Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

Group Key Management in Wireless Ad-Hoc and Sensor Networks

A growing number of secure group applications in both civilian and military domains is being deployed in WAHNs. A Wireless Ad-hoc Network (WARN) is a collection of autonomous nodes or terminals that communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. A Mobile Ad-hoc Network (MANET) is a special type of WARN with mobile users. MANET nodes have limited communication, computational capabilities, and power. Wireless Sensor Networks (WSNs) are sensor networks with massive numbers of small, inexpensive devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor and control most aspects of our physical world. In a WAHNs and WSNs with un-trusted nodes, nodes may falsify information, collude to disclose system keys, or even passively refuse to collaborate. Moreover, mobile adversaries might invade more than one node and try to reveal all system secret keys. Due to these special characteristics, key management is essential in securing such networks. Current protocols for secure group communications used in fixed networks tend to be inappropriate. The main objective of this research is to propose, design and evaluate a suitable key management approach for secure group communications to support WAHNs and WSNs applications. Key management is usually divided into key analysis, key assignment, key generation and key distribution. In this thesis, we tried to introduce key management schemes to provide secure group communications in both WAHNs and WSNs. Starting with WAHNs, we developed a key management scheme. A novel architecture for secure group communications was proposed. Our proposed scheme handles key distribution through Combinatorial Key Distribution Scheme (CKDS). We followed with key generation using Threshold-based Key Generation in WAHNs (TKGS). For key assignment, we proposed Combinatorial Key Assignment Scheme (CKAS), which assigns closer key strings to co-located nodes. We claim that our architecture can readily be populated with components to support objectives such as fault tolerance, full-distribution and scalability to mitigate WAHNs constraints. In our architecture, group management is integrated with multicast at the application layer. For key management in WSNs, we started with DCK, a modified scheme suitable for WSNs. In summary, the DCK achieves the following: (1) cluster leader nodes carry the major part of the key management overhead; (2) DCK consumes less than 50% of the energy consumed by SHELL in key management; (3) localizing key refreshment and handling node capture enhances the security by minimizing the amount of information known by each node about other portions of the network; and (4) since DCK does not involve the use of other clusters to maintain local cluster data, it scales better from a storage point of view with the network size represented by the number of clusters. We went further and proposed the use of key polynomials with DCK to enhance the resilience of multiple node capturing. Comparing our schemes to static and dynamic key management, our scheme was found to enhance network resilience at a smaller polynomial degree t and accordingly with less storage per node

On Evaluating the Performance Impact of the IEEE 802.15.4 Security Sub-layer

Nowadays, wireless sensor networks (WSNs) are used in a wide range of application scenarios ranging from structural monitoring to health-care, from surveillance to industrial automation. Most of these applications require forms of secure communication. On the other hand, security has a cost in terms of reduced performance. In this paper we refer to the IEEE 802.15.4 standard and investigate the impact of the 802.15.4 security sub-layer on the WSN performance. Specifically, we analyze the impact that security mechanisms and options, as provided by the standard, have on the overall WSN performance, in terms of latency, goodput, and energy consumption. To this end, we develop an analytical model and a security enabled simulator. We also use a real testbed, based on a complete open-source implementation of the standard, to validate simulation and analytical results, as well as to better understand the limits of the current WSN technology

An Outline of Security in Wireless Sensor Networks: Threats, Countermeasures and Implementations

With the expansion of wireless sensor networks (WSNs), the need for securing the data flow through these networks is increasing. These sensor networks allow for easy-to-apply and flexible installations which have enabled them to be used for numerous applications. Due to these properties, they face distinct information security threats. Security of the data flowing through across networks provides the researchers with an interesting and intriguing potential for research. Design of these networks to ensure the protection of data faces the constraints of limited power and processing resources. We provide the basics of wireless sensor network security to help the researchers and engineers in better understanding of this applications field. In this chapter, we will provide the basics of information security with special emphasis on WSNs. The chapter will also give an overview of the information security requirements in these networks. Threats to the security of data in WSNs and some of their counter measures are also presented

