Global ETD Search

81	Algorithms For Efficient Implementation Of Secure Group Communication Systems Rahul, S 11 1900 (has links) A distributed application may be considered as a set of nodes which are spread across the network, and need to communicate with each other. The design and implementation of these distributed applications is greatly simplified using Group Communication Systems (GCSs) which provide multipoint to multipoint communication. Hence, GCSs can be used as building blocks for implementing distributed applications. The GCS is responsible for reliable delivery of group messages and management of group membership. The peer-to-peer model and the client-server model are the two models of distributed systems for implementing GCSs. In this thesis, our focus is on improving the capability of GCS based on the client-server model. Security is an important requirement of many distributed applications. For such applications, security has to be provided m the GCS itself. The security of a GCS includes confidentiality, authentication and non-repudiation of messages, and ensuring that the GCS is properly meeting its guarantees. The complexity and cost of implementation of the above three types of security guarantees greatly depend on whether the GCS servers are trusted by the group members or not. Making use of the GCS services provided by untrusted GCS servers becomes necessary when the GCS servers are managed by a third party. In this thesis, we have proposed algorithms for ensuring the above three security guarantees for GCSs in which servers are not trusted. As part of the solution, we have proposed a new digital multisignature scheme which allows group members to verify that a message has indeed been signed by all group members. The various group key management algorithms proposed in literature differ from each other with respect to the following four metrics: communication overhead, computational overhead, storage at each member and distribution of load among group members. We identify the need for a distributed group key management algorithm which minimizes the computational overhead on group members and propose an algorithm to achieve it. Electrical Communication Engineering Computer Communication Protocol Computer Communication - Security Safe Delivery Rule Group Communication Systems Electrical Communications
82	Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications : multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications Mapoka, Trust Tshepo January 2015 (has links) Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.
83	Contribution à la sécurité des communications des réseaux de capteurs sans fil / Contribution to the security of communications in wireless sensor networks Mansour, Ismail 05 July 2013 (has links) Les réseaux de capteurs sans fil (RCSF) sont devenus un thème porteur aussi bien pour la recherche académique que pour les activités des services de R&D en raison de leur simplicité de déploiement et de leur potentiel applicatif dans des domaines très variés (militaire, environnemental, industriel). Un RCSF est composé d'un ensemble de noeuds devant être opérationnels et autonomes énergétiquement pour de longues périodes. De ce fait ils sont limités en capacité mémoire et de calcul, et contraint à exploiter une faible puissance de transmission, ce qui en limite leur portée et rend leur débit modeste. Le besoin de sécuriser les communications dans un RCSF dépend de la criticité des données échangées pour l'application supportée. La solution doit reposer sur des échanges sûrs, confidentiels et fiables. Pour assurer la sécurisation des échanges, des techniques de cryptographie existent dans la littérature. Conçues à l'origine pour des réseaux informatiques majoritairement câblés, elles se basent généralement sur des algorithmes complexes et gourmands en ressource. Dans le cadre de cette thèse, nous avons proposé, implémenté et évalué une architecture sécurisée et dynamique adaptée aux communications des RCSF. Elle permet de garantir et de maintenir la sécurité des communications durant toute la durée de vie d'un réseau multi-saut. Nous avons utilisé et adapté des algorithmes standards de cryptographie, tels que AES-CTR et la suite d'algorithmes basée sur ECC, qui permettent à notre architecture de résister à la majorité d'attaques. Nous avons quantifié le surcoût en temps de calcul et en occupation mémoire de notre solution. Les résultats d’implémentation de notre proposition sont issus de mesures réelles faites sur une maquette réalisée à partir de cartes TelosB. / Wireless sensor networks (WSNs) have become an attractive topic for both academic research and the activity of R&D services due to their simple deployment and their potential of application in varied fields (military, environmental, industrial). A WSN is composed of a set of nodes that are supposed to operate and to be energetically autonomous for long durations. Thus, they are limited in memory and computing capacities, and constrained to function in a low-power transmission mode which limit their communication range and leave them with low data rates.The need to secure communications in a WSN depends on the criticality of the exchanged data for the supported application. The solution must