Akshai Aggarwal

A Survey of Applications of Identity-Based Cryptography in Mobile Ad-Hoc Networks

Security in mobile ad-hoc networks (MANETs) continues to attract attention after years of research. Recent advances in identity-based cryptography (IBC) sheds light on this problem and has become popular as a solution base. We present a comprehensive picture and capture the state of the art of IBC security applications in MANETs based on a survey of publications on this topic since the emergence of IBC in 2001. In this paper, we also share insights into open research problems and point out interesting future directions in this area.

An adaptive generalized scheduler for grid applications

The compute resources of a grid resource-service provider may be distributed over a wide geographical area. If the resource-service provider is to use his resources effectively, in addition to the characteristics of the compute-nodes and the applications, the characteristics of the communication network must also be known. A generalized scheduler should be able to handle a diverse set of jobs, with arbitrary inter-dependencies among processes and arbitrary communication channel delays. On a grid, the scheduling algorithm should respond quickly to the changing workload and environmental conditions without causing much overhead. Hence it should be able to customize its strategy in accordance with the prevailing conditions. In this paper, the algorithm for an adaptive scheduler, which can be used to map a set of jobs, of wide diversity, to a dynamic set of nodes, with prior reservations, is being presented. The scheduler has been tested extensively.

PKI-Based Authentication Mechanisms in Grid Systems

Grids have emerged as the basic infrastructure for high performance distributed computing and data collaborations. Although they depict an attractive new world of computing, security is the biggest barrier against wide adoption of Grids. Authentication is the basis of security in grids. GSI uses X.509 PKI and proxy certificates as authentication foundation, and uses gateway for mapping certificates between different authentication mechanisms. In this article, we review PKI and PKI-based authentication mechanisms used in grid systems. These mechanisms are insufficient or problematic under some circumstances. We study and analyze some prominent challenges or problems: compatibility across different PKIs, proxy certificate revocation, security weakness, and authentication in ad hoc grids. For each of them, we introduce possible solutions, and analyze state-of-the-art technologies and ongoing researches that indicate the direction of future work on this topic.

A key management and secure routing integrated framework for Mobile Ad-hoc Networks

Key management (KM) and secure routing (SR) are two most important issues for Mobile Ad-hoc Networks (MANETs), but previous solutions tend to consider them separately. This leads to KM-SR interdependency cycle problem. In this paper, we propose a KM-SR integrated scheme that addresses KM-SR interdependency cycle problem. By using identity based cryptography (IBC), this scheme provides security features including confidentiality, integrity, authentication, freshness, and non-repudiation. Compared to symmetric cryptography, traditional asymmetric cryptography and previous IBC schemes, this scheme has improvements in many aspects. We provide theoretical proof of the security of the scheme and demonstrate the efficiency of the scheme with practical simulation.

Building secure user-to-user messaging in mobile telecommunication networks

Short Message Service (SMS) and Multimedia Message Service (MMS) are popularly used and will be more popular in the future. However, the security of SMS and MMS messages is still a problem. There is no end-to-end security (including integrity, confidentiality, authentication, and non- repudiation) in these services. This hinders service providers to provide some services that require communication of high-level security. There have been some solutions proposed for this issue in literature, but these are not suitable for user-to-user communication. In this paper, we review existing solutions and analyze their weaknesses. We then propose a new solution for a secure messaging channel using identity-based cryptography. This solution provides end-to-end security from service provider to mobile users, and between mobile users. The advantage of this solution is that it does not require a large storage on mobile terminal side, which is especially essential for user-to-user communication. Also this solution can be implemented with existing technologies on both service provider side and mobile terminal side. We concentrate the discussion on SMS service in details, while the scheme also works for MMS service.

