Secure and efficient key management in mobile ad hoc networks

In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We propose a secure and efficient key management (SEKM) framework for mobile ad hoc networks. SEKM builds a public key infrastructure (PKI) by applying a secret sharing scheme and using an underlying multi-cast server groups. We give detailed information on the formation and maintenance of the server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The performance of SEKM is evaluated through simulation.     

基于自验证公钥的安全高效WMNs密钥生成机制

针对无线mesh网络现有的密钥生成机制中,无法实现双向认证、会话密钥协商以及过度消耗节点资源的问题,结合基于椭圆曲线的密码体制和基于自验证公钥的密钥生成方法,提出一种可用于无线mesh网络的密钥生成机制.这种机制避免了密钥托管,可实现通信双方身份认证和会话密钥协商,具有抵抗常见攻击的安全属性.实验及分析表明,相比同类协议,具有更低的计算和通信代价.     

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.     

Mobility management for IP-based next generation mobile networks: Review, challenge and perspective

IP Mobility management protocols are divided into two kinds of category: host-based and network-based mobility protocol. The former category, such as MIPv6 protocol and its enhancements (e.g., HMIPv6 and FMIPv6), supports the mobility of a Mobile Node (MN) to roam across network domains. This is done through the involvement of MN in the mobility-related signalling, which requires protocol stack modification and IP address changes on the MN. The latter category, such as PMIPv6 protocol, handles mobility management on behalf of the MN thereby enabling it to connect and roam within localized domains, which requires neither protocol stack modification nor IP address change of the MN. PMIPv6 attracts attention in the Internet and telecommunication societies by improving the performance of the MN's communication to fulfil the requirements of QoS for real-time services. In this article, we present IPv6 features to support mobile systems and survey the mobility management services along with their techniques, strategies and protocol categories, and elaborate upon the classification and comparison among various mobility management protocols. Furthermore, it identifies and discusses several issues and challenges facing mobility management along with an evaluation and comparison of several relevant mobility studies.     

Multicast/broadcast network convergence in next generation mobile networks

The 3GPP Multimedia Broadcast Multicast Service (MBMS) aims to introduce group communications into the 3G networks. One of the current key challenges is how to evolve these incipient features towards the “beyond 3G vision” of a converged global network where multimedia content can be delivered over one or more selected broadcast transport bearers. This paper presents potential multicast/broadcast technologies convergence and discusses the issues and challenges in moving towards this next generation network vision from the viewpoint of evolving MBMS.     

Evaluating location management schemes for third generation mobile networks

Several strategies have been proposed recently to improve the performance of the IS-41 location management scheme. A forwarding pointers' strategy and a built-in memory strategy are proposed to reduce the signaling cost for location update and improve the IS-41 location update procedure. In this paper, we present a performance analysis of each strategy in an arbitrary time interval. In this analysis, users are classified by their call to mobility ratio which is defined as the call arrival rate divided by the mobility rate. We evaluate each of these strategies using this call to mobility ratio in order to come up with a set of recommendations that determine when each strategy is beneficial and for which class of users. We provide also a simplified analysis of the database loads generated by each strategy.     

Achieving secure data access control and efficient key updating in mobile multimedia sensor networks

Multimedia Tools and Applications - MMSN is a new type of wireless sensor networks, which can satisfy the demands of capturing various structures of multimedia data. Due to its better performance...     

An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks

We address the problem of mutual authentication and key agreement with user anonymity for mobile networks. Recently, Lee et al. proposed such a scheme, which is claimed to be a slight modification of, but a security enhancement on Zhu et al.’s scheme based on the smart card. In this paper, however, we reveal that both schemes still suffer from certain weaknesses which have been previously overlooked, and thus are far from the desired security. We then propose a new protocol which is immune to various known types of attacks. Analysis shows that, while achieving identity anonymity, key agreement fairness, and user friendliness, our scheme is still cost-efficient for a general mobile node.     

An efficient location-based compromise-tolerant key management scheme for sensor networks

Location information has been paid much more attention in sensor network key management schemes. In 2006, Zhang et al. proposed a location-based key management scheme by binding private keys of individual nodes to both their identities and locations. In this Letter, however, we show that their scheme cannot resist key compromise impersonation (KCI) attack, and does not achieve forward secrecy. In fact, an adversary who compromises the location-based secret key of a sensor node A, can masquerade as any other legitimate node or even fake a node to establish the shared key with A, as well as decrypt all previous messages exchanged between A and its neighboring nodes. We then propose a new scheme which provides KCI resilience, perfect forward secrecy and is also immune to various known types of attacks. Moreover, our scheme does not require any pairing operation or map-to-point hash operation, which is more efficient and more suitable for low-power sensor nodes.     

