Jonny Karlsson

Routing Security in Mobile Ad-hoc Networks

The role of infrastructure-less mobile ad hoc networks (MANETs) in ubiquitous networks is outlined. In a MANET there are no dedicated routers and all network nodes must contribute to routing. Classification of routing protocols for MANET is based on how routing information is acquired and maintained by mobile nodes and/or on roles of network nodes in a routing. According to the first classification base, MANET routing protocols are proactive, reactive, or hybrid combinations of proactive and reactive protocols. According to the role-based classification, MANET routing protocols are either uniform when all network nodes have the same role or non-uniform when the roles are different and dedicated. A contemporary review of MANET routing protocols is briefly presented. Security attacks against MANET routing can be passive and or active. The purpose of the former is information retrieval, for example network traffic monitoring, while the latter is performed by malicious nodes with the express intention of disturbing, modifying or interrupting MANET routing. An overview of active attacks based on modification, impersonation/ spoofing, fabrication, wormhole, and selfish behavior is presented. The importance of cryptography and trust in secure MANET routing is also outlined, with relevant security extensions of existing routing protocols for MANETs described and assessed. A comparison of existing secure routing protocols form the main contribution in this paper, while some future research challenges in secure MANET routing are discussed.

Securing Control Signaling in Mobile IPv6 with Identity-Based Encryption

Control signaling messages in Mobile IPv6 are mainly used to inform the home agent (HA) and the correspondent node (CN) about the mobile node’s (MN’s) new address when its network attachment point is changed. In order to prevent various security attacks, these messages must be protected. In the current standard, the control sig naling messages between a HA and a MN are authenticated using IPSec, often with IKEv2 and X.509 certificates. Control signaling messages between a MN and a CN are currently protected by an effective but insecure protocol, known as Return Routability. Using IBE (Identity-Based Encryption) for authenticating control signaling messages requires more processing power but significant security enhancements are achieved. The current protocols for protecting control signal ing messages are outlined in this paper. Proposed approaches for implementing IBE-authentication between a MN and a HA as well as between a MN and a CN are presented. Environments where the MN and the CN use the same Public Key Generator (PKG) as well as environments where they use different PKGs are taken into account. Finally, the performance of some proposed signaling protocols is estimated. An overview of IBE is given and the elements and operations needed to set up an IBE infrastructure are described in an appendix.

Identifying time measurement tampering in the traversal time and hop count analysis (TTHCA) wormhole detection algorithm.

Traversal time and hop count analysis (TTHCA) is a recent wormhole detection algorithm for mobile ad hoc networks (MANET) which provides enhanced detection performance against all wormhole attack variants and network types. TTHCA involves each node measuring the processing time of routing packets during the route discovery process and then delivering the measurements to the source node. In a participation mode (PM) wormhole where malicious nodes appear in the routing tables as legitimate nodes, the time measurements can potentially be altered so preventing TTHCA from successfully detecting the wormhole. This paper analyses the prevailing conditions for time tampering attacks to succeed for PM wormholes, before introducing an extension to the TTHCA detection algorithm called ΔT Vector which is designed to identify time tampering, while preserving low false positive rates. Simulation results confirm that the ΔT Vector extension is able to effectively detect time tampering attacks, thereby providing an important security enhancement to the TTHCA algorithm.

Teaching Mobile Communication in an e-Learning Environment

Introduction Wireless communication technologies provide significant advantages compared to wired technologies. A wireless networks eliminate the need for network cables since wireless radio interfaces are accessed over the air. Wireless networks also provide support for mobility, which means that a moving device can remain network connected also while the network access point changes and even when the access network type changes. The evolution of wireless technologies and mobility management schemes is currently advancing rapidly. Existing networking services can be offered on mobile communication platforms and the availability of mobile communication platforms also makes new network service types possible. (Pagani, 2005) Wireless and mobile networking is thus an important and highly relevant topic for IT education in universities and polytechnics. Arcada Polytechnic offers IT engineering education on Mobile and Wireless Communication Systems also in an e-learning environment. Course Content The course content consists of three structured sections: Generic Wireless Technology, Wireless Technology Types, and Mobility Management. These sections can be found from a navigational menu on the course portal. In the menu there are also links to the course index, all the exercises and the weekly topics. Generic Wireless Technology Section The general protocol architecture for mobile networking is outlined. Radio interfaces in wireless networking are described. Quality of Service (QoS) of a network and QoS management are characterized. Modulation and access methods are described. Wireless Technology Type Section Wireless communication technologies are described according to the following taxonomy (See Appendix for list of abbreviations): * Wireless Cellular Network Technologies * GSM evolution based technologies * 2G (GSM, HSCSD, GPRS, EDGE, EDGE Evolution) * 3G (UMTS, HSDPA, HSUPA, HSPA+, SAE/LTE) * 4G * other wireless cellular network technologies * MBWA * Flash OFDM * Wireless Network Technologies Classified By Coverage Range * Wireless PAN Technologies * IrDA * UWB * RFID * Bluetooth * Wibree * Zigbee * Wireless LAN Technologies * WLAN * Wireless MAN Technologies * WiMAX * Wireless ATM * Wireless WAN Technologies * Satellite Communication * GPS Each wireless communication technology is described by * An Introduction * Underlying Standards * System Architecture * Radio Interface and Modulation * Protocol Architecture * Quality of Service (QoS) Issues * Security Mobility Management Section Networking mobility types are terminal mobility, application mobility, and identity mobility. Terminal mobility or node mobility means that a terminal or network node moves to another location or to another network domain with preserved network connectivity. Application mobility means that a software process moves to another host node. Software agent technologies are typical implementations of application mobility. Identity mobility means that an identity defined as a name, a number, or cryptographic key moves to another location or to another computer. (Candolin, 2005) In this section only the case of terminal mobility or node mobility will be considered. A mobility management scheme for node mobility must solve the following problems: * the node location problem, to find the current point of network attachment * data transfer to and from the current node location * continuation of data transfer after the node or the network has moved * controlled disconnection of a node from the network * performance optimization, for example minimization of the network load of a mobility management scheme. …

