A security architecture for IPv6 enabled wireless medical sensor networks.

We present the design of an IPv6 enabled wireless sensor network based on the IEEE 802.15.4 standard for medical monitoring. We design a routing mechanism for efficient flooding, a hop-by-hop error recovery and congestion control mechanism for reliable packet delivery and a lightweight security architecture for the medical monitoring system. We extend the widely used Extensible Authentication Protocol (EAP) to employ the Generalized Pre-shared Key (GPSK) authentication method with some optimizations for securing the system. We use the 3-party EAP model with the Personal Area Network Coordinator (PAN coordinator) of IEEE 802.15.4 standard as the EAP authenticator for authenticating sensor nodes within the radio range of the PAN coordinator. In order to use EAP authentication for a sensor node several hops away from the PAN coordinator, we define a new role (relay authenticator) for its coordinator which tunnels EAP messages to the PAN coordinator securely. We define EAP message encapsulation for IEEE 802.15.4 networks and a key hierarchy for the security architecture. We have simulated the system and shown that EAP based authentication is feasible in wireless sensor networks.The original print copy of this thesis may be available here: http://wizard.unbc.ca/record=b136235

Attacking and securing beacon-enabled 802.15.4 networks

The IEEE 802.15.4 standard has attracted timecritical applications in wireless sensor networks because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS management scheme’s security mechanisms still leave the 802.15.4 medium access control vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 networks either focus on nonbeacon-enabled 802.15.4 networks or cannot defend against insider attacks for beacon-enabled 802.15.4 networks. In this paper, we illustrate this by demonstrating attacks on the availability and integrity of the beaconenabled 802.15.4 network. To confirm the validity of the attacks, we implement the attacks using Tmote Sky motes for wireless sensor nodes, where the malicious node is deployed as an inside attacker. We show that the malicious node can freely exploit information retrieved from the beacon frames to compromise the integrity and availability of the network. To defend against these attacks, we present BCN-Sec, a protocol that ensures the integrity of data and control frames in beacon-enabled 802.15.4 networks. We implement BCN-Sec, and show its efficacy during various attacks

Attacking and Securing Beacon-Enabled 802.15.4 Networks

The IEEE 802.15.4 has attracted time-critical applications in wireless sensor networks (WSNs) because of its beacon-enabled mode and guaranteed timeslots (GTSs). However, the GTS scheme’s security still leave the 802.15.4 MAC vulnerable to attacks. Further, the existing techniques in the literature for securing 802.15.4 either focus on non beacon-enabled 802.15.4 or cannot defend against insider attacks for beacon-enabled 802.15.4. In this thesis, we illustrate this by demonstrating attacks on the availability and integrity of the beacon-enabled 802.15.4. To proof the attacks, we implement the attacks using Tmote Sky motes for a malicious node along with regular nodes. We show that the malicious node can freely exploit the beacon frames to compromise the integrity and availability of the network. For the defense, we present beacon-enabled MiniSec (BCN-MiniSec) and analyze its cost

Authentication and Key Exchange in Mobile Ad Hoc Networks

Over the past decade or so, there has been rapid growth in wireless and mobile applications technologies. More recently, an increasing emphasis has been on the potential of infrastructureless wireless mobile networks that are easy, fast and inexpensive to set up, with the view that such technologies will enable numerous new applications in a wide range of areas. Such networks are commonly referred to as mobile ad hoc networks (MANETs). Exchanging sensitive information over unprotected wireless links with unidentified and untrusted endpoints demand the deployment of security in MANETs. However, lack of infrastructure, mobility and resource constraints of devices, wireless communication links and other unique features of MANETs induce new challenges that make implementing security a very difficult task and require the design of specialized solutions. This thesis is concerned with the design and analysis of security solutions for MANETs. We identify the initial exchange of authentication and key credentials, referred to as pre-authentication, as well as authentication and key exchange as primary security goals. In particular, the problem of pre-authentication has been widely neglected in existing security solutions, even though it is a necessary prerequisite for other security goals. We are the first to classify and analyze different methods of achieving pairwise pre-authentication in MANETs. Out of this investigation, we identify identity-based cryptographic (IBC) schemes as well-suited to secure MANET applications that have no sufficient security solutions at this time. We use pairing-based IBC schemes to design an authentication and key exchange framework that meets the special requirements of MANETs. Our solutions are comprised of algorithms that allow for efficient and secure system set up, pre-authentication, mutual authentication, key establishment, key renewal, key revocation and key escrow prevention. In particular, we present the first fully self-organized key revocation scheme for MANETs that does not require any trusted third party in the network. Our revocation scheme can be used to amend existing IBC solutions, be seamlessly integrated in our security framework and even be adopted to conventional public key solutions for MANETs. Our scheme is based on propagated accusations and once the number of received accusations against a node reaches a defined threshold, the keys of the accused nodes are revoked. All communications are cryptographically protected, but unlike other proposed schemes, do not require computationally demanding digital signatures. Our scheme is the first that efficiently and securely enables nodes to revoke their own keys. Additionally, newly joining nodes can obtain previous accusations without performing computationally demanding operations such as verifying digital signatures. Several security and performance parameters make our scheme adjustable to the hostility of the MANET environment and the degree of resource constraints of network and devices. In our security analysis we show how security parameters can be selected to prevent attacks by colluding nodes and roaming adversaries. In our proposed security framework, we utilize special properties of pairing-based keys to design an efficient and secure method for pairwise pre-authentication and a set of ID-based authenticated key exchange protocols. In addition, we present a format for ID-based public keys that, unlike other proposed formats, allows key renewal before the start of a new expiry interval. Finally, we are the first to discuss the inherent key escrow property of IBC schemes in the context of MANETs. Our analysis shows that some special features of MANETs significantly limit the escrow capabilities of key generation centers (KGCs). We propose a novel concept of spy nodes that can be utilized by KGCs to increase their escrow capabilities and analyze the probabilities of successful escrow attacks with and without spy nodes. In summary, we present a complete authentication and key exchange framework that is tailored for MANET applications that have previously lacked such security solutions. Our solutions can be implemented using any pairing-based IBC scheme. The component design allows for the implementation of single schemes to amend existing solutions that do not provide certain functionalities. The introduction of several security and performance parameters make our solutions adjustable to different levels of resource constraints and security needs. In addition, we present extensions that make our solutions suitable for applications with sporadic infrastructure access as envisioned in the near future

