An Efficacious and Secure Registration for Internet Protocol Mobility

For the ample development of mobile internet protocol (IP) technology and the recurrent movement of a mobile device, it is necessary for the mobile device to inform their home network where initially registered through an efficient and secured procedure against any sort of attacks. The procedure of registration for IP mobility by the portable system must have a better performance by providing a certain level of security, such as authentication, integrity, replay attack protection, and location privacy. All at once, the extreme security in the registration of IP mobility may cause long registration time, principally for real-time systems. This paper mainly deals with a balanced effort for secure and efficient registration procedure which gives better security and efficiency in terms of registration delay. The proposed work provides an easy and fast registration procedure and lessens the registration delay through the usage of an identity based authenticated key exchange scheme that eliminates expensive pairing operations. The proposed protocol is verified by using AVISPA tool. The performance evaluation reveals that the proposed protocol significantly outperforms the existing protocols in terms of the registration delay.Defence Science Journal, 2013, 63(5), pp.502-507, DOI:http://dx.doi.org/10.14429/dsj.63.400

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

Towards a reliable seamless mobility support in heterogeneous IP networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University.Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

Context transfer support for mobility management in all-IP networks.

This thesis is a description of the research undertaken in the course of the PhD and evolves around a context transfer protocol which aims to complement and support mobility management in next generation mobile networks. Based on the literature review, it was identified that there is more to mobility management than handover management and the successful change of routing paths. Supportive mechanisms like fast handover, candidate access router discovery and context transfer can significantly contribute towards achieving seamless handover which is especially important in the case of real time services. The work focused on context transfer motivated by the fact that it could offer great benefits to session re-establishment during the handover operation of a mobile user and preliminary testbed observations illustrated the need for achieving this. Context transfer aims to minimize the impact of certain transport, routing, security-related services on the handover performance. When a mobile node (MN) moves to a new subnet it needs to continue such services that have already been established at the previous subnet. Examples of such services include AAA profile, IPsec state, header compression, QoS policy etc. Re-establishing these services at the new subnet will require a considerable amount of time for the protocol exchanges and as a result time- sensitive real-time traffic will suffer during this time. By transferring state to the new domain candidate services will be quickly re-established. This would also contribute to the seamless operation of application streams and could reduce susceptibility to errors. Furthermore, re-initiation to and from the mobile node will be avoided hence wireless bandwidth efficiency will be conserved. In this research an extension to mobility protocols was proposed for supporting state forwarding capabilities. The idea of forwarding states was also explored for remotely reconfiguring middleboxes to avoid any interruption of a mobile users' sessions or services. Finally a context transfer module was proposed to facilitate the integration of such a mechanism in next generation architectures. The proposals were evaluated analytically, via simulations or via testbed implementation depending on the scenario investigated. The results demonstrated that the proposed solutions can minimize the impact of security services like authentication, authorization and firewalls on a mobile user's multimedia sessions and thus improving the overall handover performance

Host mobility management with identifier-locator split protocols in hierarchical and flat networks

Includes abstractIncludes bibliographical references.As the Internet increasingly becomes more mobile focused and overloaded with mobile hosts, mobile users are bound to roam freely and attach to a variety of networks. These different networks converge over an IP-based core to enable ubiquitous network access, anytime and anywhere, to support the provision of services, that is, any service, to mobile users. Therefore, in this thesis, the researcher proposed network-based mobility solutions at different layers to securely support seamless handovers between heterogeneous networks in hierarchical and flat network architectures

Mobility management across converged IP-based heterogeneous access networks

This thesis was submitted for the degree of Doctor of Philosophy and awarded by Brunel University, 8/2/2010.In order to satisfy customer demand for a high performance “global” mobility service, network operators (ISPs, carriers, mobile operators, etc.) are facing the need to evolve to a converged “all-IP” centric heterogeneous access infrastructure. However, the integration of such heterogeneous access networks (e.g. 802.11, 802.16e, UMTS etc) brings major mobility issues. This thesis tackles issues plaguing existing mobility management solutions in converged IP-based heterogeneous networks. In order to do so, the thesis firstly proposes a cross-layer mechanism using the upcoming IEEE802.21 MIH services to make intelligent and optimized handovers. In this respect, FMIPv6 is integrated with the IEEE802.21 mechanism to provide seamless mobility during the overall handover process. The proposed solution is then applied in a simulated vehicular environment to optimize the NEMO handover process. It is shown through analysis and simulations of the signalling process that the overall expected handover (both L2 and L3) latency in FMIPv6 can be reduced by the proposed mechanism by 69%. Secondly, it is expected that the operator of a Next Generation Network will provide mobility as a service that will generate significant revenues. As a result, dynamic service bootstrapping and authorization mechanisms must be in place to efficiently deploy a mobility service (without static provisioning), which will allow only legitimate users to access the service. A GNU Linux based test-bed has been implemented to demonstrate this. The experiments presented show the handover performance of the secured FMIPv6 over the implemented test-bed compared to plain FMIPv6 and MIPv6 by providing quantitative measurements and results on the quality of experience perceived by the users of IPv6 multimedia applications. The results show the inclusion of the additional signalling of the proposed architecture for the purpose of authorization and bootstrapping (i.e. key distribution using HOKEY) has no adverse effect on the overall handover process. Also, using a formal security analysis tool, it is shown that the proposed mechanism is safe/secure from the induced security threats. Lastly, a novel IEEE802.21 assisted EAP based re-authentication scheme over a service authorization and bootstrapping framework is presented. AAA based authentication mechanisms like EAP incur signalling overheads due to large RTTs. As a result, overall handover latency also increases. Therefore, a fast re-authentication scheme is presented which utilizes IEEE802.21 MIH services to minimize the EAP authentication process delays and as a result reduce the overall handover latency. Analysis of the signalling process based on analytical results shows that the overall handover latency for mobility protocols will be approximately reduced by 70% by the proposed scheme

