Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

An Energy Aware and Secure MAC Protocol for Tackling Denial of Sleep Attacks in Wireless Sensor Networks

Wireless sensor networks which form part of the core for the Internet of Things consist of resource constrained sensors that are usually powered by batteries. Therefore, careful energy awareness is essential when working with these devices. Indeed,the introduction of security techniques such as authentication and encryption, to ensure confidentiality and integrity of data, can place higher energy load on the sensors. However, the absence of security protection c ould give room for energy drain attacks such as denial of sleep attacks which have a higher negative impact on the life span ( of the sensors than the presence of security features. This thesis, therefore, focuses on tackling denial of sleep attacks from two perspectives A security perspective and an energy efficiency perspective. The security perspective involves evaluating and ranking a number of security based techniques to curbing denial of sleep attacks. The energy efficiency perspective, on the other hand, involves exploring duty cycling and simulating three Media Access Control ( protocols Sensor MAC, Timeout MAC andTunableMAC under different network sizes and measuring different parameters such as the Received Signal Strength RSSI) and Link Quality Indicator ( Transmit power, throughput and energy efficiency Duty cycling happens to be one of the major techniques for conserving energy in wireless sensor networks and this research aims to answer questions with regards to the effect of duty cycles on the energy efficiency as well as the throughput of three duty cycle protocols Sensor MAC ( Timeout MAC ( and TunableMAC in addition to creating a novel MAC protocol that is also more resilient to denial of sleep a ttacks than existing protocols. The main contributions to knowledge from this thesis are the developed framework used for evaluation of existing denial of sleep attack solutions and the algorithms which fuel the other contribution to knowledge a newly developed protocol tested on the Castalia Simulator on the OMNET++ platform. The new protocol has been compared with existing protocols and has been found to have significant improvement in energy efficiency and also better resilience to denial of sleep at tacks Part of this research has been published Two conference publications in IEEE Explore and one workshop paper

Analysis of the impact of wireless mobile devices in critical industrial applications

The main objective of the thesis is to study the impact of mobile nodes in industrial applications with strict reliability and time constraints in both centralized and decentralized topologies. Considering the harsh wireless channel conditions of industrial environments, that goal implies a considerable challenge. In order not to compromise the performance of the system, a deterministic Real-Time (RT) communication protocol is needed, along with a mechanism to deal with changes in the topology due to the movements of the wireless devices. The existing wireless standard technologies do not satisfy the requirements demanded by the most critical industrial applications such as Distributed Control Systems (DCS) and, thus, wired communication cannot be directly replaced by wireless solutions. Nevertheless, the adoption of wireless communications can be seen as an extension to the existing wired networks to create hybrid networks with mobility requirements. The design of a proper communication solution depends mainly on the choice of the Medium Access Control (MAC) protocol, which is responsible for controlling access to the medium and thereby plays a vital role in decreasing latency and packet errors. Furthermore, the changes in the topology due to the movement of the wireless devices must be managed correctly in order not to affect the performance of the entire network. In this doctoral thesis, a hybrid centralized architecture designed for industrial applications with strict requirements in terms of robustness, determinism and RT is proposed and evaluated. For that, a wireless RT MAC scheme based on the IEEE 802.11 physical layer is proposed along with a Real-Time Ethernet (RTE) MAC scheme. This hybrid system ensures seamless communication between both media. With the aim of including mobile devices in the proposed architecture, a soft-handover algorithm is designed and evaluated. This algorithm guarantees an uninterrupted communication during the handover process without the need for a second radio interface and with a reduced growth in network overhead. Finally, the impact of mobile nodes in a decentralized wireless topology is analysed. For that, the Self-Organizing Time Division Multiple Access (STDMA) protocol is evaluated to analyse its viability as an alternative to carrying out a handover in industrial applications without centralized systems.El objetivo principal de la tesis es estudiar el impacto de los nodos móviles en las aplicaciones inalámbricas industriales con requisitos estrictos de tiempo y robustez tanto para topologías centralizadas como descentralizadas. Este objetivo supone un gran desafío dadas las adversas condiciones del canal inalámbrico en los entornos industriales. Para no comprometer el rendimiento del sistema, es necesario un protocolo de comunicación determinista y con garantías de tiempo real, junto con un mecanismo para hacer frente a los cambios en la topología debido al movimiento de los dispositivos inalámbricos. Las tecnologías estándar inalámbricas existentes no satisfacen los requisitos exigidos por las aplicaciones industriales más críticas, como los Sistemas de Control Distribuido (DCS - Distributed Control Systems) y, por lo tanto, las comunicaciones cableadas no pueden ser reemplazadas directamente por soluciones inalámbricas. Sin embargo, la adopción de las comunicaciones inalámbricas puede verse como una extensión de las redes cableadas existentes con el objetivo de crear redes híbridas con requisitos de movilidad. El diseño de una solución de comunicación adecuada depende principalmente de la elección del protocolo de control de acceso al medio (MAC - Medium Access Control), el cual, desempeña un papel vital en la disminución de la latencia y del número de paquetes erróneos. Además, los cambios en la topología debidos al movimiento de los dispositivos inalámbricos deben gestionarse correctamente para que el rendimiento de toda la red no se vea afectado. En esta tesis doctoral se propone y se evalúa una arquitectura híbrida centralizada diseñada para aplicaciones industriales con requisitos estrictos de robustez, determinismo y tiempo real. Para ello, se propone un esquema MAC inalámbrico con garantías de tiempo real basado en la capa física IEEE 802.11 junto con un esquema MAC basado en Ethernet en tiempo real (RTE - Real-Time Ethernet). Este esquema híbrido garantiza una comunicación continua entre ambos medios de comunicación. Con el objetivo de incluir dispositivos móviles en la arquitectura propuesta, se propone y evalúa un algoritmo de soft-handover. Este algoritmo garantiza una comunicación ininterrumpida durante el proceso de handover sin la necesidad de una segunda interfaz de radio y con un aumento reducido de la sobrecarga de la red. Finalmente, se analiza el impacto de los nodos móviles en una topología inalámbrica descentralizada. Para ello, se evalúa el protocolo del estado del arte Self-Organizing Time Division Multiple Access (STDMA) con el objetivo de analizar su viabilidad como alternativa para realizar un handover en las aplicaciones industriales sin sistemas centralizados.Tesi honen helburu nagusia, nodo mugikorrek fidagarritasun eta denboraren aldetik baldintza ugari eskatzen duten aplikazio industrial zentralizatu eta deszentralizatuetan duten eragina aztertzea da. Eremu industrialetako haririk gabeko kanaletan ematen diren komunikazioetarako baldintza bereziki aurkakoak direla medio, helburu honek erronka handia sortzen du. Sarearen errendimendua arriskuan ez jartzeko, determinista eta denbora errealeko komunikazio protokolo bat beharrezkoa da, haririk gabeko nodoen mugimenduaren ondorioz topologiaren aldaketei aurre egiteko mekanismo batekin batera. Haririk gabeko teknologia estandarrek ez dute aplikazio industrial kritikoenek dituzten baldintzak betetzen eta, beraz, kable bidezko komunikazioak ezin dira haririk gabeko sistemekin ordezkatu. Hala ere, haririk gabeko komunikazioen erabilpena jadanik existitzen diren kable bidezko komunikazioen hedadura bezala kontsidera daiteke, mobilitate baldintzak dituzten sare hibridoak sortuz. Komunikazio sistemaren diseinu egokia Medium Access Control (MAC) protokoloaren hautaketa zuzenean oinarritzen da gehien bat, sarbidea kontrolatzeaz arduratzen baita, honela ezinbesteko papera izanik latentzian eta pakete erroreen murrizketan. Horretaz aparte, bai sare zentralizatu eta deszentralizatuen kasuan, haririk gabeko nodoen mugimenduek sortutako tipologia aldaketak azkar eta zuzen kudeatu behar dira sare osoko errendimenduak kalterik ez jasateko. Doktore tesi honetan, fidagarritasun zorrotz, determinismo eta denbora-errealeko baldintzak dituzten industria aplikazioetarako arkitektura hibrido zentralizatu bat proposatu eta ebaluatu da. Horretarako, IEEE 802.11 maila fisikoan oinarritutako haririk gabeko MAC eskema bat proposatu da, Real-Time Ethernet-en (RTE) oinarritutako MAC eskema batekin batera. Eskema hibrido honek bi komunikabideen artean etengabeko komunikazioa bermatzen du. Proposatutako arkitekturan nodo mugikorrak kontuan hartu ahal izateko, soft-handover algoritmo bat proposatu eta ebaluatu da. Algoritmo honek etenik gabeko komunikazioa bermatzen du handover prozesuan zehar bigarren irrati interfaze baten beharrik gabe eta sareko gainkarga oso gutxi handituz. Azkenik, nodo mugikorrek duten eragina haririk gabeko topologia deszentralizatuetan aztertu da. Horretako, bibliografiako Self-Organizing Time Division Multiple Access (STDMA) protokoloa ebaluatu da industrial aplikazioetako sistema zentralizatuen handover mekanismoaren alternatiba gisa

