Abstract: The security of data becomes more important with the increased use of commercial applications over wireless network environments. We presented an approach to handle various attacks for wireless networks. There were several problems of security in wireless networks due to intruders and different type of attacks such as Node Isolation, Route Disruption and Resource Consumption. There were better methods and intruder handling procedures available for fixed networks but it was difficult to analyze attacks in the mobile adhoc environments. The reason was due high mobility of network nodes and lack of fixed infrastructure. Normally, attacks by an intruder cause unauthorized use of the wireless network so that the whole network will be suffered from packet losses and reduced throughput. So, we have performed a study on various issues of threats for Mobile Adhoc Networks and presented an approach to handle such threats efficiently. The main principle was to use my-AODV agent to introduce various attacks on existing AODV MANET routing protocol.

This paper proposes a network-assisted mobile Virtual Private Network (mVPN) security scheme that provides secure remote access to corporate resources over the Universal Mobile Telecommunication System (UMTS). The proposed scheme, which is based on IPsec, distributes the required security functionality for deploying a VPN between the involved user’s device and the mobile network limiting the configuration, computation and communication overheads associated with the user and its device. The network-assisted mVPN addresses the security weaknesses of the UMTS technology in protecting users ’ data and satisfies the security requirements of the mobile users. It can be integrated into the UMTS network infrastructure requiring only some limited enhancements to the existing mobile network architecture, and without disrupting the network operation. For the initialization of a network-assisted mVPN and the related key agreement an extension of Internet Key Exchange version 2 (IKEv2) is proposed. The proposed network-assisted mVPN can operate seamlessly and provide security services continuously while the mobile user moves and roams as it binds the UMTS mobility management with the VPN deployment. The deployment cost of the proposed scheme is evaluated analytically and via simulations and is compared to that of the end-to-end (e2e) VPN scheme that protects the data exchanged between the mobile user and the remote server, and a scheme that does not include any additional security mechanism. The proposed scheme increases the cumulative VPN deployment cost compared to the e2e scheme, but on the other hand it limits considerably the VPN deployment cost of the involved MS, which is important due to it resource limitation. Moreover, it does not considerably affect the capacity of the UMTS network. Finally, the deployed network-assisted mVPN hardly has an impact on the total delay of the transmitted user’s packets. 1

Abstract—In multi-hop cellular networks, the mobile nodes usually relay others ’ packets for enhancing the network performance and deployment. However, selfish nodes usually do not cooperate but make use of the cooperative nodes to relay their packets, which has a negative effect on the network fairness and performance. In this paper, we propose a fair and efficient incentive mechanism to stimulate the node cooperation. Our mechanism applies a fair charging policy by charging the source and destination nodes when both of them benefit from the communication. To implement this charging policy efficiently, hashing operations are used in the ACK packets to reduce the number of digital-signature operations. Moreover, reducing the overhead of the payment cheques is essential for the efficient implementation of the incentive mechanism due to the large number of payment transactions. Instead of generating a cheque per message, a small-size cheque can be generated per route, and a cheque submission scheme is proposed to reduce the number of submitted cheques and protect against collusion attacks. Extensive analysis and simulations demonstrate that our mechanism can secure the payment and significantly reduce the cheques ’ overhead, and the fair charging policy can be implemented almost computationally free by using hashing operations. Index Terms—Network-level security and protection, Wireless communication, Payment schemes, Hybrid systems.

Abstract—Wireless metropolitan area sharing networks (WMSNs) are wide-area wireless networks with nodes owned and managed by independent wireless Internet service providers (WISPs). To support seamless roaming in emerging WMSNs, in this paper, we propose a localized and distributed authentication and billing architecture that aims at enabling efficient and privacy-preserving mutual authentication between mobile users (MUs) and WISPs. User anonymity and identity privacy can be protected, even in the presence of collusion between WISPs and a roaming broker (RB), which is considered to be the strongest user privacy protection. An efficient billing architecture is introduced and performed in the same stage of roaming, where U-tokens are defined and can be purchased by MUs from an RB as authentication credentials for the MUs to access the wireless network. The WISPs, thus, can cash the collected U-tokens in the RB for payment. We show that the proposed authentication and billing architecture can support localized inter-WISP authentication through the divisible blind signature scheme and a local witness strategy. A detailed analysis on a number of performance metrics, such as computation time and power consumption, is given to validate the performance of the proposed architectures. Index Terms—Billing, partially blind signature, privacy protection, roaming, wireless metropolitan area sharing networks

Abstract—PDAs and smartphones are increasingly being used as handheld computers. Today, their network connectivity and their usages for various tasks over the Internet require privacy and authenticity. In this paper, we conduct a comprehensive and comparative study of the performance of the SSL protocol for PDA and laptop clients, both in WEP secured and open Wi-Fi environments. Unlike previous studies [1], [2], the measurements are at sub-protocol granularity allowing for researchers to consider appropriate optimizations for these resource-constrained devices. Unsurprisingly, we find that SSL handshake costs 3 times more at a PDA client than it does for a laptop client, but surprisingly most of the delay comes from network latency and other PDA architecture issues, not cryptographic computation. This suggests that more effort should be spent in minimizing communication rounds in future cryptographic protocols that will be used by PDAs, even at the cost of more cryptographic operations. I.

