Michele Nogueira

A Survey on Identity Management for the Future Network

The Internet as a platform for ubiquitous communication has quickly advanced in the last years. New services have emphasized the limits of the current Internet and motivated the development of the Future Internet. Future communication infrastructures intend to be more distributed and, ideally, more secure, resulting in high complexity. Further, as new technologies emerge, new requirements and security issues are highlighted. These issues reinforce the importance of Identity Management systems for the network infrastructure in the Future Internet, termed Future Network, to provide adequate dynamic services in relation to users personal data and requirements. Hence, this survey presents the state of the art of Identity Management systems for the Future Network. It highlights the existing architectures, specific devices applied, challenges and future perspectives.

Programmable Networks—From Software-Defined Radio to Software-Defined Networking

Current implementations of Internet systems are very hard to be upgraded. The ossification of existing standards restricts the development of more advanced communication systems. New research initiatives, such as virtualization, software-defined radios, and software-defined networks, allow more flexibility for networks. However, until now, those initiatives have been developed individually. We advocate that the convergence of these overlying and complementary technologies can expand the amount of programmability on the network and support different innovative applications. Hence, this paper surveys the most recent research initiatives on programmable networks. We characterize programmable networks, where programmable devices execute specific code, and the network is separated into three planes: data, control, and management planes. We discuss the modern programmable network architectures, emphasizing their research issues, and, when possible, highlight their practical implementations. We survey the wireless and wired elements on the programmable data plane. Next, on the programmable control plane, we survey the divisor and controller elements. We conclude with final considerations, open issues and future challenges.

An autonomic knowledge monitoring scheme for trust management on mobile ad hoc networks

An important characteristic in trust management frameworks is how nodes obtain information about the trustworthiness of other nodes. Some trust management models are based on local information, while others use both information of neighbors and remote nodes. Despite the wide of information used, the existing trust monitoring approaches are mainly based either on passive monitoring mechanisms or on active monitoring mechanisms. While passive monitoring suffers from limitations ranging from strict antenna requirements to high battery use, active dissemination alternatives generate extra overhead to the resource constrained mobile ad hoc networks (MANETs). In this paper, we propose a new knowledge monitoring scheme for trust management on MANETs based on autonomic principles. The proposed scheme minimizes the overhead using transiting packets on the network to update nodes knowledge about other nodes trustworthiness. Simulation results show that the proposed mechanism improves significantly the performance of underlying network, providing a sufficient correct knowledge about nodes trustworthiness required by trust management frameworks.

A Security Management Architecture for Supporting Routing Services on WANETs

Due to the raising dependence of people on critical applications and wireless networks, high level of reliability, security and availability is claimed to assure secure and reliable service operation. Wireless ad hoc networks (WANETs) experience serious security issues even when solutions employ preventive or reactive security mechanisms. In order to support both network operations and security requirements of critical applications, we present SAMNAR, a Survivable Ad hoc and Mesh Network ARchitecture. Its goal lies in managing adaptively preventive, reactive and tolerant security mechanisms to provide essential services even under attacks, intrusions or failures. We use SAMNAR to design a path selection scheme for WANET routing. The evaluation of this path selection scheme considers scenarios using urban mesh network mobility with urban propagation models, and also random way point mobility with two-ray ground propagation models. Results show the survivability achieved on routing service under different conditions and attacks.

Detection of sinkhole attacks for supporting secure routing on 6LoWPAN for Internet of Things

The Internet of Things (IoT) networks are vulnerable to various kinds of attacks, being the sinkhole attack one of the most destructive since it prevents communication among network devices. In general, existing solutions are not effective to provide protection and security against attacks sinkhole on IoT, and they also introduce high consumption of resources de memory, storage and processing. Further, they do not consider the impact of device mobility, which in essential in urban scenarios, like smart cities. This paper proposes an intrusion detection system, called INTI (Intrusion detection of SiNkhole attacks on 6LoWPAN for InterneT of ThIngs), to identify sinkhole attacks on the routing services in IoT. Moreover, INTI aims to mitigate adverse effects found in IDS that disturb its performance, like false positive and negative, as well as the high resource cost. The system combines watchdog, reputation and trust strategies for detection of attackers by analyzing the behavior of devices. Results show the INTI performance and its effectiveness in terms of attack detection rate, number of false positives and false negatives.

