Network layer access control for context-aware IPv6 applications

As part of the Lancaster GUIDE II project, we have developed a novel wireless access point protocol designed to support the development of next generation mobile context-aware applications in our local environs. Once deployed, this architecture will allow ordinary citizens secure, accountable and convenient access to a set of tailored applications including location, multimedia and context based services, and the public Internet. Our architecture utilises packet marking and network level packet filtering techniques within a modified Mobile IPv6 protocol stack to perform access control over a range of wireless network technologies. In this paper, we describe the rationale for, and components of, our architecture and contrast our approach with other state-of-the- art systems. The paper also contains details of our current implementation work, including preliminary performance measurements

Software-defined Networking enabled Resource Management and Security Provisioning in 5G Heterogeneous Networks

Due to the explosive growth of mobile data traffic and the shortage of spectral resources, 5G networks are envisioned to have a densified heterogeneous network (HetNet) architecture, combining multiple radio access technologies (multi-RATs) into a single holistic network. The co-existing of multi-tier architectures bring new challenges, especially on resource management and security provisioning, due to the lack of common interface and consistent policy across HetNets. In this thesis, we aim to address the technical challenges of data traffic management, coordinated spectrum sharing and security provisioning in 5G HetNets through the introduction of a programmable management platform based on Software-defined networking (SDN). To address the spectrum shortage problem in cellular networks, cellular data traffic is efficiently offloaded to the Wi-Fi network, and the quality of service of user applications is guaranteed with the proposed delay tolerance based partial data offloading algorithm. A two-layered information collection is also applied to best load balancing decision-making. Numerical results show that the proposed schemes exploit an SDN controller\u27s global view of the HetNets and take optimized resource allocation decisions. To support growing vehicle-generated data traffic in 5G-vehicle ad hoc networks (VANET), SDN-enabled adaptive vehicle clustering algorithm is proposed based on the real-time road traffic condition collected from HetNet infrastructure. Traffic offloading is achieved within each cluster and dynamic beamformed transmission is also applied to improve trunk link communication quality. To further achieve a coordinated spectrum sharing across HetNets, an SDN enabled orchestrated spectrum sharing scheme that integrates participating HetNets into an amalgamated network through a common configuration interface and real-time information exchange is proposed. In order to effectively protect incumbent users, a real-time 3D interference map is developed to guide the spectrum access based on the SDN global view. MATLAB simulations confirm that average interference at incumbents is reduced as well as the average number of denied access. Moreover, to tackle the contradiction between more stringent latency requirement of 5G and the potential delay induced by frequent authentications in 5G small cells and HetNets, an SDN-enabled fast authentication scheme is proposed in this thesis to simplify authentication handover, through sharing of user-dependent secure context information (SCI) among related access points. The proposed SCI is a weighted combination of user-specific attributes, which provides unique fingerprint of the specific device without additional hardware and computation cost. Numerical results show that the proposed non-cryptographic authentication scheme achieves comparable security with traditional cryptographic algorithms, while reduces authentication complexity and latency especially when network load is high

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed