Security Protocol

With the increasing dependence on wireless LANs (WLANs), businesses and educational institutions are in need of a reliable security mechanism. The latest security protocol, the IEEE 802.11i assures rigid security for WLANs with the support of IEEE 802.1x protocol for authentication, authorization and key distribution. Nevertheless, fresh security threats are emerging often to oust these new defense mechanisms. Further, many organizations based on superficial vendor literature, believe their wireless security is sufficient enough to prevent any unauthorized access. Having wide ranging options for security configurations, users are camouflaged into deep uncertainty. This volatile state of affairs has prevented many organizations from fully deploying WLANs for their secure communication needs, though WLANs may be cost effective and flexible. In this paper, we present an anomaly based mechanism to detect both known and emerging security threats in WLANs. Our method uses both timing and behavioral anomalies. We first look for timing and/or behavior anomalies during the security association process and then use outlier based data association approaches to verify their legitimacy. The proposed concept was tested on our experimental setup and the results obtained from EAP-LEAP and EAP-PEAP authenticated hosts are presented here.

With the increased usage of wireless LANs (WLANs), businesses and educational institutions are becoming more concerned about wireless network security. The latest WLAN security protocol, the IEEE 802.11i assures rigid security for wireless networks with the support of IEEE 802.1X protocol for authentication, authorization and key distribution. In this study we investigate the integrity of the security model developed by us based on 802.11i Robust Security Mechanism (RSN), strengthening our desire towards establishing a secure wireless network environment. We have used the Symbolic Analysis Laboratory (SAL) tools to formally verify the Behavior Tree models. This paper presents the several Linear Temporal Logic (LTL) formulas established to prove the credibility of our model. We also discuss probable software issues that could arise during implementation. By examining all possible execution traces of the security protocol we have proved our implementation model to be complete and consistent. EapolReq/Identity

With the increasing dependence on wireless LANs (WLANs), businesses and educational institutions are in need of a reliable security mechanism. The latest security protocol, the IEEE 802.11i assures rigid security for WLANs with the support of IEEE 802.1x protocol for authentication, authorization and key distribution. Nevertheless, fresh security threats are emerging often to oust these new defense mechanisms. Further, many organizations based on superficial vendor literature, believe their wireless security is sufficient enough to prevent any unauthorized access. Having wide ranging options for security configurations, users are camouflaged into deep uncertainty. This volatile state of affairs has prevented many organizations from fully deploying WLANs for their secure communication needs, though WLANs may be cost effective and flexible. In this paper, we present an anomaly based mechanism to detect both known and emerging security threats in WLANs. Our method uses both timing and behavioral anomalies. We first look for timing and/or behavior anomalies during the security association process and then use outlier based data association approaches to verify their legitimacy. The proposed concept was tested on our experimental setup and the results obtained from EAP-LEAP and EAP-PEAP authenticated hosts are presented here.

With the increasing dependence on wireless LANs (WLANs), businesses and educational institutions are becoming more concerned about network security. The latest WLAN security protocol, the IEEE 802.11i assures rigid security for wireless networks with the support of IEEE 802.1X protocol for authentication, authorization and key distribution. However, users will remain skeptical unless they are confident and possess some form of assurance that the security mechanism is actually effective. In this view our Early Warning System (EWS) effectively confirms the legitimacy of the 802.11i security mechanism building confidence among the users. In this paper we outline our proposed WiFi-EWS for 802.11i wireless networks. Our system can effectively be used for anomaly detection and intrusion prevention. It has several levels of defense to protect the wireless networks from a range of possible threats. False alarms are raised only when all validations prove negative thus significantly reducing the number of false positives.

Because elliptic curve cryptography offers a promising trade-off between security and computational performance, the field of current cryptographic techniques has taken a particular interest in it. Two basic digital signature algorithms-the Elliptic Curve Diffie-Hellman Algorithm (ECDH) and the Elliptic Curve Digital Signature Algorithm (ECDSA) are the subject of this performance analysis and comparison. These methods are based on elliptic curve cryptography. The analysis takes into consideration realistic application demands as well as factors like key length and security level. The results provide useful information on trade-offs between performance and security. A list of acceptable ECDSA requirements for digital signatures was used for the comparison. These characteristics are sign, sign/s, no PC verify, no PC verify/s, siglen, keygen, keygen/s, verify, and verify/s.

