Biblio

Wireless security is confronted with the complexity of the secret key distribution process, which is difficult to implement on an Ad Hoc network without a key management infrastructure. The symmetric key extraction mechanism from a response channel in a wireless environment is a very promising alternative solution with the simplicity of the key distribution process. Various mechanisms have been proposed for extracting the symmetric key, but many mechanisms produce low rates of the symmetric key due to the high bit differences that occur. This led to the fact that the reconciliation phase was unable to make corrections, as a result of which many key bits were lost, and the time required to obtain a symmetric key was increased. In this paper, we propose the use of an interval approach that divides the response channel into segments at specific intervals to reduce the key bit difference and increase the key rates. The results of tests conducted in the wireless environment show that the use of these mechanisms can increase the rate of the keys up to 35% compared to existing mechanisms.

Operating system (OS) classification is of growing importance to network administrators and cybersecurity analysts alike. The composition of OSs on a network allows for a better quality of device management to be achieved. Additionally, it can be used to identify devices that pose a security risk to the network. However, the sheer number and diversity of OSs that comprise modern networks have vastly increased this management complexity. We leverage insights from social networking theory to provide an encryption-invariant OS classification technique that is quick to train and widely deployable on various network configurations. In particular, we show how an affiliation graph can be used as an input to a machine learning classifier to predict the OS of a device using only the IP addresses for which the device communicates with.We examine the effectiveness of our approach through an empirical analysis of 498 devices on a university campus’ wireless network. In particular, we show our methodology can classify different OS families (i.e., Apple, Windows, and Android OSs) with an accuracy of 99.3%. Furthermore, we extend this study by: 1) examining distinct OSs (e.g., iOS, OS X, and Windows 10); 2) investigating the interval of time required to make an accurate prediction; and, 3) determining the effectiveness of our approach after six months.

As networks continue to grow in complexity using wired and wireless technologies, efficient testing solutions should accommodate such changes and growth. Network simulators provide a network-independent environment to provide different types of network testing. This paper is motivated by the observation that, in many cases in the literature, the success of developed network protocols is very sensitive to the initial conditions and assumptions of the testing scenarios. Network services are deployed in complex environments; results of testing and simulation can vary from one environment to another and sometimes in the same environment at different times. Our goal is to propose mutation-based integration testing that can be deployed with network protocols and serve as Built-in Tests (BiT).This paper proposes an integrated mutation testing framework to achieve systematic test cases' generation for different scenario types. Scenario description and variables' setting should be consistent with the protocol specification and the simulation environment. We focused on creating test cases for critical scenarios rather than preliminary or simplified scenarios. This will help users to report confident simulation results and provide credible protocol analysis. The criticality is defined as a combination of network performance metrics and critical functions' coverage. The proposed solution is experimentally proved to obtain accurate evaluation results with less testing effort by generating high-quality testing scenarios. Generated test scenarios will serve as BiTs for the network simulator. The quality of the test scenarios is evaluated from three perspectives: (i) code coverage, (ii) mutation score and (iii) testing effort. In this work, we implemented the testing framework in NS2, but it can be extended to any other simulation environment.

We address energy-efficient placement of data and analytics components of composite analytics services on a wireless network to minimize execution-time energy consumption (computation and communication) subject to compute, storage and network resource constraints. We introduce an expressive analytics service hypergraph model for representing k-ary composability relationships (k ≥ 2) between various analytics and data components and leverage binary quadratic programming (BQP) to minimize the total energy consumption of a given placement of the analytics hypergraph nodes on the network subject to resource availability constraints. Then, after defining a potential energy functional Φ(·) to model the affinities of analytics components and network resources using analogs of attractive and repulsive forces in physics, we propose a decentralized Metropolis Monte Carlo (MMC) sampling method which seeks to minimize Φ by moving analytics and data on the network. Although Φ is non-convex, using a potential game formulation, we identify conditions under which the algorithm provably converges to a local minimum energy equilibrium placement configuration. Trace-based simulations of the placement of a deep-neural-network analytics service on a realistic wireless network show that for smaller problem instances our MMC algorithm yields placements with total energy within a small factor of BQP and more balanced workload distributions; for larger problems, it yields low-energy configurations while the BQP approach fails.

The usage of wireless devices is increased from last decade due to its reliable, fast and easy transfer of data. Ensuring the security to these networks is a crucial thing. There are several types of network attacks, in this paper, DDoS attacks on networks and techniques, consequences, effects and prevention methods are focused on. The DDoS attack is carried out by multiple attackers on a system which floods the system with a greater number of incoming requests to the system. The destination system cannot immediately respond to the huge requests, due to this server crashes or halts. To detect, or to avoid such scenarios Intrusion prevention system is designed. The IPS block the network attacker at its first hop and thus reduce the malicious traffic near its source. Intrusion detection system prevents the attack without the prior knowledge of the attacker. The attack is detected at the router side and path is changed to transfer the files. The proposed model is designed to obtain the dynamic path for efficient transmission in wireless neworks.

The security of wireless network devices has received widespread attention, but most existing schemes cannot achieve fine-grained device identification. In practice, the security vulnerabilities of a device are heavily depending on its model and firmware version. Motivated by this issue, we propose a universal, extensible and device-independent framework called SCAFFISD, which can provide fine-grained identification of wireless routers. It can generate access rules to extract effective information from the router admin page automatically and perform quick scans for known device vulnerabilities. Meanwhile, SCAFFISD can identify rogue access points (APs) in combination with existing detection methods, with the purpose of performing a comprehensive security assessment of wireless networks. We implement the prototype of SCAFFISD and verify its effectiveness through security scans of actual products.

Network security policies contain requirements - including system and software features as well as expected and desired actions of human actors. In this paper, we present a framework for evaluation of textual network security policies as requirements documents to identify areas for improvement. Specifically, our framework concentrates on completeness. We use topic modeling coupled with expert evaluation to learn the complete list of important topics that should be addressed in a network security policy. Using these topics as a checklist, we evaluate (students) a collection of network security policies for completeness, i.e., the level of presence of these topics in the text. We developed three methods for topic recognition to identify missing or poorly addressed topics. We examine network security policies and report the results of our analysis: preliminary success of our approach.

Over the past decade, distributed CSMA, which forms the basis for WiFi, has been deployed ubiquitously to provide seamless and high-speed mobile internet access. However, distributed CSMA might not be ideal for future IoT/M2M applications, where the density of connected devices/sensors/controllers is expected to be orders of magnitude higher than that in present wireless networks. In such high-density networks, the overhead associated with completely distributed MAC protocols will become a bottleneck. Moreover, IoT communications are likely to have strict QoS requirements, for which the `best-effort' scheduling by present WiFi networks may be unsuitable. This calls for a clean-slate redesign of the wireless MAC taking into account the requirements for future IoT/M2M networks. In this paper, we propose a reservation-based (for minimal overhead) wireless MAC designed specifically with IoT/M2M applications in mind.

Wireless networks are very significant in the present world owing to their widespread use and its application in domains like disaster management, smart cities, IoT etc. A wireless network is made up of a group of wireless nodes that communicate with each other without using any formal infrastructure. The topology of the wireless network is not fixed and it can vary. The huge increase in the number of wireless devices is a challenge owing to the limited availability of wireless spectrum. Opportunistic spectrum access by Cognitive radio enables the efficient usage of limited spectrum resources. The unused channels assigned to the primary users may go waste in idle time. Cognitive radio systems will sense the unused channel space and assigns it temporarily for secondary users. This paper discusses about the recent trends in the two most important aspects of Cognitive radio namely spectrum sensing and security.

MANETs are wireless networks, providing properties such as self-configuration, mobility, and flexibility to the network, which make them a popular and widely used technique. As the usage and popularity of the networks increases, security becomes the most important factor to be concerned. For the sake of security, several protocols and methodologies have been developed for the networks. Along with the increase in security mechanisms, the number of attacks and attackers also increases and hence the threat to the network and secure communication within it increases as well. Some of the attacks have been resolved by the proposed methodologies but some are still a severe threat to the framework, one such attack is Black Hole Attack. The proposed work integrates the SUPERMAN (Security Using Pre-Existing Routing for Mobile Ad-hoc Networks) framework with appropriate methodology to detect and prevent the network from the Black Hole Attack. The mechanism is based on the AODV (Ad-hoc On-demand Distance Vector) routing protocol. In the methodology, the source node uses two network routes, from the source to the destination, one for sending the data packet and another for observing the intermediate nodes of the initial route. If any node is found to be a Black Hole node, then the route is dropped and the node is added to the Black Hole list and a new route to send the data packet to the destination is discovered.

