Key management for beyond 5G mobile small cells: a survey

The highly anticipated 5G network is projected to be introduced in 2020. 5G stakeholders are unanimous that densification of mobile networks is the way forward. The densification will be realized by means of small cell technology, and it is capable of providing coverage with a high data capacity. The EU-funded H2020-MSCA project “SECRET” introduced covering the urban landscape with mobile small cells, since these take advantages of the dynamic network topology and optimizes network services in a cost-effective fashion. By taking advantage of the device-to-device communications technology, large amounts of data can be transmitted over multiple hops and, therefore, offload the general network. However, this introduction of mobile small cells presents various security and privacy challenges. Cryptographic security solutions are capable of solving these as long as they are supported by a key management scheme. It is assumed that the network infrastructure and mobile devices from network users are unable to act as a centralized trust anchor since these are vulnerable targets to malicious attacks. Security must, therefore, be guaranteed by means of a key management scheme that decentralizes trust. Therefore, this paper surveys the state-of-the-art key management schemes proposed for similar network architectures (e.g., mobile ad hoc networks and ad hoc device-to-device networks) that decentralize trust. Furthermore, these key management schemes are evaluated for adaptability in a network of mobile small cells

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Security protocols for mobile ad hoc networks

Mobile ad hoc networks (MANETs) are generating much interest both in academia and the telecommunication industries. The principal attractions of MANETs are related to the ease with which they can be deployed due to their infrastructure-less and decentralized nature. For example, unlike other wireless networks, MANETs do not require centralized infrastructures such as base stations, and they are arguably more robust due to their avoidance of single point of failures. Interestingly, the attributes that make MANETs attractive as a network paradigm are the same phenomena that compound the challenge of designing adequate security schemes for these innovative networks.One of the challenging security problems is the issue of certificate revocation in MANETs where there are no on-line access to trusted authorities. In wired network environments, when certificates are to be revoked, certificate authorities (CAs) add the information regarding the certificates in question to certificate revocation lists (CRLs) and post the CRLs on accessible repositories or distribute them to relevant entities. In purely ad hoc networks, there are typically no access to centralized repositories or trusted authorities; therefore the conventional method of certificate revocation is not applicable.Another challenging MANET security problem is the issue of secure routing in the presence of selfish or adversarial entities which selectively drop packets they agreed to forward; and in so doing these selfish or adversarial entities can disrupt the network traffic and cause various communication problems.In this thesis, we present two security protocols we developed for addressing the above-mentioned MANET security needs. The first protocol is a decentralized certificate revocation scheme which allows the nodes within a MANET to have full control over the process of certificate revocation. The scheme is fully contained and it does not rely on any input from centralized or external entities such as trusted CAs. The second protocol is a secure MANET routing scheme we named Robust Source Routing (RSR). In addition to providing data origin authentication services and integrity checks, RSR is able to mitigate against intelligent, colluding malicious agents which selectively drop or modify packets they are required to forward

Sistemas de gerenciamento de chaves públicas baseado em virtualização para redes AD HOC móveis

Resumo: MANETs (Mobile Ad Hoc Networks) são redes sem fio e sem infra-estrutura estabelecidas dinamicamente, sem a necessidade de uma administração centralizada. Devido ao roteamento distribuído nessas redes e ao meio de comunicação sem fio redes Ad Hoc podem apresentar todos os problemas de segurança existentes em redes convencionais e ainda novos desafios. O uso de criptografia é a principal técnica para garantir a transferência de dados em uma rede de forma segura. Nos sistemas criptográficos assimétricos, os nós utilizam uma chave para cifrar uma mensagem e outra chave para decifrar a mesma. A tarefa de administrar essas chaves é realizada por um Sistema de Gerenciamento de Chaves, que define a emissão, o armazenamento, a distribuição, a proteção e a revogação das mesmas. Esse trabalho apresenta um novo Sistema de Gerenciamento de chaves baseado em Virtualização. Nesse sistema, chamado de Virtual Key Management (VKM), ´e utilizado uma estrutura virtual, sem qualquer relação com as coordenadas físicas dos nós da rede, para estabelecer a confiança entre os mesmos. Dessa forma, os nós seguem as regras estabelecidas por essa estrutura para realizar a emissão, o armazenamento, a distribuição, a proteção e a revogação de chaves públicas e de chaves privadas na rede. O VKM é 100% resistente a ataques de Criação de Identidades Falsas. Quando comparado com o Sistema de Gerenciamento de Chaves Públicas Auto-organizado (PGP-Like), o VKM mostra maior resistência contra ataques de Personificação e a mesma resistência contra ataques de Falta de Cooperação. Quando comparado com o Group-based Key Management (GKM), o VKM mostra maior resistência contra ataques de Criação de Identidades Falsas por ser 100% resistente ao mesmo. O Virtual Routing Protocol (VRP) e o Virtual Distance Vector (VDV) são dois protocolos de roteamento híbridos que utilizam uma estrutura virtual para definir a parte pró-ativa do protocolo. Esse trabalho também mostra que o impacto no roteamento causado pela incorporação do VKM nesses protocolos de roteamento causa queda na taxa de entrega de dados, aumento do atraso no envio de mensagens e aumento da sobrecarga gerada na rede

Efficient Security Protocols for Fast Handovers in Wireless Mesh Networks

Wireless mesh networks (WMNs) are gaining popularity as a flexible and inexpensive replacement for Ethernet-based infrastructures. As the use of mobile devices such as smart phones and tablets is becoming ubiquitous, mobile clients should be guaranteed uninterrupted connectivity and services as they move from one access point to another within a WMN or between networks. To that end, we propose a novel security framework that consists of a new architecture, trust models, and protocols to offer mobile clients seamless and fast handovers in WMNs. The framework provides a dynamic, flexible, resource-efficient, and secure platform for intra-network and inter-network handovers in order to support real-time mobile applications in WMNs. In particular, we propose solutions to the following problems: authentication, key management, and group key management. We propose (1) a suite of certificate-based authentication protocols that minimize the authentication delay during handovers from one access point to another within a network (intra-network authentication). (2) a suite of key distribution and authentication protocols that minimize the authentication delay during handovers from one network to another (inter-network authentication). (3) a new implementation of group key management at the data link layer in order to reduce the group key update latency from linear time (as currently done in IEEE 802.11 standards) to logarithmic time. This contributes towards minimizing the latency of the handover process for mobile members in a multicast or broadcast group