Autenticación de contenidos y control de acceso en redes peer-to-peer puras

Esta tesis doctoral se enmarca dentro del área de investigación de la seguridad en entornos Peer-to-Peer (P2P) totalmente descentralizados (también denominados puros.) En particular, el objetivo principal de esta tesis doctoral es definir, analizar e implementar un esquema para la distribución segura de los contenidos compartidos. En este trabajo de tesis se han realizado importantes avances e innovadoras aportaciones enfocadas a garantizar que el contenido compartido es auténtico; es decir, que no ha sido alterado, incluso tratándose de una réplica del original. Además, se propone un mecanismo de control de acceso orientado a proporcionar servicios de autorización en un entorno que no cuenta con una jerarquía de autoridades de certificación. A continuación, se resume la metodología seguida, las principales aportaciones de esta tesis y, finalmente, se muestran las conclusiones más importantes. __________________________________________The study and analysis of the state-of-the-art on security in Peer-to-Peer (P2P) networks gives us many important insights regarding the lack of practical security mechanisms in such fully decentralized and highly dynamic networks. The major problems range from the absence of content authentication mechanisms, which address and assure the authenticity and integrity of the resources shared by networking nodes, to access control proposals, which provide authorization services. In particular, the combination of both, authentication and access control, within well-known P2P file sharing systems may involve several advances in the content replication and distribution processes. The aim of this thesis is to define, develop and evaluate a secure P2P content distribution scheme for file sharing scenarios. The proposal will be based on the use of digital certificates, similar to those used in the provision of public key authenticity. To carry out this proposal in such an environment, which does not count on a hierarchy of certification authorities, we will explore the application of non-conventional techniques, such as Byzantine agreement protocols and schemes based on “proof-of-work.” We then propose a content authentication protocol for pure P2P file sharing systems. Under certain restrictions, our scheme provides guarantees that a content is authentic, i.e. it has not been altered, even if it is a replica of the original and the source has lost control over it. Moreover, we extend our initial work by showing how digital certificates can be modified to provide authorization capabilities for self-organizing peers. The entire scheme is first theoretically analyzed, and also implemented in C and Java in order to evaluate its performance. This document is presented as Ph.D. Thesis within the 2007–08 Ph.D. in Computer Science Program at Carlos III University of Madrid

Evaluation of on-demand routing in mobile ad hoc networks and proposal for a secure routing protocol

Secure routing Mobile Ad hoc Networks (MANETs) has emerged as an important MANET research area. Initial work in MANET focused mainly on the problem of providing efficient mechanisms for finding paths in very dynamic networks, without considering the security of the routing process. Because of this, a number of attacks exploit these routing vulnerabilities to manipulate MANETs. In this thesis, we performed an in-depth evaluation and performance analysis of existing MANET Routing protocols, identifying Dynamic Source Routing (DSR) as the most robust (based on throughput, latency and routing overhead) which can be secured with negligible routing efficiency trade-off. We describe security threats, specifically showing their effects on DSR. We proposed a new routing protocol, named Authenticated Source Routing for Ad hoc Networks (ASRAN) which is an out-of-band certification-based, authenticated source routing protocol with modifications to the route acquisition process of DSR to defeat all identified attacks. Simulation studies confirm that ASRAN has a good trade-off balance in reference to the addition of security and routing efficiency

From MANET to people-centric networking: Milestones and open research challenges

In this paper, we discuss the state of the art of (mobile) multi-hop ad hoc networking with the aim to present the current status of the research activities and identify the consolidated research areas, with limited research opportunities, and the hot and emerging research areas for which further research is required. We start by briefly discussing the MANET paradigm, and why the research on MANET protocols is now a cold research topic. Then we analyze the active research areas. Specifically, after discussing the wireless-network technologies, we analyze four successful ad hoc networking paradigms, mesh networks, opportunistic networks, vehicular networks, and sensor networks that emerged from the MANET world. We also present an emerging research direction in the multi-hop ad hoc networking field: people centric networking, triggered by the increasing penetration of the smartphones in everyday life, which is generating a people-centric revolution in computing and communications