|
International Journal of Information Technology Vol. 11 No. 2 (Special Issue) Guest Editorial Welcome to the special issue of IJIT on Network Security! We have recently witnessed a fast growing interest in security for computers and networks. Computing and networking without proper security may be compared to building a beautiful house without door locks in a crime zone. As increasingly more activities involving sensitive information are performed on Internet and wireless media, our computing machines become more susceptible to exploitation. Attackers may not be conspicuous, necessitating the development of countermeasures to protect sensitive information. The special issue addresses this important area and its related topics. The ITCC 2005 conference hosted a track on wireless and network security. We have selected 9 papers from the track. More than half of them are related to wireless ad-hoc networks focusing on such issues as key management, authentication, sensor networks, and detecting neighbors. The rest of the papers cover reliability, firewall architecture, and denial-of-service attack. First, Bein, Jolly, Kumar and Latifi start us off with the fault-tolerance and reliability issues. No network can be secure unless it is reliable to a certain degree. This paper models the reliability of the sensor networks using Markov chain. It is shown here how sensors of different types can replace one another and, therefore collectively, achieve a reliable system. In the next article, Korkmaz offers an interesting idea on verifying the physical presence of neighbors to reduce the possibility of replay attacks. This paper considers the RTT-based verification and revises it along with a probabilistic approach. It then considers a power-based approach and couples it with RTT-based approach to design an effective neighbor verification protocol (NVP). This scheme significantly limits the effectiveness of replay-based attacks by restricting the range. Firewalls need to keep the session information of the on-going sessions. Nonetheless, keeping the information on a large number of connections has been challenging. Li, Ji and Hu introduce a novel architecture for stateful connection inspection. They present an architecture which divides a session entry into two parts, and design different data structures for each part. A new PATRICIA algorithm is proposed to organize a session table, which is proved to be an optimal 2-ary trie for fixed-length match. They describe an ASIC implementation for the architecture and corresponding algorithms. Hadjichristofi, Davis and Davis tackle the issue of key management in mobile ad-hoc network. Key management in a mobile ad-hoc environment is complicated by frequently partitioning network topology. Their paper presents a framework for key management that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes in MANETs. It uses a modified hierarchical trust Public Key Infrastructure (PKI) model in which nodes can dynamically assume management roles. In the next article by Kim, Jo Merat, Yang and Jiang, the problem of Denial-of-service is addressed. Their approach introduces the concept of bit marking, where a header field of IP packet is modified to differentiate the path of the packets. With that they can identify a group of packets coming from a unique source in spite of fake IP address. Such scheme enables efficient rate limiting under packet flooding attack. Mobile ad-hoc networks are vulnerable to many different kinds of routing attacks. Yi, Dai, Zhang and Zhong investigate a scenario leading to DDoS attack, and present a solution. The new DOS attack, called Ad Hoc Flooding Attack(AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad hoc networks, such as AODV, DSR. They developed Flooding Attack Prevention (FAP) to fight against such an attack. When the intruder broadcasts exceeding packets of Route Request, the neighbors record the rate of Route Request and deny any future request packets from the intruder once the threshold is exceeded. Wireless sensor network (WSN) is a medium where security is challenging due to the intermittent connectivity, resource limitations and ad-hoc nature of such networks. Hu, Siddiqui and Cao tackle the security problem in large-scale wireless sensor networks. Observing that the traditional public key-based security protocols need large memory, bandwidths and complex algorithms, and thus unsuitable for WSNs, they aim to reduce the consumption of resources (energy, memory, CPU calculation time, etc.) by using symmetric-key-based security. Since current solutions in WSNs do not consider the correlation between “routing” and “security” effectively, this work focuses on the integration of routing and key management to provide an energy efficient security and routing solution. Another authentication scheme is presented by Lu and Pooch. They propose a lightweight authentication protocol, which utilizes one-way hash chain to provide effective and efficient authentication for communications between neighboring nodes in MANETs. Delayed key disclosure scheme is used to prevent from in-the-middle attack on key release. It is observed that the protocol incurs low overhead and achieves a low packet dropping rate. Finally, Zhao, Wang, Kim, Jiang and Yang investigate the security aspects while providing Internet connectivity in ad-hoc network environment. In multi-gateway model, the load-balancing overhead may reduce the network performance. Therefore this paper introduces the concept of dynamic gateway and resolves the load-balancing problem. All this functionality is implemented with strong security in mind with secDSDV protocol. We are very pleased to offer this great selection of papers. We hope you all find this issue informative and helpful in keeping yourselves up-to-date. Yoohwan Kim Mei Yang Shahram Latifi University of Nevada, Las Vegas Yoohwan Kim |