Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Intelligent spectrum management techniques for wireless cognitive radio networks

PhD ThesisThis thesis addresses many of the unique spectrum management chal- lenges in CR networks for the rst time. These challenges have a vital e ect on the network performance and are particularly di cult to solve due to the unique characteristics of CR networks. Speci cally, this thesis proposes and investigates three intelligent spectrum management tech- niques for CR networks. The issues investigated in this thesis have a fundamental impact on the establishment, functionality and security of CR networks. First, an intelligent primary receiver-aware message exchange protocol for CR ad hoc networks is proposed. It considers the problem of alleviat- ing the interference collision risk to primary user communication, explic- itly to protect primary receivers that are not detected during spectrum sensing. The proposed protocol achieves a higher measure of safeguard- ing. A practical scenario is considered where no global network topology is known and no common control channel is assumed to exist. Second, a novel CR broadcast protocol (CRBP) to reliably disseminate the broadcast messages to all or most of the possible CR nodes in the network is proposed. The CRBP formulates the broadcast problem as a bipartite-graph problem. Thus, CRBP achieves a signi cant successful delivery ratio by connecting di erent local topologies, which is a unique feature in CR ad hoc networks. Finally, a new defence strategy to defend against spectrum sensing data falsi cation attacks in CR networks is proposed. In order to identify malicious users, the proposed scheme performs multiple veri cations of sensory data with the assistance of trusted nodes.Higher Committee For Education Devel- opment in Iraq (HCED-Iraq

QoS-Based and Secure Multipath Routing in Wireless Sensor Networks

With the growing demand for quality of service (QoS) aware routing protocols in wireless networks, QoS-based routing has emerged as an interesting research topic. A QoS guarantee in wireless sensor networks (WSNs) is difficult and more challenging due to the fact that the available resources of sensors and the various applications running over these networks have different constraints in their nature and requirements. Furthermore, due to the increased use of sensor nodes in a variety of application fields, WSNs need to handle heterogeneous traffic with diverse priorities to achieve the required QoS. In this thesis, we investigate the problem of providing multi-QoS in routing protocols for WSNs. In particular, we investigate several aspects related to the application requirements and the network states and resources. We present multi-objective QoS aware routing protocol for WSNs that uses the geographic routing mechanism combined with the QoS requirements to meet diverse application requirements by considering the changing conditions of the network. The protocol formulates the application requirements with the links available resources and conditions to design heuristic neighbor discovery algorithms. Also, with the unlimited resource at the sink node, the process of selecting the routing path/paths is assigned to the sink. Paths selection algorithms are designed with various goals in order to extend network lifetime, enhance the reliability of data transmission, decrease end-to-end delay, achieve load balancing and provide fault tolerance. We also develop a cross-layer routing protocol that combines routing at network layer and the time scheduling at the MAC layer with respect to delay and reliability in an energy efficient way. A node-disjoint multipath routing is used and a QoS-aware priority scheduling considering MAC layer is proposed to ensure that real time and non-real time traffic achieve their desired QoS while alleviating congestion in the network. Additionally, we propose new mechanism for secure and reliable data transmission in multipath routing for WSNs. Different levels of security requirements are defined and depending on these requirements, a selective encryption scheme is introduced to encrypt selected number of coded fragments in order to enhance security and thereby reduce the time required for encryption. Node-disjoint multipath routing combined with source coding is used in order to enhance both security and reliability of data transmission. Also, we develop an allocation strategy that allocates fragments on paths to enhance both the security and probability of successful data delivery. Analysis and extensive simulation are conducted to study the performance of all the above proposed protocols

A survey on cyber security for smart grid communications

A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE

Energy Conservation and Security Enhancement in Wireless End-to-end Secure Connections

Wireless channels are vulnerable to interception. In some applications an end-to-end secure data transfer is required. However the use of cryptographic functions in communication over a wireless channel increases sensitivity to channel errors. As a result, the connection characteristics in terms of delay, throughput, and transmission energy worsen. Transmission energy is a key issue in some secure end-to-end wireless applications especially if they are running on mobile handheld devices with a limited source of energy such as batteries. That is why in most secure end-to-end wireless connections, the connection is dropped in poor channel conditions. In this thesis, models are proposed by which the performance is improved and transmission energy is lowered. A combination of a cross-layer controller, K Best Likelihood (K-BL) channel decoder, and a keyed error detection algorithm in the novel model supports the authorized receivers by a higher throughput, lower delay mean, and less transmission energy in a certain range of the Signal to Noise Ratio (SNR). This is done at the expense of additional computation at the receiving end. Ttradeoffs are examined and the simulation results of the new model are compared with those of conventional wireless communication systems. Another model is devised to mitigate the energy consumption of the Turbo Code channel decoder. The overall decoding energy consumption for each packet can be lowered by reducing the average number of iterations in the Turbo Code channel decoder. The proposed models achieve better energy consumption by reducing the number of iterations in a channel decoder that uses the Turbo decoder and by reducing the number of retransmissions in a trellis channel decoder. Furthermore, the security enhancement of the novel models is assessed in terms of the extent to which the enhancement is fully achieved

QUALITY-DRIVEN CROSS LAYER DESIGN FOR MULTIMEDIA SECURITY OVER RESOURCE CONSTRAINED WIRELESS SENSOR NETWORKS

The strong need for security guarantee, e.g., integrity and authenticity, as well as privacy and confidentiality in wireless multimedia services has driven the development of an emerging research area in low cost Wireless Multimedia Sensor Networks (WMSNs). Unfortunately, those conventional encryption and authentication techniques cannot be applied directly to WMSNs due to inborn challenges such as extremely limited energy, computing and bandwidth resources. This dissertation provides a quality-driven security design and resource allocation framework for WMSNs. The contribution of this dissertation bridges the inter-disciplinary research gap between high layer multimedia signal processing and low layer computer networking. It formulates the generic problem of quality-driven multimedia resource allocation in WMSNs and proposes a cross layer solution. The fundamental methodologies of multimedia selective encryption and stream authentication, and their application to digital image or video compression standards are presented. New multimedia selective encryption and stream authentication schemes are proposed at application layer, which significantly reduces encryption/authentication complexity. In addition, network resource allocation methodologies at low layers are extensively studied. An unequal error protection-based network resource allocation scheme is proposed to achieve the best effort media quality with integrity and energy efficiency guarantee. Performance evaluation results show that this cross layer framework achieves considerable energy-quality-security gain by jointly designing multimedia selective encryption/multimedia stream authentication and communication resource allocation

APCO project 25 wireless data services over land mobile radio channel for smaller law enforcement agencies

Digital data messages are very important in modern communication systems and advanced mobile data technologies have opened the door to a wide range of applications and services in the public safety environment. Still, the availability of mobile data services among public safety agencies is hampered by two issues of the implementation of data communication: the reliability of commercial data services and the high cost of the equipment needed to support mixed voice and data transmissions over private land mobile radio channels. This thesis describes the design and development of an inexpensive Software Defined APCO Project 25 Data Base Station that allows smaller law enforcement agencies to enable data services in their cruisers in a cost effective way. The data base station is comprised of a standard PC interfaced to a commercial analog VHF FM transceiver via a commercial PC sound card. The base station is compliant with commercial P25 digital mobile radios and operates in parallel to commercial P25 digital voice communications equipment

End-to-end security in active networks

Active network solutions have been proposed to many of the problems caused by the increasing heterogeneity of the Internet. These ystems allow nodes within the network to process data passing through in several ways. Allowing code from various sources to run on routers introduces numerous security concerns that have been addressed by research into safe languages, restricted execution environments, and other related areas. But little attention has been paid to an even more critical question: the effect on end-to-end security of active flow manipulation. This thesis first examines the threat model implicit in active networks. It develops a framework of security protocols in use at various layers of the networking stack, and their utility to multimedia transport and flow processing, and asks if it is reasonable to give active routers access to the plaintext of these flows. After considering the various security problem introduced, such as vulnerability to attacks on intermediaries or coercion, it concludes not. We then ask if active network systems can be built that maintain end-to-end security without seriously degrading the functionality they provide. We describe the design and analysis of three such protocols: a distributed packet filtering system that can be used to adjust multimedia bandwidth requirements and defend against denial-of-service attacks; an efficient composition of link and transport-layer reliability mechanisms that increases the performance of TCP over lossy wireless links; and a distributed watermarking servicethat can efficiently deliver media flows marked with the identity of their recipients. In all three cases, similar functionality is provided to designs that do not maintain end-to-end security. Finally, we reconsider traditional end-to-end arguments in both networking and security, and show that they have continuing importance for Internet design. Our watermarking work adds the concept of splitting trust throughout a network to that model; we suggest further applications of this idea

Data Hiding and Its Applications

Data hiding techniques have been widely used to provide copyright protection, data integrity, covert communication, non-repudiation, and authentication, among other applications. In the context of the increased dissemination and distribution of multimedia content over the internet, data hiding methods, such as digital watermarking and steganography, are becoming increasingly relevant in providing multimedia security. The goal of this book is to focus on the improvement of data hiding algorithms and their different applications (both traditional and emerging), bringing together researchers and practitioners from different research fields, including data hiding, signal processing, cryptography, and information theory, among others