SLA-controlled interconnection charging in next generation networks

Next generation network (NGN) should facilitate a single party to establish quality of service (QoS) enabled path between the two IP providers mutually interconnected by one or more transit providers. For that purpose, an end-to-end service level agreement (SLA) should be negotiated and maintained. In this article, we propose interconnection charging, which is controlled by the end-to-end SLA. Relationships between the required, offered, and actually achieved inter-provider QoS are quantified through the degrees of offering and provisioning, at both end-to-end and per-domain levels. Nominal retail price offered to end users and interconnection costs related with particular SLA are then corrected if needed, depending on the offered and provisioned QoS levels. We further propose five policies for interconnection charging and compare them under different QoS provisioning scenarios. Results of the analysis indicate that a properly selected SLA-controlled interconnection charging policy should encourage providers: (1) to offer services with different QoS levels; (2) to offer service that perfectly or most approximately matches the required QoS and (3) to achieve the contracted QoS level.     

An efficient password-based three-party authenticated multiple key exchange protocol for wireless mobile networks

With the rapid development of wireless mobile communication, the password-based three-party authenticated key exchange protocol has attracted an increasing amount of attention. To generate more session keys at one time for different applications, Li et al. proposed a password-based three-party authenticated multiple key exchange (3PAMKE) protocol for wireless mobile networks. They claimed that their protocol could withstand various attacks. In this paper, we will show Li et al.’s protocol is not secure off-line password guessing. Furthermore, we proposed an improved 3PAMKE protocol to overcome weakness in Li et al.’s protocol. Security analysis and performance analysis shows our protocol not only overcomes security weakness, but also has better performance. Therefore, our protocol is more suitable for wireless mobile networks.     

Alliance-based clustering scheme for group key management in mobile ad hoc networks

Several protocols have been proposed to deal with the group key management problem in mobile ad hoc networks (MANETs). Most of these protocols organize the network into clusters to reduce the cost of key refresh or rekeying. Rekeying constitutes a challenging issue in group key management because it must be launched whenever the constitution of the group is altered following a leave or a join operation. However, cluster maintenance may also generate significative communication overhead. So, the clustering algorithm is an important factor in the performance of any key management solution. A clustering algorithm that ensures stable clusters in spite of mobility is very appreciable in mobile ad hoc networks. In fact, all the overhead due to the traffic generated by cluster adjustments and the related rekeying procedures will be saved. As far as we know, no existing clustering algorithm takes into account self-stabilization while relying on the mobility resilience of graph alliances. In this paper, we propose a fully distributed and self-stabilizing clustering algorithm for key management in MANETs where each cluster is an alliance.     

A sustainable and collaborative strategy for dynamic spectrum management in next generation wireless networks

Next generation wireless technologies offer various services from voice call to full motion pictures and even to high speed internet access. Consequently, the service providers (SP) armed with different wireless technologies (like 2.5G/3G/LTE) would require an adequate and significant amount of spectrum bandwidth for satisfying the need of their customers. Hence to achieve complete commercialization, the SPs, operating simultaneously, would demand for more and more spectrum from the regulatory body of the country. The spectrum demand on the part of the SP may vary with time (dynamic) because of varied kind of loads which are generated depending on the nature of the client-base, their requirements and their expected quality of experience. This work has addressed this challenging issue of allocating spectrum dynamically to different technologies under the portfolio of an SP. Here, we have conceived a scenario where service providers (SP) own multiple access networks (ANs) of different technologies. We envisage that an entity, called local spectrum controller (LSC) which is dedicated for managing the common pool of spectrum allocated to each SP. LSC is mainly responsible for distributing the spectrum to individual ANs of an SP in a fair manner. Since the available spectrum may not be sufficient enough to satisfy the aggregate demand from all ANs simultaneously, an LSC may face a situation, where satisfying individual demands from all ANs may result in a compromise between the demand and supply. This demand–supply situation would force an LSC or an SP to adhere to some dynamic spectrum management strategy, where demands of an AN would have to be satisfied depending on the current state of available spectrum and required usage of it. This calls for an adaptive dynamic strategy to be introduced by an SP for efficient spectrum distribution. The dynamic disparity of spectrum allocation can be idealized as a game between LSC and ANs. Hence, in the present work, we have modeled the problem of dynamic spectrum allocation as an n-player cooperative bankruptcy game and have solved the problem with the help of Shapley value and τ-value separately. We have investigated whether the ANs find it beneficial to cooperate with each other to make the solution sustainable enough. To evaluate the performances of the games that the ANs play, we have designed a novel utility function for each AN. We have identified plausible aims of an SP as minimizing overall dissatisfaction (MOD) and maximizing equality of distribution (MED). Next, we have studied performances of the above two solution concepts against max–min fairness algorithm (benchmarked in our case) with respect to the above objectives of LSC. Finally, we have proposed a unique heuristic in order to facilitate the decision making process of dynamic spectrum allocation, which leads to an adaptive yet optimized spectrum allocation strategy.     

