Security services in group communications over wireless infrastructure, mobile ad hoc, and wireless sensor networks

Group communications in wireless networks has been facilitating many emerging applications that require packet delivery from one or more sender(s) to multiple receivers. Due to insecure wireless channels, group communications are susceptible to various kinds of attacks. Although a number of proposals have been reported to secure group communications, provisioning security in group communications in wireless networks remains a critical and challenging issue. This article presents a survey of recent advances in security requirements and services in group communications in three types of wireless networks, and discusses challenges in designing secure group communications in these networks: wireless infrastructure networks, mobile ad hoc networks, and wireless sensor networks.     

Fast Firmware Implementation of RSA-Like Security Protocol for Mobile Devices

In modern mobile communications, personal privacy and security are of top concern to mobile phone subscribers. Yet, owing to the limit of their processing capability, mainstream mobile manufacturers are still unable to apply advanced security protocol to mobile devices. It should be noted that many security protocols are based on RSA algorithm. To implement RSA algorithm and thus apply many advanced security protocols to mobile networks, this paper proposes an efficient and practical method based on the Texas Instruments TMS320C55x family. When the proposed method is employed, it takes only 7.9 milliseconds to perform a 1024-bit RSA encryption operation at the clock frequency of 200 MHz. Our decryption operation is at least 3.5 times faster than the time taken to perform the same operation without employing the proposed method. In addition, the proposed method can stop any power-analysis attack on RSA-based security protocols, thereby enhancing the security of mobile environments.     

移动通信网络安全发展前景分析

移动通信技术的飞速发展,日益丰富的数据增值业务诸如微博邮件、数据传输、手机支付、多媒体业务等得以应用。而用户更多的个人信息将在移动通信网络中传送,移动通信网络的安全也随之成为移动通信行业界重要的课题。笔者针对移动通信网络中所面临的各种安全威胁和攻击,重点从鉴权认证、用户身份保护、数据加密等方面对移动通信安全现有解决措施的发展情况进行了阐述,并结合移动通信技术的发展分析了其安全措施并提出一些改进方向,最后对移动通信网络安全的前景进行了展望。     

The future generations of mobile communications based on broadband access technologies

The forthcoming mobile communication systems are expected to provide a wide variety of services, from high-quality voice to high-definition videos, through high data rate wireless channels anywhere in the world. The high data rate requires broad frequency bands, and sufficient broadband can be achieved in higher frequency bands such as microwave, Ka-band, and millimeter-wave. Broadband wireless channels have to be connected to broadband fixed networks such as the Internet and local area networks. The future-generation systems will include not only cellular phones, but also many new types of communication systems such as broadband wireless access systems, millimeter-wave LANs, intelligent transport systems, and high altitude stratospheric platform station systems. Key to the future generations of mobile communications are multimedia communications, wireless access to broadband fixed networks, and seamless roaming among different systems. This article discusses future-generation mobile communication systems.     

Unified security architecture and protocols using third party identity in V2V and V2I networks

VANETs have been developed to improve the safety and efficiency of transportation systems (V2V communications) and to enable various mobile services for the traveling public (V2I communications). For VANET technologies to be widely available, security issues concerning several essential requirements should be addressed. The existing security architectures and mechanisms have been studied separately in V2V and V2I networks, which results in duplicated efforts, security modules, and more complex security architectures. In this paper, we propose a unified security architecture and its corresponding security protocols that achieve essential security requirements such as authentication, conditional privacy, non‐repudiation, and confidentiality. To the best of our knowledge, this paper is the first study that deals with the security protocol in V2V as well as the handover authentication in V2I communications. Our proposal is characterized by a low‐complexity security framework, owing to the design and unification of the security architectures and modules. Furthermore, the evaluation of the proposed protocols proves them to be more secure and efficient than existing schemes. Copyright © 2010 John Wiley & Sons, Ltd.     

