LPPA: Lightweight privacy‐preservation access authentication scheme for massive devices in fifth Generation (5G) cellular networks

Because of the requirements of stringent latency, high‐connection density, and massive devices concurrent connection, the design of the security and efficient access authentication for massive devices is the key point to guarantee the application security under the future fifth Generation (5G) systems. The current access authentication mechanism proposed by 3rd Generation Partnership Project (3GPP) requires each device to execute the full access authentication process, which can not only incur a lot of protocol attacks but also result in signaling congestion on key nodes in 5G core networks when sea of devices concurrently request to access into the networks. In this paper, we design an efficient and secure privacy‐preservation access authentication scheme for massive devices in 5G wireless networks based on aggregation message authentication code (AMAC) technique. Our proposed scheme can accomplish the access authentication between massive devices and the network at the same time negotiate a distinct secret key between each device and the network. In addition, our proposed scheme can withstand a lot of protocol attacks including interior forgery attacks and DoS attacks and achieve identity privacy protection and group member update without sacrificing the efficiency. The Burrows Abadi Needham (BAN) logic and the formal verification tool: Automated Validation of Internet Security Protocols and Applications (AVISPA) and Security Protocol ANimator for AVISPA (SPAN) are employed to demonstrate the security of our proposed scheme.     

Security, privacy, and accountability in wireless access networks - [Accepted from open call]

The presence of ubiquitous connectivity provided by wireless communications and mobile computing has changed the way humans interact with information. At the same time, it has made communication security and privacy a hot-button issue. In this article we address the security and privacy concerns in wireless access networks. We first discuss the general cryptographic means to design privacy-preserving security protocols, where the dilemma of attaining both security and privacy goals, especially user accountability vs. user privacy, is highlighted. We then present a novel authentication framework that integrates a new key management scheme based on the principle of separation of powers and an adapted construction of Boneh and Shacham's group signature scheme, as an enhanced resort to simultaneously achieve security, privacy, and accountability in wireless access networks.     

On providing location privacy for mobile sinks in wireless sensor networks

A common practice in sensor networks is to collect sensing data and report them to the sinks or to some pre-defined data rendezvous points via multi-hop communications. Attackers may locate the sink easily by reading the destination field in the packet header or predicting the arrival of the sink at the rendezvous points, which opens up vulnerabilities to location privacy of the sinks. In this paper, we propose a random data collection scheme to protect the location privacy of mobile sinks in wireless sensor networks. Data are forwarded along random paths and stored at the intermediate nodes probabilistically in the network. The sinks will move around randomly to collect data from the local nodes occasionally, which prevents the attackers from predicting their locations and movements. We analyze different kind of attacks threatening the location privacy of the sinks in sensor networks. We also evaluate the delivery rate, data collection delay and protection strength of our scheme by both analysis and simulations. Both analytical and simulation results show that our scheme can protect location privacy of mobile sinks effectively, while providing satisfactory data collection services.     

A mutual authentication and privacy mechanism for WLAN security

IEEE 802.11 wireless local area networks (WLAN) has been increasingly deployed in various locations because of the convenience of wireless communication and decreasing costs of the underlying technology. However, the existing security mechanisms in wireless communication are vulnerable to be attacked and seriously threat the data authentication and confidentiality. In this paper, we mainly focus on two issues. First, the vulnerabilities of security protocols specified in IEEE 802.11 and 802.1X standards are analyzed in detail. Second, a new mutual authentication and privacy scheme for WLAN is proposed to address these security issues. The proposed scheme improves the security mechanisms of IEEE 802.11 and 802.1X by providing a mandatory mutual authentication mechanism between mobile station and access point (AP) based on public key infrastructure (PKI), offering data integrity check and improving data confidentiality with symmetric cipher block chain (CBC) encryption. In addition, this scheme also provides some other new security mechanisms, such as dynamic session key negotiation and multicast key notification. Hence, with these new security mechanisms, it should be much more secure than the original security scheme. Copyright © 2006 John Wiley & Sons, Ltd.     

A combined public-key scheme in the case of attribute-based for wireless body area networks

The wireless body area networks (WBANs) is a practical application model of Internet of things. It can be used in many scenarios, especially for e-healthcare. The medical data of patients is collected by sensors and transmitted using wireless communication techniques. Different users can access the patient’s data with different privileges. Access control is a crucial problem in WBANs. In this paper, we design a new security mechanism named combined public-key scheme in the case of attribute-based (CP-ABES) to address the user access control in WBANs. Our scheme combines encryption and digital signatures. It uses ciphertext-policy attribute-based encryption to achieve data confidentially, access control, and ciphertext-policy attribute-based signature to realize the identity authentication. The access policy used in our scheme is threshold. Based on this feature, the length of ciphertext and signature of our scheme is constant. Our scheme provides confidentiality, unforgeability, signer privacy and collusion resistance. We prove the efficiency of our scheme theoretically and analyze the security level and energy consumption of our scheme.

