Fig 2 - uploaded by Fabio Ricciato
Content may be subject to copyright.
Key mixing and data encryption in TKIP.  

Key mixing and data encryption in TKIP.  

Source publication
Article
Full-text available
Securing wireless networks poses unique research challenges. In this paper, we survey the state-of-the-art approaches to providing security for three popular wireless networking paradigms, namely, IEEE 802.11 based WLANs, third-generation cellular networks, and mobile ad hoc networks. We identify the security threats as well as examine the current...

Contexts in source publication

Context 1
... TKIP: Similar to WEP, TKIP also XORs the plain- text with a random keystream to obtain the ciphertext. How- ever, it derives the keystream in a way different from WEP, as shown in Fig. 2. TKIP uses a 128-bit temporal key (TK) and a 48-bit . is reset to 0 whenever TK is changed, then incremented by one after each transmission. The 48-bit length guarantees that s will not be reused with the same TK, as it takes 600+ years to exhaust the space even at 54 ...
Context 2
... shown in Fig. 2, TKIP uses a two-phase key mixing operation to derive the per-packet keystream, and each phase fixes one particular flaw in WEP. Phase 1 mixes TK with the first 4 bytes of and the sender's MAC address, and generates an intermediate key P1K. This prevents keystream reuse due to cross-station collision. Phase 2 takes input P1K with TK ...

Similar publications

Article
Full-text available
Technology and it's requirement comes in various ways, considering one of the aspect as the building tool to next level journey of security as Information Security, i.e. how it plays the role in making and controlling the decision system. Making a prejudice statement on the support system is lead to nest level of insecurity. But In this paper we tr...
Article
Full-text available
The rapid burst of Internet usage and the cor-responding growth of security risks and online attacks for the everyday user or enterprise employee have emerged the terms Awareness Creation and Information Security Culture. Nevertheless, security education has remained an academic issue mainly. Teaching system security or network security on the basi...
Conference Paper
Full-text available
Inspired by our earlier work on automatic repeat request (ARQ) secrecy, we propose a simple, yet efficient, security overlay protocol to existing 802.11 networks. Our work targets networks secured by the wired equivalent privacy (WEP) protocol because of its widespread use and vulnerability to a multitude of security threats. By exploiting the exis...
Preprint
Full-text available
Measuring the security of business processes of enterprises has become essential in the wake of different threat scenarios. During the last two decades, a lot of research has been done on metrics for the network security, software system security, attack severity, situation assessment, etc. In the process level, business impact analysis models and...
Article
Full-text available
This paper proposes a scheme for auditing the security of an IEC61850-based network based upon a novel security metric for intelligent electronic devices (IEDs). A detailed security analysis on an IEC61850 automated substation is peformed initially with a focus on the possible goals of the attacker. This is followed by the development of a scheme t...