be based on safe, confidential and reliable exchanges. To ensure the security of exchanges, cryptographic techniques exist in the literature. Originally designed for mostly wired computer networks, they are usually based on complex and resource-consuming algorithms. In this thesis, we have proposed, implemented and evaluated a secure and dynamic architecture suitable for WSNs communications. It ensures and maintains secured communications throughout the lifetime of a multi-hop network. We have used and adapted standard cryptographic algorithms, such as AES-CTR and algorithms based on ECC cipher suites, which allow our architecture to resist against most attacks. We have quantified the overhead of our solution in terms of computation time and memory occupancy. The results of implementation of our proposal are obtained through real measurements on testbeds using TelosB motes. Réseaux de capteurs sans fil Sécurité des communications Gestion de clés publiques Établissement de clé ECC ECDH ECAES AES-CTR Wireless sensor network Security of communications Public key management Key establishment ECC ECDH ECAES AES-CTR
84	Crypto-processor – architecture, programming and evaluation of the security / Crypto-processeur – architecture, programmation et évaluation de la sécurité Gaspar, Lubos 16 November 2012 (has links) Les architectures des processeurs et coprocesseurs cryptographiques se montrent fréquemment vulnérables aux différents types d’attaques ; en particulier, celles qui ciblent une révélation des clés chiffrées. Il est bien connu qu’une manipulation des clés confidentielles comme des données standards par un processeur peut être considérée comme une menace. Ceci a lieu par exemple lors d’un changement du code logiciel (malintentionné ou involontaire) qui peut provoquer que la clé confidentielle sorte en clair de la zone sécurisée. En conséquence, la sécurité de tout le système serait irréparablement menacée. L’objectif que nous nous sommes fixé dans le travail présenté, était la recherche d’architectures matérielles reconfigurables qui peuvent fournir une sécurité élevée des clés confidentielles pendant leur génération, leur enregistrement et leur échanges en implantant des modes cryptographiques de clés symétriques et des protocoles. La première partie de ce travail est destinée à introduire les connaissances de base de la cryptographie appliquée ainsi que de l’électronique pour assurer une bonne compréhension des chapitres suivants. Deuxièmement, nous présentons un état de l’art des menaces sur la confidentialité des clés secrètes dans le cas où ces dernières sont stockées et traitées dans un système embarqué. Pour lutter contre les menaces mentionnées, nous proposons alors de nouvelles règles au niveau du design de l’architecture qui peuvent augmenter la résistance des processeurs et coprocesseurs cryptographiques contre les attaques logicielles. Ces règles prévoient une séparation des registres dédiés à l’enregistrement de clés et ceux dédiés à l’enregistrement de données : nous proposons de diviser le système en zones : de données, du chiffreur et des clés et à isoler ces zones les unes des autres au niveau du protocole, du système, de l’architecture et au niveau physique. Ensuite, nous présentons un nouveau crypto-processeur intitulé HCrypt, qui intègre ces règles de séparation et qui assure ainsi une gestion sécurisée des clés. Mises à part les instructions relatives à la gestion sécurisée de clés, quelques instructions supplémentaires sont dédiées à une réalisation simple des modes de chiffrement et des protocoles cryptographiques. Dans les chapitres suivants, nous explicitons le fait que les règles de séparation suggérées, peuvent également être étendues à l’architecture d’un processeur généraliste et coprocesseur. Nous proposons ainsi un crypto-coprocesseur sécurisé qui est en mesure d’être utilisé en relation avec d’autres processeurs généralistes. Afin de démontrer sa flexibilité, le crypto-coprocesseur est interconnecté avec les processeurs soft-cores de NIOS II, de MicroBlaze et de Cortex M1. Par la suite, la résistance du crypto-processeur par rapport aux attaques DPA est testée. Sur la base de ces analyses, l’architecture du processeur HCrypt est modifiée afin de simplifier sa protection contre les attaques par canaux cachés (SCA) et les attaques par injection de fautes (FIA). Nous expliquons aussi le fait qu’une réorganisation des blocs au niveau macroarchitecture du processeur HCrypt, augmente la résistance du nouveau processeur HCrypt2 par rapport aux attaques de type DPA et FIA. Nous étudions ensuite les possibilités pour pouvoir reconfigurer dynamiquement les parties sélectionnées de l’architecture du processeur – crypto-coprocesseur. La reconfiguration dynamique peut être très utile lorsque l’algorithme de chiffrement ou ses implantations doivent être changés en raison de l’apparition d’une vulnérabilité Finalement, la dernière partie de ces travaux de thèse, est destinée à l’exécution des tests de fonctionnalité et des optimisations stricts des deux versions du cryptoprocesseur HCrypt / Architectures of cryptographic processors and coprocessors are often vulnerable to different kinds of attacks, especially those targeting the disclosure of encryption keys. It is