LHAP: A lightweight network access control protocol for ad hoc networks

Most ad hoc networks do not implement any network access control, leaving these networks vulnerable to resource consumption attacks where a malicious node injects packets into the network with the goal of depleting the resources of the nodes relaying the packets. To thwart or prevent such attacks, it is necessary to employ authentication mechanisms to ensure that only authorized nodes can inject traffic into the network. We propose LHAP, a hop-by-hop authentication protocol for ad hoc networks. LHAP resides in between the network layer and the data link layer, thus providing a layer of protection that can prevent or thwart many attacks from happening, including outsider attacks and insider impersonation attacks. Our detailed performance evaluation shows that LHAP incurs small performance overhead and it also allows a tradeoff between security and performance.     

Quality-Optimized and Secure End-to-End Authentication for Media Delivery

The need for security services, such as confidentiality and authentication, has become one of the major concerns in multimedia communication applications, such as video on demand and peer-to-peer content delivery. Conventional data authentication cannot be directly applied for streaming media when an unreliable channel is used and packet loss may occur. This paper begins by reviewing existing end-to-end media authentication schemes, which can be classified into stream-based and content-based techniques. We then motivate and describe how to design authentication schemes for multimedia delivery that exploit the unequal importance of different packets. By applying conventional cryptographic hashes and digital signatures to the media packets, the system security is similar to that achievable in conventional data security. However, instead of optimizing packet verification probability, we optimize the quality of the authenticated media, which is determined by the packets that are received and able to be decoded and authenticated. The quality of the authenticated media is optimized by allocating the authentication resources unequally across streamed packets based on their relative importance, thereby providing unequal authenticity protection. The effectiveness of this approach is demonstrated through experimental results on different media types (image and video), different compression standards (JPEG, JPEG2000, and H.264), and different channels (wired with packet erasures and wireless with bit errors).     

Machine Learning Protocol for Secure 5G Handovers

The fifth generation (5G) networks are characterized with ultra-dense deployment of base stations with limited footprint. Consequently, user equipment’s handover frequently as they move within 5G networks. In addition, 5G requirements of ultra-low latencies imply that handovers should be executed swiftly to minimize service disruptions. To preserve security and privacy while at the same time maintaining optimal performance during handovers, numerous schemes have been developed. However, majority of these techniques are either limited to security and privacy or address only performance aspect of the handover mechanism. As such, there is need for a novel handover authentication protocol that addresses security, privacy and performance simultaneously. This paper presents a machine learning protocol that not only facilitates optimal selection of target cell but also upholds both security and privacy during handovers. Formal security analysis using the widely adopted Burrows–Abadi–Needham (BAN) logic shows that the proposed protocol achieves all the six formulated under this proof. As such, the proposed protocol facilitates strong and secure mutual authentication among the communicating entities before generating the shares session key. The derived session key protected the exchanged packets to avert attacks such as forgery. In addition, informal security evaluation of the proposed protocol shows that it offers perfect forward key secrecy, mutual authentication any user anonymity. It is also demonstrated to be robust against attacks such as denial of service (DoS), man-in-the-middle (MitM), masquerade, packet replays and forgery. In terms of performance, simulation results shows that it has lower packets drop rate and ping–pong rate, with higher ratio of packets received compared with improved 5G authentication and key agreement (5G AKA’) protocol. Specifically, using 5G AKA’ as the basis, the proposed protocol reduces the handover rate by 94.4%, hence the resulting handover signaling is greatly minimized.

     

A Network Coding Scheme to Improve Throughput for IEEE 802.11 WLAN

In IEEE 802.11 infrastructure wireless local area network (WLAN), the communication between any two nodes is relayed by an access point (AP), which becomes the bottleneck of WLAN and severely restricts the overall throughput. It is well known that network coding technique is able to greatly improve the throughput of wireless networks. But, the available coding schemes do not make full advantage of channel capacity due to the fact that they pick at most one packet from each data flow for coding and the picked packets may have a great difference in packet size, wasting some channel capacity. To remedy the problem, in this paper, we propose the coding scheme that combines multiple buffered packets in one flow into a larger packet for coding so that the packets participating in coding have close sizes. We formulate an integer programming problem to find the optimal packet coding, which is solved by an optimal algorithm with relative high time complexity together with a heuristic algorithm with relative low time complexity. Simulation results show that the proposed coding scheme is able to greatly improve the throughput of WLAN and the throughput gain increases with the growth of the number of coding flows.     

