KANSA: high interoperability e-KTP decentralised database network using distributed hash table

e-KTP is an Indonesian Identity Card based on Near Field Communicator technology. This technology was embedded in every e-KTP card for every Indonesian citizen. Until this research, e-KTP technology never to be utilized by any stack-holder neither government agencies nor nongovernment organization or company. e-KTP Technology inside the card never been used and go with conventional with manual copy it with photocopy machine or take a photograph with it. This research was proposing an open standard to utilized e-KTP Technology. The open standard will bring e-KTP technology used as is and used broadly in many government agencies or much commercial company. This research was proposing decentralized network model especially for storing e-KTP data without breaking privacy law. Besides providing high specs of the server, a decentralized model can reduce the cost of server infrastructure. The model was proposing using Distributed Hast Table which was used for peer-to-peer networks. The decentralized model promised high availability and the more secure way to save and access the data. The result of this model can be implemented in many network topology or infrastructure also applicable to implement on Small Medium Enterprise Company

A New Strong Adversary Model for RFID Authentication Protocols

Radio Frequency Identification (RFID) systems represent a key technology for ubiquitous computing and for the deployment of the Internet of Things (IoT). In RFID technology, authentication protocols are often necessary in order to confirm the identity of the parties involved (i.e. RFID readers, RFID tags and/or database servers). In this article, we analyze the security of a mutual authentication protocol proposed by Wang and Ma. Our security analysis clearly shows major security pitfalls in this protocol. Firstly, we show two approaches that an adversary may use to mislead an honest reader into thinking that it is communicating with a legitimate database. Secondly, we show how an adversary that has compromised some tags can impersonate an RFID reader to a legitimate database. Furthermore, we present a new adversary model, which pays heed on cases missed by previous proposals. In contrast to previous models where the communication between an RFID reader and a back-end server is through a secure channel, our model facilitates the security analysis of more general schemes where this communication channel (RFID reader-to-server) is insecure. This model determines whether the compromise of RFID tags has any impact on the security of the readerto-server communication or vice versa. In a secure protocol, the possible compromise of RFID tags should not affect the RFID reader-server communication. In this paper, we show that compromising of RFID tags in Wang and Ma protocol has a direct impact on the reader-server security. Finally, we propose a new authentication protocol that offers an adequate security level and is resistant against the mentioned security risks. The security proofs of the proposed protocol are supported with Gong-Needham-Yahalom (GNY) logic and Scyther tool, which are formal methods to evaluate the security of a cryptographic protocol

Key management for wireless sensor network security

Wireless Sensor Networks (WSNs) have attracted great attention not only in industry but also in academia due to their enormous application potential and unique security challenges. A typical sensor network can be seen as a combination of a number of low-cost sensor nodes which have very limited computation and communication capability, memory space, and energy supply. The nodes are self-organized into a network to sense or monitor surrounding information in an unattended environment, while the self-organization property makes the networks vulnerable to various attacks.Many cryptographic mechanisms that solve network security problems rely directly on secure and efficient key management making key management a fundamental research topic in the field of WSNs security. Although key management for WSNs has been studied over the last years, the majority of the literature has focused on some assumed vulnerabilities along with corresponding countermeasures. Specific application, which is an important factor in determining the feasibility of the scheme, has been overlooked to a large extent in the existing literature.This thesis is an effort to develop a key management framework and specific schemes for WSNs by which different types of keys can be established and also can be distributed in a self-healing manner; explicit/ implicit authentication can be integrated according to the security requirements of expected applications. The proposed solutions would provide reliable and robust security infrastructure for facilitating secure communications in WSNs.There are five main parts in the thesis. In Part I, we begin with an introduction to the research background, problems definition and overview of existing solutions. From Part II to Part IV, we propose specific solutions, including purely Symmetric Key Cryptography based solutions, purely Public Key Cryptography based solutions, and a hybrid solution. While there is always a trade-off between security and performance, analysis and experimental results prove that each proposed solution can achieve the expected security aims with acceptable overheads for some specific applications. Finally, we recapitulate the main contribution of our work and identify future research directions in Part V