Security and Privacy Issues in Wireless Mesh Networks: A Survey

This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

The Design of Efficient Internetwork Authentication for Ubiquitous Wireless Communications

A variety of wireless technologies have been standardized and commercialized, but no single solution is considered the best to satisfy all communication needs due to different coverage and bandwidth limitations. Therefore, internetworking between heterogeneous wireless networks is extremely important for ubiquitous and high performance wireless communications. The security problem is one of the major challenges in internetworking. To date, most research on internetwork authentication has focused on centralized authentication approaches, where the home network participates in each authentication process. For high latency between the home and visiting networks, such approaches tend to be inefficient. In this paper, we describe chained authentication, which requires collaboration between adjacent networks without involvement of the home network. After categorizing chained protocols, we propose a novel design of chained authentication methods under 3G-WLAN internetworking. The experiments show that proactive context transfer and ticket forwarding reduce the 3G authentication latency to 36.8% and WLAN EAP-TLS latency to 23.1% when RTT between visiting and home networks is 200 ms

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

Survey on wireless technology trade-offs for the industrial internet of things

Aside from vast deployment cost reduction, Industrial Wireless Sensor and Actuator Networks (IWSAN) introduce a new level of industrial connectivity. Wireless connection of sensors and actuators in industrial environments not only enables wireless monitoring and actuation, it also enables coordination of production stages, connecting mobile robots and autonomous transport vehicles, as well as localization and tracking of assets. All these opportunities already inspired the development of many wireless technologies in an effort to fully enable Industry 4.0. However, different technologies significantly differ in performance and capabilities, none being capable of supporting all industrial use cases. When designing a network solution, one must be aware of the capabilities and the trade-offs that prospective technologies have. This paper evaluates the technologies potentially suitable for IWSAN solutions covering an entire industrial site with limited infrastructure cost and discusses their trade-offs in an effort to provide information for choosing the most suitable technology for the use case of interest. The comparative discussion presented in this paper aims to enable engineers to choose the most suitable wireless technology for their specific IWSAN deployment