Electronic payment systems for wireless mesh networks need to take into account the limited computational and communicational ability of mesh clients. Micropayment scheme is well suited for this scenario since it is specifically designed for efficient operations in payment transactions. In this article, we propose a one way hash chain structure based on which efficient and secure payment protocols that support both prepaid and credit-based paying schemes are introduced.
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKSIJNSA Journal
This document proposes a secure electronic payment protocol for wireless mesh networks. It discusses:
- Micropayment schemes are well-suited for wireless mesh networks due to their efficient operations for small payments and support of mobile devices.
- The proposed protocol uses a one-way hash chain structure to support both prepaid and credit-based payment schemes efficiently and securely. Tickets containing payment hash chains are used to facilitate authentication and billing.
- The protocol aims to minimize public-key operations by relying on hash functions whenever possible to reduce computational burden on wireless devices. It also supports roaming between mesh routers in the same domain.
A Survey on Credit Based Scheme for Multihop Wireless Networkijsrd.com
Wireless Network (WSN) is an evolving technology that has various applications both for mass public and military. The performance of wireless networks depends on the cooperation of all active nodes. However, supporting a wireless network is a cost-intensive activity for a mobile node. For a single mobile node perspective, the detection of routes as well as forwarding packets consumes local CPU time, memory and bandwidth. Sometimes the mobile nodes denying the packet of other nodes, while at the same time use their services to deliver its own data. This behaviour of an independent mobile node is commonly known as misbehaving or selfishness. There are different schemes used for minimizing malicious behaviour of mobile nodes. Here provide different payment based schemes that provide co-operation among nodes in the network.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A Study of Secure Efficient Ad hoc Distance Vector Routing Protocols for MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A Secure Payment Scheme with Low Communication and Processing Overhead for Mu...Editor IJMTER
In this proposed work a trust-based routing protocol is developed to route messages through the
highly trusted nodes to minimize the probability of dropping the messages. Thus improve the network
performance in terms of throughput and packet delivery ratio. The proposed design contains a novel secure
reactive routing protocol for Mobile ad hoc networks (MANETs), called TRIUMF (Trust-Based Routing
Protocol with controlled degree of Selfishness for Securing MANET against Packet Dropping Attack). In the
proposed protocol trust among nodes is represented by trust value, which consists of cooperation score, direct
trust and indirect trust. The proposed trust routing allows controlled degree of selfishness to give an incentive to
the selfish nodes to declare its selfishness behavior to its neighbor nodes, which reduce the searching time of
misbehaving nodes to search for the malicious nodes only. In the proposed routing protocol two node-disjoint
routes between the source and destination nodes are selected based on their path trust values, one marked as
primary and the other as secondary. In this work both DLL-ACK and end- to-end TCP-ACK as monitoring
tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path
nodes trust value are updated positively; otherwise, if a malicious behavior is detected then the path searching
tool starts to identify the malicious nodes and isolate them from the routing path and the network. Finally this
scheme reduces the searching time of malicious nodes, and the routing protocol avoids the isolated misbehaving
node from sharing in all future routes, which improves the overall network throughput.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Irrational node detection in multihop cellular networks using accounting centereSAT Journals
Abstract In multihop cellular networks mobile nodes typically transmit packets during intermediate mobile nodes for enhancing recital. Stingy nodes typically don't collaborate that incorporates a negative result on the network fairness and recital. A fair, inexpensive and best incentive mechanism by Selfish Node Detection (FESCIMbySND) has been projected to stimulate the mobile node’s cooperation. Hashing operations area unit employed in order to extend the safety. Trivial Hash perform has been wont to improve end-to-end delay and outturn. Additionally Cyclic Redundancy Check Mechanism has been used to spot the ridiculous nodes that involve themselves in sessions with the intention of dropping the in sequence packets. Moreover, to cut back the impact at the Accounting Center a Border node has been commend the task of propose the checks employing a digital signature. Keywords: Border Node Mechanism, Cyclic Redundancy Check, Selfish nodes, Trivial Hash Function
Secure Ticket- Based Anonymity and Traceability in Wireless Mesh NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKSIJNSA Journal
This document proposes a secure electronic payment protocol for wireless mesh networks. It discusses:
- Micropayment schemes are well-suited for wireless mesh networks due to their efficient operations for small payments and support of mobile devices.
- The proposed protocol uses a one-way hash chain structure to support both prepaid and credit-based payment schemes efficiently and securely. Tickets containing payment hash chains are used to facilitate authentication and billing.
- The protocol aims to minimize public-key operations by relying on hash functions whenever possible to reduce computational burden on wireless devices. It also supports roaming between mesh routers in the same domain.
A Survey on Credit Based Scheme for Multihop Wireless Networkijsrd.com
Wireless Network (WSN) is an evolving technology that has various applications both for mass public and military. The performance of wireless networks depends on the cooperation of all active nodes. However, supporting a wireless network is a cost-intensive activity for a mobile node. For a single mobile node perspective, the detection of routes as well as forwarding packets consumes local CPU time, memory and bandwidth. Sometimes the mobile nodes denying the packet of other nodes, while at the same time use their services to deliver its own data. This behaviour of an independent mobile node is commonly known as misbehaving or selfishness. There are different schemes used for minimizing malicious behaviour of mobile nodes. Here provide different payment based schemes that provide co-operation among nodes in the network.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
A Study of Secure Efficient Ad hoc Distance Vector Routing Protocols for MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
A Secure Payment Scheme with Low Communication and Processing Overhead for Mu...Editor IJMTER
In this proposed work a trust-based routing protocol is developed to route messages through the
highly trusted nodes to minimize the probability of dropping the messages. Thus improve the network
performance in terms of throughput and packet delivery ratio. The proposed design contains a novel secure
reactive routing protocol for Mobile ad hoc networks (MANETs), called TRIUMF (Trust-Based Routing
Protocol with controlled degree of Selfishness for Securing MANET against Packet Dropping Attack). In the
proposed protocol trust among nodes is represented by trust value, which consists of cooperation score, direct
trust and indirect trust. The proposed trust routing allows controlled degree of selfishness to give an incentive to
the selfish nodes to declare its selfishness behavior to its neighbor nodes, which reduce the searching time of
misbehaving nodes to search for the malicious nodes only. In the proposed routing protocol two node-disjoint
routes between the source and destination nodes are selected based on their path trust values, one marked as
primary and the other as secondary. In this work both DLL-ACK and end- to-end TCP-ACK as monitoring
tools to monitor the behavior of routing path nodes: if the data packet successfully transmitted, then the path
nodes trust value are updated positively; otherwise, if a malicious behavior is detected then the path searching
tool starts to identify the malicious nodes and isolate them from the routing path and the network. Finally this
scheme reduces the searching time of malicious nodes, and the routing protocol avoids the isolated misbehaving
node from sharing in all future routes, which improves the overall network throughput.
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Irrational node detection in multihop cellular networks using accounting centereSAT Journals
Abstract In multihop cellular networks mobile nodes typically transmit packets during intermediate mobile nodes for enhancing recital. Stingy nodes typically don't collaborate that incorporates a negative result on the network fairness and recital. A fair, inexpensive and best incentive mechanism by Selfish Node Detection (FESCIMbySND) has been projected to stimulate the mobile node’s cooperation. Hashing operations area unit employed in order to extend the safety. Trivial Hash perform has been wont to improve end-to-end delay and outturn. Additionally Cyclic Redundancy Check Mechanism has been used to spot the ridiculous nodes that involve themselves in sessions with the intention of dropping the in sequence packets. Moreover, to cut back the impact at the Accounting Center a Border node has been commend the task of propose the checks employing a digital signature. Keywords: Border Node Mechanism, Cyclic Redundancy Check, Selfish nodes, Trivial Hash Function
Secure Ticket- Based Anonymity and Traceability in Wireless Mesh NetworksIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
This document describes a fast handoff scheme called NodeScan for IEEE 802.11 wireless networks. NodeScan aims to reduce handoff latency by taking advantage of wireless mesh network architecture. It maintains a list of active mesh nodes on the client and transmits authentication requests to all nodes on the list simultaneously instead of scanning channels. This allows the client to discover and connect to a new mesh node quickly. Experimental results on a wireless mesh testbed show that NodeScan can reduce handoff latency compared to standard scanning methods. The scheme requires only a client-side software upgrade to implement.
Administrator&trust based routing protocolNinad Samel
This document proposes a new routing scheme called Administrator and Trust Based Secure Routing (ATSR) for mobile ad hoc networks (MANETs). ATSR selects administrator nodes to route packets based on parameters like battery power, node coverage, reliability, and trust. It uses digital signatures and asymmetric cryptography to provide message confidentiality and integrity. Simulation results show ATSR is efficient, robust, and trustworthy. The document describes the working methodology of ATSR, related work, the proposed algorithms for administrator selection and trust/willingness calculation, packet formats, and security analysis.
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been
associated to business, socially and in some critical applications like Military etc, The network which is
formed by self configuring wireless links which are connected to each other. These applications are
categorized by hostile environment that they serve while communicating between nodes. However in such
Wireless Network will be more exposed to different types of security attacks. The challenge is to meet
secure network communication. In this paper we focus on cluster based secure communication to improve
the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster
Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures.
The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify
the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens
are requested to classify and expel the attacker nodes which submit wrong reports.
Multi-Level Secret Sharing Scheme for Mobile Ad-Hoc NetworksEswar Publications
In this paper, we are concerned with security for Mobile Ad-hoc Networks (MANETs) using threshold cryptography. When we are applying cryptography to MANETs, key management schemes must provide the cryptographic keys in a secure manner and storing the secret information within the nodes, thwarting the activities of malicious nodes inside a network and is how to distribute the role of the trusted authority among the nodes. Mobile ad hoc networks (MANETs) represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies. Secret Sharing Scheme is a method which distributes shares of a secret to a set of participants in such a way that only authorized subset of participants can uniquely reconstruct the secret and an unauthorized subset can get no information about the secret. In this paper we present a new multilevel secret sharing scheme by extending the Shamir’s to the case that the global threshold is strictly greater than the sum of the compartment thresholds and we indicate how to use the threshold secret sharing schemes based on polynomial interpolation. These schemes are based on one-way functions (Discrete Logarithm) which are computationally perfect. In the first scheme the number of public shares grows exponentially with the number of participants. To overcome this disadvantage we proposed two efficient schemes in which the number of public shares ate linearly proportional to the number of participants. Both these schemes are similar except that in the third scheme the identities of the participants are also hidden. In this we also addressed the problem of malicious shareholders that aim to corrupt a secret sharing scheme. To prevent such a threat, legitimate shareholders must detect any modification of shares that has not been issued by a node responsible for the sharing of secret S.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
The TV can assist the authentication of other OBUs.
5)
Mutual authentication: Both the OBU and the TV/LE can authenticate each other to avoid the
impersonation attack.
6)
Resistance to stolen-verified attacks: Even if the adversary obtains the authentication parameters of the
OBU, it still cannot impersonate the OBU.
7)
Resistance to forgery attacks: The adversary cannot forge a valid authentication message to cheat the
TV/LE.
8)
Resistance to modification attacks: The adversary cannot modify the authentication message without
being detected.
9)
Resistance to replay attacks: The adversary cannot replay the previous valid authentication message to
A Case Study on Authentication of Wireless Sensor Network based on Virtual Ce...AM Publications
This document presents a case study on authentication in wireless sensor networks using virtual certificate authorities. It discusses how sensor nodes can securely transmit data when moving across different wireless sensor networks. The proposed approach uses virtual certificates issued by a virtual certificate authority to authenticate moving sensor nodes. Simulation results show that the virtual certificate scheme reduces collisions compared to previous authentication algorithms. The scheme enhances security, scalability and interoperability while supporting node mobility across wireless sensor networks.
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been associated to business, socially and in some critical applications like Military etc, The network which is formed by self configuring wireless links which are connected to each other. These applications are categorized by hostile environment that they serve while communicating between nodes. However in such Wireless Network will be more exposed to different types of security attacks. The challenge is to meet secure network communication. In this paper we focus on cluster based secure communication to improve the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures. The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens are requested to classify and expel the attacker nodes which submit wrong reports.
To Design a Hybrid Algorithm to Detect and Eliminate Wormhole Attack in Wirel...IRJET Journal
This document proposes a hybrid algorithm to detect and eliminate wormhole attacks in wireless mesh networks. It describes how wormhole attacks work by establishing a tunnel between two malicious nodes. Most existing defenses are not secure against different types of wormhole attacks. The proposed algorithm aims to detect wormholes by calculating the neighbor list and directional neighbor list of the source node to approximate node locations and identify the effects of wormhole attacks. The performance is evaluated by varying the number of wormholes. The results show the algorithm is effective at detecting wormholes and its impact on the network.
Optimizing On Demand Weight -Based Clustering Using Trust Model for Mobile Ad...ijasuc
Mobile ad hoc networks are growing in popularity due to the explosive growth of modern
devices with wireless capability such as laptop, mobile phones, PDA, etc., makes the application more
challenging. The mobile nodes are vulnerable to security attacks. To protect the ad hoc network it is
essential to evaluate the trust worthiness. The proposed TWCA is similar to WCA in terms of cluster
formation and cluster head election. However, in WCA security features are not included. The proposed
TWCA is a cluster based trust evaluation, in which the mobile nodes are grouped into clusters with one
cluster head. It establishes trust relationship for the cluster based on the previous transaction result. The
simulation result confirms the efficiency of our scheme than the WCA and SEMC.
This document summarizes a research paper that proposes a decentralized e-voting system using blockchain technology. It begins with an abstract that outlines the limitations of current centralized electronic voting systems and how blockchain could address issues like proxy voting, re-voting, and lack of verifiability. The paper then reviews relevant literature on blockchain voting protocols. It proposes a novel e-voting system that implements a voting protocol as a smart contract on the Ethereum blockchain. This would create nodes for each user to securely store encrypted votes on the distributed ledger in a transparent and verifiable manner, suitable for medium-sized elections.
A Novel Multipoint Relay based Secure Routing in MANETIJNSA Journal
Security in routing is a challenging issue in mobile ad-hoc (MANET) network because of its open nature, infrastructure less property, mobility and energy constraints. Messages typically roam in multi-hopped fashion and nodes may be powered by limited energy source and with limited physical security. So we proposed a new scheme which is significantly different from others available schemes to provide security during routing in mobile ad hoc networks. In this paper, our proposed scheme, Secure Multipoint Relay based Routing in MANET (SMRR) provides routing based on trust, which is an integer value that helps to select Multipoint Relay (administrator) inside the network for routing. We have also implemented the message confidentiality and integrity in our proposed scheme. Our simulation results show the robustness, reliability and trustworthiness of our scheme.
Secure and Trustable Routing in WSN for End to End CommunicationIJMTST Journal
In WSNs, end-to-end data communication security is required to combine data from source to destination. Combined data are transmitted in a path exist of connected links. All previous end to end routing protocols propose solutions in which each n every link uses a pair wise shared key to protect data. In this paper, we propose a novel design of secure end to end data communication. We give a newly published group key pre distribution scheme in this design, such that there is a unique group key, called path key, to protect data transmitted in the whole routing path. Specifically, instead of using several pair wise shared keys to repeatedly perform encryption and decryption over every link, our proposed scheme uses a unique source to destination path key to protect data transmitted over the path. Our proposed protocol can authenticate sensors to establish the path and to establish the path key. The main advantage using our protocol is to reduce the time needed to process data by middle sensors. Moreover, our proposed authentication scheme has complexity O(n), where n is the number of sensors in a communication path, which is several from all authentication schemes till now, which are one-to-one authentications with complexity O(n2). The security of the protocol is computationally secure. Active Trust can importantly improve the data route success probability and ability opposite black hole attacks and can optimize network lifetime.
misrouting attack in wireless sensor networks under replication attack. agent based security schemes in Security schemes for wireless sensor networks. International journal paper on wireless sensor networks.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
Detecting Various Black Hole Attacks by Using Preventor Node in Wireless Sens...IRJET Journal
This document discusses detecting black hole attacks in wireless sensor networks. It begins with an abstract that introduces black hole attacks as a security threat in mobile ad hoc networks (MANETs) where malicious nodes drop packets. The document then reviews previous work on defending against black hole attacks, including using trust values, dummy nodes, and sequence number verification. It proposes using a "preventor node" to create a secure environment and detect black hole attacks in MANETs to improve network performance and security.
(Paper) An Endorsement Based Mobile Payment System for a Disaster AreaNaoki Shibata
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru Ito : An Endorsement Based Mobile Payment System for A Disaster Area, in Proc. of The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA-2015) (29% acceptance rate), pp.482-489, Mar. 2015. DOI:10.1109/AINA.2015.225
A payment system in a disaster area is essential for people to buy necessities such as groceries, clothing, and medical supplies. However, existing payment systems require the needed communication infrastructures (like wired networks and cellular networks) to enable transactions, so that these systems cannot be relied on in disaster areas, where these communication infrastructures may be destroyed. In this paper, we propose a mobile payment system, adopting infrastructureless mobile adhoc networks (MANETs), which allow users to shop in disaster areas while providing secure transactions. Specifically, we propose an endorsement-based scheme to guarantee each transaction and a scheme to provide monitoring based on location information, and thus achieve transaction validity and reliability. Our mobile payment system can also prevent collusion between two parties and reset and recover attacks by any user. Security is ensured by using location-based mutual monitoring by nearby users, avoiding thereby double spending in the system.
Mobile Ad Hoc On Demand Distance Vector Routing Protocol...Natasha Barnett
This document discusses a proposed Secured PPEM based Multi-Hop Strong Path Geographic Routing protocol for mobile ad hoc networks (MANETs). The protocol aims to enhance security in MANETs by incorporating effective key management, secure neighbor detection, securing routing data, identifying malicious nodes, and eliminating them from routing tables. Simulation results show the protocol increases throughput and packet delivery ratio with a tolerable increase in routing overhead and end-to-end delay compared to existing routing protocols for MANETs.
This document discusses message authentication and source privacy in wireless sensor networks using the RC6 algorithm. It begins by reviewing existing approaches to message authentication like symmetric-key and public-key cryptosystems, which have limitations related to overhead and scalability. The document then proposes using the RC6 algorithm to provide efficient hop-by-hop message authentication and source privacy in wireless sensor networks. It aims to authenticate messages at each forwarding node while also hiding the identity and location of the message sender. The document reviews related work on wireless sensor networks and the network simulator NS-2 before describing the proposed RC6-based approach and its goals of message authentication, source privacy, and efficiency.
This document summarizes a research paper on reducing packet loss in mobile ad hoc networks (MANETs). The paper discusses how MANETs are vulnerable to various security threats like black hole attacks that can cause packet dropping. It evaluates existing authentication schemes like ACK-based schemes that have overhead issues. The paper then proposes a modified ACK-based scheme using finite state automata to overcome decision ambiguity and minimize packet dropping while authenticating nodes in the MANET. Simulation results show that the proposed approach improves packet delivery ratio, throughput and reduces routing load compared to not using secure authentication.
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
More Related Content
Similar to A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKS
This document describes a fast handoff scheme called NodeScan for IEEE 802.11 wireless networks. NodeScan aims to reduce handoff latency by taking advantage of wireless mesh network architecture. It maintains a list of active mesh nodes on the client and transmits authentication requests to all nodes on the list simultaneously instead of scanning channels. This allows the client to discover and connect to a new mesh node quickly. Experimental results on a wireless mesh testbed show that NodeScan can reduce handoff latency compared to standard scanning methods. The scheme requires only a client-side software upgrade to implement.
Administrator&trust based routing protocolNinad Samel
This document proposes a new routing scheme called Administrator and Trust Based Secure Routing (ATSR) for mobile ad hoc networks (MANETs). ATSR selects administrator nodes to route packets based on parameters like battery power, node coverage, reliability, and trust. It uses digital signatures and asymmetric cryptography to provide message confidentiality and integrity. Simulation results show ATSR is efficient, robust, and trustworthy. The document describes the working methodology of ATSR, related work, the proposed algorithms for administrator selection and trust/willingness calculation, packet formats, and security analysis.
Research Inventy : International Journal of Engineering and Scienceinventy
Research Inventy : International Journal of Engineering and Science is published by the group of young academic and industrial researchers with 12 Issues per year. It is an online as well as print version open access journal that provides rapid publication (monthly) of articles in all areas of the subject such as: civil, mechanical, chemical, electronic and computer engineering as well as production and information technology. The Journal welcomes the submission of manuscripts that meet the general criteria of significance and scientific excellence. Papers will be published by rapid process within 20 days after acceptance and peer review process takes only 7 days. All articles published in Research Inventy will be peer-reviewed.
