Biblio

This paper proposes a Mobile IoT optimization method for Next-Generation networks by evaluating a series of named-based techniques implemented in Information-Centric Networking (ICN). The idea is based on the possibility to have a more suitable naming and forwarding mechanism to be implemented in IoT. The main advantage of the method is in achieving a higher success packet rate and data rate by following the proposed technique even when the device is mobile / roaming around. The proposed technique is utilizing a root prefix naming which allows faster process and dynamic increase for content waiting time in Pending Interest Table (PIT). To test the idea, a simulation is carried out by mimicking how IoT can be implemented, especially in smart cities, where a user can also travel and not be static. Results show that the proposed technique can achieve up to a 13% interest success rate and an 18.7% data rate increase compared to the well-known implementation algorithms. The findings allow for possible further cooperation of data security factors and ensuring energy reduction through leveraging more processes at the edge node.

As a large number of sensor nodes as well as limited resources such as energy, memory, computing power, as well as bandwidth. Lossy linkages connect these nodes together. In early 2008,IETF working group looked into using current routing protocols for LLNs. Routing Over minimum power and Lossy networksROLL standardizes an IPv6 routing solution for LLNs because of the importance of LLNs in IoT.IPv6 Routing Protocol is based on the 6LoWPAN standard. RPL has matured significantly. The research community is becoming increasingly interested in it. The topology of RPL can be built in a variety of ways. It creates a topology in advance. Due to the lack of a complete review of RPL, in this paper a mobility management framework has been proposed along with experimental evaluation by applying parameters likePacket Delivery Ratio, throughput, end to end delay, consumed energy on the basis of the various parameters and its analysis done accurately. Finally, this paper can help academics better understand the RPL and engage in future research projects to improve it.

Mobile devices have been widely used to deploy security-sensitive applications such as mobile payments, mobile offices etc. SM2 digital signature technology is critical in these applications to provide the protection including identity authentication, data integrity, action non-repudiation. Since mobile devices are prone to being stolen or lost, several server-aided SM2 cooperative signature schemes have been proposed for the mobile scenario. However, existing solutions could not well fit the high-concurrency scenario which needs lightweight computation and communication complexity, especially for the server sides. In this paper, we propose a SM2 cooperative signature algorithm (SM2-CSA) for the high-concurrency scenario, which involves only one-time client-server interaction and one elliptic curve addition operation on the server side in the signing procedure. Theoretical analysis and practical tests shows that SM2-CSA can provide better computation and communication efficiency compared with existing schemes without compromising the security.

Internet of Things (IoT) is flourishing in several application areas, such as smart cities, smart factories, smart homes, smart healthcare, etc. With the adoption of IoT in critical scenarios, it is crucial to investigate its security aspects. All the layers of IoT are vulnerable to severely disruptive attacks. However, the attacks in IoT Network layer have a high impact on communication between the connected objects. Routing in most of the IoT networks is carried out by IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL). RPL-based IoT offers limited protection against routing attacks. A trust-based approach for routing security is suitable to be integrated with IoT systems due to the resource-constrained nature of devices. This research proposes a trust-based secure routing protocol to provide security against packet dropping attacks in RPL-based IoT networks. IoT networks are dynamic and consist of both static and mobile nodes. Hence the chosen trust metrics in the proposed method also include the mobility-based metrics for trust evaluation. The proposed solution is integrated into RPL as a modified objective function, and the results are compared with the default RPL objective function, MRHOF. The analysis and evaluation of the proposed protocol indicate its efficacy and adaptability in a mobile IoT environment.

Routing protocol running over low power and lossy networks (RPL) is currently one of the main routing protocols for the Internet of Things (IoT). This protocol has some vulnerabilities that can be exploited by attackers to change its behavior and deteriorate its performance. In the RPL rank attack, a malicious node announces a wrong rank, which leads the neighboring’s nodes to choose this node as a preferred parent. In this study, we used different metrics to assess RPL protocol in the presence of misbehaving nodes, namely the overhead, convergence time, energy consumption, preferred parent changes, and network lifetime. Our simulations results show that a mobile environment is more damaged by the rank attack than a static environment.

Named data network (NDN) is one of the most promising information-centric networking architectures, where the core concept is to focus on the named data (or contents) themselves. Users in NDN can easily send a request packet to get the desired content regardless of its address. The routers in NDN have cache functionality to make the users instantly retrieve the desired file. Thus, the user can immediately get the desired file from the nearby nodes instead of the remote host. Nevertheless, NDN is a novel proposal and there are still some open issues to be resolved. In view of previous research, it is a challenge to achieve access control on a specific user and support potential receivers simultaneously. In order to solve it, we present a fine-grained access control mechanism tailored for NDN, supporting data confidentiality, potential receivers, and mobility. Compared to previous works, this is the first to support fine-grained access control and potential receivers. Furthermore, the proposed scheme achieves provable security under the DBDH assumption.