In the communication model of wired and wireless Adhoc networks, the most needed requirement is the integration of security. Mobile Adhoc networks are more aroused with the attacks compared to the wired environment. Subsequently, the characteristics of Mobile Adhoc networks are also influenced by the vulnerability. The pre-existing unfolding solutions are been obtained for infrastructure-less networks. However, these solutions are not always necessarily suitable for wireless networks. Further, the framework of wireless Adhoc networks has uncommon vulnerabilities and due to this behavior it is not protected by the same solutions, therefore the detection mechanism of intrusion is combinedly used to protect the Manets. Several intrusion detection techniques that have been developed for a fixed wired network cannot be applied in this new environment. Furthermore, The issue of intensity in terms of energy is of a major kind due to which the life of the working battery is very limited. The objective this research work is to detect the Anomalous behavior of nodes in Manet's and Experimental analysis is done by making use of Network Simulator-2 to do the comparative analysis for the existing algorithm, we enhanced the previous algorithm in order to improve the Energy efficiency and results shown the improvement of energy of battery life and Throughput is checked with respect to simulation of test case analysis. In this paper, the proposed algorithm is compared with the existing approach.

Bluetooth technologies have widespread applications in personal area networks, device-to-device communications and forming ad hoc networks. Studying Bluetooth devices security is a challenging task as they lack support for monitor mode available with other wireless networks (e.g. 802.11 WiFi). In addition, the frequency-hoping spread spectrum technique used in its operation necessitates special hardware and software to study its operation. This investigation examines methods for analyzing Bluetooth devices' security and presents a proof-of-concept DoS attack on the Link Manager Protocol (LMP) layer using the InternalBlue framework. Through this study, we demonstrate a method to study Bluetooth device security using existing tools without requiring specialized hardware. Consequently, the methods proposed in the paper can be used to study Bluetooth security in many applications.

In recent years, integration of Passive Optical Net-work(PON) and WiMAX (Worldwide Interoperability Microwave Access Network) network is attracting huge interest among many researchers. The continuous demand for large bandwidths with wider coverage area are the key drivers to this technology. This integration has led to high speed and cost efficient solution for internet accessibility. This paper investigates the issues related to traffic grooming, routing and resource allocation in the hybrid networks. The Elastic Optical Network forms Backbone and is integrated with WiMAX. In this novel approach, traffic grooming is carried out using light trail technique to minimize the bandwidth blocking ratio and also reduce the network resource consumption. The simulation is performed on different network topologies, where in the traffic is routed through three modes namely the pure Wireless Network, the Wireless-Optical/Optical-Wireless Network, the pure Optical Network keeping the network congestion in mind. The results confirm reduction in bandwidth blocking ratio in all the given networks coupled with minimum network resource utilization.

In this paper, we investigate the local secure connectivity in terms of the probability of existing a secure wireless connection between two legitimate users and the isolated security probability of a legitimate user in stochastic wireless networks. Specifically, the closed-form expressions of the probability that there is a secure wireless communication between two legitimate users are derived first. Then, based on these equations, the corresponding isolated secure probability are given. The characteristics of local secure connectivity are examined in four scenarios combined from two wireless channel conditions (deterministic/Rayleigh fading) and two eavesdropper configurations (non-colluding/colluding). All the derived mathematical equations are validated by the Monte-Carlo simulation. The obtained numerical results in this paper reveal some interesting features of the impact of eavesdropper collusion, wireless channel fading, and density ratio on the secure connection probability and the isolated security probability of legitimate user in stochastic networks.