Interoperability issues on heterogeneous wireless communication for smart cities

Smart cities have become a reality around the world. They rely on wireless communication technologies, and they have provided many benefits to society, such as monitoring road traffic in real-time, giving continuous healthcare assistance to residents and managing the environment. This article revisits key interoperability questions in heterogeneous wireless networks for smart cities, and outlines a simple, modular architecture to deal with these complex issues. The architecture is composed by sensing, access network, Internet/cloud and application layers. Different features provided by the architecture, such as interoperability among technologies, low cost, reliability and security, have been evaluated through experiments and simulations under different scenarios. The QoS support and the seamless connectivity between pairs of heterogeneous technologies are proposed through a policy-based management (PBM) framework and MIH (Media Independent Handover). Moreover, an 802.11 mesh backbone composed of different types of mesh routers has been deployed for interconnecting the sensors and actuators to the Internet. Key results from experiments in the backbone are examined. They compare: (i) the performance of a single-path routing protocol (OLSR) with a multipath one (MP-OLSR); (ii) the monitoring delays from the proposed low cost sunspot/mesh and arduino/mesh gateways; and (iii) the authentication mechanisms employed. Significant results from simulations allow the analysis of the reliability on vehicular/mesh networks under jamming attacks by applying the OLSR and MP-OLSR routing protocols. Finally, this article provides an overview of open research questions.

AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle

The consumer electronics industry is witnessing a surge in Internet of Things (IoT) devices, ranging from mundane artifacts to complex biosensors connected across disparate networks. As the demand for IoT devices grows, the need for stronger authentication and access control mechanisms is greater than ever. Legacy authentication and access control mechanisms do not meet the growing needs of IoT. In particular, there is a dire need for a holistic authentication mechanism throughout the IoT device life-cycle, namely from the manufacturing to the retirement of the device. As a plausible solution, we present Authentication of Things (AoT), a suite of protocols that incorporate authentication and access control during the entire IoT device life span. Primarily, AoT relies on Identity- and Attribute-Based Cryptography to cryptographically enforce Attribute-Based Access Control (ABAC). Additionally, AoT facilitates secure (in terms of stronger authentication) wireless interoperability of new and guest devices in a seamless manner. To validate our solution, we have developed AoT for Android smartphones like the LG G4 and evaluated all the cryptographic primitives over more constrained devices like the Intel Edison and the Arduino Due. This included the implementation of an Attribute-Based Signature (ABS) scheme. Our results indicate AoT ranges from highly efficient on resource-rich devices to affordable on resource-constrained IoT-like devices. Typically, an ABS generation takes around 27 ms on the LG G4, 282 ms on the Intel Edison, and 1.5 s on the Arduino Due.

Firefly-inspired and robust time synchronization for cognitive radio ad hoc networks

Harnessing the full power of the paradigm-shifting cognitive radio ad hoc networks (CRAHNs) hinges on solving the problem of time synchronization between the radios on the different stages of the cognitive radio cycle. The dynamic network topology, the temporal and spatial variations in spectrum availability, and the distributed multi-hop architecture of CRAHNs mandate novel solutions to achieve time synchronization and efficiently support spectrum sensing, access, decision and mobility. In this article, we advance this research agenda by proposing the novel Bio-inspired time SynChronization protocol for CRAHNs (BSynC). The protocol draws on the spontaneous firefly synchronization observed in parts of Southeast Asia. The significance of BSynC lies in its capability of promoting symmetric time synchronization between pairs of network nodes independent of the network topology or a predefined sequence for synchronization. It enables the nodes in CRAHNs to efficiently synchronize in a decentralized manner, and it is also reliable to changes, faults and attacks. The findings suggest that BSynC improves convergence time, thereby favoring deployment in dynamic network scenarios.

A framework for resilient and secure spectrum sensing on cognitive radio networks

Cognitive radio networks have been envisaged to improve efficiency in accessing the frequency spectrum. However, these networks are prone to different kind of attacks and failures that can compromise the security and performance of licensed and unlicensed users. This work presents a framework for security and resilience in cognitive radio networks. As a showcase, this framework is applied to spectrum sensing functionality in order to assist its operation even in face to failures and attacks, such as primary user emulation ones. Differently from other proposals founded on specific and permanent device features, our framework provides flexibility and adaptation for detection and mitigation mechanisms considering best-efforts or real-time applications. Simulation results based on real traces provide evidences about the improvements achieved by our framework on spectrum sensing, even under primary user emulation attacks.

An architecture to manage performance and reliability on hybrid cloud-based firewalling

Firewalls are the first defense line for the networking services and applications. With the advent of virtualization and Cloud Computing, the explosive growth of network-based services, investigations have emphasized the limitations of conventional firewalls. However, despite of being impressively significant to improve security, cloud-based firewalling approaches still experience severe performance and reliability issues that can lead to non use of these services by companies. Hence, our work presents an efficient architecture to manage performance and reliability on a hybrid cloud-based firewalling service. Being composed of a physical and a virtual part, the architecture follows an approach that supports and complements basic physical firewall functionalities with virtual ones. The architecture was deployed and experimental results show that the proposed approach improve the computational power of traditional firewall with the support of cloud-based firewalling service.