Future networks require fast information response time, scalable content distribution, security and mobility. In order to enable future Internet many key enabling technologies have been proposed such as Edge computing (EC) and Named Data Networking (NDN). In EC substantial compute and storage resources are placed at the edge of the network, in close proximity to end users. Similarly, NDN provides an alternative to traditional host centric IP architecture which seems a perfect candidate for distributed computation. Although NDN with EC seems a promising approach for enabling future Internet, it can cause various challenges such as expiry time of the Pending Interest Table (PIT) and non-trivial computation of the edge node. In this paper we discuss the expiry time and non-trivial computation in NDN based EC. We argue that if NDN is integrated in EC, then the PIT expiry time will be affected in relation with the processing time on the edge node. Our analysis shows that integrating NDN in EC without considering PIT expiry time may result in the degradation of network performance in terms of Interest Satisfaction Rate.

The intense incursion of the Internet of Things (IoT) into all areas of modern life has led to a need for a more detailed study of these technologies and their mechanisms of work. It is necessary to study mechanisms in order to improve QoS, security, identifying shortest routes, mobility, etc. This paper proposes an enhanced simulation framework that implements an improved mechanism for prioritising traffic on 6LoWPAN networks and the realisation of micro-mobility.

Cloud computing has established itself as an alternative IT infrastructure and service model. However, as with all logically centralized resource and service provisioning infrastructures, cloud does not handle well local issues involving a large number of networked elements (IoTs) and it is not responsive enough for many applications that require immediate attention of a local controller. Fog computing preserves many benefits of cloud computing and it is also in a good position to address these local and performance issues because its resources and specific services are virtualized and located at the edge of the customer premise. However, data security is a critical challenge in fog computing especially when fog nodes and their data move frequently in its environment. This paper addresses the data protection and the performance issues by 1) proposing a Region-Based Trust-Aware (RBTA) model for trust translation among fog nodes of regions, 2) introducing a Fog-based Privacy-aware Role Based Access Control (FPRBAC) for access control at fog nodes, and 3) developing a mobility management service to handle changes of users and fog devices' locations. The implementation results demonstrate the feasibility and the efficiency of our proposed framework.

Mobility and multihoming have become the norm in Internet access, e.g. smartphones with Wi-Fi and LTE, and connected vehicles with LTE and DSRC links that change rapidly. Mobility creates challenges for active session continuity when provider-aggregatable locators are used, while multihoming brings opportunities for improving resiliency and allocative efficiency. This paper proposes a novel migration protocol, in the context of the eXpressive Internet Architecture (XIA), the XIA Migration Protocol. We compare it with Mobile IPv6, with respect to handoff latency and overhead, flow migration support, and defense against spoofing and replay of protocol messages. Handoff latencies of the XIA Migration Protocol and Mobile IPv6 Enhanced Route Optimization are comparable and neither protocol opens up avenues for spoofing or replay attacks. However, XIA requires no mobility anchor point to support client mobility while Mobile IPv6 always depends on a home agent. We show that XIA has significant advantage over IPv6 for multihomed hosts and networks in terms of resiliency, scalability, load balancing and allocative efficiency. IPv6 multihoming solutions either forgo scalability (BGP-based) or sacrifice resiliency (NAT-based), while XIA's fallback-based multihoming provides fault tolerance without a heavy-weight protocol. XIA also allows fine-grained incoming load-balancing and QoS-matching by supporting flow migration. Flow migration is not possible using Mobile IPv6 when a single IPv6 address is associated with multiple flows. From a protocol design and architectural perspective, the key enablers of these benefits are flow-level migration, XIA's DAG-based locators and self-certifying identifiers.

Identities are known as the most sensitive information. With the increasing number of connected objects and identities (a connected object may have one or many identities), the computing and communication capabilities improved to manage these connected devices and meet the needs of this progress. Therefore, new IoT Identity Management System (IDMS) requirements have been introduced. In this work, we suggest an IDMS approach to protect private information and ensures domain change in IoT for mobile clients using a personal authentication device. Firstly, we present basic concepts, existing requirements and limits of related works. We also propose new requirements and show our motivations. Next, we describe our proposal. Finally, we give our security approach validation, perspectives, and some concluding remarks.

