Analysis of the SPEKE password-authenticated key exchange protocol

In this letter, we show that for the SPEKE password-authenticated key exchange protocol, an adversary is able to test multiple possible passwords using a single impersonation attempt. In particular, when passwords are short Personal Identification Numbers (PINs), we show that a fully-constrained SPEKE is susceptible to password guessing attack. Our analysis contradicts the claim that the SPEKE protocol appears to be at least as strong as the Bellovin-Merritt EKE protocol. For EKE, an adversary can gain information about at most one possible password in each impersonation attempt.     

A pairing-free identity-based authenticated group key agreement protocol for imbalanced mobile networks

The secure and reliable group communication gains popularity in imbalanced mobile networks due to the increase demand of the group-oriented applications such as teleconferences, collaborative workspaces, etc. For acquiring the group security objectives, many authenticated group key agreement (AGKA) protocols exploiting the public key infrastructure have been proposed, which require additional processing and storage space for validation of the public keys and the certificates. In addition, the most of the AGKA protocols are implemented using bilinear pairing and a map-to-point (MTP) hash function. The relative computation cost of the bilinear pairing is approximately two to three times more than the elliptic curve point multiplication (ECPM) and the MTP function has higher computation cost than an ECPM. Due to the limitation of communication bandwidth, computation ability, and storage space of the low-power mobile devices, these protocols are not suitable especially for insecure imbalanced mobile networks. To cope with the aforementioned problems, in this paper, we proposed a pairing-free identity-based authenticated group key agreement protocol using elliptic curve cryptosystem. It is found that the proposed protocol, compared with the related protocols, not only improves the computational efficiencies, but also enhances the security features.     

Improved modelling for mobile Ad-hoc networks

In the existing mobile ad-hoc network (MANET) literature the vast majority of simulation studies that investigate routing protocol performance use a simplistic radio channel model, based on a two-ray ground-reflected path, and ignore both fast and slow fading. Reported are results from the first phase of an investigation into the use of a more realistic channel model, which incorporates the slow (lognormal) fading typically found in both outdoor and indoor mobile radio channels. The significance of the results are that they show previous papers may have significantly underestimated the radio path loss, thereby overestimating the performance of particular routing protocols.     

A novel authenticated group key agreement protocol for mobile environment

An authenticated group key agreement protocol allows a group of parties to authenticate each other and then determine a group key via an insecure network environment. In 2009, Lee et al. first adopted bilinear pairings to propose a new nonauthenticated group key agreement protocol and then extend it to an authenticated group key agreement protocol. This paper points out that the authenticated protocol of Lee et al. is vulnerable to an impersonation attack such that any adversary can masquerade as a legal node to determine a group key with the other legal nodes and the powerful node. This paper shall employ the short signature scheme of Zhang et al. to propose a new authenticated group key agreement protocol. The short signature scheme of Zhang et al. is proven to be secure against the adaptive chosen-message attacks in the random oracle model, so the proposed protocol can withstand the possible attacks. Besides, compared with the authenticated protocol of Lee et al., the proposed protocol is more secure and efficient.     

A secure enhanced privacy-preserving key agreement protocol for wireless mobile networks

The rapid proliferation of mobile networks has made security an important issue, particularly for transaction oriented applications. Recently, Jo et al. presented an efficient authentication protocol for wireless mobile networks and asserted that their proposed approach provides all known security functionalities including session key (SK) security under the assumption of the widely-accepted Canetti–Krawczyk (CK) model. We reviewed Jo et al.’s proposed roaming protocol and we demonstrate that it fails to provide the SK-security under the CK-adversary setting. We then propose an enhancement to Jo et al.’s roaming protocol to address the security drawback found in Jo et al.’s protocol. In the enhanced roaming protocol, we achieve the SK-security along with reduced computation, communication and storage costs. We also simulate the enhanced roaming protocol using NS2 for end-to-end delay and network throughput, and the simulation results obtained demonstrate the efficiency of our protocol.     

