The Security of Lazy Users in Out-of-Band Authentication

Faced with the threats posed by man-in-the-middle attacks, messaging platforms rely on out-of-band\u27\u27 authentication, assuming that users have access to an external channel for authenticating one short value. For example, assuming that users recognizing each other\u27s voice can authenticate a short value, Telegram and WhatApp ask their users to compare $288$-bit and $200$-bit values, respectively. The existing protocols, however, do not take into account the plausible behavior of users who may be lazy\u27\u27 and only compare parts of these values (rather than their entirety). Motivated by such a security-critical user behavior, we study the security of lazy users in out-of-band authentication. We start by showing that both the protocol implemented by WhatsApp and the statistically-optimal protocol of Naor, Segev and Smith (CRYPTO \u2706) are completely vulnerable to man-in-the-middle attacks when the users consider only a half of the out-of-band authenticated value. In this light, we put forward a framework that captures the behavior and security of lazy users. Our notions of security consider both statistical security and computational security, and for each flavor we derive a lower bound on the tradeoff between the number of positions that are considered by the lazy users and the adversary\u27s forgery probability. Within our framework we then provide two authentication protocols. First, in the statistical setting, we present a transformation that converts any out-of-band authentication protocol into one that is secure even when executed by lazy users. Instantiating our transformation with a new refinement of the protocol of Naor et al. results in a protocol whose tradeoff essentially matches our lower bound in the statistical setting. Then, in the computational setting, we show that the computationally-optimal protocol of Vaudenay (CRYPTO \u2705) is secure even when executed by lazy users -- and its tradeoff matches our lower bound in the computational setting

Authentication and Key Management Automation in Decentralized Secure Email and Messaging via Low-Entropy Secrets

We revisit the problem of entity authentication in decentralized end-to-end encrypted email and secure messaging to propose a practical and self-sustaining cryptographic solution based on password-authenticated key exchange (PAKE). This not only allows users to authenticate each other via shared low-entropy secrets, e.g., memorable words, without a public key infrastructure or a trusted third party, but it also paves the way for automation and a series of cryptographic enhancements; improves security by minimizing the impact of human error and potentially improves usability. First, we study a few vulnerabilities in voice-based out-of-band authentication, in particular a combinatorial attack against lazy users, which we analyze in the context of a secure email solution. Next, we propose solving the problem of secure equality test using PAKE to achieve entity authentication and to establish a shared high-entropy secret key. Our solution lends itself to offline settings, compatible with the inherently asynchronous nature of email and modern messaging systems. The suggested approach enables enhancements in key management such as automated key renewal and future key pair authentications, multi-device synchronization, secure secret storage and retrieval, and the possibility of post-quantum security as well as facilitating forward secrecy and deniability in a primarily symmetric-key setting. We also discuss the use of auditable PAKEs for mitigating a class of online guess and abort attacks in authentication protocols

Continuous Authentication for Voice Assistants

Voice has become an increasingly popular User Interaction (UI) channel, mainly contributing to the ongoing trend of wearables, smart vehicles, and home automation systems. Voice assistants such as Siri, Google Now and Cortana, have become our everyday fixtures, especially in scenarios where touch interfaces are inconvenient or even dangerous to use, such as driving or exercising. Nevertheless, the open nature of the voice channel makes voice assistants difficult to secure and exposed to various attacks as demonstrated by security researchers. In this paper, we present VAuth, the first system that provides continuous and usable authentication for voice assistants. We design VAuth to fit in various widely-adopted wearable devices, such as eyeglasses, earphones/buds and necklaces, where it collects the body-surface vibrations of the user and matches it with the speech signal received by the voice assistant's microphone. VAuth guarantees that the voice assistant executes only the commands that originate from the voice of the owner. We have evaluated VAuth with 18 users and 30 voice commands and find it to achieve an almost perfect matching accuracy with less than 0.1% false positive rate, regardless of VAuth's position on the body and the user's language, accent or mobility. VAuth successfully thwarts different practical attacks, such as replayed attacks, mangled voice attacks, or impersonation attacks. It also has low energy and latency overheads and is compatible with most existing voice assistants

