originated from without trusting the unauthenticated IP headers. One can store annotations either in the packet (i.e. piggyback each tuple with its complete “path” or “provenance”), or maintain state at each router, to allow for subsequent traceback via a distributed query during forensic analysis. To reduce the storage and communica- tion overhead, ForNet  and Time Machine have proposed techniques that trade-off accuracy for perfor- mance, by using summarization (via bloom ﬁlters) and sampling techniques to compress the provenance. Accountability: Forensics analysis is essentially a form of call-detail used in voice telephone networks, where historical information on the caller, callee, length of call, and call status both in real-time and in many cases his- torically through the examination of call detail records. One important use of the call-detail information is to en- force accountability, or proper usage in networks. For example, PlanetFlow  is a network auditing service provided on PlanetLab , to provide accountability for all trafﬁc generated by PlanetLab services, to ensure that all users are in accordance with PlanetLab policies. Trust Management: In our ﬁnal use case, network provenance is useful for enforcing distributed trust man- agement  policies in networked information systems. Using an example from Internet routing, the path-vector protocol used in BGP carries the entire path during route advertisement, in order to allow for ASes to enforce their respective policies. More generally, provenance in our system enables any networked information node to trace the origins of its data, and hence enforce trust poli- cies to accept or reject incoming updates based on the source origins. The Orchestra  p2p data-integration engine uses provenance in this manner, to accept or re- ject updates from neighboring nodes by examining the provenance of updates and the trust relationships among nodes. Taking this idea one step further, one can main- tain a quantiﬁable notion of trust, e.g. accepting an up- date only if over K principals assert the update.
In the context of vehicular networks, a handful of research work focuses on privacy-preserving and anonymous communications, e.g., [21-25]. Sun et al.  proposed an identity-based security system for user privacy in Vehicular Ad-hoc Networks (VANETs) using pseudonym-based and group-signature-based authentication schemes to satisfy the security requirements of authentication, non-repudiation, message integrity and confidentiality while achieving privacy desired by vehicles and accountability required by authorities. The security system is proposed for safety messages broadcast where vehicles obtain a set of short-lived pseudonyms and renew them later via communications with the road side units (RSUs). The authors designed a threshold signature-based scheme to prevent corrupted or compromised authorities to frame an innocent vehicle. When a misbehaving vehicle is detected, all its pseudonyms will be revoked. This method results in a large certification revocation list (CRL) and all other vehicles within the same access group should update their information, which also results in high checking and updating overhead. Furthermore, if the RSU is compromised, the adversary will be able to link the issued pseudonymous certificates with the real identity of the targeted vehicle.
The connectivity restoration problems are subjected to path length constraints. Basically, in some applications, such as combat robotic networks and search-and-rescue operation, timely coordination among the actors is required, and extending the shortest path between two actors as a side effect of the recovery process would not be acceptable. For example, interaction among actors during a combat operation would require timeliness to accurately track and attack a fast moving target. A novel approach is proposed. It relies on the local view of a node about the network to relocate the least number of nodes and ensure that no path between any pair of affected nodes is extended relative to its pre failure status. A novel protocol should try to avoid message dropping and create alternate path for massage forwarding and repair the faulty nodes.
Various methods are used to carry out a denial-of-sleep attack. These are commonly classified as sleep deprivation, barrage, synchronization, replay, collision and broadcast attacks . These attacks take advantage of vulnerabilities such as frame collisions, message overhearing and idle listening . On the other hand, various approaches have been proposed to detect and prevent denial-of-sleep attacks. Existing comparisons of these approaches are qualitative in nature with a focus on their strengths and weaknesses . Wireless sensor networks which form part of the core of the Internet of things consists of resource constrained sensors that are usually powered by batteries. Hence, there is need for energy-awareness when working with these devices. The presence, as well as the absence of security can have negative effects on energy consumption of these sensors. While the introduction of security techniques such as authentication and encryption in order to ensure confidentiality, integrity of data could place more load on the sensors, the absence of security could also give room for energy-drain attacks such as denial-of-sleep attacks which has a higher negative impact on the life span (availability) of the sensors than the presence of security techniques.
In ad hoc networks the shape of routing paths may change considerably because of mobility of nodes while the connectivity is undamaged. Most of the previously proposed on-demand routing schemes do not initiate a new path discovery process until there is a link failure. The Path Aware algorithm monitors the route and tries to shorten it if shortcut path is available. Consider source node Src q and a destination node Dest q . When node a
is such a protocol for secure routing of data from source to destination using trust values of nodes. In this protocol, global trust value of routing path is computed by considering multiplication of trust values of nodes in route. Source node will select its authentic neighboring node to securely forward the data and neighbor selection will be done taking distance and trust relation between nodes.However,to avoid hacking of data and to maintain privacy data transmitted will be locked wit common pair of key. Another approach is proposed by yuxin liu et al. to avoid black hole attack by using trust values. Source node will select its neighbour as next hop that has less distance with sink node and has trust values above the predefined threshold.
Liu et al.  presented a role-dependant privacy- preservation scheme (ROPS) to achieve secure interaction between an EV and the SG. The authors specified three roles in which an EV interacts with the SG: energy demand, energy storage, and energy supply. In each role, the EV has dissimilar security and privacy concerns. Therefore, Liu et al. proposed a set of interlinked sub protocols to incorporate different privacy considerations when an EV acts as a customer, storage or a generator. The proposed sub protocols utilise the ring signature, fair blind signature, and proxy re-encryption techniques to prevent the LAG from correlating the EV’s real identity with its sensitive information. It also depends on a central authority (CA) to assign pseudonyms to EVs and LAGs. Considering the large number of network entities and pseudonyms the CA has to manage, the CA is the bottleneck of this scheme.
