AUTHENTICATED ROUTE DISCOVERY IN WIRELESS MESH NETWORKS

Techniques are presented herein to provide an efficient and secure signature scheme to authenticate route discovery in Wireless Mesh Networks (WMNs). Specifically, the techniques presented herein provide a scheme where multi-signatures are generated with cryptographic keys provided by Trusted Platform Modules (TPMs) on each Mesh Router (MR) in the WMN. The keys can protect device identities, which may secure the network devices against attacks, and, in at least some instances, the cryptographic keys can also provide authentication and encryption at the software/application level. Overall, the techniques may eliminate the need for a Key Generation Center (KGC) in the WMN and do not require MRs to cooperate to construct a signature. Thus, among other advantages, the techniques described herein may be efficient and inexpensive to implement

AUTHENTICATION OF APPLICATION FLOWS IN SOFTWARE DEFINED NETWORK DEPLOYMENTS USING A TRANSACTION MODEL

As Software Defined Networking (SDN) enables third party applications to be integrated into the architecture, a malicious application could have as much of a detrimental effect on the network as a compromised controller. In order to avoid the deployment of malicious/compromised applications, controllers and applications should establish a trusted connection and authenticate the identity of applications and their flows before exchanging control messages. Application flows may be considered network configurations sent by applications that are managed by controllers, which install network configurations into switches. Without authentication, applications may inject malicious configurations into network devices at will, which could reduce network availability, reliability, and/or even lead to a network breakdown. Presented herein are techniques involving a Transaction model that can be utilized to authenticate applications and their flows and further provide trust establishment between a controller and a switch in multi-provider SDN deployment

SECURE AND EFFICIENT METHOD TO DISTRIBUTE CONFIGURATIONS IN WIRELESS CLUSTER DEPLOYMENTS USING HYPER LEDGER

An enterprise wireless clustering deployment is comprises of cluster of Wireless Local Area Network (LAN) Controllers (WLCs), intended to provide collaborative services such as load balancing of Access Points (APs), distributed mDNS gateway, etc. Since these cluster deployments are typically very large, configuring individual WLCs is difficult. Presented herein are techniques to incorporate WLC cluster deployments with an authenticated distributed ledger to securely store the configuration and subsequent changes (e.g., only maintain changes from the previous one, using dictionary method: key-value pair to identify the difference). This avoids the use of control Datagram Transport Layer Security (DTLS) connection between AP and WLC for sharing the configuration, thereby giving access to the ledger based on the service registered by the worker WLCs or APs. For example, a worker WLC would register for services such as load balancing, mDNS gateway etc., to obtain the relevant configurations. Similarly, APs would register for wireless service to get configurations and policies based on the Site Tag (location)

SECURE AND OPTIMIZED METHOD OF PROVIDING TRUSTWORTHINESS FOR IOT SENSORS IN LOW-POWER WAN DEPLOYMENTS

Currently there are multiple ways of verifying the identity and integrity of Internet of Things (IoT) sensors based on, for example, the Trusted Computing Group’s (TCG’s) Guidance for Securing Network Equipment, software-centered approaches such as using a checksum, and using an in-band and out-of-band approaches for integrity validation. In each of these approaches, trustworthiness may be based on limited artifacts. As well, none of these approaches employ quantum resistant secure key exchange methods between a Long Range (LoRa) Wide Area Network (LoRa) (LoRaWAN) Gateway and sensors. To address these challenges techniques are presented herein that apply an attestation method to the Constrained Application Protocol (CoAP), which is used between a LoRa Gateway and sensors, to provide proof of integrity and freshness of proof of integrity (in other words, trustworthiness) to IoT sensor devices. An Attestation ID that is derived through an attestation method is shared in data traffic (i.e., in-band) securely using a Post-Quantum Cryptography (PQC) method

TRUSTWORTHINESS AMONG CONTROLLERS AND SWITCHES IN MULTI-PROVIDER SOFTWARE DEFINED NETWORK DEPLOYMENTS USING A TRUSTED PLATFORM MODULE (TPM) AND SECURE LEDGER

The OpenFlow® protocol especially OpenFlow® Discovery Protocol (OFDP) utilizes clear text Link Layer Discovery Protocol (LLDP) message exchanges to discover network topology. Such exchanges lack security and may lead to network attacks such as LLDP flooding, link fabrication, etc. Currently, the OpenFlow® protocol both in the case of discovery (OFDP) as well during subsequent communication between a controller and a switch (even with Transport Layer Security (TLS)) does not offer a way to understand whether or not a discovered controller or switch is a trustworthy device. Presented herein are techniques that provide Trusted Platform Module (TPM) and blockchain-based trust establishment for OpenFlow® protocol communications that may be utilized between controllers and switches in multi-provider software defined network (SDN) deployments

TRACEABILITY AND TROUBLESHOOTING IN WIRELESS CLUSTER DEPLOYMENTS USING PROVENANCE METADATA AND HYPER LEDGER

Techniques are described herein for enhancing traceability and troubleshooting in complex enterprise wireless cluster deployments using provenance metadata and a hyper ledger. State and event information are captured and used to reconstruct/recreate state machines and event diagrams (e.g., using Unified Modeling Language (UML)) which may be directly mapped to the code. The states and events of all Wireless Local Area Network (LAN) Controllers (WLCs) in the cluster are maintained as provenance metadata. Provenance metadata may improve troubleshooting abnormalities/issues caused by an event or state change (positive provenance), and may help in debugging issues caused by missing events (negative provenance). The metadata is maintained as a transaction in the hyper ledger of a private blockchain, which may help in troubleshooting incidents caused by attacks (e.g., repudiation attacks, etc.). The transaction records are signed by the source to provide authenticity of the information that is especially required in the absence of a Trusted Platform Module (TPM)

DISTRIBUTED POLICY MANAGEMENT FOR SERVICE PROVIDER CHAINS

Techniques are described herein to provide distributed end-to-end policy management across a chain of service provider networks (i.e., administrative domains). The techniques leverage an agent-centric framework for a fully distributed peer-to-peer network that allows nodes to maintain decentralized tamper-proof hash chains (e.g., Holochain). With this framework, the techniques are able to quickly and conveniently indicate network policies across a chain of service providers, in a distributed manner, and guarantee that requirements of the policies are met along the chain of service providers

MEDIA ACCESS CONTROL SECURITY KEY DISTRIBUTION USING BLOCKCHAIN AND PUBLIC KEY CRYPTOGRAPHY

Techniques are described herein for sophisticated authentication and encryption methods that do not require manual configuration or a centralized server. These techniques use blockchain and public key cryptography to exchange Media Access Control security (MACsec) keys securely between router links and thereby by avoid manual configuration for MACsec. This simplifies existing MACsec key configuration approaches, which use static security mode with manually-configured security keys and dynamic security mode with keys distributed from a centralized Authentication, Authorization, and Accounting (AAA) server over Extensible Authentication Protocol Transport Layer Security (EAP-TLS)

A clinical study of rate and indications of cesarean section, maternal and fetal outcomes at tertiary care center in north western Rajasthan

Background: Cesarean section is one of the most commonly performed surgeries in obstetric practice. This study aims to know the changing trends in cesarean section rates, varying indications and the maternal & fetal outcome of cesarean deliveries.Methods: Total 200 cases of cesarean section were selected including each of 100 elective and emergency groups. In these we studied and evaluated the various parameters of cesarean section, maternal morbidity, neonatal outcomes, morbidity and mortality.Results: The commonest indication for emergency cesarean section was MSL (28%) followed by previous cesarean section (27%). Mean age in elective cesarean section was 25.43±2.90 years and in emergency group it was 24.78±3.23. In present study 11 neonates of elective group had NICU admission while 64 neonates of emergency group had NICU admission. Perinatal mortality was present in 15 neonates and out of them 12 emergency groups and 3 belonged to elective group. The commonest indication for elective cesarean section was previous cesarean section (42%) followed by previous 2LSCS (15%).Conclusions: The rate of cesarean section is progressively increasing in the last 5 years. The most common indication is previous cesarean section. The outcome in elective is better than emergency

SECURE INTERNET OF THINGS ONBOARDING USING PUBLIC KEY CRYPTOGRAPHY AND DIFFIE-HELLMAN INTEGRATED ENCRYPTION SCHEME

Techniques are described for using public key cryptography and blockchain methods to automatically and securely on-board Internet of Things (IOT) devices. This is an improvement over typical approaches in which IOT devices are on-boarded to Wi-Fi® networks with a pre-shared key that could be built-in or configured through out-of-band connectivity (e.g., Bluetooth®, Wi-Fi Protected Setup (WPS), etc.)