Telecommunications Networks

This book guides readers through the basics of rapidly emerging networks to more advanced concepts and future expectations of Telecommunications Networks. It identifies and examines the most pressing research issues in Telecommunications and it contains chapters written by leading researchers, academics and industry professionals. Telecommunications Networks - Current Status and Future Trends covers surveys of recent publications that investigate key areas of interest such as: IMS, eTOM, 3G/4G, optimization problems, modeling, simulation, quality of service, etc. This book, that is suitable for both PhD and master students, is organized into six sections: New Generation Networks, Quality of Services, Sensor Networks, Telecommunications, Traffic Engineering and Routing

Security Risks in Optical Access Networks

Import 05/08/2014Tato bakalářská práce se zabývá problematikou bezpečnosti optických přístupových sítí, konkrétně pasivní varianty optických sítí (PON). V první části práce jsou popsány vlastnosti technologií současné i budoucí generace sítí PON, včetně možností jejich zabezpečení. V druhé části jsou popsány bezpečnostní rizika systémů založených na metodě časového dělení TDM-PON, vlnového dělení WDM-PON a bezpečnostní mechanismy používané k jejich zamezení. V praktické části jsou v laboratorních podmínkách ověřena bezpečnostní rizika spojená s nasazením technologie WDM-PON.This bachelor thesis deals with security of optical access networks, specifically its passive optical networks variants (PON). The first part describes the characteristics of technologies, both current and future generations of the PON networks, including possibilities of their securing. The second part describes the security risks of systems based on the method of time division multiplexing TDM-PON, wavelength division multiplexing WDM-PON and security mechanisms used to avoid them. The aim of the work in the practical part is to verify in laboratory conditions security risks associated with the deployment of the WDM-PON technologies.440 - Katedra telekomunikační technikyvýborn

An open framework for low-latency communications across the smart grid network

The recent White House (2011) policy paper for the Smart Grid that was released on June 13, 2011, A Policy Framework for the 21st Century Grid: Enabling Our Secure Energy Future, defines four major problems to be solved and the one that is addressed in this dissertation is Securing the Grid. Securing the Grid is referred to as one of the four pillars to be built on an open technology framework. The problem of securing the grid is further defined that cybersecurity practices must provide the special, low-latency communications needed for real-time automation control (White House, 2011, p. 49). The National Institute of Standards and Technology (NIST) is tasked with development of the cybersecurity communication standards through establishment of the NIST Cybersecurity Working Group (CSWG). NIST CSWG further states that low-latency is critical for automation control on the Smart Grid (NISTIR-Vol.3, 2010). The research and experimental planning for the solution tested in this dissertation provide low-latency through a system of open protocols that include HMAC keys (Hashed Message Authentication Code) and cryptographic identification for real-time control across the Smart Grid. It is serendipitous that HMAC keys (Hashed Message Authentication Code) can be processed very fast so there is little delay/latency added to the overall file transfer process (Goutis et al, 2005). In addition the research results offer guidance on the additional latency of AES versus Blowfish encryption algorithms for file transfers.John Andrew SturmCockrell, GeraldBeach, DavidRoobik Gharabagi(St. Louis University)Lin, YuetongMaughan, GeorgeDoctor of PhilosophyDepartment of Technology ManagementCunningham Memorial library, Terre Haute,Indiana State UniversityILL-ETD-082DoctoralTitle from document title page. Document formatted into pages: contains 149 p.: ill. Includes abstract and appendi

A System for the Verication of Location Claims

As location becomes an increasingly important piece of context information regarding a device, so too must the method of providing this information increase in reliability. In many situations, false location information may impact the security or objectives of the system to which it has been supplied. Research concerning localization and location verication addresses this issue. The majority of solutions, however, revolve around a trusted infrastructure to provide a certied location. This thesis presents an enhanced design for a location verication system, moving verication away from infrastructure-based approaches. Instead, an ad hoc approach is presented, employing regular local devices in the role usually reserved for trusted entities - the role of the evidence provider. We begin with an introduction to the area of localization, outlining the primary techniques employed. We summarize previous approaches, highlighting the improvements and outstanding issues of each. Following this, we outline a novel metric for use with distance bounding to increase the accuracy of evidence extracted from the distance bounding process. We show through emulation that this metric is feasible within an IEEE 802.11 wireless network. We detail the Secure Location Verication Proof Gathering Protocol (SLVPGP), a protocol designed to protect the process of evidence gathering. We employ our novel metric to conrm the presence of a device in an area. We repeatedly extend the SLVPGP's basic design to form three protocols, each with increasingly stronger security. These protocols are formally veried to conrm their specied security properties. To complete the design of our verication system, we present two approaches to judging a claim based on the evidence supplied. We demonstrate the accuracy of these approach through simulation. We also include a brief outline of the concept of reputation and discuss an existing app