A lightweight reconfigurable security mechanism for 3G/4G mobile devices

Wireless communications are advancing rapidly. We are currently on the verge of a new revolutionary advancement in wireless data communications: the third generation of mobile telecommunications. 3G promises to converge mobile technology with Internet connectivity. Wireless data, multimedia applications, and integrated services will be among the major driving forces behind 3G. While wireless communications provide great flexibility and mobility, they often come at the expense of security. This is because wireless communications rely on open and public transmission media that raise further security vulnerabilities in addition to the security threats found in regular wired networks. Existing security schemes in 2G and 3G systems are inadequate, since there is a greater demand to provide a more flexible, reconfigurable, and scalable security mechanism that can evolve as fast as mobile hosts are evolving into full-fledged IP-enabled devices. We propose a lightweight, component-based, reconfigurable security mechanism to enhance the security abilities of mobile devices.     

基于无证书公钥的移动IP注册协议认证

移动IPv6是IPv6的子协议,有着巨大的地址空间、对移动性和QoS的良好支持,内嵌的IPSec协议,以及邻居发现和自动配置等诸多优势,它为未来的全IP移动通信系统提供了一个标准的全球移动性解决方案。针对移动IPv6技术的特点,将IPSec安全协议和无证书公钥体系（CL-PKC）两者结合起来,在分析无证书公钥的优缺点的基础上,提出了一种在移动IPv6环境下的注册协议认证与注册方案,并对该协议的性能进行了分析,以方便日后的改进。     

An efficient and attack‐resistant key agreement scheme for secure group communications in mobile ad‐hoc networks

As a result of the growing popularity of wireless networks, in particular mobile ad hoc networks (MANET), security over such networks has become very important. Trust establishment, key management, authentication, and authorization are important areas that need to be thoroughly researched before security in MANETs becomes a reality. This work studies the problem of secure group communications (SGCs) and key management over MANETs. It identifies the key features of any SGC scheme over such networks. AUTH‐CRTDH, an efficient key agreement scheme with authentication capability for SGC over MANETs, is proposed. Compared to the existing schemes, the proposed scheme has many desirable features such as contributory and efficient computation of group key, uniform work load for all members, few rounds of rekeying, efficient support for user dynamics, key agreement without member serialization and defense against the Man‐in‐the‐Middle attack, and the Least Common Multiple (LCM) attack. These properties make the proposed scheme well suited for MANETs. The implementation results show that the proposed scheme is computationally efficient and scales well to a large number of mobile users. Copyright © 2007 John Wiley & Sons, Ltd.     

The User-level Security of Mobile Communication Systems

1　ＩｎｔｒｏｄｕｃｔｉｏｎＢｏｔｈｔｈｅｆｉｘｅｄｔｅｌｅｐｈｏｎｅｎｅｔｗｏｒｋａｎｄｔｈｅｍｏ ｂｉｌｅｓｙｓｔｅｍｓ (ｅ .ｇ .,ＧＳＭ )ａｒｅｂｅｉｎｇｕｓｅｄｉｎｃｒｅａｓ ｉｎｇｌｙｆｏｒｎｏｔｏｎｌｙｓｐｅｅｃｈａｎｄｆａｘｃｏｍｍｕｎｉｃａｔｉｏｎｂｕｔａｌｓｏＩｎｔｅｒｎｅｔｓｅｒｖｉｃｅ .ＴｈｅｄｅｍａｎｄｆｏｒｔｈｅｆｉｘｅｄＩｎ ｔｅｒｎｅｔｓｅｒｖｉｃｅ ,ｎａｍｅｌｙｔｈｅＷｏｒｌｄＷｉｄｅＷｅｂ(ＷＷＷ ) ,ｈａｓｂｅｅｎｓｐｅｃｔａｃｕｌａｒ.Ｔｈｅｓｅｒｖｉｃｅｉｓｎｏｗ…     

