Research On Key Technologies Of Wireless Network Security

The emergence of wireless networking technologies makes people to get rid of the shackles of time, place, and object, greatly improving the quality of human life and work, and speeding up the process of social development. However, due to the inherent open nature of wireless communication environment, limited-resource and mobility of wireless terminals and dynamic network topology, wireless networks are facing greater security risk. As the security mecha-nisms in wired networks cannot be directly applied to the wireless networks, there are many obstacles to the design and implementation of wireless network security solutions. Therefore, as the key issues affecting the development of wireless networks, how to protect the security and privacy of current wireless networks have been urgent and hot research issues in academia and industry. The key techniques to ensure wireless network security include:privacy protec-tion, secure reprogramming, user authentication, trust management, and secure communication architecture.This thesis carries out a comprehensive analysis for the research of wireless network secu-rity, and then concludes that there are three important problems:Firstly, with respect to traditional wireless network applications, although there is a large number of existing security solutions, these methods have their respective limitations, especially that wireless networks and their hosted services have diversified requirements for security and privacy. Consider roaming services as an example. We provide a brief state-of-the-art survey of existing work and point out their limitations in securing roaming services. Moreover, we propose some mechanisms to complement the security provided by the existing work, and then present challenges that need to be addressed in new roaming authentication. The work has been published at IEEE Communications Magazine.Secondly, the development pace of wireless networks is very fast;new standards, technolo-gies, and applications continue to emerge. Because many different kinds of wireless networks have their own sets of security requirements, most existing security mechanisms cannot be applied to the emerging applications. Therefore, it is necessary to identify new security and privacy requirements, study and develop appropriate security protection schemes. In this thesis, we consider the service provision of smart grids as an example. We first identify the cyber secu-rity challenges on service provision in the smart grid. Then we present two main security issues related to service provision and provide potential solutions. Finally, we suggest directions of future work on secure service provision by describing several open issues. The work has been published at IEEE Communications Magazine.Thirdly, with the progress of social civilization, the awareness and view points for security and privacy issue from people have been expanding. In particular, value-added business from emerging networks also makes a higher demand for privacy. For military, medical, financial and other security-sensitive industries, the ability to satisfy demanding privacy protection needs even becomes the most important metric of measuring how useful is a wireless network.In order to solve the above three issues, this thesis mainly focus on the five key technolo-gies, i.e., privacy protection, secure reprogramming, user authentication, trust management and secure communication architecture. This thesis conducts an in-depth literature review on each of the above areas, presents a series of innovative theories, designs and implements a num-ber of security protection protocols, thus it has important theoretical and practical values and will be a strong impetus to the development of wireless networks. This thesis makes five main contributions:(1) Privacy Protection:In this topic, we have several important outputs. First, we have designed, implemented and evaluated a novel approach, Priccess, to ensure distributed privacy-preserving access control in wireless networks. Through the experimental results of Priccess in a network of Imote2motes, we have shown the efficiency of Priccess in practice. This work has been published in INFOCOM2011and IEEE Transactions on Wireless Communications. Then we have proposed a privacy-preserving universal authentication protocol, called Priauth, which provides strong user anonymity against both eavesdroppers and foreign servers, session key es-tablishment, and achieves efficiency. Most importantly, Priauth provides an efficient approach to tackle the problem of user revocation while supporting strong user untraceability. This work has been published at IEEE Transactions on Wireless Communications. Third, we have developed a secure and efficient authentication protocol named Handauth. Similar to other mechanisms of this field, Handauth provides user authentication and session key establishment. However, compared to other well-known approaches, Handauth not only enjoys both computation and communication efficiency, but also achieves strong user anonymity and untraceablility, forward secure user revocation, conditional privacy-preservation, AAA server anonymity, access ser-vice expiration management, access point authentication, easily scheduled revocation, dynamic user revocation and attack-resistance. Experimental results show that the proposed approach is feasible for real-world applications. This work has been published in IEEE Transactions on Computers. Finally, we have explored the features of Vehicle-to-grid (V2G) networks and iden-tified the security challenges, and then proposed a novel architecture, named PESC, to achieve a balance among security, anonymity and non-linkability, high efficiency, and accountability for malicious behaviours. Experiments using our implementation on Laptop PCs show that the proposed architecture is feasible in real-world applications.