Improving Secure Device Insertion in Home Ad Hoc Networks

Home ad-hoc networks are sets of devices that interact to offer enhanced services to the users. These networks are heterogeneous, dynamic and fully decentralized. Moreover, they generally lack of a skilled administrator. These properties dramatically reduce the efficiency of classical security approaches: even defining the boundaries of such networks can be difficult. Ways to solve this problem where recently found, using the concept of secure long-term communities. Solutions rely on one critical operation: the secure insertion of a device in the home ad-hoc network. In this paper, we propose two ways to improve this operation, using store-and-forward techniques. The first improvement deals with the ability to realize insertion under loose connectivity circumstances. The other improvement deals with the ability for the user to use any trusted device in order to realize insertion. Keywords: Network Security, Key-management

Secure eHealth-Care Service on Self-Organizing Software Platform

There are several applications connected to IT health devices on the self-organizing software platform (SoSp) that allow patients or elderly users to be cared for remotely by their family doctors under normal circumstances or during emergencies. An evaluation of the SoSp applied through PAAR watch/self-organizing software platform router was conducted targeting a simple user interface for aging users, without the existence of extrasettings based on patient movement. On the other hand, like normal medical records, the access to, and transmission of, health information via PAAR watch/self-organizing software platform requires privacy protection. This paper proposes a security framework for health information management of the SoSp. The proposed framework was designed to ensure easy detection of identification information for typical users. In addition, it provides powerful protection of the user’s health information

A Security Design for a General Purpose, Self-Organizing, Multihop Ad Hoc Wireless Network

We present a security design for a general purpose, self-organizing, multihop ad hoc wireless network, based on the IEEE 802.15.4 Low-Rate Wireless Personal Area Network standard. The design employs elliptic-curve cryptography and the AES block cipher to supply message integrity and encryption services, key-establishment protocols, and a large set of extended security services, while at the same time meeting the low implementation cost, low power, and high flexibility requirements of ad hoc wireless networks

Factors Impacting Key Management Effectiveness in Secured Wireless Networks

The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This research seeks to identify best practices in securing networks which may be applied to new network architectures

A Framework for the Self-Configuration of Wireless Mesh Networks

The use of wireless radio technology is well established for narrowband access systems, but its use for broadband access is relatively new. Wireless mesh architecture is a first step towards providing high-bandwidth wireless network coverage, spectral efficiency, and economic advantage. However, the widespread adoption and use of Wireless Mesh Networks (WMN) as a backbone for large wireless access networks and for last-mile subscriber access is heavily dependent on the technology’s ease of deployment. In order for WMNs to be regarded as mainstream technology, it needs to gain a competitive edge compared to wireline technologies such as DSL and cable. To achieve this, a broadband wireless network must be self-configuring, self-healing and self-organizing. In this thesis, we address these challenges. First, we propose a four-stage scheme (power-up, bootstrapping, network registration, and network optimization). We develop algorithms for each of these stages, taking advantage of the inherent properties of WMNs to determine the network’s topology. The novel part of our scheme is in the de-coupling of the subscriber’s credentials from the network hardware. This is a key part of our architecture as it helps ensure quick network enrolment, management and portability. It also helps, in our opinion, make the concept of widespread deployment using commodity hardware feasible

Security protocols for mobile ad hoc networks

Mobile ad hoc networks (MANETs) are generating much interest both in academia and the telecommunication industries. The principal attractions of MANETs are related to the ease with which they can be deployed due to their infrastructure-less and decentralized nature. For example, unlike other wireless networks, MANETs do not require centralized infrastructures such as base stations, and they are arguably more robust due to their avoidance of single point of failures. Interestingly, the attributes that make MANETs attractive as a network paradigm are the same phenomena that compound the challenge of designing adequate security schemes for these innovative networks.One of the challenging security problems is the issue of certificate revocation in MANETs where there are no on-line access to trusted authorities. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable.Another challenging MANET security problem is the issue of secure routing in the presence of selfish or adversarial entities which selectively drop packets they agreed to forward; and in so doing these selfish or adversarial entities can disrupt the network traffic and cause various communication problems.In this thesis, we present two security protocols we developed for addressing the above-mentioned MANET security needs. The first protocol is a decentralized certificate revocation scheme which allows the nodes within a MANET to have full control over the process of certificate revocation. The scheme is fully contained and it does not rely on any input from centralized or external entities such as trusted CAs. The second protocol is a secure MANET routing scheme we named Robust Source Routing (RSR). In addition to providing data origin authentication services and integrity checks, RSR is able to mitigate against intelligent, colluding malicious agents which selectively drop or modify packets they are required to forward

A Simulation-based Methodology for the Assessment of Server-based Security Architectures for Mobile Ad Hoc Networks (MANETs)

This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonA Mobile Ad hoc Network (MANET) is typically a set of wireless mobile nodes enabled to communicate dynamically in a multi-hop manner without any pre-existing network infrastructure. MANETs have several unique characteristics in contrast to other typical networks, such as dynamic topology, intermittent connectivity, limited resources, and lack of physical security. Securing MANETs is a critical issue as these are vulnerable to many different attacks and failures and have no clear line of defence. To develop effective security services in MANETs, it is important to consider an appropriate trust infrastructure which is tailored to a given MANET and associated application. However, most of the proposed trust infrastructures do not to take the MANET application context into account. This may result in overly secure MANETs that incur an increase in performance and communication overheads due to possible unnecessary security measures. Designing and evaluating trust infrastructures for MANETs is very challenging. This stems from several pivotal overlapping aspects such as MANET constraints, application settings and performance. Also, there is a lack of practical approaches for assessing security in MANETs that take into account most of these aspects. Based on this, this thesis provides a methodological approach which consists of well-structured stages that allows the exploration of possible security alternatives and evaluates these alternatives against dimensions to selecting the best option. These dimensions include the operational level, security strength, performance, MANET contexts along with main security components in a form of a multidimensional security conceptual framework. The methodology describes interdependencies among these dimensions, focusing specifically on the service operational level in the network. To explore these different possibilities, the Server-based Security Architectures for MANETs (SSAM) simulation model has been created in the OMNeT++ simulation language. The thesis describes the conceptualisation, implementation, verification and validation of SSAM, as well as experimentation approaches that use SSAM to support the methodology of this thesis. In addition, three different real cases scenarios (academic, emergency and military domains) are incorporated in this study to substantiate the feasibility of the proposed methodology. The outcome of this approach provides MANET developers with a strategy along with guidelines of how to consider the appropriate security infrastructure that satisfies the settings and requirements of given MANET context