SensorWebIDS: a web mining intrusion detection system

Purpose – The purpose of this paper is to propose a web intrusion detection system (IDS), SensorWebIDS, which applies data mining, anomaly and misuse intrusion detection on web environment.Design/methodology/approach – SensorWebIDS has three main components: the network sensor for extracting parameters from real‐time network traffic, the log digger for extracting parameters from web log files and the audit engine for analyzing all web request parameters for intrusion detection. To combat web intrusions like buffer‐over‐flow attack, SensorWebIDS utilizes an algorithm based on standard deviation (δ) theorys empirical rule of 99.7 percent of data lying within 3δ of the mean, to calculate the possible maximum value length of input parameters. Association rule mining technique is employed for mining frequent parameter list and their sequential order to identify intrusions.Findings – Experiments show that proposed system has higher detection rate for web intrusions than SNORT and mod security for such classes ...

Performance evaluation of the context-aware handover mechanism for the nomadic mobile services in remote patient monitoring

Owing to the recent advances in the mobile middleware technologies, hardware technologies and association with the human user, handheld mobile devices are evolving into data producers and in turn acting as nomadic mobile service providers. For the nomadic mobile service hosted on a multi-homed handheld mobile device, context-awareness provides a capability of selecting the suitable network interface for the data transfer. This paper conducts a performance evaluation of the context-handover mechanism for the nomadic mobile services applied in the remote patient monitoring domain and hosted on a multi-homed handheld mobile device. The experimentation analyzes the suitability of a particular network for the data transfer, the effect of multi-homing on the remote patient monitoring application and the resource utilization on the mobile device. The performance analysis provides us useful insights, which are currently being exploited in the extended middleware architecture for the vertical handover support to the nomadic mobile services.

WiFi miner: an online apriori-infrequent based wireless intrusion system

Intrusion detection in wireless networks has become a vital part in wireless network security systems with wide spread use of Wireless Local Area Networks (WLAN). Currently, almost all devices are Wi-Fi (Wireless Fidelity) capable and can access WLAN. This paper proposes an Intrusion Detection System, WiFi Miner, which applies an infrequent pattern association rule mining Apriori technique to wireless network packets captured through hardware sensors for purposes of real time detection of intrusive or anomalous packets. Contributions of the proposed system includes effectively adapting an efficient data mining association rule technique to important problem of intrusion detection in a wireless network environment using hardware sensors, providing a solution that eliminates the need for hard-to-obtain training data in this environment, providing increased intrusion detection rate and reduction of false alarms. The proposed system, WiFi Miner solution approach is to find frequent and infrequent patterns on pre-processed wireless connection records using infrequent pattern finding Apriori algorithm proposed by this paper. The proposed Online Apriori-Infrequent algorithm improves the join and prune step of the traditional Apriori algorithm with a rule that avoids joining itemsets not likely to produce frequent itemsets as their results, there by improving efficiency and run times significantly. An anomaly score is assigned to each packet (record) based on whether the record has more frequent or infrequent patterns. Connection records with positive anomaly scores have more infrequent patterns than frequent patterns and are considered anomalous packets.

A Secure Routing Protocol in Proactive Security Approach for Mobile Ad-Hoc Networks

Secure routing of Mobile Ad-hoc Networks (MANETs) is still a hard problem after years of research. We therefore propose to design a secure routing protocol in a new approach. This protocol starts from a prerequisite secure status and fortifies this status by protecting packets using identity-based cryptography and updating cryptographic keys using threshold cryptography periodically or when necessary. Compared to existing schemes, the main contribution of our proposal is the notion of allowing only legitimate nodes to participate in the bootstrapping process, rather than trying to detect adversary nodes after they are participating in the routing protocol. Besides, the proposal has several improvements in routing setup and maintenance: it does not need any side channel or secret channel; it simplifies secret updates without requiring a node to move around; it does not use flooding to set up initial routing, and does not use multicast to update secrets.

Towards a Unified Data Management and Decision Support System for Health Care

We report on progress in development of a unified data management and decision support system, UDMDSS, for application to injury prevention in health care. Our system is based on a modular architecture which supports real-time web-base desktop and mobile data acquisition, semantic data models and queries, Bayesian statistical analysis, artificial intelligence agent-based techniques to assist in modelling and simulation, subjective logic for conditional reasoning with uncertainty, advanced reporting capabilities and other features. This research work is being conducted within a multi-disciplinary team of researchers and practitioners and has been applied to a Canadian national study on child safety in automobiles and also in the context of patient falls in a hospital.