well known that manipulating confidential keys by the processor as ordinary data can represent a threat: a change in the program code (malicious or unintentional) can cause the unencrypted confidential key to leave the security area. This way, the security of the whole system would be irrecoverably compromised. The aim of our work was to search for flexible and reconfigurable hardware architectures, which can provide high security of confidential keys during their generation, storage and exchange while implementing common symmetric key cryptographic modes and protocols. In the first part of the manuscript, we introduce the bases of applied cryptography and of reconfigurable computing that are necessary for better understanding of the work. Second, we present threats to security of confidential keys when stored and processed within an embedded system. To counteract these threats, novel design rules increasing robustness of cryptographic processors and coprocessors against software attacks are presented. The rules suggest separating registers dedicated to key storage from those dedicated to data storage: we propose to partition the system into the data, cipher and key zone and to isolate the zones from each other at protocol, system, architectural and physical levels. Next, we present a novel HCrypt crypto-processor complying with the separation rules and thus ensuring secure key management. Besides instructions dedicated to secure key management, some additional instructions are dedicated to easy realization of block cipher modes and cryptographic protocols in general. In the next part of the manuscript, we show that the proposed separation principles can be extended also to a processor-coprocessor architecture. We propose a secure crypto-coprocessor, which can be used in conjunction with any general-purpose processor. To demonstrate its flexibility, the crypto-coprocessor is interconnected with the NIOS II, MicroBlaze and Cortex M1 soft-core processors. In the following part of the work, we examine the resistance of the HCrypt cryptoprocessor to differential power analysis (DPA) attacks. Following this analysis, we modify the architecture of the HCrypt processor in order to simplify its protection against side channel attacks (SCA) and fault injection attacks (FIA). We show that by rearranging blocks of the HCrypt processor at macroarchitecture level, the new HCrypt2 processor becomes natively more robust to DPA and FIA. Next, we study possibilities of dynamically reconfiguring selected parts of the processor - crypto-coprocessor architecture. The dynamic reconfiguration feature can be very useful when the cipher algorithm or its implementation must be changed in response to appearance of some vulnerability. Finally, the last part of the manuscript is dedicated to thorough testing and optimizations of both versions of the HCrypt crypto-processor. Architectures of crypto-processors and crypto-coprocessors are often vulnerable to software attacks targeting the disclosure of encryption keys. The thesis introduces separation rules enabling crypto-processor/coprocessors to support secure key management. Separation rules are implemented on novel HCrypt crypto-processor resistant to software attacks targetting the disclosure of encryption keys Crypto-processeur sécurisé Crypto-coprocessuer sécurisé Gestion sécurisée des clés Règles de séparation HCrypt Reconfiguration sécurisée FPGA Secure crypto-processor Secure crypto-coprocessor Secure key management Separation rules HCrypt Secure reconfiguration FPGA
85	Location based authenticated multi-services group key management for cyber security in high speed broadband wireless multicast communications. Multi-service group key management scheme with location based handover authentication for multi-handoffs participating in multi-group service subscriptions, its performance evaluation and security correctness in high speed broadband wireless multicast communications Mapoka, Trust Tshepo January 2015 (has links) Secure information exchanges over cyberspace is on the increase due to the convergence of wireless and mobile access technologies in all businesses. Accordingly, with the proliferation of diverse multicast group service subscriptions that are possible to co-exist within a single broadband network, there is also huge demand by the mobile subscribers to ubiquitously access these services over high speed broadband using their portable devices. Likewise, the Network Providers (NPs) invest hugely in infrastructure deployment to disseminate these services efficiently and concomitantly. Therefore, cyber security in any business is obligatory to restrict access of disseminated services to only authorised personnel. This becomes a vital requirement for a successful commercialisation of exchanged group services. The standard way to achieve cyber security in a wireless mobile multicast communication environment is through confidentiality using Group Key Management (GKM).The existing GKM schemes for secure wireless multicast from literature only target single group service confidentiality; however, the adoption of multiple group service confidentiality in them involve inefficient management of keys that induce huge performance overheads unbearable for real