A digital signature and watermarking based authentication system for JPEG2000 images

In this thesis, digital signature based authentication system was introduced, which is able to protect JPEG2000 images in different flavors, including fragile authentication and semi-fragile authentication. The fragile authentication is to protect the image at code-stream level, and the semi-fragile is to protect the image at the content level. The semi-fragile can be further classified into lossy and lossless authentication. With lossless authentication, the original image can be recovered after verification. The lossless authentication and the new image compression standard, JPEG2000 is mainly discussed in this thesis

funcX: A Federated Function Serving Fabric for Science

Exploding data volumes and velocities, new computational methods and platforms, and ubiquitous connectivity demand new approaches to computation in the sciences. These new approaches must enable computation to be mobile, so that, for example, it can occur near data, be triggered by events (e.g., arrival of new data), be offloaded to specialized accelerators, or run remotely where resources are available. They also require new design approaches in which monolithic applications can be decomposed into smaller components, that may in turn be executed separately and on the most suitable resources. To address these needs we present funcX---a distributed function as a service (FaaS) platform that enables flexible, scalable, and high performance remote function execution. funcX's endpoint software can transform existing clouds, clusters, and supercomputers into function serving systems, while funcX's cloud-hosted service provides transparent, secure, and reliable function execution across a federated ecosystem of endpoints. We motivate the need for funcX with several scientific case studies, present our prototype design and implementation, show optimizations that deliver throughput in excess of 1 million functions per second, and demonstrate, via experiments on two supercomputers, that funcX can scale to more than more than 130000 concurrent workers.Comment: Accepted to ACM Symposium on High-Performance Parallel and Distributed Computing (HPDC 2020). arXiv admin note: substantial text overlap with arXiv:1908.0490

Kaistan ulkopuolisten todennuskanavien arviointi

One of the challenges in entirely wireless communication systems is authentication. In pervasive computing and peer-to-peer networks, it is often not possible to rely on the existence of a trusted third party or other infrastructure. Therefore, ad hoc verification of keys via an out-of-band (OOB) channel is often the only way to achieve authentication. Nimble out-of-band for EAP (EAP-NOOB) protocol is intended for bootstrapping security between IoT devices with no provisioned authentication credentials and minimal user interface. The protocol supports a user-assisted OOB channel to mutually authenticate the key-exchange performed over an insecure wireless network between the peer and the server. The protocol allows peers to scan for available networks and, based on the results, generate multiple dynamic OOB messages. The user then delivers one of these messages to the server to register the device and authenticate the key-exchange. We implemented the OOB channels using NFC, QR codes and sound with EAP-NOOB as the bootstrapping protocol. The implementation requires an auxiliary device such as the user's smartphone. We evaluated the usability and security as well as the benefits and limitations of the OOB channels. Our results show that NFC and QR codes are capable in displaying multiple OOB messages while the sound-based channel is suitable for one or two messages due to its lower bandwidth. When the peer device generates multiple OOB messages, the process becomes more complex for the user who needs to browse through them and identify the correct server. However, we showed that this cumbersome step can be removed with the help of a mobile application. Furthermore, we identified vulnerabilities in each technology when used as an OOB channel. While some of these vulnerabilities can be mitigated with the mobile application, some require more refined solutions.Yksi täysin langattomien järjestelmien haasteista on todennus. Sulautetussa tietotekniikassa sekä vertaisverkkoissa ei usein voida luottaa maailmanlaajuisesti luotettavan kolmannen osapuolen olemassaoloon. Siksi salausavainten ad hoc-varmennus erillistä tiedonsiirtokanavaa (OOB) käyttäen on usein ainoa ratkaisu turvallisen kommunikaation käynnistämiseksi. Se luo resilienssiä eri hyökkäyksiä vastaan tuomalla järjestelmään toisen, itsenäisen tiedonsiirtokanavan. EAP-NOOB protokolla on tarkoitettu IoT-laitteille, joilla on minimaalinen käyttöliittymä eikä esiasennettuja avaimia. EAP-NOOB tukee käyttäjäavustettua OOB-tiedonsiirtokanavaa, jota käytetään todentamaan suojaamattomassa verkossa suoritettu laitteen ja palvelimen keskinäinen salausavainten vaihto. Protokolla sallii laitteiden kartoittaa käytettävissä olevia verkkoja ja tuottaa sen perusteella dynaamisia todennusviestejä, jotka käyttäjä toimittaa palvelimelle laitteen rekisteröimiseksi. Tässä työssä tutkittiin EAP-NOOB protokollan OOB kanavaa käyttäen NFC:tä, QR-koodeja ja ääntä. Todennusviestin lukeminen laitteelta vaatii käyttäjältä älypuhelimen. Työssä arvioitiin toteutettujen todennuskanavien käytettävyyttä, tietoturvaa, hyötyjä sekä näitä rajoittavia tekijöitä. Työn tulokset osoittavat, että NFC ja QR-koodit soveltuvat näyttämään useita OOB-viestejä. Sen sijaan äänipohjainen kanava soveltuu vain yhdelle tai kahdelle viestille hitaamman tiedonsiirron johdosta. Kun IoT-laite tuottaa useita OOB-viestejä, käyttäjäkokemus muuttuu monimutkaisemmaksi, koska käyttäjän on tunnistettava oikea viesti ja palvelin. Työssä osoitetaan, että tämä käyttäjälle hankala vaihe voidaan välttää erillisellä mobiilisovelluksella. Lisäksi työssä tunnistettiin toteutettujen tiedonsiirtomenetelmien haavoittuvuuksia, kun niitä käytettiin OOB-kanavana. Vaikka osa näistä haavoittuvuuksista voidaan eliminoida mobiilisovelluksen avulla, jotkut niistä vaativat tehokkaampia ratkaisuja

