Securing mobile ad hoc network routing protocols

Master'sMASTER OF ENGINEERIN

Secure Data Aggregation and Access Control in Cloud Assisted eHealth Care System

Recently electronic health (eHealth) care system has drawn a lot of attention from the research community and the industry to face the challenge of rapidly growing elderly population and ever rising health care spending. The health care sector is also driven by the need to reduce costs while simultaneously increasing the service of quality for patients, especially extending health care to patient's residence. Advances in wireless body area networks (WBANs) have made it possible to monitor patient's physiological signals (such as electrocardiogram (ECG), blood oxygen levels) and other health related information (such as physical activity levels) in a residential setting or a mobile setting. Integrating this technology with existing 3G or 4G wireless technologies permits real-time mobile and permanent monitoring of patients, even during their daily normal activities. In such a heterogeneous wireless environment, we can use Ad-hoc network instead of traditional infrastructure-based wireless networks that can reduces cost of deployment, enhances network performance, increases the overall network coverage area as well as reduces the service cost. However, secure communication with data integrity and confidentiality in this type of network is a very challenging task due to different wireless technologies and subscription from various service providers. In addition, instead of storing the PHI at local health-service provider, the recent advancement of cloud computing allows us to store all personal health information (PHI) at cloud-storage and ensures availability with reduce the capital and operational expenditures. However, they also bear new risks and raise challenges with respect to security and privacy aspects. Stored data confidentiality with patient-centric access control is considered as one of the biggest challenges raised by cloud-storage used in eHealth care system. To address these challenges, in this thesis, we first identify unique features of the eHealth care system with security and privacy consideration. We then propose a light weight secure data forwarding scheme for the WBNs environment. A hybrid approach, integrated with public and private key cryptography was adopted to ensure the effectiveness of the scheme. Due to critical and real-time nature of the health application, WBANs also need to provide acceptable Quality of Service(QoS) in order to provide an efficient, valuable and fully reliable assistance to patients. Taking QoS as an evaluation metric, we study packet scheduling schemes for realtime transmission in WBAN and classified real-time and non real-time traffic to minimize the waiting time of eHealth application's data traffic. Secondly, we propose an Agent-based Secure and Trustworthy packet-forwarding Protocol (ASTP) for a cooperative mobile social network. In a cooperative mobile social network environment patient equipped with WBANs forms an on-demand adhoc network and use multi-hop routing to enhance network performance, minimize the cost of deployment, increase the coverage area as well as reduce the overall service cost. We use Semi-agent-symmetric trust metric, considering neighbor nodes' previous and recent activities and incorporate with proper security tools that enhanced the overall performance. Renewable pseudo-identities are used to ensure patients' identity privacy. Security analysis and experimental results demonstrate that ASTP improves the average packet delivery ratio and maintains the require security and privacy at the cost of an acceptable communication delay. Considering patients living in rural area, thirdly we introduce a delay-tolerant secure long-term health care scheme, RuralCare, for collecting patient’s sensitive PHI by using conventional transportation vehicles (e.g., cars, buses) as relay nodes. These vehicles are expected to store, carry, and forward the PHI to the health-service-provider located mostly at the city area following an opportunistic routing. RuralCare improves network performance by providing incentive to the cooperative vehicles, and encompasses identity based cryptography to ensure security and privacy of the PHI during the routing period by using short digital signature and pseudo-identity. Network fairness and resistance to different possible attacks are also ensured by RCare. Extensive security and performance analyses demonstrate that RuralCare is able to achieve desired security requirements with effectiveness in terms of high delivery ratio. Finally, to store patients’ sensitive PHI at the cloud storage and ensure availability with reducing the capital and operational expenditures, we propose a patient-centric personal health information sharing and access control scheme (ESPAC). ESPAC relieves the health service provider’s (HSP) additional burden for PHI storage, management, and maintenance by incorporating cloud storage services to electronic Health (eHealth) care system. ESPAC adopts attribute based encryption and assigns different attributes to PHI access requesters based on their roles and relation to the patient. To ensure authenticated PHI access with minimum computation, we further enhance the proposed scheme ESPAC as M-ESPAC by introducing multi-parties proxy re-encryption protocol. Light weight partial and block PHI audits make the M-ESPAC efficient to ensure stored PHI integrity and availability. Extensive performance and security analyses demonstrate that proposed schemes are able to achieve desired security requirements with acceptable computation and storage costs. The research results of the thesis should be useful for the implementation of secure and privacy-preserving eHealth care system with patient centric access control of stored PHIs

