Kuei-Fang Hsiao

A novel vertical handoff decision making algorithm across Heterogeneous Wireless Networks

Heterogeneous Wireless Networks communication is a combination of various heterogeneous networks. With their complementary characteristics, incorporation of these technologies in the same network in order to provide a full coverage to mobile users causes several challenges such as handover decision making and mobility management. A good handoff decision should avoid unnecessary handovers, which increase the computational network load. In this paper, we present a novel approach for Handover decision making in the context of heterogeneous wireless network. The aim of the proposed scheme is the selection of the most suitable radio access network for each application. Simulation results show that the proposed approach can guarantee QoS requirements and reduce the blocking probability of new and handoff calls.

A novel media independent handover-based approach for vertical handover over heterogeneous wireless networks

The key purpose for seamless mobility and service continuity between heterogeneous wireless networks is the handover. Vertical handover management is one of key challenges in such environment. To deal with some of these challenges, an IEEE 802.21 media independent handover MIH framework has been standardized. The main purpose of this standard is to offer a general interface for the handover by abstracting the link layer intelligence to higher layers. However, there still exist a number of limitations in MIH architecture. In this paper, a new architecture of improved MIH is presented to perform vertical handover between wireless heterogeneous networks. We focused on interworking architecture between wireless local area network and long term evolution advanced network with the use of MIH signaling to define an efficient vertical handover. A performance analysis model for the proposed MIH-based vertical handover is derived. Analysis results show that the proposed method can be easily deployed in present multimedia service networks. Copyright

A new secure and efficient scheme for network mobility management

In order to separate a hosts identity from its location on the Internet, the Host Identity Protocol (HIP) was developed by the Internet Engineering Task Force as a mobility management solution. HIP provides a solid basis to enable secured mobility and multihoming features. Several extensions and proposals have been introduced in recent publications to improve the micro-mobility features of HIP. Moreover, many other publications have dealt with the efficiency of Network Mobility (NEMO) management with HIP. However, the HIP-based micro-mobility management solutions adapted to NEMO scenario do not cover all security aspects requirements and still suffer from security flaws. Therefore, in this paper, a number of potential threats in the typical HIP with Rendez Vous Server are identified. A new secure and efficient scheme for network mobility management is also proposed to overcome the outlined ones. The proposed solution ensures strong authentication between network entities, reduces Denial of Service attacks, secures against Domain Name Server spoofing, reply, and eavesdropping attacks, and ensures end-to-end confidentiality and integrity protection. To analyze the security properties of the proposed scheme, we have performed automated formal specification and evaluation with the help of both the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which have proved that authentication and confidentiality goals are achieved. Hence, the scheme is effective when an intruder is present. Copyright

Improved IPSec tunnel establishment for 3GPP-WLAN interworking

Interworking between wireless local area network WLAN and the 3rd Generation Partnership Project 3GPP such as Long Term Evolution LTE is facing more and more problems linked to security threats. Securing this interworking is a major challenge because of the vastly different architectures used within each network. Therefore, security is one of the major technical concerns in wireless networks that include measures such as authentication and encryption. Among the major challenges in the interworking security is the securing of the network layer. The goal of this article is twofold. First, we propose a new scheme to secure 3GPP LTE-WLAN interworking by the establishment of an improved IP Security tunnel between them. The proposed solution combines the Internet Key Exchange IKEv2 with the Host Identity Protocol HIP to set up a security association based on two parameters, which are location and identity. Our novel scheme, which is called HIP_IKEv2, guarantees better security properties than each protocol used alone. Second, we benefit from Mobile Internet Key Exchange protocol MOBIKE in case of mobility events handover. And we extend HIP_IKEv2 to HIP_MOBIKEv2 protocol in order to reduce the authentication signaling traffic. The proposed solution reinforces authentication, eliminates man-in-the-middle attack, reduces denial-of-service attack, assures the integrity of messages, and secures against reply attack. Finally, our proposed solution has been modeled and verified using the Automated Validation of Internet Security Protocols and Applications and the Security Protocol Animator, which has proved its security when an intruder is present. Copyright

Enhanced handover architecture in IEEE 802.21-enabled heterogeneous wireless networks

Vertical handover management is one of key challenges in heterogeneous network environment. In order to address some of these challenges, an IEEE 802.21 Media Independent Handover framework is standardized. The main objective of this standard is to provide a general interface for the handover by abstracting the link layer intelligence to higher layers. However, there still exist a number of limitations in MIH architecture. In this paper a new architecture of improved media independent handover is presented to perform vertical handover between wireless heterogeneous networks. An example of interworking architecture between WLAN and LTE Advanced Network is discussed using the proposed scheme.