Cybersecurity in implantable medical devices

Mención Internacional en el título de doctorImplantable Medical Devices (IMDs) are electronic devices implanted within the body to treat a medical condition, monitor the state or improve the functioning of some body part, or just to provide the patient with a capability that he did not possess before [86]. Current examples of IMDs include pacemakers and defibrillators to monitor and treat cardiac conditions; neurostimulators for deep brain stimulation in cases such as epilepsy or Parkinson; drug delivery systems in the form of infusion pumps; and a variety of biosensors to acquire and process different biosignals. Some of the newest IMDs have started to incorporate numerous communication and networking functions—usually known as “telemetry”—, as well as increasingly more sophisticated computing capabilities. This has provided implants with more intelligence and patients with more autonomy, as medical personnel can access data and reconfigure the implant remotely (i.e., without the patient being physically present in medical facilities). Apart from a significant cost reduction, telemetry and computing capabilities also allow healthcare providers to constantly monitor the patient’s condition and to develop new diagnostic techniques based on an Intra Body Network (IBN) of medical devices [25, 26, 201]. Evolving from a mere electromechanical IMD to one with more advanced computing and communication capabilities has many benefits but also entails numerous security and privacy risks for the patient. The majority of such risks are relatively well known in classical computing scenarios, though in many respects their repercussions are far more critical in the case of implants. Attacks against an IMD can put at risk the safety of the patient who carries it, with fatal consequences in certain cases. Causing an intentional malfunction of an implant can lead to death and, as recognized by the U.S. Food and Drug Administration (FDA), such deliberate attacks could be far more difficult to detect than accidental ones [61]. Furthermore, these devices store and transmit very sensitive medical information that requires protection, as dictated by European (e.g., Directive 95/46/ECC) and U.S. (e.g., CFR 164.312) Directives [94, 204]. The wireless communication capabilities present in many modern IMDs are a major source of security risks, particularly while the patient is in open (i.e., non-medical) environments. To begin with, the implant becomes no longer “invisible”, as its presence could be remotely detected [48]. Furthermore, it facilitates the access to transmitted data by eavesdroppers who simply listen to the (insecure) channel [83]. This could result in a major privacy breach, as IMDs store sensitive information such as vital signals, diagnosed conditions, therapies, and a variety of personal data (e.g., birth date, name, and other medically relevant identifiers). A vulnerable communication channel also makes it easier to attack the implant in ways similar to those used against more common computing devices [118, 129, 156], i.e., by forging, altering, or replying previously captured messages [82]. This could potentially allow an adversary to monitor and modify the implant without necessarily being close to the victim [164]. In this regard, the concerns of former U.S. vice-president Dick Cheney constitute an excellent example: he had his Implantable Cardioverter Defibrillator (ICD) replaced by another without WiFi capability [219]. While there are still no known real-world incidents, several attacks on IMDs have been successfully demonstrated in the lab [83, 133, 143]. These attacks have shown how an adversary can disable or reprogram therapies on an ICD with wireless connectivity, and even inducing a shock state to the patient [65]. Other attacks deplete the battery and render the device inoperative [91], which often implies that the patient must undergo a surgical procedure to have the IMD replaced. Moreover, in the case of cardiac implants, they have a switch that can be turned off merely by applying a magnetic field [149]. The existence of this mechanism is motivated by the need to shield ICDs to electromagnetic fields, for instance when the patient undergoes cardiac