time computing. Therefore, a novel authenticated GKM scheme for multiple multicast group subscriptions known as slot based multiple group key management (SMGKM) is proposed. In the SMGKM, the handovers move across diverse decentralised clusters of homogeneous or heterogeneous wireless access network technologies while participating in multiple group service subscriptions. Unlike the conventional art, the SMGKM advances its security by integrating location based authentication and GKM functions. Both functions are securely offloaded from the Domain Key Distributor (DKD) to the intermediate cluster controllers, Area Key Distributors (AKDs), in a distributed fashion, using the proposed location based authenticated membership list (SKDL). A significant upgrade of fast handoff performance with reduced performance overheads of the SMGKM scheme is achieved. The developed numerical analysis and the simulation results display significant resource economy in terms of reduced rekeying transmission, communication bandwidth and storage overheads while providing enhanced security. The performance of the SMGKM in a high speed environment is also evaluated and has demonstrated that SMGKM outperforms the previous work. Finally, the SMGKM correctness against various attacks is verified using BAN logic, the eminent tool for analysing the widely deployed security protocols. The security analysis demonstrates that SMGKM can counteract the security flaws and redundancies identified in the chosen related art.
86	Security Mechanisms for Mobile Ad Hoc and Wireless Sensor Networks CHENG, YI 19 September 2008 (has links) No description available. Communication Computer Science Wireless Ad Hoc Network Mobile Ad Hoc Network (MANET) Wireless Sensor Network (WSN) Routing Security Cryptography Key Management Distributed Wireless Network Hierarchical Wireless Network Sensing Coverage Secured Connectivity
87	Design and Analysis of QoS-Aware Key Management and Intrusion Detection Protocols for Secure Mobile Group Communications in Wireless Networks Cho, Jin-Hee 10 December 2008 (has links) Many mobile applications in wireless networks such as military battlefield, emergency response, and mobile commerce are based on the notion of secure group communications. Unlike traditional security protocols which concern security properties only, in this dissertation research we design and analyze a class of QoS-aware protocols for secure group communications in wireless networks with the goal to satisfy not only security requirements in terms of secrecy, confidentiality, authentication, availability and data integrity, but also performance requirements in terms of latency, network traffic, response time, scalability and reconfigurability. We consider two elements in the dissertation research: design and analysis. The dissertation research has three major contributions. First, we develop three "threshold-based" periodic batch rekeying protocols to reduce the network communication cost caused by rekeying operations to deal with outsider attacks. Instead of individual rekeying, i.e., performing a rekeying operation right after each group membership change event, these protocols perform batch rekeying periodically. We demonstrate that an optimal rekey interval exists that would satisfy an imposed security requirement while minimizing the network communication cost. Second, we propose and analyze QoS-aware intrusion detection protocols for secure group communications in mobile ad hoc networks to deal with insider attacks. We consider a class of intrusion detection protocols including host-based and voting-based protocols for detecting and evicting compromised nodes and examine their effect on the mean time to security failure metric versus the response time metric. Our analysis reveals that there exists an optimal intrusion detection interval under which the system lifetime metric can be best traded off for the response time performance metric, or vice versa. Furthermore, the intrusion detection interval can be dynamically adjusted based on the attacker behaviors to maximize the system lifetime while satisfying a system-imposed response time or network traffic requirement. Third, we propose and analyze a scalable and efficient region-based group key management protocol for managing mobile groups in mobile ad hoc networks. We take a region-based approach by which group members are broken into region-based subgroups, and leaders in subgroups securely communicate with each other to agree on a group key in response to membership change and member mobility events. We identify the optimal regional area size that minimizes the network communication cost while satisfying the application security requirements, allowing mobile groups to react to network partition/merge events for dynamic reconfigurability and survivability. We further investigate the effect of integrating QoS-aware intrusion detection with region-based group key management and identify combined optimal settings in terms of the optimal regional size and the optimal intrusion detection interval under which the security and performance properties of the system can be best optimized. We evaluate the merits of our proposed QoS-aware security protocols for mobile group communications through model-based mathematical analyses with extensive simulation validation. We perform thorough comparative analyses against baseline secure group communication protocols which do not consider security versus performance tradeoffs, including those based on individual rekeying, no intrusion detection, and/or no-region designs. The results obtained show that our proposed QoS-aware security protocols outperform these baseline algorithms. â / Ph. D. mean time to security failure wireless networks mobile ad hoc networks secure group communications performance analysis QoS-awareness group key management intrusion detection forward secrecy backward secrecy batch rekeying
