RiSeG: a ring based secure group communication protocol for resource-constrained wireless sensor networks

Securing group communication in wireless sensor networks has recently been extensively investigated. Many works have addressed this issue, and they have considered the grouping concept differently. In this paper, we consider a group as being a set of nodes sensing the same data type, and we alternatively propose an efficient secure group communication scheme guaranteeing secure group management and secure group key distribution. The proposed scheme (RiSeG) is based on a logical ring architecture, which permits to alleviate the group controller’s task in updating the group key. The proposed scheme also provides backward and forward secrecy, addresses the node compromise attack, and gives a solution to detect and eliminate the compromised nodes. The security analysis and performance evaluation show that the proposed scheme is secure, highly efficient, and lightweight. A comparison with the logical key hierarchy is preformed to prove the rekeying process efficiency of RiSeG. Finally, we present the implementation details of RiSeG on top of TelosB sensor nodes to demonstrate its feasibility.

An Enhanced WLAN Security System With FPGA Implementation for Multimedia Applications

Maintaining a high level of data security with a low impact on system performance is more challenging in wireless multimedia applications. Protocols that are used for wireless local area network (WLAN) security are known to significantly degrade performance. In this paper, we propose an enhanced security system for a WLAN. Our new design aims to decrease the processing delay and increase both the speed and throughput of the system, thereby making it more efficient for multimedia applications. Our design is based on the idea of offloading computationally intensive encryption and authentication services to the end systems’ CPUs. The security operations are performed by the hosts’ central processor (which is usually a powerful processor) before delivering the data to a wireless card (which usually has a low-performance processor). By adopting this design, we show that both the delay and the jitter are significantly reduced. At the access point, we improve the performance of network processing hardware for real-time cryptographic processing by using a specialized processor implemented with field-programmable gate array technology. Furthermore, we use enhanced techniques to implement the Counter (CTR) Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP) and the CTR protocol. Our experiments show that it requires timing in the range of 20–40 μs to perform data encryption and authentication on different end-host CPUs (e.g., Intel Core i5, i7, and AMD 6-Core) as compared with 10–50 ms when performed using the wireless card. Furthermore, when compared with the standard WiFi protected access II (WPA2), results show that our proposed security system improved the speed to up to 3.7 times.

Supporting NAT traversal and secure communications in a protocol implementation framework

Dissertação apresentada na Faculdade de Ciências e Tecnologia da Universidade Nova de Lisboa para obtenção do Grau de Mestre em Engenharia Electrotécnica e de Computadores

Estudi dels mètodes d'estimació de la tipologia de la xarxa en un protocol UUP basat en xarxes socials

En aquest projecte es presenta un mecanisme per garantir la privacitat de les cerques que fan els usuaris als motors de cerca aprofitant el potencial de les xarxes socials.

Development of a Safety protocol for Management Thirst in the Immediate Postoperative Period

Objective To develop a safety protocol for the management of thirst in the immediate postoperative period. Method Quantitative, methodological, and applied study conducted in April-August 2012. An extensive literature search and expert consultation was carried out to develop the protocol and its operating manual. Theoretical and semantic analyzes were carried out by experts. Results Assessment of level of consciousness, reflexes of protection of the airways (cough and swallowing), and absence of nausea and vomiting were selected as safety criteria. These criteria were grouped and formatted in a graph algorithm, which indicates the need to interrupt the procedure if a security criterion does not reach the expected standard. Conclusion The protocol was elaborated to fill in the gap in the literature of a specific model concerning nursing actions in the safe management of thirst in the immediate postoperative period.

Improving telecommunication security level by integrating quantum key distribution in communication protocols