surgery using electrocautery devices [47]. However, this could be easily exploited by an attacker, since activating such a primitive mechanism does not require any kind of authentication. In order to prevent attacks, it is imperative that the new generation of IMDs will be equipped with strong mechanisms guaranteeing basic security properties such as confidentiality, integrity, and availability. For example, mutual authentication between the IMD and medical personnel is essential, as both parties must be confident that the other end is who claims to be. In the case of the IMD, only commands coming from authenticated parties should be considered, while medical personnel should not trust any message claiming to come from the IMD unless sufficient guarantees are given. Preserving the confidentiality of the information stored in and transmitted by the IMD is another mandatory aspect. The device must implement appropriate security policies that restrict what entities can reconfigure the IMD or get access to the information stored in it, ensuring that only authorized operations are executed. Similarly, security mechanisms have to be implemented to protect the content of messages exchanged through an insecure wireless channel. Integrity protection is equally important to ensure that information has not been modified in transit. For example, if the information sent by the implant to the Programmer is altered, the doctor might make a wrong decision. Conversely, if a command sent to the implant is forged, modified, or simply contains errors, its execution could result in a compromise of the patient’s physical integrity. Technical security mechanisms should be incorporated in the design phase and complemented with appropriate legal and administrative measures. Current legislation is rather permissive in this regard, allowing the use of implants like ICDs that do not incorporate any security mechanisms. Regulatory authorities like the FDA in the U.S or the EMA (European Medicines Agency) in Europe should promote metrics and frameworks for assessing the security of IMDs. These assessments should be mandatory by law, requiring an adequate security level for an implant before approving its use. Moreover, both the security measures supported on each IMD and the security assessment results should be made public. Prudent engineering practices well known in the safety and security domains should be followed in the design of IMDs. If hardware errors are detected, it often entails a replacement of the implant, with the associated risks linked to a surgery. One of the main sources of failure when treating or monitoring a patient is precisely malfunctions of the device itself. These failures are known as “recalls” or “advisories”, and it is estimated that they affect around 2.6% of patients carrying an implant. Furthermore, the software running on the device should strictly support the functionalities required to perform the medical and operational tasks for what it was designed, and no more [66, 134, 213]. In Chapter 1, we present a survey of security and privacy issues in IMDs, discuss the most relevant mechanisms proposed to address these challenges, and analyze their suitability, advantages, and main drawbacks. In Chapter 2, we show how the use of highly compressed electrocardiogram (ECG) signals (only 24 coefficients of Hadamard Transform) is enough to unequivocally identify individuals with a high performance (classification accuracy of 97% and with identification system errors in the order of 10−2). In Chapter 3 we introduce a new Continuous Authentication scheme that, contrarily to previous works in this area, considers ECG signals as continuous data streams. The proposed ECG-based CA system is intended for real-time applications and is able to offer an accuracy up to 96%, with an almost perfect system performance (kappa statistic > 80%). In Chapter 4, we propose a distance bounding protocol to manage access control of IMDs: ACIMD. ACIMD combines two features namely identity verification (authentication) and proximity verification (distance checking). The authentication mechanism we developed conforms to the ISO/IEC 9798-2 standard and is performed using the whole ECG signal of a device holder, which is hardly