UTC InfoSec Center
Fine-grained Reputation-based Routing in Wireless Ad Hoc Networks
Mobile Ad-hoc Networks (MANETs) are extremely helpful in supporting and forming an instant network when no fixed infrastructure is available. MANETs can support applications in a variety of areas like emergency assistance and inter-vehicle communications. Most developed wireless ad-hoc routing protocols are designed to discover and maintain an active path from source to destination with an assumption that every node is friendly. However, it is possible that the participating nodes may be selfish or malicious. A mechanism to evaluate reputation and trust for each node is essential for the reliability of routing protocol in MANETs.
We integrate reputation and trust management into routing protocols in MANETs. Reputation mechanism is based on constantly monitoring and updating first-hand information and second-hand information. The nodes within the network are able to monitor their neighbors and obtain first-hand information based on the perceived behavior. Second-hand information is obtained from the sharing of first-hand information with other nodes. The nodes thus create total reputation value by a combination of first-hand and second-hand information. The total reputation value is then available to neighboring nodes for routing decisions. Dynamic Source Routing Protocol (DSR) is selected to explore the possibility and benefits resulting from the integration of a reputation and trust management into a routing protocol. Reputation-based routing is designed to improve reliability in both route discovery and maintenance in MANETs.
Alma Cemerlic, Li Yang, Trust-based Routing in Wireless Ad-hoc Networks, Proceedings of ACM Middle-Southeast Conference, Second-place master student awards, Gatlinburg, TN, November, 2006.
Li Yang, Joseph M. Kizza, Alma Cemerlic, and Feiqiong Liu, Fine-grained Reputation-based Routing in Wireless Ad Hoc Networks, submitted.
TMAS A Capstone Project
Hurricane Katrina that devastated the Gulf Coast region in 2005 exposed the management weaknesses and vulnerabilities in both the infrastructure and communication in emergency systems at federal, state, and local levels. Out of this unfortunate situation, UTC became involved in developing a local system to support a timely, secure and reliable emergency communication system. Last year, Total Municipal Awareness System (TMAS) was selected as the capstone project for both undergraduate and graduate students.
Joseph M. Kizza, Li Yang, Andy Novobilski, Kathy Winters, Total Municipal Awareness Systems (TMAS) Capstone Project, Proceedings of Computer Forensics Conference, Las Vegas, 2006.
A Relationship-based Context-aware Flexible Authorization Framework for Mediation Systems
Security is a critical concern for mediator-based data integration among heterogeneous data sources. We provide a modeling and architectural solution to the problem of mediation security that addresses the security challenges including context-awareness, semantic heterogeneity, and multiple security policy specification. A generic, extensible modeling method for the security policies in mediation systems is presented. A series of authorization constraints are identified based on the relationship on the different security components in the mediation systems. Moreover, we enforce the flexible access control to mediation systems while providing uniform access for heterogeneous data sources.
Li Yang, Joseph M. Kizza, Raimund K. Ege, Malek Adjouadi, A Relationship-based Flexible Authorization Framework for Mediation Systems, Proceedings of Software Engineering and Knowledge Engineering (SEKE06), pages 381-385, San Francisco, CA, July, 2006.
Li Yang, Joseph M. Kizza, Raimund K. Ege, A Flexible Context-Aware Authorization Framework for Mediation Systems, Proceedings of IEEE Intelligence and Security Informatics Conference, San Diego, CA, pages 684-685, Lecture Notes in Computer Science, May, 2006.
Li Yang, Raimund K. Ege, Security Enforced Mediation Systems for Data Integration, INFOCOMP Journal, ISSN: 1807-4545, pages 1-10, March, 2006.
SecCMP: A Secure Chip-Multiprocessor Architecture
Security has been considered as an important issue in processor design. Most of the existing mechanisms address security and integrity issues caused by untrusted main memory in single-core systems. We propose a secure Chip-Multiprocessor architecture (SecCMP) to handle security related problems such as key protection and core authentication in multi-core systems. Threshold secret sharing scheme is employed to protect critical keys because secret sharing is a distributed security scheme that matches the nature of multi-core systems. A critical secret is divided and distributed among multiple cores instead of keeping a single copy that is sensitive to exposure. The proposed SecCMP can not only enhance the security and fault-tolerance in key protection but also support core authentication. It is designed to be an efficient and secure architecture for CMPs. We use an application to demonstrate secure and remote critical information access and sharing supported by our SecCMP. Integrated with identity based cryptography, the SecCMP provides a secure and reliable way to generate and distribute encryption keys between local host and remote site when prior distribution of keys is not available.
Li Yang, Lu Peng, SecCMP: A Secure Chip-Multiprocessor Architecture, Proceedings of Workshop on Architectural and System Support for Improving Software Dependability (ASID), in conjunction with International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS), ACM digital library, pages 72-76, San Jose, CA, October 2006.
Integrate Trust into Usage Control in File Sharing
Most access control models have formal access control rules to govern the authorization of a request from a principal. Trust evaluation helps to identify a principal or behaviors of a principal in a pervasive and collaborative environment when complete information on a principal is not available. We integrate trust management into usage control model to make file sharing decision in an ever-changing environment. The attributes associated with a certain principal and requested objects, contexts associated with a certain request, and even behaviors of a principal can change during the collaborative file sharing environment. A variety of such mutability poses challenges in file protection when resources sharing must happen during collaboration. In order to address the challenges, we propose a framework to determine trust value of a principle of a principle and thus integrate the trust into access control to make decision on resource exchange. First, a trust value for a principal is evaluated based on both observed behaviors and peer recommendations. Second, the usage-based access control rules are checked to decide the authorization of a request. Our system is dynamic because untrusted principal can be disenrolled and on-going access can be revoked when it does not meet the access control rules due to mutability. We apply our trust based-usage control framework into an application of file sharing by simulation.
Li Yang, Chang Phuong, Andy Novobilski, and Raimund Ege, Integrate Trust into Usage Control in File Sharing, under a journal review.
Dependable Information Communication System (DICS) in Disaster Management
Disaster management efforts can range from disaster forecast, intro- and inter-agency coordination protocols, emergency notification, acknowledging and evacuation plans, to rescue relief distribution methods, e.g. food and drugs distribution. The key challenge for all the above efforts is the dependable and timely communication between agencies and masses, which could significantly mitigate emergency management ability to minimize the damage. The proposed dependable information communication system (DICS) will provide and maintain vital communication between the mass, physical environment, emergency responders, safety department, hospitals, police offices and emergency services in the face of the natural disaster (e.g., Hurricane) or man-made disaster (e.g., terrorism). The proposed system includes a wireless sensor ad hoc network that monitors real-time situation of environments as well as peers, and a set of reliable Information Communication Mediators (ICMs) that employ redundant network communication channels. The ICMs progressively and securely deliver and acknowledge receipts of time-sensitive disaster-related information over several channels such that they can reinforce secure communication between different agencies.
Information Communications Mediator Model in Disaster Management, Tennessee Higher Education Commission's Center of Excellence in Applied Computational Science and Engineering under grants R04-1302-005. 2006-2007, awarded.