431 research outputs found
Fast Authentication in Heterogeneous Wireless Networks
The growing diffusion of wireless devices is leading to an increasing demand for mobility and security. At the same time, most applications can only tolerate short breaks in the data flow, so that it is a challenge to find out mobility and authentication methods able to cope with these constraints. This paper aims to propose an authentication scheme which significantly shortens the authentication latency and that can be deployed in a variety of wireless environments ranging from common Wireless LANs (WLANs) to satellite-based access networks
A Novel Design and Implementation of Dos-Resistant Authentication and Seamless Handoff Scheme for Enterprise WLANs
With the advance of wireless access technologies, the IEEE 802.11 wireless local area network (WLAN) has gained significant increase in popularity and deployment due to the substantially improved transmission rate and decreased deployment costs. However, this same widespread deployment makes WLANs an attractive target for network attacks. Several vulnerabilities have been identified and reported regarding the security of the current 802.11 standards. To address those security weaknesses, IEEE standard committees proposed the 802.11i amendment to enhance WLAN security. The 802.11i standard has demonstrated the capability of providing satisfactory mutual authentication, better data confidentiality, and key management support, however, the design of 802.11i does not consider network availability. Thus 802.11i is highly susceptible to malicious denial-of-service (DoS) attacks, which exploit the vulnerability of unprotected management frames. This paper proposes, tests and evaluates a combination of three novel methods by which the exploitation of 802.11i by DoS attacks can be improved. These three methods include an access point nonce dialogue scheme, a fast access point transition protocol handoff scheme and a location management based selective scanning scheme. This combination is of particular value to real-time users running time-dependant applications such as VoIP. In order to acquire practical data to evaluate the proposed schemes, a prototype network has been implemented as an experimental testbed using open source tools and drivers. This testbed allows practical data to be collected and analysed. The result demonstrates that not only the proposed authentication scheme eradicates most of the DoS vulnerabilities, but also substantially improved the handoff performance to a level suitable for supporting real-time services
AES-CBC Software Execution Optimization
With the proliferation of high-speed wireless networking, the necessity for
efficient, robust and secure encryption modes is ever increasing. But,
cryptography is primarily a computationally intensive process. This paper
investigates the performance and efficiency of IEEE 802.11i approved Advanced
Encryption Standard (AES)-Rijndael ciphering/deciphering software in Cipher
Block Chaining (CBC) mode. Simulations are used to analyse the speed, resource
consumption and robustness of AES-CBC to investigate its viability for image
encryption usage on common low power devices. The detailed results presented in
this paper provide a basis for performance estimation of AES cryptosystems
implemented on wireless devices. The use of optimized AES-CBC software
implementation gives a superior encryption speed performance by 12 - 30%, but
at the cost of twice more memory for code size.Comment: 8 pages, IEEE 200
Secure and Privacy-Preserving Authentication Protocols for Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation wireless networks such as providing flexible,
adaptive, and reconfigurable architecture while offering cost-effective
solutions to service providers. As WMNs become an increasingly popular
replacement technology for last-mile connectivity to the home networking,
community and neighborhood networking, it is imperative to design efficient and
secure communication protocols for these networks. However, several
vulnerabilities exist in currently existing protocols for WMNs. These security
loopholes can be exploited by potential attackers to launch attack on WMNs. The
absence of a central point of administration makes securing WMNs even more
challenging. The broadcast nature of transmission and the dependency on the
intermediate nodes for multi-hop communications lead to several security
vulnerabilities in WMNs. The attacks can be external as well as internal in
nature. External attacks are launched by intruders who are not authorized users
of the network. For example, an intruding node may eavesdrop on the packets and
replay those packets at a later point of time to gain access to the network
resources. On the other hand, the internal attacks are launched by the nodes
that are part of the WMN. On example of such attack is an intermediate node
dropping packets which it was supposed to forward. This chapter presents a
comprehensive discussion on the current authentication and privacy protection
schemes for WMN. In addition, it proposes a novel security protocol for node
authentication and message confidentiality and an anonymization scheme for
privacy protection of users in WMNs.Comment: 32 pages, 10 figures. The work is an extended version of the author's
previous works submitted in CoRR: arXiv:1107.5538v1 and arXiv:1102.1226v
Security in Wireless Local Area Networks (WLANs)
Major research domains in the WLAN security include: access control & data frame protection, lightweight authentication and secure handoff. Access control standard like IEEE 802.11i provides flexibility in user authentication but on the other hand fell prey to Denial of Service (DoS) attacks. For Protecting the data communication between two communicating devicesâthree standard protocols i.e., WEP (Wired Equivalent Privacy), TKIP (Temporal Key Integrity Protocol) and AES-CCMP (Advanced Encryption StandardâCounter mode with CBC-MAC protocol) are used. Out of these, AES-CCMP protocol is secure enough and mostly used in enterprises. In WLAN environment lightweight authentication is an asset, provided it also satisfies other security properties like protecting the authentication stream or token along with securing the transmitted message. CAPWAP (Control and Provisioning of Wireless Access Points), HOKEY (Hand Over Keying) and IEEE 802.11r are major protocols for executing the secure handoff. In WLANs, handoff should not only be performed within time limits as required by the real time applications but should also be used to transfer safely the keying material for further communication. In this chapter, a comparative study of the security mechanisms under the above-mentioned research domains is provided
Versatile Extensible Security System for Mobile Ad Hoc Networks
Mobile Ad hoc Network (MANET) is becoming more and more popular in scientific, government, and general applications, but security system for MANET is still at infant stage. Currently, there are not many security systems that provide extensive security coverage for MANET. Moreover, most of these security systems assume nodes have infinite computation power and energy; an assumption that is not true for many mobiles. Versatile and Extensible System (VESS) is a powerful and versatile general-purpose security suite that comprises of modified versions of existing encryption and authentication schemes. VESS uses a simple and network-efficient but still reliable authentication scheme. The security suite offers four levels of security adjustments base on different encryption strength. Each level is designed to suit different network needs (performance and/or security), and the security suite allows individual end-to-end pair-wise security level adjustments; a big advantage for highly heterogeneous network. This versatility and adjustability let each pair of talking nodes in the network can choose a security level that prioritize either performance or security, or nodes can also choose a level that carefully balance between security strength and network performance. Finally, the security suite, with its existing authentication and encryption systems, is a framework that allows easy future extension and modification
Recommended from our members
Selection of EAP-authentication methods in WLANs
IEEE 802.1X is a key part of IEEE802.11i. By employing Extensible Authentication Protocol (EAP) it supports a variety of upper layer
authentication methods each with different benefits and drawbacks. Any one of these authentication methods can be the ideal choice for a specific networking environment. The fact that IEEE 802.11i leaves the selection of the most suitable authentication method to system implementers makes the authentication framework more flexible, but on the other hand leads to the
question of how to select the authentication method that suits an organisationâs requirements and specific networking environment. This paper gives an overview of EAP authentication methods and provides a table comparing their properties. It then identifies the crucial factors to be considered when employing EAP authentication methods in WLAN environments. The paper presents algorithms that guide the selection of an EAP-authentication method for a WLAN and demonstrates their application through three examples
MOON: a New Overlay Network Architecture for Mobility and QoS Support
The continuously increasing diffusion of mobile devices
such as laptops, PDAs and smartphones, all equipped with
enhanced functionalities, has led to numerous studies about
mobility and to the definition of new network architectures
capable to support it.
Problems related to mobility have been addressed mostly
operating on the network or transport layers of the Internet
protocol stack. As a result, most of these solutions generally
require modifying the TCP and/or the IP protocol. Although this
approach is well suited to handle mobility, it lacks in
compatibility with the Internet Protocol Suite.
This consideration led us to study a fully TCP compatible and
flexible approach we dubbed MOON, for MObile Overlay
Network. This network architecture is currently under design at
LIPAR, the Internet, Protocols and Network Architecture Lab of
Politecnico di Torino
- âŚ