Location privacy is one of most frequently discussed terms in the mobile devices security breaches and data leaks. With the expected growth of the number of IoT devices, which is 20 billions by 2020., location privacy issues will be further brought to focus. In this paper we give an overview of location privacy implications in wireless networks, mainly focusing on user's Preferred Network List (list of previously used WiFi Access Points) contained within WiFi Probe Request packets. We will showcase the existing work and suggest interesting topics for future work. A chronological overview of sensitive location data we collected on a musical festival in years 2014, 2015, 2017 and 2018 is provided. We conclude that using passive WiFi monitoring scans produces different results through years, with a significant increase in the usage of a more secure Broadcast Probe Request packets and MAC address randomizations by the smartphone operating systems.

Modern Internet of Things networks are often proprietary, although based on open standards, or are built on the basis of conventional Wi-Fi network, which does not allow the use of energy-saving modes and limits the range of solutions used. The paper is devoted to the study and comparison of two solutions based on Wi-Fi and Bluetooth with the functions of a self-organizing network and switching between transmission channels. The power consumption in relation to specific actions and volumes of transmitted data is investigated; a conclusion is drawn on the conditions for the application of a particular technology.

Point of Sale (POS) systems has become the technology of choice for most businesses and offering number of advantages over traditional cash registers. They manage staffs, customers, transaction, inventory, sale and labor reporting, price adjustment, as well as keeping track of cash flow, expense management, reducing human errors and more. Whether traditional on-premise POS, or Cloud-Bases POS, they help businesses to run more efficiently. However, despite all these advantages, POS systems are becoming targets of a number of cyber-attacks. Security of a POS system is a key requirement of the Payment Card Industry Data Security Standard (PCI DSS). This paper undertakes research into the PCI DSS and its accompanying standards, in an attempt to break or bypass security measures using varying degrees of vulnerability and penetration attacks in a methodological format. The resounding goal of this experimentation is to achieve a basis from which attacks can be made against a realistic networking environment from whence an intruder can bypass security measures thus exposing a vulnerability in the PCI DSS and potentially exposing confidential customer payment information.

The fifth-generation and beyond mobile networks should support extremely high and diversified requirements from a wide variety of emerging applications. It is envisioned that more advanced radio transmission, resource allocation, and networking techniques are required to be developed. Fulfilling these tasks is challenging since network infrastructure becomes increasingly complicated and heterogeneous. One promising solution is to leverage the great potential of Artificial Intelligence (AI) technology, which has been explored to provide solutions ranging from channel prediction to autonomous network management, as well as network security. As of today, however, the state of the art of integrating AI into wireless networks is mainly limited to use a dedicated AI algorithm to tackle a specific problem. A unified framework that can make full use of AI capability to solve a wide variety of network problems is still an open issue. Hence, this paper will present the concept of intelligence slicing where an AI module is instantiated and deployed on demand. Intelligence slices are applied to conduct different intelligent tasks with the flexibility of accommodating arbitrary AI algorithms. Two example slices, i.e., neural network based channel prediction and anomaly detection based industrial network security, are illustrated to demonstrate this framework.

This paper investigates the physical layer (PHY-layer) authentication that exploits channel state information (CSI) to enhance multiple-input multiple-output orthogonal frequency division multiplexing (MIMO-OFDM) system security by detecting spoofing attacks in wireless networks. A multi-user authentication system is proposed using convolutional neural networks (CNNs) which also can distinguish spoofers effectively. In addition, the mini batch scheme is used to train the neural networks and accelerate the training speed. Meanwhile, L1 regularization is adopted to prevent over-fitting and improve the authentication accuracy. The convolutional-neural-network-based (CNN-based) approach can authenticate legitimate users and detect attackers by CSIs with higher performances comparing to traditional hypothesis test based methods.

Wireless networks are currently proliferated by multiple tiers and heterogeneous networking equipment that aims to support multifarious services ranging from distant monitoring and control of wireless sensors to immersive virtual reality services. The vast collection of heterogeneous network equipment with divergent radio capabilities (e.g. multi-GHz operation) is vulnerable to wireless network attacks, raising questions on the service availability and coverage performance of future multi-tier wireless networks. In this paper, we study the impact of black hole attacks on service coverage of multi-tier heterogeneous wireless networks and derive closed form expressions when network nodes are unable to identify and avoid black hole nodes. Assuming access to multiple bands, the derived expressions can be readily used to assess the performance gains following from the employment of different association policies and the impact of black hole attacks in multi-tier wireless networks.

