| 1. |
- Johnson, Henric, et al.
(author)
-
Detection and Response Policies Using a Hierarchical Scheme
- 2004
-
Conference paper (peer-reviewed)abstract
- To protect and secure critical wireless network communications, high-end security services are used to encrypt, authenticate and validate packets. This approach opens up a new area of system attacks. Since the security services are time and resource demanding, a service may be easily overworked. Using Adaptive Packet Discard Mechanisms in conjunction with a lightweight packet classifying mechanism, it is possible to reduce, if not remove, the effects of a Denial-of-Service attack on complex security services, and thus creating a hier-archical approach to security.
|
|
| 2. |
- Johnson, Henric
(author)
-
Lightweight Authentication for Bluetooth
- 2004
-
Conference paper (peer-reviewed)abstract
- Authentication of Bluetooth devices on a per-packet basis is a challenging research problem since it is a low power technology with limited computational resources and storage capacity. In this paper, we describe a lightweight per-packet authentication protocol well suited for Bluetooth's constrained environment. The proposed authentication protocol is presented with one bit for authentication but could with facility be extended to $k$ bits for a higher security level. Since packets might be lost due to a bad wireless channel or an attack, the protocol needs to be robust and not lose synchronization of the authentication bits. A detailed description of a synchronization algorithm is presented and evaluated via simulation and analysis.
|
|
| 3. |
- Johnson, Henric
(author)
-
Lightweight Authentication in Wireless Networks
- 2004
-
Licentiate thesis (other academic/artistic)abstract
- In this thesis, we develop and analyse two novel authentication protocols well suited for wireless devices. iven that wireless devices have limited resources such as processing power, bandwidth, storage, and energy, the proposed authentication protocols need to be lightweight. Due to these limitations there is a tradeoff between security and performance. To guarantee complete network access control the authentication is performed on a per-packet basis. Therefore, a Lightweight Authentication Code (LAC) is embedded in each packet as an authenticator. Authentication is necessary to guarantee the identity of a source since, with a wireless network, an adversary could easily inject traffic to get access to a network or launch a Denial-of-Service attack. The protocols are designed to be generic and applicable to standards such as IEEE 802.11 and Bluetooth. In order to handle packet loss or an attack, synchronization algorithms are advanced and analysed to synchronize the sender's and the receiver's LACs. We further propose to use the lightweight authentication protocol as part of a detection and response scheme to handle Denial-of-Service attacks such as resource exhaustion. Five Adaptive Packet Discard Mechanisms (APDMs) are presented, in which the lightweight authentication protocols function as a first line of defense to protect the second and much stronger security service from exhaustion. With these mechanisms, we believe it is possible to reduce, if not remove, the effects of a Denial-of-Service attack on complex security systems. Finally, we extend the applicability to secure usage-based accounting, in which lightweight authentication per-packet is necessary to utilize accounting resources efficiently and guarantee accounting correctness.
|
|
| 4. |
- Wu, Felix, et al.
(author)
-
SOLA : Lightweight Security for Access Control in IEEE 802.11
- 2004
-
In: IT Professional Magazine. - : IEEE Computer Society. - 1520-9202 .- 1941-045X. ; 6:3, s. 10-16
-
Journal article (peer-reviewed)abstract
- The IEEE 802.11 wireless standard provides little support for secure access control. As a result, access control in IEEE 802.11 on a per packet basis requires a new and robust identity authentication protocol. The SOLA (Statistical One-Bit Lightweight Authentication) protocol is well suited in a wireless constrained environment because this protocol's communication overhead is extremely low: only one bit. Furthermore, SOLA fulfills the requirements of being secure, useful, cheap, and robust. The synchronization algorithm performs very well. SOLA also makes it easy to develop a framework to detect and respond to, for instance, denial-of-service attacks or an adversary who tries to guess the identity authentication bit for successive packets.
|
|