Access network synthesis game in next generation networks

In next generation communication networks, multiple access networks will coexist on a common service platform. In cases where network resource planning indicates that individual access network resources are insufficient to meet service demands, these networks can cooperate and combine their resources to form a unified network that satisfies these demands. We introduce and study the Network Synthesis game, in which individual access networks with insufficient resources form coalitions in order to satisfy service demands. The formation of stable coalitions in the core of the game is investigated, in both cases where payoffs are transferable or are attributed in proportion to the contribution of each member of the coalition. We also consider an alternative payoff allocation approach, according to the value of the well-known Shapley–Shubik, Banzhaf and Holler–Packel power indices, which represent the relative power each player has in the formation of coalitions. Using the knowledge attained from the coalition game analysis, we propose a new power index, called Popularity Power Index, which is based on the number of stable coalitions an access network would participate in if payoffs were assigned in a fair manner.     

Secure access policy for efficient resource in mobile computing environment

As the Internet was activated and the mobile environment developed, it has become more common to access dynamic XML data regardless of location and time. XML is widely used for information exchange and representation of data for databases, applications, etc., using the advantage to describe information. As a result, large-capacity XML data becomes increasingly complex, and demand for data access policies is increasing. Security issues such as authorization of access to resources, authentication, security enhancement and privacy arise. The mobile computing environment differs from existing information systems in several ways, so it is difficult to apply the existing access control as it is. Therefore, this paper proposes a secure access policy method for query processing to enable efficient resource management in dynamic XML data environment. The results of the evaluation are also presented to show that the additionally proposed method is efficient and excellent.     

Simplifying public key management

Many security protocols in use today were designed under the assumption that some form of global distributed public key infrastructure would eventually emerge to address key management problems. These protocols go back to the early 1990s, when a universal PKI was thought to be just around the corner. Ten years later, it's still just around the corner, and it probably always will be. Consequently, existing protocols originally designed to rely on a global PKI must either employ ad hoc solutions or use any public key that turns up, because the only alternative is not to use any keys at all. In the absence of a PKI, system administrators can incorporate alternative approaches that are easy to use, transparent to end users, and have a low unit cost.     

Secure and efficient privacy-preserving public auditing scheme for cloud storage

Cloud computing poses many challenges on integrity and privacy of users’ data though it brings an easy, cost-effective and reliable way of data management. Hence, secure and efficient methods are needed to ensure integrity and privacy of data stored at the cloud. Wang et al. proposed a privacy-preserving public auditing protocol in 2010 but it is seriously insecure. Their scheme is vulnerable to attacks from malicious cloud server and outside attackers regarding to storage correctness. So they proposed a scheme in 2011 with an improved security guarantee but it is not efficient. Thus, in this paper, we proposed a scheme which is secure and with better efficiency. It is a public auditing scheme with third party auditor (TPA), who performs data auditing on behalf of user(s). With detail security analysis, our scheme is proved secure in the random oracle model and our performance analysis shows the scheme is efficient.     

基于公钥广播加密的安全组播方案

应用公钥广播加密进行安全组播的难点是如何更有效地权衡实现代价和安全性.通过引入身份标志区分各个接收者,并利用一组接收者的身份标志代替一般公钥广播加密方案中的组公钥,缩短了系统公钥参数的长度.将新的公钥广播加密方案应用到安全组播通信的过程表明,该方案有效降低了计算和通信代价,且达到了抗选择密文攻击的语义安全性.     

A generic accounting scheme for next generation networks

Accounting is generally considered as one of the most challenging issues in modern and future mobile networks. As multi-domain complex heterogeneous environments are becoming a common terrain, accounting procedures performed by network and service providers have turned into a key aspect. However, in order for these networks to reliably deliver modern real-time services, they should, among other things, provide accurate accounting services, particularly billing. This work elaborates on the accounting process, proposing a novel and robust accounting system. The requirements of the proposed mechanism are defined and all the accounting scenarios that the system should cope with are examined. All the proposed accounting extensions are implemented by means of Diameter AVPs and commands. Our mechanism is generic and capitalizes on the existing AAA infrastructure, thus providing secure means to transfer and store sensitive billing data. More importantly, it can be easily incorporated into the providers’ existing mechanisms regardless of the underlying network technology. At the same time, its generic nature allows for interoperability between different network operators and service providers. Through extensive experimentation, we can also infer that our scheme is lightweight, scalable, and easy to implement requiring only minor modifications to the core Diameter protocol.