Factors Impacting Key Management Effectiveness in Secured Wireless Networks

The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This research seeks to identify best practices in securing networks which may be applied to new network architectures

An Efficient Polynomial-based Filtering Against False Data Injection Attack in CPNS

Cyber Physical Network System (CPNS) is gaining lot of attention in many applications like, transportation networks, vehicular networks, life-critical applications and many more. Hence, the system needs to be protected from various kinds of attacks that degrade the system’s performance. There are many different types of attacks that are possible on cyber physical systems, among them false data injection attack is a serious threat to the system’s security. In this type of attack, the adversary compromises sensor nodes, inject false data and send them to the controller through compromised nodes. This makes the controller to estimate wrong system states which leads to various serious issues. Therefore, the false data must be filtered out before it reaches the sink. If all the false data flow towards the controller then it will be bottle neck to filter all the false data and this could paralyze the network. To resolve this issue many filtering schemes have been developed in the past, all use Message Authentication Codes (MACs) for report endorsement and en-route filtering. But they are not suitable for CPNS because of static routes and lack resilience to the number of compromised nodes. Hence, an enhanced scheme has been proposed which uses polynomials instead of MAC for report endorsement and also uses bloom filtering along with en-route filtering. Hence, this achieves high resilience to the number of compromised nodes and achieves high filtering efficiency

Performance Analysis and Design of Mobile Ad-Hoc Networks

We focus on the performance analysis and design of a wireless ad-hoc network using a virtual-circuit or reservation based medium access layer. In a reservation based MAC network, source nodes reserve a session's link capacity end-to-end over the entire path before sending traffic over the established path. An example of a generic reservation based MAC protocol is Unifying Slot Assignment Protocol (USAP). Any reservation based medium access protocol (including USAP) uses a simple set of rules to determine the cells or timeslots available at a node to reserve link capacity along the path to the next node. Given inputs of node locations, traffic pattern between nodes and link propagation matrices, we develop models to estimate blocking probability and throughput for reservation based wireless ad-hoc networks. These models are based on extending reduced load loss network models for a wireless network. For generic USAP with multiple frequency channels, the key effect of multiuser interference on a link is modeled via reduced available link capacity where the effects of transmissions and receptions in the link neighborhood are modeled using USAP reservation rules. We compare our results with simulation and obtain good results using our extended reduced load loss network models but with reduced available link capacity distribution obtained by simulation. For the case of generic USAP using a single frequency channel, we develop models for unicast traffic using reduced load loss network models but with the sharing of the wireless medium between a node and its neighbors modeled by considering cliques of neighboring interfering links around a particular link. We compare results of this model with simulation and show good match. We also develop models to calculate source-destination throughput for the reservation MAC as used in the Joint Tactical Radio System to support both unicast and multicast traffic. These models are based on extending reduced load loss network models for wireless multicast traffic with the sharing of the wireless medium between a node and its (upto 2 hop) neighbors modeled by considering cliques of interfering nodes around a particular node. We compare results of this model with simulation and show good match with simulation. Once we have developed models to estimate throughput and blocking probabilities, we use these models to optimize total network throughput. In order to optimize total throughput, we compute throughput sensitivities of the reduced load loss network model using an implied cost formulation and use these sensitivities to choose the routing probabilities among multiple paths so that total network throughput is maximized. In any network scenario, MANETs can get disconnected into clusters. As part of the MANET design problem, we look at the problem of establishing network connectivity and satisfying required traffic capacity between disconnected clusters by placing a minimum number of advantaged high flying Aerial Platforms (APs) as relay nodes at appropriate places. We also extend the connectivity solution in order to make the network single AP survivable. The problem of providing both connectivity and required capacity between disconnected ground clusters (which contain nodes that can communicate directly with each other) is formulated as a summation-form clustering problem of the ground clusters with the APs along with inter-AP distance constraints that make the AP network connected and with complexity costs that take care of ground cluster to AP capacity constraints. The resultant clustering problem is solved using Deterministic Annealing to find (near) globally optimal solutions for the minimum number and locations of the APs to establish connectivity and provide required traffic capacity between disconnected clusters. The basic connectivity constraints are extended to include conditions that make the resultant network survivable to a single AP failure. In order to make the network single AP survivable, we extend the basic connectivity solution by adding another summation form constraint so that the AP network forms a biconnected network and also by making sure that each ground cluster is connected to atleast two APs. We establish the validity of our algorithms by comparing them with optimal exhaustive search algorithms and show that our algorithms are near-optimal for the problem of establishing connectivity between disconnected clusters