Résumé La cryptographie classique est basée sur des concepts mathématiques dont la sécurité dépend de la complexité du calcul de l'inverse des fonctions. Ce type de chiffrement est à la merci de la puissance de calcul des ordinateurs ainsi que la découverte d'algorithme permettant le calcul des inverses de certaines fonctions mathématiques en un temps «raisonnable ». L'utilisation d'un procédé dont la sécurité est scientifiquement prouvée s'avère donc indispensable surtout les échanges critiques (systèmes bancaires, gouvernements,...). La cryptographie quantique répond à ce besoin. En effet, sa sécurité est basée sur des lois de la physique quantique lui assurant un fonctionnement inconditionnellement sécurisé. Toutefois, l'application et l'intégration de la cryptographie quantique sont un souci pour les développeurs de ce type de solution. Cette thèse justifie la nécessité de l'utilisation de la cryptographie quantique. Elle montre que le coût engendré par le déploiement de cette solution est justifié. Elle propose un mécanisme simple et réalisable d'intégration de la cryptographie quantique dans des protocoles de communication largement utilisés comme les protocoles PPP, IPSec et le protocole 802.1li. Des scénarios d'application illustrent la faisabilité de ces solutions. Une méthodologie d'évaluation, selon les critères communs, des solutions basées sur la cryptographie quantique est également proposée dans ce document. Abstract Classical cryptography is based on mathematical functions. The robustness of a cryptosystem essentially depends on the difficulty of computing the inverse of its one-way function. There is no mathematical proof that establishes whether it is impossible to find the inverse of a given one-way function. Therefore, it is mandatory to use a cryptosystem whose security is scientifically proven (especially for banking, governments, etc.). On the other hand, the security of quantum cryptography can be formally demonstrated. In fact, its security is based on the laws of physics that assure the unconditional security. How is it possible to use and integrate quantum cryptography into existing solutions? This thesis proposes a method to integrate quantum cryptography into existing communication protocols like PPP, IPSec and the 802.l1i protocol. It sketches out some possible scenarios in order to prove the feasibility and to estimate the cost of such scenarios. Directives and checkpoints are given to help in certifying quantum cryptography solutions according to Common Criteria.

Impact of a program to prevent incivility towards and assault of healthcare staff in an ophtalmological emergency unit: study protocol for the PREVURGO On/Off trial.

BACKGROUND: The emergency department has been identified as an area within the health care sector with the highest reports of violence. The best way to control violence is to prevent it before it becomes an issue. Ideally, to prevent violent episodes we should eliminate all triggers of frustration and violence. Our study aims to assess the impact of a quality improvement multi-faceted program aiming at preventing incivility and violence against healthcare professionals working at the ophthalmological emergency department of a teaching hospital. METHODS/DESIGN: This study is a single-center prospective, controlled time-series study with an alternate-month design. The prevention program is based on the successive implementation of five complementary interventions: a) an organizational approach with a standardized triage algorithm and patient waiting number screen, b) an environmental approach with clear signage of the premises, c) an educational approach with informational videos for patients and accompanying persons in waiting rooms, d) a human approach with a mediator in waiting rooms and e) a security approach with surveillance cameras linked to the hospital security. The primary outcome is the rate of incivility or violence by patients, or those accompanying them against healthcare staff. All patients admitted to the ophthalmological emergency department, and those accompanying them, will be enrolled. In all, 45,260 patients will be included in over a 24-month period. The unit analysis will be the patient admitted to the emergency department. Data analysis will be blinded to allocation, but due to the nature of the intervention, physicians and patients will not be blinded. DISCUSSION: The strengths of this study include the active solicitation of event reporting, that this is a prospective study and that the study enables assessment of each of the interventions that make up the program. The challenge lies in identifying effective interventions, adapting them to the context of care in an emergency department, and thoroughly assessing their efficacy with a high level of proof.The study has been registered as a cRCT at clinicaltrials.gov (identifier: NCT02015884).

A Secure and Anonymous Cooperative Sensing Protocol for Cognitive Radio Networks

Spectrum is an essential resource for the provision of mobile services. In order to control and delimit its use, governmental agencies set up regulatory policies. Unfortunately, such policies have led to a deficiency of spectrum as only few frequency bands are left unlicensed, and these are used for the majority of new emerging wireless applications. One promising way to alleviate the spectrum shortage problem is adopting a spectrum sharing paradigm in which frequency bands are used opportunistically. Cognitive radio is the key technology to enable this shift of paradigm.Cognitive radio networks are self-organized systems in which devices cooperate to use those spectrum ranges that are not occupied by licensed users. They carry out spectrum sensing in order to detect vacant channels that can be used for communication. Even though spectrum sensing is an active area of research, an important issue remains unsolved: the secure authentication of sensing reports. Not providing security enables the input of false data in the system thus empowering false results. This paper presents a distributed protocol based on wireless physical layer security, symmetric cryptography and one-way functions that allows determining a final sensing decision from multiple sources in a quick and secure way, as well as it preserves users¿ privacy.

