EWP 6: Security Protocols for Next-Generation Wireless Networks
Publications and Docs
Journal Papers
Conference Papers
Technical Reports
Presentations

Software
 Libmac
Libwsec (coming)

WINLAB Team
 Wade Trappe
Wenyuan Xu
Panduran Kamat
Kishore Ramchandran

Princeton Team
 Hisashi Kobayashi
Yannis Avramopoulos
Qiang Huang

The proposed testbed provides an ideal environment for exploring different security mechanisms for various wireless scenarios. This experimental work package will focus on two wireless environments for performing security experiments. First, we shall examine the problem of securing ad hoc networks, and develop a suite of secure routing protocols, authentication protocols, and tools for studying distributed denial of service (DDoS) attacks. Second, we will examine the task of providing confidentiality to multicast applications deployed on a UMTS 3G network. As part of the testbed development, we will create reusable software modules for use on both tiers of the testbed. The testbed will then be used to learn the shortcomings of different approaches, allowing us to improve our protocols, and ultimately validate a suite of protocols for trusted and assured services for future wireless networks.

  • Secure routing for ad hoc networks: Adversaries that capture network nodes may disrupt the network’s routing functionality. To prevent such attacks, secure routing protocols have been proposed, some of which are for ad hoc networks. We will investigate “Byzantine-robust” routing protocols for the ad hoc network environment. A second type of protocols we will investigate is “guaranteed delivery” flooding protocols that use message authentication codes (MACs). We plan to reduce the size of the authentication tag, design/implement a secure “topology discovery” protocol based on the MAC based protocols, and empirically validate these protocols.

  • Authentication in Ad hoc Networks: A critical hurdle that prevents the use of public key certificates for authentication in ad hoc networks is the computational complexity of digital signature algorithms. We propose to develop and evaluate a lightweight alternative to public key certificates for ad hoc networks that use delayed key disclosure, such as provided by TESLA.

  • Characterization and Prevention of DDoS attacks: Distributed denial-of-service (DDoS) attacks pose a significant threat to future wireless networks. A promising approach for identifying a DDoS attack in ad hoc networks is to use a statistical anomaly detection method based on a hidden semi-Markov model (HSMM).  We propose to develop a DDoS detection algorithm for wireless networks, and build an admission control strategy to defend against DDoS.

  • Securing Multicast Applications on Wireless Networks: Conventional multicast key management schemes are not well suited for 3G group applications since multicast networking functionality is not employed throughout the 3G network. Therefore, we propose to develop key management schemes for the broadcast-multicast service center that are optimized for deployment on the proposed 3G multicast architectures. Our approach will be based on prior experience with developing multicast key management schemes for cellular systems with full multicast functionality. All 3G experiments will be performed on the Field Trial Network.