Kashif Kifayat

Lightweight Sybil Attack Detection in MANETs

Fully self-organized mobile ad hoc networks (MANETs) represent complex distributed systems that may also be part of a huge complex system, such as a complex system-of-systems used for crisis management operations. Due to the complex nature of MANETs and its resource constraint nodes, there has always been a need to develop lightweight security solutions. Since MANETs require a unique, distinct, and persistent identity per node in order for their security protocols to be viable, Sybil attacks pose a serious threat to such networks. A Sybil attacker can either create more than one identity on a single physical device in order to launch a coordinated attack on the network or can switch identities in order to weaken the detection process, thereby promoting lack of accountability in the network. In this research, we propose a lightweight scheme to detect the new identities of Sybil attackers without using centralized trusted third party or any extra hardware, such as directional antennae or a geographical positioning system. Through the help of extensive simulations and real-world testbed experiments, we are able to demonstrate that our proposed scheme detects Sybil identities with good accuracy even in the presence of mobility.

An access control model for cloud computing

Cloud computing is considered one of the most dominant paradigms in the Information Technology (IT) industry these days. It offers new cost effective services on-demand such as Software as a Service (SaaS), Infrastructure as a Service (IaaS) and Platform as a Service (PaaS). However, with all of these services promising facilities and benefits, there are still a number of challenges associated with utilizing cloud computing such as data security, abuse of cloud services, malicious insider and cyber-attacks. Among all security requirements of cloud computing, access control is one of the fundamental requirements in order to avoid unauthorized access to systems and protect organizations assets. Although, various access control models and policies have been developed such as Mandatory Access Control (MAC) and Role Based Access Control (RBAC) for different environments, these models may not fulfil clouds access control requirements. This is because cloud computing has a diverse set of users with different sets of security requirements. It also has unique security challenges such as multi-tenant hosting and heterogeneity of security policies, rules and domains. This paper presents a detailed access control requirement analysis for cloud computing and identifies important gaps, which are not fulfilled by conventional access control models. This paper also proposes an access control model to meet the identified cloud access control requirements. We believe that the proposed model can not only ensure the secure sharing of resources among potential untrusted tenants, but also has the capacity to support different access permission to the same cloud user and gives him/her the ability to use multiple services securely.

Body Area Networks for Movement Analysis in Physiotherapy Treatments

Recent technological advances in Micro Electro Mechanical Systems (MEMS) have enabled the design of lowcost, lightweight sensor nodes capable of sensing, processing and communicating different types of data. These tiny sensor nodes leverage the ideas found in Wireless Sensor Networks (WSNs) and this has lead to a large number of applications in the health sector. For example, telemonitoring is used to track, monitor and manage patient psychophysical data and help in the administration of drugs in hospitals. In this paper, we present a novel framework that exploits these ideas further, where body area WSNs and gaming have been combined to assist in physiotherapy treatments for patients with physical disabilities or ailments. The proposed framework has three main components, the body area WSN, the game, and the data acquisition manager. The body WSN is fixed to the patients body and data is collected and stored in real-time. This data in parallel is feed directly into the control services allowing gaming objects, i.e. virtual representations of patients, to control by physically moving his/her body parts. Whilst the patient plays the game, data is regularly collected from body sensor nodes. This allows real-time data from sensor nodes to be used by the game to adjust game levels according to the medical status of the patient. This allows treatments to be automatically adapted to maximise physiotherapy treatments and speed up recovery. In this paper, we present a working prototype that successfully demonstrates the applicability of our approach.

Security in Wireless Sensor Networks

Humans are constantly inventing new technologies to fulfil their needs. Wireless sensor networks (WSNs) are a still developing technology consisting of multifunction sensor nodes that are small in size and communicate wirelessly over short distances. Sensor nodes incorporate properties for sensing the environment, data processing and communication with other sensors. The unique properties of WSNs increase flexibility and reduce user involvement in operational tasks such as in battlefields. Wireless sensor networks can perform an important role in many applications, such as patient health monitoring, environmental observation and building intrusion surveillance. In the future WSNs will become an integral part of our lives. However along with unique and different facilities, WSNs present unique and different challenges compared to traditional networks. In particular, wireless sensor nodes are battery operated, often having limited energy and bandwidth available for communications.

A framework for physical health improvement using Wireless Sensor Networks and gaming

Wireless Sensor Networks (WSNs) is a recent technological advancement in Micro Electro Mechanical Systems (MEMS). It has a large number of applications in the health sector, for example, the telemonitoring of human psychophysical data, tracking and drug administration in hospitals. In this paper we present a novel framework using body area WSNs and gaming to improve a patients physical health. The proposed framework has three main components, the body area WSN, the game, and the data acquisition manager. Using the WSN on the patients body allows real time motion and medical data to be collected. This information is then filtered and used inside the gaming environment to control the patients avatar. This data also provides a level adjustment mechanism to change gaming parameters according to the medical status of the patient. Whilst the patient interacts within the gaming environment data is regularly collected from body sensor nodes and stored inside the data store. A neck physiotherapy case study is presented to illustrate the applicability of our approach.

