Abstract — Ad hoc Networks are a new generation of networks offering unrestricted mobility without any underlying infrastructure. In these kinds of networks, all the nodes share the responsibility of network formation and management. As their principle application is in catastrophic environments, security is critical. Authentication, integrity and encryption are key issues pertaining to network security. Traditional authentication schemes cannot be effectively used in such decentralized networks. In this paper, we present an end-to-end data authentication scheme that relies on mutual trust between nodes. The basic strategy is to take advantage of the hierarchical architecture that is implemented for routing purposes. We have proposed an authentication scheme that uses TCP at transport layer and a hierarchical architecture at the IP layer so that the number of encryptions needed is minimized, thereby reducing the computational overheads. This also results in substantial savings as each node has to maintain keys for fewer nodes. I.

Security is becoming an everyday concern for a wide range of electronic systems that manipulate, communicate, and store sensitive data. An important and emerging category of such electronic systems are battery-powered mobile appliances, such as personal digital assistants (PDAs) and cell phones, which are severely constrained in the resources they possess, namely, processor, battery, and memory. This work focuses on one important constraint of such devices---battery life---and examines how it is impacted by the use of various security mechanisms. In this paper, we first present a comprehensive analysis of the energy requirements of a wide range of cryptographic algorithms that form the building blocks of security mechanisms such as security protocols. We then study the energy consumption requirements of the most popular transport-layer security protocol: Secure Sockets Layer (SSL). We investigate the impact of various parameters at the protocol level (such as cipher suites, authentication mechanisms, and transaction sizes, etc.) and the cryptographic algorithm level (cipher modes, strength) on the overall energy consumption for secure data transactions. To our knowledge, this is the first comprehensive analysis of the energy requirements of SSL. For our studies, we have developed a measurement-based experimental testbed that consists of an iPAQ PDA connected to a wireless local area network (LAN) and running Linux, a PC-based data acquisition system for real-time current measurement, the OpenSSL implementation of the SSL protocol, and parameterizable SSL client and server test programs. Based on our results, we also discuss various opportunities for realizing energy-efficient implementations of security protocols. We believe such investigations to be an imp...

Security protocols are critical to enabling the growth of a wide range of wireless data services and applications. However, they impose a high computational burden that is mismatched with the modest processing capabilities and battery resources available on wireless clients. Bridging the security processing gap, while retaining sufficient programmability in order to support a wide range of current and future security protocol standards, requires the use of novel system architectures and design methodologies.

Security is critical to a wide range of current and future wireless data applications and services. This paper highlights the challenges posed by the need for security during system architecture design for wireless handsets, and provides an overview of emerging techniques to address them. We focus on the computational requirements for securing wireless data transactions, revealing a gap between these requirements and the trends in processing capabilities of embedded processors used in wireless handsets. We also demonstrate that the use of security protocols causes significant degradation in battery life, a problem that will worsen due to the slow growth in battery capacities. These trends point to a wireless security processing gap that, unless addressed, will impede the deployment of secure high-speed wireless data and multi-media applications. We discuss approaches that are currently being pursued to bridge this gap, including low-complexity cryptographic algorithms, security enhancements to embedded processors, and advanced system architectures for wireless handsets that are enabled by new systemlevel design methodologies.

The majority of existing trust models is based on three underlying assumptions: (i) proven identity of agents, (ii) repetitive interactions and (iii) similar trusting situations. In our work, we address these assumptions by introduction of simple classification techniques in our mechanism that extends existing trust models, rather than by introduction of a new model. The proposed approach formalizes the situation (context) and/or trusted agent identity in a multi-dimensional Identity-Context space, and attaches the trustworthiness evaluations to individual elements from this metric space, rather than to fixed identity tags (e.g. AIDs, addresses). Trustworthiness of the individual elements of the Identity-Context space can be evaluated using any trust model that supports weighted aggregations and updates, allowing the integration of the mechanism with most existing work. Trust models with the proposed extension are appropriate for deployment in dynamic, ad-hoc and mobile environments, where the agent platform can not guarantee the identity of the agents and where the cryptography-based identity management techniques may be impractical due to the unreliable and costly communication.

The need for access control in a hierarchy arises in several different contexts. One such context is managing the information of an organization where the users are divided into different security classes depending on who has access to what. Several cryptographic solutions have been proposed to address this problem -- the solutions are based on generating cryptographic keys for each security class such that the key for a lower level security class depends on the key for the security class that is higher up in the hierarchy. Most solutions use complex cryptographic techniques: integrating these into existing systems may not be trivial. Others have impractical requirement: if a user at a security level wants to access data at lower levels, then all intermediate nodes must be traversed. Moreover, if there is an access control policy that does not conform to the hierarchical structure, such policy cannot be handled by existing solutions. We propose a new solution that overcomes the above mentioned shortcomings. Our solution not only addresses the problem of access control in a hierarchy but also can be used for general cases. It is a scheme similar to the RSA cryptosystem and can be easily incorporated in existing systems.

This paper reports a framework for designing information visualization (IV) tools for monitoring and analysis activities. In this user study, the domain for these activities is network intrusion detection (ID). User-centered design methods have been widely used for many years, however, innovative IV displays are often developed with limited consideration of user needs in the context of real-life problems. While it can be argued that this is required to generate creative new solutions, the resulting tools often do not support actual users in their daily work. Several IV tools have been developed to support ID, but there is little evidence that these solutions address the needs of the users. We studied ID analysts' daily activities in order to understand their routine work practices and the need for designing IV tools. We developed a three-phase process model that frames corresponding requirements for IV tools. This model significantly extends the scope of contemporary IV for ID tools in novel ways.

this paper we design and evaluate a security framework for multilevel ad hoc wireless networks with unmanned aerial vehicles (UAVs). In battlefields, the framework adapts to the contingent damages on the network infrastructure

Integrating security concerns throughout the whole software development process is one of today's challenges in software and requirements engineering research. A challenge that so far has proved difficult to meet. The major difficulty

Providing acceptable levels of security imposes significant computational requirements on wireless clients, servers, and network elements. These requirements are often beyond the modest processing capabilities and energy (battery) resources available on wireless clients. The relatively small sizes of wireless data transactions imply that public-key encryption algorithms dominate the security processing requirements. In this work,