A lightweight mutual authentication mechanism for improving fast PMIPV6-based network mobility scheme

In the last decade, the request for Internet access in heterogeneous environments keeps on growing, principally in mobile platforms such as buses, airplanes and trains. Consequently, several extensions and schemes have been introduced to achieve seamless handoff of mobile networks from one subnet to another. Even with these enhancements, the problem of maintaining the security concerns and availability has not been resolved yet, especially, the absence of authentication mechanism between network entities in order to avoid vulnerability from attacks. To eliminate the threats on the interface between the mobile access gateway (MAG) and the mobile router (MR) in improving fast PMIPv6-based network mobility (IFP-NEMO) protocol, we propose a lightweight mutual authentication mechanism in improving fast PMIPv6-based network mobility scheme (LMAIFPNEMO). This scheme uses authentication, authorization and accounting (AAA) servers to enhance the security of the protocol IFP-NEMO which allows the integration of improved fast proxy mobile IPv6 (PMIPv6) in network mobility (NEMO). We use only symmetric cryptographic, generated nonces and hash operation primitives to ensure a secure authentication procedure. Then, we analyze the security aspect of the proposed scheme and evaluate it using the automated validation of internet security protocols and applications (AVISPA) software which has proved that authentication goals are achieved.

An anonymous and robust multi-server authentication protocol using multiple registration servers

Summary The concept of multi-server authentication includes multiple numbers of application servers. The registration/control server is the central point in such environment to provide smooth services to a limited number of legitimate users. However, this type of environment is inappropriate to handle unlimited users since the number of users may grow, and thus, the response time may be very high. To eliminate these shortcomings, we have modified the existing multi-server authentication architecture and then designed a new scheme by including multiregistration server technique that can provide a smooth environment to support unlimited number of users. The main aspect of our design is to provide a secure authentication environment for multi-server application using password and smartcard so that the participants can securely communicate with each other. The simulation results are obtained by executing our protocol using AVISPA tool. The results provide concrete evidence about the security safety against active and passive attacks. Furthermore, the justification of correctness of the freshness of the session key negotiation and the mutual authentication between the participants has done been evaluated with the BAN logic model. The comprehensive comparative analysis justifies our argument that our protocol has better applicability in multi-server environments compared to other protocols with similar nature.

Secure message communication among vehicles using elliptic curve cryptography in smart cities

Message exchange among vehicles is an integral part of communication in smart cities. Messages are exchanged to inform the other vehicles about emergency situations such as-safety alerts, and location privacy. Due to the usage of an insecure wireless medium, malicious activities in vehicles, i.e., illegal use of the false messages, can astray other vehicles. Security in communication among the vehicles can be provided by encrypting the messages using various security keys. However, it has been found from the literature that existing schemes for secure communication require large key size, and therefore may these schemes may not be applicable to smart cities. To address these issues, a secure message communication scheme among vehicles based on elliptic curve cryptography (ECC) is proposed. The proposed scheme needs smaller key size leading to mathematically simple and cost effective solution. Furthermore, the scheme provides mutual authentication, confidentiality, and forward secrecy. Security analysis prove that the proposed scheme is suitable to be adapted in smart city environment.

A new scheme for proactive out of band signaling solution for IP traceback in Wireless Mesh Network

Since Wireless Mesh Networks (WMNs) have received great attention and momentum, security has become a crucial issue for them. Denial of Service attack (DoS) represents a serious threat on WMNs due to their plug-and-play architecture. Unfortunately, a DoS attack still very hard to stop due to the uncontrolled spoofing of source IP addresses. The best solution to this is to fix the problem at its root by guessing the source of attack. As a solution to this dilemma, numerous approaches have been suggested to support IP traceability. In this work, we focus on Wireless Mesh Network WMN (IEEE 802.11s standard). We design a signaling architecture, based on previous works, in order to trace anonymous IP packets back towards their source(s), where a simple security-oriented signaling protocol permits specialized signaling entities to exchange reliable signaling information that allows performing a simple and efficient traceback. This solution represents a novel and efficient approach to deal with the traceback problem in WMN environments.

A SCTP-based authentication protocol: SCTPAP

Multihoming is among the features of SCTP (Stream Control Transmission Protocol), which makes it more robust and efficient than TCP(Transmission Control Protocol)but more vulnerable under attack. Nevertheless, a strong security can degrade the QoS(Quality of Service) by adding additional delay. Therefore, we propose in this paper, a secure authentication protocol that supports the establishment of multiple connections to protect multihoming networks with the least number of messages, number of parameters in each message and number of communicating nodes. The proposed scheme provides lower delay of authentication and protects against several attacks. Our devised protocol is analyzed using SPAN (Security Protocol Animator) for AVISPA (Automated Validation of Internet Security Protocols and Applications) tool. The obtained validation results show that the scheme is safe.