Routing and Mobility on IPv6 over LoWPAN

The IoT means a world-wide network of interconnected objects based on standard communication protocols. An object in this context is a quotidian physical device augmented with sensing/actuating, processing, storing and communication capabilities. These objects must be able to interact with the surrounding environment where they are placed and to cooperate with neighbouring objects in order to accomplish a common objective. The IoT objects have also the capabilities of converting the sensed data into automated instructions and communicating them to other objects through the communication networks, avoiding the human intervention in several tasks. Most of IoT deployments are based on small devices with restricted computational resources and energy constraints. For this reason, initially the scientific community did not consider the use of IP protocol suite in this scenarios because there was the perception that it was too heavy to the available resources on such devices. Meanwhile, the scientific community and the industry started to rethink about the use of IP protocol suite in all IoT devices and now it is considered as the solution to provide connectivity between the IoT devices, independently of the Layer 2 protocol in use, and to connect them to the Internet. Despite the use of IP suite protocol in all devices and the amount of solutions proposed, many open issues remain unsolved in order to reach a seamless integration between the IoT and the Internet and to provide the conditions to IoT service widespread. This thesis addressed the challenges associated with the interconnectivity between the Internet and the IoT devices and with the security aspects of the IoT. In the interconnectivity between the IoT devices and the Internet the problem is how to provide valuable information to the Internet connected devices, independently of the supported IP protocol version, without being necessary accessed directly to the IoT nodes. In order to solve this problem, solutions based on Representational state transfer (REST) web services and IPv4 to IPv6 dual stack transition mechanism were proposed and evaluated. The REST web service and the transition mechanism runs only at the border router without penalizing the IoT constrained devices. The mitigation of the effects of internal and external security attacks minimizing the overhead imposed on the IoT devices is the security challenge addressed in this thesis. Three different solutions were proposed. The first is a mechanism to prevent remotely initiated transport level Denial of Service attacks that avoids the use of inefficient and hard to manage traditional firewalls. It is based on filtering at the border router the traffic received from the Internet and destined to the IoT network according to the conditions announced by each IoT device. The second is a network access security framework that can be used to control the nodes that have access to the network, based on administrative approval, and to enforce security compliance to the authorized nodes. The third is a network admission control framework that prevents IoT unauthorized nodes to communicate with IoT authorized nodes or with the Internet, which drastically reduces the number of possible security attacks. The network admission control was also exploited as a management mechanism as it can be used to manage the network size in terms of number of nodes, making the network more manageable, increasing its reliability and extending its lifetime.A IoT (Internet of Things) tem suscitado o interesse tanto da comunidade académica como da indústria, uma vez que os campos de aplicação são inúmeros assim como os potenciais ganhos que podem ser obtidos através do uso deste tipo de tecnologia. A IoT significa uma rede global de objetos ligados entre si através de uma rede de comunicações baseada em protocolos standard. Neste contexto, um objeto é um objeto físico do dia a dia ao qual foi adicionada a capacidade de medir e de atuar sobre variáveis físicas, de processar e armazenar dados e de comunicar. Estes objetos têm a capacidade de interagir com o meio ambiente envolvente e de cooperar com outros objetos vizinhos de forma a atingirem um objetivo comum. Estes objetos também têm a capacidade de converter os dados lidos em instruções e de as comunicar a outros objetos através da rede de comunicações, evitando desta forma a intervenção humana em diversas tarefas. A maior parte das concretizações de sistemas IoT são baseados em pequenos dispositivos autónomos com restrições ao nível dos recursos computacionais e de retenção de energia. Por esta razão, inicialmente a comunidade científica não considerou adequado o uso da pilha protocolar IP neste tipo de dispositivos, uma vez que havia a perceção de que era muito pesada para os recursos computacionais disponíveis. Entretanto, a comunidade científica e a indústria retomaram a discussão acerca dos benefícios do uso da pilha protocolar em todos os dispositivos da IoT e atualmente é considerada a solução para estabelecer a conetividade entre os dispositivos IoT independentemente do protocolo da camada dois em uso e para os ligar à Internet. Apesar do uso da pilha protocolar IP em todos os dispositivos e da quantidade de soluções propostas, são vários os problemas por resolver no que concerne à integração contínua e sem interrupções da IoT na Internet e de criar as condições para a adoção generalizada deste tipo de tecnologias. Esta tese versa sobre os desafios associados à integração da IoT na Internet e dos aspetos de segurança da IoT. Relativamente à integração da IoT na Internet o problema é como fornecer informação válida aos dispositivos ligados à Internet, independentemente da versão do protocolo IP em uso, evitando o acesso direto aos dispositivos IoT. Para a resolução deste problema foram propostas e avaliadas soluções baseadas em web services REST e em mecanismos de transição IPv4 para IPv6 do tipo pilha dupla (dual stack). O web service e o mecanismo de transição são suportados apenas no router de fronteira, sem penalizar os dispositivos IoT. No que concerne à segurança, o problema é mitigar os efeitos dos ataques de segurança internos e externos iniciados local e remotamente. Foram propostas três soluções diferentes, a primeira é um mecanismo que minimiza os efeitos dos ataques de negação de serviço com origem na Internet e que evita o uso de mecanismos de firewalls ineficientes e de gestão complexa. Este mecanismo filtra no router de fronteira o tráfego com origem na Internet é destinado à IoT de acordo com as condições anunciadas por cada um dos dispositivos IoT da rede. A segunda solução, é uma framework de network admission control que controla quais os dispositivos que podem aceder à rede com base na autorização administrativa e que aplica políticas de conformidade relativas à segurança aos dispositivos autorizados. A terceira é um mecanismo de network admission control para redes 6LoWPAN que evita que dispositivos não autorizados comuniquem com outros dispositivos legítimos e com a Internet o que reduz drasticamente o número de ataques à segurança. Este mecanismo também foi explorado como um mecanismo de gestão uma vez que pode ser utilizado a dimensão da rede quanto ao número de dispositivos, tornando-a mais fácil de gerir e aumentando a sua fiabilidade e o seu tempo de vida

