Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas

Adaptive trust and reputation system as a security service in group communications

Group communications has been facilitating many emerging applications which require packet delivery from one or more sender(s) to multiple receivers. Owing to the multicasting and broadcasting nature, group communications are susceptible to various kinds of attacks. Though a number of proposals have been reported to secure group communications, provisioning security in group communications remains a critical and challenging issue. This work first presents a survey on recent advances in security requirements and services in group communications in wireless and wired networks, and discusses challenges in designing secure group communications in these networks. Effective security services to secure group communications are then proposed. This dissertation also introduces the taxonomy of security services, which can be applied to secure group communications, and evaluates existing secure group communications schemes. This dissertation work analyzes a number of vulnerabilities against trust and reputation systems, and proposes a threat model to predict attack behaviors. This work also considers scenarios in which multiple attacking agents actively and collaboratively attack the whole network as well as a specific individual node. The behaviors may be related to both performance issues and security issues. Finally, this work extensively examines and substantiates the security of the proposed trust and reputation system. This work next discusses the proposed trust and reputation system for an anonymous network, referred to as the Adaptive Trust-based Anonymous Network (ATAN). The distributed and decentralized network management in ATAN does not require a central authority so that ATAN alleviates the problem of a single point of failure. In ATAN, the trust and reputation system aims to enhance anonymity by establishing a trust and reputation relationship between the source and the forwarding members. The trust and reputation relationship of any two nodes is adaptive to new information learned by these two nodes or recommended from other trust nodes. Therefore, packets are anonymously routed from the \u27trusted\u27 source to the destination through \u27trusted\u27 intermediate nodes, thereby improving anonymity of communications. In the performance analysis, the ratio of the ATAN header and data payload is around 0.1, which is relatively small. This dissertation offers analysis on security services on group communications. It illustrates that these security services are needed to incorporate with each other such that group communications can be secure. Furthermore, the adaptive trust and reputation system is proposed to integrate the concept of trust and reputation into communications. Although deploying the trust and reputation system incurs some overheads in terms of storage spaces, bandwidth and computation cycles, it shows a very promising performance that enhance users\u27 confidence in using group communications, and concludes that the trust and reputation system should be deployed as another layer of security services to protect group communications against malicious adversaries and attacks

A novel batch-based group key management protocol applied to the Internet of Things

n/

Group Key Management in Wireless Ad-Hoc and Sensor Networks

A growing number of secure group applications in both civilian and military domains is being deployed in WAHNs. A Wireless Ad-hoc Network (WARN) is a collection of autonomous nodes or terminals that communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. A Mobile Ad-hoc Network (MANET) is a special type of WARN with mobile users. MANET nodes have limited communication, computational capabilities, and power. Wireless Sensor Networks (WSNs) are sensor networks with massive numbers of small, inexpensive devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor and control most aspects of our physical world. In a WAHNs and WSNs with un-trusted nodes, nodes may falsify information, collude to disclose system keys, or even passively refuse to collaborate. Moreover, mobile adversaries might invade more than one node and try to reveal all system secret keys. Due to these special characteristics, key management is essential in securing such networks. Current protocols for secure group communications used in fixed networks tend to be inappropriate. The main objective of this research is to propose, design and evaluate a suitable key management approach for secure group communications to support WAHNs and WSNs applications. Key management is usually divided into key analysis, key assignment, key generation and key distribution. In this thesis, we tried to introduce key management schemes to provide secure group communications in both WAHNs and WSNs. Starting with WAHNs, we developed a key management scheme. A novel architecture for secure group communications was proposed. Our proposed scheme handles key distribution through Combinatorial Key Distribution Scheme (CKDS). We followed with key generation using Threshold-based Key Generation in WAHNs (TKGS). For key assignment, we proposed Combinatorial Key Assignment Scheme (CKAS), which assigns closer key strings to co-located nodes. We claim that our architecture can readily be populated with components to support objectives such as fault tolerance, full-distribution and scalability to mitigate WAHNs constraints. In our architecture, group management is integrated with multicast at the application layer. For key management in WSNs, we started with DCK, a modified scheme suitable for WSNs. In summary, the DCK achieves the following: (1) cluster leader nodes carry the major part of the key management overhead; (2) DCK consumes less than 50% of the energy consumed by SHELL in key management; (3) localizing key refreshment and handling node capture enhances the security by minimizing the amount of information known by each node about other portions of the network; and (4) since DCK does not involve the use of other clusters to maintain local cluster data, it scales better from a storage point of view with the network size represented by the number of clusters. We went further and proposed the use of key polynomials with DCK to enhance the resilience of multiple node capturing. Comparing our schemes to static and dynamic key management, our scheme was found to enhance network resilience at a smaller polynomial degree t and accordingly with less storage per node

