Global ETD Search

11	Lightweight Cryptographic Group Key Management Protocols for the Internet of Things Gebremichael, Teklay January 2019 (has links) The Internet of Things (IoT) is increasingly becoming an integral component of many applications in consumer, industrial and other areas. Notions such as smart industry, smart transport, and smart world are, in large part, enabled by IoT. At its core, the IoT is underpinned by a group of devices, such as sensors and actuators, working collaboratively to provide a required service. One of the important requirements most IoT applications are expected to satisfy is ensuring the security and privacy of users. Security is an umbrella term that encompasses notions such as confidentiality, integrity and privacy, that are typically achieved using cryptographic encryption techniques. A special form of communication common in many IoT applications is group communication, where there are two or more recipients of a given message. In or-der to encrypt a message broadcast to a group, it is required that the participating parties agree on a group key a priori. Establishing and managing a group key in IoT environments, where devices are resources-constrained and groups are dynamic, is a non-trivial problem. The problem presents unique challenges with regard to con-structing protocols from lightweight and secure primitives commensurate with the resource-constrained nature of devices and maintaining security as devices dynamically leave or join a group. This thesis presents lightweight group key management protocols proposed to address the aforementioned problem, in a widely adopted model of a generic IoT network consisting of a gateway with reasonable computational power and a set of resource-constrained nodes. The aim of the group key management protocols is to enable the gateway and the set of resource-constrained devices to establish and manage a group key, which is then used to encrypt group messages. The main problems the protocols attempt to solve are establishing a group key among participating IoT devices in a secure and computationally feasible manner; enabling additionor removal of a device to the group in a security preserving manner; and enabling generation of a group session key in an efficient manner without re-running the protocol from scratch. The main challenge in designing such protocols is ensuring that the computations that a given IoT device performs as part of participating in the protocol are computationally feasible during initial group establishment, group keyupdate, and adding or removing a node from the group. The work presented in this thesis shows that the challenge can be overcome by designing protocols from lightweight cryptographic primitives. Specifically, protocols that exploit the lightweight nature of crypto-systems based on elliptic curves and the perfect secrecy of the One Time Pad (OTP) are presented. The protocols are designed in such a way that a resource-constrained member node performs a constant number of computationally easy computations during all stages of the group key management process. To demonstrate that the protocols are practically feasible, implementation resultof one of the protocols is also presented, showing that the protocol outperforms similar state-of-the-art protocols with regard to energy consumption, execution time, memory usage and number of messages generated. / <p>Vid tidpunkten för framläggningen av avhandlingen var följande delarbete opublicerat: delarbete 3 (manuskript).</p><p>At the time of the defence the following paper was unpublished: paper 3 (manuscript).</p> / SMART (Smarta system och tjänster för ett effektivt och innovativt samhälle) Privacy and security of the IoT IoT group key management lightweight key management protocols elliptic curve cryptography proximity-based authentication Computer Sciences Datavetenskap (datalogi)
12	Ασφαλή και έμπιστα πρωτόκολλα επικοινωνιών με χρήση κρυπτογραφίας και κρυπτανάλυσης Λιάγκου, Βασιλική 24 October 2008 (has links) Στην διδακτορική διατριβή αναπτύξαμε ασφαλή και έμπιστα πρωτόκολλα επικοινωνιών εισάγοντας ένα νέο μοντέλο έμπιστου συστήματος που ικανοποιεί τις συνεχώς εξελισσόμενες απαιτήσεις των υπολογιστικών συστημάτων. Για την ανάπτυξη του μοντέλου μας συνδυάσαμε την μαθηματική λογική και τα φαινόμενα κατωφλίου που προκύπτουν ασυμπτωτικά στην ανάπτυξη των συνδυαστικών δομών. Η βασική ιδέα της διδακτορικής διατριβής είναι ότι στα δυναμικά γενικά συστήματα υπολογισμού δεν μπορεί η έννοια της εμπιστοσύνης και της ασφάλειας να είναι στατική. Πιστεύουμε ότι ένα έμπιστο και ασφαλές σύστημα θα πρέπει να μελετάται με στατιστικές, ασυμπτωτικές παραμέτρους, καθώς τα τμήματα του συστήματος εξελίσσονται. Κατά συνέπεια, ο κύριος στόχος μας είναι να καθορίσουμε την εμπιστοσύνη ως μια ιδιότητα του συστήματος που «εμφανίζεται» όταν ισχύουν ασυμπωτικά, σχεδόν βέβαια ένα σύνολο λογικών ιδιοτήτων στις τυχαίες δομές επικοινωνίας, οι οποίες διαμορφώνουν τα συστήματα υπολογισμού. Στην διδακτορική διατριβή καθορίζονται διάφορες ιδιότητες που σχετίζονται με την ασφάλεια και εμπιστοσύνη του συστήματος και εκφράζονται χρησιμοποιώντας την λογική πρώτης ή δεύτερης τάξης και ταυτόχρονα ορίζονται και οι προϋποθέσεις κάτω από τις οποίες αυτές οι ιδιότητες