Scalable rekeying algorithm in IEEE 802.16e

IEEE 802.16e standard provides wide coverage and high bandwidth for subscribers in a metropolitan area network. It introduces Multicast and Broadcast Rekeying Algorithm (MBRA) which is a multicasting scheme to communicate with many users concurrently. Although ELAPSE (for Efficient sub-Linear rekeying Algorithm with Perfect SEcrecy) improves on the deficiencies of MBRA, the algorithm poorly responds to scalability issue. This paper proposes a Scalable Rekeying Algorithm (SRA) based on a complete binary tree structure. SRA is introduced with linear linked list structure in order to make the system more scalable. Evaluation analysis shows that SRA manages to improve the scalability issue in MBRA for Mobile WiMAX

Efficient and Secure Multicast in WirelessMAN: A Cross-layer Design

Effectively adding security measures to a multicast service is an intriguing problem, especially when the service isdeployed in a wireless setting. Next generation IEEE 802.16standard WirelessMAN networks are a perfect example of this problem, and the latest draft specification of the standard includes a secure protocol solution called Multicast and Broadcast Rekeying Algorithm (MBRA). In this paper, we expose the security problems of MBRA, including non-scalability and omission of backward and forward secrecy, and propose new approaches, ELAPSE and ELAPSE+, to address these problems. In particular, ELAPSE+ makes use of membership and mobility information gathered in the application layer to augment the adaptive group management in the MAC layer. We analyze the security property of ELAPSE and ELAPSE+, and compare their performances with MBRA by simulating group rekeying scenarios

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

Authentication and key establishment in wireless networks

Ph.DDOCTOR OF PHILOSOPH

Improving initiation, decision and execution phases for vertical handover in heterogeneous wireless mobile networks

One of the challenging issues in Next Generation Wireless Systems (NGWS) is seamless Vertical Handover (VHO) during the mobility between different types of technologies (3GPP and non-3GPP) such as Global System for Mobile Communication (GSM), Wireless Fidelity (Wi-Fi), Worldwide Interoperability for Microwave Access (WiMAX), Universal Mobile Telecommunications System (UMTS) and Long Term Evolution (LTE). Therefore, the telecommunication operators are required to develop aninteroperability strategy for these different types of existing networks to get the best connection anywhere, anytime without interruption of the ongoing sessions. In order to identify this problem accurately, the research study presented in this thesis provides four surveys about VHO approaches found in the literature. In these surveys, we classify the existing VHO approaches into categories based on the available VHO techniques for which we present their objectives and performances issues. After that, we propose an optimised VHO approach based on the VHO approaches that have been studied in the literature and take into consideration the research problems and conclusions which arearisen in our surveys. The proposed approach demonstrates better performance (packet loss, latency and signaling cost), less VHO connection failure (probability of minimising VHO reject sessions), less complexity and an enhanced VHO compared with that foundin the literature. It consists of a procedure which is implemented by an algorithm. The proposed procedure of loose coupling and Mobile Internet Protocol version 4 (MIPv4) provides early buffering for new data packets to minimise VHO packet loss and latency. Analysis and simulation of the proposed procedure show that the VHO packet loss and latency are significantly reduced compared with previous MIPv6 procedures found in the literature.The proposed algorithm is composed of two main parts: Handover Initiation and Optimum Radio Access Technologies (RATs) list of priority. The first part includes two main types of VHO and gives priority to imperative sessions over alternative sessions. IIIThis part is also responsible for deciding when and where to perform the handover by choosing the best RATs from the multiple ones available. Then, it passes them to the decision phase. This results in reducing the signaling cost and the inevitable degradation in Quality of Service (QoS) as a result of avoiding unnecessary handover processes. The second part defines RATs list of priority to minimise VHO connection failure. Analysis and simulation based performance evaluations then demonstrate that the proposed algorithm outperforms the traditional algorithms in terms of: (a) the probability of VHOconnection failure as a result of using the optimum RATs list of priority and (b) thesignaling cost and the inevitable degradation in QoS as a result of avoiding unnecessary handover processes

