Security Design for Wireless Local Area Network (WLAN)

Wireless networking is rising with the ever-increasing need for businesses to lower costs and support mobility of workers. Compared with wired networking, wireless capability offers more timeliness, affordability, and efficiency. When performing installations, there are many tangible cost savings with using less wire between the user's appliance and a server. However, most of the organization that decided to deploywireless network within their working environment often overlooked the security aspect of the deployed wireless LAN. Therefore, this will jeopardize the organization's safety in terms of network security and business trade secrets if their network is intruded by their rivals. This project concentrates on Wireless Local Area Network architecture and the security aspect of the designed network. Firstly, the project will emphasizes on researching about WLAN architecture. This is to ensure best practice method to be taken in designing the WLAN. It is then followed by extensive research to deploy better security to the designed network. However, the security aspect to be deployed is based on the needs and the architecture of the WLAN. The designed network is tested by conducting similar simulation at the lab which represents real - time performance and situation where the network architecture will be implemented and tested. For the time being, 802.IX / EAP ( Extensible Authentication Protocol ) is proven to be the best practice solution to secure any Wireless LAN implemented. Through the simulation, it will be proven that the proposed WLAN design is secure for implementation by any other interested parties

Security of almost ALL discrete log bits

Let G be a finite cyclic group with generator \alpha and with an encoding so that multiplication is computable in polynomial time. We study the security of bits of the discrete log x when given \exp_{\alpha}(x), assuming that the exponentiation function \exp_{\alpha}(x) = \alpha^x is one-way. We reduce he general problem to the case that G has odd order q. If G has odd order q the security of the least-significant bits of x and of the most significant bits of the rational number \frac{x}{q} \in [0,1) follows from the work of Peralta [P85] and Long and Wigderson [LW88]. We generalize these bits and study the security of consecutive shift bits lsb(2^{-i}x mod q) for i=k+1,...,k+j. When we restrict \exp_{\alpha} to arguments x such that some sequence of j consecutive shift bits of x is constant (i.e., not depending on x) we call it a 2^{-j}-fraction of \exp_{\alpha}. For groups of odd group order q we show that every two 2^{-j}-fractions of \exp_{\alpha} are equally one-way by a polynomial time transformation: Either they are all one-way or none of them. Our key theorem shows that arbitrary j consecutive shift bits of x are simultaneously secure when given \exp_{\alpha}(x) iff the 2^{-j}-fractions of \exp_{\alpha} are one-way. In particular this applies to the j least-significant bits of x and to the j most-significant bits of \frac{x}{q} \in [0,1). For one-way \exp_{\alpha} the individual bits of x are secure when given \exp_{\alpha}(x) by the method of Hastad, N\"aslund [HN98]. For groups of even order 2^{s}q we show that the j least-significant bits of \lfloor x/2^s\rfloor, as well as the j most-significant bits of \frac{x}{q} \in [0,1), are simultaneously secure iff the 2^{-j}-fractions of \exp_{\alpha'} are one-way for \alpha' := \alpha^{2^s}. We use and extend the models of generic algorithms of Nechaev (1994) and Shoup (1997). We determine the generic complexity of inverting fractions of \exp_{\alpha} for the case that \alpha has prime order q. As a consequence, arbitrary segments of (1-\varepsilon)\lg q consecutive shift bits of random x are for constant \varepsilon >0 simultaneously secure against generic attacks. Every generic algorithm using $t$ generic steps (group operations) for distinguishing bit strings of j consecutive shift bits of x from random bit strings has at most advantage O((\lg q) j\sqrt{t} (2^j/q)^{\frac14})

Connectivity in Secure Wireless Sensor Networks under Transmission Constraints

In wireless sensor networks (WSNs), the Eschenauer-Gligor (EG) key pre-distribution scheme is a widely recognized way to secure communications. Although connectivity properties of secure WSNs with the EG scheme have been extensively investigated, few results address physical transmission constraints. These constraints reflect real-world implementations of WSNs in which two sensors have to be within a certain distance from each other to communicate. In this paper, we present zero-one laws for connectivity in WSNs employing the EG scheme under transmission constraints. These laws help specify the critical transmission ranges for connectivity. Our analytical findings are confirmed via numerical experiments. In addition to secure WSNs, our theoretical results are also applied to frequency hopping in wireless networks.Comment: Full version of a paper published in Annual Allerton Conference on Communication, Control, and Computing (Allerton) 201

On Secure Network Coding with Nonuniform or Restricted Wiretap Sets

The secrecy capacity of a network, for a given collection of permissible wiretap sets, is the maximum rate of communication such that observing links in any permissible wiretap set reveals no information about the message. This paper considers secure network coding with nonuniform or restricted wiretap sets, for example, networks with unequal link capacities where a wiretapper can wiretap any subset of $k$ links, or networks where only a subset of links can be wiretapped. Existing results show that for the case of uniform wiretap sets (networks with equal capacity links/packets where any $k$ can be wiretapped), the secrecy capacity is given by the cut-set bound, and can be achieved by injecting $k$ random keys at the source which are decoded at the sink along with the message. This is the case whether or not the communicating users have information about the choice of wiretap set. In contrast, we show that for the nonuniform case, the cut-set bound is not achievable in general when the wiretap set is unknown, whereas it is achievable when the wiretap set is made known. We give achievable strategies where random keys are canceled at intermediate non-sink nodes, or injected at intermediate non-source nodes. Finally, we show that determining the secrecy capacity is a NP-hard problem.Comment: 24 pages, revision submitted to IEEE Transactions on Information Theor

Securing library information system: Vulnerabilities and threats

Threats and vulnerabilities in computers and networks are common nowadays since computers are widely used by the public. The risks of computer threats and vulnerabilities are high since most computers are connected to the internet. Library Information Systems is also vulnerable to attack since it is a public access institution. Majority of users are naive when it comes to computer and network securities. Some breaches in Library Information System are intentional and some are unintentional. Risks analysis should be done to find the threats and risks in designing the Library Information System. Threats are made possible due to lack of proper procedures, software flaws and policies. The administrators should anticipate all the possible attacks and their mitigation techniques. In this paper, we will try to address various issues arise from this vulnerabilities and threats. We will also describe how we can reduce and overcome this vulnerabilities and threats

Adjacent Graph Based Vulnerability Assessment for Electrical Networks Considering Fault Adjacent Relationships Among Branches

Security issues related to vulnerability assessment in electrical networks are necessary for operators to identify the critical branches. At present, using complex network theory to assess the structural vulnerability of the electrical network is a popular method. However, the complex network theory cannot be comprehensively applicable to the operational vulnerability assessment of the electrical network because the network operation is closely dependent on the physical rules not only on the topological structure. To overcome the problem, an adjacent graph (AG) considering the topological, physical, and operational features of the electrical network is constructed to replace the original network. Through the AG, a branch importance index that considers both the importance of a branch and the fault adjacent relationships among branches is constructed to evaluate the electrical network vulnerability. The IEEE 118-bus system and the French grid are employed to validate the effectiveness of the proposed method.National Natural Science Foundation of China under Grant U1734202National Key Research and Development Plan of China under Grant 2017YFB1200802-12National Natural Science Foundation of China under Grant 51877181National Natural Science Foundation of China under Grant 61703345Chinese Academy of Sciences, under Grant 2018-2019-0