个人通信系统中的一种移动用户登记认证协议

假冒和窃听攻击是无线通信面临的主要威胁。在个人通信系统中,为了对无线链路提供安全保护,必须对链路上所传送的数据/话音进行加密,而且在用户与服务网络之间必须进行相互认证。近年来,人们在不同的移动通信网络(如GSM,IS-41,CDPD,Wireless LAN等)中提出了许多安全协议。然而,这些协议在个人通信环境中应用时存在不同的弱点。本文基于个人通信系统的双钥保密与认证模型,设计了用户位置登记认证协议;并采用BAN认证逻辑对协议的安全性进行了形式化证明,也对协议的计算复杂性进行了定性分析。分析表明,所提出的协议与现有的协议相比具有许多新的安全特性。     

Secure Personal Networks for IMT-Advanced Connectivity

The challenge to deliver the next generation of ubiquitous and converged network and service infrastructures for communication, computing and media, has forced research into innovative new directions. New infrastructures must overcome the scalability, flexibility, dependability and security bottlenecks of current ones in order to permit the emergence of dynamic and, pervasive and robust new communication technologies. This paper promotes secure personal networks (PNs) as a key IMT-Advanced technology candidate, in particular, contributing to fulfilling the requirement for global connectivity for IMT-Advanced communications. Advanced PN concepts, such as the PN-Federation can support a number of requirements related to connectivity for the successful adoption of IMT-Advanced systems and services. Introducing intelligence for managing, protecting, processing, and delivering information of mobile communication systems has been identified as the way towards ubiquitous, converged and secure communications. One way to do this is through cognition. This paper discusses an approach and application of intelligence in the context of achieving ubiquitous, converged, and secure communications. Namely, we apply cognitive radio to personal networks for improving IMT-Advanced system and service connectivity. Further, the paper provides an understanding of how best to combine cognition with the current mobile communication systems.

Security Service Technology for Mobile Networks

As mobile networks become high speed and attain an all-IP structure,more services are possible.This brings about many new security requirements that traditional security programs cannot handle.This paper analyzes security threats and the needs of 3G/4G mobile networks,and then proposes a novel protection scheme for them based on their whole structure.In this scheme,a trusted computing environment is constructed on the mobile terminal side by combining software validity verification with access control.At the security management center,security services such as validity verification and integrity check are provided to mobile terminals.In this way,terminals and the network as a whole are secured to a much greater extent.This paper also highlights problems to be addressed in future research and development.     

Chain authentication in mobile communication systems

Digital mobile telecommunication systems have become a future trend in personal communications services (PCS) networks. To satisfy the demand for high quality services, security functions, including the authentications of communication parties and the confidentiality of communication channels, must be embedded into mobile communication systems. This work presents an authentication scheme to support the security functions. The proposed protocol significantly improves the performance of authentications and ensures the security of mobile communications in a large-scale communication network with multiple service providers. This revised version was published online in June 2006 with corrections to the Cover Date.     

Personal communications services through the evolution of fixed andmobile communications and the intelligent network concept

New telecommunications services tend to consider fixed network subscribers' requirements as well as mobile network subscribers' requirements. On one hand, subscribers of fixed networks would like to benefit from the mobility offered in mobile networks. On the other hand, mobile subscribers would like to access to services inherent in fixed networks. Personal communications services (PCS) meet this trend while allowing fixed and mobile convergence. In this environment, the application of intelligent networks (INs) to fixed and mobile networks is very convenient to realize PCS. Thus, the natural advancement of telecommunications systems (fixed and mobile) consists in the definition of new telecommunications architectures which take into account technologies from both fixed and mobile environments. This article studies how the IN is used to support mobility and interworking for PCS. Although mobility management already exists in cellular networks like GSM, it is desirable to use the IN concept to introduce flexibility. In addition, the IN allows the introduction of new supplementary services in PCS. Furthermore, the IN concept can be utilized to provide necessary networking functions for the integration of fixed and mobile networks. This article also highlights the involvement of IN in the definition of the global communications systems such as Telecommunication Information Networking Architecture (TINA), Universal Mobile Telecommunications System (UMTS), and International Mobile Telecommunications in the year 2000 (IMT2000)     