     

IEEE 802.16密钥管理协议的安全问题分析与改进方案

IEEE 802.16在MAC层设计的安全子层没有完全解决宽带无线接入的安全问题.本文分析了认证和密钥管理(PKM)协议的安全缺陷,针对其可能遭受的攻击,提出了改进方案,并提出一种基于PKM的支持快速切换的密钥信息安全漫游机制.     

Providing QOS support at the distributed wireless MAC layer: a comprehensive study[medium access control protocols for wireless LANs]

Holding the promise of making ubiquitous mobile access to IP-based applications and services a reality, wireless local area networks have been deployed in an unlimited way over the last few years. Due to their robust characteristics, distributed MAC protocols are the most widely used mechanisms to arbitrate access to the wireless channel. However, their ability to achieve high medium usage efficiency while providing services with meaningful performance assurances is being challenged by a wide range of existing and emerging applications that have lately migrated from other telecommunication networks to wireless environments. This article aims to provide a comprehensive study of the limitations and merits of mechanisms that have been proposed toward embedding QoS support to distributed wireless MAC protocols. A hybrid scheme that incorporates signaling and information sharing is proposed, and extensive simulation experiments are run to assess the efficiency of the access schemes in maximizing utilization of the wireless bandwidth while providing QoS support for heterogeneous applications.     

Distributed Sequential Access MAC Protocol for Single-Hop Wireless Networks

Medium access control overhead is the primary reason for low throughput in wireless networks. Performing blind contentions, contentions without any information of other contenders, and exchanging control message are time-consuming control operations. In this study, we propose a new MAC protocol called distributed sequential access MAC (DSA-MAC) which provides the transmission order without any explicit control operations. It may induce very light control overhead; therefore, compared to existing wireless MAC protocols, DSA-MAC can remarkably enhance network throughput.     

Security in vehicular ad hoc networks [security in mobile ad hoc]

Vehicular communication networking is a promising approach to facilitating road safety, traffic management, and infotainment dissemination for drivers and passengers. One of the ultimate goals in the design of such networking is to resist various malicious abuses and security attacks. In this article we first review the current standardization process, which covers the methods of providing security services and preserving driver privacy for wireless access in vehicular environments (WAVE) applications. We then address two fundamental issues, certificate revocation and conditional privacy preservation, for making the standards practical. In addition, a suite of novel security mechanisms are introduced for achieving secure certificate revocation and conditional privacy preservation, which are considered among the most challenging design objectives in vehicular ad hoc networks.     

Distributed Medium Access Control Next-Generation CDMA Wireless Networks

The next-generation wireless networks are expected to have a simple infrastructure with distributed control. In this article, we consider a generic distributed network model for future wireless multimedia communications with a code-division multiple access (CDMA) air interface. For the medium access control (MAC) of the network model, we provide an overview of recent research efforts on distributed code assignment and interference control and identify their limitations when applied in next-generation wireless networks supporting multimedia traffic. We also propose a novel distributed MAC scheme to address these limitations, where active receivers determine whether a candidate transmitter should transmit its traffic or defer its transmission to a later time. Simulation results are given to demonstrate the effectiveness of the proposed distributed MAC scheme.     

Enabling Efficient Peer-to-Peer Resource Sharing in Wireless Mesh Networks

Wireless mesh networks are a promising area for the deployment of new wireless communication and networking technologies. In this paper, we address the problem of enabling effective peer-to-peer resource sharing in this type of networks. Starting from the well-known Chord protocol for resource sharing in wired networks, we propose a specialization that accounts for peculiar features of wireless mesh networks: namely, the availability of a wireless infrastructure, and the 1-hop broadcast nature of wireless communication, which bring to the notions of location awareness and MAC layer cross-layering. Through extensive packet-level simulations, we investigate the separate effects of location awareness and MAC layer cross-layering, and of their combination, on the performance of the P2P application. The combined protocol, MeshChord, reduces message overhead of as much as 40 percent with respect to the basic Chord design, while at the same time improving the information retrieval performance. Notably, differently from the basic Chord design, our proposed MeshChord specialization displays information retrieval performance resilient to the presence of both CBR and TCP background traffic. Overall, the results of our study suggest that MeshChord can be successfully utilized for implementing file/resource sharing applications in wireless mesh networks.     

