3,956 research outputs found
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Still Wrong Use of Pairings in Cryptography
Several pairing-based cryptographic protocols are recently proposed with a
wide variety of new novel applications including the ones in emerging
technologies like cloud computing, internet of things (IoT), e-health systems
and wearable technologies. There have been however a wide range of incorrect
use of these primitives. The paper of Galbraith, Paterson, and Smart (2006)
pointed out most of the issues related to the incorrect use of pairing-based
cryptography. However, we noticed that some recently proposed applications
still do not use these primitives correctly. This leads to unrealizable,
insecure or too inefficient designs of pairing-based protocols. We observed
that one reason is not being aware of the recent advancements on solving the
discrete logarithm problems in some groups. The main purpose of this article is
to give an understandable, informative, and the most up-to-date criteria for
the correct use of pairing-based cryptography. We thereby deliberately avoid
most of the technical details and rather give special emphasis on the
importance of the correct use of bilinear maps by realizing secure
cryptographic protocols. We list a collection of some recent papers having
wrong security assumptions or realizability/efficiency issues. Finally, we give
a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page
On the Relations Between Diffie-Hellman and ID-Based Key Agreement from Pairings
This paper studies the relationships between the traditional Diffie-Hellman
key agreement protocol and the identity-based (ID-based) key agreement protocol
from pairings.
For the Sakai-Ohgishi-Kasahara (SOK) ID-based key construction, we show that
identical to the Diffie-Hellman protocol, the SOK key agreement protocol also
has three variants, namely \emph{ephemeral}, \emph{semi-static} and
\emph{static} versions. Upon this, we build solid relations between
authenticated Diffie-Hellman (Auth-DH) protocols and ID-based authenticated key
agreement (IB-AK) protocols, whereby we present two \emph{substitution rules}
for this two types of protocols. The rules enable a conversion between the two
types of protocols. In particular, we obtain the \emph{real} ID-based version
of the well-known MQV (and HMQV) protocol.
Similarly, for the Sakai-Kasahara (SK) key construction, we show that the key
transport protocol underlining the SK ID-based encryption scheme (which we call
the "SK protocol") has its non-ID counterpart, namely the Hughes protocol.
Based on this observation, we establish relations between corresponding
ID-based and non-ID-based protocols. In particular, we propose a highly
enhanced version of the McCullagh-Barreto protocol
The Wiretap Channel with Feedback: Encryption over the Channel
In this work, the critical role of noisy feedback in enhancing the secrecy
capacity of the wiretap channel is established. Unlike previous works, where a
noiseless public discussion channel is used for feedback, the feed-forward and
feedback signals share the same noisy channel in the present model. Quite
interestingly, this noisy feedback model is shown to be more advantageous in
the current setting. More specifically, the discrete memoryless modulo-additive
channel with a full-duplex destination node is considered first, and it is
shown that the judicious use of feedback increases the perfect secrecy capacity
to the capacity of the source-destination channel in the absence of the
wiretapper. In the achievability scheme, the feedback signal corresponds to a
private key, known only to the destination. In the half-duplex scheme, a novel
feedback technique that always achieves a positive perfect secrecy rate (even
when the source-wiretapper channel is less noisy than the source-destination
channel) is proposed. These results hinge on the modulo-additive property of
the channel, which is exploited by the destination to perform encryption over
the channel without revealing its key to the source. Finally, this scheme is
extended to the continuous real valued modulo- channel where it is
shown that the perfect secrecy capacity with feedback is also equal to the
capacity in the absence of the wiretapper.Comment: Submitted to IEEE Transactions on Information Theor
Effective Caching for the Secure Content Distribution in Information-Centric Networking
The secure distribution of protected content requires consumer authentication
and involves the conventional method of end-to-end encryption. However, in
information-centric networking (ICN) the end-to-end encryption makes the
content caching ineffective since encrypted content stored in a cache is
useless for any consumer except those who know the encryption key. For
effective caching of encrypted content in ICN, we propose a novel scheme,
called the Secure Distribution of Protected Content (SDPC). SDPC ensures that
only authenticated consumers can access the content. The SDPC is a lightweight
authentication and key distribution protocol; it allows consumer nodes to
verify the originality of the published article by using a symmetric key
encryption. The security of the SDPC was proved with BAN logic and Scyther tool
verification.Comment: 7 pages, 9 figures, 2018 IEEE 87th Vehicular Technology Conference
(VTC Spring
- …