Joint packet scheduling and dynamic base station assignment for CDMA data networks

In current code division multiple access (CDMA) based wireless systems, a base station (BS) schedules packets independently of its neighbours, which may lead to resource wastage and the degradation of the system's performance. In wireless networks, in order to achieve an efficient packet scheduling, there are two conflicting performance metrics that have to be optimized: throughput and fairness. Their maximization is a key goal, particularly in next-generation wireless networks. This paper proposes joint packet scheduling and BS assignment schemes for a cluster of interdependent neighbouring BSs in CDMA-based wireless networks, in order to enhance the system performance through dynamic load balancing. The proposed schemes are based on sector subdivision in terms of average required resource per mobile station and utility function approach. The fairness is achieved by minimizing the variance of the delay for the remaining head-of-queue packets. Inter-cell and intra-cell interferences from scheduled packets are also minimized in order to increase the system capacity and performance. The simulation results show that our proposed schemes perform better than existing schemes available in the open literature. Copyright © 2007 John Wiley & Sons, Ltd.     

Media Synchronization and QoS Packet Scheduling Algorithms for Wireless Systems

Wireless multimedia synchronization is concerned with distributed multimedia packets such as video, audio, text and graphics being played-out onto the mobile clients via a base station (BS) that services the mobile client with the multimedia packets. Our focus is on improving the Quality of Service (QoS) of the mobile client's on-time-arrival of distributed multimedia packets through network multimedia synchronization. We describe a media synchronization scheme for wireless networks, and we investigate the multimedia packet scheduling algorithms at the base station to accomplish our goal. In this paper, we extend the media synchronization algorithm by investigating four packet scheduling algorithms: First-In-First-Out (FIFO), Highest-Priority-First (PQ), Weighted Fair-Queuing (WFQ) and Round-Robin (RR). We analyze the effect of the four packet scheduling algorithms in terms of multimedia packet delivery time and the delay between concurrent multimedia data streams. We show that the play-out of multimedia units on the mobile clients by the base station plays an important role in enhancing the mobile client's quality of service in terms of intra-stream synchronization and inter-stream synchronization. Our results show that the Round-Robin (RR) packet scheduling algorithm is, by far, the best of the four packet scheduling algorithms in terms of mobile client buffer usage. We analyze the four packet scheduling algorithms and make a correlation between play-out of multimedia packets, by the base station, onto the mobile clients and wireless network multimedia synchronization. We clarify the meaning of buffer usage, buffer overflow, buffer underflow, message complexity and multimedia packet delay in terms of synchronization between distributed multimedia servers, base stations and mobile clients.     

Delay analysis for forward signaling channels in wireless cellularnetwork

We consider connection-oriented wireless cellular networks. Such second generation systems are circuit-switched digital networks which employ dedicated radio channels for the transmission of signaling information. A forward signaling channel is a common signaling channel assigned to carry the multiplexed stream of paging and channel-allocation packets from a base station to the mobile stations. Similarly, for ATM wireless networks, paging and virtual-circuit-allocation packets are multiplexed across the forward signaling channels as part of the virtual-circuit set-up phase. The delay levels experienced by paging and channel-allocation packets are critical factors in determining the efficient utilization of the limited radio channel capacity. A multiplexing scheme operating in a “slotted mode” can lead to reduced power consumption at the handsets, but may in turn induce an increase in packet delays. In this paper, focusing on forward signaling channels, we present schemes for multiplexing paging and channel-allocation packets across these channels, based on channelization plans, access priority assignments and paging group arrangements. For such multiplexing schemes, we develop analytical methods for the calculation of the delay characteristics exhibited by paging and channel-allocation packets. The resulting models and formulas provide for the design and analysis of forward signaling channels for wireless network systems. This revised version was published online in July 2006 with corrections to the Cover Date.     