一种可证安全的车联网无证书聚合签名改进方案

车联网(VANETs)是组织车－X(X:车、路、行人及互联网等)之间的无线通信和信息交换的大型网络,是智慧城市重要组成部分。其消息认证算法的安全与效率对车联网至关重要。该文分析王大星等人的VANETs消息认证方案的安全不足,并提出一种改进的可证安全的无证书聚合签名方案。该文方案利用椭圆曲线密码构建了一个改进的安全无证书聚合认证方案。该方案降低了密码运算过程中的复杂性,同时实现条件隐私保护功能。严格安全分析证明该文方案满足VANETs的安全需求。性能分析表明该文方案相比王大星等人方案,较大幅度地降低了消息签名、单一验证以及聚合验证算法的计算开销,同时也减少了通信开销。     

A New MAC Scheme Supporting Voice/Data Traffic in Wireless Ad Hoc Networks

In wireless ad hoc networks, in addition to the well-known hidden terminal and exposed terminal problems, the location-dependent contention may cause serious unfairness and priority reversal problems. These problems can severely degrade network performance. To the best of our knowledge, so far there is no comprehensive study to fully address all these problems. In this paper, a new busy-tone based medium access control (MAC) scheme supporting voice/data traffic is proposed to address these problems. Via two separated narrow-band busy-tone channels with different carrier sense ranges, the proposed scheme completely resolves the hidden terminal and exposed terminal problems. Furthermore, with the use of transmitter busy-tones in the node backoff procedure, the proposed scheme ensures guaranteed priority access for delay-sensitive voice traffic over data traffic. The priority is also independent of the user locations, thus solving the priority reversal problem. The fairness performance for data traffic in a non-fully-connected environment is also greatly improved (as compared with the popular IEEE 802.11e MAC scheme) without the need for extra information exchanges among the nodes.     

WiDom: A Dominance Protocol for Wireless Medium Access

Wireless networks play an increasingly important role in application areas such as factory-floor automation, process control, and automotive electronics. In this paper, we address the problem of sharing a wireless channel among a set of sporadic message streams where a message stream issues transmission requests with real-time deadlines. For this problem, we propose a collision-free wireless medium access control (MAC) protocol, which implements static-priority scheduling and supports a large number of priority levels. The MAC protocol allows multiple masters and is fully distributed; it is an adaptation to a wireless channel of the dominance protocol used in the CAN bus, a proven communication technology for various industrial applications. However, unlike that protocol, our protocol does not require a node having the ability to receive an incoming bit from the channel while transmitting to the channel. The evaluation of the protocol with real embedded computing platforms is presented to show that the proposed protocol is in fact collision-free and prioritized. We measure the response times of our implementation and find that the response-time analysis developed for the protocol indeed offers an upper bound on the response times     

Novel MAC protocol for terahertz ultra-high data-rate wireless networks

Due to having a large bandwidth to support Gbps-level data rate, terahertz communication attracts more and more attention in recent years. However, there are few medium access control （MAC） protocols for terahertz ultra-high data-rate wireless networks, which affects the research and application of terahertz communications. To address this problem and to achieve ultra-high data-rate wireless access with terahertz communication, a novel MAC protocol, called medium access control for terahertz communication （MAC-TC）, is proposed. Through designing a new channel access scheme, a new superframe structure, and related key parameters, MAC-TC can support a maximum data rate up to 10 Gbit/s even higher. Theoretical analysis and simulation results show that our proposed MAC protocol realizes the function of medium access control and attains a maximum data rate of 18.3 Gbit/s, which is 2 times higher than 5.78 Gbit/s, the theoretical maximum data rate of IEEE 802.15.3c standard.     

Utility-optimal random access without message passing

Random access has been studied for decades as a simple and practical wireless medium access control (MAC). Some of the recently developed distributed scheduling algorithms for throughput or utility maximization also take the form of random access, although extensive message passing among the nodes is required. In this paper, we would like to answer this question: is it possible to design a MAC algorithm that can achieve the optimal network utility without message passing? We provide the first positive answer to this question through a simple Aloha-type random access protocol. We prove the convergence of our algorithm for certain sufficient conditions on the system parameters, e.g., with a large enough user population. If each wireless node is capable of decoding the source MAC address of the transmitter from the interferring signal, then our algorithm indeed converges to the global optimal solution of the NUM problem. If such decoding is inaccurate, then the algorithm still converges, although optimality may not be always guaranteed. Proof of these surprisingly strong performance properties of our simple random access algorithm leverages the idea from distributed learning: each node can learn as much about the contention environment through the history of collision as through instantaneous but explicit message passing.     

