A secure and lightweight ad-hoc routing algorithm for personal networks

Over the past few years, there has been increasing interest in utilizing Personal Area Networks (PANs) to offer users innovative and personalized services. This interest is a consequence of the widespread use of mobile devices such as laptops, mobile phones, PDAs, digital cameras, wireless headsets, etc. to carry out a variety of user-centric tasks. The PAN itself is built upon an ad-hoc network where devices trust their neighbors to route their packets. The cooperative nature of ad-hoc networks allows malicious nodes to easily cripple the network by inserting false route information, replaying old messages, modifying messages of other nodes, etc. An applicable area still under research, and the focus of this paper, is secure routing protocols for ad-hoc networks. To achieve availability in the PAN, the routing protocol used must be robust against both dynamically changing topology and malicious attacks. However, the heterogeneous nature of Personal Network (PN) devices means that traditional security mechanisms are too resource intensive to be sufficient by themselves. This paper describes a new ad-hoc secure routing protocol for Personal Networks (PNs), suitable in a limited multi-hop scenario. This protocol is based on ADOV and relies on efficient cryptographic primitives to safeguard the security and privacy of PN users. Following that, a number of attacks in the area of ad-hoc networks are discussed, and it is shown that the new algorithm protects against multiple un-coordinated active attackers, in spite of compromised nodes in the network

Secure Hop-by-Hop Aggregation of End-to-End Concealed Data in Wireless Sensor Networks

In-network data aggregation is an essential technique in mission critical wireless sensor networks (WSNs) for achieving effective transmission and hence better power conservation. Common security protocols for aggregated WSNs are either hop-by-hop or end-to-end, each of which has its own encryption schemes considering different security primitives. End-to-end encrypted data aggregation protocols introduce maximum data secrecy with in-efficient data aggregation and more vulnerability to active attacks, while hop-by-hop data aggregation protocols introduce maximum data integrity with efficient data aggregation and more vulnerability to passive attacks. In this paper, we propose a secure aggregation protocol for aggregated WSNs deployed in hostile environments in which dual attack modes are present. Our proposed protocol is a blend of flexible data aggregation as in hop-by-hop protocols and optimal data confidentiality as in end-to-end protocols. Our protocol introduces an efficient O(1) heuristic for checking data integrity along with cost-effective heuristic-based divide and conquer attestation process which is $O(\ln{n})$ in average -O(n) in the worst scenario- for further verification of aggregated results

SOFTWARE DEFINED CUSTOMIZATION OF NETWORK PROTOCOLS WITH LAYER 4.5

The rise of software defined networks, programmable data planes, and host level kernel programmability gives rise to highly specialized enterprise networks. One form of network specialization is protocol customization, which traditionally extends existing protocols with additional features, primarily for security and performance reasons. However, the current methodologies to deploy protocol customizations lack the agility to support rapidly changing customization needs. This dissertation designs and evaluates the first software-defined customization architecture capable of distributing and continuously managing protocol customizations within enterprise or datacenter networks. Our unifying architecture is capable of performing per-process customizations, embedding per-network security controls, and aiding the traversal of customized application flows through otherwise problematic middlebox devices. Through the design and evaluation of the customization architecture, we further our understanding of, and provide robust support for, application transparent protocol customizations. We conclude with the first ever demonstration of active application flow "hot-swapping" of protocol customizations, a capability not currently supported in operational networks.Office of Naval Research, Arlington, VA 22203Lieutenant Commander, United States NavyApproved for public release. Distribution is unlimited

Implementation of Secure and Energy Efficient Routing Protocol for Mobile Adhoc Network

Mobile adhoc network are networks consisting of spatially distributed autonomous sensors, which are capable of sensing the physical or environmental conditions and have set of applications in various domains. But MANET is also prone to various active and passive attacks due to the lack of security mechanism, centralized management in routing protocol and. The prime task of WSN is to sense and collect information, process and transmit to the sink. One of the major security threats in MANET is attacks; attacks may be active or passive. First of all implementation of reference work carried out in NS 2 environment for various numbers of nodes in the range from 10 to 50 followed by integration of attacker node. In our research work specifically black hole attack has been taken to see the impact on network parameters. To overcome such active attacks an advanced Ad hoc On-Demand Distance Vector routing protocol techniques incorporated hash function with security algorithm so that data cannot be accessed by unauthorized person. Network matrices are improved by implementing advanced AODV routing protocol. In the distributed network trust among various sensing nodes is a powerful tool to increase the performance of device networks. In our research work depth analysis carried out on the security and trust communication between the device nodes with routing techniques to discover and prevent information packet from the being exposed to black hole attack. Further various mobility pattern can be investigated with different attacks

Finite-Size Security for Discrete-Modulated Continuous-Variable Quantum Key Distribution Protocols

Discrete-Modulated (DM) Continuous-Variable Quantum Key Distribution (CV-QKD) protocols are promising candidates for commercial implementations of quantum communication networks due to their experimental simplicity. While tight security analyses in the asymptotic limit exist, proofs in the finite-size regime are still subject to active research. We present a composable finite-size security proof against independently and identically distributed (i.i.d.) collective attacks for a general DM CV-QKD protocol. We introduce a new energy testing theorem to bound the effective dimension of Bob's system and rigorously prove security within Renner's epsilon-security framework. We introduce and build up our security argument on so-called acceptance testing which, as we argue, is the proper notion for the statistical analysis in the finite-size regime and replaces the concept of parameter estimation for asymptotic security analyses. Finally, we extend and apply a numerical security proof technique to calculate tight lower bounds on the secure key rate. To demonstrate our method, we apply it to a quadrature phase-shift keying protocol, both for untrusted, ideal and trusted non-ideal detectors. The results show that our security proof method yields secure finite-size key rates under experimentally viable conditions up to at least 73 km transmission distance.Comment: 28 pages, 6 Figure

A Practical Wireless Exploitation Framework for Z-Wave Networks

Wireless Sensor Networks (WSN) are a growing subset of the emerging Internet of Things (IoT). WSNs reduce the cost of deployment over wired alternatives; consequently, use is increasing in home automation, critical infrastructure, smart metering, and security solutions. Few published works evaluate the security of proprietary WSN protocols due to the lack of low-cost and effective research tools. One such protocol is ITU-T G.9959-based Z-Wave, which maintains wide acceptance within the IoT market. This research utilizes an open source toolset, presented herein, called EZ-Wave to identify methods for exploiting Z-Wave devices and networks using Software-Defined Radios (SDR). Herein, techniques enabling active network reconnaissance, including network enumeration and device interrogation, are presented. Furthermore, a fuzzing framework is presented and utilized to identify three packet malformations resulting in anomalous device behavior. Finally, a method for classifying the three most common Z-Wave transceivers with \u3e99% accuracy using preamble manipulation is identified and tested