Hossam Afifi

Improving mobile authentication with new AAA protocols

The rapid growth of wireless technology and the increasing use of such technologies in coordination with the Internet demand a very careful look at issues related to security. As more and more users attempt to utilize such technologies in the context of providing security demanding services, it is essential to recognize the potential threats in wireless technologies. This paper focuses on authentication as part of the significant issues related to security and proposes a new authentication method combining the AAA framework and the UMTS security. As for that, this work presents results that show how the concepts of AAA and the USIM mechanism can be combined for the adaptability of mobile environment as well as for the efficient authentication. It also presents the specification and the implementation of the combination of diameter of the AAA protocols and USIM. In addition to the design implementation, this work reports on the performance results showing that this combination can be a good solution to authentication in a mobile environment.

Wi-Fi(tm), Bluetooth(tm), Zigbee(tm) and WiMax(tm)

Dedication. Preface. Foreword Chapter 1. Introduction Chapter 2. Wi-Fi : architecture and functions. WLAN roadmap via 802.11 family evolution. IEEE 802.11 architecture. Different physical layers. Data link layer. Medium access control layer. Functions. Mobility. Security. The 802.11 family and its derivative standards. Wi-Fi and other technologies, concurrency or complementarity? Chapter 3. Bluetooth: architecture and functions. Introduction. Architecture and throughputs. Physical Layer and physical channels. Baseband Layer. LMP (Link Manager Protocol). L2CAP (Logical Link Control and Adaptation Protocol). RFCOMM protocol. SDP Service Discorvery Protocol. Profiles. HCI (Host Control Interface). NEP (Bluetooth Network Encapsulation Protocol). Conclusion. Chapter 4. IEEE 802.15.4 and ZigBee. General architecture. Physical layer. MAC layer. Security. Frame structures. ZigBee. Conclusion. Chapter 5. WiMAX (tm) and IEEE 802.16. Introduction. MAC layer. Physical layer. Chapter 6. Security in WLAN, WPAN, WSN and WMAN through Wi-Fi (tm), Bluetooth (tm), Zigbee(tm) and WiMAX(tm). Security in Wi-Fi systems. Security in Bluetooth systems. ZigBee Security. WiMAX and 802.16 security. Conclusion. Chapter 7. Practicing. Mastering the TinyOS platform. Practicing WiMAX equipment. Appendix A. Structure of 802.11 packets at various physical layers. Appendix B. 802.11MAC frames structure. Glossary. References.

A Simple Privacy Protecting Scheme Enabling Delegation and Ownership Transfer for RFID Tags

RFID (Radio frequency identification) technology raises many privacy concerns among which the potential tracking of an RFID tag bearer and the eventuality of an illegitimate reading device (reader) collecting information about him. To solve these issues, many RFID privacy protecting protocols assume that readers have continuous connectivity with a centralised on-line database in charge of the identification of a certain amount of tags. However such centralised models can raise scalability and latency problems. Moreover, they are not suitable in applications where connectivity is intermittent. As RFID tags may often change hands, it is also necessary to guarantee the privacy of a new tag owner. In this paper, we introduce a privacy protecting scheme based on pseudonyms that allows an online database to delegate temporarily and in a secure manner the capability to identify tags to selected readers. A reader which receives delegation for a given tag can identify this tag without referring to the on-line database, thus solving possible intermittent connectivity issues and making tag identification more scalable. Our protocol also manages tags ownership transfer without threatening the new owner’s privacy.

Methods for IPv4-IPv6 transition

The future Internet networks are expected to use IPv6 version rather than the IPv4 one. This is mainly due to the limitations of IPv4 in terms of addresses, routing and security QoS issues developed by the Internet community are also tailored for both versions and will be easily deployed in both sides. Since a huge amount of sub-networks are already installed for the v4 version, it is difficult to imagine ISPs starting deploying the v6 version without some assurance that old legacy networks will still be able to connect to the Internet. In this paper we present some mechanisms that have been proposed to ease this transition especially for v4 users that still want to communicate with their old applications. We present also an IPv6 tunneling mechanism that has some advantages over the other models. We show how one could use such a mechanism to transparently establish hybrid communications between two worlds in both ways and discuss some important issues like scalability and performance.

