Hannan Xiao

A Performance Comparison of Wireless Ad Hoc Network Routing Protocols under Security Attack

The unique characteristics of a mobile ad hoc network (MANET), such as dynamic topology, shared wireless medium and open peer-to-peer network architecture, pose various security challenges. This paper compares three routing protocols, DSDV, DSR, and AODV under security attack where two types of node misbehaviour have been investigated. Network performance is evaluated in terms of normalized throughput, routing overhead, normalized routing load, and average packet delay, when a percentage of nodes misbehave. Simulation results show that although the performance of all three routing protocols degrades, DSDV is the most robust routing protocol under security attacks. This reveals that a proactive routing protocol has the potential of excluding misbehaving nodes in advance and reducing the impact of security attack.

A Survey of Access Control Models in Wireless Sensor Networks

Wireless sensor networks (WSNs) have attracted considerable interest in the research community, because of their wide range of applications. However, due to the distributed nature of WSNs and their deployment in remote areas, these networks are vulnerable to numerous security threats that can adversely affect their proper functioning. Resource constraints in sensor nodes mean that security mechanisms with a large overhead of computation and communication are impractical to use in WSNs; security in sensor networks is, therefore, a challenge. Access control is a critical security service that offers the appropriate access privileges to legitimate users and prevents illegitimate users from unauthorized access. However, access control has not received much attention in the context of WSNs. This paper provides an overview of security threats and attacks, outlines the security requirements and presents a state-of-the-art survey on access control models, including a comparison and evaluation based on their characteristics in WSNs. Potential challenging issues for access control schemes in WSNs are also discussed.

Trust*: Using Local Guarantees to Extend the Reach of Trust

This is work done with Stephen Clarke, who’s just there lurking, and Hannan Xiao, who was here yesterday but can’t be here today. The motivation is that we often want to do business, or conduct transactions, with strangers, people we haven’t done business with before. Reputation systems don’t really work, or at least reputation systems for giving reputations to strangers don’t work. Now most people say that that’s because you don’t know the people giving the reputations, I want to make the slightly stronger claim that even if you did know all the people who gave all the reputations, and you trusted them all, that still wouldn’t help. This is basically because trust isn’t transitive. The fact that Alice trusts Bob, and that Bob trusts Carol, isn’t enough to ensure that it’s appropriate for Alice to trust Carol, because the fact that Carol gives Bob a good service doesn’t mean that Carol is going to give Alice a good service. It might be that Bob is a regular customer, it might be that there’s some other reason why Carol’s giving Bob a good service. Perhaps she fancies him. The assumption that we’re going to make, for the purpose of this talk, is that local trust management is a more tractable problem than the one that we started with here. If you have people that you do business with all the time, then there are various systems that more or less allow you to do get a particular service in such a way that it’s either cheap or reliable depending on which has more utility in that circumstance.

Evaluating security and usability of profile based challenge questions authentication in online examinations

Student authentication in online learning environments is an increasingly challenging issue due to the inherent absence of physical interaction with online users and potential security threats to online examinations. This study is part of ongoing research on student authentication in online examinations evaluating the potential benefits of using challenge questions. The authors developed a Profile Based Authentication Framework (PBAF), which utilises challenge questions for students’ authentication in online examinations. This paper examines the findings of an empirical study in which 23 participants used the PBAF including an abuse case security analysis of the PBAF approach. The overall usability analysis suggests that the PBAF is efficient, effective and usable. However, specific questions need replacement with suitable alternatives due to usability challenges. The results of the current research study suggest that memorability, clarity of questions, syntactic variation and question relevance can cause usability issues leading to authentication failure. A configurable traffic light system was designed and implemented to improve the usability of challenge questions. The security analysis indicates that the PBAF is resistant to informed guessing in general, however, specific questions were identified with security issues. The security analysis identifies challenge questions with potential risks of informed guessing by friends and colleagues. The study was performed with a small number of participants in a simulation online course and the results need to be verified in a real educational context on a larger sample size.

BTG-AC: Break-the-Glass Access Control Model for Medical Data in Wireless Sensor Networks

Wireless sensor networks (WSNs) have recently attracted much interest in the research community because of their wide range of applications. An emerging application for WSNs involves their use in healthcare where they are generally termed wireless medical sensor networks. In a hospital, outfitting every patient with tiny, wearable, wireless vital sign sensors would allow doctors, nurses, and other caregivers to continuously monitor the state of their patients. In such a scenario, patients are expected to be treated in reasonable time, so an access control model is needed, which will provide both real-time access to comprehensive medical records and detect unauthorized access to sensitive data. In emergency situations, a doctor or nurse needs to access data immediately. The loss in data availability can result in further decline in the patients condition or can even lead to death. Therefore, the availability of data is more important than any security concern in emergency situations. To address that research issue for medical data in WSNs, we propose the break-the-glass access control (BTG-AC) model that is a modified and redesigned version of the break-the-glass role-based access control (BTG-RBAC) model to address data availability issue and to detect the security policy violations from both authorized and unauthorized users. Several changes within the access control engine are made in BTG-RBAC in order to make the new BTG-AC to apply and fit in WSNs. This paper presents the detailed design and development of the BTG-AC model based on a healthcare scenario. The evaluation results show that the concepts of BTG, prevention and detection mechanism, and obligation provide more flexible access than other current access control models in WSNs. Additionally, we compare the BTG-AC model with an adaptive access control (A2C) model, which has similar properties, for further evaluation. Alongside with the comparison, the advantages and disadvantages of BTG-AC over current WSN access control models are presented.