εμφανίζονται στο όριο τους, καθώς το σύστημα αυξάνεται. Στην παρούσα εργασία χρησιμοποιούμε μοντέλα γράφων που μπορούν ρεαλιστικά να περιγράψουν ένα δυναμικό και συνεχώς εξελισσόμενο δίκτυο και δείχνουμε ότι αυτά τα μοντέλα μπορεί να χρησιμοποιηθούν για να ικανοποιούν διάφορες ``καλές'' ιδιότητες, οι οποίες του επιτρέπουν μια ασφαλή επικοινωνία. Το τελευταίο διάστημα παρουσιάζουν αρκετό ερευνητικό και επιστημονικό ενδιαφέρον τα ασύρματά δίκτυα που χρησιμοποιούν συσκευές με μικρούς πόρους σε μνήμη και ενέργεια. Επιπλέον η διδακτορική διατριβή περιλαμβάνει τον σχεδιασμό και την υλοποίηση νέων κρυπτογραφικών πρωτοκόλλων διαχείρισης κλειδιού σε τέτοια ασύρματα δυναμικά δίκτυα . Εδώ παρουσιάζουμε κρυπτογραφικά πρωτόκολλα που είναι κατάλληλα για μια μη στατική δομή δικτύου, τα οποία δεν απαιτούν συγκεκριμένη τοπολογία δικτύου και στηρίζονται μόνο στις απλές περιορισμένου φάσματος ανταλλαγές μηνυμάτων. Για να μπορέσουμε να αναπτύξουμε αυτά τα πρωτόκολλα βασιστήκαμε σε γνωστές κρυπταναλιτικές μεθόδους χρησιμοποιώντας πρωτόκολλα κρυπτογράφησης και αποκρυπτογράφησης. Τέλος η μελέτη μας δίνει έμφαση στα πλεονεκτήματα και τα μειονεκτήματα των πρωτοκόλλων μας δεδομένης της διαθέσιμης τεχνολογίας, των αντίστοιχων κριτηρίων αποδοτικότητας (ενέργεια, χρόνος) και του παρεχόμενου επιπέδου ασφάλειας. / In this Phd thesis,, we try to use formal logic and threshold phenomena that asymptotically emerge with certainty in order to build new trust models and to evaluate the existing one. The departure point of our work is that dynamic, global computing systems are not amenable to a static viewpoint of the trust concept, no matter how this concept is formalized. We believe that trust should be a statistical, asymptotic concept to be studied in the limit as the system's components grow according to some growth rate. Thus, our main goal is to define trust as an emerging system property that ``appears'' or "disappears" when a set of properties hold, asymptotically with probability$ 0$ or $1$ correspondingly . Here we try to combine first and second order logic in order to analyze the trust measures of specific network models. Moreover we can use formal logic in order to determine whether generic reliability trust models provide a method for deriving trust between peers/entities as the network's components grow. Our approach can be used in a wide range of applications, such as monitoring the behavior of peers, providing a measure of trust between them, assessing the level of reliability of peers in a network. Wireless sensor networks are comprised of a vast number of ultra-small autonomous computing, communication and sensing devices, with restricted energy and computing capabilities, that co-operate to accomplish a large sensing task. Sensor networks can be very useful in practice. Such systems should at least guarantee the confidentiality and integrity of the information reported to the controlling authorities regarding the realization of environmental events. Therefore, key establishment is critical for the protection in wireless sensor networks and the prevention of adversaries from attacking the network. Finally in this dissertation we also propose three distributed group key establishment protocols suitable for such energy constrained networks. This dissertation is composed of two parts. Part I develops the theory of the first and second order logic of graphs - their definition, and the analysis of their properties that are expressible in the {\em first order language} of graphs. In part II we introduce some new distributed group key establishment protocols suitable for sensor networks. Several key establishment schemes are derived and their performance is demonstrated. Κρυπτογραφία Εμπιστοσύνη Ασφάλεια 005.82 Trust Security Comunication protocols Group key management protocols Sensors networks Cryptography
13	An Investigation of Group Key Management with Mobility Protocol for 5G Wireless Mobile Environment. A Case analysis of group key management security requirements with respect to wireless mobile environment of different proposed solutions Eya, Nnabuike N. January 2019 (has links) Group communication, security and 5G technology present a unique dimension of challenges and security remains crucial in the successful deployment of 5G technology across different industry. Group key management plays a vital role in secure group communication. This research work studies various group key management schemes for mobile wireless technology and then a new scheme is proposed and evaluated. The main architecture is analysed, while the components and their roles are established, trust and keying relationships are evaluated, as well as detailed functional requirements. A detailed description of the main protocols required within the scheme is also described. A numerical and simulation analysis is employed to assess the proposed scheme with regards to fulfilling the security requirement and performance requirements. The impact of group size variation, the impact of mobility rate variation are studied with regards to the average rekeying messages induced by each event and 1-affects-n phenomenon. The results obtained from the simulation experiments show that the proposed scheme outperformed other solutions with a minimal number of rekeying messages sent and less number of affected members on each event. The security requirements demonstrate that backward and forward secrecy is preserved and maintained during mobility between areas. Finally, the research work also proposes a 5G-enabled software-defined multicast network (5G-SDMNs), where software-defined networking (SDN) is exploited to dynamically manage multicast groups in 5G and mobile multicast environment. Also, mobile edge computing (MEC) is exploited to strengthen network control of 5G-SDMN. / National Open University of Nigeria Group key management 5G 1-affects-n Packet delivery Efficient communication Group communications Communication channels Wireless mobile networks Mobility Wired network