Citations

... The MS involves message exchanges for authentication and reassociation with the chosen AP. There are generally two kinds of authentication approaches: open-system and shared-key authentication [26]. Open-system and shard-key authentication require two and four message exchanges, respectively. ...
Article
Full-text available
The latest mobile devices such as smartphone, laptop, and tablet PC have supported IEEE 802.11 interfaces for broadband wireless data services. To extend the coverage in medium or large-scale areas such as office buildings, airports, campuses, or convention center, multiple access points (APs) need to be deployed. When a mobile station (MS) moves an AP to another, it typically experiences a long delay time for reconnection and communications to an AP due to the four sequential phases such as detection, channel scanning, authentication and reassociation. Consequently, the traditional WLAN is not adequate for mobile multimedia services such as real-time video conferences, augmented reality (AR), virtual reality (VR), etc., especially, in a mobile environment where requires to deploy several APs. This paper proposes a new handoff scheme where the channel scanning is completely omitted by having active MSs hold the channel consistently which is acquired at an initial connection stage to an AP even when it moves to a neighboring AP. Each AP changes its own channel periodically in a predetermined order while providing the orthogonality between the channels of the neighboring APs to mitigate interference. Therefore, seamless mobility can be supported for multimedia services by eliminating link layer handoff in the IEEE 802.11 WLAN. Moreover, any IEEE 802.11-based mobile devices can roam seamlessly without any modification. In other words, the proposed scheme can maintain backward compatibility with the legacy DCF and only requires the modification of APs. By adopting the periodic channel switching scheme, additionally, the proposed scheme can uniformly distribute all the MSs over the entire channels. This distribution can also reduce collision probability by decreasing the number of competing MSs over the same channel. Performance evaluation shows that the proposed scheme can provide low handoff latency and enhance throughput performance due to the decrease of collision probability.
... Among the most common types of attacks in mobile networks are: unauthorized access; denial of service; channel jamming; eavesdropping; session hijacking; manin-the-middle attack; and message forgery [10][11][12] (Table 1). ...
Conference Paper
With the evolution and popularization of mobile communication systems, especially for access to data services, it becomes increasingly important to have a closer look at security systems. From analog systems to the fourth generation, many changes and evolutions occurred. This makes possible to question whether mobile networks have sufficiently secure systems, and what vulnerabilities we should be aware of. Due to the widespread risk of attacks on mobile communications, telecommunication companies are increasingly emphasizing telecommunication security technologies specifically in fourth generation (4G) technology, in order to ensure the main security functions to provide an efficient service to its customers.
... Therefore, ensuring security in CRN is critical issue for the wide deployment of CRNs [11]. All conventional network threats are applicable to CRN [12]–[14], however, security threats in CRN are mainly related to two fundamental characteristics: cognitive capability, and reconfigurability [15]. Threats related to the cognitive capability include attacks launched by adversaries mimicking PU behaviors, transmitting false report of spectrum sensing, and jamming channels for legitimate SUs and PUs during sensing and acting phases in cognitive cycle. ...
Article
Cognitive radio (CR) is regarded as an emerging technology, which equips wireless devices with the capability to adapt their operating parameters on the fly based on the radio environment, to utilize the scarce radio frequency (RF) spectrum in an efficient and opportunistic manner. However, due to the increasingly pervasive existence of smart wireless devices in cognitive radio network (CRN), CR systems are vulnerable to numerous security threats that affect the overall performance. There have been many significant advances on security threats and countermeasures in CRN in the past few years. Our main goal in this paper is to present the state-of-the-art research results and approaches proposed for CRN security to protect both unlicensed secondary users (SUs) and licensed primary users (PUs). Specifically, we present the recent advances on security threats/attacks and countermeasures in CRN focusing more on physical layer by categorizing them in terms of their types, their existence in CR cycle, network protocol layers (exploited during their activities and defense strategies), and game theoretic approaches. The recent important attacks and countermeasures in CRN are also summarized in form of tables. We also present recommendations that can be followed while implementing countermeasures to enhance CRN security. With this article, readers can have a more thorough understanding of CRN security attacks and countermeasures, and research trends in this area.
... The current technologies that are used to transmit, store and manipulate information are developed during each short period of time. The most challlenging of these classical devices is the possibility of communicating and exchanging information securely [1]. However, quantum techniques of manipulating information are developed in parallel to the classical ones and they are more secure than the classical technology [2]. ...
Article
Full-text available
A wireless quantum network is generated between multi-hop, where each hop consists of two entangled nodes. These nodes share a finite number of entangled two qubit systems randomly. Different types of wireless quantum bridges are generated between the non-connected nodes. The efficiency of these wireless quantum bridges to be used as quantum channels between its terminals to perform quantum teleportation is investigated. We suggest a theoretical wireless quantum communication protocol to teleport unknown quantum signals from one node to another, where the more powerful wireless quantum bridges are used as quantum channels. It is shown that, by increasing the efficiency of the sources which emit the initial partial entangled states, one can increase the efficiency of the wireless quantum communication protocol.
... Paper [22][34] presents an overview of Mobile WiMAX protocol layer and security scheme including with MITM attacks and DoS Service attacks. Solution: Focusing on MITM and DoS attacks, a Diffie- Hellman key exchange protocol based model (SINEP) has been proposed in [22]. ...
Conference Paper
Full-text available
IEEE 802.16 based WiMAX is an emerging wireless Internet technology. Salient features of WiMAX such as high speed internet facility over a long distance, quality of service, scalability, security, and mobility proves it better than Wi-Fi Internet access. Security is a vital requirement to prevent WiMAX network from the various attacks and to increase the reliability. This survey paper presents the threats associated with the layers in WiMAX along with possible solutions. The paper reviews the physical layer threats i.e. scrambling and jamming, MAC layer threats i.e. user authentication and data confidentiality, routing layer threats i.e. black-hole attack and other miscellaneous attacks e.g. Man-in-the-Middle (MITM), Denial of Service (DoS) and Bandwidth Spoofing. The paper observes that jamming attack and eavesdropping of management messages are the most destructive attacks for WiMAX network.