Wake-up radio systems : design, development, performance evaluation and comparison to conventional medium access control protocols for wireless sensor networks

During the recent years, the research related to Wake-up Radio (WuR) systems has gained noticeable interest. In WuR systems, a node initiating a communication first sends a Wake-up Call (WuC) by means of its Wake-up Transmitter (WuTx), to the Wake-up Receiver (WuRx) of a remote node to activate it in an on-demand manner. Until the reception of the WuC, the node's MCU and main data transceiver are in sleep mode. Hence, WuR drastically reduce the power required by wireless nodes. This thesis provides a complete analysis of several WuR designs vs. conventional MAC protocols for Wireless Sensor Networks (WSN). The research is performed in an incremental fashion and includes hardware, softwar and simulation topics. WuR systems enable energy savings in plenty of different applications, e.g., retrieving information from environmental pollution sensors placed in a city by a mobile collector node, or activating a sleeping wireless AP. They are easy to program in and provide implicit synchronization. However, achieving a good WuRx design may become a challenge because power amplifiers cannot be used for the sake of energy. The system proposed in chapter 2 is a successful WuR system prototype. The so-called SµA-WuRx is less complex than commercial WuR systems, it is cheaper from the monetary point of view, requires several times less energy and allows for up to 15 meters of communication, an adequate value for WuR systems. However, the system can be improved by including several desirable features, such as longer operational ranges and/or addressing mechanisms. The so-called Time-Knocking (TicK) addressing strategy, analyzed in chapter 3, enables energy efficient node addressing by varying the time between WuCs received by a MCU. TicK allows for variable length addresses and multicast. A WuR system may not fit any possible application. Thus, while the SµA-WuRx and TicK efficiently solved many of the requirements of single-hop and data-collector applications, they lack of flexibility. Instead, SCM-WuR systems in chapter 4 feature an outstanding trade-off between hardware complexity, current consumption and operational range, and even enable multi-hop wake-up for long remote sensor measure collection. To contextualize the WuR systems developed, chapter 5 provides an overview of the most important WuR systems as of 2014. Developing a MAC protocol which performs acceptably in a wide range of diverse applications is a very difficult task. Comparatively, SCM-WuR systems perform properly in all the use cases (single and multi-hop) presented in chapter 6. Bluetooth Low Energy, or BLE, appears as a duty-cycled MAC protocol mainly targeting single-hop applications. Because of its clearly defined use cases and its integration with its upper application layers, BLE appears as an extremely energy-efficient protocol that cannot be easily replaced by WuR. Because of all these aspects, the performance of BLE is analyzed in chapter 7. Finally, chapter 8 tries to solve one of the issues affecting WuR systems, that is, the need for extra hardware. While this issue seems difficult to solve for WuRx, the chapter provides ideas to use IEEE 802.11-enabled devices as WuTx.Durant els últims anys, la investigació relativa als sistemes de Ràdios de Wake-up (de l'anglès Wake-up Radio, WuR) ha experimentat un interès notable. En aquests sistemes, un node inicia la comunicació inal.làmbrica transmetent una Wake-up Call (WuC), per mitjà del seu transmissor de Wake-up (WuTx), dirigida al receptor de Wake-up (WuRx) del node remot. Aquesta WuC activa el node remot, el microcontrolador (MCU) i la ràdio principals del qual han pogut romandre en mode "sleep" fins el moment. Així doncs, els sistemes WuR permeten un estalvi dràstic de l'energia requerida pels nodes sense fils. Aquesta tesi proposa diferents sistemes WuR i els compara amb protocols MAC existents per a xarxes de sensors sense fils (Wireless Sensor Networks, WSN). La investigació es realitza de forma progressiva i inclou hardware, software i simulació. Els sistemes WuR permeten un estalvi energètic notable en moltes aplicacions: recol¿lecció d'informació ambiental, activació remota de punts d'accés wi-fi, etc. Són fàcils de programar en software i comporten una sincronització implícita entre nodes. Malauradament, un consum energètic mínim impossibilita l'ús d'amplificadors de potència, i dissenyar-los esdevé un repte. El sistema presentat en el capítol 2 és un prototip exitós de sistema WuR. De nom SµA-WuR, és més senzill que alternatives comercials, és més econòmic, requereix menys energia i permet distàncies de comunicació WuR majors, de fins a 15 metres. L'estratègia d'adreçament Time-KnocKing, presentada en el capítol 3, permet dotar l'anterior SµA-WuR d'una forma d'especificar el node adreçat, permetent estalvi energètic a nivell de xarxa. TicK opera codificant el temps entre diferents WuC. Depenent del temps entre intervals, es desperten el/s node/s desitjats d'una forma extremadament eficient. Tot i els seus beneficis, hi ha aplicacions no implementables amb el sistema SµA-WuR. Per a aquest motiu, en el capítol 4 es presenta el sistema SCM-WuR, que ofereix un rang d'operació de 40 a 100 metres a canvi d'una mínima complexitat hardware afegida. SCM-WuR cobreix el ventall d'aplicacions del sistema SµA-WuRx, i també les que requereixen multi-hop a nivell WuR. El capítol 5 de la tesi compara els dos sistemes WuR anteriors vers les propostes més importants fins el 2014. El capítol 6 inclou un framework de simulació complet amb les bases per a substituir els sistemes basats en duty-cycling a WuR. Degut a que desenvolupar un protocol MAC que operi acceptablement bé en multitud d'aplicacions esdevé una tasca pràcticament impossible, els sistemes WuR presentats amb anterioritat i modelats en aquest capítol representen una solució versàtil, interessant i molt més eficient des del punt de vista energètic. Bluetooth Low Energy, o Smart, o BLE, representa un cas d'aplicació específica on, degut a la gran integració a nivell d'aplicació, la substitució per sistemes de WuR esdevé difícil Per a aquesta raó, i degut a que es tracta d'un protocol MAC extremadament eficient energèticament, aquesta tesi conté una caracterització completa de BLE en el capítol 7. Finalment, el capítol 8 soluciona un dels inconvenients del sistemes WuR, el disseny de WuTx específics, presentant una estratègia per a transformar qualsevol dispositiu IEEE 802.11 en WuTx