88	SurvSec Security Architecture for Reliable Surveillance WSN Recovery from Base Station Failure Megahed, Mohamed Helmy Mostafa 30 May 2014 (has links) Surveillance wireless sensor networks (WSNs) are highly vulnerable to the failure of the base station (BS) because attackers can easily render the network useless for relatively long periods of time by only destroying the BS. The time and effort needed to destroy the BS is much less than that needed to destroy the numerous sensing nodes. Previous works have tackled BS failure by deploying a mobile BS or by using multiple BSs, which requires extra cost. Moreover, despite using the best electronic countermeasures, intrusion tolerance systems and anti-traffic analysis strategies to protect the BSs, an adversary can still destroy them. The new BS cannot trust the deployed sensor nodes. Also, previous works lack both the procedures to ensure network reliability and security during BS failure such as storing then sending reports concerning security threats against nodes to the new BS and the procedures to verify the trustworthiness of the deployed sensing nodes. Otherwise, a new WSN must be re-deployed which involves a high cost and requires time for the deployment and setup of the new WSN. In this thesis, we address the problem of reliable recovery from a BS failure by proposing a new security architecture called Surveillance Security (SurvSec). SurvSec continuously monitors the network for security threats and stores data related to node security, detects and authenticates the new BS, and recovers the stored data at the new BS. SurvSec includes encryption for security-related information using an efficient dynamic secret sharing algorithm, where previous work has high computations for dynamic secret sharing. SurvSec includes compromised nodes detection protocol against collaborative work of attackers working at the same time where previous works have been inefficient against collaborative work of attackers working at the same time. SurvSec includes a key management scheme for homogenous WSN, where previous works assume heterogeneous WSN using High-end Sensor Nodes (HSN) which are the best target for the attackers. SurvSec includes efficient encryption architecture against quantum computers with a low time delay for encryption and decryption, where previous works have had high time delay to encrypt and decrypt large data size, where AES-256 has 14 rounds and high delay. SurvSec consists of five components, which are: 1. A Hierarchical Data Storage and Data Recovery System. 2. Security for the Stored Data using a new dynamic secret sharing algorithm. 3. A Compromised-Nodes Detection Algorithm at the first stage. 4. A Hybrid and Dynamic Key Management scheme for homogenous network. 5. Powerful Encryption Architecture for post-quantum computers with low time delay. In this thesis, we introduce six new contributions which are the followings: 1. The development of the new security architecture called Surveillance Security (SurvSec) based on distributed Security Managers (SMs) to enable distributed network security and distributed secure storage. 2. The design of a new dynamic secret sharing algorithm to secure the stored data by using distributed users tables. 3. A new algorithm to detect compromised nodes at the first stage, when a group of attackers capture many legitimate nodes after the base station destruction. This algorithm is designed to be resistant against a group of attackers working at the same time to compromise many legitimate nodes during the base station failure. 4. A hybrid and dynamic key management scheme for homogenous network which is called certificates shared verification key management. 5. A new encryption architecture which is called the spread spectrum encryption architecture SSEA to resist quantum-computers attacks. 6. Hardware implementation of reliable network recovery from BS failure. The description of the new security architecture SurvSec components is done followed by a simulation and analytical study of the proposed solutions to show its performance. Surveillance Wireless Sensor Network Security manager (SM) Backup security manager (BKSM) Network trustworthiness Efficient dynamic secret sharing Distributed users tables (DUT) Node compromise attack Hybrid key management Dynamic key management Homogenous network High end Sensor Nodes (HSNs) Network scalability Network connectivity Unpredictability principal PRNG Resistant to quantum computer
89	SurvSec Security Architecture for Reliable Surveillance WSN Recovery from Base Station Failure Megahed, Mohamed Helmy Mostafa January 2014 (has links) Surveillance wireless sensor networks (WSNs) are highly vulnerable to the failure of the base station (BS) because attackers can easily render the network useless for relatively long periods of time by only destroying the BS. The time and effort needed to destroy the BS is much less than that needed to destroy the numerous sensing nodes. Previous works have tackled BS failure by deploying a mobile BS or by using multiple BSs, which requires extra cost. Moreover, despite using the best electronic countermeasures, intrusion tolerance systems and anti-traffic analysis strategies to protect the BSs, an adversary can still destroy them. The new BS cannot trust the deployed sensor nodes. Also, previous works lack both the procedures to ensure network reliability and security during BS failure such as storing then sending reports concerning security threats against nodes to the new BS and the procedures to verify the trustworthiness of the deployed sensing nodes. Otherwise, a new WSN must be re-deployed which involves a high cost and requires time for the deployment and setup of the new WSN. In this thesis, we address the problem of reliable recovery from a BS failure by proposing a new security architecture called Surveillance Security (SurvSec). SurvSec continuously monitors the network for security threats and stores data related to node security, detects and authenticates the new BS, and recovers the stored data at the new BS. SurvSec includes encryption for security-related information using an efficient dynamic secret sharing algorithm, where previous work has high computations for dynamic secret sharing. SurvSec includes compromised nodes detection protocol against collaborative work of attackers working at the same time where previous works have been inefficient against collaborative work of attackers working at the same time. SurvSec includes a key management scheme for homogenous WSN, where previous works assume heterogeneous WSN using High-end Sensor Nodes (HSN) which are the best target for the attackers. SurvSec includes efficient encryption architecture against quantum computers with a low time delay for encryption and decryption, where previous works have had high time delay to encrypt and decrypt large data size, where AES-256 has 14 rounds and high delay. SurvSec consists of five components, which are: 1. A Hierarchical Data Storage and Data Recovery System. 2. Security for the Stored Data using a new dynamic secret sharing algorithm. 3. A Compromised-Nodes Detection Algorithm at the first stage. 4. A Hybrid and Dynamic Key Management scheme for homogenous network. 5. Powerful Encryption Architecture for post-quantum computers with low time delay. In this thesis, we introduce six new contributions which are the followings: 1. The development of the new security architecture called Surveillance Security (SurvSec) based on distributed Security Managers (SMs) to enable distributed network security and distributed secure storage. 2. The design of a new dynamic secret sharing algorithm to secure the stored data by using distributed users tables. 3. A new algorithm to detect compromised nodes at the first stage, when a group of attackers capture many legitimate nodes after the base station destruction. This algorithm is designed to be resistant against a group of attackers working at the same time to compromise many legitimate nodes during the base station failure. 4. A hybrid and dynamic key management scheme for homogenous network which is called certificates shared verification key management. 5. A new encryption architecture which is called the spread spectrum encryption architecture SSEA to resist quantum-computers attacks. 6. Hardware implementation of reliable network recovery from BS failure. The description of the new security architecture SurvSec components is done followed by a simulation and analytical study of the proposed solutions to show its performance. Surveillance Wireless Sensor Network Security manager (SM) Backup security manager (BKSM) Network trustworthiness Efficient dynamic secret sharing Distributed users tables (DUT) Node compromise attack Hybrid key management Dynamic key management Homogenous network High end Sensor Nodes (HSNs) Network scalability Network connectivity Unpredictability principal PRNG Resistant to quantum computer
90	Efficient Key Management, and Intrusion Detection Protocols for Enhancing Security in Mobile Ad Hoc Networks Maity, Soumyadev January 2014 (has links) (PDF) Security of communications is a major requirement for Mobile Adhoc NETworks(MANETs) since they use wireless channel for communications which can be easily tapped, and physical capture of MANET nodes is also quite easy. From the point of view of providing security in MANETs, there are basically two types of MANETs, viz., authoritarian MANETs, in which there exist one or more authorities who decide the members of the network, and self-organized MANETs, in which there is no such authority. Ensuring security of communications in the MANETs is a challenging task due to the resource constraints and infrastructure-less nature of these networks, and the limited physical security of MANET nodes. Attacks on security in a MANET can be launched by either the external attackers which are not legitimate members of the MANET or the internal attackers which are compromised members of the MANET and which can hold some valid security credentials or both. Key management and authentication protocols(KM-APs)play an important role in preventing the external attackers in a MANET. However, in order to prevent the internal attackers, an intrusion detection system(IDS) is essential. The routing protocols running in the network layer of a MANET are most vulnerable to the internal attackers, especially to the attackers which launch packet dropping attack during data packet forwarding in the MANET. For an authoritarian MANET, an arbitrated KM-AP protocol is perfectly suitable, where trusts among network members are coordinated by a trusted authority. Moreover, due to the resource constraints of a MANET, symmetric key management protocols are more efficient than the public key management protocols in authoritarian MANETs. The existing arbitrated symmetric key management protocols in MANETs, that do not use any authentication server inside the network are susceptible to identity impersonation attack during shared key establishments. On the other hand, the existing server coordinated arbitrated symmetric key management protocols in MANETs do not differentiate the role of a membership granting server(MGS) from the role of an authentication server, and so both are kept inside the network. However, keeping the MGS outside the network is more secure than keeping it inside the network for a MANET. Also, the use of a single authentication server inside the network cannot ensure robustness against authentication server compromise. In self-organized MANETs, public key management is more preferable over symmetric key management, since the distribution of public keys does not require a pre-established secure channel. The main problem for the existing self-organized public key management protocols in MANETs is associated with the use of large size certificate chains. Besides, the proactive certificate chaining based approaches require each member of a MANET to maintain an updated view of the trust graph of the entire network, which is highly resource consuming. Maintaining a hierarchy of trust relationships among members of a MANET is also problematic for the same reason. Evaluating the strength of different alternative trust chains and restricting the length of a trust chain used for public key verification is also important for enhancing the security of self-organized public key management protocols. The existing network layer IDS protocols in MANETs that try to defend against packet dropping attack use either a reputation based or an incentive based approach. The reputation based approaches are more effective against malicious principals than the incentive based approaches. The major problem associated with the existing reputation based IDS protocols is that they do not consider the protocol soundness issue in their design objectives. Besides, most of the existing protocols incorporate no mechanism to fight against colluding principals. Also, an IDS protocol in MANETs should incorporate some secure and efficient mechanism to authenticate the control packets used by it. In order to mitigate the above mentioned problems in MANETs, we have proposed new models and designed novel security protocols in this thesis that can enhance the security of communications in MANETs at lesser or comparable cost. First, in order to perform security analysis of KM-AP protocols, we have extended the well known strand space verification model to overcome some of its limitations. Second, we have proposed a model for the study of membership of principals in MANETs with a view to utilize the concept for analyzing the applicability and the performance of KM-AP protocols in different types of MANETs. Third and fourth, we have proposed two novel KM-AP protocols, SEAP and CLPKM, applicable in two different types of MANET scenarios. The SEAP protocol is an arbitrated symmetric key management protocol designed to work in an authoritarian MANET, whereas the CLPKM protocol is a self-organized public key management protocol designed for self-organized MANETs. Fifth, we have designed a novel reputation based network layer IDS protocol, named EVAACK protocol, for the detection of packet dropping misbehavior in MANETs. All of the three proposed protocols try to overcome the limitations of the existing approaches in their respective categories. We have provided rigorous mathematical proofs for the security properties of the proposed protocols. Performance of the proposed protocols have been compared with those of the other existing similar approaches using simulations in the QualNet simulator. In addition, we have also implemented the proposed SEAP and CLPKM protocols on a real MANET test bed to test their performances in real environments. The analytical, simulation and experimentation results confirm the effectiveness of the proposed schemes. Mobile Ad Hoc Networks (MANET) Mobile Ad Hoc Network Security Intrusion Detection Systems (IDSs) Extended Strand Space Model Intrusion Detection Protocols MANETs Strand Space Model Intrusion Detection Systems (IDSs) Communication Engineering

Search results