... WiMAX security issues and solutions have been discussed by many of the researchers in the past. Problems of 802.16d and the analysis of WiMAX security [22][23] [34], Security issues and solutions for both PMP and mesh networks [24]. This section has categorized these researcher papers based on the nature of attacks and presents a comprehensive review with solutions. ...
Conference Paper
Full-text available
Since last few years, users have been paying significant attention and interest towards the WiMAX Internet technology because of the salient features i.e. Higher data rate, broad coverage, quality of service (QoS), scalability, security, and mobility support to the subscribers. Mobile WiMAX (IEEE 802.16e) supports the handover process and mobility of subscriber stations. WiMAX network security is a vital requirement to increase the reliability and to prevent from the various attacks. Implementation of top level security is highly required to lessen the vulnerabilities. Jamming attack, scrambling attack and water-torture attack are among the most severe threats to the physical layer of mobile WiMAX. This paper presents a collaborative attack model based on the combination of scrambling and water-torture attacks. Analysis of the paper shows that the cooperation of two or more attacks/attackers may be more devastating for the network security.
... Therefore, ensuring security in CRN is critical issue for the wide deployment of CRNs [11]. All conventional network threats are applicable to CRN [12]- [14], however, security threats in CRN are mainly related to two fundamental characteristics: cognitive capability, and reconfigurability [15]. Threats related to the cognitive capability include attacks launched by adversaries mimicking PU behaviors, transmitting false report of spectrum sensing, and jamming channels for legitimate SUs and PUs during sensing and acting phases in cognitive cycle. ...
... In order to respond quickly and minimize service degradation, network operators require tools capable to promptly detect ''abnormal'' traffic conditions, i.e. anomalies. This is even more demanding in third-generation (3G) cellular networks, which are highly heterogeneous, complex and constantly evolving systems, and as such are exposed to unanticipated types of problems and threats [1][2][3]. Anomaly Detection (AD) in network traffic is a well-explored field, and several different techniques have been proposed (see e.g. [4,5] and references therein). ...
Article
Full-text available
We address the problem of detecting “anomalies” in the network traffic produced by a large population of end-users following a distribution-based change detection approach. In the considered scenario, different traffic variables are monitored at different levels of temporal aggregation (timescales), resulting in a grid of variable/timescale nodes. For every node, a set of per-user traffic counters is maintained and then summarized into histograms for every time bin, obtaining a timeseries of empirical (discrete) distributions for every variable/timescale node. Within this framework, we tackle the problem of designing a formal Distribution-based Change Detector (DCD) able to identify statistically-significant deviations from the past behavior of each individual timeseries. For the detection task we propose a novel methodology based on a Maximum Entropy (ME) modeling approach. Each empirical distribution (sample observation) is mapped to a set of ME model parameters, called “characteristic vector”, via closed-form Maximum Likelihood (ML) estimation. This allows to derive a detection rule based on a formal hypothesis test (Generalized Likelihood Ratio Test, GLRT) to measure the coherence of the current observation, i.e., its characteristic vector, to the given reference. The latter is dynamically identified taking into account the typical non-stationarity displayed by real network traffic. Numerical results on synthetic data demonstrates the robustness of our detector, while the evaluation on a labeled dataset from an operational 3G cellular network confirms the capability of the proposed method to identify real traffic anomalies.
... Among varied security attacks introduced in [2], we particularly target impersonating by physical node capture because such an attack enables attackers to compromise all the secrets, such as cryptographic keys, of captured nodes and spread malicious data out over the entire network with impersonating the captured nodes by the obtained keys. Thus, as several studies [2][3][4][5] have already noted, any security strategies to be proposed should be highly resource-efficient as well as provide the basic security requirements: confidentiality, protection of the content of a packet; authentication, corroboration of the source of a packet; and integrity, ensuring that the content of a packet is unchanged during transmission. ...
... Key Establishment. Every border node of cluster is given a series of pairs ⟨V, ⟩ for border node V of cluster after having received messages as (3). It can produce intercluster key V = ( , ) ( ⊕V) for each ⟨V, ⟩. ...
... The upper equation holds by the fact that one's key set has at least one common key with every other's key set if > , whereas the key sharing probability for ≤ is given as 1 or 2 by its probabilistic nature. For ≤ , we take that ( , ) = {(4, 5), (3,7), (2,13), (2,14)} to, respectively, offer 126, 120, 105, and 120 key combinations for storage efficiency in a 100-node cluster. The comparison of direct pairwising connectivity amongst ours, 2KP, LOCK, and LEAP+ has given our setting is resulted as in Figure 3. ...
Article
Full-text available
Key management in a large portion of ubiquitous sensor networks has been a challenge due to the limited capabilities of their wireless communicating and battery-powered sensors. Moreover, an attacker physically capturing even a few nodes hampers the entire network security by impersonating nodes to inject false data in an undetected manner. To efficiently protect from such impersonating by node capture, we propose a new dynamic key management framework particularly for large-scale clustered sensor networks. In the framework, different keying mechanisms, respectively, secure in-cluster, intercluster, and individual communication by refreshing keys on demand, while adaptively handling node addition and capture. Theoretic analysis and simulation results show that our proposed framework provides higher connectivity and security against impersonating than other existing studies do, for better trade-off with resource overheads.
... In this type of network, any node in the network may function as both a data source and a router that forward packets to other nodes. Packets from a source are typically forwarded via multiple wireless hops in order to reach its destination [1]. Since nodes in MANET are created without any fixed infrastructure, the cost of creating the network is cheaper. ...
Data
Full-text available
Mobile ad hoc networks (MANETs), which can be formed by groups of portable devices, cultivate new research trend in today's computing. MANET's unique features such as scalability, fault tolerant and autonomous system allowed the network to be setup with or without any trusted authority. These features make it suitable for many applications in military, commercial as well as in emergency and rescue operations. Research on MANET as a platform for supporting emergency and rescue operations has been studied by many researchers. During emergency situations, the needs of sharing the information among the rescuers are enormously vital. However, since this network is operated based on wireless environment, it is vulnerable to threats and intruders. Information flow in MANET can be intercepted and tampered and this raised a security issues in assured that information shared between nodes in emergency situation using MANET secure. Hence, a mechanism to ensure data privacy and security during emergency rescue mission is required. This paper proposed the secure access architecture that incorporate access control model, which aims to ensure data travel between groups of rescuers secure and preserved the data integrity.