Lightweight Authentication Protocol (LAUP) for 6LoWPAN wireless sensor networks

© 2017 IEEE. 6LoWPAN networks involving wireless sensors consist of resource starving miniature sensor nodes. Since secured authentication of these resource-constrained sensors is one of the important considerations during communication, use of asymmetric key distribution scheme may not be the perfect choice to achieve secure authentication. Recent research shows that Lucky Thirteen attack has compromised Datagram Transport Layer Security (DTLS) with Cipher Block Chaining (CBC) mode for key establishment. Even though EAKES6Lo and S3K techniques for key establishment follow the symmetric key establishment method, they strongly rely on a remote server and trust anchor for secure key distribution. Our proposed Lightweight Authentication Protocol (LAUP) used a symmetric key method with no preshared keys and comprised of four flights to establish authentication and session key distribution between sensors and Edge Router in a 6LoWPAN environment. Each flight uses freshly derived keys from existing information such as PAN ID (Personal Area Network IDentification) and device identities. We formally verified our scheme using the Scyther security protocol verification tool for authentication properties such as Aliveness, Secrecy, Non-Injective Agreement and Non-Injective Synchronization. We simulated and evaluated the proposed LAUP protocol using COOJA simulator with ContikiOS and achieved less computational time and low power consumption compared to existing authentication protocols such as the EAKES6Lo and SAKES

Versatile Extensible Security System for Mobile Ad Hoc Networks

Mobile Ad hoc Network (MANET) is becoming more and more popular in scientific, government, and general applications, but security system for MANET is still at infant stage. Currently, there are not many security systems that provide extensive security coverage for MANET. Moreover, most of these security systems assume nodes have infinite computation power and energy; an assumption that is not true for many mobiles. Versatile and Extensible System (VESS) is a powerful and versatile general-purpose security suite that comprises of modified versions of existing encryption and authentication schemes. VESS uses a simple and network-efficient but still reliable authentication scheme. The security suite offers four levels of security adjustments base on different encryption strength. Each level is designed to suit different network needs (performance and/or security), and the security suite allows individual end-to-end pair-wise security level adjustments; a big advantage for highly heterogeneous network. This versatility and adjustability let each pair of talking nodes in the network can choose a security level that prioritize either performance or security, or nodes can also choose a level that carefully balance between security strength and network performance. Finally, the security suite, with its existing authentication and encryption systems, is a framework that allows easy future extension and modification

Support of Multiple Replica Types in FreeIPA

Velmi rozšířeným prostředkem pro správu uživatelských účtů a řízení přístupu k výpočetní infrastruktuře a službám je kombinace protokolů LDAP a Kerberos. Instalace jakož i samotná správa sítě postavené nad těmito technologiemi však skýtá mnoho překážek. Jedním z řešení je použití open-sourcové aplikace FreeIPA, která patří mezi takzvané řešení pro správu identit a bezpečnostních politik. FreeIPA výrazně usnadňuje práci s těmito protokoly od samotného nasazení až po správu celého systému. Cílem této práce je rozšíření aplikace FreeIPA o možnost použití read-only replik, které přispěje k snadnější a účinnější škálovatelnosti.LDAP and Kerberos together are widely used for management of user accounts and authorization. The installation and administration of a system based on these protocols might be difficult and full of obstacles. An open source solution exists that is capable of handling the entire life cycle of such system. It is the FreeIPA identity management system. FreeIPA significantly simplify the usage of LDAP and Kerberos from the administrator's point of view. This thesis focuses on extending the replication capabilities of FreeIPA by adding a support for read-only replicas. The read-only replicas should improve scalability features of FreeIPA controlled systems.

SDN and NFV for satellite infrastructures

The integration of SDN and NFV enablers into the satellite network could prove to be an essential means to save on physical sites, improve the time to bring new services to the market and open new ways to improve network resiliency, availability and efficiency. It can be considered that the above two enablers can play a central role in the integration of satellite to terrestrial technologies by using federated management of the network resources.Peer ReviewedPostprint (author's final draft

On the virtualization and dynamic orchestration of satellite communication services

Key features of satellite communications such as wide-scale coverage, broadcast/multicast support and high availability, together with significant amounts of new satellite capacity coming online, anticipate new opportunities for satellite communications services as an integral part within upcoming 5G systems. To materialize these opportunities, satellite communications services have to be provisioned and operated in a more flexible, agile and cost-effective manner than done today. In this context, this paper describes a solution for the virtualization and dynamic orchestration of satellite communication services that builds on the introduction of Software Defined Networking (SDN) and Network Function Virtualization (NFV) technologies within the satellite ground segment systems. Along with the description of the main system architecture traits, the flowchart of a general procedure for the dynamic instantiation of virtualized satellite networks on top of a SDN/NFV-enabled satellite ground segment system is provided. The paper also presents experimental results for the dynamic customization of satellite network services through the implementation of a set of virtualized satellite network functions that can be orchestrated over general purpose open virtual platforms.Peer ReviewedPostprint (author's final draft

A survey on Security Based Spontaneous Wireless Ad Hoc Networks for Communication Based Elliptical curve Cryptography

This paper presents a review on a secure protocol for spontaneous Wireless ad hoc network. In this paper we have focused on spontaneous network and wireless ad hoc network. Secure spontaneous wireless ad hoc network works on hybrid symmetric/asymmetric key management scheme in order to exchange the data. Symmetric key scheme is used to encrypt the data terminals which want to exchange data. The spontaneous network works without any infrastructure it do not require any central server or authority. In this secure spontaneous wireless ad hoc network trust is form by visual contact or by authentication procedure using session key. Then we can exchange services and resources. Existing protocol is for limited resources we are working on to add some new features to add no of resources

Shake well before use: Authentication based on Accelerometer Data

Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method