Research in security within ICS focuses on systems such as future Internet, mobile and satellite. The research topics relate to network, user, device and information security.
- Centralised and distributed key management systems
- Future Internet security protocols including Delay Tolerant Networks (DTN)
- Trust establishment and management between security entities
- User privacy, anonymity and ID management including Intelligent Transport Systems (ITS)
- Interworking between security, QoS and mobility
- Network Coding
- Location Based Encryption
Centralised and distributed key management systems for unicast, multicast and broadcast
The objective of this research is to specify a scalable and adaptable security architecture and key/policy management which is hierarchical and distributed, in order to protect multicast service across cryptographically heterogeneous networks. We investigate different scenarios for instance: mobile scenario for the application such as mobile broadband, fixed network scenario for the application such as SMART METER/broadband access and Delay Tolerant Network (DTN) scenario for the application such as Deep Space.
User privacy including anonymity and ID management
The aim of this research is to design a secure framework where user can obtain its pseudonym and pseudonym certificate. The three layer framework is designed where each layer has its own function and also provides services to the upper layer.
- Layer 1 - allows any node to generate a pseudonym token
- Layer 2 - provides the services of certificate issuance to those nodes which authenticate itself using the pseudonym token generated in layer 2
- Layer 3 - is responsible to revoke malicious pseudonym token
Related area is the Intelligent Transport Systems (ITS), we focus on ITS safety applications and messages. Furthermore, we investigate the Integrity/Authenticity of all ingoing and outgoing messages. In addition, our design provides privacy and long-term unlinkability to every user. Therefore, it will not be possible to link transmissions from the same vehicle over a long time period.
Network Coding allows network routers to mix the information content in incoming packets before forwarding them. This mixing is improving both the throughput and robustness of the network. However, there are the following vulnerabilities against network coding:
- The wiretapping attacks - who eavesdrop some communication signals to recover the message.
- The Jamming attacks (Byzantine attack) - who can inject error packets to the network.
We focus in our research on the following areas:
Multicast communication using network coding and combing network coding and tomographic techniques in order to infer the topology of the network.
Location Based Encryption
It is an enhancement to traditional encryption that makes use of physical location as a means to produce additional security. It limits the access of information content to specified locations. The algorithm does not replace any of the conventional cryptographic algorithms, but instead adds an additional layer of security. Any attempts to access the secure information at an unauthorized location will result in a failure of the decryption process fails.
Our challenge is to design a secure protocol which allows data to be encrypted and decrypted for specific locations. Furthermore, the protocol should be secure against both spoofing and tampering attacks.