CoopGeo: A Beaconless Geographic Cross-Layer Protocol for Cooperative Wireless Ad Hoc Networks

Cooperative relaying has been proposed as a promising transmission technique that effectively creates spatial diversity through cooperation among spatially distributed nodes. However, to achieve efficient communications while gaining full benefits from cooperation, more interactions at higher protocol layers, particularly the MAC (Medium Access Control) and network layers, are vitally required. This is ignored in most existing articles that mainly focus on physical (PHY)-layer relaying techniques. In this paper, we propose a novel cross-layer framework involving two levels of joint design-a MAC-network cross-layer design for forwarder selection (or termed routing) and a MAC-PHY for relay selection-over symbol-wise varying channels. Based on location knowledge and contention processes, the proposed cross-layer protocol, CoopGeo, aims at providing an efficient, distributed approach to select next hops and optimal relays to form a communication path. Simulation results demonstrate that CoopGeo not only operates properly with varying densities of nodes, but performs significantly better than the existing protocol BOSS in terms of the packet error rate, transmission error probability, and saturated throughput.

A Self-Organization Framework for Wireless Ad Hoc Networks as Small Worlds

Motivated by the benefits of small-world networks, we propose a self-organization framework for wireless ad hoc networks. We investigate the use of directional beamforming for creating long-range short cuts between nodes. Using simulation results for randomized beamforming as a guideline, we identify crucial design issues for algorithm design. Our results show that, while significant path length reduction is achievable, this is accompanied by the problem of asymmetric paths between nodes. Subsequently, we propose a distributed algorithm for small-world creation that achieves path length reduction while maintaining connectivity. We define a new centrality measure that estimates the structural importance of nodes based on traffic flow in the network, which is used to identify the set of nodes that beamform. We show using simulations that this leads to a significant reduction in path length while maintaining connectivity.

A Simple Delegation Scheme for RFID Systems (SiDeS)

Many privacy protecting schemes for RFID (radio frequency identification) technology assume that reading devices (readers) have continuous connectivity with a centralised online database in charge of the identification of a certain amount of tags. However such centralised models can raise scalability and latency problems. Moreover, they are not suitable in applications where connectivity is intermittent. In this paper, we introduce SiDeS (simple delegation scheme), a protocol that allows a centralised database to delegate temporarily and in a secure manner, the capability to identify tags, to readers. SiDeS not only requires simple cryptography functions like XOR, hash functions and random number generator but also manages tags ownership transfer.

Capacity evaluation of VoIP in IEEE 802.11e WLAN environment

In this paper, we present an analytical model for VoIP capacity in IEEE 802.11e WLAN. We illustrate performance results relative to typical codec rates of G.711 PCM (64 kbit/s), G.729 (8 kbit/s) and G.723.1 (6.3 kbit/s). G.729 and G.723.1 allow a greater capacity than G.711 which is constrained by throughput. This greater capacity is at the expense of small quality degradation due to the delay increase since G.729 and G.723.1 codecs are more delay sensitive than G.711. In our study we analyse the occurrence of CAPs (Controlled Access Periods) during the Contention Period (CP) and its effect of a promising increase in the VoIP over WLAN capacity. We also show that high data rates (up to 54 Mb/s) allow important VoIP capacity (up to 400 G.711 VoIP calls, 997 G.729 VoIP calls and 1045 G.723.1 VoIP calls).

Wireless MPLS: a new layer 2.5 micro-mobility scheme

In next generation wireless networks, mobile nodes will be equipped with multiple interfaces and will be able to take advantage of overlay networks. In such environment, global IP mobility solutions have to be optimized to handle micro-mobility management, where low-latency handoffs are essential. Signalling overhead, foreign network detection and reconfiguration are not always met in current solutions. In this paper, we propose a new solution to overcome these limitations, namely a layer 2.5 mobility scheme for fast handover based on MPLS forwarding mechanism and a virtual interface architecture: W-MPLS. Our MPLS approach, is triggered by the mobile and controlled by the network. It gives the ability to provide QoS through traffic engineering, and scales well to fulfil fast handover performance. Based on the proposed architecture, we also present a location update optimization method.

Improving congestion avoidance algorithms for asymmetric networks

Congestion avoidance algorithms considering the network as a black-box model detect congestion through packet loss and variation in the throughput or in the round trip delay. In this paper we show, by means of analysis and simulation, an undesirable effect acting on delay and throughput based congestion avoidance algorithms. This effect is caused by congestion experienced by acknowledgements. We propose to change these algorithms by dividing the round trip time into a forward trip time and backward trip time. We show the performance improvement using this distinction. Finally, we describe a possible implementation in the TCP protocol.