(2) Secure Reprogramming:While all existing insecure/secure reprogramming protocols are-based on the centralized approach, it is important to support distributed reprogramming in which multiple authorized network users can simultaneously and directly reprogram sensor nodes without involving the base station. In this topic, we have proposed a novel secure and distributed reprogramming protocol named SDRP, which is the first work of its kind. This work has been published in IEEE Transactions on Industrial Electronics. Then, we have developed a secure and distributed code dissemination protocol named DiCode. A salient feature of DiCode is its ability to resist denial-of-service attacks which have severe consequences on network availability. This work has been published in IEEE Transactions on Wireless Communications. To verify the efficiency of the proposed approaches in practice, we have also implemented both of them in a network of resource-constrained sensor nodes. Later on, we have identified an inherent design weakness in the user pre-processing phase of SDRP, and demonstrate that it is vulnerable to an impersonation attack. Subsequently, we have proposed a simple modification to fix the identified security problem without losing any features of SDRP. Moreover, we show that, for security and efficiency consideration, any efficient identity-based signature algorithm which has survived many years of public scrutiny can be directly employed in SDRP. This paper also reports the experimental results of the improved SDRP in Laptop PCs and resource-limited sensor nodes, which show its efficiency in practice. This work has been published at IEEE Transactions on Industrial Electronics.(3) User Authentication:Recently, due to tamper-resistance and convenience in manag-ing a password file, some smart card based secure authentication schemes have been proposed. However, we have identified some security weaknesses in those schemes, and then developed a secure and light-weight authentication scheme with user anonymity. Based on an enhanced two-factor user authentication protocol, the proposed scheme only uses hash function, and a successful user authentication just requires three message exchanges. This work has been pub-lished in Elsevier Computer Communications. Furthermore, a novel handover authentication protocol named PairHand is developed. PairHand uses pairing-based cryptography to secure handover process and to achieve high efficiency. Also, an efficient batch signature verification scheme is incorporated into PairHand. Experiments using our implementation on laptop PCs show that PairHand is feasible in real-world applications. This work has been published in IEEE Transactions on Wireless Communications. Unfortunately, under certain circumstances, Pairhand is vulnerable to a session key compromised problem. To fix this problem, we have pro-posed a simple modification to PairHand without losing any its features (such as high efficiency and robust security). This work has been published at IEEE Communications Letters.(4) Trust Management:We study this topic in the context of medical sensor networks (MSNs). Traditional cryptographic mechanisms do not suffice given the unique characteristics of MSNs, and the fact that MSNs are susceptible to a variety of node misbehaviors. In such situations, the security and performance of MSNs depend on the cooperative and trust nature of the distributed nodes, and it is important for each node to evaluate the trustworthiness of other nodes. In this topic, we first identified the unique features of MSNs and introduced relevant node behaviors, such as transmission rate and leaving time, into trust evaluation to detect mali-cious nodes. We have then proposed an application-independent and distributed trust evaluation model for MSNs. We have collected experimental results of the Collection Tree Protocol (CTP) with the addition of our proposed model in a network of TelosB motes, which show that the network performance can be significantly improved in practice. This work has been published in IEEE Transactions on Information Technology in Biomedicine. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfor-tunately, this issue is often ignored in existing trust systems. To address this issue, we have developed an attack-resistant and lightweight trust management scheme named ReTrust. Based on the experimental results of the CTP using our proposed system in a network of TelosB motes, we have shown that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice. This work has been published in IEEE Transactions on Information Technology in Biomedicine.(5) Secure Communication Architecture:In this topic, we have identified the requirements to secure smart grid communication networks, and argued that public key infrastructure (PKI) is a viable solution. Yet, we have also pointed out some limitations of PKI in securing smart grids, we then introduced some novel mechanisms to complement the security services provided by PKI. This work has been noticed for Major Revision by IEEE Communications Magazine. We have also studied this topic in the context of body sensor networks (BSNs). A BSN is a wire-less network of biosensors designed to deliver personal health information (PHI) to a handheld device, called personal wireless hub (PWH). It is critical to restrict the network admission only to eligible biosensors and PWH, while packets from outsiders will not be transferred in the net-work. Also, securing the transmission from each biosensor to PWH is essential not only for ensuring safety of PHI delivery, but also for preserving the privacy of PHI. To this end, we have designed, implemented, and evaluated a secure network admission and transmission system for BSNs. This work has been published at IEEE Journal of Biomedical and Health Informatics.