Catálogo de publicaciones - libros

In this paper, the design of hybrid network discovery module is introduced. As hybrid approach, active and passive network discovery techniques are used. Passive network discovery module, especially, is designed to detect desktop applications and ActiveX controls installed on client computers as well as operating system and services on servers. This module can help security administrators identify organization’s IT asset and proactively handle vulnerability information.

Due to vast application of WSN (Wireless Sensor Networks) in mission critical military operations, securing WSN has received lot of attention from the research communityWSN when deployed in hostile environment, they are prone to various kinds of attacks one of which is node capture which might reveal important sensor information being transferred to the captured node. Thus dynamic key management schemes employ re-keying mechanism to change the group key used by the sensor nodes for communication. Constrained resources such as energy, memory and computational capabilities of sensor nodes requires a re-keying scheme efficient in design to minimize overhead while maintaining secure communications over lifespan of the network. In this paper we present an efficient re-keying scheme for cluster based WSN which requires minimal communication with the base station and O(1) computation at the sensor node to calculate the new group key.

In this paper we present a solution for providing a fast transition in heterogeneous mobile networks which involve network access control based on the . The goal is to reduce the time spent on providing access and smooth transition, between different technologies which require to perform authentication to allow network access. We propose and describe an architecture and secure protocol, which reduce the number of round trips during authentication phase, and verify its secure properties with a formal tool.

IETF published Fast Handovers in Mobile IPv6 (FMIPv6) for efficient mobility management. FMIPv6 has no solutions to protect binding update messages. Previous researches have mainly concentrated on using AAA, public cer-tificates or cryptographic algorithms. However the approaches need a particular infrastructure or heavy processing cost to authenticate binding updates in FMIPv6. Proposed scheme provides authentication for FMIPv6 without infra-structure and costly cryptographic algorithms by the extended Return Routability. Also proposed scheme is able to be used for various existing handover protocol in MIPv6 network.

In the conventional peer-to-peer(P2P) systems, security was not important, since P2P applications were used in the private networks. Recently, the use of P2P applications is growing dramatically, in particular, for sharing large video/audio files and software in the public networks. Hence, in this paper, we propose a scheme to enhance the security of P2P systems, particularly on a peer’s authentication. We expand the Cryptographically Generated Addresses (CGA) mechanism to provide the peer’s authentication. In the proposed scheme, we define a new identifier made by IP address and peer’s public key to secure the peer and exchanging messages. The identifier is an expanded CGA used in application level. The P2P applications applying the proposed scheme will be secured, since the identifier and public key algorithm provide authentication of peers and messages. We analyze security threats of P2P systems and show how the proposed scheme protects the network from those threats.

In hostile environments, the communication content and communication route need to be shielded from malicious attackers. The AnonDSR (Anonymous Dynamic Source Routing for Mobile Ad-Hoc Networks) protocol has been proposed to ensure security and anonymity in ad-hoc networks. The protocol transmits data after establishing an encryption key and communication route. One weakness of the AnonDSR is that it consists of 3 steps: security parameter establishment, route discovery, and data transmission. In this paper, we propose a variant of AnonDSR that reduces the 3 steps into 2 steps. Our protocol decreases the communication route setup time for each communication session by 31% in comparison with the AnonDSR.

For WSN(Wireless Sensor Network) to provide reliable service, authentication is one of the most important requirements. The authentication usually means the entity authentication, but owing to the data centric nature of sensor network, much more importance must be put on the authentication(or attestation) for code of sensor nodes. The naive approach to the attestation is for the verifier to compare the previously known memory contents of the target node with the actual memory contents in the target node, but it has a significant drawback. In this paper, we show what the drawback is and propose a countermeasure. The basic idea of our countermeasure is not to give the malicious code any memory space to reside by cleaning the target node’s memory space where the malicious code can reside. This scheme can verify the whole memory space of the target node and provides extremely low probability of malicious code’s concealment without depending on accurate timing information unlike SWATT[1]. We provide this verification method and show the performance estimation in various environments.

Grid technologies make it possible for IT resources to be shared across organizational and security domains. The traditional identity-based access control mechanisms are unscalable and difficult to manage. Thus, we propose the FAS (Federation Agent Server) model which is composed of three modules: Certificate Conversion Module (CCM), Role Decision Module (RDM), and ADM (Authorization Decision Module). The proposed FAS model is an extended Role-Based Access Control (RBAC) model which provides resource access capabilities based on roles assigned to the users. FAS can solve the problem of assigning multiple identities to a shared local name in Grid map file and mapping the remote entity’s identity to a local name manually.

Security service is one of the fundamental elements required to realize the wireless sensor networks. To distribute key in WSNs, the predistribution technique is commonly used, because the traditional cryptography techniques such as public key cryptography and key distribution center (KDC) are impractical to be applied in the WSNs due to resource constraints of sensor node. The most common technique in famous predistribution schemes is random key predistribution scheme which use probability method. The random key predistribution scheme has a demerit that heavy overhead is occurred on establishing a path key. To reduce the overhead, the grid-based key predistribution scheme was proposed. They uses -degree bivariate polynomial keys and 2-dimensional grid to provide good properties such as good resilience against the node compromise, high probability of establishing a pairwise key and the minimized overhead on establishing a path key. We extend the dimension of the grid-based key predistribution scheme which is more efficient than other existing schemes. Our scheme improves many properties, except the resilience, of the grid-based key predistribution scheme. So, we introduce n-dimensional grid-based key predistribution using group based deployment as one of methods which can enhance the resilience. Through a mathematical model, we show that our scheme is more efficient than other existing schemes including 2-dimensional grid-based scheme.