This study aims to provide a comprehensive theoretical review of classical and quantum cryptography concepts, highlighting the fundamental differences between traditional algorithms and postquantum algorithms. An analytical comparison is conducted between the Advanced Encryption Standard (AES), a symmetric encryption

This paper considers how to conduct k-nearest neighbor classification in the following scenario: multiple parties, each having a private data set, want to collaboratively build a k-nearest neighbor classifier without disclosing their private data to each other or any other parties. Specifically, the data are vertically partitioned in that all parties have data about all the instances involved, but each party has its own view of the instances -each party works with its own attribute set. Because of privacy constraints, developing a secure framework to achieve such a computation is both challenging and desirable. In this paper, we develop a secure protocol for multiple parties to conduct the desired computation. All the parties participate in the encryption and in the computation involved in learning the k-nearest neighbor classifiers 1 .

In this paper, we present a scalable and secure protocol for key revocation in Wireless Sensor Networks. The protocol guarantees an authenticated distribution of new keys that is efficient in terms of storage, communication and computing overhead. The proposed protocol reduces the number and the size of rekeying messages. It achieves the necessary level of confidentiality and authenticity of rekeying messages by only using symmetric ciphers and one-way functions. Hence, the protocol results scalable, and particularly attractive for large and/or highly dynamic groups.

Mobile Ad hoc Networks remain vulnerable to a wide range of security threats, yet existing MANET security reviews provide fragmented insight into how recent studies frame security problems, model threats, and report design choices. This descriptive systematic review follows PRISMA guidelines and examines MANET security studies published between January and August 2025. A total of 51 studies were analyzed using a structured coding process covering security themes, attack types, defense techniques, threat modeling assumptions, detection logic, and reporting completeness. The results show convergence around a limited set of recurring attack models and reusable defense patterns. Both machine learning and deep learning, along with detection-oriented, trust-based, and optimization techniques, appear across multiple security themes rather than being confined to a single problem framing. However, threat specification, detection target definition, and trust design reporting are often incomplete or inconsistent, which limits reproducibility and cross-study comparison. Evaluation orientation, including performance metrics and experimental validation practices, is identified as an important direction for future work.

Many significant functionalities of vehicular ad hoc networks (VANETs) require that nodes have knowledge of the positions of other vehicles, and notably of those within communication range. However, adversarial nodes could provide false position information or disrupt the acquisition of such information. Thus, in VANETs, the discovery of neighbor positions should be performed in a secure manner. In spite of a multitude of security protocols in the literature, there is no secure discovery protocol for neighbors positions. We address this problem in our paper: we design a distributed protocol that relies solely on information exchange among one-hop neighbors, we analyze its security properties in presence of one or multiple (independent or colluding) adversaries, and we evaluate its performance in a VANET environment using realistic mobility traces. We show that our protocol can be highly effective in detecting falsified position information, while maintaining a low rate of false positive detections.

Many significant functionalities of vehicular ad hoc networks (VANETs) require that nodes have knowledge of the positions of other vehicles, and notably of those within communication range. However, adversarial nodes could provide false position information or disrupt the acquisition of such information. Thus, in VANETs, the discovery of neighbor positions should be performed in a secure manner. In spite of a multitude of security protocols in the literature, there is no secure discovery protocol for neighbors positions. We address this problem in our paper: we design a distributed protocol that relies solely on information exchange among one-hop neighbors, we analyze its security properties in presence of one or multiple (independent or colluding) adversaries, and we evaluate its performance in a VANET environment using realistic mobility traces. We show that our protocol can be highly effective in detecting falsified position information, while maintaining a low rate of false positive detections.

The Initial Network Entry procedure is the first stage in establishing a connection in an IEEE 802.16 (WiMAX) network. The process involves the transmission of unencrypted management messages, which constitutes a major security flaw that is exploited by the Man-in-the-Middle (MITM) attack. This security defect necessitates the implementation of appropriate security protocols. Research has shown that developing secure protocols is a difficult task as is evident from the presence of flaws in published protocols such as the Needham-Schroeder public key authentication protocol that had a bug that remained undetected for 17 years. With the use of formal verification techniques, bugs can be discovered very early in the design of the system and automatically validated, thereby increasing confidence in their use. In this paper, we analyse a security protocol proposed to mitigate the MITM attack at the initial network entry point in WiMAX referred to as Secure Initial Network Entry Protocol (SINEP), and model the protocol and an intruder process with MITM capabilities in Process/Protocol Meta-language (PROMELA) formalism. We then use Linear Temporal Logic (LTL) to define the attributes the protocol should satisfy and carry out verification by use of the SPIN model checker. Using our intruder model, we conclude that the protocol fulfils its confidentiality objective by concealing the most valuable messages in the protocol run.

