Secure and efficient key management in mobile ad hoc networks

In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We propose a secure and efficient key management (SEKM) framework for mobile ad hoc networks. SEKM builds a public key infrastructure (PKI) by applying a secret sharing scheme and using an underlying multi-cast server groups. We give detailed information on the formation and maintenance of the server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The performance of SEKM is evaluated through simulation.     

基于自验证公钥的安全高效WMNs密钥生成机制

针对无线mesh网络现有的密钥生成机制中,无法实现双向认证、会话密钥协商以及过度消耗节点资源的问题,结合基于椭圆曲线的密码体制和基于自验证公钥的密钥生成方法,提出一种可用于无线mesh网络的密钥生成机制.这种机制避免了密钥托管,可实现通信双方身份认证和会话密钥协商,具有抵抗常见攻击的安全属性.实验及分析表明,相比同类协议,具有更低的计算和通信代价.     

基于簇结构的Ad Hoc网络安全密钥管理方案

针对移动自组网络,提出了一种基于簇结构的分布式安全密钥管理方案,将系统私钥与簇私钥结合起来,增强了网络的认证、机密性、可用性及鲁棒性等多方面的安全性。     

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.     

Secure clustering and routing for heterogeneous mobile wireless sensor networks with dynamic key management

In mobile wireless sensor networks, the process of offering security to the network after computing dynamic key may result in misuse of information by malicious node. All the messages exchanged during the inter-cluster routing also need to be protected by providing integrity and confidentiality. The proposed architecture includes heterogeneous backbone nodes (BNs) deployed in the network using particle swarm optimisation technique. They perform secure clustering process using exclusion basis system. The cluster head is chosen based on weight value that is estimated using parameters such as the node degree (ND), distance to BN, node velocity and virtual battery power. Once the clusters are formed, the cluster members estimate the cost value based on location, ND and virtual battery power. This cost value is used by the member nodes to calculate the dynamic key for its data communication. Since the parameters used for clustering are further used during dynamic key generation, security has to be provided to the clustering phase. When the node moves from one cluster to another, secure cluster maintenance is performed and when the data need to be transmitted from source to sink, secure route discovery is executed within the clusters. By simulation results, we show that the proposed technique is more secured and minimises the communication and storage overhead.     

Mobility management for IP-based next generation mobile networks: Review, challenge and perspective

IP Mobility management protocols are divided into two kinds of category: host-based and network-based mobility protocol. The former category, such as MIPv6 protocol and its enhancements (e.g., HMIPv6 and FMIPv6), supports the mobility of a Mobile Node (MN) to roam across network domains. This is done through the involvement of MN in the mobility-related signalling, which requires protocol stack modification and IP address changes on the MN. The latter category, such as PMIPv6 protocol, handles mobility management on behalf of the MN thereby enabling it to connect and roam within localized domains, which requires neither protocol stack modification nor IP address change of the MN. PMIPv6 attracts attention in the Internet and telecommunication societies by improving the performance of the MN's communication to fulfil the requirements of QoS for real-time services. In this article, we present IPv6 features to support mobile systems and survey the mobility management services along with their techniques, strategies and protocol categories, and elaborate upon the classification and comparison among various mobility management protocols. Furthermore, it identifies and discusses several issues and challenges facing mobility management along with an evaluation and comparison of several relevant mobility studies.     

Multicast/broadcast network convergence in next generation mobile networks

The 3GPP Multimedia Broadcast Multicast Service (MBMS) aims to introduce group communications into the 3G networks. One of the current key challenges is how to evolve these incipient features towards the “beyond 3G vision” of a converged global network where multimedia content can be delivered over one or more selected broadcast transport bearers. This paper presents potential multicast/broadcast technologies convergence and discusses the issues and challenges in moving towards this next generation network vision from the viewpoint of evolving MBMS.     

