MULTI-USER SECURITY FOR MULTICAST COMMUNICATIONS

The ubiquity of communication networks is facilitating the development of wireless and Internet applications aimed at allowing users to communicate and collaborate amongst themselves. In the future, group-oriented services will be one of the dominant services that facilitate real-time information exchange among a large number of diverse users. However, before these group-oriented services can be successful deployed, technologies must be developed to guarantee the security of the information and data exchanged in group communications. Among all security requirements of group communication, access control is paramount as it is the first line of defense that prevents unauthorized access to the group communication and protects the value of application data. Access control is usually achieved by encrypting the data using a key that is shared among all legitimated group members. The problem of access control becomes more difficult when the content is distributed to a dynamic group with user joining and leaving the service for a variety of reasons. Thus, Group Key Management is required to achieve key update with dynamic group membership. Existing group key management schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the key updating messages. They do not, however, considering the varying requirements of the users, the underlying networks or the applications. Those generic solutions of access control often yield large consumption of communication, computation and storage resources. In addition, the design of existing key management schemes focus on protecting the application data, but introduces vulnerabilities in protecting the statistics of group membership information. This poses severe security concern in various group applications. The focus of this dissertation is to design network-specific and application specific group key management and solve the security vulnerability of key management that reveals dynamic group membership information. This dissertation will present scalable group key management in heterogeneous wireless network, the hierarchical access control for multimedia applications, and a framework of securing dynamic group membership information over multicast. The main contribution of this dissertation is to advance the group key management research to achieve higher level of scalability and security

Secure Transmission To Remote Cooperative Groups With Minimized Communication Overhead

In Wireless Mesh networks there is a need to Multicast to a remote cooperative group using encrypted transmission. The existing paradigms failed to provide better efficiency and security in these kind of transmissions. A major challenge in devising such a system involves in achieving efficient usage of Bandwidth and Reducing the number of unintended receivers. In this paper we circumvent these obstacles and close this gap by involving a sender based algorithm .This new paradigm is a hybrid of traditional Multicasting, shortest path techniques and group key management. In such a system, for every source destination pair the protocol adaptively calculates the mean delays along all the utilized paths and avoid the paths with greater or equal mean delays. Which eventually reduces the usage of unwanted paths and also results in reducing the number of unintended receivers at a considerable rate. This approach efficiently deals with the computation overhead and usage of network resources. Further more our scheme provides better security by reducing the number of unintended receivers.

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

Securing Multi-Layer Communications: A Signal Processing Approach

Security is becoming a major concern in this information era. The development in wireless communications, networking technology, personal computing devices, and software engineering has led to numerous emerging applications whose security requirements are beyond the framework of conventional cryptography. The primary motivation of this dissertation research is to develop new approaches to the security problems in secure communication systems, without unduly increasing the complexity and cost of the entire system. Signal processing techniques have been widely applied in communication systems. In this dissertation, we investigate the potential, the mechanism, and the performance of incorporating signal processing techniques into various layers along the chain of secure information processing. For example, for application-layer data confidentiality, we have proposed atomic encryption operations for multimedia data that can preserve standard compliance and are friendly to communications and delegate processing. For multimedia authentication, we have discovered the potential key disclosure problem for popular image hashing schemes, and proposed mitigation solutions. In physical-layer wireless communications, we have discovered the threat of signal garbling attack from compromised relay nodes in the emerging cooperative communication paradigm, and proposed a countermeasure to trace and pinpoint the adversarial relay. For the design and deployment of secure sensor communications, we have proposed two sensor location adjustment algorithms for mobility-assisted sensor deployment that can jointly optimize sensing coverage and secure communication connectivity. Furthermore, for general scenarios of group key management, we have proposed a time-efficient key management scheme that can improve the scalability of contributory key management from O(log n) to O(log(log n)) using scheduling and optimization techniques. This dissertation demonstrates that signal processing techniques, along with optimization, scheduling, and beneficial techniques from other related fields of study, can be successfully integrated into security solutions in practical communication systems. The fusion of different technical disciplines can take place at every layer of a secure communication system to strengthen communication security and improve performance-security tradeoff