Abstract—With the increased application of wireless sensor networks (WSNs) to military, commercial, and home environments, securing the data in the network has become a critical issue. Several security mechanisms, such as TinySec, have been introduced to address the need for security in WSNs. The cost of security, however, still mostly remains an unknown variable. To provide a better understanding of this cost we have studied three aspects of WSNs security: encryption algorithms, modes of operation for block ciphers, and message authentication algorithms. We have measured and compared their memory and energy consumption on both MicaZ and TelosB sensor motes. The results of our experiments provide insight into the suitability of different security algorithms for use in WSN environments and could be used by WSN designers to construct the security architecture of their systems in a way that both satisfies the requirements of the application and reasonably uses the constrained sensor resources. I.

Abstract—With the increased application of wireless sensor networks (WSNs) in military, commercial, and home environments, securing the data in the network is a critical issue. Several security mechanisms, such as TinySec, have been introduced to address the need for security in WSNs. There are many applications, however, which require more than just protecting the data at a single level. For those applications, it is necessary to provide multilevel security (MLS) that can accommodate the different sensitivity levels of information as well as the different clearance levels of the users. In this paper, we apply the concept of MLS to the field of WSNs by employing the approach of multiple security levels (MSL). We employ cryptography techniques to realize the key aspects of MSL: the separation of different security levels and controlled information flow. Specifically, TinyKeyMan is selected as the key management scheme for this design due to its resilience to node compromise attacks. In addition, we evaluate the two dominant costs of the design: 1) communication overhead between different security levels and 2) the cryptography cost on the lifetime of a mote. The MSL design we propose is simple and incurs low developmental costs, making it well-suited to resource constrained WSNs. Keywords-multilevel security (MLS); multiple security levels (MSL); wireless sensor networks (WSNs) I.

Copyright © 2011 A. Roy-Chowdhury and J. S. Baras. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. We describe a new class of lightweight, symmetric-key digital certificates called extended TESLA certificates and a source authentication protocol for wireless group communication that is based on the certificate. The certificate binds the identity of a wireless smart device to the anchor element of its key chain; keys from the chain are used for computing message authentication codes (MACs) on messages sourced by the device. The authentication protocol requires a centralized infrastructure in the network: we describe the protocol in a hybrid wireless network with a satellite overlay interconnecting the wireless devices. The satellite is used as the Certificate Authority (CA) and also acts as the proxy for the senders in disclosing the MAC keys to the receivers. We also design a probabilistic nonrepudiation mechanism that utilizes the satellite’s role as the CA and sender proxy. Through analysis, we show that the authentication protocol is secure against malicious adversaries. We also present detailed simulation results that demonstrate that the proposed protocol is much cheaper than traditional public key-based authentication technologies for metrics like processing delay, storage requirements, and energy consumption of the smart devices. 1.

In this new millennium most of the transactions depend on wireless network. In this context highly secured transaction of information is the need of the hour. During the transaction there must not be any loss of information or there should be no intrusion to assure the secured data transmission. There are several approaches available for fixed network threats. But it is difficult to analyze the intrusion attacks in mobile networks due to its high mobile nature. In this present work we implemented a simulation tool to handle intrusion attacks in Mobile Ad Hoc Network (MANET). Using that we analyzed Route Disturbance, Node Isolation, Resource Consumption, Denial of Service (DoS) and Man in the Middle attacks. Using our approach it is easy to reduce throughput, easy to increase security, easy to avoid unauthorized intruders and also it is easy to avoid packet losses. The implemented wireless intrusion detection system has been simulated using JAVA Platform. Our tool Mobile Intrusion Detection Controller (MIDC) is combined with the existing Ad Hoc On-demand Distant Vector (AODV) routing protocol. It is used to detect and magnify various attacks in a mobile network. These attacks have been simulated and performed using hacker software in java platform. It also includes an additional recovery phase to overcome threats and intruders.

Practical remote mutual authentication with key agreement scheme for mobile devices on elliptic curve cryptosystem