一种无证书的移动Ad hoc网络密钥管理方案

结合无证书签密协议,提出一种分级移动Adhoc网络密钥管理方案。该方案不需要公钥证书,用户自己生成公钥,有效地降低了用户终端计算、存储能力的需求和系统密钥管理的通信开销;同时密钥生成中心为用户生成部分私钥,解决了基于身份密码体制中的密钥托管问题;分级的结构将网上节点分成一些相对独立的自治域,既提高了安全服务的可用性和可扩充性,也便于对某些紧急情况快速做出反应。     

安全高效的群组密钥协商协议

群组密钥协商(GKA)是保证随后安全通信的重要手段之一。提出了一种新的群组密钥协商协议,在协议中,参与者可以通过一系列算法对其他参与者的真伪进行验证。该协议以较低的计算成本实现参与者安全的会话密钥协商,具备可容错性和长期私钥可重用性的特点。分析表明可抵抗多数常见攻击。     

Evaluating location management schemes for third generation mobile networks

Several strategies have been proposed recently to improve the performance of the IS-41 location management scheme. A forwarding pointers' strategy and a built-in memory strategy are proposed to reduce the signaling cost for location update and improve the IS-41 location update procedure. In this paper, we present a performance analysis of each strategy in an arbitrary time interval. In this analysis, users are classified by their call to mobility ratio which is defined as the call arrival rate divided by the mobility rate. We evaluate each of these strategies using this call to mobility ratio in order to come up with a set of recommendations that determine when each strategy is beneficial and for which class of users. We provide also a simplified analysis of the database loads generated by each strategy.     

Achieving secure data access control and efficient key updating in mobile multimedia sensor networks

Multimedia Tools and Applications - MMSN is a new type of wireless sensor networks, which can satisfy the demands of capturing various structures of multimedia data. Due to its better performance...     

An efficient mutual authentication and key agreement protocol preserving user anonymity in mobile networks

We address the problem of mutual authentication and key agreement with user anonymity for mobile networks. Recently, Lee et al. proposed such a scheme, which is claimed to be a slight modification of, but a security enhancement on Zhu et al.’s scheme based on the smart card. In this paper, however, we reveal that both schemes still suffer from certain weaknesses which have been previously overlooked, and thus are far from the desired security. We then propose a new protocol which is immune to various known types of attacks. Analysis shows that, while achieving identity anonymity, key agreement fairness, and user friendliness, our scheme is still cost-efficient for a general mobile node.     

An efficient location-based compromise-tolerant key management scheme for sensor networks

Location information has been paid much more attention in sensor network key management schemes. In 2006, Zhang et al. proposed a location-based key management scheme by binding private keys of individual nodes to both their identities and locations. In this Letter, however, we show that their scheme cannot resist key compromise impersonation (KCI) attack, and does not achieve forward secrecy. In fact, an adversary who compromises the location-based secret key of a sensor node A, can masquerade as any other legitimate node or even fake a node to establish the shared key with A, as well as decrypt all previous messages exchanged between A and its neighboring nodes. We then propose a new scheme which provides KCI resilience, perfect forward secrecy and is also immune to various known types of attacks. Moreover, our scheme does not require any pairing operation or map-to-point hash operation, which is more efficient and more suitable for low-power sensor nodes.     

SLA-controlled interconnection charging in next generation networks

Next generation network (NGN) should facilitate a single party to establish quality of service (QoS) enabled path between the two IP providers mutually interconnected by one or more transit providers. For that purpose, an end-to-end service level agreement (SLA) should be negotiated and maintained. In this article, we propose interconnection charging, which is controlled by the end-to-end SLA. Relationships between the required, offered, and actually achieved inter-provider QoS are quantified through the degrees of offering and provisioning, at both end-to-end and per-domain levels. Nominal retail price offered to end users and interconnection costs related with particular SLA are then corrected if needed, depending on the offered and provisioned QoS levels. We further propose five policies for interconnection charging and compare them under different QoS provisioning scenarios. Results of the analysis indicate that a properly selected SLA-controlled interconnection charging policy should encourage providers: (1) to offer services with different QoS levels; (2) to offer service that perfectly or most approximately matches the required QoS and (3) to achieve the contracted QoS level.     

基于自认证公钥的全分布式移动Ad hoc网络密钥管理方案

针对移动Ad hoc网络中迫切需要解决的安全问题是建立一个安全、高效、可行的密钥管理系统,提出了一种基于自认证公钥,结合全分布式的网络结构的新的适合于Ad hoc网络密钥管理方案。新方案有效地解决了节点间的信任问题,并具有良好的安全性、可用性和扩展性,效率较高,适用于有计划的、长期的Ad hoc网络。     

Alliance-based clustering scheme for group key management in mobile ad hoc networks

Several protocols have been proposed to deal with the group key management problem in mobile ad hoc networks (MANETs). Most of these protocols organize the network into clusters to reduce the cost of key refresh or rekeying. Rekeying constitutes a challenging issue in group key management because it must be launched whenever the constitution of the group is altered following a leave or a join operation. However, cluster maintenance may also generate significative communication overhead. So, the clustering algorithm is an important factor in the performance of any key management solution. A clustering algorithm that ensures stable clusters in spite of mobility is very appreciable in mobile ad hoc networks. In fact, all the overhead due to the traffic generated by cluster adjustments and the related rekeying procedures will be saved. As far as we know, no existing clustering algorithm takes into account self-stabilization while relying on the mobility resilience of graph alliances. In this paper, we propose a fully distributed and self-stabilizing clustering algorithm for key management in MANETs where each cluster is an alliance.     

