Development of security strategies using Kerberos in wireless networks

Authentication is the primary function used to reduce the risk of illegitimate access to IT services of any organisation. Kerberos is a widely used authentication protocol for authentication and access control mechanisms. This thesis presents the development of security strategies using Kerberos authentication protocol in wireless networks, Kerberos-Key Exchange protocol, Kerberos with timed-delay, Kerberos with timed-delay and delayed decryption, Kerberos with timed-delay, delayed decryption and password encryption properties. This thesis also includes a number of other research works such as, frequently key renewal under pseudo-secure conditions and shut down of the authentication server to external access temporarily to allow for secure key exchange. A general approach for the analysis and verification of authentication properties as well as Kerberos authentication protocol are presented. Existing authentication mechanisms coupled with strong encryption techniques are considered, investigated and analysed in detail. IEEE 802.1x standard, IEEE 802.11 wireless communication networks are also considered. First, existing security and authentication approaches for Kerberos authentication protocol are critically analysed with the discussions on merits and weaknesses. Then relevant terminology is defined and explained. Since Kerberos exhibits some vulnerabilities, the existing solutions have not treated the possibilities of more than one authentication server in a strict sense. A three way authentication mechanism addresses possible solution to this problem. An authentication protocol has been developed to improve the three way authentication mechanism for Kerberos. Dynamically renewing keys under pseudo-secure situations involves a temporary interruption to link/server access. After describing and analysing a protocol to achieve improved security for authentication, an analytical method is used to evaluate the cost in terms of the degradation of system performability. Various results are presented. An approach that involves a new authentication protocol is proposed. This new approach combines delaying decryption with timed authentication by using passwords and session keys for authentication purposes, and frequent key renewal under secure conditions. The analysis and verification of authentication properties and results of the designed protocol are presented and discussed. Protocols often fail when they are analysed critically. Formal approaches have emerged to analyse protocol failures. Abstract languages are designed especially for the description of communication patterns. A notion of rank functions is introduced for analysing purposes as well. An application of this formal approach to a newly designed authentication protocol that combines delaying the decryption process with timed authentication is presented. Formal methods for verifying cryptographic protocols are created to assist in ensuring that authentication protocols meet their specifications. Model checking techniques such as Communicating Sequential Processes (CSP) and Failure Divergence Refinement (FDR) checker, are widely acknowledged for effectively and efficiently revealing flaws in protocols faster than most other contemporaries. Essentially, model checking involves a detailed search of all the states reachable by the components of a protocol model. In the models that describe authentication protocols, the components, regarded as processes, are the principals including intruder (attacker) and parameters for authentication such as keys, nonces, tickets, and certificates. In this research, an automated generation tool, CASPER is used to produce CSP descriptions. Proposed protocol models rely on trusted third parties in authentication transactions while intruder capabilities are based on possible inductions and deductions. This research attempts to combine the two methods in model checking in order to realise an abstract description of intruder with enhanced capabilities. A target protocol of interest is that of Kerberos authentication protocol. The process of increasing the strength of security mechanisms usually impacts on performance thresholds. In recognition of this fact, the research adopts an analytical method known as spectral expansion to ascertain the level of impact, and which resulting protocol amendments will have on performance. Spectral expansion is based on state exploration. This implies that it is subject, as model checking, to the state explosion problem. The performance characteristics of amended protocols are examined relative to the existing protocols. Numerical solutions are presented for all models developed

Modelling and performance evaluation of wireless and mobile communication systems in heterogeneous environments

It is widely expected that next generation wireless communication systems will be heterogeneous, integrating a wide variety of wireless access networks. Of particular interest recently is the integration of cellular networks (GSM, GPRS, UMTS, EDGE and LTE) and wireless local area networks (WLANs) to provide complementary features in terms of coverage, capacity and mobility support. These different networks will work together using vertical handover techniques and hence understanding how well these mechanisms perform is a significant issue. In this thesis, these networks are modelled to yield performance results such as mean queue lengths and blocking probabilities over a range of different conditions. The results are then analysed using network constraints to yield operational graphs based on handover probabilities to different networks. Firstly, individual networks with horizontal handover are analysed using performability techniques. The thesis moves on to look at vertical handovers between cellular networks using pure performance models. Then the integration of cellular networks and WLAN is considered. While analysing these results it became clear that the common models that were being used were subjected to handover hysteresis resulting from feedback loops in the model. A new analytical model was developed which addressed this issue but was shown to be problematic in developing state probabilities for more complicated scenarios. Guard channels analysis, which is normally used to give priority to handover traffic in mobile networks, was employed as a practical solution to the observed handover hysteresis. Overall, using different analytical techniques as well as simulation, the results of this work form an important part in the design and development of future mobile systems

3D analytical modelling and iterative solution for high performance computing clusters

Mobile Cloud Computing enables the migration of services to the edge of the Internet. Therefore, high-performance computing clusters are widely deployed to improve computational capabilities of such environments. However, they are prone to failures and need analytical models to predict their behaviour in order to deliver desired quality-of-service and quality-of-experience to mobile users. This paper proposes a 3D analytical model and a problem-solving approach for sustainability evaluation of high-performance computing clusters. The proposed solution uses an iterative approach to obtain performance measurements to overcome the state space explosion problem. The availability modelling and evaluation of master and computing nodes are performed using a multi-repairman approach. The optimum number of repairmen is also obtained to get realistic results and reduce the overall cost. The proposed model is validated using discrete event simulation. The analytical approach is much faster and in good agreement with the simulations. The analysis focuses on mean queue length, throughput, and mean response time outputs. The maximum differences between analytical and simulation results in the considered scenarios of up to a billion states are less than1.149%,3.82%, and3.76%respectively. These differences are well within the5%of confidence interval of the simulation and the proposed model

Exploring analytical models for proactive resource management in highly mobile environments

In order to provide ubiquitous communication, seamless connectivity is now required in all environments including highly mobile networks. By using vertical handover techniques it is possible to provide uninterrupted communication as connections are dynamically switched between wireless networks as users move around. However, in a highly mobile environment, traditional reactive approaches to handover are inadequate. Therefore, proactive handover techniques, in which mobile nodes attempt to determine the best time and place to handover to local networks, are actively being investigated in the context of next-generation mobile networks. Using this approach, it is possible to enhance channel allocation and resource management by using probabilistic mechanisms; because, it is possible to explicitly detect contention for resources. This paper presents a proactive approach for resource allocation in highly mobile networks and analyzed the user contention for common resources such as radio channels in highly mobile wireless networks. The proposed approach uses an analytical modelling approach to model the contention and results are obtained showing enhanced system performance. Based on these results an operational space has been explored and are shown to be useful for emerging future networks such as 5G by allowing base stations to calculate the probability of contention based on the demand for network resources. This study indicates that the proactive model enhances handover and resource allocation for highly mobile networks. This paper analyzed the effects of and alpha and beta, in effect, how these parameters affect the proactive resource allocation requests in the contention queue has been modelled for any given scenario from the conference paper "Exploring analytical models to maintain quality-of-service for resource management using a proactive approach in highly mobile environments"

Exploiting resource contention in highly mobile environments and its application to vehicular ad-hoc networks

As network resources are shared between many users, resource management must be a key part of any communication system as it is needed to provide seamless communication and to ensure that applications and servers receive their required Quality-of-Service. However, mobile environments also need to consider handover issues. Furthermore, in a highly mobile environment, traditional reactive approaches to handover are inadequate and thus proactive techniques have been investigated. Recent research in proactive handover techniques, defined two key parameters: Time Before Handover and Network Dwell Time for a mobile node in any given networking topology. Using this approach, it is possible to enhance resource management in common networks using probabilistic mechanisms because it is possible to express contention for resources in terms of: No Contention, Partial Contention and Full Contention. This proactive approach is further enhanced by the use of a contention queue to detect contention between incoming requests and those waiting for service. This paper therefore presents a new methodology to support proactive resource allocation for future networks such as Vehicular Ad-Hoc Networks. The proposed approach has been applied to a vehicular testbed and results are presented that show that this approach can improve overall network performance in mobile heterogeneous environments

An analytical approach for performance analysis of handoffs in the next generation integrated cellular networks and WLANs

The main feature of the next generation wireless communication systems is the ability to establish ubiquitous and seamless access to various radio access technologies (RATs) and standards. For this reason the integration of cellular and wireless local area networks (WLANs) and performance evaluation of the interaction between these technologies is now an important research area. Modelling such systems for performance evaluation is essential to improve the architecture according to the quality ofbservice (QoS) requirements and performance characteristics. In this paper, an analytical model for performance evaluation of an integrated cellular network and a WLAN is considered. WLAN is deployed inside of the cellular network to support handoffs between cellular networks with higher bandwidth. Such an integrated system can be modelled as a two stage open network. An analytical model is proposed together with an exact solution technique in order to evaluate the performance of an integrated system consisting of a cellular network and a WLAN. A two stage queuing system is considered for this purpose. Numerical results are presented for mean queue length values of cellular system as well as the WLAN