An efficient MAC-based scheme against pollution attacks in XOR network coding-enabled WBANs for remote patient monitoring systems

Wireless Body Area Networks (WBANs) play a pivotal role to remote patient monitoring which is one of the main applications of m-Health. However, WBANs comprise a subset of Wireless Sensor Networks (WSNs), and thus, they inherit the limitations of WSNs in terms of communication bandwidth, reliability and power consumption that should be addressed so that WBANs can reach their full potential. Towards this direction, XOR Network Coding (NC) is a promising solution for WBANs. Nevertheless, XOR NC is vulnerable to pollution attacks, where adversaries (i.e., compromised intermediate nodes) inject into the network corrupted packets that prevent the destination nodes from decoding correctly. This has as a result not only network resource waste but also energy waste at the intermediate nodes. In this sense, pollution attacks comprise a serious threat against WBANs (i.e., resource-constrained wireless networks), that should be addressed so that WBANs can reap the benefits of XOR NC. Therefore, in this paper, we propose an efficient Message Authentication Code (MAC)-based scheme providing resistance against pollution attacks in XOR NC-enabled WBANs for remote patient monitoring systems. Our proposed scheme makes use of a number of MACs which are appended to the end of each native packet. Our results show that the proposed MAC-based scheme is more efficient compared to other competitive schemes for securing XOR NC against pollution attacks in resource-constrained wireless networks, in terms of communication bandwidth and computational complexity

Security threats in network coding-enabled mobile small cells

The recent explosive growth of mobile data traffic, the continuously growing demand for higher data rates, and the steadily increasing pressure for higher mobility have led to the fifth-generation mobile networks. To this end, network-coding (NC)-enabled mobile small cells are considered as a promising 5G technology to cover the urban landscape by being set up on-demand at any place, and at any time on any device. In particular, this emerging paradigm has the potential to provide significant benefits to mobile networks as it can decrease packet transmission in wireless multicast, provide network capacity improvement, and achieve robustness to packet losses with low energy consumption. However, despite these significant advantages, NC-enabled mobile small cells are vulnerable to various types of attacks due to the inherent vulnerabilities of NC. Therefore, in this paper, we provide a categorization of potential security attacks in NC-enabled mobile small cells. Particularly, our focus is on the identification and categorization of the main potential security attacks on a scenario architecture of the ongoing EU funded H2020-MSCA project “SECRET” being focused on secure network coding-enabled mobile small cells

IDLP: an efficient intrusion detection and location-aware prevention mechanism for network coding-enabled mobile small cells

Mobile small cell technology is considered as a 5G enabling technology for delivering ubiquitous 5G services in a cost-effective and energy efficient manner. Moreover, Network Coding (NC) technology can be foreseen as a promising solution for the wireless network of mobile small cells to increase its throughput and improve its performance. However, NC-enabled mobile small cells are vulnerable to pollution attacks due to the inherent vulnerabilities of NC. Although there are several works on pollution attack detection, the attackers may continue to pollute packets in the next transmission of coded packets of the same generation from the source node to the destination nodes. Therefore, in this paper, we present an intrusion detection and location-aware prevention (IDLP) mechanism which does not only detect the polluted packets and drop them but also identify the attacker's exact location so as to block them and prevent packet pollution in the next transmissions. In the proposed IDLP mechanism, the detection and locating schemes are based on a null space-based homomorphic MAC scheme. However, the proposed IDLP mechanism is efficient because, in its initial phase (i.e., Phase 1), it is not needed to be applied to all mobile devices in order to protect the NC-enabled mobile small cells from the depletion of their resources. The proposed efficient IDLP mechanism has been implemented in Kodo, and its performance has been evaluated and compared with our previous IDPS scheme proposed in [1], in terms of computational complexity, communicational overhead, and successfully decoding probability as well

Key management for secure network coding-enabled mobile small cells

The continuous growth in wireless devices connected to the Internet and the increasing demand for higher data rates put ever increasing pressure on the 4G cellular network. The EU funded H2020-MSCA project “SECRET” investigates a scenario architecture to cover the urban landscape for the upcoming 5G cellular network. The studied scenario architecture combines multi-hop device-to-device (D2D) communication with network coding-enabled mobile small cells. In this scenario architecture, mobile nodes benefit from high transmission speeds, low latency and increased energy efficiency, while the cellular network benefits from a reduced workload of its base stations. However, this scenario architecture faces various security and privacy challenges. These challenges can be addressed using cryptographic techniques and protocols, assuming that a key management scheme is able to provide mobile nodes with secret keys in a secure manner. Unfortunately, existing key management schemes are unable to cover all security and privacy challenges of the studied scenario architecture. Certificateless key management schemes seem promising, although many proposed schemes of this category of key management schemes require a secure channel or lack key update and key revocation procedures. We therefore suggest further research in key management schemes which include secret key sharing among mobile nodes, key revocation, key update and mobile node authentication to fit with our scenario architecture

A novel intrusion detection and prevention scheme for network coding-enabled mobile small cells