Secure and Reliable Internet of Things Systems for Healthcare

Proposals and some implementations of Internet of Things (IoT) systems for healthcare are described. Implications of current European Union legislation, the new General Data Protection Regulation, for the security and reliability of healthcare IoT systems and for the privacy of users of these systems are presented. Analytics of healthcare IoT data for the requirements of evidence based healthcare is outlined. Threats to the security and reliability of healthcare IoT systems and to the privacy of the users of these systems, security and reliability requirements, and solutions for security and enhanced reliability are described. Visions for future healthcare IoT are presented and some future research directions are proposed.

A packet traversal time per hop based adaptive wormhole detection algorithm for MANETs

Routing security challenges significantly impact the wide-scale adoption of mobile ad hoc networks (MANET), with wormholes constituting an especially severe threat. Wormhole detection algorithms like traversal time and hop count analysis (TTHCA) and modified transmission time-based mechanism (M-TTM) combine effective detection with low traffic overheads. TTHCA measures packet traversal time (PTT) per route hop count (HC), while M-TTM compares an expected round trip time (RTT) with a measured RTT. However, using only fixed thresholds for the permissible PTT/HC and measured RTT deviations respectively, both algorithms are compromised so participation mode (PM), out-of-band (O-B) wormholes are inadequately detected in MANETs with large radio range fluctuations. This paper presents an extended variant of the TTHCA algorithm called traversal time per hop analysis (TTpHA) that dynamically adapts the PTT per hop threshold to both different node radio coverages and prevailing MANET conditions. Experimental results confirm TTpHA provides superior PM O-B detection performance compared to TTHCA and M-TTM, with commensurately low false positive rates and traffic overheads.

IT Education Topics for Future Networking

In this paper, we discuss how information society and the global data network infrastructure are evolving. Global integration of networked information processing capabilities is a main issue. One of the many important building blocks in the ongoing process is the choice of network architectures. Another basic issue is Internet mobility support. Basic requirements for mobile networking are presented. Issues like network security architectures and quality of service (QoS) architectures are outlined. Trust in cryptographic identities including public key infrastructure and identity based encryption is described. In the network protocols section wireless communication, mobility management, routing and network security protocols are presented. Essential network programming skills are summarized. The impact from the described requirements on future networking on education and research in Arcada University of Applied Sciences is outlined.

Securing control signaling in Mobile IPV6 Route Optimization with Identity-Based Encryption

Control signaling messages in Mobile IPv6 are mainly used to inform the home agent (HA) and the correspondent node (CN) about the mobile nodes (MNs) new address when its network attachment point is changed. In order to prevent various attacks, such as man-in-the-middle and denial-of-service attacks, these messages must be protected. Protocols based on Identity-Based Encryption (IBE) for protecting control signaling messages for Route Optimization in Mobile IPv6 are presented. An overview of IBE is given and the elements and operations needed to set up an IBE infrastructure are described. Current approaches for implementing IBE-authentication between a MN and a CN are presented. Environments where the MN and the CN use the same as well as environments where they use different Public Key Generators (PKG) are taken into account. Finally, the performance of some proposed signaling protocols is estimated.

Security Architectures of Mobile Computing

Mobile Internet users expect the same network service quality as over a wire. Technologies, protocols, and standards supporting wired and wireless Internet are converging. Mobile devices are resource constrained due to size, power, and memory. The portability making these devices attractive also causes data exposure and network penetration risks. Mobile devices can connect to many different wireless network types, such as cellular networks, personal area networks, wireless local area networks (WLANs), metropolitan area networks (MANs), and wide area networks (satellitebased WANs). Wireless network application examples are e-mailing, Web browsing, m-commerce, electronic payments, synchronization with a desktop computer, network monitoring/management, and reception of video/audio streams.

Host Identity Protocol (HIP) as a Virtual Learning Object

This paper presents a virtual learning environment for HIP (Host Identity Protocol). HIP is a potential future Internet protocol currently under research. The main idea with HIP is the separation between the location and identity inform ation by introducing a new cryptographic name space, called Host Identity (HI). This feature provides enhanced network security as well as easy management of mobility and multi-homing. Overviews of the basic features and implementations of HIP are included in the paper. A technical description of HIP, including a survey of specifications and details about the func tionality of the protocol, is included in an appendix. The HIP learning environment has been produced to serve both contact and distance education in advanced networking. The development of the learning environment is described. A list of topics that developers of a learning enviro nment should think of when designing the user interface is presented based on a theory on the str ucture of human behaviour. This theory is included in an appendix. The chosen didactical appr oach, the structured animation of HIP features, and the graphical design of the learning platform are presented and motivated. The IT tools and infrastructure needed to implement and us e the learning platform are also described.