing the Internet of Vehicle (IoV) vision. However, IoV is susceptible to attacks, where adversaries can easily exploit existing vulnerabilities. Several attacks may succeed due to inadequate or ineffective authentication techniques. Hence, there is a timely need for hardening the authentication process through cutting-edge access control mechanisms. This paper proposes a Blockchain-based Multi-Factor authentication model that uses an embedded Digital Signature (MFBC_eDS) for vehicular clouds and Cloud-enabled IoV. Our proposed MFBC_eDS model consists of a scheme that integrates the Security Assertion Mark-up Language (SAML) to the Single Sign-On (SSO) capabilities for a connected edge to cloud ecosystem. MFBC_eDS draws an essential comparison with the baseline authentication scheme suggested by Karla and Sood. Based on the foundations of Karla and Sood's scheme, an embedded Probabilistic Polynomial-Time Algorithm (ePPTA) and an additional Hash function for the Pi generated during Karla and Sood's authentication were proposed and discussed. The preliminary analysis of the proposition shows that the approach is more suitable to counter major adversarial attacks in an IoV-centered environment based on the Dolev-Yao adversarial model while satisfying aspects of the Confidentiality, Integrity, and Availability (CIA) triad

Computational and symbolic analysis of distance-bounding protocols

Contactless technologies are gaining more popularity everyday. Credit cards enabled with contactless payment, smart cards for transport ticketing, NFC-enabled mobile phones, and e-passports are just a few examples of contactless devices we are familiar with nowadays. Most secure systems meant for these devices presume physical proximity between the device and the reader terminal, due to their short communication range. In theory, a credit card should not be charged of an on-site purchase if the card is not up to a few centimeters away from the payment terminal. In practice, this is not always true. Indeed, some contactless payment protocols, such as Visa's payWave, have been shown vulnerable to relay attacks. In a relay attack, a man-in-the-middle uses one or more relay devices in order to make two distant devices believe they are close. Relay attacks have been implemented also to bypass keyless entry and start systems in various modern cars. Relay attacks can be defended against with distance-bounding protocols, which are security protocols that measure the round-trip times of a series of challenge/response rounds in order to guarantee physical proximity. A large number of these protocols have been proposed and more sophisticated attacks against them have been discovered. Thus, frameworks for systematic security analysis of these protocols have become of high interest. As traditional security models, distance-bounding security models sit within the two classical approaches: the computational and the symbolic models. In this thesis we propose frameworks for security analysis of distance-bounding protocols, within the two aforementioned models. First, we develop an automata-based computational framework that allows us to generically analyze a large class of distance-bounding protocols. Not only does the proposed framework allow us to straightforwardly deliver computational (in)security proofs but it also permits us to study problems such as optimal trade-offs between security and space complexity. Indeed, we solve this problem for a prominent class of protocols, and propose a protocol solution that is optimally secure amongst space-constrained protocols within the considered class. Second, by building up on an existing symbolic framework, we develop a causality-based characterization of distance-bounding security. This constitutes the first symbolic property that guarantees physical proximity without modeling continuous time or physical location. We extend further our formalism in order to capture a non-standard attack known as terrorist fraud. By using our definitions and the verification tool Tamarin, we conduct a security survey of over 25 protocols, which include industrial protocols based on the ISO/IEC 14443 standard such as NXP's MIFARE Plus with proximity check and Mastercard's PayPass payment protocol. For the industrial protocols we find attacks, propose fixes and deliver security proofs of the repaired versions