|
After the personal computing revolution, “pervasive” or “ubiquitous” computing is seen by many as the next great paradigm shift in the world of computing. The new paradigm envisages a world where many devices interact seamlessly in wired as well as wireless environments, and where information can be managed and accessed quickly, securely, efficiently and effortlessly anywhere, anytime.
Mobile networking brings two important benefits to its users: un-tethered communication and mobility. The convenience of un-tethered communication is obvious. From a user's perspective, mobility translates to an ability to be reachable in spite of movement across networks, as well as an ability to maintain existing communication during such movements. Ad hoc networking, on the other hand, refers to the spontaneous formation of a network of nodes without the help of any infrastructure, usually through wireless communication channels. In ad hoc networks, a basic data traffic routing infrastructure emerges through the collaboration of every node with its neighbours to forward packets towards chosen destinations. This routing infrastructure is highly dynamic not just because of node mobility but also because of a lack of guaranteed node connectivity.
There are certain security risks that are inherent in any wireless technology. Some of these risks are similar to those of wired networks, some are exacerbated by wireless connectivity, and others are entirely new.
One source of these risks is that with wireless networks the underlying communication medium, the airwave, is openly exposed to intruders. Providing security to mobile and ad hoc networks has however, proved to be extremely challenging due to the lack of infrastructure in these networks, and the dynamic and ephemeral character of the relationships among network nodes. The lack of infrastructure implies accountability is difficult to achieve as there is no central authority to prove the authenticity of other parties when a “trust” decision has to be made. The transient relationships that characterize such networks make it difficult to build trust based on direct reciprocity. In fact, such transient nature of the relationships provides incentives for various nodes to cheat.
In two recent papers, 2 Professor Robert H Deng of School of Information Systems together with co-authors tries to address the following two fundamental security issues:
Mutual entity authentication: A secure network must be able to ensure that it is communicating with a genuine mobile node; otherwise, there is a danger that a spurious node may fraudulently gain a level of service without paying for it. Authentication of the network to the mobile node is also necessary in order to prevent a type of “man-in-the-middle” attack.
Access control: A secure system must ensure that only authorized mobile nodes can gain access to the network since the airwave of the underlying wireless access network is exposed to intruders.
The first paper deals with security issues in Mobile IP, which is an emerging networking standard for the next generation Internet. Prof Deng and his co-authors investigate various attacks on mobile devices and propose a solution which allows a mobile device to be continuously authenticated while it is on the move. In the second paper, they study the problem of conducting conferencing communications among a group of ad hoc mobile users in a secure way. The challenge here is how to automatically set up a secret cryptographic key among the group members in an efficient and authenticated manner. Once the key is established, the communication traffic among the group members can then be protected in a straightforward manner. They conduct an in-depth security analysis of an existing cryptographic key establishment technique and discover that the technique is insecure against a replay attack. With the existing technique, an attacker can cause conference participations to reuse a compromised key, which could lead to a complete exposure of subsequent communications to the attacker. Prof Deng believes that the two papers have helped shed light on the designing of secure cryptographic key establishment techniques.
2 (1) “Enforcing Security in Mobile Networks: Challenges and Solutions”, by R. H. Deng, F. Bao, Y. Qiu, J. Zhou, Mobile, Wireless and Sensor Networks: Technology, Applications and Future Directions, Editors R. Shorey, A. Ananda, M. Chan and W. Ooi , IEEE Press and Wiley Interscience, USA, 2006; and
(2) “Security Analysis of a Conference Scheme for Mobile Communications”, by Z. Wan, F. Bao, R. H. Deng and A. L. Ananda, to appear in IEEE Transaction on Wireless Communications. |
