Member

Abstract
The scope of this survey is to examine and thoroughly evaluate the cluster-based Group Key Agreement (GKA) protocols for Wireless Sensor Networks (WSNs). Towards this goal, we have grouped the WSNs application environments into two major categories (i.e., infrastructure-based and infrastructureless) and have examined: a) which of the cluster-based Group Key Agreement (GKA) protocols that appear in the literature are applicable to each category, and b) to which degree these protocols will impact the systems' performance and energy consumption. In order to answer these questions we have calculated the complexity of each protocol and the energy cost it will add to the system. The evaluation of all discussed protocols is presented in a generalized way and can therefore serve as a reference point for future evaluations and for the design of new, improved GKA protocols.

Abstract
IEEE 802.16 technology also well known as WiMax is poised to deliver the next step in the wireless evolution. This is further fostered by the 802.16e specification which, amongst other things, introduces support for mobility. The Multicast/Broadcast Service (MBS) is also an integral part of 802.16e destined to deliver next generation services to subscribers. In this paper we concentrate on the Multicast and Broadcast Rekeying Algorithm (MBRA) of 802.16e. This algorithm has been recently criticized for various vulnerabilities and security inefficiencies, as its designers are trying to balance wisely between performance and security. After surveying related work, we extensively discuss MBRA security issues and propose the use of a novel asymmetric group key agreement protocol based on the work in Wu et al. (2009) [3]. Our scheme guarantees secure delivery of keys to all the members of a given group and mandates rekeying upon join and leave events. It can prevent insider attacks since only the Base Station possesses a secret encryption key while all other members in the network acquire the transmitted data by using their secret decryption keys. We compare our scheme with related work and demonstrate that although heavier in terms of computing costs, it compensates when scalability and security come to the foreground.

Abstract
Secure multimedia delivery in modern and future networks is one of the most challenging problems towards the system integration of fourth generation (4G) networks. This integration means that different service and network providers will have to interoperate in order to offer their services to end users. This multidomain environment poses serious threats to the end user who has contract with, and trusts only a limited number of operators and service providers. One such threat is end users’ privacy on which we will focus in this paper. Probably the most promising protocol for multimedia session management is the Session Initiation Protocol (SIP), which is an application layer protocol and thus can operate on top of different lower layer technologies. SIP is quite popular and a lot of research has been conducted; however, it still has some security issues, one of which is related to privacy and more particularly the protection of user identities (IDs). In this paper we comment on the ID privacy issue of SIP and propose a framework called PrivaSIP that can protect either the caller's ID or both the caller's and the callee's IDs in multidomain environments. We present different implementations of our framework based on asymmetric and symmetric cryptography analyzing the pros and cons of each one of them. Furthermore, we provide performance measurements in order to estimate the performance penalty of our framework over standard SIP. The most significant advantage of our method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains, while our results show that this can be achieved with no perceived delay by the end user.

Abstract
A Mobile Ad Hoc Network (MANET) is characterized by the lack of any infrastructure, absence of any kind of centralized administration, frequent mobility of nodes, network partitioning, and wireless connections. These properties make traditional wireline security solutions not straightforwardly applicable in MANETs, and of course, constitute the establishment of a Public Key Infrastructure (PKI) in such networks a cumbersome task. After surveying related work, we propose a novel public key management scheme using the well-known web-of-trust or trust graph model. Our scheme is based on a binary tree formation of the network’s nodes. The binary tree structure is proved very effective for building certificate chains between communicating nodes that are multihops away and the cumbersome problem of certificate chain discovery is avoided.We compare our scheme with related work and show that it presents several advantages, especially when a fair balancing between security and performance is desirable. Simulations of the proposed scheme under different scenarios demonstrate that it is effective in terms of tree formation, join and leave occurrences, and certificate chain establishment.

Abstract
Specification (or modeling) languages can be very handy in describing certain aspects of a system and check properties of interest about it. Also, once a model is constructed, one is able to use the associated analyzer to create examples and/or counterexamples to explore hypotheses posed about the system. In the context of cryptography this verification process is of great importance as it can contribute towards finding weaknesses and assessing system's robustness. This paper capitalizes on the well-known Alloy language to model and analyze attacks on DES triple modes namely ECB|ECB|CBC^-1 and ECB|OFB|OFB. We model attacks described in [9] and show that they can be fruitful in the general case. This work can serve as a framework in modeling similar cryptosystems and assessing certain attacks on them.

Abstract
IEEE 802.16 technology also well known as WiMax is poised to deliver the next step in the wireless evolution. This is further fostered by the 802.16e specification which, amongst other things, introduces support for mobility. The Multicast/Broadcast Service (MBS) is also an integral part of 802.16e destined to deliver next generation services to subscribers. In this paper we concentrate on the Multicast and Broadcast Rekeying Algorithm (MBRA) of 802.16e. This algorithm has been recently criticized for various vulnerabilities and security inefficiencies, as its designers are trying to balance wisely between performance and security. After surveying related work, we extensively discuss MBRA security issues and propose the use of a novel asymmetric group key agreement protocol based on the work in Wu et al. (2009) [3]. Our scheme guarantees secure delivery of keys to all the members of a given group and mandates rekeying upon join and leave events. It can prevent insider attacks since only the Base Station possesses a secret encryption key while all other members in the network acquire the transmitted data by using their secret decryption keys. We compare our scheme with related work and demonstrate that although heavier in terms of computing costs, it compensates when scalability and security come to the foreground.

Abstract
The adoption of Wireless Sensor Networks (WSNs) in the healthcare sector poses many security issues, mainly because medical information is considered particularly sensitive. The security mechanisms employed are expected to be more efficient in terms of energy consumption and scalability in order to cope with the constrained capabilities of WSNs and patients’ mobility. Towards this goal, cluster-based medical WSNs can substantially improve efficiency and scalability. In this context, we have proposed a general framework for cluster-based medical environments on top of which security mechanisms can rely. This framework fully covers the varying needs of both in-hospital environments and environments formed ad hoc for medical emergencies. In this paper, we further elaborate on the security of our proposed solution. We specifically focus on key establishment mechanisms and investigate the group key agreement protocols that can best fit in our framework.

Abstract
The establishment of a public key infrastructure (PKI) in mobile ad hoc networks (MANETs) is considered a difficult task because of the intrinsic characteristics of these networks. The absence of centralized services and the possible network partitions make traditional security solutions not straightforwardly applicable in MANETs. In this paper, we propose a public key management scheme based on a binary tree formation of the network¿s nodes. Using the binary tree structure, certificate chains are easily built between communicating nodes that are multi-hops away and the cumbersome problem of certificate chain discovery is avoided. We argue that our mechanism has several advantages over similar solutions, especially when a fair balancing between security and performance is terminus.

Abstract
Wireless sensor networks are expected to make a significant contribution in the healthcare sector by enabling continuous patient monitoring. Since medical services and the associated to them information are considered particularly sensitive, the employment of wireless sensors in medical environments poses many security issues and challenges. However, security services and the underlying key management mechanisms cannot be seen separately from the efficiency and scalability requirements. Network clustering used in both routing and group key management mechanisms can improve the efficiency and scalability and therefore can also be envisioned in medical environments. This paper introduces a general framework for cluster-based wireless sensor medical environments on the top of which efficient security mechanisms can rely. We describe two different scenarios for infrastructure and infrastructure- less application environments, covering this way a wide area of medical applications (in-hospital and medical emergencies). We also examine the existing group-key management schemes for cluster-based wireless networks and discuss which protocols fit best for each proposed scenario.