A Secure Cooperative Sensing Protocol for Cognitive Radio Networks

Cognitive radio networks sense spectrum occupancyand manage themselves to operate in unused bands without disturbing licensed users. Spectrum sensing is more accurate if jointly performed by several reliable nodes. Even though cooperative sensing is an active area of research, the secureauthentication of local sensing reports remains unsolved, thus empowering false results. This paper presents a distributed protocol based on digital signatures and hash functions, and ananalysis of its security features. The system allows determining a final sensing decision from multiple sources in a quick and secure way.

Secure Dynamic MANET On-demand (SEDYMO) Routing Protocol

This paper describes the state of the art of secure ad hoc routing protocols and presents SEDYMO, a mechanism to secure a dynamic multihop ad hoc routing protocol. The proposed solution defeats internal and external attacks usinga trustworthiness model based on a distributed certification authority. Digital signatures and hash chains are used to ensure the correctness of the protocol. The protocol is compared with other alternatives in terms of security strength, energy efficiency and time delay. Both computational and transmission costs are considered and it is shown that the secure protocol overhead is not a critical factor compared to the high network interface cost.

Security in multicast communication

Multicast is one method to transfer information in IPv4 based communication. Other methods are unicast and broadcast. Multicast is based on the group concept where data is sent from one point to a group of receivers and this remarkably saves bandwidth. Group members express an interest to receive data by using Internet Group Management Protocol and traffic is received by only those receivers who want it. The most common multicast applications are media streaming applications, surveillance applications and data collection applications. There are many data security methods to protect unicast communication that is the most common transfer method in Internet. Popular data security methods are encryption, authentication, access control and firewalls. The characteristics of multicast such as dynamic membership cause that all these data security mechanisms can not be used to protect multicast traffic. Nowadays the protection of multicast traffic is possible via traffic restrictions where traffic is allowed to propagate only to certain areas. One way to implement this is packet filters. Methods tested in this thesis are MVR, IGMP Filtering and access control lists which worked as supposed. These methods restrict the propagation of multicast but are laborious to configure in a large scale. There are also a few manufacturerspecific products that make possible to encrypt multicast traffic. These separate products are expensive and mainly intended to protect video transmissions via satellite. Investigation of multicast security has taken place for several years and the security methods that will be the results of the investigation are getting ready. An IETF working group called MSEC is standardizing these security methods. The target of this working group is to standardize data security protocols for multicast during 2004.

A Forwarding Cooperation Protocol for Plain and Cluster-based Ad Hoc Networks

Peer-reviewed

Studies,Design and Development of Network Security Enhancement Services Using Novel Cryptographic Algorithms

Internet today has become a vital part of day to day life, owing to the revolutionary changes it has brought about in various fields. Dependence on the Internet as an information highway and knowledge bank is exponentially increasing so that a going back is beyond imagination. Transfer of critical information is also being carried out through the Internet. This widespread use of the Internet coupled with the tremendous growth in e-commerce and m-commerce has created a vital need for infonnation security.Internet has also become an active field of crackers and intruders. The whole development in this area can become null and void if fool-proof security of the data is not ensured without a chance of being adulterated. It is, hence a challenge before the professional community to develop systems to ensure security of the data sent through the Internet.Stream ciphers, hash functions and message authentication codes play vital roles in providing security services like confidentiality, integrity and authentication of the data sent through the Internet. There are several ·such popular and dependable techniques, which have been in use widely, for quite a long time. This long term exposure makes them vulnerable to successful or near successful attempts for attacks. Hence it is the need of the hour to develop new algorithms with better security.Hence studies were conducted on various types of algorithms being used in this area. Focus was given to identify the properties imparting security at this stage. By making use of a perception derived from these studies, new algorithms were designed. Performances of these algorithms were then studied followed by necessary modifications to yield an improved system consisting of a new stream cipher algorithm MAJE4, a new hash code JERIM- 320 and a new message authentication code MACJER-320. Detailed analysis and comparison with the existing popular schemes were also carried out to establish the security levels.The Secure Socket Layer (SSL) I Transport Layer Security (TLS) protocol is one of the most widely used security protocols in Internet. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL I TLS. But recent attacks on RC4 and HMAC have raised questions about the reliability of these algorithms. Hence MAJE4 and MACJER-320 have been proposed as substitutes for them. Detailed studies on the performance of these new algorithms were carried out; it has been observed that they are dependable alternatives.