Unified security frameworks for integrated WiMAX and optical broadband access networks

This dissertation proposes the integration of optical and Mobile Worldwide Interoperability for Microwave Access (WiMAX) broadband access networks in order to combine the strengths of optical and wireless technologies and converge them seamlessly. To protect the access network security, this dissertation has developed the design of unified security frameworks for the proposed integrated optical and WiMAX broadband access networks.Ethernet Passive Optical Networks (EPONs) offers a popular broadband access solution, providing high bandwidth and long transmission range to meet users' fast evolving needs. WiMAX provides a wireless broadband solution and it supports mobility. This dissertation proposes a WiMAX over EPON network architecture to provide optical bandwidth for the WiMAX base station (BS). The dissertation also presents a unified security framework for the proposed WiMAX over EPON architecture using public key infrastructure (PKI) and extensible authentication protocol (EAP). The security framework could achieve efficient system management, enhance the system security, and realize unified key management. Furthermore, the dissertation introduces three handover scenarios in the WiMAX over EPON network and describes the corresponding handover schemes based on a pre-authentication method and the communication framework of the ranging step. The proposed handover mechanisms can simplify and accelerate the handover process, compared to the standard WiMAX handover scheme, while keeping the handover procedure secure.Free Space Optics (FSO) provides a relatively flexible optical wireless solution to provide gigabit bandwidth to areas where fiber is costly or hard to deploy. This dissertation also proposes an integrated Mobile WiMAX and FSO broadband access network and presents a unified EAP-based security framework. The dissertation then evaluates and compares the performance of EAP-Transport Layer Security (EAP-TLS) and EAP-Tunneled Transport layer Security (EAP-TTLS) for the FSO-WiMAX network, and also evaluates the impact of the point-to-point FSO link. Measurements show that, compared to EAP-TLS, EAP-TTLS provides a more flexible, efficient, and secure way to protect the integrated FSO-WiMAX access network. Experiments conducted as part of investigation demonstrate that the point-to-point FSO link does not degrade the performance of EAP authentication in the integrated network

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

Security of 5G-V2X: Technologies, Standardization and Research Directions

Cellular-Vehicle to Everything (C-V2X) aims at resolving issues pertaining to the traditional usability of Vehicle to Infrastructure (V2I) and Vehicle to Vehicle (V2V) networking. Specifically, C-V2X lowers the number of entities involved in vehicular communications and allows the inclusion of cellular-security solutions to be applied to V2X. For this, the evolvement of LTE-V2X is revolutionary, but it fails to handle the demands of high throughput, ultra-high reliability, and ultra-low latency alongside its security mechanisms. To counter this, 5G-V2X is considered as an integral solution, which not only resolves the issues related to LTE-V2X but also provides a function-based network setup. Several reports have been given for the security of 5G, but none of them primarily focuses on the security of 5G-V2X. This article provides a detailed overview of 5G-V2X with a security-based comparison to LTE-V2X. A novel Security Reflex Function (SRF)-based architecture is proposed and several research challenges are presented related to the security of 5G-V2X. Furthermore, the article lays out requirements of Ultra-Dense and Ultra-Secure (UD-US) transmissions necessary for 5G-V2X.Comment: 9 pages, 6 figures, Preprin

An introduction of a modular framework for securing 5G networks and beyond

Fifth Generation Mobile Network (5G) is a heterogeneous network in nature, made up of multiple systems and supported by different technologies. It will be supported by network services such as device-to-device (D2D) communications. This will enable the new use cases to provide access to other services within the network and from third-party service providers (SPs). End-users with their user equipment (UE) will be able to access services ubiquitously from multiple SPs that might share infrastructure and security management, whereby implementing security from one domain to another will be a challenge. This highlights a need for a new and effective security approach to address the security of such a complex system. This article proposes a network service security (NSS) modular framework for 5G and beyond that consists of different security levels of the network. It reviews the security issues of D2D communications in 5G, and it is used to address security issues that affect the users and SPs in an integrated and heterogeneous network such as the 5G enabled D2D communications network. The conceptual framework consists of a physical layer, network access, service and D2D security levels. Finally, it recommends security mechanisms to address the security issues at each level of the 5G-enabled D2D communications network

Device fingerprinting identification and authentication: A two-fold use in multi-factor access control schemes

Network security has always had an issue with secure authentication and identification. In the current mixed device network of today, the number of nodes on a network has expanded but these nodes are often unmanaged from a network security perspective. The solution proposed requires a paradigm shift, a recognition of what has already happened, identity is for sale across the internet. That identity is the users’ network ID, their behavior, and even their behavior in using the networks. Secondly a majority of the devices on the Internet have been fingerprinted. Use of device fingerprinting can help secure a network if properly understood and properly executed. The research into this area suggests a solution. Which is the use of device fingerprints including clock skews to identify the devices and a dual- authentication process targeted at authenticating the device and the user. Not only authenticating the identity presented but also combining them into a unified entity so failure to authenticate part of the entity means the whole is denied access to the network and its resources

Novel Model of Adaptive Module for Security and QoS Provisioning in Wireless Heterogeneous Networks

Considering the fact that Security and Quality-Of-Service (QoS) provisioning for multimedia traffic in Wireless Heterogeneous Networks are becoming increasingly important objectives, in this paper we are introducing a novel adaptive Security and QoS framework. This framework is planned to be implemented in integrated network architecture (UMTS, WiMAX and WLAN). The aim of our novel framework is presenting a new module that shall provide the best QoS provisioning and secure communication for a given service using one or more wireless technologies in a given time

Spectrum sharing security and attacks in CRNs: a review

Cognitive Radio plays a major part in communication technology by resolving the shortage of the spectrum through usage of dynamic spectrum access and artificial intelligence characteristics. The element of spectrum sharing in cognitive radio is a fundament al approach in utilising free channels. Cooperatively communicating cognitive radio devices use the common control channel of the cognitive radio medium access control to achieve spectrum sharing. Thus, the common control channel and consequently spectrum sharing security are vital to ensuring security in the subsequent data communication among cognitive radio nodes. In addition to well known security problems in wireless networks, cognitive radio networks introduce new classes of security threats and challenges, such as licensed user emulation attacks in spectrum sensing and misbehaviours in the common control channel transactions, which degrade the overall network operation and performance. This review paper briefly presents the known threats and attacks in wireless networks before it looks into the concept of cognitive radio and its main functionality. The paper then mainly focuses on spectrum sharing security and its related challenges. Since spectrum sharing is enabled through usage of the common control channel, more attention is paid to the security of the common control channel by looking into its security threats as well as protection and detection mechanisms. Finally, the pros and cons as well as the comparisons of different CR - specific security mechanisms are presented with some open research issues and challenges