Security in Delay Tolerant Networks

Delay- and Disruption-tolerant wireless networks (DTN), or opportunistic networks, represent a class of networks where continuous end-to-end connectivity may not be possible. DTN is a well recognized area in networking research and has attracted extensive attentions from both network designers and application developers. Applications of this emergent communication paradigm are wide ranging and include sensor networks using scheduled intermittent connectivity, vehicular DTNs for dissemination of location-dependent information (e.g., local ads, traffic reports, parking information, etc.), pocket-switched networks to allow humans to communicate without network infrastructure, and underwater acoustic networks with moderate delays and frequent interruptions due to environmental factors, etc. Security is one of the main barriers to wide-scale deployment of DTNs, but has gained little attention so far. On the one hand, similar to traditional mobile ad hoc networks, the open channel and multi-hop transmission have made DTNs vulnerable to various security threats, such as message modification/injection attack or unauthorized access and utilization of DTN resources. On the other hand, the unique security characteristics of DTNs including: long round-trip delay, frequent disconnectivity, fragmentation, opportunistic routing as well as limited computational and storage capability, make the existing security protocols designed for the conventional ad hoc networks unsuitable for DTNs. Therefore, a series of new security protocols are highly desired to meet stringent security and efficiency requirements for securing DTNs. In this research, we focus on three fundamental security issues in DTNs: efficient DTN message (or bundle) authentication, which is a critical security service for DTN security; incentive issue, which targets at stimulating selfish nodes to forward data for others; and certificate revocation issue, which is an important part of public key management and serves the foundation of any DTN security protocols. We have made the following contributions: First of all, the unique ``store-carry-and-forward'' transmission characteristic of DTNs implies that bundles from distinct/common senders may opportunistically be buffered at some common intermediate nodes. Such a ``buffering'' characteristic distinguishes DTN from any other traditional wireless networks, for which intermediate cache is not supported. To exploit such buffering opportunities, we propose an Opportunistic Batch Bundle Authentication Scheme (OBBA) to dramatically reduce the bundle authentication cost by seamlessly integrating identity-based batch signatures and Merkle tree techniques. Secondly, we propose a secure multi-layer credit based incentive scheme to stimulate bundle forwarding cooperation among DTNs nodes. The proposed scheme can be implemented in a fully distributed manner to thwart various attacks without relying on any tamper-proof hardware. In addition, we introduce several efficiency-optimization techniques to improve the overall efficiency by exploiting the unique characteristics of DTNs. Lastly, we propose a storage-efficient public key certificate validation method. Our proposed scheme exploits the opportunistic propagation to transmit Certificate Revocation List (CRL) list while taking advantage of bloom filter technique to reduce the required buffer size. We also discuss how to take advantage of cooperative checking to minimize false positive rate and storage consumption. For each research issue, detailed simulation results in terms of computational time, transmission overhead and power consumption, are given to validate the efficiency and effectiveness of the proposed security solutions

Estudio de la movilidad en redes de siguiente generación

El continuo avance de las redes de telecomunicaciones nos proporciona cada vez más facilidades en todos los ámbitos de nuestra vida. En este caso, nos hemos centrado en el estudio de la movilidad en Redes de Siguiente Generación. Una parte del presente proyecto se ha realizado en colaboración con Deutsche Telekom AG, durante una estancia de seis meses trabajando como colaboradora en sus laboratorios con emplazamiento en Berlín. El principal objetivo de este proyecto ha sido realizar un estudio sobre los diferentes estándares y tecnologías que facilitan la movilidad en Redes de Siguiente Generación. Por ello, en la primera parte se han estudiado los diferentes grupos de trabajo centrados en este aspecto, así como se ha recabado información sobre productos y soluciones disponibles en el mercado, para obtener una visión global de la situación actual. Como se puede comprobar más adelante, esta primera parte es la más extensa de todo el documento. Esto se debe a que es, probablemente, la parte más importante del trabajo, ya que contiene el estudio de los mecanismos que más tarde nos servirán para dar una solución teórica a los distintos escenarios que se plantean. En la segunda parte del proyecto, nos hemos centrado en desarrollar varios escenarios de interés en sistemas de Redes de Siguiente Generación y aportar, de forma posterior, posibles soluciones teóricas. Para finalizar, se han expuesto las conclusiones extraídas como resultado del trabajo y los aspectos que se podrán tratar sobre el mismo en un futuro próximo.Ingeniería de Telecomunicació

Scalable rekeying algorithm in IEEE 802.16e

IEEE 802.16e standard provides wide coverage and high bandwidth for subscribers in a metropolitan area network. It introduces Multicast and Broadcast Rekeying Algorithm (MBRA) which is a multicasting scheme to communicate with many users concurrently. Although ELAPSE (for Efficient sub-Linear rekeying Algorithm with Perfect SEcrecy) improves on the deficiencies of MBRA, the algorithm poorly responds to scalability issue. This paper proposes a Scalable Rekeying Algorithm (SRA) based on a complete binary tree structure. SRA is introduced with linear linked list structure in order to make the system more scalable. Evaluation analysis shows that SRA manages to improve the scalability issue in MBRA for Mobile WiMAX