Applying Secure Data Aggregation techniques for a Structure and Density Independent Group Based Key Management Protocol

In many applications of Wireless Sensor Networks a Sink is interested in aggregated data instead of exact values from all sensors. To send aggregated data, it is also helpful to reduce the amount of data to be transmitted and thereby conserve energy. Indeed current in-network aggregation schemes are helpful to conserve energy but they are designed without considering possible security issues related to data privacy. Often we find wireless sensor networks designed with neighbouring nodes sharing keys or with decryption at aggregator nodes. In either situation the potential for aggregator nodes to be physically compromised means data privacy is at high risk. Therefore secure data aggregation is desirable where data can be aggregated without the need for decryption at aggregator nodes. Aggregation becomes especially challenging if end-to-end privacy between a source and a destination (sink or group leader) is required. In this paper we extend our Structure and Density Independent Group Based Key Management Protocol with the additional feature of secure data aggregation to provide better data privacy to every single node in a large scale Wireless Sensor Network.

System-of-systems boundary check in a public event scenario

In any system-of-systems the potential exists for interactions between systems to occur that may affect the security of the overall system. We present a scenario that aims to highlight such problems, in particular that of security at a network boundary. This scenario considers cooperation and interactions between organisations and systems in the context of a major public event, such as a sporting or entertainment event. Based on this we present a modelling tool able to highlight potential access violations that might occur through transfer of data between multiple organisations and suggest ways to mitigate these vulnerabilities. The use of the modelling tool for network boundary checking is demonstrated, using the example scenario. Suggestions are made as to how security and effectiveness can be achieved by applying safeguards to vulnerable areas, while allowing the free flow of data between organisations where this is known to be safe.

Component-based security system (COMSEC) with QoS for wireless sensor networks

In the last decade, many security solutions have been proposed to fulfil the security requirements of wireless sensor networks (WSNs). However, these solutions are specifically designed for particular security issues, based on different assumptions, and limited to certain WSNs applications. Can these security solutions work together to handle multiple problems at the same time? It is an interesting and difficult question. We believe good solutions in various security areas do not mean they can work together and deliver similar results, i.e. occurrence of any security weakness or attack in a particular security solution could expose the vulnerabilities of other solutions. Using these solutions together might also degrade WSN quality of service. To deal with the aforementioned issues, we therefore propose a novel component-based security system (COMSEC) based on proactive and reactive components. Each component looks after a particular security issue and is integrated with others. The proposed system provides better secure communication, Sybil attack detection, secure data aggregation and resilience against node capture attacks and replication attacks. COMSEC has been evaluated and compared against existing schemes. Evaluation results show a significant improvement in resilience against node capture attacks, Sybil attack detection data confidentiality, privacy, memory overhead and connectivity. Copyright

Group-based key management for Mobile Sensor Networks

Key management in Wireless Sensor Networks (WSNs) is a challenging research issue due to the limited resources of sensor nodes. Key management is even more complicated in scalable Mobile Sensor Networks (MSNs) where node mobility poses far more dynamics as compared to static WSNs. The unique characteristics of mobile nodes create a number of nontrivial challenges for security design, given stringent resource constraints, scalability requirements and a highly dynamic topology. Security services for MSNs include authentication, communication confidentiality and integrity. Key management/establishment can be a fundamental requirement for attaining these security services. Existing key management schemes are application dependent and limited to static WSNs. In this paper we therefore propose a novel key management scheme which could be used both for static WSNs and MSNs. Evaluation results show a significant improvement in resilience against node capture attacks, data confidentiality, better memory overhead and connectivity for mobile nodes.

Identity management in System-of-Systems Crisis Management situation

In System-of-Systems coalitions scenarios there are always partners who are heterogeneous in terms of technology, skills, security requirements, sensitivity of information and trustworthiness. At the same time these partners normally come together in Communities of Interest (CoI) perhaps for a short period of time to achieve a common goal. All or some of these partners might have different roles in CoI, but sharing of information is of crucial importance. Hence, the ability to properly identify each partner within CoI and protect their identities while at the same time allowing them to utilise their devices in such situations requires the ability to negotiate interoperation between groups with different security polices and the ability to make security policy decisions in real-time. In this paper, we provide a scenario that involves different parties within CoI and present a proof of concept that will allow each member to join a CoI community while controlling how much of its information is being revealed based on its specified policies and role with CoI. We have also presented an outdoor experiment for the proposed methodology and our developed test bed.