Ad-hoc网络上的动态路由协议研究及实现

概要介绍了Ad-hoc网络的概念。通过分析其网络特点,描述了该种网络对动态路由协议的要求。简要介绍了当前流行的几种Ad-hoc动态路由协议及特点。详细描述了OLSR路由协议的术语和主要思想。最后结合工程实践,介绍了实现该协议过程中的关键问题,并在模拟网络环境下验证了该协议的正确性。     

Analysis and improvement of an authenticated key exchange protocol for sensor networks

In 2003, Huang et al. proposed: an authenticated key exchange protocol for secure communications between a sensor and a security manager in a self-organizing sensor network. The protocol is, based on elliptic curve cryptography. In this letter, we show that a security manager will learn the long-term private key of a sensor after having one normal run of-the protocol with the sensor. This contradicts to some of their security claims. We explain why this is undesirable in practice and also-propose an improvement which solves the problem and makes all of their security claims hold again.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

Building a signaling protocol architecture for future mobile networks

Third-generation mobile systems are emerging. These systems will support a unified user access to a variety of services, including the existing mobile and fixed network (PSTN, N-ISDN) services, the enhanced multimedia and multiparty services envisaged for broadband networks, and personal communication services as well. The role of signaling is predominant in building a flexible, efficient, and evolving system. The aim of this paper is to provide a framework for developing a signaling protocol architecture for future mobile networks. The study especially focuses on the universal mobile telecommunication system (UMTS). Within this framework various design and operational requirements imposed on UMTS can be satisfied. A method to deal with the functional complexity of UMTS is provided. Mobile networks are viewed as integral parts of the broadband infrastructure and are built upon the IN principles.     

An in-band power-saving protocol for mobile data networks

A new alternative is proposed for reducing the power consumption of the portable (battery-powered) units operating in a mobile packet-data network. First, a review of the current power-saving protocols is given. It is shown that the most common means for conserving power is the intermittent operation of the receivers (at the portable units) and a central administration authority that synchronizes the receivers. Some drawbacks of the synchronous operation lead us to the introduction of an asynchronous power-saving protocol, where no central synchronization is necessary and where each terminal may control its power consumption relative to its current needs. According to the proposed power-saving page-and-answer protocol, an acknowledgment paging procedure is preceding every packet transmission in order to alert mobile terminals with pending traffic. Steady-state performance is evaluated with the aid of simulation. The relationship between the achieved power-saving and the mean packet delay degradation is presented. Finally, we express some notable implementation issues and some considerations regarding the employment of this protocol as a supplementary power-saving service in microcellular mobile data networks and wireless local area networks     

An Aloha protocol for multihop mobile wireless networks

An Aloha-type access control mechanism for large mobile, multihop, wireless networks is defined and analyzed. This access scheme is designed for the multihop context, where it is important to find a compromise between the spatial density of communications and the range of each transmission. More precisely, the analysis aims at optimizing the product of the number of simultaneously successful transmissions per unit of space (spatial reuse) by the average range of each transmission. The optimization is obtained via an averaging over all Poisson configurations for the location of interfering mobiles, where an exact evaluation of signal over noise ratio is possible. The main mathematical tools stem from stochastic geometry and are spatial versions of the so-called additive and max shot noise processes. The resulting medium access control (MAC) protocol exhibits some interesting properties. First, it can be implemented in a decentralized way provided some local geographic information is available to the mobiles. In addition, its transport capacity is proportional to the square root of the density of mobiles which is the upper bound of Gupta and Kumar. Finally, this protocol is self-adapting to the node density and it does not require prior knowledge of this density.     

Agent-based trusted on-demand routing protocol for mobile ad-hoc networks

The routing performance in mobile ad hoc networks (MANETs) relies on the co-operation of the individual nodes that constitute the network. The existence of misbehaving nodes may paralyze the routing operation in MANETs. To overcome this behavior, the trustworthiness of the network nodes should be considered in the route selection process combined with the hop count. The trustworthiness is achieved by measuring the trust value for each node in the network. In this paper, a new protocol based on self monitoring (agent-based) and following the dynamic source routing (DSR) algorithm is presented. This protocol is called agent-based trusted dynamic source routing protocol for MANETs. The objective of this protocol is to manage trust information locally with minimal overhead in terms of extra messages and time delay. This objective is achieved through installing in each participated node in the network a multi-agent system (MAS). MAS consists of two types of agents: monitoring agent and routing agent. A new mathematical and more realistic objective model for measuring the trust value is introduced. This model is weighted by both number and size of routed packets to reflect the “selective forwarding” behavior of a node. The performance evaluation via simulation shows that our protocol is better than standard and trusted DSR. The simulation is done over a variety of environmental conditions such as number of malicious nodes, host density and movement rates.     