A Virtual MAC Address Scheme for Mobile Ethernet

Heterogeneous wireless access is being integrated into IP networks to support future wireless systems. The enhanced IP technologies being developed must address both handover issues related to mobility management and security issues related to wireless access. We previously proposed a network architecture, Mobile Ethernet, based on wide area Ethernet technologies, that reduces overhead involving handover by managing mobility in the IEEE802 MAC layer. We also proposed a virtual MAC address scheme that introduces a host identifier into layer 2 to accommodate heterogeneous wireless access, manage handover between wireless accesses, provide scalability, and ensure security. In this paper, we design the virtual MAC address scheme for Mobile Ethernet and describe the sequence diagrams of the scheme. We also clarify the effect of our proposed scheme from the viewpoint of scalability by comparing the simulated signaling traffic load at handover with that using FMIPv6. Yoshia Saito received his B.E. and M.E. degrees from Shizuoka University, Shizuoka, Japan, in 2002 and 2003 respectively. He is currently a student in Ph.D. course in the university. From January 2004, he is also working as a visiting researcher at National Institute of Information and Communications Technology, Yokosuka, Japan. His research interests include mobile computing and next generation wireless systems. Masahiro Kuroda received the M.E. degree in systems science from the Tokyo Institute of Technology, Japan, in 1980, the M.S. degree in computer science from University of California, Santa Barbara, CA, in 1989, and received the Ph.D. degree in computer science from Shizuoka University, Japan, in 2000. He joined Mitsubishi Electric Corporation, Kamakura, Japan in 1980. Since then, he was engaged in OS/network developments, mobile network computing R&D, and cellular Java standardizations. He is currently working as a group leader at National Institute of Information and Communications Technology, Yokosuka, Japan. His current research interests includes wireless network, wireless security, mobile systems, ubiquitous systems, and next generation wireless systems architecture. He is a member of the IEEE Computer Society. Tadanori Mizuno received the B.E. degree in industrial engineering from the Nagoya Institute of Technology in 1968 and received the Ph.D. degree in computer science from Kyushu University, Japan, in 1987. In 1968, he joined Mitsubishi Electric Corp. Since 1993, he is a Professor of Faculty of Engineering, Shizuoka University, Japan. He moved to the Faculty of Information, Shizuoka University in 1995. His research interests include mobile computing, distributed computing, computer networks, broadcast communication and computing, and protocol engineering. He is a member of Information Processing Society of Japan, the institute of electronics, information and Communication Engineers, the IEEE Computer Society and ACM.     

Broadcast/multicast MPEG-2 video over broadband fixed wirelessaccess networks

With the emergence of broadband fixed wireless access networks, there is an increasing interest in providing broadband video services over outdoor wireless networks. We investigate some fundamental issues related to the broadcasting or multicasting of CBR MPEG-2 videos over fixed wireless channels in B-FWANs using FEC strategies. In B-FWANs, high-frequency wireless channels are used and a direct or indirect LOS propagation path is usually required between a transmitter and a receiver. The wireless channel is modeled by a K factor Rician fading model instead of a Rayleigh fading model. The unique characteristics of the physical channel require special consideration at the system design level. In order to evaluate the overall system performance properly, a set of parameters for objective video quality assessment is introduced and used in our simulation studies, including a definition of the objective grade point value, the number of reconstructed frames, and the conventional peak signal-to-noise ratio value. The feasibility of cell interleaving is also addressed. MPEG-2 control information (i.e., the control blocks) plays a critical role in the decoding process and can influence the reconstructed video quality dramatically; special consideration and excess protection should be given to this information. The concept of a new FEC strategy, header redundancy FEC, is introduced to address this issue. In HRFEC, selected important (high-priority) MPEG-2 control blocks (such as sequence header, sequence extensions, and picture header and corresponding extensions) are replicated before transmission, and duplicate copies are transmitted over the wireless link. Our results indicate that HRFEC is a simple, flexible, and effective error control strategy for broadcasting or multicasting MPEG-2 videos over error-prone and time-varying wireless channels     

Architecture and performance of a MAC protocol for the HFC system

The IEEE 802.14 standard committee is currently working on a project to find a cost-effective means of providing access to integrated networks for people to enjoy multimedia programs and to work at home. An advanced system based on the cable TV system called hybrid fibre coax (HFC) is being studied. Since some properties of the HFC system preclude the possibility of directly using existing medium access control (MAC) protocols for its data link layer, a MAC scheme based on time division is discussed in this paper. This MAC scheme can be extended for wireless networks. © 1997 John Wiley & Sons, Ltd.     

基于分簇的无线传感器网络协议

本文针对目前无线传感器网络中传统MAC协议在动态性、低时延方面的不足,在前人研究的基础上,提出一种基于分簇的自适应AMAC协议.该协议将簇分为簇首节点和簇内成员节点,簇内成员节点可以根据自身的状态向簇首节点提出时隙申请,簇首节点对这些申请信息进行仲裁,从而及时调整时间帧的长度,使其能更符合当前网络的负载情况和拓扑结构....