A Security Framework for Wireless Sensor Networks Utilizing a Unique Session Key

Key management is a core mechanism to ensure the security of applications and network services in wireless sensor networks. It includes two aspects: key distribution and key revocation. Many key management protocols have been specifically designed for wireless sensor networks. However, most of the key management protocols focus on the establishment of the required keys or the removal of the compromised keys. The design of these key management protocols does not consider the support of higher level security applications. When the applications are integrated later in sensor networks, new mechanisms must be designed. In this paper, we propose a security framework, uKeying, for wireless sensor networks. This framework can be easily extended to support many security applications. It includes three components: a security mechanism to provide secrecy for communications in sensor networks, an efficient session key distribution scheme, and a centralized key revocation scheme. The proposed framework does not depend on a specific key distribution scheme and can be used to support many security applications, such as secure group communications. Our analysis shows that the framework is secure, efficient, and extensible. The simulation and results also reveal for the first time that a centralized key revocation scheme can also attain a high efficiency.

Agent Based Intrusion Detection and Response System for Wireless LANs

Wireless LAN technology, despite the numerous advantages it has over competing technologies, has not seen widespread deployment. A primary reason for markets not adopting this technology is its failure to provide adequate security. Data that is sent over wireless links can be compromised with utmost ease. In this project, we propose a distributed agent based intrusion detection and response system for wireless LANs that can detect unauthorized wireless elements like access points, wireless clients that are in promiscuous mode etc. The system reacts to intrusions by either notifying the concerned personnel, in case of rogue access points and promiscuous nodes, or by blocking unauthorized users from accessing the network resources.

Joint Computing and Network Resource Scheduling in a Lambda Grid Network

Data-intensive Grid applications require huge data transfers between grid computing nodes. These computing nodes, where computing jobs are executed, are usually geographically separated. A grid network that employs optical wavelength division multiplexing (WDM) technology and optical switches to interconnect computing resources with dynamically provisioned multi-gigabit rate bandwidth lightpath is called a Lambda Grid network. A computing task may be executed on any one of several computing nodes which possesses the necessary resources. In order to reflect the reality in job scheduling, allocation of network resources for data transfer should be taken into consideration. However, few scheduling methods consider the communication contention on Lambda Grids. In this paper, we investigate the joint scheduling problem while considering both optical network and computing resources in a Lambda Grid network. The objective of our work is to maximize the total number of jobs that can be scheduled in a Lambda Grid network. An adaptive routing algorithm is proposed and implemented for accomplishing the communication tasks for every job submitted in the network. Four heuristics (FIFO, ESTF, LJF, RS) are implemented for job scheduling of the computational tasks. Simulation results prove the feasibility and efficiency of the proposed solution.

Distributed Hybrid Agent Based Intrusion Detection and Real Time Response System

Wireless LANs are growing rapidly and security has always been a concern. We have implemented a hybrid system, which will not only detect active attacks like identity theft causing denial of service attacks, but will also detect the usage of access point discovery tools. The system responds in real time by sending out an alert to the network administrator.

Joint Computing and Network Resource Scheduling in a Lambda Grid Network

Data-intensive Grid applications require huge data transfers between grid computing nodes. These computing nodes, where computing jobs are executed, are usually geographically separated. A grid network that employs optical wavelength division multiplexing (WDM) technology and optical switches to interconnect computing resources with dynamically provisioned multi-gigabit rate bandwidth lightpath is called a Lambda Grid network. A computing task may be executed on any one of several computing nodes which possesses the necessary resources. In order to reflect the reality in job scheduling, allocation of network resources for data transfer should be taken into consideration. However, few scheduling methods consider the communication contention on Lambda Grids. In this paper, we investigate the joint scheduling problem while considering both optical network and computing resources in a Lambda Grid network. The objective of our work is to maximize the total number of jobs that can be scheduled in a Lambda Grid network. An adaptive routing algorithm is proposed and implemented for accomplishing the communication tasks for every job submitted in the network. Four heuristics (FIFO, ESTF, LJF, RS) are implemented for job scheduling of the computational tasks. Simulation results prove the feasibility and efficiency of the proposed solution.

Approximation Algorithms for Survivable Multicommodity Flow Problems with Applications to Network Design

Multicommodity flow (MF) problems have a wide variety of applications in areas such as VLSI circuit design, network design, etc., and are therefore very well studied. The fractional MF problems are polynomial time solvable while integer versions are NP-complete. However, exact algorithms to solve the fractional MF problems have high computational complexity. Therefore approximation algorithms to solve the fractional MF problems have been explored in the literature to reduce their computational complexity. Using these approximation algorithms and the randomized rounding technique, polynomial time approximation algorithms have been explored in the literature. In the design of high-speed networks, such as optical wavelength division multiplexing (WDM) networks, providing survivability carries great significance. Survivability is the ability of the network to recover from failures. It further increases the complexity of network design and presents network designers with more formidable challenges. In this work we formulate the survivable versions of the MF problems. We build approximation algorithms for the survivable multicommodity flow (SMF) problems based on the framework of the approximation algorithms for the MF problems presented in [1] and [2]. We discuss applications of the SMF problems to solve survivable routing in capacitated networks.

KeyRev: An Efficient Key Revocation Scheme for Wireless Sensor Networks

Key management is a core mechanism to ensure the security of applications and network services in wireless sensor networks. It includes two aspects: key distribution and key revocation. Key distribution has been extensively studied in the context of sensor networks. However, key revocation has received relatively little attention. Existing key revocation schemes can be divided into two categories: centralized key revocation scheme and distributed key revocation scheme. In this paper, we first summarize the current key revocation schemes for sensor networks. Then, we propose an efficient centralized key revocation scheme, KeyRev, for wireless sensor networks. Unlike most proposed key revocation schemes focusing on removing the compromised keys, we propose to use key updating techniques to obsolesce the keys owned by the compromised sensor nodes and thus remove the nodes from the network. Our analyses show that the KeyRev scheme is secure inspite of not removing the pre-distributed key materials at compromised sensor nodes. Simulation results also indicate that the KeyRev scheme is scalable and performs very well in wireless sensor networks.

A Key Management Protocol for Wireless Sensor Networks with Multiple Base Stations

Most of the proposed key management protocols for wireless sensor networks (WSNs) in the literature assume that a single base station is used and that the base station is trustworthy. However, there are applications in which multiple base stations are used and the security of the base stations must be considered. This paper investigates a key management protocol in wireless sensor networks which include multiple base stations. We consider the situations in which both the base stations and the sensor nodes can be compromised. The proposed key management protocol, mKeying, includes two schemes, a key distribution scheme, mKeyDist, supporting multiple base stations in the network, and a key revocation scheme, mKeyRev, used to efficiently remove the compromised nodes from the network. Our analyses show that the proposed protocol is efficient and secure against the compromise of the base stations and the sensor nodes.