Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

The Design of Efficient Internetwork Authentication for Ubiquitous Wireless Communications

A variety of wireless technologies have been standardized and commercialized, but no single solution is considered the best to satisfy all communication needs due to different coverage and bandwidth limitations. Therefore, internetworking between heterogeneous wireless networks is extremely important for ubiquitous and high performance wireless communications. The security problem is one of the major challenges in internetworking. To date, most research on internetwork authentication has focused on centralized authentication approaches, where the home network participates in each authentication process. For high latency between the home and visiting networks, such approaches tend to be inefficient. In this paper, we describe chained authentication, which requires collaboration between adjacent networks without involvement of the home network. After categorizing chained protocols, we propose a novel design of chained authentication methods under 3G-WLAN internetworking. The experiments show that proactive context transfer and ticket forwarding reduce the 3G authentication latency to 36.8% and WLAN EAP-TLS latency to 23.1% when RTT between visiting and home networks is 200 ms

Network layer access control for context-aware IPv6 applications

As part of the Lancaster GUIDE II project, we have developed a novel wireless access point protocol designed to support the development of next generation mobile context-aware applications in our local environs. Once deployed, this architecture will allow ordinary citizens secure, accountable and convenient access to a set of tailored applications including location, multimedia and context based services, and the public Internet. Our architecture utilises packet marking and network level packet filtering techniques within a modified Mobile IPv6 protocol stack to perform access control over a range of wireless network technologies. In this paper, we describe the rationale for, and components of, our architecture and contrast our approach with other state-of-the- art systems. The paper also contains details of our current implementation work, including preliminary performance measurements

HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

Advanced Signaling Support for IP-based Networks

This work develops a set of advanced signaling concepts for IP-based networks. It proposes a design for secure and authentic signaling and provides QoS signaling support for mobile users. Furthermore, this work develops methods which allow for scalable QoS signaling by realizing QoS-based group communication mechanisms and through aggregation of resource reservations

Anonymity and untraceability assessment of authentication protocols in proxy mobile IPv6

The Proxy Mobile IPv6 or the PMIPv6 is a protocol for mobile management as established by the Internet Engineering Task Force or IETF to assist in the intense usage of mobile devices and to lower the overhead of signaling. As the inclusion of the mobile node in the signaling related to mobility is not necessary, this type of solutions based on networks optimize the performance of the handover based on signaling overhead and handover latency. Nevertheless, the PMIPv6 has several disadvantages such as issues of privacy and security. The process of authentication of users is usually needed at the time of connecting to a wireless network. The mobile users might wander away from their home networks and be approached by other network services. These network services would usually require the users' credentials to authorize the usage of the service. In order to retain a level of anonymity, various degrees of information are required to be safe guarded including the Local Mobility Anchor ID, Media Access Gateway, and Mobile Node. Nevertheless, a few methods of authentication have been suggested to enhance the PMIPv6's performance since 2008 when this protocol was first established [1]; however, the issues of privacy are often ignored. This study attempts to evaluate the authentication methods of the PMIPv6 according to the anonymity of several network mechanisms. The findings of this study reveal that it is important to suggest an appropriate method of enhancing the protection and privacy of network mechanisms

Improving and distributing key management on mobile networks

We address the problem of mobile network key management and authentication that negatively affects the handoff performance, adds overhead to the system in terms of key exchange signaling, authentication, and key distribution. We aim to improve the efficiency of the key management subsystem and to reduce investment pressure on core network elements. We address all these problems successfully. Our novel SKC key management mechanism is the best key management mechanism among the ones we found in reducing signaling load from the KD and making the mobility system independent of the AP-KD link delay. It is a significant contribution to the mobile network key management with fast handoffs when separate keys for APs are required and has many useful applications. Our novel receiver and sender ID binding protocol with symmetric keys is new and shows analogy with Identity Based Cryptography. It is a generalization of the identity binding that SKC is using. Furthermore, our distributed AAA architecture with SKC, certificates, and hardware-based security is a disruptive proposal and show how the mobile network KD can be distributed to the edge nodes. Our quantitative analysis and comparison of SKC and LTE key management is new and not seen before. Our research affected the LTE Security standardization and contributes to the research and development of home base stations, community and municipal Wi-Fi access points

Study and development of a remote biometric authentication protocol

This paper reports the phases of study and implementation of a remote biometric authentication protocol developed during my internship at the I.i.t. of the C.n.r. in Pisa. Starting from the study of authentication history we had a look from the first system used since the 60ies to the latest technology; this helped us understand how we could realize a demonstration working protocol that could achieve a web remote authentication granting good reliability: to do this we choosed to modify the SSL handshake with biometric tests and we decided to use smart-cards a secure vault for the sensible biometric data involved. In the first chapter you will find a brief definition of authentication and an introduction on how we can achieve it, with a particular focus on new biometric techniques. In the second chapter there\u27s the history of authentication from the very first password system to actual ones: new token and smart card technolgies are longer stressed in order to introduce the reader to the last chapter. In the third chapter you will find the project framework, the development of our implementation choiches and the source code of the demo project