Future telecommunication networks, and in particular networks beyond 3rd Generation, will be based on an “all-IP” architecture. Issues such as Quality of Service (QoS), Mobility and Authentication, Authorisation, Accounting and Charging (AAAC), and their respective interoperation, must be handled in such scenarios. This paper describes a generic end-to-end QoS architecture and its relationship with the other networking components. This architecture is being developed inside the IST project Moby Dick.

Nowadays we can perform business transactions with remote servers interconnected to Internet using our personal devices. These transactions can also be possible without any infrastructure in pure adhoc networks. In both cases, interacting parts are often unknown, therefore, they require some mechanism to establish ad-hoc trust relationships and perform secure transactions. Operating systems for mobile platforms support secure communication and authentication, but this support is based on hierarchical PKI. For wireless communications, they use the (in)secure protocol WEP. This paper presents a WCE security enhanced architecture allowing secure transactions, mutual authentication, and access control based on dynamic management of the trusted certificate list. We have successfully implemented our own CSP to support the new certificate management and data ciphering. Thanks to UBISEC (IST STREP 506926) and EVERYWARE (MCyT N • 2003-08995-C02-01) projects.

The paper examines key aspects of the security of protocols used for integration with access control systems. It analyzes current challenges and vulnerabilities related to data transmission in ACS, particularly comparing the Wiegand and OSDP protocols. The main information security threats are identified, and approaches to minimize them are proposed. Special attention is given to encryption, authentication, and two-way communication as critical elements of protection. The research results have practical value for the development and implementation of reliable and secure ACS.

A wireless sensor network is a collection of devices limited in lowpowered batteries, processing, communication bandwidth capabilities and low memory availability. Due to these constraints, most of security approaches used in wired networks cannot be applied directly in this environment. In this work, we present a hybrid protocol that treats the group key management scheme and the transparent cluster interconnection. It also treats the nodetampering problem, offering a simple solution to control the group key. The feasibility of this protocol was verified by simulation and we concluded that increasing the number of nodes in the network does not change the performance of the interconnection between any two clusters. Resumo. Uma rede de sensores sem fio é uma coleção de dispositivos limitados em poder de processamento e alcance de transmissão, com baixa disponibilidade de memória e de energia. Devido a estas limitações, a maioria das soluções de segurança de redes cabeadas não se aplicam diretamente neste tipo de ambiente. Este artigo apresenta um protocolo híbrido que trata do esquema de gerenciamento de chaves e da interconexão transparente de clusters. Também é tratado o problema de captura de nós, oferecendo uma solução para a proteção da chave de grupo. Simulações mostram que aumentando o número de sensores na rede, o desempenho da comunicação entre dois clusters quaisquer permanece o mesmo.

this paper presents that mobile communication networks are essential for connecting with a significant portion of the world's population. Users' calls, SMS, and mobile data security are heavily reliant on how well Authenticated Key Exchange (AKE) protocols work. By streamlining two crucial procedures, authentication and key establishment, these protocols facilitate secure communication. While key setup creates secure cryptographic keys that guarantee the confidentiality and integrity of the data transmitted, authentication verifies the identities of the communicating parties. An authentication scheme based on Chebyshev chaotic maps, which have a dynamic and complex structure and are highly unpredictable due to their sensitivity to initial circumstances, is proposed in this article. This extra security measure increases the protocol's resistance to replay and manin-the-middle attacks, among others. The Tamarin Prover, a strong formal verification tool for cryptographic protocols, is used to confirm the security of the proposed protocol. The improved 5G-AKA protocols' security features, such as secrecy authentication and resistance to known attack vectors, can be fully evaluated and replicated using Tamarin Prover. In 5G communications, our results show that using Chebyshev chaotic maps enhances the protocol and offers strong security against potential attacks.