14	Efficient Group Key Management for Internet of Things Rizki, Kiki January 2016 (has links) The Internet of Things has become the next big step of a general Internetevolution, and conveys the assurance of security as one of the biggest challenge.In particular, use cases and application scenarios that adopt groupcommunication schemes need to be properly secured, in order to protect themessage exchange among group members from a number of security attacks.A typical way to achieve secure group communication relies on the adoptionof a symmetric group key shared among all the group members. This in turnrequires to rely on a group key management scheme, which is responsible forrevoking and renewing the group key when nodes join or leave the group.Due to the resource-constrained nature of typical IoT devices, the adoptedgroup key management scheme should be ecient and highly scalable withthe group size.This thesis project has been conducted in collaboration with SICS SwedishICT, a research institute with focus on applied computer science. We haveimplemented an ecient group key management protocol initially proposedand designed by SICS, considering the Contiki operating system and resourceconstrainedIoT platforms. We have also experimentally evaluated the protocolin terms of storage overhead, communication overhead, energy consumptionand total required rekeying time. / Internet of Things har blivit nästa stora steg i en generell utveckling avInternet, där en av de största utmaningarna är att garantera säkerhet.Speciellt användningsfall och applikationsscenarion som använder metoderför gruppkommunikation måste vara ordentligt säkrade, för att kunna skyddautbyte av meddelanden mellan gruppens medlemmar från ett antal attackscenarion.Ett vanligt sätt att uppnå säker gruppkommunikation baseras på användningav en symmetrisk gruppnyckel som delas av alla gruppens medlemmar.Detta i sin tur gör det nödvändigt att förlita sig på ett system för hanteringav gruppnycklar, vilket är ansvarigt för återkallning och förnyelse av nycklarnär noder går med i eller lämnar gruppen.På grund av att typiska IoT enheter har begränsade resurser måste metodensom används för hantering av gruppnycklar vara eektiv och mycketskalbar med gruppstorleken.Denna masteruppsats har utförts i samarbetet med SICS Swedish ICT,ett forskningsinstitut med fokus på applicerad datavetenskap. Vi har implementeratett eektiv protokoll för hantering av gruppnycklar ursprungligenframtaget och designat av SICS, med operativsystemet Contiki och resursbegränsade IoT-plattformar i åtanke. Vi har också experimentellt utvärderatprotokollet med hänsyn till overhead för datalagring, overhead för kommunikation,energikonsumtion och den totala tiden som krävs för förnyelse avnycklar. GREP group key management secure group communication Internet of Things GREP gruppnyckelhantering säker gruppkommunikation Internet of Things Elektroteknik och elektronik
15	Algorithms For Efficient Implementation Of Secure Group Communication Systems Rahul, S 11 1900 (has links) A distributed application may be considered as a set of nodes which are spread across the network, and need to communicate with each other. The design and implementation of these distributed applications is greatly simplified using Group Communication Systems (GCSs) which provide multipoint to multipoint communication. Hence, GCSs can be used as building blocks for implementing distributed applications. The GCS is responsible for reliable delivery of group messages and management of group membership. The peer-to-peer model and the client-server model are the two models of distributed systems for implementing GCSs. In this thesis, our focus is on improving the capability of GCS based on the client-server model. Security is an important requirement of many distributed applications. For such applications, security has to be provided m the GCS itself. The security of a GCS includes confidentiality, authentication and non-repudiation of messages, and ensuring that the GCS is properly meeting its guarantees. The complexity and cost of implementation of the above three types of security guarantees greatly depend on whether the GCS servers are trusted by the group members or not. Making use of the GCS services provided by untrusted GCS servers becomes necessary when the GCS servers are managed by a third party. In this thesis, we have proposed algorithms for ensuring the above three security guarantees for GCSs in which servers are not trusted. As part of the solution, we have proposed a new digital multisignature scheme which allows group members to verify that a message has indeed been signed by all group members. The various group key management algorithms proposed in literature differ from each other with respect to the following four metrics: communication overhead, computational overhead, storage at each member and distribution of load among group members. We identify the need for a distributed group key management algorithm which minimizes the computational overhead on group members and propose an algorithm to achieve it. Electrical Communication Engineering Computer Communication Protocol Computer Communication - Security Safe Delivery Rule Group Communication Systems Electrical Communications
16	Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications : multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications Mapoka, Trust Tshepo January 2015 (has links) Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.
17	Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications. Multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications Mapoka, Trust Tshepo January 2015 (has links) Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.
18	Design and Analysis of QoS-Aware Key Management and Intrusion Detection Protocols for Secure Mobile Group Communications in Wireless Networks Cho, Jin-Hee 10 December 2008 (has links) Many mobile applications in wireless networks such as military battlefield, emergency response, and mobile commerce are based on the notion of secure group communications. Unlike traditional security protocols which concern security properties only, in this dissertation research we design and analyze a class of QoS-aware protocols for secure group communications in wireless networks with the goal to satisfy not only security requirements in terms of secrecy, confidentiality, authentication, availability and data integrity, but also performance requirements in terms of latency, network traffic, response time, scalability and reconfigurability. We consider two elements in the dissertation research: design and analysis. The dissertation research has three major contributions. First, we develop three "threshold-based" periodic batch rekeying protocols to reduce the network communication cost caused by rekeying operations to deal with outsider attacks. Instead of individual rekeying, i.e., performing a rekeying operation right after each group membership change event, these protocols perform batch rekeying periodically. We demonstrate that an optimal rekey interval exists that would satisfy an imposed security requirement while minimizing the network communication cost. Second, we propose and analyze QoS-aware intrusion detection protocols for secure group communications in mobile ad hoc networks to deal with insider attacks. We consider a class of intrusion detection protocols including host-based and voting-based protocols for detecting and evicting compromised nodes and examine their effect on the mean time to security failure metric versus the response time metric. Our analysis reveals that there exists an optimal intrusion detection interval under which the system lifetime metric can be best traded off for the response time performance metric, or vice versa. Furthermore, the intrusion detection interval can be dynamically adjusted based on the attacker behaviors to maximize the system lifetime while satisfying a system-imposed response time or network traffic requirement. Third, we propose and analyze a scalable and efficient region-based group key management protocol for managing mobile groups in mobile ad hoc networks. We take a region-based approach by which group members are broken into region-based subgroups, and leaders in subgroups securely communicate with each other to agree on a group key in response to membership change and member mobility events. We identify the optimal regional area size that minimizes the network communication cost while satisfying the application security requirements, allowing mobile groups to react to network partition/merge events for dynamic reconfigurability and survivability. We further investigate the effect of integrating QoS-aware intrusion detection with region-based group key management and identify combined optimal settings in terms of the optimal regional size and the optimal intrusion detection interval under which the security and performance properties of the system can be best optimized. We evaluate the merits of our proposed QoS-aware security protocols for mobile group communications through model-based mathematical analyses with extensive simulation validation. We perform thorough comparative analyses against baseline secure group communication protocols which do not consider security versus performance tradeoffs, including those based on individual rekeying, no intrusion detection, and/or no-region designs. The results obtained show that our proposed QoS-aware security protocols outperform these baseline algorithms. â / Ph. D. mean time to security failure wireless networks mobile ad hoc networks secure group communications performance analysis QoS-awareness group key management intrusion detection forward secrecy backward secrecy batch rekeying

Search results