Secure and Efficient Mutual Adaptive User Authentication Scheme for Heterogeneous Wireless Sensor Networks Using Multimedia Client–Server Systems

In hierarchical wireless sensor networks (H-WSNs), adaptive user authentication scheme has attracted significantly for the purposes of mutual authentication, session key establishment and resiliency to the attacks, like impersonation, parallel-session and password guessing. Several user authentication schemes have been proposed recently; though the schemes have had many potential vulnerabilities, such as key-impersonation, user anonymity, eavesdropping and masquerade. Thus, this paper proposes secure-cum-efficient mutual adaptive user authentication (S-Cum-EMAUA) scheme for practical use in H-WSNs. The scheme of S-Cum-EMAUA) is not only resilient to the most of the potential attacks, but also provides mutual authentication, user anonymity and session-key establishment. In addition, the proposed scheme is well secured, since it has the usage of the hash-function and X-OR operation.

     

无线传感器网络节点复制攻击和女巫攻击防御机制研究

在无线传感器网络(WSNs)中,节点复制攻击和女巫攻击可扰乱数据融合和阈值选举等网络操作.发起这两种攻击需先通过邻居发现认证过程.考虑到在WSNs中发起邻居认证是不频繁的,提出了一种基于单向密钥链的ID认证防御机制(OKCIDA),降低攻击者在任何时间段发起这两种攻击的可能性.然后基于椭圆曲线离散对数问题,构造对称参数,并组合OKCIDA和利用节点邻居关系,提出了一种无需位置的邻居认证协议(LFNA),以阻止复制节点和女巫节点成功加入网络.最后给出了安全性证明和分析,并在安全和开销方面将LFNA与已有典型防御方案进行了比较,结果表明该方案具有一定的优势.     

基于机会式网络编码的高效广播传输算法

为了提高无线网络广播传输的效率,针对单跳无线网络提出了采用编码方法的广播传输算法。在传统的无线广播传输模型的基础上,分别实现了基于机会式网络编码的单组合分组广播传输算法和多组合分组广播传输算法。它们采用不同的策略选择多个丢失分组编码组合成重传分组,并通过从编码组合数据分组中恢复丢失分组的方式来提高广播传输的吞吐量。仿真结果表明,新算法在不同无线信道传输模型下相比已有的算法有效地降低了广播传输所需的传输带宽。     

Performance evaluation of packet aggregation scheme for VoIP service in wireless multi-hop network

In a wireless multi-hop network environment, energy consumption of mobile nodes is an important factor for the performance evaluation of network life-time. In Voice over IP (VoIP) service, the redundant data size of a VoIP packet such as TCP/IP headers is much larger than the voice data size of a VoIP packet. Such an inefficient structure of VoIP packet causes heavy energy waste in mobile nodes. In order to alleviate the effect of VoIP packet transmission on energy consumption, a packet aggregation algorithm that transmits one large VoIP packet by combining multiple small VoIP packets has been studied. However, when excessively many VoIP packets are combined, it may cause deterioration of the QoS of VoIP service, especially for end-to-end delay. In this paper, we analyze the effect of the packet aggregation algorithm on both VoIP service quality and the energy consumption of mobile nodes in a wireless multi-hop environment. We build the cost function that describes the degree of trade-off between the QoS of VoIP services and the energy consumption of a mobile node. By using this cost function, we get the optimum number of VoIP packets to be combined in the packet aggregation scheme under various wireless channel conditions. We expect this study to contribute to providing guidance on balancing the QoS of VoIP service and energy consumption of a mobile node when the packet aggregation algorithm is applied to VoIP service in a wireless multi-hop networks.     

Can multiple subchannels improve the delay performance of RTS/CTS-based MAC schemes?

