Trust model for certificate revocation in Ad hoc networks

In this paper we propose a distributed trust model for certificate revocation in Adhoc networks. The proposed model allows trust to be built over time as the number of interactions between nodes increase. Furthermore, trust in a node is defined not only in terms of its potential for maliciousness, but also in terms of the quality of the service it provides. Trust in nodes where there is little or no history of interactions is determined by recommendations from other nodes. If the nodes in the network are selfish, trust is obtained by an exchange of portfolios. Bayesian networks form the underlying basis for this model

PROTECT: Proximity-based Trust-advisor using Encounters for Mobile Societies

Many interactions between network users rely on trust, which is becoming particularly important given the security breaches in the Internet today. These problems are further exacerbated by the dynamics in wireless mobile networks. In this paper we address the issue of trust advisory and establishment in mobile networks, with application to ad hoc networks, including DTNs. We utilize encounters in mobile societies in novel ways, noticing that mobility provides opportunities to build proximity, location and similarity based trust. Four new trust advisor filters are introduced - including encounter frequency, duration, behavior vectors and behavior matrices - and evaluated over an extensive set of real-world traces collected from a major university. Two sets of statistical analyses are performed; the first examines the underlying encounter relationships in mobile societies, and the second evaluates DTN routing in mobile peer-to-peer networks using trust and selfishness models. We find that for the analyzed trace, trust filters are stable in terms of growth with time (3 filters have close to 90% overlap of users over a period of 9 weeks) and the results produced by different filters are noticeably different. In our analysis for trust and selfishness model, our trust filters largely undo the effect of selfishness on the unreachability in a network. Thus improving the connectivity in a network with selfish nodes. We hope that our initial promising results open the door for further research on proximity-based trust

A robust self-organized public key management for mobile ad hoc networks

A mobile ad hoc network (MANET) is a self-organized wireless network where mobile nodes can communicate with each other without the use of any existing network infrastructure or centralized administration. Trust establishment and management are essential for any security framework of MANETs. However, traditional solutions to key management through accessing trusted authorities or centralized servers are infeasible for MANETs due to the absence of infrastructure, frequent mobility, and wireless link instability. In this paper, we propose a robust self-organized, public key management for MANETs. The proposed scheme relies on establishing a small number of trust relations between neighboring nodes during the network initialization phase. Experiences gained as a result of successful communications and node mobility through the network enhance the formation of a web of trust between mobile nodes. The proposed scheme allows each user to create its public key and the corresponding private key, to issue certificates to neighboring nodes, and to perform public key authentication through at least two independent certificate chains without relying on any centralized authority. A measure of the communications cost of the key distribution process has been proposed. Simulation results show that the proposed scheme is robust and efficient in the mobility environment of MANET and against malicious node attacks

The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach

Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.Comment: 27 page

Passive security threats and consequences in IEEE 802.11 wireless mesh networks

The Wireless Mesh Network (WMN) is ubiquitous emerging broadband wireless network. However, the open wireless medium, multi-hop multi-radio architecture and ad-hoc connectivity amongst end-users are such characteristics which increases the vulnerabilities of WMN towards many passive and active attacks. A secure network ensures the confidentiality, integrity and availability of wireless network. Integrity and availability is compromised by active attacks, while the confidentiality of end-users traffic is compromised by passive attacks. Passive attacks are silent in nature and do not harm the network traffic or normal network operations, therefore very difficult to detect. However, passive attacks lay down a foundation for later launching an active attack. In this article, we discuss the vulnerable features and possible passive threats in WMN along with current security mechanisms as well as future research directions. This article will serve as a baseline guide for the passive security threats and related issues in WMNs

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio