Providing Efficient and Secure Cooperative Spectrum Sensing for Multi-Channel Cognitive Radio Networks

Kasiri Mashhad, Behzad

January 2010

The focus of this thesis is on cooperative spectrum sensing and related security issues in multi-channel cognitive radio networks (MCCRNs). We first study the channel assignment for cooperative spectrum sensing in MCCRNs to maximize the number of available channels. In centralized implementation, a heuristic scheme is proposed along with a greedy scheme to reduce the reported information from the cognitive radios (CRs). In distributed scenario, a novel scheme with multi-round operation is designed following the coalitional game theory. Next, we focus on the physical layer security issues for cooperative spectrum sensing in MCCRNs, caused by Byzantine attacks. New counterattacks are proposed to combat attacks comprising coalition head and CRs as Byzantine attackers, which target to reduce the number of available channels for sensing in distributed MCCRNs. First, a new secure coalition head selection is proposed, by using statistical properties of the exchanged SNRs in the coalitions. Then, an iterative algorithm is proposed to block out attackers, if they continue attacking the system. The important problem of key management is considered next, and an energy-efficient identity-based and a certificate-based distributed key management schemes are proposed. First, a new elliptic curve cryptography (ECC)-based distributed private key generation scheme is proposed to combat the single point of failure problem along with novel distributed private key generator (DPKG) selection schemes to preserve security and energy-efficiency. Because of its importance in the proposed identity-based key management scheme, we further propose a low-complexity DPKG assignment, based on multi-objective programming, which can capture DPKG fairness in addition to energy-efficiency. Finally, a more powerful and intelligent distributed cooperative Byzantine attack on the proposed multi-channel cooperative spectrum sensing is proposed, where attackers collude by applying coalitional game theory to maximize the number of invaded channels in a distributed manner. As a remedy, a hierarchical identity-based key management scheme is proposed, in which CRs can only play on a certain number of requested channels and channel access for sensing is limited to the honest CRs selected in the coalitional game. Simulation results show that the proposed schemes can significantly improve cooperative spectrum sensing and secure the system against Byzantine attacks.

multi-channel cognitive radio networks

cooperative spectrum sensing

coalitional game theory

key management

Automated Key Rotations In a Continuous Deployment Pipeline

Rylander, Jim, Moberg, Jacob

January 2018

Background. To the best of our knowledge, there is no related work that brings up key management in Continuous Deployment. Most of the previous research within the area handles challenges and how to apply to continuous methods. Objectives. By performing this research our goal was to determine how to apply automated key rotation as a way of improving the security in a Continuous Deployment pipeline. We also wanted to compare a manual way of rotating the keys compared to an automated way. When comparing these different scenarios to a scenario where no key rotation was active we hoped to reach a conclusion of whether it is worth implementing automated key rotations in a CDE pipeline or not. Methods. By configuring different tools like GitLab, GitLab-Runner and Vagrant we created a working test pipeline. Since manual key rotation can be implemented in the CDE pipeline, the goal was to create a script that could automate the same process. In our tests we focused on the keys between GitLab and GitLab-Runner. Our tests consisted of comparing three different scenarios, a pipeline with: no, manual and automated key rotations. The three different scenarios where compared on 7 factors to help us reach a conclusion of whether automated key rotations was worth applying as a way to improve the security in a CDE pipeline. Results. With the help of tools like cURL and sshpass we managed to automate the key rotation. When we measured the different processes between no, manual and automated key rotations, the result showed us that the automated process has an average time of 1.6 seconds run time and 1.14 seconds average of server downtime. The run time is 70 times faster than the manual key rotation and has 5 times less average server downtime. Conclusions. We came to the conclusion that it is possible to use key rotation and keep the CDE process fully automated. It makes the process safer but also have the side effect of server downtime.

Security

Continuous Deployment

Key rotation

Key management

Computer Sciences

Datavetenskap (datalogi)

Key Management in Ad Hoc Networks / Nyckelhantering i Ad Hoc Nät

Fokine, Klas

January 2002

This thesis covers the issue of securing ad hoc networks. Such networks exhibit a number of characteristics that make such a task challenging. One of the major challenges is that ad hoc networks typically lack a fixed infrastructure both in form of physical infrastructure such as routers, servers and stable communication links and in the form of an organizational or administrative infrastructure. Another difficulty lies in the highly dynamic nature of ad hoc networks since new nodes can join and leave the network at any time. The major problem in providing security services in such infrastructure less networks is how to manage the cryptographic keys that are needed. In order to design practical and efficient key management systems it is necessary to understand the characteristics of ad hoc networks and why traditional key management systems cannot be used. These issues are covered and the thesis also provides a summary of those key management solutions that have been proposed in the research literature so far.

Informationsteknik

ad hoc networking

key management

network security

Informationsteknik

Computer and Information Sciences

Data- och informationsvetenskap

Bezpečná autentizace a klíčový management v Internetu věcí / Secure Authentication and Key Management in the Internet of Things

Škunda, Patrik

January 2018

This thesis deals with issues of secure authentication and key management in the Internet of Things. It describes basic protocols used in IoT, cryptographic primitives, communication technologies in IoT and end elements. It also includes a measuring the performance of cryptographic primitives on Raspberry Pi and selecting the appropriate LPWAN simulation technology. The conclusion of the work is devoted to the simulation of a LoRaWAN network

Library and Tools for Server-Side DNSSEC Implementation / Library and Tools for Server-Side DNSSEC Implementation

Včelák, Jan

January 2014

Tato práce se zabývá analýzou současných open source řešení pro zabezpečení DNS zón pomocí technologie DNSSEC. Na základě provedené rešerše je navržena a implementována nová knihovna pro použití na autoritativních DNS serverech. Cílem knihovny je zachovat výhody stávajících řešení a vyřešit jejich nedostatky. Součástí návrhu je i sada nástrojů pro správu politiky a klíčů. Funkčnost vytvořené knihovny je ukázána na jejím použití v serveru Knot DNS.

Secure Data Service Outsourcing with Untrusted Cloud

Xiong, Huijun

10 June 2013

Outsourcing data services to the cloud is a nature fit for cloud usage. However, increasing security and privacy concerns from both enterprises and individuals on their outsourced data inhibit this trend. In this dissertation, we introduce service-centric solutions to address two types of security threats existing in the current cloud environments: semi-honest cloud providers and malicious cloud customers. Our solution aims not only to provide confidentiality and access controllability of outsourced data with strong cryptographic guarantee, but, more importantly, to fulfill specific security requirements from different cloud services with effective systematic ways. To provide strong cryptographic guarantee to outsourced data, we study the generic security problem caused by semi-honest cloud providers and introduce a novel proxy-based secure data outsourcing scheme. Specifically, our scheme improves the efficiency of traditional proxy re-encryption algorithm by integrating symmetric encryption and proxy re-encryption algorithms. With less computation cost on applying re-encryption operation directly on the encrypted data, our scheme allows flexible and efficient user revocation without revealing underlying data and heavy computation in the untrusted cloud. To address specific requirement from different cloud services, we investigate two specific cloud services: cloud-based content delivery service and cloud-based data processing service. For the former one, we focus on preserving cache property in the content delivery network and propose CloudSeal, a scheme for securely and flexibly sharing and distributing content via the public cloud. With the ability of caching the major part of a stored cipher content object in the delivery network for content distribution and keeping the minor part with the data owner for content authorization, CloudSeal achieves security and efficiency both theoretically and experimentally. For the later service, we design and realize CloudSafe, a framework that supports secure and efficient data processing with minimum key leakage in the vulnerable cloud virtualization environment. Through the adoption of one-time cryptographic key strategy and a centralized key management framework, CloudSafe efficiently avoids cross-VM side channel attack from malicious cloud customers in the cloud. Our experimental results confirm the practicality and scalability of CloudSafe. / Ph. D.

Cloud Computing

Outsource Data Security

Proxy Re-encryption

Content Delivery Network

Key Management

Efficient authenticated multi-service group key management for secure wireless mobile multicast

Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O.

January 2014

No

Wireless networks

Mobile multicast communication

Security

Multi-service group key management

Private Key Allocation based Access Control Scheme for Social Networks

Srinivas, Preethi

17 August 2010

No description available.

Computer Science

Social Structure

Technology

social network

access control

key management

resource sharing

security

PARALLEL CLUSTER FORMATION FOR SECURED COMMUNICATION IN WIRELESS AD HOC NETWORKS

SHAH, VIVEK

January 2004

No description available.

Computer Science

Ad Hoc Networks

Network Security

Key Distribution

Key Management

Wireless Communications

Handover optimised authentication scheme for high mobility wireless multicast

Mapoka, Trust T., Shepherd, Simon J., Abd-Alhameed, Raed, Anoh, Kelvin O.O.

January 2015

No / In this paper a distributed handover optimized authentication scheme based on independent session key per access network (HOISKA) is developed for the decentralized multi-service group key management scheme over wireless mobile multicast. It enables a handover user Mi involved in multiple multicast service subscriptions to securely reuse the long term credential initially issued by the trusted authentication server (As) for deriving unique session keys per access network as it performs handover authentication across various access networks. The distributed nature of the scheme enables offloading the authentication function to the area network controllers (AKDs) such that As is not involved during handover exchange authentication signaling. This simplifies handover by reducing handover exchange signalling constituting to handover delays. Handover Access authentication (HAA) phase in HOISKA is presented then analyzed using the delay analytical model. The model proves efficacy by inducing minimum delays with less handover blocking probability while providing same level of security to the widely deployed handover authentication scheme.