We analyze the delay performance of RTS/CTS-based (Request-To-Send/Clear-To-Send) multi-channel MAC (Medium Access Control) schemes for wireless networks. These schemes usually employ multiple data subchannels for data transmission and one control subchannel to send the RTS/CTS dialogue for channel reservation. Through theoretical analysis and simulations, we show that, in fully-connected networks, such multi-channel MAC schemes suffer longer delays than the corresponding single channel MAC scheme, that puts the RTS/CTS dialogue on the same channel as data packet transmissions. This conclusion holds even when data packets have different priorities and higher priority traffic is sent ahead of lower priority traffic.     

基于机会式网络编码的低时延广播传输算法

为了提高无线网络中数据包广播传输的效率,本文提出了一种基于机会式网络编码的广播传输算法.该算法在发送端按一定顺序选择不同终端的丢包,并采用异或运算编码重传包,在终端采用从重传包中解码数据包的方法恢复丢包.该算法优先恢复时间重要性较高的丢包,并使多个终端同时从单个重传包恢复其丢包,因此有效地提高了广播传输效率并降低了传输...     

Secured Self Organizing Network Architecture in Wireless Personal Networks

Secured self organizing network is an approach to computer network architecture that seeks to address the technical issues in heterogeneous networks that may lack continuous network connectivity. In delay tolerant network packets storage exists when there is any link breakage between the nodes in the network so delay is tolerable in this type of network during the data transmission. But this delay is not tolerable in wireless network for voice packet transmission. This evokes the use of wireless networks. In a network, different wireless network topologies are interoperating with each other so the communication across the network is called overlay network. This network is vulnerable to attacks due to mobile behaviour of nodes and frequent changes in topologies of the network. The attacks are wormhole attack and blackhole attack is analysed in this paper. They are critical threats to normal operation in wireless networks which results in the degradation of the network performance. The proposed recovery algorithm for wormhole and the isolation of blackhole will increase the performance of the network. The performance metrics such as throughput, packet delivery ratio, end–end delay and routing overhead of the network are evaluated.

     

A mobile host protocol supporting route optimization andauthentication

Host mobility is becoming an important issue due to the recent proliferation of notebook and palmtop computers, the development of wireless network interfaces, and the growth in global internetworking. This paper describes the design and implementation of a mobile host protocol, called the Internet mobile host protocol (IMHP), that is compatible with the TCP/IP protocol suite, and allows a mobile host to move around the Internet without changing its identity, In particular, IMHP provides host mobility over both the local and wide area, while remaining transparent to the user and to other hosts communicating with the mobile host. IMHP features route optimization and integrated authentication of all management packets. Route optimization allows a node to cache the location of a mobile host and to send future packets directly to that mobile host. By authenticating all management packets, IMHP guards against possible attacks on packet routing to mobile hosts, including the interception or redirection of arbitrary packets within the network. A simple new authentication mechanism is introduced that preserves the level of security found in the Internet today, while accommodating the transition to stronger authentication based on public key cryptography or shared keys that may either be manually administered or provided by a future Internet key management protocol     

Improving Security of Real-Time Wireless Networks Through Packet Scheduling [Transactions Letters]

Modern real-time wireless networks require high security level to assure confidentiality of information stored in packages delivered through wireless links. However, most existing algorithms for scheduling independent packets in real-time wireless networks ignore various security requirements of the packets. Therefore, in this paper we remedy this problem by proposing a novel dynamic security-aware packet-scheduling algorithm, which is capable of achieving high quality of security for realtime packets while making the best effort to guarantee realtime requirements (e.g., deadlines) of those packets. We conduct extensive simulation experiments to evaluate the performance of our algorithm. Experimental results show that compared with two baseline algorithms, the proposed algorithm can substantially improve both quality of security and real-time packet guarantee ratio under a wide range of workload characteristics.     