Group Key Management in Wireless Ad-Hoc and Sensor Networks

A growing number of secure group applications in both civilian and military domains is being deployed in WAHNs. A Wireless Ad-hoc Network (WARN) is a collection of autonomous nodes or terminals that communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. A Mobile Ad-hoc Network (MANET) is a special type of WARN with mobile users. MANET nodes have limited communication, computational capabilities, and power. Wireless Sensor Networks (WSNs) are sensor networks with massive numbers of small, inexpensive devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor and control most aspects of our physical world. In a WAHNs and WSNs with un-trusted nodes, nodes may falsify information, collude to disclose system keys, or even passively refuse to collaborate. Moreover, mobile adversaries might invade more than one node and try to reveal all system secret keys. Due to these special characteristics, key management is essential in securing such networks. Current protocols for secure group communications used in fixed networks tend to be inappropriate. The main objective of this research is to propose, design and evaluate a suitable key management approach for secure group communications to support WAHNs and WSNs applications. Key management is usually divided into key analysis, key assignment, key generation and key distribution. In this thesis, we tried to introduce key management schemes to provide secure group communications in both WAHNs and WSNs. Starting with WAHNs, we developed a key management scheme. A novel architecture for secure group communications was proposed. Our proposed scheme handles key distribution through Combinatorial Key Distribution Scheme (CKDS). We followed with key generation using Threshold-based Key Generation in WAHNs (TKGS). For key assignment, we proposed Combinatorial Key Assignment Scheme (CKAS), which assigns closer key strings to co-located nodes. We claim that our architecture can readily be populated with components to support objectives such as fault tolerance, full-distribution and scalability to mitigate WAHNs constraints. In our architecture, group management is integrated with multicast at the application layer. For key management in WSNs, we started with DCK, a modified scheme suitable for WSNs. In summary, the DCK achieves the following: (1) cluster leader nodes carry the major part of the key management overhead; (2) DCK consumes less than 50% of the energy consumed by SHELL in key management; (3) localizing key refreshment and handling node capture enhances the security by minimizing the amount of information known by each node about other portions of the network; and (4) since DCK does not involve the use of other clusters to maintain local cluster data, it scales better from a storage point of view with the network size represented by the number of clusters. We went further and proposed the use of key polynomials with DCK to enhance the resilience of multiple node capturing. Comparing our schemes to static and dynamic key management, our scheme was found to enhance network resilience at a smaller polynomial degree t and accordingly with less storage per node

A Simple and Efficient New Group Key Management Approach Based on Linear Geometry

A new fundamental and secure group key management approach with a group controller GC using the theory of polynomial functions over a vector space over finite field is developed, where each member in the group corresponds to a vector in the vector space and the GC computes a central vector, whose inner product with every member\u27s ID vector are identical. The central vector is published and each member can compute a common group key via inner product. The security relies on the fact that any illegitimate user cannot calculate this value without the legitimate vector, therefore cannot derive the group key. This approach is secure and its backward and forward secrecy can be guaranteed. The performance of our approach is analyzed to demonstrate its advantages in comparison with others, which include: 1) it requires both small memory and little computations for each group member; 2)it can handle massive membership change efficiently with only two re-keying messages, i.e., the central vector and a random number; 3) it is very efficient and very scalable for large size groups. Our experiments confirm these advantages and the implementation of our prototype presents very satisfactory performance for large size groups

Self-Protecting Access Control: On Mitigating Privacy Violations with Fault Tolerance

Self-protecting access control mechanisms can be described as an approach to enforcing security in a manner that automatically protects against violations of access control rules. In this chapter, we present a comparative analysis of standard Cryptographic Access Control (CAC) schemes in relation to privacy enforcement on the Web. We postulate that to mitigate privacy violations, self-protecting CAC mechanisms need to be supported by fault-tolerance. As an example of how one might to do this, we present two solutions that are inspired by the autonomic computing paradigm1. Our solutions are centered on how CAC schemes can be extended to protect against privacy violations that might arise from key updates and collusion attacks

Location Privacy-Preserving Strategies for Secondary Spectrum Use

The scarcity of wireless spectrum resources and the overwhelming demand for wireless broadband resources have prompted industry, government agencies and academia within the wireless communities to develop and come up with effective solutions that can make additional spectrum available for broadband data. As part of these ongoing efforts, cognitive radio networks (CRNs) have emerged as an essential technology for enabling and promoting dynamic spectrum access and sharing, a paradigm primarily aimed at addressing the spectrum scarcity and shortage challenges by permitting and enabling unlicensed or secondary users (SUs) to freely search, locate and exploit unused licensed spectrum opportunities. Despite their great potentials for improving spectrum utilization efficiency and for addressing the spectrum shortage problem, CRNs suffer from serious location privacy issues, which essentially tend to disclose the location information of the SUs to other system entities during their usage of these open spectrum opportunities. Knowing that their whereabouts may be exposed, SUs can be discouraged from joining and participating in the CRNs, potentially hindering the adoption and deployment of this technology. In this thesis, we propose frameworks that are suitable for CRNs, but also preserve the location privacy information of these SU s. More specifically, 1. We propose location privacy-preserving protocols that protect the location privacy of SUs in cooperative sensing-based CRNs while allowing the SUs to perform their spectrum sensing tasks reliably and effectively. Our proposed protocols allow also the detection of malicious user activities through the adoption of reputation mechanisms. 2. We propose location privacy-preserving approaches that provide information-theoretic privacy to SU s’ location in database-driven CRNs through the exploitation of the structured nature of spectrum databases and the fact that database-driven CRNs, by design, rely on multiple spectrum databases. 3. We propose a trustworthy framework for new generation of spectrum access systems in the 3.5 GHz band that not only protects SUs’ privacy, but also ensures that they comply with the unique system requirements, while allowing the detection of misbehaving users