A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Detection And Prevention Of Types Of Attacks Using Machine Learning Techniques In Cognitive Radio Networks

A number of studies have been done on several types of data link and network layer attacks and defenses for CSS in CRNs, but there are still a number of challenges unsolved and open issues waiting for solutions. Specifically, from the perspective of attackers, when launching the attack, users have to take into account of the factors of attack gain, attack cost and attack risk, together.  From the perspective of defenders, there are also three aspects deserving consideration: defense reliability, defense efficiency and defense universality. The attacks and defenses are mutually coupled from each other. Attackers need to adjust their strategies to keep their negative effects on final decisions and avoid defenders’ detection, while defenders have to learn and analyze attack behaviors and designs effective defense rules. Indeed, attack and defense ought to be considered together. the proposed methodology overcomes the problems of several data link and network layer attacks and it effects in CSS(Co-operative Spectrum Sensing) of CNRs using Machine Learning based Defense, Cross layers optimization techniques and Defence based Prevention mechanisms

IoT Sentinel: Automated Device-Type Identification for Security Enforcement in IoT

With the rapid growth of the Internet-of-Things (IoT), concerns about the security of IoT devices have become prominent. Several vendors are producing IP-connected devices for home and small office networks that often suffer from flawed security designs and implementations. They also tend to lack mechanisms for firmware updates or patches that can help eliminate security vulnerabilities. Securing networks where the presence of such vulnerable devices is given, requires a brownfield approach: applying necessary protection measures within the network so that potentially vulnerable devices can coexist without endangering the security of other devices in the same network. In this paper, we present IOT SENTINEL, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise. We show that IOT SENTINEL is effective in identifying device types and has minimal performance overhead

Secure Routing in Wireless Mesh Networks

Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

Towards Securing Peer-to-peer SIP in the MANET Context: Existing Work and Perspectives

The Session Initiation Protocol (SIP) is a key building block of many social applications, including VoIP communication and instant messaging. In its original architecture, SIP heavily relies on servers such as proxies and registrars. Mobile Ad hoc NETworks (MANETs) are networks comprised of mobile devices that communicate over wireless links, such as tactical radio networks or vehicular networks. In such networks, no fixed infrastructure exists and server-based solutions need to be redesigned to work in a peer-to-peer fashion. We survey existing proposals for the implementation of SIP over such MANETs and analyze their security issues. We then discuss potential solutions and their suitability in the MANET context

To NACK or not to NACK? Negative Acknowledgments in Information-Centric Networking

Information-Centric Networking (ICN) is an internetworking paradigm that offers an alternative to the current IP\nobreakdash-based Internet architecture. ICN's most distinguishing feature is its emphasis on information (content) instead of communication endpoints. One important open issue in ICN is whether negative acknowledgments (NACKs) at the network layer are useful for notifying downstream nodes about forwarding failures, or requests for incorrect or non-existent information. In benign settings, NACKs are beneficial for ICN architectures, such as CCNx and NDN, since they flush state in routers and notify consumers. In terms of security, NACKs seem useful as they can help mitigating so-called Interest Flooding attacks. However, as we show in this paper, network-layer NACKs also have some unpleasant security implications. We consider several types of NACKs and discuss their security design requirements and implications. We also demonstrate that providing secure NACKs triggers the threat of producer-bound flooding attacks. Although we discuss some potential countermeasures to these attacks, the main conclusion of this paper is that network-layer NACKs are best avoided, at least for security reasons.Comment: 10 pages, 7 figure

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Improving The Fault Tolerance of Ad Hoc Routing Protocols using Aspect-oriented Programming

[ES] Las redes ad hoc son redes inalámbricas distribuidas formadas por nodos móviles que se ubican libremente y dinámicamente, capaces de organizarse de manera propia en topologías arbitrarias y temporales, a través de la actuación de los protocolos de encaminamiento. Estas redes permiten a las personas y dispositivos conectarse sin problemas rápidamente, en áreas sin una infraestructura de comunicaciones previa y con un bajo coste. Muchos estudios demuestran que los protocolos de encaminamiento ad hoc se ven amenazados por una variedad de fallos accidentales y maliciosos, como la saturación de vecinos, que puede afectar a cualquier tipo de red ad hoc, y el ruido ambiental, que puede afectar en general a todas las redes inalámbricas. Por lo tanto, el desarrollo y la implementación de estrategias de tolerancia a fallos para mitigar el efecto de las fallos, es esencial para el uso práctico de este tipo de redes. Sin embargo, los mecanismos de tolerancia a fallos suelen estar implementados de manera específica, dentro del código fuente de los protocolos de encaminamiento que hace que i) ser reescrito y reorganizado cada vez que una nueva versión de un protocolo se libera, y ii) tener un carácter completamente remodelado y adaptado a las nuevas versiones de los protocolos. Esta tesis de máster explora la viabilidad de utilizar programación orientada a aspectos (AOP), para desarrollar e implementar los mecanismos de tolerancia a fallos adecuados para toda una familia de protocolos de encaminamiento, es decir, las versiones actuales y futuras de un protocolo determinado (OLSR en este caso). Por otra parte, se propone una nueva metodología para ampliar estos mecanismos a diferentes familias de protocolos proactivos (OLSR, BATMAN y Babel) con un nuevo concepto de AOP, el metaaspecto. La viabilidad y efectividad de la propuesta se ha evaluado experimentalmente, estableciendo así un nuevo método para mejorar la implementación de la portabilidad y facilidad de mantenimiento de los mecanismos de tolerancia a fallos en los protocolos de enrutamiento ad hoc y, por lo tanto, la fiabilidad de las redes ad hoc.[EN] Ad hoc networks are distributed networks consisting of wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary topologies, through the operation of routing protocols. These networks allow people and devices to seamlessly interconnect rapidly in areas with no pre-existing communication infrastructure and with a low cost. Many studies show that ad hoc routing protocols are threatened by a variety of accidental and malicious faults, like neighbour saturation, which may affect any kind of ad hoc network, and ambient noise, which may impact all wireless networks in general. Therefore, developing and deploying fault tolerance strategies to mitigate the effect of such faults is essential for the practical use of this kind of networks. However, those fault tolerance mechanisms are usually embedded into the source code of routing protocols which causes that i) they must be rewritten and redeployed whenever a new version of a protocol is released, and ii) they must be completely redeveloped and adapted to new routing protocols. This master thesis explores the feasibility of using Aspect-Oriented Programming (AOP) to develop and deploy fault tolerance mechanisms suitable for a whole family of routing protocols, i.e. existing and future versions of a given protocol (OLSR in this case). Furthermore, a new methodology is proposed to extend these mechanisms to different families of proactive protocols (OLSR, B.A.T.M.A.N and Babel) using a new concept in AOP, the meta-aspect. The feasibility and effectiveness of the proposal is experimentally assessed, thus establishing a new method to improve the deployment, portability, and maintainability of fault tolerance mechanisms for ad hoc routing protocols and, therefore, the dependability of ad hoc networks.Bustos Rodríguez, AJ. (2012). Improving The Fault Tolerance of Ad Hoc Routing Protocols using Aspect-oriented Programming. http://hdl.handle.net/10251/18421Archivo delegad