Distributed rate adaptive packet access (DRAPA) for multicell wireless networks

Fueled by the explosive growth of the Internet, applications are demanding higher data rates and better services. Given the scarcity of radio resources, higher network capacities need to be achieved through more efficient use of the available bandwidth. Current cellular networks utilize frequency planning schemes that are optimized for circuit-switched applications, and thus is inherently problematic for future wireless packet networks with bursty, high peak-rate traffics. Random access schemes such as the ALOHA are seen as better solutions for packet networks. However, co-channel interference may significantly reduce the network throughput when the multicell load is heavy. In this paper, we propose a distributed rate adaptive packet access (DRAPA) scheme to combine the advantages of rate adaptation (in circuit-switched networks) and random access (in packet-switched networks). In particular, DRAPA allows terminal stations to transmit packets in random access fashion in the presence of brusty interference from neighboring cells. The packet code rate is adjusted according to interference level so that the retransmisson is controlled at an acceptable level. The DRAPA scheme subsumes two traditional schemes as the extreme cases, and has superior performance over the traditional schemes in terms of throughput and stability.     

A secure broadcasting scheme to provide availability,reliability and authentication for wireless sensor networks

Reliability and security of broadcasting is critical in Wireless Sensor Networks (WSNs). Since reliability and security compete for the same resources, we are interested in jointly solving for error control coding (to achieve reliability) and integrity for a broadcast scenario. We assume Byzantine attacks in which the adversary can compromise nodes and then drop (or modify) the legitimate packets or inject its own packets. For reliable and efficient multihop broadcasting, it is critical to reduce the energy consumption and latency. To prevent the adversary from consuming the scarce network resources by injecting bogus packets, each receiver node should make sure that packets it receives are authentic and it filters out malicious packets immediately. We build our authentication scheme, on top of a reliable and energy efficient broadcasting protocol called Collaborative Rateless Broadcast (CRBcast) to improve efficiency and reliability. On contrary to the previous schemes, our scheme is resilient with respect to Byzantine adversary as well as routing and flooding attacks and protocol exploits. Moreover, we compared our scheme with the previously proposed broadcast authentication schemes and showed that our scheme outperforms them in terms of efficiency and data availability. This is a crucial improvement over the previous schemes that ensure availability by flooding, introducing very large communication overhead and latency.     

压缩图像码流的分组丢失顽健可伸缩认证算法

摘 要：基于图像编码流的结构和相关性特点,提出了一种分组丢失顽健的可伸缩流认证方法。通过利用散列链和纠错编码算法构造认证算法,该方法可实现优化的码率分配以及非平等认证保护（UAP, unequal authentication protection）。首先对图像编码码流进行解析,获得层次结构信息和编解码依赖性;然后,根据码流数据对重构图像质量的重要程度,利用散列链将次重要的码流数据链接到重要数据上;最后对解码独立码流的散列值和整个码流的数字签名进行纠错编码,提高认证算法对分组丢失的顽健性。该方法仅需要对整个图像码流做一次签名,具有很低的认证代价。实验结果表明,与其他3种流认证算法相比,此法的认证图像具有更高的重构质量。     

On providing wormhole‐attack‐resistant localization using conflicting sets

Wormhole attack is a severe attack that can be easily mounted on a wide range of wireless networks without compromising any cryptographic entity or network node. In the wormhole attack, an attacker sniffs packets at one point in the network and tunnels them through the wormhole link to another point. Such kind of attack can deteriorate the localization procedure in wireless sensor networks. In this paper, we first analyze the impacts of the wormhole attack on the localization procedure. Then, we propose a secure localization scheme against the wormhole attacks called SLAW including three phases: wormhole attack detection, neighboring locators differentiation, and secure localization. The main idea of the SLAW is to build a so‐called conflicting set for each locator based on the abnormalities during the message exchanges, which can be used to differentiate the dubious locators to achieve secure localization. We first consider the simplified system model in which there is no packet loss and all the nodes have the same transmission range. We further consider the general system model where the packet loss exists and different types of nodes have different transmission radii. We conduct the simulations to illustrate the effectiveness of the proposed secure localization scheme and compare it with the existing schemes under different network parameters. Copyright © 2014 John Wiley & Sons, Ltd.