40,824 research outputs found
Secure Routing in Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation networks such as providing flexible, adaptive,
and reconfigurable architecture while offering cost-effective solutions to the
service providers. Unlike traditional Wi-Fi networks, with each access point
(AP) connected to the wired network, in WMNs only a subset of the APs are
required to be connected to the wired network. The APs that are connected to
the wired network are called the Internet gateways (IGWs), while the APs that
do not have wired connections are called the mesh routers (MRs). The MRs are
connected to the IGWs using multi-hop communication. The IGWs provide access to
conventional clients and interconnect ad hoc, sensor, cellular, and other
networks to the Internet. However, most of the existing routing protocols for
WMNs are extensions of protocols originally designed for mobile ad hoc networks
(MANETs) and thus they perform sub-optimally. Moreover, most routing protocols
for WMNs are designed without security issues in mind, where the nodes are all
assumed to be honest. In practical deployment scenarios, this assumption does
not hold. This chapter provides a comprehensive overview of security issues in
WMNs and then particularly focuses on secure routing in these networks. First,
it identifies security vulnerabilities in the medium access control (MAC) and
the network layers. Various possibilities of compromising data confidentiality,
data integrity, replay attacks and offline cryptanalysis are also discussed.
Then various types of attacks in the MAC and the network layers are discussed.
After enumerating the various types of attacks on the MAC and the network
layer, the chapter briefly discusses on some of the preventive mechanisms for
these attacks.Comment: 44 pages, 17 figures, 5 table
Quality of Information in Mobile Crowdsensing: Survey and Research Challenges
Smartphones have become the most pervasive devices in people's lives, and are
clearly transforming the way we live and perceive technology. Today's
smartphones benefit from almost ubiquitous Internet connectivity and come
equipped with a plethora of inexpensive yet powerful embedded sensors, such as
accelerometer, gyroscope, microphone, and camera. This unique combination has
enabled revolutionary applications based on the mobile crowdsensing paradigm,
such as real-time road traffic monitoring, air and noise pollution, crime
control, and wildlife monitoring, just to name a few. Differently from prior
sensing paradigms, humans are now the primary actors of the sensing process,
since they become fundamental in retrieving reliable and up-to-date information
about the event being monitored. As humans may behave unreliably or
maliciously, assessing and guaranteeing Quality of Information (QoI) becomes
more important than ever. In this paper, we provide a new framework for
defining and enforcing the QoI in mobile crowdsensing, and analyze in depth the
current state-of-the-art on the topic. We also outline novel research
challenges, along with possible directions of future work.Comment: To appear in ACM Transactions on Sensor Networks (TOSN
A trading model and security regime for mobile e-commerce via ad hoc wireless networking
Ad hoc wireless networking offers mobile computer users the prospect of trading
with others in their vicinity anywhere anytime. This thesis explores the potential
for developing such trading applications. A notable difficulty in designing their
security services is being unable to use trusted parties. No one can be guaranteed
present in each ad hoc wireless network session. A side benefit is that their costs
don't have to be paid for.
A reference model is defined for ad hoc m-commerce and a threat model is for-
mulated of its security vulnerabilities. They are used to elicit security objectives
and requirements for such trading systems. Possible countermeasures to address
the threats are critically analysed and used to design security services to mitigate
them. They include a self-organised P2P identity support scheme using PGP cer-
tificates; a distributed reputation system backed by sanctions; a group membership
service based on membership vouchers, quorate decisions by some group members
and partial membership lists; and a security warning scheme.
Security analysis of the schemes shows that they can mitigate the threats to an
adequate degree to meet the trading system's security objectives and requirements
if users take due care when trading within it. Formal verification of the system
shows that it satisfies certain safety properties
Deliberation in Mobile Messaging Application: A Case in Hong Kong
Considering the increasing penetration of Internet and mobile technologies, we can foresee that more online debates and political discussions, such as online deliberations, will occur in the future. However, prior research does not illustrate or provide empirical evidence to support steps that that online deliberation should take. To address this gap, we conduct a case study on Project ThunderGo, an online deliberation campaign related to the 2016 Hong Kong Legislative Election. Via analyzing data obtained from their deliberation groups, the relevant news articles, and the election results, we establish a four-stage building, engineering, arriving, and reaching (BEAR) model of online deliberation and provide some practical implications for future deliberation host. The model and implications articulate ICT’s role in addressing complicated and multi-facet social problems
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Systematizing Decentralization and Privacy: Lessons from 15 Years of Research and Deployments
Decentralized systems are a subset of distributed systems where multiple
authorities control different components and no authority is fully trusted by
all. This implies that any component in a decentralized system is potentially
adversarial. We revise fifteen years of research on decentralization and
privacy, and provide an overview of key systems, as well as key insights for
designers of future systems. We show that decentralized designs can enhance
privacy, integrity, and availability but also require careful trade-offs in
terms of system complexity, properties provided, and degree of
decentralization. These trade-offs need to be understood and navigated by
designers. We argue that a combination of insights from cryptography,
distributed systems, and mechanism design, aligned with the development of
adequate incentives, are necessary to build scalable and successful
privacy-preserving decentralized systems
- …