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been
associated to business, socially and in some critical applications like Military etc, The network which is
formed by self configuring wireless links which are connected to each other. These applications are
categorized by hostile environment that they serve while communicating between nodes. However in such
Wireless Network will be more exposed to different types of security attacks. The challenge is to meet
secure network communication. In this paper we focus on cluster based secure communication to improve
the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster
Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures.
The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify
the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens
are requested to classify and expel the attacker nodes which submit wrong reports.
Multi-Level Secret Sharing Scheme for Mobile Ad-Hoc NetworksEswar Publications
In this paper, we are concerned with security for Mobile Ad-hoc Networks (MANETs) using threshold cryptography. When we are applying cryptography to MANETs, key management schemes must provide the cryptographic keys in a secure manner and storing the secret information within the nodes, thwarting the activities of malicious nodes inside a network and is how to distribute the role of the trusted authority among the nodes. Mobile ad hoc networks (MANETs) represent complex distributed systems that comprise wireless mobile nodes that can freely and dynamically self-organize into arbitrary and temporary, ad-hoc network topologies. Secret Sharing Scheme is a method which distributes shares of a secret to a set of participants in such a way that only authorized subset of participants can uniquely reconstruct the secret and an unauthorized subset can get no information about the secret. In this paper we present a new multilevel secret sharing scheme by extending the Shamir’s to the case that the global threshold is strictly greater than the sum of the compartment thresholds and we indicate how to use the threshold secret sharing schemes based on polynomial interpolation. These schemes are based on one-way functions (Discrete Logarithm) which are computationally perfect. In the first scheme the number of public shares grows exponentially with the number of participants. To overcome this disadvantage we proposed two efficient schemes in which the number of public shares ate linearly proportional to the number of participants. Both these schemes are similar except that in the third scheme the identities of the participants are also hidden. In this we also addressed the problem of malicious shareholders that aim to corrupt a secret sharing scheme. To prevent such a threat, legitimate shareholders must detect any modification of shares that has not been issued by a node responsible for the sharing of secret S.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
The TV can assist the authentication of other OBUs.
5)
Mutual authentication: Both the OBU and the TV/LE can authenticate each other to avoid the
impersonation attack.
6)
Resistance to stolen-verified attacks: Even if the adversary obtains the authentication parameters of the
OBU, it still cannot impersonate the OBU.
7)
Resistance to forgery attacks: The adversary cannot forge a valid authentication message to cheat the
TV/LE.
8)
Resistance to modification attacks: The adversary cannot modify the authentication message without
being detected.
9)
Resistance to replay attacks: The adversary cannot replay the previous valid authentication message to
A Case Study on Authentication of Wireless Sensor Network based on Virtual Ce...AM Publications
This document presents a case study on authentication in wireless sensor networks using virtual certificate authorities. It discusses how sensor nodes can securely transmit data when moving across different wireless sensor networks. The proposed approach uses virtual certificates issued by a virtual certificate authority to authenticate moving sensor nodes. Simulation results show that the virtual certificate scheme reduces collisions compared to previous authentication algorithms. The scheme enhances security, scalability and interoperability while supporting node mobility across wireless sensor networks.
A SECURE CLUSTER BASED COMMUNICATION IN WIRELESS NETWORK USING CRYPTOGRAPHIC ...IJNSA Journal
Mobile Adhoc Networks are becoming very popular in current Wireless Technology, which is been associated to business, socially and in some critical applications like Military etc, The network which is formed by self configuring wireless links which are connected to each other. These applications are categorized by hostile environment that they serve while communicating between nodes. However in such Wireless Network will be more exposed to different types of security attacks. The challenge is to meet secure network communication. In this paper we focus on cluster based secure communication to improve the reliability between clusters. In this scheme the Cluster Members (CM) submits a report to the Cluster Head (CH) and temporarily stores Evidences as a security tokens. The reports contain digital signatures. The CH will verify the consistency of the CM report and updates to Accounting Centre (AC). AC will verify the uniformity of reports and clears the cryptographic operations. For attacker nodes, the security tokens are requested to classify and expel the attacker nodes which submit wrong reports.
To Design a Hybrid Algorithm to Detect and Eliminate Wormhole Attack in Wirel...IRJET Journal
This document proposes a hybrid algorithm to detect and eliminate wormhole attacks in wireless mesh networks. It describes how wormhole attacks work by establishing a tunnel between two malicious nodes. Most existing defenses are not secure against different types of wormhole attacks. The proposed algorithm aims to detect wormholes by calculating the neighbor list and directional neighbor list of the source node to approximate node locations and identify the effects of wormhole attacks. The performance is evaluated by varying the number of wormholes. The results show the algorithm is effective at detecting wormholes and its impact on the network.
Optimizing On Demand Weight -Based Clustering Using Trust Model for Mobile Ad...ijasuc
Mobile ad hoc networks are growing in popularity due to the explosive growth of modern
devices with wireless capability such as laptop, mobile phones, PDA, etc., makes the application more
challenging. The mobile nodes are vulnerable to security attacks. To protect the ad hoc network it is
essential to evaluate the trust worthiness. The proposed TWCA is similar to WCA in terms of cluster
formation and cluster head election. However, in WCA security features are not included. The proposed
TWCA is a cluster based trust evaluation, in which the mobile nodes are grouped into clusters with one
cluster head. It establishes trust relationship for the cluster based on the previous transaction result. The
simulation result confirms the efficiency of our scheme than the WCA and SEMC.
This document summarizes a research paper that proposes a decentralized e-voting system using blockchain technology. It begins with an abstract that outlines the limitations of current centralized electronic voting systems and how blockchain could address issues like proxy voting, re-voting, and lack of verifiability. The paper then reviews relevant literature on blockchain voting protocols. It proposes a novel e-voting system that implements a voting protocol as a smart contract on the Ethereum blockchain. This would create nodes for each user to securely store encrypted votes on the distributed ledger in a transparent and verifiable manner, suitable for medium-sized elections.
A Novel Multipoint Relay based Secure Routing in MANETIJNSA Journal
Security in routing is a challenging issue in mobile ad-hoc (MANET) network because of its open nature, infrastructure less property, mobility and energy constraints. Messages typically roam in multi-hopped fashion and nodes may be powered by limited energy source and with limited physical security. So we proposed a new scheme which is significantly different from others available schemes to provide security during routing in mobile ad hoc networks. In this paper, our proposed scheme, Secure Multipoint Relay based Routing in MANET (SMRR) provides routing based on trust, which is an integer value that helps to select Multipoint Relay (administrator) inside the network for routing. We have also implemented the message confidentiality and integrity in our proposed scheme. Our simulation results show the robustness, reliability and trustworthiness of our scheme.
Secure and Trustable Routing in WSN for End to End CommunicationIJMTST Journal
In WSNs, end-to-end data communication security is required to combine data from source to destination. Combined data are transmitted in a path exist of connected links. All previous end to end routing protocols propose solutions in which each n every link uses a pair wise shared key to protect data. In this paper, we propose a novel design of secure end to end data communication. We give a newly published group key pre distribution scheme in this design, such that there is a unique group key, called path key, to protect data transmitted in the whole routing path. Specifically, instead of using several pair wise shared keys to repeatedly perform encryption and decryption over every link, our proposed scheme uses a unique source to destination path key to protect data transmitted over the path. Our proposed protocol can authenticate sensors to establish the path and to establish the path key. The main advantage using our protocol is to reduce the time needed to process data by middle sensors. Moreover, our proposed authentication scheme has complexity O(n), where n is the number of sensors in a communication path, which is several from all authentication schemes till now, which are one-to-one authentications with complexity O(n2). The security of the protocol is computationally secure. Active Trust can importantly improve the data route success probability and ability opposite black hole attacks and can optimize network lifetime.
misrouting attack in wireless sensor networks under replication attack. agent based security schemes in Security schemes for wireless sensor networks. International journal paper on wireless sensor networks.
ASSURED NEIGHBOR BASED COUNTER PROTOCOL ON MAC-LAYER PROVIDING SECURITY IN MO...cscpconf
In this paper, we have taken out the concern of security on a Medium Access Control layer
implementing Assured Neighbor based Security Protocol to provide the authentication,
confidentiality and taking in consideration High speed transmission by providing security in
parallel manner in both Routing and Link Layer of Mobile Ad hoc Networks. We basically
divide the protocol into two different segments as the first portion concentrates, based on
Routing layer information; we implement the scheme for the detection and isolation of the
malicious nodes. The trust counter for each node is maintained which actively increased and
decreased considering the trust value for the packet forwarding. The threshold level is defined differencing the malicious and non malicious nodes. If the value of the node in trust counter lacks below the threshold value then the node is considered as malicious. The second part focus on providing the security in the link layer, the security is provided using CTR (Counter) approach for authentication and encryption. Hence simulating the results in NS-2, we come to conclude that the proposed protocol can attain high packet delivery over various intruders while attaining low delays and overheads.
Detecting Various Black Hole Attacks by Using Preventor Node in Wireless Sens...IRJET Journal
This document discusses detecting black hole attacks in wireless sensor networks. It begins with an abstract that introduces black hole attacks as a security threat in mobile ad hoc networks (MANETs) where malicious nodes drop packets. The document then reviews previous work on defending against black hole attacks, including using trust values, dummy nodes, and sequence number verification. It proposes using a "preventor node" to create a secure environment and detect black hole attacks in MANETs to improve network performance and security.
(Paper) An Endorsement Based Mobile Payment System for a Disaster AreaNaoki Shibata
Babatunde Ojetunde, Naoki Shibata, Juntao Gao, and Minoru Ito : An Endorsement Based Mobile Payment System for A Disaster Area, in Proc. of The 29th IEEE International Conference on Advanced Information Networking and Applications (AINA-2015) (29% acceptance rate), pp.482-489, Mar. 2015. DOI:10.1109/AINA.2015.225
A payment system in a disaster area is essential for people to buy necessities such as groceries, clothing, and medical supplies. However, existing payment systems require the needed communication infrastructures (like wired networks and cellular networks) to enable transactions, so that these systems cannot be relied on in disaster areas, where these communication infrastructures may be destroyed. In this paper, we propose a mobile payment system, adopting infrastructureless mobile adhoc networks (MANETs), which allow users to shop in disaster areas while providing secure transactions. Specifically, we propose an endorsement-based scheme to guarantee each transaction and a scheme to provide monitoring based on location information, and thus achieve transaction validity and reliability. Our mobile payment system can also prevent collusion between two parties and reset and recover attacks by any user. Security is ensured by using location-based mutual monitoring by nearby users, avoiding thereby double spending in the system.