Mobile Ad hoc Networks (MANETs) are wireless networks that are void of fixed infrastructure as the communication between nodes are dependent on the liaison of each node in the network. The efficacy of MANET in critical scenarios like battlefield communications, natural disaster require new security strategies and policies to guarantee the integrity of nodes in the network. Due to the inherent frailty of MANETs, new security measures need to be developed to defend them. Intrusion Detection strategy used in wired networks are unbefitting for wireless networks due to reasons not limited to resource constraints of participating nodes and nature of communication. Nodes in MANET utilize multi hop communication to forward packets and this result in consumption of resources like battery and memory. The intruder or cheat nodes decide to cooperate or non-cooperate with other nodes. The cheat nodes reduce the overall effectiveness of network communications such as reduced packet delivery ratio and sometimes increase the congestion of the network by forwarding the packet to wrong destination and causing packets to take more times to reach the appropriate final destination. In this paper a decision tree based artificial immune system (AIS) strategy is utilized to detect such cheat nodes thereby improving the efficiency of packet delivery.

Lack of effective accountability mechanisms brings a series of security problems for Internet today. In Next Generation Internet based on IPv6, the system of identity authentication and IP verification is the key to accounting ability. Source Address Validation Improvement (SAVI) can protect IP source addresses from being faked. But without identity authentication mechanism and certain relationship between IP and accountable identity, the accountability is still unreliable. To solve this problem, most research focus on embedding accountable identity into IP address which need either changing DHCP client or twice DHCP request process due to the separate process of user authentication and address assignment. Different from previous research, this paper first analyzes the problems and requirements of combining Web Portal or 802.1X, two main identity authentication mechanism (AAA), with the accountable address assignment in SAVI frame-work. Then a novel Cooperative mechanism for Accountable IP address assignment (CAIP) is proposed based on 802.1X and SAVI, which takes into account the validation of IP address, the authenticity and accountability of identity at the same time. Finally, we build up prototype system for both Fat AP and Thin AP wireless scenarios and simulate the performance of CAIP through large-scale campus networks' data logs. The experiment result shows that the IP addresses and identities in CAIP are protective and accountable. Compared with other previous research, CAIP is not only transparent to the terminals and networks, but also low impact on network equipment, which makes CAIP easy deployment with high compatibility and low cost.

In order to improve the security of wireless network, an anomaly intrusion detection algorithm based on adaptive time-frequency feature decomposition is proposed. This paper analyzes the types and detection principles of wireless network intrusion detection, it adopts the information statistical analysis method to detect the network intrusion, constructs the traffic statistical analysis model of the network abnormal intrusion, and establishes the network intrusion signal model by combining the signal fitting method. The correlation matching filter is used to filter the network intrusion signal to improve the output signal-to-noise ratio (SNR), the time-frequency analysis method is used to extract the characteristic quantity of the network abnormal intrusion, and the adaptive correlation spectrum analysis method is used to realize the intrusion detection. The simulation results show that this method has high accuracy and strong anti-interference ability, and it can effectively guarantee the network security.

Aiming at the problem of node identification in wireless networks, a method of node identification based on deep learning is proposed, which starts with the tiny features of nodes in radiofrequency layer. Firstly, in order to cut down the computational complexity, Principal Component Analysis is used to reduce the dimension of node sample data. Secondly, a convolution neural network containing two hidden layers is designed to extract local features of the preprocessed data. Stochastic gradient descent method is used to optimize the parameters, and the Softmax Model is used to determine the output label. Finally, the effectiveness of the method is verified by experiments on practical wireless ad-hoc network.

With the development of wireless networks, the security of wireless systems is becoming more and more important. In this paper, a novel double layers constellations is proposed to protect the polarization modulation information from being acquired by the eavesdropper. Based on the double layers constellations, a constellations' optimization algorithm for achieving high power-efficiency is proposed. Based on this algorithm, 4,8,16-order double-layer constellations are designed. We use Monte Carlo simulation to test the security performance and symbol error rate performance of this constellations. The results show that the double layers constellations can effectively ensure communication security and the SER performance has superiority over the classic symmetrical constellations.