Energy consumption in Mobile Ad Hoc Networks

Mobile Ad hoc Networks (MANETs) are composed of moving mobile nodes that are battery operated. This paper proposes a set of performance metrics in evaluating energy efficiency in MANETs, and studies the energy consumption of MANET from a variety of aspects: at different network layers including application layer, network layer and MAC layer, at different operation mode including idle, transmit and receive, and with different routing protocols including DSR, DSDV and AODV. Extensive simulations were run in the network simulator ns2 for various scenarios. The results and analysis reveal some important findings. A substantial amount of energy is consumed at MAC layer, especially at idle mode. IEEE 802.11 achieves completely different pattern in terms of its energy efficiency when combined with different routing protocols. DSR and DSDV are significant efficient than AODV in terms of energy consumption per successful data packet delivery.

Modelling and Analysis of TCP Performance in Wireless Multihop Networks

Researchers have used extensive simulation and experimental studies to understand TCP performance in wireless multihop networks. In contrast, the objective of this paper is to theoretically analyze TCP performance in this environment. By examining the case of running one TCP session over a string topology, a system model for analyzing TCP performance in multihop wireless networks is proposed, which considers packet buffering, contention of nodes for access to the wireless channel, and spatial reuse of the wireless channel. Markov chain modelling is applied to analyze this system model. Analytical results show that when the number of hops that the TCP session crosses is ?xed, the TCP throughput is independent of the TCP congestion window size. When the number of hops increases from one, the TCP throughput decreases ?rst, and then stabilizes when the number of hops becomes large. The analysis is validated by comparing the numerical and simulation results.

A Purchase Protocol with Live Cardholder Authentication for Online Credit Card Payment

While online shopping are becoming more accepted by people in modern life, cardholders are more concerned about card fraud and the lack of cardholder authentication in the current online credit card payment. This paper proposes a purchase protocol with live cardholder authentication for online transaction which combines telephone banking and online banking together. The order information and payment information are sent though the Internet and encrypted by asymmetric key encryption. The cardholder is authenticated by the card issuing bank ringing back to the customers phone number and the cardholder inputting the secure PIN and the amount to pay. The live cardholder authentication makes the cardholder feel securer and card fraud difficult. Furthermore, the protocol does not require the cardholder to obtain a public key certificate or install additional software for the online transaction.

A Dynamic Reputation Management System for Mobile Ad Hoc Networks

Nodes in mobile ad hoc networks (MANETs) are mandated to utilize their limited energy resources in forwarding routing control and data packets for other nodes. Since a MANET lacks a centralized administration and control, a node may decide to act selfishly by not responding to route requests from other nodes or deceitfully by responding to some route requests but dropping the corresponding data packet that is presented for forwarding. A significant increase in the presence of these misbehaving nodes in a MANET can subsequently degrade network performance. In this paper, we propose a Dynamic Reputation Management System for detecting and isolating misbehaving nodes in MANETs. Our model employs a novel direct monitoring technique to evaluate the reputation of a node in the network which ensures that nodes that expend their energy in transmitting data and routing control packets for others are allowed to carry out their network activities while the misbehaving nodes are detected and isolated from the network. Simulation results show that our model is effective in curbing and mitigating the effects of misbehaving nodes in the network.

An evaluation of break-the-glass access control model for medical data in wireless sensor networks

Wireless Sensor Networks (WSNs) have recently attracted a lot of attention in the research community because it is easy to deploy them in the physical environment and collect and disseminate environmental data from them. The collected data from sensor nodes can vary based on what kind of application is used for WSNs. Data confidentiality and access control to that collected data are the most challenging issues in WSNs because the users are able to access data from the different location via ad-hoc manner. Access control is one of the critical requirements to prevent unauthorised access from users. The current access control models in information systems cannot be applied straightforwardly because of some limitations namely limited energy, resource and memory, and low computation capability. Based on the requirements of WSNs, we proposed the Break-The-Glass Access Control (BTG-AC) model which is the modified and redesigned version of Break-The-Glass Role-Based Access Control (BTG-RBAC) model. The several changes within the access control engine are made in BTG-RBAC to apply and fit in WSNs. We developed the BTG-AC model in Ponder2 package. Also a medical scenario was developed to evaluate the BTG-AC model for medical data in WSNs. In this paper, detail design, implementation phase, evaluation result and policies evaluation for the BTG-AC model are presented. Based on the evaluation result, the BTG-AC model can be used in WSNs after several modifications have been made under Ponder2 Package.