Systems exploiting network coding to increase their throughput suffer greatly from pollution attacks which consist of injecting malicious packets in the network. The pollution attacks are amplified by the network coding process, resulting in a greater damage than under traditional routing. In this paper, we address this issue by designing an unconditionally secure authentication code suitable for multicast network coding. The proposed scheme is robust against pollution attacks from outsiders, as well as coalitions of malicious insiders. Intermediate nodes can verify the integrity and origin of the packets received without having to decode, and thus detect and discard the malicious messages in-transit that fail the verification. This way, the pollution is canceled out before reaching the destinations. We analyze the performance of the scheme in terms of both multicast throughput and goodput, and show the goodput gains. We also discuss applications to file distribution.
Abstract-Network mobility introduces far more complexity than host mobility. Therefore, host mobility protocols such as Mobile IPv6 (MIPv6) need to be extended to support this new type of mobility. To address the extensions needed for network mobility, the IETF NEMO working group has recently standardized the network mobility basic support protocol in RFC 3963. However, in this RFC, it is not mentioned how authentication authorization and accounting (AAA) issues are handled in NEMO environment. Also, the use of IPsec to secure NEMO procedures does not provide robustness against leakage of stored secrets. To address this security issue and to achieve AAA with mobility, we propose new handover procedures to be performed by mobile routers and by visiting mobile nodes. This new handover procedure is based on leakage resilient-authenticated key establishment (LR-AKE) protocol. Using analytical models, we evaluate the proposed handover procedure in terms of handover delay which affects the session continuity. Our performance evaluation is based on transmission, queueing and encryption delays over wireless links.Index Terms-Authenticated key exchange, authentication authorization accounting (AAA), handover delay, IP-based mobile networks, leakage resilience, mobile IPv6 (MIPv6), mobile routers, NEMO, session continuity, visiting mobile nodes.
In wireless networks, security is an essential feature that can be provided using a variety of protocols. On the other hand, the security protocols can affect applications to varying degrees depending on the network conditions. In this paper, we propose to evaluate the overhead introduced by the security mechanisms in WLAN such as authentication. To do so, we develop an analytical model based on random errors to evaluate the authentication delay for various error rates taking into account the reliability mechanisms involved. We also measure the authentication delay for WLAN 802.11b using CISCO Access Point and Client cards. We generate the average, minimum and maximum delay for the different authentication configuration available in the CISCO Security suite. The analytical and the experimental results are compliant. The major contributor of the authentication delay is the probing time needed to detect the surrounding Access Point.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.