A Survey on Wireless Security: Technical Challenges, Recent Advances and Future Trends

This paper examines the security vulnerabilities and threats imposed by the inherent open nature of wireless communications and to devise efficient defense mechanisms for improving the wireless network security. We first summarize the security requirements of wireless networks, including their authenticity, confidentiality, integrity and availability issues. Next, a comprehensive overview of security attacks encountered in wireless networks is presented in view of the network protocol architecture, where the potential security threats are discussed at each protocol layer. We also provide a survey of the existing security protocols and algorithms that are adopted in the existing wireless network standards, such as the Bluetooth, Wi-Fi, WiMAX, and the long-term evolution (LTE) systems. Then, we discuss the state-of-the-art in physical-layer security, which is an emerging technique of securing the open communications environment against eavesdropping attacks at the physical layer. We also introduce the family of various jamming attacks and their counter-measures, including the constant jammer, intermittent jammer, reactive jammer, adaptive jammer and intelligent jammer. Additionally, we discuss the integration of physical-layer security into existing authentication and cryptography mechanisms for further securing wireless networks. Finally, some technical challenges which remain unresolved at the time of writing are summarized and the future trends in wireless security are discussed.Comment: 36 pages. Accepted to Appear in Proceedings of the IEEE, 201

Classification of EAP methods and Some Major Attacks on EAP

This paper presents an overview of authentication protocol and analysis of Extensible Authentication Protocol (EAP) and its place in securing network. In general, authentication procedure adds extra messages to the original message flow and results in throughput reduction/ increase in processing time. Extensible Authentication Protocol (EAP) is a framework which aims to provide a flexible authentication for wireless networks. A number of specific widely used EAP methods are examined and evaluated for their advantages and susceptibility to types of attack. In addition, we evaluate how we communicate between two entities over the network

An Intrusion Detection System Against Rogue Master Attacks on gPTP

Due to the promise of deterministic Ethernet networking, Time Sensitive Network (TSN) standards are gaining popularity in the vehicle on-board networks sector. Among these, Generalized Precision Time Protocol (gPTP) allows network devices to be synchronized with a greater degree of precision than other synchronization protocols, such as Network Time Protocol (NTP). However, gPTP was developed without security measures, making it susceptible to a variety of attacks. Adding security controls is the initial step in securing the protocol. However, due to current gPTP design limitations, this countermeasure is insufficient to protect against all types of threats. In this paper, we present a novel supervised Machine Learning (ML)-based pipeline for the detection of high-risk rogue master attacks

Analysis of the End-by-Hop Protocol for Secure Aggregation in Sensor Networks

In order to save bandwidth and thus battery power, sensor network measurements are sometimes aggregated en-route while being reported back to the querying server. Authentication of the measurements then becomes a challenge if message integrity is important for the application. At ESAS 2007, the End-by-Hop protocol for securing in-network aggregation for sensor nodes was presented. The solution was claimed to be secure and efficient and to provide the possibility of trading off bandwidth against computation time on the server. In this paper, we disprove these claims. We describe several attacks against the proposed solution and point out shortcomings in the original complexity analysis. In particular, we show that the proposed solution is inferior to a naive solution without in-network aggregation both in security and in efficiency

Secure and Efficient DiDrip Protocol for Improving Performance of WSNs

Wireless Sensor Networks consists of a set of resource constrained devices called nodes that communicate wirelessly with each other. Wireless Sensor Networks have become a key application in number of technologies. It also measures the unit of vulnerability to security threats. Several Protocols are projected to make them secure. Some of the protocols within the sensor network specialize in securing data. These protocols are named as data discovery and dissemination protocols. The data discovery and dissemination protocol for wireless sensor networks are utilized for distributing management commands and altering configuration parameters to the sensor nodes. All existing data discovery and dissemination protocols primarily suffer from two drawbacks. Basically, they are support centralized approach (only single station can distribute data item).This approach is not suitable for multiple owner-multiple users. Second, the protocols are not designed with security in mind. This Paper proposes the first distributed knowledge discovery and dissemination protocol called DiDrip which is safer than the existing one. The protocol permits multiple owners to authorize many network users with altogether totally different priorities to at an equivalent time and directly flow into data items to sensor nodes

Options for Securing RTP Sessions

The Real-time Transport Protocol (RTP) is used in a large number of different application domains and environments. This heterogeneity implies that different security mechanisms are needed to provide services such as confidentiality, integrity, and source authentication of RTP and RTP Control Protocol (RTCP) packets suitable for the various environments. The range of solutions makes it difficult for RTP-based application developers to pick the most suitable mechanism. This document provides an overview of a number of security solutions for RTP and gives guidance for developers on how to choose the appropriate security mechanism

An Authentication and Key Establishment Scheme for the IP-Based Wireless Sensor Networks

Integration between wireless sensor networks and traditional IP networks using the IPv6 and 6LoWPAN standards is a very active research and application area. A combination of hybrid network significantly increases the complexity of addressing connectivity and fault tolerance problems in a highly heterogeneous environment, including for example different packet sizes in different networks. In such challenging conditions, securing the communication between nodes with very diverse computational, memory and energy storage resources is at the same time an essential requirement and a very complex issue. In this paper we present an efficient and secure mutual authentication and key establishment protocol based on Elliptic Curve Cryptography (ECC) by which different classes of nodes, with very different capabilities, can authenticate each other and establish a secret key for secure communication. The analysis of the proposed scheme shows that it provides good network connectivity and resilience against some well known attacks

IMPLEMENTATION OF TRUST NEIGHBOR DISCOVERY ON SECURING IPv6 LINK LOCAL COMMUNICATION

Neighbour Discovery Protocol is a core IPv6 protocol used within the local network to provide functionalities such as Router Discovery and Neighbour Discovery. However, the standard of the protocol does not specify any security mechanism but only recommends the use of either Internet Protocol Security (IPSec) or Secure Neighbor Discovery (SEND) that has drawbacks when used within IPv6 local network. Furthermore, neither is enabled by default in the IPv6 local network; leaving the protocol unsecured. This paper proposes Trust-ND with reduced complexity by combining hard security and soft security approaches to be implemented on securing IPv6 link-local communication. The experimentation results showed that Trust-ND managed to successfully secure the IPv6 Neighbour Discovery. Trust-ND significantly cuts down the time to process NDP messages up to 77.21 ms for solicitation message and 100.732 ms for advertisement message. It also provides additional benefit over regular NDP in terms of data integrity for all Trust-ND messages with the introduction of Trust Option

Reflections on security options for the real-time transport protocol framework

The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol

Securing the Internet of Things Infrastructure - Standards and Techniques

The Internet of Things (IoT) infrastructure is a conglomerate of electronic devices interconnected through the Internet, with the purpose of providing prompt and effective service to end-users. Applications running on an IoT infrastructure generally handle sensitive information such as a patient’s healthcare record, the position of a logistic vehicle, or the temperature readings obtained through wireless sensor nodes deployed in a bushland. The protection of such information from unlawful disclosure, tampering or modification, as well as the unscathed presence of IoT devices, in adversarial environments, is of prime concern. In this paper, a descriptive analysis of the security of standards and technologies for protecting the IoT communication channel from adversarial threats is provided. In addition, two paradigms for securing the IoT infrastructure, namely, common key based and paired key based, are proposed