Social-context based routing and security in delay tolerant networks

Delay Tolerant Networks (DTNs) were originally intended for interplanetary communications and have been applied to a series of difficult environments: wireless sensor networks, unmanned aerial vehicles, and short-range personal communications. There is a class of such environments in which nodes follow semi-predictable social patterns, such as wildlife tracking or personal devices. This work introduces a series of algorithms designed to identify the social patterns present in these environments and apply this data to difficult problems, such as efficient message routing and content distribution. Security is also difficult in a mobile environment. This is especially the case in the event that a large portion of the network is unreliable, or simply unknown. As the network size increases nodes have difficulty in securely distributing keys, especially using low powered nodes with limited keyspace. A series of multi-party security algorithms were designed to securely transmit a message in the event that the sender does not have access to the destinations public key. Messages are routed through a series of nodes, each of which partially decrypts the message. By encrypting for several proxies, the message can only be intercepted if all those nodes have been compromised. Even a highly compromised network has increased security using this algorithm, with a trade-off of reduced delivery ratio and increased delivery time -- Abstract, page iv

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of-the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: quality-of-service and video communication, routing protocol and cross-layer design. A few interesting problems about security and delay-tolerant networks are also discussed. This book is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

A Mini Review of Peer-to-Peer (P2P) for Vehicular Communication

In recent times, peer-to-peer (P2P) has evolved, where it leverages the capability to scale compared to server-based networks. Consequently, P2P has appeared to be the future distributed systems in emerging several applications. P2P is actually a disruptive technology for setting up applications that scale to numerous concurrent individuals. Thus, in a P2P distributed system, individuals become themselves as peers through contributing, sharing, and managing the resources in a network. In this paper, P2P for vehicular communication is explored. A comprehensive of the functioning concept of both P2P along with vehicular communication is examined. In addition, the advantages are furthermore conversed for a far better understanding on the implementation

Design and implementation of applications over delay tolerant networks for disaster and battlefield environment

In disaster/battlefield applications, there may not be any centralized network that provides a mechanism for different nodes to connect with each other to share important data. In such cases, we can take advantage of an opportunistic network involving a substantial number of mobile devices that can communicate with each other using Bluetooth and Google Nearby Connections API(it uses Bluetooth, Bluetooth Low Energy (BLE), and Wi-Fi hotspots) when they are close to each other. These devices referred to as nodes form a Delay Tolerant Network (DTN), also known as an opportunistic network. As suggested by its name, DTN can tolerate delays and significant loss of data while forwarding a message from source to destination using store and forward paradigm. In DTN, it is of critical importance that the network is not completely flooded and also the message is not tampered or corrupted and readable only to the destined node. Three algorithms have been implemented in the Android platform. The first algorithm [1] focuses on intelligent data transfer based on each node\u27s interest and encourages each node to participate in data transfer by providing incentives and keeping track of the trustworthiness of each node. The second algorithm [2] focuses on the security of the transferred data by fragmenting both data- and key-shares with some redundancy and the destination node can resurrect the original data from the predefined minimum key- and data-shares. The third algorithm focusses on using object detection models and interest-based authorization using [3] to securely transfer and access data across DTN. The corrupted nodes are identified by using one-way keychain hashes created by source/relay nodes for a message which are validated at the destination node --Abstract, page iii