Secure and privacy-aware proxy mobile IPv6 protocol for vehicle-to-grid networks

Vehicle-to-Grid (V2G) networks have emerged as a new communication paradigm between Electric Vehicles (EVs) and the Smart Grid (SG). In order to ensure seamless communications between mobile EVs and the electric vehicle supply equipment, the support of ubiquitous and transparent mobile IP communications is essential in V2G networks. However, enabling mobile IP communications raises real concerns about the possibility of tracking the locations of connected EVs through their mobile IP addresses. In this paper, we employ certificate-less public key cryptography in synergy with the restrictive partially blind signature technique to construct a secure and privacy-aware proxy mobile IPv6 (SP-PMIPv6) protocol for V2G networks. SP-PMIPv6 achieves low authentication latency while protecting the identity and location privacy of the mobile EV. We evaluate the SP-PMIPv6 protocol in terms of its authentication overhead and the information-theoretic uncertainty derived by the mutual information metric to show the high level of achieved anonymity

Towards a reliable seamless mobility support in heterogeneous IP networks

Next Generation networks (3G and beyond) are evolving towards all IP based systems with the aim to provide global coverage. For Mobility in IP based networks, Mobile IPv6 is considered as a standard by both industry and research community, but this mobility protocol has some reliability issues. There are a number of elements that can interrupt the communication between Mobile Node (MN) and Corresponding Node (CN), however the scope of this research is limited to the following issues only: • Reliability of Mobility Protocol • Home Agent Management • Handovers • Path failures between MN and CN First entity that can disrupt Mobile IPv6 based communication is the Mobility Anchor point itself, i.e. Home Agent. Reliability of Home Agent is addressed first because if this mobility agent is not reliable there would be no reliability of mobile communication. Next scenario where mobile communication can get disrupted is created by MN itself and it is due to its mobility. When a MN moves around, at some point it will be out of range of its active base station and at the same time it may enter the coverage area of another base station. In such a situation, the MN should perform a handover, which is a very slow process. This handover delay is reduced by introducing a “make before break” style handover in IP network. Another situation in which the Mobile IPv6 based communication can fail is when there is a path failure between MN and CN. This situation can be addressed by utilizing multiple interfaces of MN at the same time. One such protocol which can utilize multiple interfaces is SHIM6 but it was not designed to work on mobile node. It was designed for core networks but after some modification in the protocol , it can be deployed on mobile nodes. In this thesis, these issues related to reliability of IPv6 based mobile communication have been addressed.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

On-demand service architecture for wireless vehicular networks

Vehicular Networks (VN) or VANETS has become a cutting-edge topic in the development of innovative solutions for the automotive industry and of special interest to transit management authorities. Well known examples of the potential benefits of enabling communications in vehicles is fostering a better driving by reducing the risk of accidents on the road. Besides the transmission of safety messages among vehicles in the vicinity, the development of non-safety applications will allow the delivery of information services to potential users willing to request them in on-demand basis. To provide such type of services, major challenges need to be tackled to offer secure and reliable communication in anonymous and sometimes hostile communication environments on the roads. These challenges cover security, billing and accounting issues to provide a secure access to services. The objective of this thesis work is to propose a service architecture for on-demand services in vehicular environments. A key point to keep a robust information service supply, stands in the capacity to provide and manage security mechanisms which comprise authentication and authorization of subscribers following a temporary subscription model. These features, along with privacy mechanisms, will offer to the communicating peers a secure way to mutually access and exchange information even if no previous knowledge of each other is available. Policies of service providers can regulate the supply of information services according to the subscribers' profiles. Providers can also define the implementation of accountability models in the form of metering and billing schemes appropriate for VANETS. This will result in the implementation of incentive and collaborative mechanisms to foster service delivery among vehicles