Versatile Extensible Security System for Mobile Ad Hoc Networks

Mobile Ad hoc Network (MANET) is becoming more and more popular in scientific, government, and general applications, but security system for MANET is still at infant stage. Currently, there are not many security systems that provide extensive security coverage for MANET. Moreover, most of these security systems assume nodes have infinite computation power and energy; an assumption that is not true for many mobiles. Versatile and Extensible System (VESS) is a powerful and versatile general-purpose security suite that comprises of modified versions of existing encryption and authentication schemes. VESS uses a simple and network-efficient but still reliable authentication scheme. The security suite offers four levels of security adjustments base on different encryption strength. Each level is designed to suit different network needs (performance and/or security), and the security suite allows individual end-to-end pair-wise security level adjustments; a big advantage for highly heterogeneous network. This versatility and adjustability let each pair of talking nodes in the network can choose a security level that prioritize either performance or security, or nodes can also choose a level that carefully balance between security strength and network performance. Finally, the security suite, with its existing authentication and encryption systems, is a framework that allows easy future extension and modification

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

A Survey on Authentication and Key Agreement Protocols in Heterogeneous Networks

Unlike current closed systems such as 2nd and 3rd generations where the core network is controlled by a sole network operator, multiple network operators will coexist and manage the core network in Next Generation Networks (NGNs). This open architecture and the collaboration between different network operators will support ubiquitous connectivity and thus enhances users' experience. However, this brings to the fore certain security issues which must be addressed, the most important of which is the initial Authentication and Key Agreement (AKA) to identify and authorize mobile nodes on these various networks. This paper looks at how existing research efforts the HOKEY WG, Mobile Ethernet and 3GPP frameworks respond to this new environment and provide security mechanisms. The analysis shows that most of the research had realized the openness of the core network and tried to deal with it using different methods. These methods will be extensively analysed in order to highlight their strengths and weaknesses

New Approach to Implement Authentication and Key Distribution on WI-Max Networks

Wi-Max is utilized for the remote system. This innovation will be a developing innovation for remote innovation in future. It is like Wi-Fi however its territory of scope and transfer speed is considerably higher than the Wi-Fi. So the security turns out to be vital issue. Wi-Max innovation incorporates some security components, for example, Key administration, Authentication and privacy. For security first need is crosswise over remote system and other is to give get to control to the system and the get to control can be given utilizing access control conventions. Major issues are in WiMax difficult to handle the security problems. In this paper proposed implementing authentication and distribution of keys in secure manner on open networks and also providing confidentiality

Unified security frameworks for integrated WiMAX and optical broadband access networks

This dissertation proposes the integration of optical and Mobile Worldwide Interoperability for Microwave Access (WiMAX) broadband access networks in order to combine the strengths of optical and wireless technologies and converge them seamlessly. To protect the access network security, this dissertation has developed the design of unified security frameworks for the proposed integrated optical and WiMAX broadband access networks.Ethernet Passive Optical Networks (EPONs) offers a popular broadband access solution, providing high bandwidth and long transmission range to meet users' fast evolving needs. WiMAX provides a wireless broadband solution and it supports mobility. This dissertation proposes a WiMAX over EPON network architecture to provide optical bandwidth for the WiMAX base station (BS). The dissertation also presents a unified security framework for the proposed WiMAX over EPON architecture using public key infrastructure (PKI) and extensible authentication protocol (EAP). The security framework could achieve efficient system management, enhance the system security, and realize unified key management. Furthermore, the dissertation introduces three handover scenarios in the WiMAX over EPON network and describes the corresponding handover schemes based on a pre-authentication method and the communication framework of the ranging step. The proposed handover mechanisms can simplify and accelerate the handover process, compared to the standard WiMAX handover scheme, while keeping the handover procedure secure.Free Space Optics (FSO) provides a relatively flexible optical wireless solution to provide gigabit bandwidth to areas where fiber is costly or hard to deploy. This dissertation also proposes an integrated Mobile WiMAX and FSO broadband access network and presents a unified EAP-based security framework. The dissertation then evaluates and compares the performance of EAP-Transport Layer Security (EAP-TLS) and EAP-Tunneled Transport layer Security (EAP-TTLS) for the FSO-WiMAX network, and also evaluates the impact of the point-to-point FSO link. Measurements show that, compared to EAP-TLS, EAP-TTLS provides a more flexible, efficient, and secure way to protect the integrated FSO-WiMAX access network. Experiments conducted as part of investigation demonstrate that the point-to-point FSO link does not degrade the performance of EAP authentication in the integrated network