Network coding (NC)-enabled mobile small cells are observed as a promising technology for fifth-generation (5G) networks that can cover the urban landscape by being set up on demand at any place and at any time on any device. Nevertheless, despite the significant benefits that this technology brings to the 5G of mobile networks, major security issues arise due to the fact that NC-enabled mobile small cells are susceptible to pollution attacks; a severe security threat exploiting the inherent vulnerabilities of NC. Therefore, intrusion detection and prevention mechanisms to detect and mitigate pollution attacks are of utmost importance so that NC-enabled mobile small cells can reach their full potential. Thus, in this article, we propose for the first time, to the best of our knowledge, a novel intrusion detection and prevention scheme (IDPS) for NC-enabled mobile small cells. The proposed scheme is based on a null space-based homomorphic message authentication code (MAC) scheme that allows detection of pollution attacks and takes proper risk mitigation actions when an intrusive incident is detected. The proposed scheme has been implemented in Kodo and its performance has been evaluated in terms of computational overhead

Esquemas de segurança contra ataques de poluição em codificação de rede sobre redes sem fios

Doutoramento em TelecomunicaçõesResumo em português não disponivelThe topic of this thesis is how to achieve e cient security against pollution attacks by exploiting the structure of network coding. There has recently been growing interest in using network coding techniques to increase the robustness and throughput of data networks, and reduce the delay in wireless networks, where a network coding-based scheme takes advantage of the additive nature of wireless signals by allowing two nodes to transmit simultaneously to the relay node. However, Network Coding (NC)-enabled wireless networks are susceptible to a severe security threat, known as data pollution attack, where a malicious node injects into the network polluted (i.e., corrupted) packets that prevent the destination nodes from decoding correctly. Due to recoding at the intermediate nodes, according to the core principle of NC, the polluted packets propagate quickly into other packets and corrupt bunches of legitimate packets leading to network resource waste. Hence, a lot of research e ort has been devoted to schemes against data pollution attacks. Homomorphic Message Authentication Code (MAC)-based schemes are a promising solution against data pollution attacks. However, most of them are susceptible to a new type of pollution attack, called tag pollution attack, where an adversary node randomly modi es tags appended to the end of the transmitted packets. Therefore, in this thesis, we rst propose a homomorphic message authentication code-based scheme, providing resistance against data pollution attacks and tag pollution attacks in XOR NC-enabled wireless networks. Moreover, we propose four homomorphic message authentication code-based schemes which provide resistance against data and tag pollution attacks in Random Linear Network Coding (RLNC). Our results show that our proposed schemes are more e cient compared to other competitive tag pollution immune schemes in terms of complexity, communication overhead and key storage overhead

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

Network Coding based Information Security in Multi-hop Wireless Networks

Multi-hop Wireless Networks (MWNs) represent a class of networks where messages are forwarded through multiple hops of wireless transmission. Applications of this newly emerging communication paradigm include asset monitoring wireless sensor networks (WSNs), command communication mobile ad hoc networks (MANETs), community- or campus-wide wireless mesh networks (WMNs), etc. Information security is one of the major barriers to the wide-scale deployment of MWNs but has received little attention so far. On the one hand, due to the open wireless channels and multi-hop wireless transmissions, MWNs are vulnerable to various information security threats such as eavesdropping, data injection/modification, node compromising, traffic analysis, and flow tracing. On the other hand, the characteristics of MWNs including the vulnerability of intermediate network nodes, multi-path packet forwarding, and limited computing capability and storage capacity make the existing information security schemes designed for the conventional wired networks or single-hop wireless networks unsuitable for MWNs. Therefore, newly designed schemes are highly desired to meet the stringent security and performance requirements for the information security of MWNs. In this research, we focus on three fundamental information security issues in MWNs: efficient privacy preservation for source anonymity, which is critical to the information security of MWNs; the traffic explosion issue, which targets at preventing denial of service (DoS) and enhancing system availability; and the cooperative peer-to-peer information exchange issue, which is critical to quickly achieve maximum data availability if the base station is temporarily unavailable or the service of the base station is intermittent. We have made the following three major contributions. Firstly, we identify the severe threats of traffic analysis/flow tracing attacks to the information security in network coding enabled MWNs. To prevent these attacks and achieve source anonymity in MWNs, we propose a network coding based privacy-preserving scheme. The unique “mixing” feature of network coding is exploited in the proposed scheme to confuse adversaries from conducting advanced privacy attacks, such as time correlation, size correlation, and message content correlation. With homomorphic encryption functions, the proposed scheme can achieve both privacy preservation and data confidentiality, which are two critical information security requirements. Secondly, to prevent traffic explosion and at the same time achieve source unobservability in MWNs, we propose a network coding based privacy-preserving scheme, called SUNC (Source Unobservability using Network Coding). Network coding is utilized in the scheme to automatically absorb dummy messages at intermediate network nodes, and thus, traffic explosion induced denial of service (DoS) can be naturally prevented to ensure the system availability. In addition to ensuring system availability and achieving source unobservability, SUNC can also thwart internal adversaries. Thirdly, to enhance the data availability when a base station is temporarily unavailable or the service of the base station is intermittent, we propose a cooperative peer-to-peer information exchange scheme based on network coding. The proposed scheme can quickly accomplish optimal information exchange in terms of throughput and transmission delay. For each research issue, detailed simulation results in terms of computational overhead, transmission efficiency, and communication overhead, are given to demonstrate the efficacy and efficiency of the proposed solutions