Security and Privacy for Modern Wireless Communication Systems

The aim of this reprint focuses on the latest protocol research, software/hardware development and implementation, and system architecture design in addressing emerging security and privacy issues for modern wireless communication networks. Relevant topics include, but are not limited to, the following: deep-learning-based security and privacy design; covert communications; information-theoretical foundations for advanced security and privacy techniques; lightweight cryptography for power constrained networks; physical layer key generation; prototypes and testbeds for security and privacy solutions; encryption and decryption algorithm for low-latency constrained networks; security protocols for modern wireless communication networks; network intrusion detection; physical layer design with security consideration; anonymity in data transmission; vulnerabilities in security and privacy in modern wireless communication networks; challenges of security and privacy in node–edge–cloud computation; security and privacy design for low-power wide-area IoT networks; security and privacy design for vehicle networks; security and privacy design for underwater communications networks

Mobile Ad-Hoc Networks

Being infrastructure-less and without central administration control, wireless ad-hoc networking is playing a more and more important role in extending the coverage of traditional wireless infrastructure (cellular networks, wireless LAN, etc). This book includes state-of the-art techniques and solutions for wireless ad-hoc networks. It focuses on the following topics in ad-hoc networks: vehicular ad-hoc networks, security and caching, TCP in ad-hoc networks and emerging applications. It is targeted to provide network engineers and researchers with design guidelines for large scale wireless ad hoc networks

Radio Communications

In the last decades the restless evolution of information and communication technologies (ICT) brought to a deep transformation of our habits. The growth of the Internet and the advances in hardware and software implementations modified our way to communicate and to share information. In this book, an overview of the major issues faced today by researchers in the field of radio communications is given through 35 high quality chapters written by specialists working in universities and research centers all over the world. Various aspects will be deeply discussed: channel modeling, beamforming, multiple antennas, cooperative networks, opportunistic scheduling, advanced admission control, handover management, systems performance assessment, routing issues in mobility conditions, localization, web security. Advanced techniques for the radio resource management will be discussed both in single and multiple radio technologies; either in infrastructure, mesh or ad hoc networks