Secure Transmission To Remote Cooperative Groups With Minimized Communication Overhead

In Wireless Mesh networks there is a need to Multicast to a remote cooperative group using encrypted transmission. The existing paradigms failed to provide better efficiency and security in these kind of transmissions. A major challenge in devising such a system involves in achieving efficient usage of Bandwidth and Reducing the number of unintended receivers. In this paper we circumvent these obstacles and close this gap by involving a sender based algorithm .This new paradigm is a hybrid of traditional Multicasting, shortest path techniques and group key management. In such a system, for every source destination pair the protocol adaptively calculates the mean delays along all the utilized paths and avoid the paths with greater or equal mean delays. Which eventually reduces the usage of unwanted paths and also results in reducing the number of unintended receivers at a considerable rate. This approach efficiently deals with the computation overhead and usage of network resources. Further more our scheme provides better security by reducing the number of unintended receivers.

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group

The Meeting of Acquaintances: A Cost-efficient Authentication Scheme for Light-weight Objects with Transient Trust Level and Plurality Approach

Wireless sensor networks consist of a large number of distributed sensor nodes so that potential risks are becoming more and more unpredictable. The new entrants pose the potential risks when they move into the secure zone. To build a door wall that provides safe and secured for the system, many recent research works applied the initial authentication process. However, the majority of the previous articles only focused on the Central Authority (CA) since this leads to an increase in the computation cost and energy consumption for the specific cases on the Internet of Things (IoT). Hence, in this article, we will lessen the importance of these third parties through proposing an enhanced authentication mechanism that includes key management and evaluation based on the past interactions to assist the objects joining a secured area without any nearby CA. We refer to a mobility dataset from CRAWDAD collected at the University Politehnica of Bucharest and rebuild into a new random dataset larger than the old one. The new one is an input for a simulated authenticating algorithm to observe the communication cost and resource usage of devices. Our proposal helps the authenticating flexible, being strict with unknown devices into the secured zone. The threshold of maximum friends can modify based on the optimization of the symmetric-key algorithm to diminish communication costs (our experimental results compare to previous schemes less than 2000 bits) and raise flexibility in resource-constrained environments.Comment: 27 page

Security in Mobile Networks: Communication and Localization

Nowadays the mobile networks are everywhere. The world is becoming more dependent on wireless and mobile services, but the rapid growth of these technologies usually underestimates security aspects. As wireless and mobile services grow, weaknesses in network infrastructures become clearer. One of the problems is privacy. Wireless technologies can reduce costs, increase efficiencies, and make important information more readily and widely available. But, there are also risks. Without appropriate safeguards, these data can be read and modified by unauthorized users. There are many solutions, less and more effective, to protect the data from unauthorized users. But, a specific application could distinguish more data flows between authorized users. Protect the privacy of these information between subsets of users is not a trivial problem. Another problem is the reliability of the wireless service. Multi-vehicle systems composed of Autonomous Guided Vehicles (AGVs) are largely used for industrial transportation in manufacturing and logistics systems. These vehicles use a mobile wireless network to exchange information in order to coordinate their tasks and movements. The reliable dissemination of these information is a crucial operation, because the AGVs may achieve an inconsistent view of the system leading to the failure of the coordination task. This has clear safety implications. Going more in deep, even if the communication are confidential and reliable, anyway the positioning information could be corrupted. Usually, vehicles get the positioning information through a secondary wireless network system such as GPS. Nevertheless, the widespread civil GPS is extremely fragile in adversarial scenarios. An insecure distance or position estimation could produce security problems such as unauthorized accesses, denial of service, thefts, integrity disruption with possible safety implications and intentional disasters. In this dissertation, we face these three problems, proposing an original solution for each one