Vulnerability Analysis of the Simple Multicast Forwarding (SMF) Protocol for Mobile Ad Hoc Networks

If deployments of Mobile Ad Hoc Networks (MANETs) are to become common outside of purely experimental settings, protocols operating such MANETs must be able to preserve network integrity, even when faced with careless or malicious participants. A first step towards protecting a MANET is to analyze the vulnerabilities of the routing protocol(s), managing the connectivity. Understanding how these routing protocols can be exploited by those with ill intent, countermeasures can be developed, readying MANETs for wider deployment and use. One routing protocol for MANETs, developed by the Internet Engineering Task Force (IETF) as a multicast routing protocol for efficient data dissemination, is denoted "Simplified Multicast Forwarding" (SMF). This protocol is analyzed, and its vulnerabilities described, in this memorandum. SMF consists of two independent components: (i) duplicate packet detection and (ii) relay set selection, each of which presents its own set of vulnerabilities that an attacker may exploit to compromise network integrity. This memorandum explores vulnerabilities in each of these, with the aim of identifying attack vectors and thus enabling development of countermeasures.Afin d'augmenter le nombre de déploiements de réseaux ad hoc dehors des "testbeds" purement expérimentals, des protocoles de routage des réseaux ad hoc doivent être en mesure de préserver l'intégrité du réseau, même lorsqu'ils sont confrontés avec des participants imprudents ou malicieux. Un premier pas vers la protection d'un réseau ad hoc est d'analyser les vulnérabilités du protocole de routage qui gère la connectivité du réseau. En comprenant comment ces protocoles de routage peuvent être exploités par des personnes ayant de mauvaises intentions, des contre-mesures peuvent être développées. Un protocole de routage pour des réseaux ad hoc, développé par l'Internet Engineering Task Force (IETF) comme protocole de routage de multicast pour la diffusion efficace des données, est appelé "Simplified Multicast Forwarding" (SMF). Ce protocole est analysé, et ses vulnérabilités décrites dans ce rapport. SMF est constitué de deux composantes indépendantes: (i) la détection des paquets dupliqués et (ii) la sélection des relais, dont chacun présente son propre ensemble de vulnérabilités qu'un attaquant peut exploiter pour compromettre l'intégrité du réseau. Ce rapport explore des vulnérabilités dans chacune des deux composantes, afin d'identifier les vecteurs d'attaque, ainsi de permettre de développer des contre-mesures

Propuesta De Diseño De Red De Datos Para La Empresa Bata En El Distrito De Miraflores

El proyecto tiene como objetivo diseñar un “Modelo de Red de Datos” como apoyo a las dependencias administrativas de la Empresa BATA, y la necesidad de aplicar políticas de seguridad y administración a todos los usuarios de la red LAN, lo cual resulta una tarea compleja en la tecnología actual pero se puede resolver aplicando diversas tecnologías y equipos de red ideales para el diseño que se quiere lograr, el presente modelo de red se propone para cumplir con los requerimientos de la Empresa en cuanto a Costo y Fidelidad. En la actualidad la necesidad de las empresas de contar con un diseño de Red confiable, seguro y eficiente para la transmisión de datos es un tema de mucha importancia debido a que las empresas requieren la interconectividad de todos sus dispositivos de red dentro de un determinado lugar y también al exterior a través de Internet, teniendo más facilidades y beneficios para la empresa. La estructura que hemos seguido en este proyecto se compone de 3 capítulos. El Primer Capítulo comprende el Planteamiento del Problema, el Segundo Capítulo el Desarrollo del marco teórico y el tercer capítulo corresponde al desarrollo del Proyecto.Trabajo de suficiencia profesiona

Security for 5G Mobile Wireless Networks

The advanced features of 5G mobile wireless network systems yield new security requirements and challenges. This paper presents a comprehensive survey on security of 5G wireless network systems compared to the traditional cellular networks. The paper starts with a review on 5G wireless networks particularities as well as on the new requirements and motivations of 5G wireless security. The potential attacks and security services with the consideration of new service requirements and new use cases in 5G wireless networks are then summarized. The recent development and the existing schemes for the 5G wireless security are presented based on the corresponding security services including authentication, availability, data confidentiality, key management and privacy. The paper further discusses the new security features involving different technologies applied to 5G such as heterogeneous networks, device-to-device communications, massive multiple-input multiple-output, software defined networks and Internet of Things. Motivated by these security research and development activities, we propose a new 5G wireless security architecture, based on which the analysis of identity management and flexible authentication is provided. As a case study, we explore a handover procedure as well as a signaling load scheme to show the advantage of the proposed security architecture. The challenges and future directions of 5G wireless security are finally summarized

Contributions to Securing Software Updates in IoT

The Internet of Things (IoT) is a large network of connected devices. In IoT, devices can communicate with each other or back-end systems to transfer data or perform assigned tasks. Communication protocols used in IoT depend on target applications but usually require low bandwidth. On the other hand, IoT devices are constrained, having limited resources, including memory, power, and computational resources. Considering these limitations in IoT environments, it is difficult to implement best security practices. Consequently, network attacks can threaten devices or the data they transfer. Thus it is crucial to react quickly to emerging vulnerabilities. These vulnerabilities should be mitigated by firmware updates or other necessary updates securely. Since IoT devices usually connect to the network wirelessly, such updates can be performed Over-The-Air (OTA). This dissertation presents contributions to enable secure OTA software updates in IoT. In order to perform secure updates, vulnerabilities must first be identified and assessed. In this dissertation, first, we present our contribution to designing a maturity model for vulnerability handling. Next, we analyze and compare common communication protocols and security practices regarding energy consumption. Finally, we describe our designed lightweight protocol for OTA updates targeting constrained IoT devices. IoT devices and back-end systems often use incompatible protocols that are unable to interoperate securely. This dissertation also includes our contribution to designing a secure protocol translator for IoT. This translation is performed inside a Trusted Execution Environment (TEE) with TLS interception. This dissertation also contains our contribution to key management and key distribution in IoT networks. In performing secure software updates, the IoT devices can be grouped since the updates target a large number of devices. Thus, prior to deploying updates, a group key needs to be established among group members. In this dissertation, we present our designed secure group key establishment scheme. Symmetric key cryptography can help to save IoT device resources at the cost of increased key management complexity. This trade-off can be improved by integrating IoT networks with cloud computing and Software Defined Networking (SDN).In this dissertation, we use SDN in cloud networks to provision symmetric keys efficiently and securely. These pieces together help software developers and maintainers identify vulnerabilities, provision secret keys, and perform lightweight secure OTA updates. Furthermore, they help devices and systems with incompatible protocols to be able to interoperate

Journal of Telecommunications and Information Technology, 2008, nr 2

kwartalni