Internet of Things Security Using Proactive WPA/WPA2

The Internet of Things (IoT) is a natural evolution of the Internet and is becoming more ubiquitous in our everyday home, business, health, education, and many other aspects. The data gathered and processed by IoT networks might be sensitive whichcallsforfeasibleandadequatesecuritymeasures.This paper describes the use of the Wi-Fi technology in the IoT connectivity, then proposes a new approach, the Proactive Wire- less Protected Access (PWPA), to protect the access networks. Then a new end to end (e2e) IoT security model is suggested to include the PWPA scheme. To evaluate the solution?s security and performance, firstly, the cybersecurity triad: confidentiality, integrity, and availability aspects were discussed, secondly, the solution?s performance was compared to a counterpart e2e security solution, the Secure Socket Layer security. A small IoT network was set up to simulate a real environment that uses HTTP protocol. Packets were then collected and analyzed. Data analysis showed a bandwidth efficiency increase by 2% (Internet links) and 12% (access network), and by 344% (Internet links) and 373% (access network) when using persistent and non- persistent HTTP respectively. On the other hand, the analysis showed a reduction in the average request-response delay of 25% and 53% when using persistent and non-persistent HTTP respectively. This scheme is possibly a simple and feasible solution that improves the IoT network security performance by reducing the redundancy in the TCP/IP layers security implementation

Mobile IP: state of the art report

Due to roaming, a mobile device may change its network attachment each time it moves to a new link. This might cause a disruption for the Internet data packets that have to reach the mobile node. Mobile IP is a protocol, developed by the Mobile IP Internet Engineering Task Force (IETF) working group, that is able to inform the network about this change in network attachment such that the Internet data packets will be delivered in a seamless way to the new point of attachment. This document presents current developments and research activities in the Mobile IP area

Wireless backhaul in future cellular communication

Abstract. In 5G technology, huge number of connected devices are needed to be considered where the expected throughput is also very ambitious. Capacity is needed and thus used frequencies are expected to get higher (above 6 GHz even up to 80 GHz), the Cell size getting smaller and number of cells arising significantly. Therefore, it is expected that wireless backhaul will be one option for Network operators to deliver capacity and coverage for high subscriber density areas with reduced cost. Wireless backhaul optimization, performance and scalability will be on the critical path on such cellular system. This master’s thesis work includes connecting a base station by using the wireless backhaul by introducing a VPN in the proposed network. We find the bottleneck and its solution. The network is using 3.5 GHz wireless link instead of LAN wire for backhaul link between the EnodeB and the core network (OpenEPC). LTE TDD band 42 acting as a Wireless Backhaul (Link between EnodeB and Band 42 CPE Router). The status and attachment procedure are observed from different nodes of the openEPC and from the VPN machine. Step by step we have established a tunnel between the CPE device and the VPN server using PPTP and L2TP with IPSec tunneling protocol. The progression towards the final implementation brings in step by step all difficulties and bottlenecks are documented in the study

Securing Handover in Wireless IP Networks

In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources. Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors. In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test

Virtual Private Services: Coordinated Policy Enforcement for Distributed Applications

Large scale distributed applications combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security issues, caused by the complexity of the operating environment. In particular, policies at multiple layers and locations force conventional mechanisms such as firewalls and compartmented file storage into roles where they are clumsy and failure-prone. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points

VPN Solution Benchmarking for Endpoints Under Fast Network Mobility

This dissertation was proposed by Veniam, a start-up working on vehicular networks. Offering connectivity to moving things over different technologies (DSRC, Wi-Fi, or 4G LTE) while maintaining a good quality of experience for users is a challenging endeavour. In some cases, the use of a VPN can solve many of the issues. However, many popular VPN solutions were developed with a different use case in mind - the out of office worker. These solutions cannot handle mobility well, breaking connections when access points switch, and require considerable processing power. Applying these solutions to the fast moving, low resource devices deployed in Veniam connected fleets results in a severely degraded service. Therefore, other VPNs will be researched and compared, in order to benchmark and pick a suitable VPN solution. The VPN's overhead, namely throughput degradation, latency increase, and CPU usage will be measured, and its capacity to adapt to fast switching over heterogenous networks evaluated. The benchmark results will allow the minimisation of service degradation caused by the use of VPN tunnels in this constrained mobile environment

Industrial Ethernet Protocols IPv6 enabling approach

The current Internet Protocol (IPv4) made Ethernet with TCP/IP find application in industrial automation environment via Industrial Ethernet Protocols. The question "Can things go smooth in Internet Protocol next generation (IPv6)?". This paper answers the question by proposing solutions and proofing via simulation using OPNET Modeler simulator that IPv6 introduction in industrial automation environment introduces very small (negligible) delay relative to IPv4. Measured delays include: global Ethernet delay, IP node end-to-end delay and delay variation for 72, 520 and 1500 bytes transported packet size. Results showed that IPv6 introduces very small delay relative to IPv4, the various delays increase with increased packet size and IPv6 can be used in industrial automation environment. &nbsp

Internet of Things Security Using Proactive WPA/WPA2

Indiana University-Purdue University Indianapolis (IUPUI)The Internet of Things (IoT) is a natural evolution of the Internet and is becoming more and more ubiquitous in our everyday home, enterprise, healthcare, education, and many other aspects. The data gathered and processed by IoT networks might be sensitive and that calls for feasible and adequate security measures. The work in this thesis describes the use of the Wi-Fi technology in the IoT connectivity, then proposes a new approach, the Proactive Wireless Protected Access (PWPA), to protect the access networks. Then a new end to end (e2e) IoT security model is suggested to include the PWPA scheme. To evaluate the solutions security and performance, rstly, the cybersecurity triad: con dentiality, integrity, and availability aspects were discussed, secondly, the solutions performance was compared to a counterpart e2e security solution, the Secure Socket Layer security. A small e2e IoT network was set up to simulate a real environment that uses HTTP protocol. Packets were then collected and analyzed. Data analysis showed a bandwidth e ciency increase by 2% (Internet links) and 12% (access network), and by 344% (Internet links) and 373% (access network) when using persistent and non-persistent HTTP respectively. On the other hand, the analysis showed a reduction in the average request-response delay of 25% and 53% when using persistent and non-persistent HTTP respectively. This scheme is possibly a simple and feasible solution that improves the IoT network security performance by reducing the redundancy in the TCP/IP layers security implementation

Design and Implementation of Virtual Private Services

Large scale distributed applications such as electronic commerce and online marketplaces combine network access with multiple storage and computational elements. The distributed responsibility for resource control creates new security and privacy issues, which are exacerbated by the complexity of the operating environment. In order to handle policies at multiple locations, the usual tools available (firewalls and compartmented file storage) get to be used in ways that are clumsy and prone to failure. We propose a new approach, virtual private services. Our approach relies on two functional divisions. First, we split policy specification and policy enforcement, providing local autonomy within the constraints of the global security policy. Second, we create virtual security domains, each with its own security policy. Every domain has an associated set of privileges and permissions restricting it to the resources it needs to use and the services it must perform. Virtual private services ensure security and privacy policies are adhered to through coordinated policy enforcement points. We describe our architecture and a prototype implementation, and present a preliminary performance evaluation confirming that our overhead of policy enforcement using is small

A hybrid network/host mobility management scheme for next generation networks

Includes bibliographical references.The author proposes a hybrid network/host interworking scheme to allow the MN to transition smoothly between different access networks supporting two distinct mobility approaches