11,052 research outputs found
Integrating security in a group oriented distributed system
A distributed security architecture is proposed for incorporation into group oriented distributed systems, and in particular, into the Isis distributed programming toolkit. The primary goal of the architecture is to make common group oriented abstractions robust in hostile settings, in order to facilitate the construction of high performance distributed applications that can tolerate both component failures and malicious attacks. These abstractions include process groups and causal group multicast. Moreover, a delegation and access control scheme is proposed for use in group oriented systems. The focus is the security architecture; particular cryptosystems and key exchange protocols are not emphasized
The design and implementation of a scalable secure multicast system
Multicast is an efficient way to distribute data to multiple receivers simultaneously. However, security, scalability, and group management issues still prevent the wide deployment of multicast due to the open model of multicast group membership. Our research group has developed frameworks for multicast protocols to solve these problems. Nevertheless, most work was concentrated on one aspect of the whole multicast system, and most of the achievements were architecture design, specification, and validation. In this thesis, a Scalable Secure Multicast System is designed, and a Multicast Data Security module is implemented. The Scalable Secure Multicast System, which integrates two major achievements in our research group, makes great efforts toward providing a scalable and secure multicast system for the real world. The implementation of the Multicast Data Security module proves the feasibility of proxy encryption with multicast and achieves a satisfactory performance in the Linux kernel. A new key distribution scheme based on proxy encryption is proposed to further improve the scalability and security of multicast communication
A Secure Group Communication Architecture for a Swarm of Autonomous Unmanned Aerial Vehicles
This thesis investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MatLab. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the swarm size, swarm mobility, multicast group join and departure rates are varied. The metrics include the total keys distributed over the simulation period, the average number of times an individual UAV must rekey, the average bandwidth used to rekey the swarm, and the average percentage of battery consumed by a UAV to rekey over the simulation period. The proposed security architecture can successfully be applied to a swarm of autonomous UAVs using current technology. The proposed architecture is more efficient and scalable than the other tested and commonly-used architectures. Over all the tested configurations, the proposed architecture distributes 55.2 – 94.8% fewer keys, rekeys 59.0 - 94.9% less often per UAV, uses 55.2 - 87.9% less bandwidth to rekey, and reduces the battery consumption by 16.9 – 85.4%
A Secure Group Communication Architecture for Autonomous Unmanned Aerial Vehicles
This paper investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MATLAB. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the swarm size, swarm mobility, multicast group join and departure rates are varied. The metrics include the total keys distributed over the simulation period, the average number of times an individual UAV must rekey, the average bandwidth used to rekey the swarm, and the average percentage of battery consumed by a UAV to rekey over the simulation period. The proposed security architecture can successfully be applied to a swarm of autonomous UAVs using current technology. The proposed architecture is more efficient and scalable than the other tested and commonly used architectures. Over all the tested configurations, the proposed architecture distributes 55.2–94.8% fewer keys, rekeys 59.0–94.9% less often per UAV, uses 55.2–87.9% less bandwidth to rekey, and reduces the battery consumption by 16.9–85.4%
A Secure Group Communication Architecture for Autonomous Unmanned Aerial Vehicle
This paper investigates the application of a secure group communication architecture to a swarm of autonomous unmanned aerial vehicles (UAVs). A multicast secure group communication architecture for the low earth orbit (LEO) satellite environment is evaluated to determine if it can be effectively adapted to a swarm of UAVs and provide secure, scalable, and efficient communications. The performance of the proposed security architecture is evaluated with two other commonly used architectures using a discrete event computer simulation developed using MATLAB. Performance is evaluated in terms of the scalability and efficiency of the group key distribution and management scheme when the swarm size, swarm mobility, multicast group join and departure rates are varied. The metrics include the total keys distributed over the simulation period, the average number of times an individual UAV must rekey, the average bandwidth used to rekey the swarm, and the average percentage of battery consumed by a UAV to rekey over the simulation period. The proposed security architecture can successfully be applied to a swarm of autonomous UAVs using current technology. The proposed architecture is more efficient and scalable than the other tested and commonly used architectures. Over all the tested configurations, the proposed architecture distributes 55.2–94.8% fewer keys, rekeys 59.0–94.9% less often per UAV, uses 55.2–87.9% less bandwidth to rekey, and reduces the battery consumption by 16.9–85.4%
Efficient Micro-Mobility using Intra-domain Multicast-based Mechanisms (M&M)
One of the most important metrics in the design of IP mobility protocols is
the handover performance. The current Mobile IP (MIP) standard has been shown
to exhibit poor handover performance. Most other work attempts to modify MIP to
slightly improve its efficiency, while others propose complex techniques to
replace MIP. Rather than taking these approaches, we instead propose a new
architecture for providing efficient and smooth handover, while being able to
co-exist and inter-operate with other technologies. Specifically, we propose an
intra-domain multicast-based mobility architecture, where a visiting mobile is
assigned a multicast address to use while moving within a domain. Efficient
handover is achieved using standard multicast join/prune mechanisms. Two
approaches are proposed and contrasted. The first introduces the concept
proxy-based mobility, while the other uses algorithmic mapping to obtain the
multicast address of visiting mobiles. We show that the algorithmic mapping
approach has several advantages over the proxy approach, and provide mechanisms
to support it. Network simulation (using NS-2) is used to evaluate our scheme
and compare it to other routing-based micro-mobility schemes - CIP and HAWAII.
The proactive handover results show that both M&M and CIP shows low handoff
delay and packet reordering depth as compared to HAWAII. The reason for M&M's
comparable performance with CIP is that both use bi-cast in proactive handover.
The M&M, however, handles multiple border routers in a domain, where CIP fails.
We also provide a handover algorithm leveraging the proactive path setup
capability of M&M, which is expected to outperform CIP in case of reactive
handover.Comment: 12 pages, 11 figure
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Reflections on security options for the real-time transport protocol framework
The Real-time Transport Protocol (RTP) supports a range of video conferencing, telephony, and streaming video ap- plications, but offers few native security features. We discuss the problem of securing RTP, considering the range of applications. We outline why this makes RTP a difficult protocol to secure, and describe the approach we have recently proposed in the IETF to provide security for RTP applications. This approach treats RTP as a framework with a set of extensible security building blocks, and prescribes mandatory-to-implement security at the level of different application classes, rather than at the level of the media transport protocol
- …