replicable by a distant attacker. We evaluate the performance of ACIMD using ECG signals of 199 individuals over 24 hours, considering three adversary strategies. Results show that an accuracy of 87.07% in authentication can be achieved. Finally, in Chapter 5 we extract some conclusions and summarize the published works (i.e., scientific journals with high impact factor and prestigious international conferences).Los Dispositivos Médicos Implantables (DMIs) son dispositivos electrónicos implantados dentro del cuerpo para tratar una enfermedad, controlar el estado o mejorar el funcionamiento de alguna parte del cuerpo, o simplemente para proporcionar al paciente una capacidad que no poseía antes [86]. Ejemplos actuales de DMI incluyen marcapasos y desfibriladores para monitorear y tratar afecciones cardíacas; neuroestimuladores para la estimulación cerebral profunda en casos como la epilepsia o el Parkinson; sistemas de administración de fármacos en forma de bombas de infusión; y una variedad de biosensores para adquirir y procesar diferentes bioseñales. Los DMIs más modernos han comenzado a incorporar numerosas funciones de comunicación y redes (generalmente conocidas como telemetría) así como capacidades de computación cada vez más sofisticadas. Esto ha propiciado implantes con mayor inteligencia y pacientes con más autonomía, ya que el personal médico puede acceder a los datos y reconfigurar el implante de forma remota (es decir, sin que el paciente esté físicamente presente en las instalaciones médicas). Aparte de una importante reducción de costos, las capacidades de telemetría y cómputo también permiten a los profesionales de la atención médica monitorear constantemente la condición del paciente y desarrollar nuevas técnicas de diagnóstico basadas en una Intra Body Network (IBN) de dispositivos médicos [25, 26, 201]. Evolucionar desde un DMI electromecánico a uno con capacidades de cómputo y de comunicación más avanzadas tiene muchos beneficios pero también conlleva numerosos riesgos de seguridad y privacidad para el paciente. La mayoría de estos riesgos son relativamente bien conocidos en los escenarios clásicos de comunicaciones entre dispositivos, aunque en muchos aspectos sus repercusiones son mucho más críticas en el caso de los implantes. Los ataques contra un DMI pueden poner en riesgo la seguridad del paciente que lo porta, con consecuencias fatales en ciertos casos. Causar un mal funcionamiento intencionado en un implante puede causar la muerte y, tal como lo reconoce la Food and Drug Administration (FDA) de EE.UU, tales ataques deliberados podrían ser mucho más difíciles de detectar que los ataques accidentales [61]. Además, estos dispositivos almacenan y transmiten información médica muy delicada que requiere se protegida, según lo dictado por las directivas europeas (por ejemplo, la Directiva 95/46/ECC) y estadunidenses (por ejemplo, la Directiva CFR 164.312) [94, 204]. Si bien todavía no se conocen incidentes reales, se han demostrado con éxito varios ataques contra DMIs en el laboratorio [83, 133, 143]. Estos ataques han demostrado cómo un adversario puede desactivar o reprogramar terapias en un marcapasos con conectividad inalámbrica e incluso inducir un estado de shock al paciente [65]. Otros ataques agotan la batería y dejan al dispositivo inoperativo [91], lo que a menudo implica que el paciente deba someterse a un procedimiento quirúrgico para reemplazar la batería del DMI. Además, en el caso de los implantes cardíacos, tienen un interruptor cuya posición de desconexión se consigue simplemente aplicando un campo magnético intenso [149]. La existencia de este mecanismo está motivada por la necesidad de proteger a los DMIs frete a posibles campos electromagnéticos, por ejemplo, cuando el paciente se somete a una cirugía cardíaca usando dispositivos de electrocauterización [47]. Sin embargo, esto podría ser explotado fácilmente por un atacante, ya que la activación de dicho mecanismo primitivo no requiere ningún tipo de autenticación. Garantizar la confidencialidad de la información almacenada y transmitida por el DMI es otro aspecto obligatorio. El dispositivo debe implementar políticas de seguridad apropiadas que restrinjan qué entidades pueden reconfigurar el DMI o acceder a la información