An efficient password-based three-party authenticated multiple key exchange protocol for wireless mobile networks

With the rapid development of wireless mobile communication, the password-based three-party authenticated key exchange protocol has attracted an increasing amount of attention. To generate more session keys at one time for different applications, Li et al. proposed a password-based three-party authenticated multiple key exchange (3PAMKE) protocol for wireless mobile networks. They claimed that their protocol could withstand various attacks. In this paper, we will show Li et al.’s protocol is not secure off-line password guessing. Furthermore, we proposed an improved 3PAMKE protocol to overcome weakness in Li et al.’s protocol. Security analysis and performance analysis shows our protocol not only overcomes security weakness, but also has better performance. Therefore, our protocol is more suitable for wireless mobile networks.     

A sustainable and collaborative strategy for dynamic spectrum management in next generation wireless networks

Next generation wireless technologies offer various services from voice call to full motion pictures and even to high speed internet access. Consequently, the service providers (SP) armed with different wireless technologies (like 2.5G/3G/LTE) would require an adequate and significant amount of spectrum bandwidth for satisfying the need of their customers. Hence to achieve complete commercialization, the SPs, operating simultaneously, would demand for more and more spectrum from the regulatory body of the country. The spectrum demand on the part of the SP may vary with time (dynamic) because of varied kind of loads which are generated depending on the nature of the client-base, their requirements and their expected quality of experience. This work has addressed this challenging issue of allocating spectrum dynamically to different technologies under the portfolio of an SP. Here, we have conceived a scenario where service providers (SP) own multiple access networks (ANs) of different technologies. We envisage that an entity, called local spectrum controller (LSC) which is dedicated for managing the common pool of spectrum allocated to each SP. LSC is mainly responsible for distributing the spectrum to individual ANs of an SP in a fair manner. Since the available spectrum may not be sufficient enough to satisfy the aggregate demand from all ANs simultaneously, an LSC may face a situation, where satisfying individual demands from all ANs may result in a compromise between the demand and supply. This demand–supply situation would force an LSC or an SP to adhere to some dynamic spectrum management strategy, where demands of an AN would have to be satisfied depending on the current state of available spectrum and required usage of it. This calls for an adaptive dynamic strategy to be introduced by an SP for efficient spectrum distribution. The dynamic disparity of spectrum allocation can be idealized as a game between LSC and ANs. Hence, in the present work, we have modeled the problem of dynamic spectrum allocation as an n-player cooperative bankruptcy game and have solved the problem with the help of Shapley value and τ-value separately. We have investigated whether the ANs find it beneficial to cooperate with each other to make the solution sustainable enough. To evaluate the performances of the games that the ANs play, we have designed a novel utility function for each AN. We have identified plausible aims of an SP as minimizing overall dissatisfaction (MOD) and maximizing equality of distribution (MED). Next, we have studied performances of the above two solution concepts against max–min fairness algorithm (benchmarked in our case) with respect to the above objectives of LSC. Finally, we have proposed a unique heuristic in order to facilitate the decision making process of dynamic spectrum allocation, which leads to an adaptive yet optimized spectrum allocation strategy.     

Access network synthesis game in next generation networks

In next generation communication networks, multiple access networks will coexist on a common service platform. In cases where network resource planning indicates that individual access network resources are insufficient to meet service demands, these networks can cooperate and combine their resources to form a unified network that satisfies these demands. We introduce and study the Network Synthesis game, in which individual access networks with insufficient resources form coalitions in order to satisfy service demands. The formation of stable coalitions in the core of the game is investigated, in both cases where payoffs are transferable or are attributed in proportion to the contribution of each member of the coalition. We also consider an alternative payoff allocation approach, according to the value of the well-known Shapley–Shubik, Banzhaf and Holler–Packel power indices, which represent the relative power each player has in the formation of coalitions. Using the knowledge attained from the coalition game analysis, we propose a new power index, called Popularity Power Index, which is based on the number of stable coalitions an access network would participate in if payoffs were assigned in a fair manner.