Wireless Sensor Networks (WSN) is a recent advanced technology of computer networks and electronics. The WSN increasingly becoming more practicable solution to many challenging applications. The sensor networks depend upon the sensed data, which may depend upon the application. One of the major applications of the sensor networks is in military. So security is the greatest concern to deploy sensor network such hostile unattended environments, monitoring real world applications. But the limitations and inherent constraints of the sensor nodes does not support the existing traditional security mechanisms in WSN. Now the present research is mainly concentrated on providing security mechanism in sensor networks. In this context, we analysis security aspects of the sensor networks like requirements, classifications, and type of attacks etc., in this survey paper.

Most model checking techniques for security protocols make a number of simplifying assumptions on the protocol and/or on its execution environment that prevent their applicability in some important cases. For instance, most techniques assume that communication between honest principals is controlled by a Dolev-Yao intruder, i.e. a malicious agent capable to overhear, divert, and fake messages. Yet we might be interested in establishing the security of a protocol that relies on a less unsecure channel (e.g. a confidential channel provided by some other protocol sitting lower in the protocol stack). In this paper we propose a general model for security protocols based on the set-rewriting formalism that, coupled with the use of LTL, allows for the specification of assumptions on principals and communication channels as well as complex security properties that are normally not handled by state-of-the-art protocol analysers. By using our approach we have been able to formalise all the assumptions required by the ASW protocol for optimistic fair exchange as well as some of its security properties. Besides the previously reported attacks on the protocol, we report a new attack on a patched version of the protocol.

We present an implementation of a method for finding counterexamples to universally quantified conjectures in first-order logic. Our method uses the proof by consistency strategy to guide a search for a counterexample and a standard first-order theorem prover to perform a concurrent check for inconsistency. We explain briefly the theory behind the method, describe our implementation, and evaluate results achieved on a variety of incorrect conjectures from various sources. Some work in progress is also presented: we are applying the method to the verification of cryptographic security protocols. In this context, a counterexample to a security property can indicate an attack on the protocol, and our method extracts the trace of messages exchanged in order to effect this attack. This application demonstrates the advantages of the method, in that quite complex side conditions decide whether a particular sequence of messages is possible. Using a theorem prover provides a natural way of dealing with this. Some early results are presented and we discuss future work.

A Wireless Sensor Network can be used in a home health care system to monitor the elderly or patients with chronic diseases. The quality of security of the home health care system is an important requirement. If the security services or servers malfunction then the system itself may become compromised. We show that with multi-server protocols, even if one or more servers become unavailable or untrustworthy, it may still be possible for the sensor nodes to establish a good session key. We compare and contrast different multi-server protocols. We also show which protocols are more suited for our system. The protocols were implemented in TinyOS and run on mica2 motes. The time elapsed, complexity of the code, and memory requirements are analysed in detail. We show that a symmetric key implementation has advantages over an asymmetric implementation.

A Wireless Sensor Network can be used in a home health care system to monitor the elderly or patients with chronic diseases. The quality of security of the home health care system is an important requirement. If the security services or servers malfunction then the system itself may become compromised. We show that with multi-server protocols, even if one or more servers become unavailable or untrustworthy, it may still be possible for the sensor nodes to establish a good session key. We compare and contrast different multi-server protocols. We also show which protocols are more suited for our system. The protocols were implemented in TinyOS and run on mica2 motes. The time elapsed, complexity of the code, and memory requirements are analysed in detail. We show that a symmetric key implementation has advantages over an asymmetric implementation.

Wireless sensor networks provide solutions to a range of monitoring problems. However, they introduce a new set of problems mainly due to small memories, weak processors, limited energy and small packet size. Thus only a very few conventional protocols can readily be used in sensor networks. This paper closely examines the currently available key distributions protocols, their strengths and limitations. The performance of these protocols under different scenarios are thoroughly investigated using theoretical analysis and using a simulation study with TinyOS. First a number of single server protocols were proposed and their performance was analysed. Then we propose a new set of multi-server key distribution protocols, where base stations (or controller nodes) are untrusted. The proposed solutions replicate the authentication server such that a group of malicious and colluding servers cannot compromise security or disrupt service. A detailed comparison of the performance of the proposed protocols with that of other available protocols show the advantages of our protocols. We show that the proposed multiple server authentication protocols will only have O(n) complexity, where n is the number of authentication servers. The protocols use information from the sensor nodes and the servers to generate a new key, and do not solely rely on the sensor nodes to generate good random numbers. The proposed protocols guarantee that the new key is fresh and that the communicating nodes use the same key.