Evolving military broadband wireless communication systems: WiMAX, LTE and WLAN

© 2016 IEEE. This version of the paper has been accepted for publication. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other works. The final published paper is available online at: https://doi.org/10.1109/ICMCIS.2016.7496570.[Abstract]: Emerging technologies for mobile broadband wireless are being considered as a Commercial Off-The-Shelf solution to cover the operational requirements of the future warfare. The capabilities of these technologies are being enhanced to meet the growing market demands on performance. In this context, several standards such as WiMAX, LTE or WLAN are introducing themselves as strong candidates to fulfill these requirements. This paper presents an innovative scenario-based approach to develop a Military Broadband Wireless Communication System (MBWCS). Its main objective is to analyze how similar a military MBWCS can be to the identified civil standards, taking operational and high level technical requirements into account. This specification will be used for analyzing the applicability and the modifications of each of the standards layers individually. Proving the feasibility and aptitude of each standard provides strong foundations to address a MBWCS in the most efficient way.This work has been funded by MINECO of Spain under grant TEC2013-47141-C4-1-R and Indra Sistemas S.A. The authors acknowledge to Colin Brown, Mehmet Hayri K üçüktabak and Matthias Tschauner their collaboration in the NATO IST-ET-068

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security

Performance Evaluation of Security Solutions for Wireless Sensor Networks

In the recent years, wireless communication is involving not only computers, but a multitude of heterogeneous devices. Wireless Sensor Networks (WSNs) contribute to the new paradigm of pervasive computing, and this translates into new requirements for new applications. WSNs are employed not only on their own, but also in Cooperating Objects Systems (COSs), where mobile physical agents share the same environment to fulfill their tasks, either in group or in isolation. Sensor nodes are typically resource constrained devices deployed in unattended, possibly hostile environments. WSNs and COSs are a tempting target for an adversary, since a security infringement may easily translate into a safety one, with possible consequences in terms of damages to things and injures to people. Main security requirements for WSNs are secure communication, key management and secure bootstrapping. Security usually involves resource greedy operations, while sensors are resource constrained devices. This means that security requirements must be satisfied assuring a lightweight impact in terms of memory occupancy, network performance and energy consumption. In this thesis work, we start from a performance evaluation of the security sublayer of the IEEE 802.15.4 standard in terms of memory occupancy, network performance and energy consumption. Then, present and evaluate a solution to a vulnerability of the IEEE 802.15.4 standard that causes a selective Denial of Service attack. Finally, we present PLASA: a modular and reconfigurable security architecture for WSNs. PLASA extends the STaR architecture. STaR is a secure communication module we designed to provide confidentiality and/or authenticity of communications in a trans- parent and flexible manner. PLASA enhances STaR, introducing modules for key management and secure bootstrapping, so providing a complete system that is suitable not only for the WSN, but for the entire COS

IoT Application Provisioning Service

Constant development of software requires updating our Internet of Things (IoT) devices regularly. Some services such as transportation, health care, surveillance and electronic payments require high availability, even during a software update. IoT updates in urban scenarios require connectivity based on the Internet Protocol (IP) and long range connection with adequate speed. Normally, these requirements are provided by cellular network (i.e., using a SIM card) to connect to the Internet. This option presents several disadvantages: it is very expensive and it exposes IoT devices to security threats due to the permanent connection to the Internet. These challenges could be addressed by leveraging long-range broadcast communication (e.g., FM broadcast). IoT devices periodically listen for and receive updates through such a communication infrastructure, without actually being connected to the Internet. This thesis presents a system to provide software updates for IoT devices through long-range broadcast communication technologies. A prototype has been developed based on the concept of “seamless updates”. This allows performing software updates in the background, hence ensuring the availability of a device during the installation time of an update. This seamless update process was implemented on an embedded device (i.e., a Raspberry Pi 3) with a Linux-based operating system. Furthermore, a web-based backend has been implemented. Such a backend allows IoT developers to upload their updates targeting a specific class of devices and schedule when the update will be sent. The security goals of integrity and authentication are accomplished by signing the updates in the backend and verifying it at the IoT device. Moreover, a performance evaluation is performed for the system upgrade service with different parameters to sign the updates