Design of a lightweight authentication scheme for IEEE 802.11p vehicular networks

With the growing popularity of vehicle-based mobile devices, vehicular networks are becoming an essential part of wireless heterogeneous networks. Therefore, vehicular networks have been widely studied in recent years. Because of limited transmission range of wireless antennas, mobile vehicles should also switch their access points to maintain the connections as conventional mobile nodes. Considering the inherent characteristics of vehicular networks such as dynamic topology and high speed, the question of how to implement handoff protocol under real-time scenarios is very important. IEEE 802.11p protocol is designed for vehicular networks for the long distance transmission. To reduce handoff latency for 802.11p protocol, the authentication phase is waived during the handoff. However, security is also very important for wireless communications, and authentication can forbid access from malicious nodes and prevent wireless communications from potential attacks. Thus, in this paper, a lightweight authentication scheme is introduced to balance the security requirements and the handoff performance for 802.11p vehicular networks. In our scheme, the access points are divided into different trust groups, and the authentication process is completed in a group-based method. Once a vehicle is authenticated by an access point group, during the handoff within the same group, few extra authentication operations are needed. As a result, there is no extra overhead introduced to the authentication servers. Simulation results demonstrate that our authentication scheme only introduces small handoff latency and it is ideal for vehicular networks.     

Network centric military communications [Special section introduction]

Communications networks continue to play an increasingly important role in global military operations. Among allied forces, improved network centric capabilities have been met with enthusiastic support as they are rolled out into the field. However, as military operations become more and more dependent on networks, it is clear that a host of difficult technical challenges remain. These challenges span all layers of the communications protocol stack and in many cases are representative of the complex nature of large-scale communications networks. This feature topic includes four articles that touch on important challenge areas ranging from network security to mobile ad hoc network design.     

移动通信网中的端端保密通信

移动通信网络应用范围的不断扩展和新型业务的涌现需要有更多的特殊安全协议来保障其安全性.Yi Mu和Vijay Varadharajan提出了两种分别应用于同一服务区和不同服务区的端端保密通信协议 .本文首先分析了其不足之处,然后设计了同时适用于同一归属局和不同归属局移动用户之间进行保密通信的安全协议(分别称为域内和域间保密通信协议),最后,分析了上述协议的各项性能.与原有协议相比,本文所提出的协议不仅在安全性和其他性能上有较大改进,而且更具普遍性和统一性.     

移动网络安全防护技术

移动网络向着高速率、全IP方向发展,承载的业务种类也越来越多,这就对移动网络的安全提出了新的要求。传统的安全方案并不能适应新的安全需要。文章分析了3G/4G移动网络的安全威胁和需求,从移动网络的整体架构出发,提出了基于安全服务的安全防护方案。该方案在移动终端上构建可信计算环境,将软件合法性验证与访问控制相结合,在服务管理中心对移动终端提供完整性检查和软件合法性验证等安全服务,从而在很大程度上保护了移动终端以及移动网络的安全。进一步,文章给出了未来需研究的问题及发展方向。     

A framework for enhancing mobile workflow execution through injection of flexible security controls

Mobile workflow execution is gaining importance as traditional process execution systems are employed in many new scenarios such as mobile networks or the Internet of Things. Unfortunately, in these solutions, security is still based on control loops or computer science techniques which have not evolved as fast as current mobile systems and applications. In this context, in order to improve the security level of these systems, it is necessary to create a security framework tightly coupled with the mobile workflow execution platforms. To contribute filling this gap, we propose a framework to inject security controls in workflows, which supports mobile execution and allows a flexible decision making. This solution models security as control points where some relevant previously defined indicators are evaluated. Depending on the obtained values, the framework takes corrective, preventive or adaptive actions, considering also the execution system capabilities and the workflow being executed. In order to evaluate the effectiveness and performance of the proposed solution we include experimental validation.