almacenada en él, asegurando que sólo se ejecuten las operaciones autorizadas. De la misma manera, mecanismos de seguridad deben ser implementados para proteger el contenido de los mensajes intercambiados a través de un canal inalámbrico no seguro. La protección de la integridad es igualmente importante para garantizar que la información no se haya modificado durante el tránsito. Por ejemplo, si la información enviada por el implante al programador se altera, el médico podría tomar una decisión equivocada. Por el contrario, si un comando enviado al implante se falsifica, modifica o simplemente contiene errores, su ejecución podría comprometer la integridad física del paciente. Los mecanismos de seguridad deberían incorporarse en la fase de diseño y complementarse con medidas legales y administrativas apropiadas. La legislación actual es bastante permisiva a este respecto, lo que permite el uso de implantes como marcapasos que no incorporen ningún mecanismo de seguridad. Las autoridades reguladoras como la FDA en los Estados Unidos o la EMA (Agencia Europea de Medicamentos) en Europa deberían promover métricas y marcos para evaluar la seguridad de los DMIs. Estas evaluaciones deberían ser obligatorias por ley, requiriendo un nivel de seguridad adecuado para un implante antes de aprobar su uso. Además, tanto las medidas de seguridad implementadas en cada DMI como los resultados de la evaluación de su seguridad deberían hacerse públicos. Buenas prácticas de ingeniería en los dominios de la protección y la seguridad deberían seguirse en el diseño de los DMIs. Si se detectan errores de hardware, a menudo esto implica un reemplazo del implante, con los riesgos asociados y vinculados a una cirugía. Una de las principales fuentes de fallo al tratar o monitorear a un paciente es precisamente el mal funcionamiento del dispositivo. Estos fallos se conocen como “retiradas”, y se estima que afectan a aproximadamente el 2,6 % de los pacientes que llevan un implante. Además, el software que se ejecuta en el dispositivo debe soportar estrictamente las funcionalidades requeridas para realizar las tareas médicas y operativas para las que fue diseñado, y no más [66, 134, 213]. En el Capítulo 1, presentamos un estado de la cuestión sobre cuestiones de seguridad y privacidad en DMIs, discutimos los mecanismos más relevantes propuestos para abordar estos desafíos y analizamos su idoneidad, ventajas y principales inconvenientes. En el Capítulo 2, mostramos cómo el uso de señales electrocardiográficas (ECGs) altamente comprimidas (sólo 24 coeficientes de la Transformada Hadamard) es suficiente para identificar inequívocamente individuos con un alto rendimiento (precisión de clasificación del 97% y errores del sistema de identificación del orden de 10−2). En el Capítulo 3 presentamos un nuevo esquema de Autenticación Continua (AC) que, contrariamente a los trabajos previos en esta área, considera las señales ECG como flujos de datos continuos. El sistema propuesto de AC basado en señales cardíacas está diseñado para aplicaciones en tiempo real y puede ofrecer una precisión de hasta el 96%, con un rendimiento del sistema casi perfecto (estadístico kappa > 80 %). En el Capítulo 4, proponemos un protocolo de verificación de la distancia para gestionar el control de acceso al DMI: ACIMD. ACIMD combina dos características, verificación de identidad (autenticación) y verificación de la proximidad (comprobación de la distancia). El mecanismo de autenticación es compatible con el estándar ISO/IEC 9798-2 y se realiza utilizando la señal ECG con todas sus ondas, lo cual es difícilmente replicable por un atacante que se encuentre distante. Hemos evaluado el rendimiento de ACIMD usando señales ECG de 199 individuos durante 24 horas, y hemos considerando tres estrategias posibles para el adversario. Los resultados muestran que se puede lograr una precisión del 87.07% en la au tenticación. Finalmente, en el Capítulo 5 extraemos algunas conclusiones y resumimos los trabajos publicados (es decir, revistas científicas con alto factor de impacto y conferencias internacionales prestigiosas).Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: Arturo Ribagorda Garnacho.- Secretario: Jorge Blasco Alís.- Vocal: Jesús García López de Lacall

SBVLC:Secure Barcode-based Visible Light Communication for Smartphones

2D barcodes have enjoyed a significant penetration rate in mobile applications. This is largely due to the extremely low barrier to adoption – almost every camera-enabled smartphone can scan 2D barcodes. As an alternative to NFC technology, 2D barcodes have been increasingly used for security-sensitive mobile applications including mobile payments and personal identification. However, the security of barcode-based communication in mobile applications has not been systematically studied. Due to the visual nature, 2D barcodes are subject to eavesdropping when they are displayed on the smartphone screens. On the other hand, the fundamental design principles of 2D barcodes make it difficult to add security features. In this paper, we propose SBVLC - a secure system for barcode-based visible light communication (VLC) between smartphones. We formally analyze the security of SBVLC based on geometric models and propose physical security enhancement mechanisms for barcode communication by manipulating screen view angles and leveraging user-induced motions. We then develop three secure data exchange schemes that encode information in barcode streams. These schemes are useful in many security-sensitive mobile applications including private information sharing, secure device pairing, and contactless payment. SBVLC is evaluated through extensive experiments on both Android and iOS smartphones

Mobile IP movement detection optimisations in 802.11 wireless LANs

The IEEE 802.11 standard was developed to support the establishment of highly flexible wireless local area networks (wireless LANs). However, when an 802.11 mobile node moves from a wireless LAN on one IP network to a wireless LAN on a different network, an IP layer handoff occurs. During the handoff, the mobile node's IP settings must be updated in order to re-establish its IP connectivity at the new point of attachment. The Mobile IP protocol allows a mobile node to perform an IP handoff without breaking its active upper-layer sessions. Unfortunately, these handoffs introduce large latencies into a mobile node's traffic, during which packets are lost. As a result, the mobile node's upper-layer sessions and applications suffer significant disruptions due to this handoff latency. One of the main components of a Mobile IP handoff is the movement detection process, whereby a mobile node senses that it is attached to a new IP network. This procedure contributes significantly to the total Mobile IP handover latency and resulting disruption. This study investigates different mechanisms that aim to lower movement detection delays and thereby improve Mobile IP performance. These mechanisms are considered specifically within the context of 802.11 wireless LANs. In general, a mobile node detects attachment to a new network when a periodic IP level broadcast (advertisement) is received from that network. It will be shown that the elimination of this dependence on periodic advertisements, and the reliance instead on external information from the 802.11 link layer, results in both faster and more efficient movement detection. Furthermore, a hybrid system is proposed that incorporates several techniques to ensure that movement detection performs reliably within a variety of different network configurations. An evaluation framework is designed and implemented that supports the assessment of a wide range of movement detection mechanisms. This test bed allows Mobile IP handoffs to be analysed in detail, with specific focus on the movement detection process. The performance of several movement detection optimisations is compared using handoff latency and packet loss as metrics. The evaluation framework also supports real-time Voice over IP (VoIP) traffic. This is used to ascertain the effects that different movement detection techniques have on the output voice quality. These evaluations not only provide a quantitative performance analysis of these movement detection mechanisms, but also a qualitative assessment based on a VoIP application