Energy-efficient neighbor discovery protocol for mobile wireless sensor networks

Low energy consumption is a critical design requirement for most wireless sensor network (WSN) applications. Due to minimal transmission power levels, time-varying environmental factors and mobility of nodes, network neighborhood changes frequently. In these conditions, the most critical issue for energy is to minimize the transactions and time consumed for neighbor discovery operations. In this paper, we present an energy-efficient neighbor discovery protocol targeted at synchronized low duty-cycle medium access control (MAC) schemes such as IEEE 802.15.4 and S-MAC. The protocol effectively reduces the need for costly network scans by proactively distributing node schedule information in MAC protocol beacons and by using this information for establishing new communication links. Energy consumption is further reduced by optimizing the beacon transmission rate. The protocol is validated by performance analysis and experimental measurements with physical WSN prototypes. Experimental results show that the protocol can reduce node energy consumption up to 80% at 1–3 m/s node mobility.     

A packet media access protocol for mobile networks*

In this paper, we propose and analyze a packet time division multiple access protocol for the media access control (mac) sublayer of a radio interface suitable to be implemented in the third generation of mobile networks. This protocol is considered to be adequate for future personal communications networks that should interwork with the broadband-isdn. The protocol is designed to work in a microcell environment employing low power terminals, and to support a wide spectrum of services with both asynchronous and isochronous traffic profiles and different bandwidth requirements.     

An efficient group key agreement protocol

Group key agreement protocol is important for collaborative and group-oriented application. Recently, for a network that consists of devices with limited resource, group key management has become an issue for secure routing or multicast. In this letter, we present an efficient group key agreement protocol that is an improvement of the Burrnester-Desmedt algorithm. We generalize the Improvement, which doesn't need the same modulus group for discrete logarithm problem.     

Security architectures for B3G mobile networks

This paper analyzes the security architectures employed in the interworking model that integrates third-generation (3G) mobile networks and Wireless Local Area Networks (WLANs), materializing Beyond 3G (B3G) networks. Currently, B3G networks are deployed using two different access scenarios (i.e., WLAN Direct Access and WLAN 3GPP IP Access), each of which incorporates a specific security architecture that aims at protecting the involved parties and the data exchanged among them. These architectures consist of various security protocols that provide mutual authentication (i.e., user and network authentication), as well as confidentiality and integrity services to the data sent over the air interface of the deployed WLANs and specific parts of the core network. The strengths and weaknesses of the applied security measures are elaborated on the basis of the security services that they provide. In addition, some operational and performance issues that derives from the application of these measures in B3G networks are outlined. Finally, based on the analysis of the two access scenarios and the security architecture that each one employs, this paper presents a comparison of them, which aims at highlighting the deployment advantages of each scenario and classifying them in terms of: a) security, b) mobility, and c) reliability.     

一种新的适于Ad hoc网可认证密钥协商协议

提出一种新的适于Ad hoc网可认证密钥协商协议。基于签密技术。在同一逻辑步内同时实现了认证和加密功能,提高了密钥协商效率;基于身份的公钥密码系统,降低了建立和管理公钥基础设施的代价;应用椭圆曲线上双线性对,使得该协议能以短的密钥和小的计算量实现同等安全要求。与已有密钥协商协议相比,新协议计算和传输量小,带宽要求低,安全性高,适合能源和带宽受限的Ad hoc网络。     

改进密钥交换算法的WTLS协议扩展分析

针对人们对无线通信网络的功能和安全越来越高的要求,提出基于EC_DH交换密钥和基于RSA交换密钥的扩展WTLS（Wireless Transport Layer Security）协议。首先分析WAP安全架构中WTLS的安全性问题,然后根据数据的机密性、完整性以及在移动电话和其它无线终端中完成授权鉴定,在此基础上针对漏洞提出解决方案,改进后的协议增加了一个颁发证书的过程。最后通过案例证明本协议的安全性。结果表明,WTLS协议是一个更高安全性的协议,在无线通信网络中有着重要的价值和研究意义。     

Improvement of Gunther's identity-based key exchange protocol

The author proposes a modification of Gunther's key exchange protocol. The modified protocol reduces the number of passes to half, and so minimises the communication between the parties. The protocol may also provide perfect forward secrecy, without additional transmitted data