Security in Distributed and Networking Systems

The following sections are included:

• Contents

• Preface

• Editors

The TCP/IP suite has many design weaknesses so far as security and privacy are concerned. Some of these are protocol design weaknesses per se, whereas the rest are defects in the software that implements the protocols. In this paper, we describe these issues from a practical perspective.

This chapter pinpoints two trends of potentially unwanted technologies (PUTs) in Internet, one is the spam e-mails that are delivered in massive volume, and the other is the spyware that often penetrated the client desktops without user's consent. Practical solutions are discussed and research issues are summarized for extensive study.

This chapter presents an overview of the Secure Real-time Transport Protocol (SRTP). SRTP is an extension to the popular Real-Time Protocol (RTP), that is used for streaming multimedia data over the Internet. SRTP is thus part of a suite of protocols required for Internet multimedia applications. SRTP introduces the necessary security services, including data confidentiality, message authentication, and replay protection, to securely transmit multimedia content across the Internet. SRTP has limited packet expansion (hence efficient), is cryptographically extensible, and uses a single master key supplied by an external key management protocol. A key derivation function then derives specific session keys for encryption and authentication, from this single master key. This facet reduces the burden and complexity of the key management protocol. This document introduces these protocols, their relationship with other Internet protocols, their position in the network stack, and presents the security services provided by SRTP. Although the discussion is generalized in terms of multimedia content, SRTP is especially relevant for security in Voice Over IP (VoIP) applications.

Cover-free families are combinatorial objects that have been used in diverse applications such as information theory, communications, group testing, cryptography and information security. In this paper, we survey some mathematical results on cover-free families and present several interesting applications to topics in secure networks and distributed systems.

Many applications need to support multi-privileged group communications, which contain multiple data streams. Group users can subscribe to different data streams according to their interest and have multiple access privileges. In this paper, we first introduce some existing rekeying schemes for multi-privileged group communications and analyze their advantages and disadvantages. Then we propose an ID-based Hierarchical Key Graph Scheme (IDHKGS) to manage multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus this scheme can greatly reduce the rekeying overhead.

Service grid is a widely distributed environment, where service deployers and containers might locate in different autonomous domains. Different from traditional scenarios like J2EE applications, in service grids, the access control policy should not be determined by a deployer or a container only. Existing grid deployment solutions do not address this unique requirement. We introduce a general approach, CROWN.ST, an access control policy negotiation solution on remote hot-deployment for grid services. Based on an access control policy language derived from non-recursive stratified Datalog with constraints, we design the negotiation procedure and three types of meta-policies. We implement a CROWN.ST prototype and evaluate our design through comprehensive experiments.

Radio Frequency Identification (RFID) systems can uniquely identify objects, and have many applications. However, security issues pose significant challenges on these systems due to computational and communicational limitation of low cost RFID tags. This motivates us to provide a discussion on security issues in RFID systems with solutions and enhancements in this article.

In this Chapter, we analyze performance of the 802.15.4 cluster in beacon enabled mode under the presence of key exchange protocol. We assume that all nodes are applying power management technique based on the constant event sensing reliability required by the coordinator. Power management generates random sleep times by every node which in average fairly distributes the sensing load among the nodes. Key exchange is initiated by cluster coordinator after some given number of sensing packets have been received by the coordinator. We develop analytical model of key exchange integrated into the cluster's sensing function and evaluate the impact of frequency of key exchange on the cluster's energy consumption.

In this chapter we present statistical and spectral analysis techniques to identify the type of wireless network interface cards (NIC) being used on a network. This mechanism can be applied to support the detection of unauthorized systems that use NICs that are different from that of a legitimate system. We focus on active scanning, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream that are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that one can distinguish between NICs manufactured by different vendors by using the spectral profile.

In this chapter, we will analyze the time synchronization protocols in wireless sensor networks. Especially, we will discuss the potential network attacks in the time synchronization protocols, and some efficient countermeasures.

Establishing pairwise symmetric keys is a critical resource management issue in wireless sensor networks. Usually deployed in a hostile environment where malicious users or adversaries are bound to exist, wireless sensors are subject to a general attack model—a sensor node can be captured, re-programmed, and consequently exhibit arbitrary faulty behaviors. Thus, sensor key management is a challenging research issue, attracting a high level of interests in recent years. In general, a key management system works by first pre-allocating some keys to each sensor before deployment. After deployment, neighboring sensors can undergo a discovery process to set up shared keys for secure communications. An efficient key management scheme has to work under severe system constraints including limited memory storage and communication overhead in each sensor. In this chapter we provide a detailed survey of state-of-the-art sensor key management techniques that have demonstrated a high degree of effectiveness.

Current network programming protocols for sensor networks, like Deluge, allow an attacker to gain control of the network or disrupt its proper functionality by disseminating malicious code and reprogramming the nodes. In this chapter we show how one can secure these protocols by adding source authentication to ensure that the program image originates from the base station. To do this efficiently, we use a scheme that offers source authentication in the group setting like a public–key signature scheme, but with signature and verification times much closer to those of a MAC. Then we show how this scheme can be applied to existing network programming schemes. Our implementation on the Mica2 platform shows that this solution imposes only a minimal computation and communication overhead to the existing cost of network programming and uses memory recourses efficiently, making it practical for use in sensor networks.

In this chapter, we introduce two full functional identity-based authentication and key exchange (IDAKE) schemes for mobile ad hoc networks (MANETs). These are the first complete ID-based security solutions for MANETs that address the problems of key escrow and choosing suitable identity and public key formats, and introduce secure algorithms for system set up, initial key generation and distribution, pre-authentication among nodes, authenticated session key computations, key renewal and key revocation. Previous schemes only provided partial solutions and some issues have never been discussed in the context of MANETs before. We utilize some special features of IBC schemes, such as pre-shared secret keys from pairings and other efficient key management properties to design IDAKE schemes that meet the special constraints and requirements of MANETs. The schemes bootstrap the security in MANETs and enable the use of authentication, key exchange, and other security protocols in a variety of applications. We present a basic IDAKE scheme for MANETs in which a trusted third party (TTP) initializes all nodes before they join the network and a fully self-organized IDAKE scheme for MANETs that does not require any central TTP. Finally, we provide a security and performance discussion of the presented schemes.

A novel key distribution scheme with time-limited node revocation is proposed for secure group communications in wireless sensor networks. The salient security properties offered in the proposed scheme includes seal-healing re-keying message distribution, which features periodic one-way re-keying with efficient tolerance for the lost re-keying messages; and the time-limited dynamic node attachment and detachment, in which the forward and backward secrecy is assured by the hash binary tree. The performance analysis shows that both communication and computation overhead is light-weight. The simulation results also demonstrate the robust performance under poor communication channel quality and frequently dynamic group node topology changes.

Efficient authentication is one of important security requirements in mobile ad hoc network (MANET) routing systems. The techniques of digital signatures are generally considered as the best candidates to achieve strong authentication. However, using normal digital signature schemes is too costly to MANET due to the computation overheads. Considering the feasibility of incorporating digital signatures in MANET, we incorporate the notion of online/offline signatures, where the computational overhead is shifted to the offline phase. However, due to the diversity of different routing protocols, a universal scheme that suits all MANET routing systems does not exist in the literature. Notably, an authentication scheme for the AODV routing is believed to be not suitable to the DSR routing. In this paper, we first introduce an efficient ID-based online/offline scheme for authentication in AODV and then provide a formal transformation to convert the scheme to an ID-based online/offline multisignature scheme. Our scheme is unique, in the sense that a single ID-based online/offline signature scheme can be applied to both AODV and DSR routing protocols. We provide the generic construction as well as the concrete schemes to show an instantiation of the generic transformation. We also provide security proofs for our schemes based on the random oracle model. Finally, we provide an application of our schemes in the dynamic source routing protocol.

Over the last years, wireless local area networks (WLANs) have experienced a tremendous growth, becoming an integral part of enterprises, homes and other businesses. One of the most important issues in the development of WLANs is providing a secure communication. Because of the broadcast nature of the wireless communication, it becomes easy for an attacker to intercept the signal or to disturb the normal operation of the network. Although the early versions of WLANs were not designed for security, standards and methods are emerging for securing WLANs. In this chapter, we study the security aspects of WLANs. We start with an overview of WLAN technology and a discussion of security services and challenges in WLANs. We continue with an overview of the main WLANs security attacks, followed by a discussion of alternative security mechanisms that can be used to protect WLANs.

Authentication, authorization and accounting (AAA) are crucial functions for service provisioning over wireless access networks. AAA protocols are used to transport subscriber's security credentials over IP-based access networks to the authentication server in the subscriber's home network to verify his/her identity and to authorize access to particular services. This chapter surveys AAA protocols and highlights their importance in securing heterogeneous wireless networks. Security challenges and solutions in IEEE 802.11 WLANs and UMTS 3G networks are presented. Additionally, challenges and solutions to realize AAA in a heterogeneous wireless networks like 3G-WLAN interworking systems are discussed.

Designing secure and efficient authentication protocols for cellular communication systems is a challenging undertaking due to the unique characteristics of wireless communications. In this chapter, we survey a wide array of authentication protocols in 2G and 3G wireless cellular networks. Through detailed analysis and comparison, we shall have a comprehensive view on different authentication protocols, including assumptions, procedures, security properties, vulnerabilities, possible attacks and solutions.