Ashar Aziz

Privacy and authentication for wireless local area networks

Wireless networks are being driven by the need for providing network access to mobile or nomadic computing devices. Although the need for wireless access to a network is evident, new problems are inherent in the wireless medium itself. Specifically, the wireless medium introduces new opportunities for eavesdropping on wireless data communications. Anyone with an appropriate wireless receiver can eavesdrop, and this kind of eavesdropping is virtually undetectable. Furthermore, since the wireless medium cannot be contained by the usual physical constraints of walls and doors, active intrusions through the wireless medium are also made easier. In order to prevent this unauthorized access to the network, the authors present the design of a secure communication protocol that provides for both the privacy of wireless data communications and the authenticity of communicating parties. The placement of the protocol in the overall protocol stack and issues relevant to wireless links and mobile computing devices are discussed. They also present proof of the security of the protocol using the logic of authentication formalism developed by Burrows, Abadi, and Needham (1990).<<ETX>>

A scalable and efficient intra-domain tunneling mobile-IP scheme

Several schemes have recently been proposed in order to solve the problem of routing IP packets to a Mobile Host (MH). Some of these schemes have problems of compatibility with existing networks. The scheme that has the least compatibility problems, has efficiency problems in scaling the scheme to large and wide-area networks. This paper proposes extensions to the more compatible mobile IP scheme in order to provide better scaling properties to wide-area networks and large campus environments.

SKIP-securing the Internet

Currently, two different approaches are being pursued for securing the Internet with respect to commercial use on a broad scale. The properties of these two approaches-application-coupled security vs. network-coupled security-are discussed and compared. We then focus on SKIP (Simple Key-management in the Internet Protocol) as an example of network-coupled security, and show how it can be used to provide easily upgradable plug & play cryptographic security. Providing upgradable security is an ideal base for the employment of organically-growing security infrastructures, whose members still need to communicate with unsecured peers.