113 research outputs found
Securing Handover in Wireless IP Networks
In wireless and mobile networks, handover is a complex process that involves multiple layers of protocol and security executions. With the growing popularity of real time communication services such as Voice of IP, a great challenge faced by handover nowadays comes from the impact of security implementations that can cause performance degradation especially for mobile devices with limited resources.
Given the existing networks with heterogeneous wireless access technologies, one essential research question that needs be addressed is how to achieve a balance between security and performance during the handover. The variations of security policy and agreement among different services and network vendors make the topic challenging even more, due to the involvement of commercial and social factors.
In order to understand the problems and challenges in this field, we study the properties of handover as well as state of the art security schemes to assist handover in wireless IP networks. Based on our analysis, we define a two-phase model to identify the key procedures of handover security in wireless and mobile networks. Through the model we analyze the performance impact from existing security schemes in terms of handover completion time, throughput, and Quality of Services (QoS). As our endeavor of seeking a balance between handover security and performance, we propose the local administrative domain as a security enhanced localized domain to promote the handover performance. To evaluate the performance improvement in local administrative domain, we implement the security protocols adopted by our proposal in the ns-2 simulation environment and analyze the measurement results based on our simulation test
Deploying ITS Scenarios Providing Security and Mobility Services Based on IEEE 802.11p Technology
Botany & plant science
Validation of the Security of Participant Control Exchanges in Secure Multicast Content Delivery
In Content Delivery Networks (CDN), as the customer base increases, a point is reached where the capacity of the network and the content server become inadequate. In extreme cases (e.g., world class sporting events), it is impossible to adequately serve the clientele, resulting in extreme customer frustration. In these circumstances, multicast content delivery is an attractive alternative. However, the issue of maintaining control over the customers is difficult.
In addition to controlling the access to the network itself, in order to control the access of users to the multicast session, an Authentication, Authorization and Accounting Framework was added to the multicast architecture. A successful authentication of the end user is a prerequisite for authorization and accounting. The Extensible Authentication Protocol (EAP) provides an authentication framework to implement authentication properly, for which more than thirty different available EAP methods exist.
While distinguishing the multicast content delivery requirements in terms of functionality and security, we will be able to choose a smaller set of relevant EAP methods accordingly. Given the importance of the role of the ultimate chosen EAP method, we will precisely compare the most likely to be useful methods and eventually pick the Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling (EAP-FAST) framework as the most suitable one.
Based on the work on receiver participant controls, we present a validation of the security of the exchanges that are required to ensure adequate control and revenue recovery
Design and Validation of a Secured Tunnel in the Automatic Multicast Tunneling (AMT) Environment
IP multicasting is a communication mechanism in which data are communicated from a server to a set of clients who are interested in receiving those data. Any client can dynamically enter or leave the communication. The main problem of this system is that every client that is interested in receiving the multicast data has to be in a multicast enabled network. The Network Working Group at the Internet Engineering Task Force (IETF) has come up with a solution to this problem. They have developed a protocol named Automatic Multicast Tunneling (AMT). This protocol offers a mechanism to enable the unicast-only clients to join and receive multicast data from a multicast enabled region through an AMT tunnel, which is formed between the two intermediate participants named Gateway and Relay. However, AMT does not provide any Participant Access Control (PAC).
Malla has designed an architecture for adding PAC at the receiver’s end in the AMT environment. His work is based on the assumption that the AMT tunnel is secure and the tunnel can recognize and pass the additional message types that his design requires. We have designed the solution to secure the AMT tunnel. We also defined the additional message types. Lastly, we validated our work using the Automated Validation of Internet Security Protocols and Applications (AVISPA) tool to ensure that our design is secure
IPv6 Network Mobility
Network Authentication, Authorization, and Accounting has
been used since before the days of the Internet as we know it
today. Authentication asks the question, “Who or what are
you?” Authorization asks, “What are you allowed to do?” And fi nally,
accounting wants to know, “What did you do?” These fundamental
security building blocks are being used in expanded ways today. The
fi rst part of this two-part series focused on the overall concepts of
AAA, the elements involved in AAA communications, and highlevel
approaches to achieving specifi c AAA goals. It was published in
IPJ Volume 10, No. 1[0]. This second part of the series discusses the
protocols involved, specifi c applications of AAA, and considerations
for the future of AAA
Internet Authentication for Remote Access
It is expected that future IP devices will employ a variety of
different network access technologies to gain ubiquitous
connectivity. Currently there are no authentication protocols
available that are lightweight, can be carried over arbitrary
access networks, and are flexible enough to be re-used in the
many different contexts that are likely to arise in future
Internet remote access. Furthermore, existing access procedures
need to be enhanced to offer protection against
Denial-of-Service (DoS) attacks, and do not provide
non-repudiation. In addition to being limited to specific
access media, some of these protocols are limited to specific
network topologies and are not scalable.
This thesis reviews the authentication infrastructure
challenges for future Internet remote access supporting
ubiquitous client mobility, and proposes a series of solutions
obtained by adapting and reinforcing security techniques
arising from a variety of different sources. The focus is on
entity authentication protocols that can be carried both by the
IETF PANA authentication carrier and by the EAP mechanisms, and
possibly making use of an AAA infrastructure. The core idea is
to adapt authentication protocols arising from the mobile
telecommunications sphere to Internet remote access. A proposal
is also given for Internet access using a public key based
authentication protocol. The subsequent security analysis of
the proposed authentication protocols covers a variety of
aspects, including: key freshness, DoS-resistance, and
"false-entity-in-the-middle" attacks, in addition to identity
privacy of users accessing the Internet via mobile devices.
This work aims primarily at contributing to ongoing research on
the authentication infrastructure for the Internet remote
access environment, and at reviewing and adapting
authentication solutions implemented in other spheres, for
instance in mobile telecommunications systems, for use in
Internet remote access networks supporting ubiquitous mobilit
- …