The Internet of Things (IoT) will connect not only computers and mobile devices, but it will also interconnect smart buildings, houses, and cities, as well as electrical grids, gas plants, and water networks, automobiles, airplanes, etc. IoT will lead to the development of a wide range of advanced information services that are pervasive, cost-effective, and can be accessed from anywhere and at any time. However, due to the exponential number of interconnected devices, cyber-security in the IoT is a major challenge. It heavily relies on the digital identity concept to build security mechanisms such as authentication and authorization. Current centralized identity management systems are built around third party identity providers, which raise privacy concerns and present a single point of failure. In addition, IoT unconventional characteristics such as scalability, heterogeneity and mobility require new identity management systems to operate in distributed and trustless environments, and uniquely identify a particular device based on its intrinsic digital properties and its relation to its human owner. In order to deal with these challenges, we present a Blockchain-based Identity Framework for IoT (BIFIT). We show how to apply our BIFIT to IoT smart homes to achieve identity self-management by end users. In the context of smart home, the framework autonomously extracts appliances signatures and creates blockchain-based identifies for their appliance owners. It also correlates appliances signatures (low level identities) and owners identifies in order to use them in authentication credentials and to make sure that any IoT entity is behaving normally.

We discuss a key engineering challenge in implementing the Identifier- Locator Network Protocol (ILNP), as described in IRTF Experimental RFCs 6740–6748: enabling legacy applications that use the C sockets API. We have built the first two OS kernel implementations of ILNPv6 (ILNP as a superset of IPv6), in both the Linux OS kernel and the FreeBSD OS kernel. Our evaluation is in comparison with IPv6, in the context of a topical and challenging scenario: host mobility implemented as a purely end-to-end function. Our experiments show that ILNPv6 has excellent potential for deployment using existing IPv6 infrastructure, whilst offering the new properties and functionality of ILNP.

We propose a game theoretic framework for task allocation in mobile cloud computing that corresponds to offloading of compute tasks to a group of nearby mobile devices. Specifically, in our framework, a distributor node holds a multidimensional auction for allocating the tasks of a job among nearby mobile nodes based on their computational capabilities and also the cost of computation at these nodes, with the goal of reducing the overall job completion time. Our proposed auction also has the desired incentive compatibility property that ensures that mobile devices truthfully reveal their capabilities and costs and that those devices benefit from the task allocation. To deal with node mobility, we perform multiple auctions over adaptive time intervals. We develop a heuristic approach to dynamically find the best time intervals between auctions to minimize unnecessary auctions and the accompanying overheads. We evaluate our framework and methods using both real world and synthetic mobility traces. Our evaluation results show that our game theoretic framework improves the job completion time by a factor of 2-5 in comparison to the time taken for executing the job locally, while minimizing the number of auctions and the accompanying overheads. Our approach is also profitable for the nearby nodes that execute the distributor's tasks with these nodes receiving a compensation higher than their actual costs.

Ubiquitous WiFi infrastructure and smart phones offer a great opportunity to study physical activities. In this paper, we present MobiCamp, a large-scale testbed for studying mobility-related activities of residents on a campus. MobiCamp consists of \textasciitilde2,700 APs, \textasciitilde95,000 smart phones, and an App with \textasciitilde2,300 opt-in volunteer users. More specifically, we capture how mobile users interact with different types of buildings, with other users, and with classroom courses, etc. To achieve this goal, we first obtain a relatively complete coverage of the users' mobility traces by utilizing four types of information from SNMP and by relaxing the location granularity to roughly at the room level. Then the popular App provides user attributes (grade, gender, etc.) and fine-grained behavior information (phone usages, course timetables, etc.) of the sampled population. These detailed mobile data is then correlated with the mobility traces from the SNMP to estimate the entire campus population's physical activities. We use two applications to show the power of MobiCamp.

In this paper, we present an architecture and implementation of a secure, automated, proximity-based access control that we refer to as Context-Aware System to Secure Enterprise Content (CASSEC). Using the pervasive WiFi and Bluetooth wireless devices as components in our underlying positioning infrastructure, CASSEC addresses two proximity-based scenarios often encountered in enterprise environments: Separation of Duty and Absence of Other Users. The first scenario is achieved by using Bluetooth MAC addresses of nearby occupants as authentication tokens. The second scenario exploits the interference of WiFi received signal strength when an occupant crosses the line of sight (LOS). Regardless of the scenario, information about the occupancy of a particular location is periodically extracted to support continuous authentication. To the best of our knowledge, our approach is the first to incorporate WiFi signal interference caused by occupants as part of proximity-based access control system. Our results demonstrate that it is feasible to achieve great accuracy in localization of occupants in a monitored room.

As the number of devices that gain connectivity and join the category of smart-objects increases every year reaching unprecedented numbers, new challenges are imposed on our networks. While specialized solutions for certain use cases have been proposed, more flexible and scalable new approaches to networking will be required to deal with billions or trillions of smart objects connected to the Internet. With this paper, we take a step back looking at the set of basic problems that are posed by this group of devices. In order to develop an analysis on how these issues could be approached, we define which fundamental abstractions might help solving or at least reducing their impact on the network by offering support for fundamental matters such as mobility, group based delivery and support for distributed computing resources. Based on the concept of named-objects, we propose a set of solutions that network and show how this approach can address both scalability and functional requirements. Finally, we describe a comprehensive clean-slate network architecture (MobiityFirst) which attempts to realize the proposed capabilities.