GPRKEY - A NOVEL GROUP KEY REKEYING TECHNIQUE FOR MANET

A Mobile Ad hoc Network (MANET) is a collection of autonomous nodes or mobile devices that can arrange themselves in various ways and work without strict network administration. Ensuring security in mobile ad hoc networks is a challenging issue and most of the applications in mobile ad hoc networks involve group oriented communication. Mostly cryptographic techniques are used to provide the security to MANETs. Cryptographic techniques will not be efficient security mechanism if the key management is weak. The issue of packet loss in MANET that is caused due to multi casting and backward and forward secrecy results in mobility. Hence, we investigate on this issue and propose a method to overcome this scenario. On analysing the situation we find that frequent rekeying leads to huge message overhead and hence increases energy utilization. With the existing key management techniques it causes frequent disconnections and mobility issues. Therefore, an efficient multi casting group key management will help to overcome the above problems. In this paper we propose a novel group key rekeying technique named GPRKEY (Group key with Periodic ReKEYing) deal with scalability issue of rekeying and also analyze the performance of the newly proposed key management method using key trees. In this approach we use the periodic rekeying to enhance the scalability and avoid out of sync problems. We use sub trees and combine them using the merging algorithm and periodic re-keying algorithm. The GPRKEY is evaluated through NS-2 simulation and compared with existing key management techniques OFT (One-way Function Tree) and LKH (Logical Key Hierarchy). The security and performance of rekeying protocols are analyzed through detailed study and simulation

Solutions and Tools for Secure Communication in Wireless Sensor Networks

Secure communication is considered a vital requirement in Wireless Sensor Network (WSN) applications. Such a requirement embraces different aspects, including confidentiality, integrity and authenticity of exchanged information, proper management of security material, and effective prevention and reaction against security threats and attacks. However, WSNs are mainly composed of resource-constrained devices. That is, network nodes feature reduced capabilities, especially in terms of memory storage, computing power, transmission rate, and energy availability. As a consequence, assuring secure communication in WSNs results to be more difficult than in other kinds of network. In fact, trading effectiveness of adopted solutions with their efficiency becomes far more important. In addition, specific device classes or technologies may require to design ad hoc security solutions. Also, it is necessary to efficiently manage security material, and dynamically cope with changes of security requirements. Finally, security threats and countermeasures have to be carefully considered since from the network design phase. This Ph.D. dissertion considers secure communication in WSNs, and provides the following contributions. First, we provide a performance evaluation of IEEE 802.15.4 security services. Then, we focus on the ZigBee technology and its security services, and propose possible solutions to some deficiencies and inefficiencies. Second, we present HISS, a highly scalable and efficient key management scheme, able to contrast collusion attacks while displaying a graceful degradation of performance. Third, we present STaR, a software component for WSNs that secures multiple traffic flows at the same time. It is transparent to the application, and provides runtime reconfigurability, thus coping with dynamic changes of security requirements. Finally, we describe ASF, our attack simulation framework for WSNs. Such a tool helps network designers to quantitatively evaluate effects of security attacks, produce an attack ranking based on their severity, and thus select the most appropriate countermeasures

Network Virtualization Over Elastic Optical Networks: A Survey of Allocation Algorithms

Network virtualization has emerged as a paradigm for cloud computing services by providing key functionalities such as abstraction of network resources kept hidden to the cloud service user, isolation of different cloud computing applications, flexibility in terms of resources granularity, and on‐demand setup/teardown of service. In parallel, flex‐grid (also known as elastic) optical networks have become an alternative to deal with the constant traffic growth. These advances have triggered research on network virtualization over flex‐grid optical networks. Effort has been focused on the design of flexible and virtualized devices, on the definition of network architectures and on virtual network allocation algorithms. In this chapter, a survey on the virtual network allocation algorithms over flexible‐grid networks is presented. Proposals are classified according to a taxonomy made of three main categories: performance metrics, operation conditions and the type of service offered to users. Based on such classification, this work also identifies open research areas as multi‐objective optimization approaches, distributed architectures, meta‐heuristics, reconfiguration and protection mechanisms for virtual networks over elastic optical networks

Node Location in the ZigBee Network

Tato diplomová práce se zabývá problematikou lokalizace uzlů v bezdrátové senzorové síti  WSN (Wireless Sensor Network) postavené na technologii ZigBee. Práce poskytuje popis architektury ZigBee včetně popisu signálů. Metoda určování souřadnic není principiálně závislá na použitých měřících metodách. Samostatnou kategorii tvoří metoda otisku (fingerprinting), která je založena pouze na statistickém zpracování dat RSSI (Received Signal Strenght Indicator). Určení souřadnic pohyblivého uzlu vyžaduje vždy zjištění vzdálenosti (ToA), času příchodu signálu nebo úhlu dopadu signálu (AoA) vzhledem k několika pevným uzlům v závislosti na počtu souřadnic. Autor nalezl tři možná řešení měření vzdálenosti a jedno řešení měření úhlu dopadu signálu použitelná v kontextu bezdrátových senzorových sítí ZigBee. Diskutuje pak možnosti a omezení sítě v závislosti na použitém typu měření.The master thesis is concerned with problem of localization of nodes in wireless sensor network WSN implemented by ZigBee technology. The thesis provide description of ZigBee architecture involving signal description. The method of evaluating coordinates basically do not depend on used measuring methods. The method  of fingerprinting is included in separated category based on only statistical processing of RSSI data. Determination of coordinates of mobile node always needs finding out range, signal time of arrival (ToA) or angle of arrival (AoA) in respect to anchors node given dimension magnitude. The author found out three possible solutions for range measuring and one solution for angle of arrival measuring useable in context of ZigBee wireless sensor network. Finally the author discuss possibilities and constraints of ZigBee network with used measuring type.