Mobile Ad Hoc On Demand Distance Vector Routing Protocol...Natasha Barnett
This document discusses a proposed Secured PPEM based Multi-Hop Strong Path Geographic Routing protocol for mobile ad hoc networks (MANETs). The protocol aims to enhance security in MANETs by incorporating effective key management, secure neighbor detection, securing routing data, identifying malicious nodes, and eliminating them from routing tables. Simulation results show the protocol increases throughput and packet delivery ratio with a tolerable increase in routing overhead and end-to-end delay compared to existing routing protocols for MANETs.
This document discusses message authentication and source privacy in wireless sensor networks using the RC6 algorithm. It begins by reviewing existing approaches to message authentication like symmetric-key and public-key cryptosystems, which have limitations related to overhead and scalability. The document then proposes using the RC6 algorithm to provide efficient hop-by-hop message authentication and source privacy in wireless sensor networks. It aims to authenticate messages at each forwarding node while also hiding the identity and location of the message sender. The document reviews related work on wireless sensor networks and the network simulator NS-2 before describing the proposed RC6-based approach and its goals of message authentication, source privacy, and efficiency.
This document summarizes a research paper on reducing packet loss in mobile ad hoc networks (MANETs). The paper discusses how MANETs are vulnerable to various security threats like black hole attacks that can cause packet dropping. It evaluates existing authentication schemes like ACK-based schemes that have overhead issues. The paper then proposes a modified ACK-based scheme using finite state automata to overcome decision ambiguity and minimize packet dropping while authenticating nodes in the MANET. Simulation results show that the proposed approach improves packet delivery ratio, throughput and reduces routing load compared to not using secure authentication.
Similar to A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKS (20)
Batteries -Introduction – Types of Batteries – discharging and charging of battery - characteristics of battery –battery rating- various tests on battery- – Primary battery: silver button cell- Secondary battery :Ni-Cd battery-modern battery: lithium ion battery-maintenance of batteries-choices of batteries for electric vehicle applications.
Fuel Cells: Introduction- importance and classification of fuel cells - description, principle, components, applications of fuel cells: H2-O2 fuel cell, alkaline fuel cell, molten carbonate fuel cell and direct methanol fuel cells.
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Comparative analysis between traditional aquaponics and reconstructed aquapon...bijceesjournal
The aquaponic system of planting is a method that does not require soil usage. It is a method that only needs water, fish, lava rocks (a substitute for soil), and plants. Aquaponic systems are sustainable and environmentally friendly. Its use not only helps to plant in small spaces but also helps reduce artificial chemical use and minimizes excess water use, as aquaponics consumes 90% less water than soil-based gardening. The study applied a descriptive and experimental design to assess and compare conventional and reconstructed aquaponic methods for reproducing tomatoes. The researchers created an observation checklist to determine the significant factors of the study. The study aims to determine the significant difference between traditional aquaponics and reconstructed aquaponics systems propagating tomatoes in terms of height, weight, girth, and number of fruits. The reconstructed aquaponics system’s higher growth yield results in a much more nourished crop than the traditional aquaponics system. It is superior in its number of fruits, height, weight, and girth measurement. Moreover, the reconstructed aquaponics system is proven to eliminate all the hindrances present in the traditional aquaponics system, which are overcrowding of fish, algae growth, pest problems, contaminated water, and dead fish.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Discover the latest insights on Data Driven Maintenance with our comprehensive webinar presentation. Learn about traditional maintenance challenges, the right approach to utilizing data, and the benefits of adopting a Data Driven Maintenance strategy. Explore real-world examples, industry best practices, and innovative solutions like FMECA and the D3M model. This presentation, led by expert Jules Oudmans, is essential for asset owners looking to optimize their maintenance processes and leverage digital technologies for improved efficiency and performance. Download now to stay ahead in the evolving maintenance landscape.
CHINA’S GEO-ECONOMIC OUTREACH IN CENTRAL ASIAN COUNTRIES AND FUTURE PROSPECTjpsjournal1
The rivalry between prominent international actors for dominance over Central Asia's hydrocarbon
reserves and the ancient silk trade route, along with China's diplomatic endeavours in the area, has been
referred to as the "New Great Game." This research centres on the power struggle, considering
geopolitical, geostrategic, and geoeconomic variables. Topics including trade, political hegemony, oil
politics, and conventional and nontraditional security are all explored and explained by the researcher.
Using Mackinder's Heartland, Spykman Rimland, and Hegemonic Stability theories, examines China's role
in Central Asia. This study adheres to the empirical epistemological method and has taken care of
objectivity. This study analyze primary and secondary research documents critically to elaborate role of
china’s geo economic outreach in central Asian countries and its future prospect. China is thriving in trade,
pipeline politics, and winning states, according to this study, thanks to important instruments like the
Shanghai Cooperation Organisation and the Belt and Road Economic Initiative. According to this study,
China is seeing significant success in commerce, pipeline politics, and gaining influence on other
governments. This success may be attributed to the effective utilisation of key tools such as the Shanghai
Cooperation Organisation and the Belt and Road Economic Initiative.
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Software Engineering and Project Management - Introduction, Modeling Concepts...Prakhyath Rai
Introduction, Modeling Concepts and Class Modeling: What is Object orientation? What is OO development? OO Themes; Evidence for usefulness of OO development; OO modeling history. Modeling
as Design technique: Modeling, abstraction, The Three models. Class Modeling: Object and Class Concept, Link and associations concepts, Generalization and Inheritance, A sample class model, Navigation of class models, and UML diagrams
Building the Analysis Models: Requirement Analysis, Analysis Model Approaches, Data modeling Concepts, Object Oriented Analysis, Scenario-Based Modeling, Flow-Oriented Modeling, class Based Modeling, Creating a Behavioral Model.
Software Engineering and Project Management - Introduction, Modeling Concepts...
A SECURE ELECTRONIC PAYMENT PROTOCOL FOR WIRELESS MESH NETWORKS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
DOI : 10.5121/ijnsa.2014.6501 01
A SECURE ELECTRONIC PAYMENT
PROTOCOL FOR WIRELESS MESH
NETWORKS
Helen Cheung and Cungang Yang
Department of Electrical and Computer Engineering
Ryerson University
ABSTRACT
Electronic payment systems for wireless mesh networks need to take into account the limited computational
and communicational ability of mesh clients. Micropayment scheme is well suited for this scenario since it
is specifically designed for efficient operations in payment transactions. In this article, we propose a one
way hash chain structure based on which efficient and secure payment protocols that support both prepaid
and credit-based paying schemes are introduced.
KEYWORDS
multiparty micropayment, payment certificate, hash chain, wireless mesh networks, electronic payment
1. INTRODUCTION
There are a few payment models proposed in the literature [5] [6], which can be classified into
two categories: the traditional payment model and the micropayment model. The example
traditional payment model include the credit card platforms [7] [8] and electric cash platform [9].
The traditional payment models allow only one payment in a transaction, which has been widely
adopted for the electric payment applications. These protocols will be too expensive and time-
consuming when applied to inexpensive transactions because of the transaction charges of card
companies and the computational cost of public-key signature verification. They also place a
heavy burden on the computational and storage capabilities of currently available wireless devices.
Micropayment models are designed to allow frequent transfer of very small amounts, perhaps less
than a cent, in a single transaction, which is considered more efficient than the traditional
payment model. The micropayment models are often adopted for mobile and wireless network
applications [3][4]. In this paper, we focus on micropayment schemes because this category not
only directly addresses the limited resources of mobile communications but also is the most
reasonable option for applying to the light-weight payment scheme by mesh clients in wireless
mesh networks. The following requirements should be addressed when designing a suitable
payment mechanism for mesh networks. First, customers expect a robust, secure, and fair
payment mechanism which can be applied in different wireless networks. Second, the payment
mechanism should be light-weight (i.e. with low computational complexity and low
communication overhead) so that it can be easier run on mobile devices. Third, user anonymity
should be achieved. Finally, a payment mechanism should be of low implementation cost.
In this paper, we integrate a new one-way hash chain and the roaming technology to develop
novel payment schemes for mesh networks. The main goal is to minimize the number of public-
key operations required per payment, using hash operations instead whenever possible. As a
2. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
2
rough guide, hash functions are about 100 times faster than RSA signature verification, and about
10,000 times faster than RSA signature generation. The contributions of this work are
summarized as follows: First, the ticket-base approach supporting authentication and secure
billing functionalities makes these two fundamental security operations in mesh networks more
efficient. Second, it proposes a novice user-user payment scheme which provides credits so as to
encourage MCs (mesh clients) to relay packets for other MCs. Third, the payment schemes
support intra-domain roaming. The commutation and communication cost of the billing on intra-
domain roaming is more efficient than the cost when a MC logs in.
The remainder of this paper is organized as follow: In section 2, we introduce the effective one-
way hash chain. In section 3, we study ticket-based electronic payment protocol in more details.
Security analysis of the proposed payment protocol is explained in section 4. Section 5
demonstrates the performance analysis. Section 6 discuss the related works. The paper is
concluded in section 7.
2. EFFICIENT ONE-WAY HASH CHAIN
Hash values from a user-generated hash chain can be used as authenticated payment tokens. A
one-way chain (V0 … VN) is a collection of values such that each value Vi (except the last value
VN) is a one-way function of the next value Vi+1. In particular, we have that Vi = H(Vi+1), for 0 ≤ i
< N. Here, H is a one-way function, and is often selected as a cryptographic hash function. A
drawback of traditional one-way chains is that the verifier has to perform j-i operations to validate
Vj given Vi, which can be expensive if j-i is large. This weakness is solved by the hierarchical
one-way chain that is more efficient.
A hierarchical one-way chain consists of two or more levels of chains, where values of a first-
level (“primary”) chain act as roots of a set of second-level (“secondary”) chains[1]. We refer to
the secondary chain rooted in the ith value of the primary chain as the ith secondary chain. Here,
all the values of the ith secondary chain are released before any of the values of the i + 1st chain
is released; the primary chain value Vi is released in between. In a hierarchical one-way chain, all
end-values need to be authenticated – both that of the primary chain and those of all secondary
chains. The drawback of the hierarchical one-way chain is that the loss of the end value of a
secondary hash chain prevents the verifier to authenticate secondary chain values until the next
value of the primary chain is disclosed.
3. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
3
Spending order
V0,m V1,m V2,m V3,m VN-1,m VN,m
V1,2 V2,2 V3,2 VN,2
Spending
order
V1,1 V2,1 V3,1 VN,1
V1,0 V2,0 V3,0 VN,0
W0 W1 W2 WN-1
Figure 1. Efficient One-Way Hash Chain
We propose a secure and efficient hierarchy one way chain (see Figure 1) where VN,m is private
information and m, N, V0, m and W0 W1 W2 ...WN-1 are public information. The hash chain is
generated by broker and is assigned to MCs or MRs (mesh routers). Before the start of the
transactions, MC/MR sends the public information m, N, V0, m and W0 W1 W2 ...WN-1 to MR/MC.
Payment token are m+1 elements of the secondary chains. MR/MC authenticates V1, 0 using W0 =
h(V1, 0||V0, m). This authentication ensures the correctness of the token values from the same
hierarchy hash chain. For the following end values of secondary chain, MR/MC can authenticate
them as follows:
Wi = h(Vi+1,0 ||Vi,m) (i≥0)
where Wi and V0,m are public information and MC/MR may retransmits them periodically. Vn,m is
private information only hold secretly by MC/MR.
The proposed hash chain efficiently authenticates the end-values of the secondary chain at any
moment, without assuming any additional authentication protocols. In the meantime, it does not
have the problem as the approach proposed by Liu and Ning [1].
If a hash chain is not used up, MCs could still use its remaining tokens when roams to a different
MR of the same mesh domain. MCs need to notify new MR the most recent hash value used and
its index in the hash chain.
The advantages of the proposed one-way hash chain are as follows: (1) it voids the long chain of
the one-way hash chain. The hierarchy one way chain allows MC/MR to reduce storage. (2) it
does not need a protocol to authenticate the end values of the hash chain. (3) it is efficient: a
MC/MR who received the authentic values such as V0, m and W0 W1 W2 ...WN-1 can efficiently
authenticate secondary chain in hash chain generated by Vi,0 This approach substantially reduces
the verification overhead for a new MR/MC that needs to catch up to current value of the chain.
4. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
4
3. TICKET-BASED ELECTRONIC PAYMENT PROTOCOL
A ticket purchased by the MCs from a broker includes the information of the hierarchy hash chain.
The tokens must be spent through its associated MR, who prevents cheating by the MC. Cheating
by the MR itself will be detected after the fact. The payment tokens MR collected can be
efficiently redeemed from the brokers. Unspent tokens can be spent on a different MR to access a
different destination, but utilizing the MRs in the same mesh domain to prevent double spending.
If further accesses are not made, tokens may later be refunded by the issuing broker.
The goal of this research is to design ticket-based protocols that support both secure mutual
authentication and billing. After MC and MR mutually authenticate with each other[2], MCs
access the mesh network and pay for the services through the tokens of the hierarchy hash chain
approach.
The payment protocols support two types of paying schemes: directly buy tokens of hash chain
with the pre-paid scheme and pay later with credit-based scheme. A MC/MR can apply either or
both types of paying schemes from the broker. Normally, a ticket only can be used for one mesh
domain. The billing server of the domain is in charge of controlling the credit limit or the balance
of tickets to avoid MC using a hash token chain more than one time for pre-paid scheme or spent
beyond the credit limit of the credit-based scheme.
• Pre-paid: MC/MR purchase hash chains from brokers before accessing the mesh network.
The chain related information will be added to the MC/MR’s ticket. Broker may issue
multiple pre-paid tickets to a MC.
• Credit-based: the broker assigns a credit limit for MCs. The broker determines the credit
limit for each MC ticket. Broker may issue multiple credit-based tickets to a MC.
However, the total remaining credit limits of all a MC’s tickets must not greater than
his/her credit limit. The broker also determines a credit limit for MRs in a mesh domain.
Credit-related information will be added to MR/MC’s ticket.
For the credit-based scheme, MC/MR pay bills to his/her broker, the broker continues updating
the credit balance of the MC/MR. If the MC/MR has available credit, the broker can generate new
ticket for him/her.
MC can use the same ticket to roam different MRs in the same domain. A MR will inform the
billing server the most recent balance of a MC’s ticket when the MC roams out of its covering
area. The billing server of the mesh domain will update the balance of MC’s ticket afterwards.
Broker will also issue multiple credit-base tickets to MR if the balance of the tickets is within the
limits of the domain’s credit.
Prepaid and credit-based payment approaches need the support of mutual authentication. The MR
authenticates MCs to ensure that the MC is trusted. MC authenticates MR to prevent bogus MRs
asking higher unit token fee to MCs. This mutual authentication is based on the tickets signed by
brokers [2].
A ticket includes the information of credit limit or the balance of MC/MR. The billing server
always checks the balance or credit limit, if the balance or credit is beyond the limit, the billing
server will notify the MR to cut the MC’s service.
In the design of the protocols, the beacon message of a MR should include the information of its
service fee and relaying fee. MCs need to know this public information before roaming to a new
MR or agreeing to provide the relaying service for other MCs.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
5
We will discuss the ticket-based payment approach for the following two different cases:
(1) Multiple hops between MC and its associated MR
The multiple hops case describes the situation that a MC is at an arbitrary number of hops
away from the MR. The MR that MC associated is defined as the associate MR which is
in charge of authenticating MC, implementing billing protocol with MC and sending the
billing update information to billing server.
Figure 2. Payment Scheme for Multiple Hops between a MC and its Associated MR
In Figure 2, suppose MC is associated with MR1 and both MC and MR1 have bought tickets
separately from their brokers, the procedure of the billing scheme for multiple hops is as follows:
o MC pays MR1 with the tokens which value is the addition of service fee for MR1
and relaying fee for MC1, MC2 and MC3
o MR1 pays tokens for relaying fees of MC1, MC2 and MC3 on behalf of MC
o MR1 collects the tokens from MC and submit them to the billing server
o Billing server get the fund from MC’s broker
o MC1, MC2 and MC3 collects the tokens from MR1 and get the fund from MR1’s
broker
(2) One hop between a MC and its associated MR
It is a special case of multiple hops. If a MC can reach the MR directly, the general
procedure of the billing process is as follows:
o MC pays tokens to MR1. MR1 collects the tokens and submits to the billing
server
o Billing server get the fund from MC’s broker
Figure 3. Payment Scheme for One Hop between a MC and MR1
3.1 Payment Hash Chain
Tokens are fundamental component of the payment hash chain. In the prepaid scheme, MC/MR
needs to pay first to purchase payment hash chain from brokers. Brokers also need to assign
payment hash chains for MC/MR in the credit-based approach and send bill to redeem from
MR/MC later.
To avoid double spend of a hash chain, each chain only can be used for one mesh domain. MC
needs to prepare different chains for different domains. In the meantime, a MC/MR could also
hold multiple hash chains for a single domain.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
6
Two types of payment hash chains are designed: one for MCs and the other is for MRs. MC’s
hash chain pays tokens to MR it associates. MR’s hash chain pays relaying MCs on the route.
The format of purchase hash chain for MC:
PMC: IDpmc, W0 W1 W2 ...WN-1, V0,m, m, N, MC, Date, Domain, Value, Ticket Credit
IDpmc: id of the hash chain
W0 W1 W2 ...WN-1, V0,m, m, N: public information of hierarchical hash chain
Domain: the only domain that the hash chain could be used.
MC: id of the MC
Date: the expiry date that the ticket is to be expired
Value/Credit: the purchased value or credit limit of the chain
Billing server keeps the record of the PMC and continues to update the balance/credit of the MC
whenever he/she logs in or roams in the same mesh domain. If there is no balance or credit, the
billing server requests MC to provide a new ticket or ask MR to directly cut off the service. Each
payment hash chain only can be used in a specific domain. The payment chain of MC is added to
its ticket which will be signed by the MC’s broker.
The format of purchase hash chain for MR:
PMR: IDpmr, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, MR, Credit/Value, Date
IDpmr: id of the hash chain
W0 W1 W2 ...WN-1, V0,m, m, N: public information of hierarchical hash chain
Domain: the only domain that the hash chain could be used.
MR: id of the MR
Date: the date that the ticket is to be expired
Value/Credit: the purchased value or credit limit of the chain
Purchase hash chain is a part of MR’s ticket [2] which will be signed by the broker.
3.2 Billing Protocol
3.2.1 Login Billing Protocol for Multiple Hops
If a MC cannot directly reach MR, their communication could be relayed by other MCs. To
encourage MCs to support packet relaying for others, a relaying fee is provided as a bonus. MR
prepares a contract in which each relaying MC need to add its MAC. These MAC values prove
that these MCs are on the route of the traffic and have provided the relaying service and therefore
should receive the bonus. Moreover, MC prepares a contract for its associated MR. MC’s contract
proves to broker that MR provides service and therefore redeem the tokens of the MC.
The contract issued by MC:
MC, MR, Pstart, Unit Fee, PMC, Brokerid
MC: ID of MC
MR: ID of MR
Unit fee: unit fee for each token
Pstart: start index of the MR’s hash chain
PMC: payment chain
7. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
7
Brokerid: ID of the broker
The contract issued by MR:
MR, Pstart, Fee of Relay, PMR, Brokerid, MACs
MR: ID of the MR who issues the contract and distributes it to relaying MCs.
Pstart: start index of the MR’s hash chain
MACs: MACs generated by relaying MCs and adds to the contract
The detail of the login billing protocol shown in figure 4 is as follows:
o From the beacon message, MC knows the service and relaying fee of its associated MR.
MC and MR mutual authenticate each other by exchanging their tickets. MR checks the
domain of the purchase hash chain from the MC’s ticket and then transfers it to the billing
server.
o The billing server checks if the MC has ever visited the domain and the balance or
remaining credit of his/her ticket. The billing server will notify MR the index where the
hash chain should be started if the payment chain has balance or credit. The billing server
records index of MC’s hash chain when the last time he/she visits the domain. If the MC
is new to the domain, the index value should be the beginning of the MC’s hash chain.
o The MR will then inform the MC the unit fee of a token. If MC agrees with this, it
generates a contract which includes the unit fee and index information. MC signs the
contract and send it back to MR. MR verify the contract and keep it for his future redeem
from broker.
o MR generates a contract and distributes it to all relaying MCs on the route. All relaying
MCs will add its MAC to the contract. Each MAC key is shared by MC and the broker.
MR signs the contract and sends it to all the relaying MCs.
o MC starts and keeps releasing hash tokens from the start index. Each token will be
verified by MR. MR also releases tokens from its hash chain that will be verified by all
relaying MCs on the route. If the relaying MC cannot receive the token of the MR as the
bonus of the relaying service, it will stop to provide the relaying service.
The protocol is briefly shown as follows:
Exchange Ticket with Payment Chain Check balance/Credit
Unit fee and current hash value and inde x index and current hash value of the hash
chain
Temporary ticket and the encrypted MAC
key with MC’s public key
unit fee, index and current hash value with MAC value
MC generates contract, sign it. MR1 verify it
MR1 generates the contract and send securely to all relaying MCs
The contract is added with the MAC generated with shared key between neighbours
8. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
8
Each relaying MC verify it and add a MAC (generated with the key shared with
broker)
With the same hop-by hop approach, the contract is sent back to MR1
MR1 sign the final contract and distribute to all relaying MCs
The first token is submitted from MC and verified by MR1
MR1 sends first token to relaying MCs and relaying MCs verify the tokens
The second token is submitted from MC and verified by MR1
MR1 sends second token to relaying MCs and relaying MCs verify the tokens
......
The m token is submitted from MC and verified by MR1
MR1 sends m token to relaying MCs and relaying MCs verify the tokens
MC contract, current index and the last hash value of the hash chain
used
Figure 4. login billing protocol for multiple hops
In the case that the topology changes, for example relaying MCs moves out of the route, MR will
ask new joined MCs to sign a new contract with the most recent index of MR’s hash chain.
3.2.2 Login Billing Protocol for One-hop
The login protocol for one hop shown in figure 5 is a special case of the protocol of multiple
hops. The general procedural of the protocol for one hop is as follows:
o MC and MR mutual authenticate each other by exchanging their tickets. MR verifies the
domain of the payment chain in the ticket and transfers the ticket to the billing server.
o The billing server verifies if MC has visited the domain before and checks his/her balance
or remaining credit. The billing server will notify MR the index where the hash chain
should be started if the payment chain has balance or credit. The billing server records the
hash chain information whenever MC roams leaves the domain. If the MC is new to the
domain, the index should be the beginning of the hash chain.
o The MR informs the MC his/her balance, unit token fee, and start index of the token. If
MC agree with the information from MR, it generates a contract and send to MR1
o MC starts and keeps releasing hash tokens from the start index. Each token will be
verified by MR.
Exchange Ticket with
Payment Chain Check balance/Credit of the MC
9. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
9
Unit fee and current hash value and index index and current hash value of the hash chain
Temporary ticket and the encrypted MAC
key with MC’s public key
Encrypt unit fee and current hash value and
index with the MAC key
MC generates contract, sign it. MR1 verify it
The first token is submitted from MC and verified by MR1
The second token is submitted from MC and verified by MR1
......
The m token is submitted from MC and verified by MR1
MC contract, current index and the last hash value of the hash chain used
Figure 5. Login Billing Protocol for One-hop
3.3 Billing Issues During Intra-domain Roaming
When a MC roams, for example, from MR1 to MR2 of the same domain in the mesh network,
MR1 needs to securely forward the MC’s MAC key and the balance/credit of MC to MR2. MC2
monitor the balance of MC and will stop the service once the balance is used up. In the mean
time, MR1 submits MC’s contract, balance of the contract, the collected tokens from MC and the
record of delivered tokens to the billing server. Billing server will verify this message and update
the MC’s balance. Billing server collects these information for fund redeem from the broker.
Since the new balance of MC is securely forwarded from MR1, MR2 does not need to recheck the
balance of the MC from the billing server. Also, the index of the current token chain of MC’s is
also forwarded from MR1 to MR2. For the case of one-hop, only MC1 generates contract. For the
case of multiple hops, MR2 will create the contracts according to new start index and the balance
forwarded from MR1. If no balance value and contract are forwarded, MR2 will implement the
login process as indicated in section 3.2.1.
The Intra-domain Billing Protocol for One-hop shown in figure 6 is as follows:
MC show temporary ticket
unit fee and index with the MAC key
10. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
10
MC generates contract, sign it. MR2 verify it
The first token is submitted from MC and verified by MR2
The second token is submitted from MC and verified by MR2
......
The m token is submitted from MC and verified by MR2
MC contract, current index and the last hash value of the hash chain used
Figure 6. Intra-domain Billing Protocol for One-hop
The Intra-domain Billing Protocol for Multiple Hop shown in figure 7 is as follows:
Temporary Ticket
Unit fee, index with MAC
MC generates contract, sign it. MR2 verify it
MR2 generates the contract and send securely to all relaying MCs
The contract is added with the MAC generated with shared key between neighbours
Each relaying MC verify it and add a MAC (generated with the key shared with
broker)
With the same hop-by-hop approach, the contract is sent back to MR2
MR2 sign the final contract and distribute to all relaying MCs
The first token is submitted from MC and verified by MR2
MR2 sends first token to relaying MCs and relaying MCs verify the tokens
The second token is submitted from MC and verified by MR2
MR2 sends second token to relaying MCs and relaying MCs verify the tokens
......
The m token is submitted from MC and verified by MR2
MR2 sends m token to relaying MCs and relaying MCs verify the tokens
MC contract, current index and the last hash value of the hash chain
used
11. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
11
Figure 7. Intra-domain Billing Protocol for Multiple Hop
Comparing with login billing protocols, the intra-domain billing schemes have one more
advantage: when perform intra-domain roam, MR2 doesn’t need to perform signature verification
for authentication and billing procedure. Symmetric key encryption is employed for securely
transfer the balance and start index of MC1 between MR1 and MR2.
Since the authentication and the billing information are in the same ticket, very limited expensive
signature verifications are required for both authentication and billing procedure between MC and
MR. Once the MC passed the authentication and its hash chain balance/credit is available, it will
be more efficient for MC to perform intra-domain roam in mesh networks.
3.4 Fee Clearance
MRs always needs to submit MC’s contracts and his/her current index to the billing server.
Periodically, after collecting this information from all MRs in the same domain, the billing server
transfers it to the broker for fund redeeming. The broker verifies MC’s signature and ensure that
MC should pay the MRs. The amount is calculated according to the number of hashed tokens
received and the unit token fee identified in the MC’s contract.
On the other hand, contract generated by MR proves which relaying MCs are involved in the
relaying process and should receive the relaying fee from the MR. Relaying MC submits the
contract the MR signed and the most current index of MR’s hash chain. Broker verifies the
contract and calculates the fund based on the current index and unit relaying fee described in the
MR’s contract.
4. SECURITY ANALYSIS
There are a few useful features of the proposed payment scheme including the avoidance of
overspending and double spending, the fairness, the user anonymity, and privacy. The proposed
scheme meets the security requirements of mesh networks and is secure against various attacks.
(1) Outsider attack: An attacker cannot obtain value during a payment chain purchase from a
broker. The ticket signed by broker can be obtained by an eavesdropper. However, the
attacker cannot generate token because the secret information Vn,m of the hash chains is
not known by the outside attackers. Also an attacker cannot redeem value even if all
payment messages are observed. MC or MR will not release tokens until a contract has
been received. The contracts indicate the MCs or MR who can redeem the tokens and the
unit fee of each token. Redeeming relaying MCs or MR must authenticate themselves
using a signature to broker. The outsider attacker cannot redeem without the correct
signature for authentication. An attacker cannot impersonate a valid MC or MR. A valid
MR or MC holds a public key certificate. With the support of bop by hop authentication
between neighbours, even if the outsider attacker can get the certificate, he will be
identified in the contract and will be detected by its neighbours. The attacker-signed
pricing contract is also a proof of fraud.
(2) MC attacks: for pre-paid scheme, the MC cannot spend more than the total value of a
hash chain in the ticket. The billing server will track the balance of the MC’s ticket and
prevent the hash value being exceeded. For credit-based scheme, the MC cannot spend
more than the limit credit from the broker. For each credit-based ticket, each ticket is
specific design for a domain. The billing server of the domain will monitor the balance of
the ticket and ensure the credit will not be exceeded. The broker will issue new tickets for
MCs only if the credit balance of the MC is still within the limit credit of the MC.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
12
Moreover, a MC cannot double spend a hash chain of a ticket. A ticket with a payment
hash chain must be spent through MRs of the specific domain that defined for the hash
chain. The billing server will track the balance of the hash chain and will not allow hash
chain to be double spent. Furthermore, anonymity is provided: MC use tickets which
including the hash chains for the billing purpose. The tickets issued by broker only
include the ID of the user. The real identity only known by broker. The mesh network
cannot know the real identity of customers.
(3) Relaying MC Fraud: the relaying MC cannot obtain more than paid by MR. The value of
the payment to a relaying MC is specified in the MR’s contract. The broker will use the
contract and number of tokens the relaying obtained by the relaying MC to calculate how
much is owned by MR. To increase the value per token requires contract to be modified,
which is not possible without forging signature. A relaying MC cannot obtain values
belongs to another relaying MC. All relaying MCs redeem the same tokens. To obtain
other relaying MC’s value also requires the forged digital signature. Moreover, contract
cannot be replayed without detection. A relaying MC may try to replay an old contract
issued by MR and submit to broker for redeem. The TID in the contract is a random
number that ensure an old contract cannot be replayed.
(4) MR Fraud: payment chain overspending by the MR can be detected. The broker records
the total amount redeemed against a payment chain. When more than the total value
spent, it will be detected by the broker.
5. PERFORMANCE ANALYSIS
In this section, we compare the computation and communication costs of MC and MR when login
and intra-domain payment protocol are carried out. We consider two scenarios: one hop and
multiple hops. Only billing-related computation and communication costs are considered. The
authentication messages of the protocols are not included and the costs of acknowledgement
messages are ignored.
When considering the communication cost of a payment scheme, the size, length, and number of
messages sent between parties must be calculated. When paying for the volume of traffic
transported, or if making frequent payments, the signalling overhead, due to payment process
should be kept small relative to the payload sent. If payment is made to or from a mobile device
over an air interface, with limited or scarce bandwidth, the volume of payment messages should
also be minimized.
We use the numbers in table 1 as the size of the basic micropayment constructions. Since the
chain length will not exceed 216
, thus m is 1 byte and n is 1 byte.
Table 1
Object Size (bytes)
Hierarchical hash chain 18+16*N (N: depth of the chain)
MC Ticket 232
MC contract 15
MR contract (initial) 27
MR contract (final) 36 + 16*S (S: # of relaying MCs)
MC payment hash chain 27 + 16*N (N: depth of the chain)
MR payment hash chain 27 + 16*N (N: depth of the chain)
We use the numbers in table 2 as the size and speed of the cryptographic algorithms.
Table 2
13. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
13
Cryptographic algorithm Size (bytes) Speed (ms)
ECC signature generation 46.4
MD5 hash function 16 0.009
ECC signature verification 92.4
MAC 16 0.015
The computation cost comparisons of login and intra-domain handover in case of one hop are
shown in figure 8 and 9.
Figure 8 Computation Cost
Figure 9. Average Computing Cost Per Payment
We find that the computation cost of MC is about 50% of that of MR. Login and Intra-domain is
almost same for MCs or MRs. In addition, the communication cost for token contribution is low
and the average computation and communication cost prepayment is reduced dramatically with
the increase number of payments. This scheme is optimized for repeated payments to the same
vendor.
The comparisons of communication bandwidth used for login and intra-domain handover in case
of one hop are shown in figure 10 and 11.
0
20
40
60
80
100
120
m=0 m = 10 m=100 m=500
MC login
MC Intra
MR login
MR Intra
0
1
2
3
4
5
6
7
8
9
10
m = 10 m=100 m=500
MC login
MC Intra
MR login
MR Intra
14. International Journal of Network Security & Its A
Figure 10. Communication Bandwidth Used
Figure 11. Average Communication Bandwidth Per Payment
If we don’t consider hash component (m=0), the bandwidth used by intra
less than login protocol of one hop
and intra-domain will gradually become close since the weight of hash will comprise la
the bandwidth of the communication
The computation and communication
hops (the number of hops is 2) are shown in figure
Figure 1
0
100
200
300
400
500
600
700
800
900
m=0
0
50
100
150
200
250
300
m=0
0
20
40
60
80
100
120
m=0
International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
Figure 10. Communication Bandwidth Used
Average Communication Bandwidth Per Payment
hash component (m=0), the bandwidth used by intra-domain of one hop is
less than login protocol of one hop. However, with the addition of hashes, the bandwidth of login
domain will gradually become close since the weight of hash will comprise la
the bandwidth of the communication.
and communication cost of login and intra-domain handover in case of multiple
are shown in figure 12 and 13.
12: Computation cost (number of hops is 2)
m=10 m=50
MC-MR (login)
MR-BS (login)
MC-MR(Intra)
MR-BS(Intra)
m=10 m=50
MC-MR (login)
MR-BS (login)
MC-MR(Intra)
MR-BS(Intra)
m = 10 m=100 m=500
MC login
MC Intra
MR login
MR Intra
Relay MC
pplications (IJNSA), Vol.6, No.5, September 2014
14
domain of one hop is
ith the addition of hashes, the bandwidth of login
domain will gradually become close since the weight of hash will comprise large part of
in case of multiple
15. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
15
Figure 13. Communication cost (number of hops is 2)
We find that the computation costs of login and Intra-domain of MC-MR are very close. The
computation costs of login and Intra-domain of MC-RMC are very close. In addition, the
computation cost of a relaying MC is almost the same as the computation cost of MR.
For multiple hops mesh networks, with a specific number of hops, the communication cost for
login and intra-domain of MC-MR is very close. The communication cost for login and intra-
domain of MR-RMC is also very close. However, the MR-BS for intra-domain is less than that of
the login.
Figure 14. Communication cost (number of hops is 5)
If the number of hops is increase from 2 to 5 (see figure 14), with the increase number of hops,
we find that only the MR-RMC communication cost is increased, but others are not affected.
6. RELATED WORK
In this section, we compare our proposal with other micropayment schemes. PayWord[6] is a
credit-based scheme. Since the hash chain is generated by the user, there is no control of the
credit that the user could have. In our approach, a credit limit has been assigned to each ticket by
the broker to control of credit of MCs. S. M. Yen [11] is a prepaid payment scheme. Each
customer should buy bank tokens in advance which are used to buy merchant. The MicroMint[6]
has double-spending problem. A user may use the same coin to pay two different vendors and the
vendors cannot find it until they check with broker. To overcome this problem, the MicroMint
scheme needs to trace all the users who purchased the coins. (The vendor need to know the users
too so that he can demonstrate who spent those coins). As a result, this schema is not anonymous
any more.
0
100
200
300
400
500
600
700
800
900
1000
m=0 m=10 m=50
MC-MR (login)
MR-BS (login)
MR-RMC(login)
MC-MR(Intra)
MR-BS(Intra)
MR-RMC (Intra)
0
200
400
600
800
1000
1200
m=0 m=10 m=50
MC-MR (login)
MR-BS (login)
MR-RMC(log)
MC-MR(Intra)
MR-BS(Intra)
MR-RMC (Intra)
16. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
16
Zhang proposed a billing scheme for wireless mesh networks[13]. In the protocol scheme, client
and mesh router authenticates each-other and the client has to pay for the services for all the
involved entities. The serving mesh router provides network access and backhaul internet service.
Brokers are responsible for micropayment aggregation among the entities. The scheme comprises
two phases as entity authentication and billing. In the billing scheme, the commitment of payment
structure is user-router specific thus there is no chance of double-spending and double-
redemption. The good feature of the billing scheme is that new signed commitment of payment
structures is not required after route change in ad-hoc network portion as all the relay nodes are
paid by the associated router. The usage of payment structures only one payment chain in
generated but in total multiple chains are used which will reduced the payment chain storage cost
and computation cost of next payment hash generation. However, the scheme is vulnerable to
security risk from the payment chain. The unspent portion of the payment hashes may be claimed
by corrupt routers by changing the payment hash as authenticated hashes are known to him or
user may deny his last payment chain.
Netbill[12] offers a number of advanced features. However, it is relatively expensive: digital
signatures are heavily used. This scheme will not be suitable to be applied to mesh networks.
Yang[10][11] applied symmetric-key cryptography instead that is more efficient than the public
key cryptography and is more suitable for mobile devices. Unfortunately, the symmetric key
cryptography requires more frequent key establishments and updates to prevent the shared key
from being comprised. In our proposed billing scheme, the authentication and billing approach
only use one digital signature and some hash chains. Since the authentication protocol
authenticates mesh clients that are not known beforehand by MR, only symmetric key
cryptography cannot realize the mutual authentication task. However, we have already minimized
the number of the digital signatures in this proposed billing approach. In summary, the related
works are not suitable for the security requirements of mesh networks which have been indicated
in section 1.
7. CONCLUSION
In this paper, we propose the novice billing scheme for login and intra-domain for wireless mesh
networks. The security analysis shows that the protocol is resilient to various kinds of attacks.
The performance analysis proves that the intra-domain billing scheme is more efficient when
compared with login billing approach.
REFERENCES
[1] Donggang Liu and Peng Ning, Efficient distribution of key chain commitments for broadcast
authentication in distributed sensor networks. In Network and Districuted System Security
Symposium, NDSS 2003, pp. 263-276, 2003.
[2] Celia Li and Uyen Trang Nguyen, Trust-based Secure Authentication for Wireless Mesh Networks.
[3] Phone Lin and Hung-yueh Chen, A secure mobile electronic payment architecture platform for
wireless mobile networks IEEE Transactions on Wireless Communications, Vol. 7, No. 7, pp. 2705 –
2713, July 2008.
[4] DongGook Park, Colin Boyd and Ed Dawson, Micropayments for Wireless Communications, Lecture
Notes in Computer Science, Vol. 2015/2001, pp. 192-205.
[5] N. Asokan and P.A. Janson, “The state of the art in electric payment systems,” IEEE Computer,
Vol.30, No.9, Oct, 1998.
[6] R.L. Rivest and A. Shamir, PayWord and MicroMint: Two simple micropayment schemes," Proc. of
Security Protocols Workshop, Lecture Notes in Computer Science, Vol.1189, Springer Verlag, pp.69-
87, 1997.
[7] M. Bellare, J. Garay and R. Hauser, “Design, implementation and deployment of a secure account-
based electronic payment system”, IEEE J. Select. Areas Commun., Vol.18, pp. 611-627, Apr. 2000.
17. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
17
[8] Mastercard and Visa, SET Secure Electronic Transactions Protocol, version 1.0 edition.
[9] F. Medvinsky and B. Neuman, “NetCash: a design for practical electronic currency on the Internet”,
in Proc. First ACM Conference on Computer and Communication Security, pp. 102-106, 1993.
[10] Z. Yang, W. Lang, and Y. Tan., “A new fair micropayment system based on hash chain.”, in Proc.
IEEE International Conference on e-Technology, e-Commerce and e-Service, pp 139-145, 2004.
[11] S. M. Yen, “PayFair: a prepaid Internet micropayment scheme ensuring customer fairness,” in Proc.
IEE Computers and Digital Techniques, Vol. 148, No. 6, pp.207-213, Nov. 2001.
[12] The NetBill Electronic Commerce Project, 1995.
[13] Y. Zhang and Y. Fang, “A secure authentication and billing architecture for wireless mesh networks”,
Wireless Networks, vo. 13, no.5, pp. 663-678, 2007.
APPENDIX A: PERFORMANCE CALCULATION
When considering the communication cost of a payment scheme, the size, length, and number of
messages sent between parties must be calculated. When paying for the volume of traffic
transported, or if making frequent payments, the signalling overhead, due to payment process
should be kept small relative to the payload sent. If payment is made to or from a mobile device
over an air interface, with limited or scarce bandwidth, the volume of payment messages should
also be minimized.
(1) MC Ticket:
TicketMC = MC, Brokerid, Date, PubMC, PMC, SigBroker
(2 bytes) MC: the identifier number of the MC
(2 byte) Brokerid: the identifier number of the broker who issue this ticket
(3 bytes) Date: the expire date and time of the ticket
(20 bytes) PubMC: the public key of the MC
(20 bytes) Sigbroker: the signature signed by the private key of the broker
PMC: IDpmc, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, Value, Ticket Credit
(4 bytes) IDpmc: id of the hash chain
(1 byte) Domain: the only domain that the hash chain could be used.
(2 bytes) Value: the purchased value of the chain for the pre-paid approach.
(2 bytes) Ticket Credit: the credit limit for the ticket.
(160 bytes) W0.... WN-1: 16 bytes * N
(16 bytes) V0,m
(1 bytes) m
(1 bytes) N
Public key of ECC: 20 byte (160bits) key is similar as 128 bytes RSA
MD5 hash and MAC size: 16 bytes
Chain length will not exceed 216
, thus m is 1 byte and n is 1 byte.
Size of the MC Ticket: 72 bytes + 16 N bytes = 232 bytes
To control the size of the ticket, we assume N=10. The number of tokens depends on the number
of m.
(2) Hash size: 16 bytes
(3) MC contract
IDpmc, MC, MR, Pstart, Unit Fee, Brokerid
(2 bytes) MC: ID of MC
(2 bytes) MR: ID of MR
18. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
18
(1 byte) Unit fee: unit fee for each token
(4 bytes) Pstart: start index of the MR’s hash chain
(2 bytes) Brokerid: ID of the broker
(4 bytes) IDpmc
Size of MC contract: 15 bytes
(4) unit fee, index and current hash value with MAC value
1 byte + 4 bytes + 16 bytes + 16 byte = 37 bytes
(5) Current index and the last hash value of the hash chain used (MR send to billing server)
MC contract + 4 bytes + 16 bytes = 15 bytes +4 bytes + 16 bytes = 35 bytes
(6) MR initial contract
MR, Pstart, Fee of Relay, IDpmr, Brokerid, MAC
(2 bytes) MR: ID of MR who issues the contract and distributes it to relaying MCs.
(4 bytes) Pstart: start index of the MR’s hash chain
(16 bytes) MAC
(4 bytes) IDpmr
(1 byte) fee of relay
Size of MR original contract: 27 bytes
(7) PMR: IDpmr, W0 W1 W2 ...WN-1, V0,m, m, N, Domain, MR, Credit/Value, Expiry Date
(4 bytes) ID: id of the hash chain
(1 byte) Domain: the only domain that the hash chain could be used.
(2 bytes) Value: the purchased value of the chain for the pre-paid approach.
(2 bytes) Credit of the ticket: the credit limit for the ticket.
(160 bytes) W0 W1 W2 ...WN-1: 16*N bytes
V0,m: 16 bytes
m: 1 byte
N: 1 byte
Size of PMR: 187bytes
(8) MR final contract
MR, Pstart, Fee of Relay, IDpmr, Brokerid, MACs, Sig
(2 bytes) MR: ID of MR who issues the contract and distributes it to relaying MCs.
(4 bytes) Pstart: start index of the MR’s hash chain
(16 bytes*S) MACs: each relaying MC adds its MAC to the contract
(4 bytes) IDpmr
(1 byte) Fee of Relay
(1 byte) Brokerid
(20 bytes) Sig
Size of MR final contract: 36 + 16*S
One-hop login
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009*m = 46.415 + 0.009m
ECC signature reference: generation: 46.4ms, verify: 92.4ms
19. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
19
MR:
Computation: 1 MAC + Sigverify + m hash
Computation cost: 0.015 + 92.4 + 0.009*m = 92.415 + 0.009m
Communication:
MC-MR: unit fee, index and current hash value with MAC value (37bytes) + MC contract
+
m hash (15 bytes + 16m = 15 + 16m)
Bandwidth: 52 + 16m
MR-BS: MC Ticket 232 bytes + Current index and its hash value of the hash chain used
(35 bytes)
Bandwidth: 267 bytes
Multiple-hop login
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009m = 46.415 + 0.009m
MR:
Computation: 1 MAC + Sigverify + 1 MAC +1 MAC + Siggeneration+m hash +m hash + 1
MAC
Computation cost: 0.015 + 92.4 + 0.03 + 46.4 + 2*0.009m + 0.015 = 138.86 + 0.018m
Relaying MC (with authentication, use this for the combined paper of authentication and billing)
Computation: 2MAC + 2 MAC + m hash + m hash +Sigverify
Computation cost: 4*0.015 + 2*0.009*m + 92.4 = 92.46 + 0.018m
Communication:
MC-MR: MC contract + m hash (15 + 16m) + unit fee, index and current hash
value with MAC value (37)
Bandwidth: 52 + 16m
MR-BS: Ticket size (MR sends to billing server) 232 + Current index and its hash value of the
hash chain used Communication cost (35)
Bandwidth: 267
MR-RMC: 2 * initial contract + the final contract (2 * 63 + 16*S) + m hash (16m)
Bandwidth: 126 + 16S +16m
One-hop Intra-domain:
MC:
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009 * m = 46.415 + 0.009m
MR:
Computation: 1 MAC + Sigverify + m hash
Computation cost: 0.015 + 92.4 + 0.009*m = 92.415 + 0.009m
Communication:
MC-MR: unit fee and index with the MAC key (37 bytes) + MC contract + m hash (15 + 16 *
m)
Bandwidth: 52 + 16m
MR-BS: Current index and its hash value of the hash chain used (35 bytes)
20. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
20
Bandwidth: 35 bytes
Multiple-hop Intra-domain:
MC
Computation: 1 MAC + Siggeneration + m hash
Computation cost: 0.015 + 46.4 + 0.009 * m = 46.415 + 0.009m
MR
Computation: 1 MAC + 1 Sigverify + 1 MAC + Siggeneration + m hash +m hash + 1 MAC
Computation cost: 0.015 + 92.4 + 0.015 + 46.4 + 2 * 0.009 * m + 0.015 = 138.845 +
0.018m
Relaying MC:
Computation: 2 MAC + 1 MAC + Sigverify + m hash
Computation cost: 3 * 0.015 + 92.4 + 0.009 * m = 92.445 + 0.009m
Communication:
MC-MR: MC contract + m hash (15 + 16 * m) + Unit fee, index with MAC (37) +
Bandwidth: 52 + 16m
MR-BS: current index and its hash value of the hash chain used (35)
Bandwidth: 35
MR-RMC: 2 * initial contract + final contract (2 * 63 + 16 * S) + m hash (16m)
Bandwidth: 126 + 16S + 16m
To control the size of the MR final contract, we assume the number of relaying MCs is at most 5.
MC software control that when is asked to join the relay service, it should be not moving or move
at slow speed.
Appendix B: one-way chain
For setup of the one-way chain, the generator chooses at random the root or seed of the chain, i.e.,
the value VN, and derives all previous values Vi by iteratively applying the hash function H.
The value V0, which we refer to as the end-value, is normally made public, and potentially
linked to the identity of the user possessing the corresponding root value.
An example of a standard hash chain:
Hash values from a user-generated hash chain can be used as authenticated payment tokens.
21. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
21
On the first payment to a new vendor, the user signs a commitment to that vendor with a new
hash chain. By including the vendor identity in the commitment, the vendor is linked to the chain,
preventing it being redeemed by other vendors. For each micropayment, the user releases the next
payment hash, the pre-image of the current value, to the vendor. Since the hash function is one-
way, only the user could have generated this value, and knowledge of it can constitute proof of
payment. In essence, the hash chain links the correctness of the current payment to the validity of
previous payments. Each hash value is worth the same amount, which can be specified in the
commitment. A payment of m units is made by releasing the single hash which is the mth pre-
image of the current hash in the chain. The vendor only needs to apply m hashes to verify it.
A broker, or trusted third party, is introduced to aggregate micropayments to many different
vendors. Actual monetary value is claimed by redeeming the highest spent hash token, along with
the commitment, at a broker with whom the user has an account.
By using a hash chain, the computational cost of a payment is now a single hashing operation for
the vendor, after the initial single digital signature verification for a new chain. Where a user
spends n hashes from a chain to make z payments at the vendor the average cost per payment is (n
hashes + 1 signature)/z. Thus, in the worst case, where a user only ever makes a single purchase
from a vendor, the cost is similar to the public key schemes. Therefore, as with the majority of
micropayment systems, the scheme is optimized for repeated payments to the same vendor.
One-way Chain Advantages and Disadvantages
Traditional one-way chains have many advantages. First of all, given only a trusted value Vi of
the chain, it is intractable to find a value Vj , where j > i, such that Hj-i
(Vj ) = Vi (assuming that H
is a secure one-way function and that the output of H is sufficiently large, we further discuss the
security of one-way chains below). However, it is easy to assess the validity of a value Vj, where
j > i, by verifying that Hj-i
(Vj ) = Vi .
Hierarchical One-Way Chains
A hierarchical one-way chain consists of two or more levels of chains, where values of a first-
level (“primary”) chain act as roots of a set of second-level (“secondary”) chains. We refer to the
secondary chain rooted in the ith value of the primary chain as the ith secondary chain. Here, all
the values of the ith secondary chain are released before any of the values of the i + 1st chain is
released; the primary chain value Vi is released in between.
22. International Journal of Network Security & Its Applications (IJNSA), Vol.6, No.5, September 2014
22
Different one-way functions may be used for primary and secondary chains, with the aim of
lowering the communication costs. To set up the hierarchical chain, the generator picks VN at
random and computes the primary chain VN-1…V0. The generator computes the secondary chain
on the fly. A clear advantage is the very efficient setup, as only N/K operations are needed to
compute V0, where K is the length of the secondary chain.
To use this one-way chain, the generator traverses all the secondary chains in sequence (e.g., v00,
v01, v02, v20 …vN0, vN1, vN2) and discloses the values of the primary one-way chain when possible.
A disadvantage of the hierarchical chain is the authentication of end-values of secondary chain.
This hierarchical chain was proposed by Liu and Ning [1]. Liu and Ning propose to use the
TESLA authentication protocol using the primary chain to authenticate the end-values of the
secondary chain. This approach has the shortcoming that the hierarchical chain can only be used
in conjunction with the TESLA authentication protocol, as they propose to authenticate the end-
values of the secondary chain with the TESLA authentication protocol using the primary chain.
The disadvantage of that approach is that the loss of the authentication message prevents the
verifier to authenticate secondary chain values until the next value of the primary chain is
disclosed. Another shortcoming of their approach is that the authentication is staged, as the
generator can only send authentication values at transitions of the primary chain. The tradeoff is
clear, on one hand we would like to have infrequent transitions in the primary chain, but on the
other hand we prefer a short authentication delay.
Note that the all end-values need to be authenticated - both that of the primary chain and those of
all secondary chains. The authentication mechanism by Liu and Ning has several shortcomings.
To overcome these shortcomings, we propose the hash chain scheme enabling efficient
authentication of the end-values of the secondary chain at any moment, without assuming any
additional authentication protocols.
The problem of hierarchical one-way chain is that if the commitment to the end-value of the
secondary chain is lost (for example, if V20 is lost, the verifier must wait for the disclose of V3
before authenticate the whole chain of V2), the verifier has to wait until the generating value of
the secondary chain (i.e., the value of the primary chain) is disclosed.