The proposed MSN architecture is intended to directly address the challenge of mobility, which refers to the motion of users as well as the dynamics of the satellite constellation. A virtual access point layer consisting of fixed virtual satellite network attachment points is superimposed over the physical topology in order to hide the mobility of satellites from the mobile endpoints. Then the MSN enhances endpoint mobility by a clean separation of identity and logical network location through an identity-to-location resolution service, and taking full advantage of the user's geographical location information. Moreover, a SDN based implementation is presented to further illustrate the proposal.

The security of Android depends on the timely delivery of updates to fix critical vulnerabilities. In this paper we map the complex network of players in the Android ecosystem who must collaborate to provide updates, and determine that inaction by some manufacturers and network operators means many handsets are vulnerable to critical vulnerabilities. We define the FUM security metric to rank the performance of device manufacturers and network operators, based on their provision of updates and exposure to critical vulnerabilities. Using a corpus of 20 400 devices we show that there is significant variability in the timely delivery of security updates across different device manufacturers and network operators. This provides a comparison point for purchasers and regulators to determine which device manufacturers and network operators provide security updates and which do not. We find that on average 87.7% of Android devices are exposed to at least one of 11 known critical vulnerabilities and, across the ecosystem as a whole, assign a FUM security score of 2.87 out of 10. In our data, Nexus devices do considerably better than average with a score of 5.17; and LG is the best manufacturer with a score of 3.97.

Mobile ad-hoc networks are a new field in networking because it works as an autonomous network. Application of mobile ad-hoc networks are increasing day by day in recent year now a days. So it important is increasing to provide suitable routing protocol and security from attacker. Mobile ad-hoc network now a days faces many problems such as small bandwidth, energy, security, limited computational and high mobility. The main problem in mobile ad-hoc networks is that wireless networks, Infrastructure wireless networks have larger bandwidth, larger memory, power backup and different routing protocol easily applies. But in case of mobile ad-hoc networks some of these application failed due to mobility and small power backup so it is required such type of routing protocol which is take small energy during the transfer of packet. So we see that still there are many challenging works in mobile ad-hoc networks remained and to research in this area related to routing protocol, security issues, solving energy problem and many more which is feasible to it. Our research most probably will be dedicated to Authentication in mobile ad-hoc network.

Traffic from mobile wireless networks has been growing at a fast pace in recent years and is expected to surpass wired traffic very soon. Service providers face significant challenges at such scales including providing seamless mobility, efficient data delivery, security, and provisioning capacity at the wireless edge. In the Mobility First project, we have been exploring clean slate enhancements to the network protocols that can inherently provide support for at-scale mobility and trustworthiness in the Internet. An extensible data plane using pluggable compute-layer services is a key component of this architecture. We believe these extensions can be used to implement in-network services to enhance mobile end-user experience by either off-loading work and/or traffic from mobile devices, or by enabling en-route service-adaptation through context-awareness (e.g., Knowing contemporary access bandwidth). In this work we present details of the architectural support for in-network services within Mobility First, and propose protocol and service-API extensions to flexibly address these pluggable services from end-points. As a demonstrative example, we implement an in network service that does rate adaptation when delivering video streams to mobile devices that experience variable connection quality. We present details of our deployment and evaluation of the non-IP protocols along with compute-layer extensions on the GENI test bed, where we used a set of programmable nodes across 7 distributed sites to configure a Mobility First network with hosts, routers, and in-network compute services.

The paper presents a secure solution that provides VoIP service for mobile users, handling both pre-call and mid-call mobility. Pre-call mobility is implemented using a presence server that acts as a DNS for the moving users. Our approach also detects any change in the attachment point of the moving users and transmits it to the peer entity by in band signaling using socket communications. For true mid-call mobility we also employ buffering techniques that store packets for the duration of the signaling procedure. The solution was implemented for Android devices and it uses ASP technology for the server part.
 

Infrastructure-based Vehicular Networks can be applied in different social contexts, such as health care, transportation and entertainment. They can easily take advantage of the benefices provided by wireless mesh networks (WMNs) to mobility, since WMNs essentially support technological convergence and resilience, required for the effective operation of services and applications. However, infrastructure-based vehicular networks are prone to attacks such as ARP packets flooding that compromise mobility management and users' network access. Hence, this work proposes MIRF, a secure mobility scheme based on reputation and filtering to mitigate flooding attacks on mobility management. The efficiency of the MIRF scheme has been evaluated by simulations considering urban scenarios with and without attacks. Analyses show that it significantly improves the packet delivery ratio in scenarios with attacks, mitigating their intentional negative effects, as the reduction of malicious ARP requests. Furthermore, improvements have been observed in the number of handoffs on scenarios under attacks, being faster than scenarios without the scheme.