WiMAX Networks – architecture and data security

This document presents thorough information on the WiMAX technology, itsdetailed architecture and illustrates security mechanisms employed. The first part discusses basic properties and components of WiMAX network. Individual sub-layers of the network operation have been presented. The second part describes all security-related aspects and solutions employed to ensure secure data exchange: cryptographic keys generation and exchange, authentication processes and encrypted data exchange. The last part illustrates potential attacks, means of effective protection and methods for improving security in WiMAXnetworks

An integrated approach to QoS and security in future mobile networks using the Y-Comm framework

Future networks will comprise a wide variety of wireless networks. Users will expect to be always connected from anywhere and at any time as connections will be switched to available networks using vertical handover techniques. However, different networks have different Qualities-of-Service (QoS) so a QoS framework is needed to help applications and services deal with this new environment. In addition, since these networks must work together, future mobile systems will have an open, instead of the currently closed, architecture. Therefore new mechanisms will be needed to protect users, servers and network infrastructure. This means that future mobile networks will have to integrate communications, mobility, quality-of-service and security. However, in order to achieve this integration without affecting the flexibility of future networks, there is a need for novel methods that address QoS and security in a targeted manner within specific situations. Also, there is a need for a communication framework wherein these methods along with the communication and handover mechanisms could be integrated together. Therefore, this research uses the Y-Comm framework, which is a communication architecture to support vertical handover in Next Generations Networks, as an example of future communication frameworks that integrate QoS, security, communication and mobility mechanisms. Within the context of Y-Comm, research has been conducted to address QoS and security in heterogeneous networks. To preserve the flexibility of future network, the research in this thesis proposes the concept of Targeted Models to address security and QoS in specific scenarios: to address the QoS issue, a new QoS framework is introduced in this thesis, which will define targeted QoS models that will provide QoS in different situations such as connection initiation and in the case of handover. Similarly, to deal with the security side, targeted security models are proposed to address security in situations like connection initiation and handover. To define the targeted models and map them to actual network entities, research has been conducted to define a potential structure for future networks along with the main operational entities. The cooperation among these entities will define the targeted models. Furthermore, in order to specify the security protocols used by the targeted security models, an Authentication and Key Agreement framework is introduced to address security at different levels such as network and service levels. The underlying protocols of the Authentication and Key Agreement protocol are verified using Casper/FDR, which is a well-known, formal methods- based tool. The research also investigates potential methods to implement the proposed security protocols. To enable the implementation of some of the targeted security models, the research also proposes major enhancements to the current addressing, naming and location systems

Achieve Secure Handover Session Key Management via Mobile Relay in LTE-Advanced Networks

Internet of Things is increasing the network by group action immense quantity of close objects which needs the secure and reliable transmission of the high volume knowledge generation, and also the mobile relay technique is one among the economical ways in which to satisfy the on-board knowledge explosion in LTE-Advanced (LTE-A) networks. However, the observe of the mobile relay can cause potential threats to the knowledge security throughout the relinquishing method. Therefore, to handle this challenge, during this paper, we have a tendency to propose a secure relinquishing session key management theme via mobile relay in LTE-A networks. Specifically, within the planned theme, to realize forward and backward key separations, the session key shared between the on-board user instrumentality (UE) and also the connected donor evolved node B (DeNB) is initial generated by the on-board UE then firmly distributed to the DeNB. moreover, to cut back the communication overhead and also the process complexness, a unique proxy re-encryption technique is used, wherever the session keys at the start encrypted with the general public key of the quality management entity (MME) are going to be re-encrypted by a mobile relay node (MRN), so alternative DeNB will later rewrite the session keys with their own non-public keys whereas while not the direct involvement of the MME. elaborated security analysis shows that the planned theme will with success establish session keys between the on-board UEs and their connected DeNB, achieving backward and forward key separations, and resisting against the collusion between the MRN and also the DeNB because the same time. Additionally, performance evaluations via in depth simulations area unit applied to demonstrate the potency and effectiveness of the planned theme