Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas

Gestão segura de rotas numa VANET

Mestrado em Engenharia de Computadores e TelemáticaVehicular ad hoc networks (VANETs) are a specific case of ad hoc networks where nodes are vehicles. VANETs have being emerging in the last few years and are likely to play a major role in the future for a wide number of applications. Routing is essential for any ad hoc network, thus security strategies for protecting VANETs’ routing must be considered essential. In this thesis we present: (1) TROPHY (Trustworthy VANET ROuting with grouP autHentication keYs), a set of protocols to authenticate routing messages in a VANET, under highly restrictive time conditions, capable of protecting the distributed routing information; (2) loop (loop over orderly phases), an interactive simulator for testing and validating TROPHY along with a prototype of KDC (Key Distribution Center). Authorized nodes recursively receive new messages that allow them to refresh their cryptographic material and keep the authentication keys updated across the network. These messages are built in a way that any node pinpointed as lost or physically compromised will not be able to perform the refreshment using them, and so, is excluded from the routing process. Due to the use of a KDC, a central entity, where all the cryptographic material is stored, we included a mechanism to recover from any unauthorised physical access and disclosure of all that material at once, without requiring the need of human intervention on devices’ re-setup.As redes veiculares (VANETs) são um caso específico de redes ad hoc onde os nós são veículos. VANETs têm vindo a surgir nos últimos anos e é expectável que venham a desempenhar um papel importante no futuro para um grande número de aplicações. O roteamento é essencial para qualquer rede ad hoc, consequentemente, as estratégias de segurança para proteger o roteamento das VANETs devem ser consideradas essenciais. Nesta tese apresentamos: (1) TROPHY (Trustworthy VANET ROuting with grouP autHentication keYs), um conjunto de protocolos para autenticar mensagens de roteamento numa VANET, capaz de proteger as informações de roteamento distribuídas em condições de tempo altamente restritas; (2) loop (loop over orderly phases), um simulador interativo para testar e validar TROPHY juntamente com um protótipo de um KDC (Key Distribution Center). Os nós autorizados recebem recursivamente novas mensagens que lhes permitem atualizar o seu material criptográfico e manter as chaves de autenticação atualizadas na rede. Essas mensagens são construídas da forma a que qualquer nó que seja identificado como perdido ou fisicamente comprometido não seja capaz de executar a atualização, ficando assim excluído do processo de roteamento. Devido ao uso do KDC, uma entidade central, onde todo o material criptográfico é armazenado, incluímos um mecanismo para recuperar de qualquer acesso físico não autorizado e divulgação de todo esse material de uma só vez, sem exigir a intervenção humana na configuração dos dispositivos