A Novel Key Management Scheme for Next Generation Internet: An Attack Resistant and Scalable Approach

A Novel Key Management Scheme for Next Generation Internet: An Attack Resistant and Scalable Approach

Vinod Vijaykumar Kimbahune (Department of Computer Engineering, Smt. Kashibai Navale College of Engineering, Savitribai Phule Pune University, Pune, India), Arvind V. Deshpande (Department of Computer Engineering, Smt. Kashibai Navale College of Engineering, Savitribai Phule Pune University, Pune, India) and Parikshit N. Mahalle (Department of Computer Engineering, Smt. Kashibai Navale College of Engineering, Savitribai Phule Pune University, Pune, India)
Copyright: © 2018 |Pages: 30
DOI: 10.4018/IJISMD.2018010105

Abstract

The computational complexity of the next generation internet (NGI) is increasing at a faster rate. Due to the large scale of ubiquitous devices, effective and secure communication and addressing mechanism is vulnerable to several threats. Apart from resource constraints of the devices, the unknown topology of the network and the higher risk of device capture make the key management a more challenging task in NGI. In this context, a novel attack resistant and salable key management scheme must be in place to enable end-to-end secure communication. In the first part of the article, is a detailed analysis of various threats along with behavioral modeling of attack. Further, this article presents comprehensive literature survey and the gap analysis. The proposed key management scheme has been evaluated in two scenarios viz. centralized and decentralized and its formal security analysis also proves that it is safe from replay attack. The proposed key management scheme has been evaluated with a performance metric like delay and the results shows that it is salable in nature.
Article Preview
Top

Introduction

Today's Internet suffers from its own success. Fortunately, researchers believe that new technologies, protocols, and standards can be developed to meet tomorrow's demands. These advances will start to put us on track to a Next Generation Internet (NGI) offering reliable, affordable, secure information delivery at rates thousands of times faster than today’s rate. Achieving this goal will require research and testing. It is appropriate that the research community is participating in this research activity to achieve all the vision of NGI technology. The emergence of the NGI is mainly oriented toward a series of serious challenges that cannot be solved through limited improvement under the current network architecture.

Figure 1 shows that many mobile devices located within radio range of each other. Few of them can be access points which provide connectivity to the other devices. This paper discusses two addressing schemes: IP addresses which have global acceptance, and MAC addresses used at the local level. These addresses are assigned to all the devices uniquely.

In this scenario, a particular device advertises its information using Neighbor Advertisement message and can request information about its neighbors by a Neighbor Solicitation. In this example, we have to make sure that no two devices use the same addresses for avoiding the duplication of address. IP can be assigned manually or by using local authority.

Assume an attacking device has compromised a legitimate device of the local network. An attacker can either gain control of the relevant device to cause more chaos in the network or creates Denial-of-Service attacks (DoS). It can also try to combine these two attacks to organize and initiate flooding DoS attack. Enemy device redirects as many traffic flow as possible towards a given victim device, in such a way that the latter is overwhelmed.

Figure 1.

Reference Use Case Related to Attacks

IJISMD.2018010105.f01

In Figure 1 devices which are shown in dark colors are the Sybil devices. When these devices want to communicate to their neighboring device they use any one of the identities. When packets transfer at the time these multiple identities will respond as a result it will confuse and collapse the network.

There are several ways by which an attacker can initiate these attacks. An attacking device can spoof a Neighbor Advertisement message; it can cause packets to the legitimate device to be sent to some other link-layer address. Another attack possible is to interrupt Duplicate Address Detection protocol in which the attacking device responds to every Duplicate Address Detection message attempt made by an entering device so that the device is unable to obtain an address.

As mentioned above each device is assigned a unique address, to avoid ambiguity. An attacker can try to break address ownership and uniqueness by initiating a Sybil attack. (Zhang & Shen, 2014) Many networks, like a peer-to-peer network, rely on assumptions of identity, where each device represents one identity. A Sybil attack happens when an insecure device is hacked to claim multiple identities. An attacker with many identities can use them to act maliciously, by either stealing information or disrupting communication. In the case of wireless networks, Sybil attacks are a crucial concern, as the attacker can hack the device and initiate the replication attack.

Complete Article List

Search this Journal:
Reset
Open Access Articles: Forthcoming
Volume 11: 4 Issues (2020): Forthcoming, Available for Pre-Order
Volume 10: 4 Issues (2019)
Volume 9: 4 Issues (2018)
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing