Application-driven network management with ProtoRINA

Traditional network management is tied to the TCP/IP architecture, thus it inherits its many limitations, e.g., static management and one-size-fits-all structure. Additionally there is no unified framework for application management, and service (application) providers have to rely on their own ad-hoc mechanisms to manage their application services. The Recursive InterNetwork Architecture (RINA) is our solution to achieve better network management. RINA provides a unified framework for application-driven network management along with built-in mechanisms (including registration, authentication, enrollment, addressing, etc.), and it allows the dynamic formation of secure communication containers for service providers in support of various requirements. In this paper, we focus on how application-driven network management can be achieved over the GENI testbed using ProtoRINA, a user-space prototype of RINA. We demonstrate how video can be efficiently multicast to many clients on demand by dynamically creating a delivery tree. Under RINA, multicast can be enabled through a secure communication container that is dynamically formed to support video transport either through application proxies or via relay IPC processes. Experimental results over the GENI testbed show that application-driven network management enabled by ProtoRINA can achieve better network and application performance.National Science Foundation (NSF grant CNS-0963974)

Protecting EST Payloads with OSCORE: IETF Internet Draft

draft-selander-ace-coap-est-oscore-04This document specifies public-key certificate enrollment procedures protected with lightweight application-layer security protocols suitable for Internet of Things (IoT) deployments. The protocols leverage payload formats defined in Enrollment over Secure Transport (EST) and existing IoT standards including the Constrained Application Protocol (CoAP), Concise Binary Object Representation (CBOR) and the CBOR Object Signing and Encryption (COSE) format

Secure Identification in Social Wireless Networks

The applications based on social networking have brought revolution towards social life and are continuously gaining popularity among the Internet users. Due to the advanced computational resources offered by the innovative hardware and nominal subscriber charges of network operators, most of the online social networks are transforming into the mobile domain by offering exciting applications and games exclusively designed for users on the go. Moreover, the mobile devices are considered more personal as compared to their desktop rivals, so there is a tendency among the mobile users to store sensitive data like contacts, passwords, bank account details, updated calendar entries with key dates and personal notes on their devices. The Project Social Wireless Network Secure Identification (SWIN) is carried out at Swedish Institute of Computer Science (SICS) to explore the practicality of providing the secure mobile social networking portal with advanced security features to tackle potential security threats by extending the existing methods with more innovative security technologies. In addition to the extensive background study and the determination of marketable use-cases with their corresponding security requirements, this thesis proposes a secure identification design to satisfy the security dimensions for both online and offline peers. We have implemented an initial prototype using PHP Socket and OpenSSL library to simulate the secure identification procedure based on the proposed design. The design is in compliance with 3GPP‟s Generic Authentication Architecture (GAA) and our implementation has demonstrated the flexibility of the solution to be applied independently for the applications requiring secure identification. Finally, the thesis provides strong foundation for the advanced implementation on mobile platform in future

International Relations Study Team Briefing Paper

Fifteen papers discussing post-war constructions in Afghanistan, Bosnia and Vietnam are included

Distribution of antiretroviral treatment through self-forming groups of patients in Tete province, Mozambique

BACKGROUN

SecuCode: Intrinsic PUF Entangled Secure Wireless Code Dissemination for Computational RFID Devices

The simplicity of deployment and perpetual operation of energy harvesting devices provides a compelling proposition for a new class of edge devices for the Internet of Things. In particular, Computational Radio Frequency Identification (CRFID) devices are an emerging class of battery-free, computational, sensing enhanced devices that harvest all of their energy for operation. Despite wireless connectivity and powering, secure wireless firmware updates remains an open challenge for CRFID devices due to: intermittent powering, limited computational capabilities, and the absence of a supervisory operating system. We present, for the first time, a secure wireless code dissemination (SecuCode) mechanism for CRFIDs by entangling a device intrinsic hardware security primitive Static Random Access Memory Physical Unclonable Function (SRAM PUF) to a firmware update protocol. The design of SecuCode: i) overcomes the resource-constrained and intermittently powered nature of the CRFID devices; ii) is fully compatible with existing communication protocols employed by CRFID devices in particular, ISO-18000-6C protocol; and ii) is built upon a standard and industry compliant firmware compilation and update method realized by extending a recent framework for firmware updates provided by Texas Instruments. We build an end-to-end SecuCode implementation and conduct extensive experiments to demonstrate standards compliance, evaluate performance and security.Comment: Accepted to the IEEE Transactions on Dependable and Secure Computin