We use an adaptation of the trust model  configured by Marsh for use in pure ad hoe Networks. Marsh’s model com- putes situational trust in agents based upon the general trust in the trustor and in the importance and utility of the situation in which an agent finds itself. General trust is basically the trust that one entity assigns another entity based upon all previous transactions in all situations. In our model each node have a trust evaluator which gathers data from the neighbor’s events in all states, filters it, assigns weights to each event and computes dif- ferent trust levels based upon them. The trust evaluator has three functions: trust derivation, quantification, and computation. At first, in GRPW-Mus the trust can come from the information about the successful transmission of any packet that is relayed by the neighboring node, such as some acknowledgments. Second, the neighboring node’s HELLO packet received on schedule can also conduce to the trust. These events can be categorized into data and control packet types, and in each event there are two states: success and fail, which record the number of successful events and failed events respectively. In trust quantification pro- cess, we represent trust from −1 to 1 signifying a continuous range from complete distrust to complete trust. Trust computa- tion involves an assignment of weights to the event that were monitored and quantified. We use the continuous range from 0 to 1 for representing the significance of a certain event from unim- portant to most important. The higher weights represent the event more important. We define the trust T to the neighboring node y by the node x, and it is given by the following equation:
As organizations become increasingly reliant on cloud com- puting for servicing their data storage requirements, the need to govern access control at finer granularities becomes particularly important. This challenge is increased by the lack of policy supporting data migration across geographic boundaries and through organizations with divergent regu- latory policies. In this paper, we present an architecture for secure and distributed management of provenance, enabling its use in security-critical applications. Provenance, a meta- data history detailing the derivation of an object, contains information that allows for expressive, policy-independent access control decisions. We consider how to manage and validate the metadata of a provenance-aware cloud system, and introduce protocols that allow for secure transfer of provenance metadata between end hosts and cloud authori- ties. Using these protocols, we develop a provenance-based access control mechanism for Cumulus cloud storage, capa- ble of processing thousands of operations per second on a single deployment. Through the introduction of replicated components, we achieve overhead costs of just 14%, demon- strating that provenance-based access control is a practical and scalable solution for the cloud.
A Lightweight Secure Scheme for Detecting In computer networking, a packet drop attack or black hole attack is a type of denial-of-service attack in which a router that is supposed to relay packets instead discards them. This usually occurs from a router becoming compromised from a number of different causes. One cause mentioned in research is through a denial-of-service attack on the router using a known DDoS tool. Because packets are routinely dropped from a lossy network, the packet drop attack is very hard to detect and prevent. In Wireless Sensor Networks. Wireless Sensor Network is broadly used in many application domains. These nodes collect data from many sensor nodes. There are many promising attacks like provenance forgery, Packet drop attack, Jamming attack etc. are found in the WSN while transmitting the data. A malicious adversary may introduce additional nodes in the network or compromise existing ones. Therefore, assuring high data trustworthiness is crucial for correct decision- making. Data provenance keeps log information of data about who accessed this data, who modified this data, the path from the data is traversed etc. Data provenance has important role in the evaluation of trustworthiness of data therefore, it is important to secure data provenance. The packet drop attack can be frequently deployed to attack wireless sensor network.
 K.-K. Muniswamy-Reddy, D. A. Holland, U. Braun, and M. I. Seltzer, ―Provenance-aware storage systems,‖ in Proc. USENIX Annu. Tech. Conf., General Track, 2006, pp. 43–56.  S. M. I. Alam and S. Fahmy, ―Energy- efficient provenance transmission in large-scale wireless sensor networks,‖ in Proc. IEEE Int. Symp. World Wireless, Mobile Multimedia Netw., 2011, pp. 1–6.
We extend the secureprovenance encoding scheme to detect packet drop attacks and to identify malicious node(s). We assume the links on the path exhibit natural packet loss and several adversarial nodes may exist on the path. For simplicity, we consider only linear data flow paths (i.e., as illustrated in Fig. 1(a)). Also, we do not address the issue of recovery once a malicious node is detected. Existing techniques that are orthogonal to our detection scheme can be used, which may initiate multipath routing  or build a dissemination tree around the compromised nodes . We augment provenance encoding to use a packet acknowledgementthat requires the sensors to transmit more meta-data. For a data packet, the provenance record generated by a node will now consist of the node ID and an acknowledgement in the form of a sequence number of the lastly seen (processed/forwarded) packet belongingto that data flow. If there is an intermediate packet drop,
An example of multilevel secure routing is shown in Figure 4. Source S initiates a packet that is destined to D and its SL is Second. The packet will be transmitted following path 1, since only the mesh routers whose SLs are equal to or higher than the SL of the packet are allowed to participate in route discovery. On the other hand, if the packet is classified as Fourth, it will be sent through path 2, because the mesh routers on path 2 meet the security requirement with shorter distance. Therefore, packets transmission is not only secure, but also has various degrees of sensitivity. Hence, the scheme is able to provide communication that can han- dle the concept of security classifications.
Abstract: Large number of application fields, like real-time financial analysis, e-healthcare systems, sensor networks, are working by continuous data streaming from multiple sources and through intermediate processing by multiple aggregators. Keeping track of data provenancesecure for such highly dynamic context is an important requirement, since data provenance is a key factor in assessing data trustworthiness which is useful for many applications. Provenance management for streaming data having several chalenging problems, including the assurance of high processing throughput, low bandwidth consumption, storage efficiency and secure transmission. In this paper, we propose a novel approach to securely transmit provenance for streaming data by embedding provenance into the interpacket timing domain while addressing the above mentioned problems. As provenance is hidden in another host-medium, our solution can be conceptualized as watermarking technique. However, unlike traditional watermarking approaches, we embed provenance over the interpacket delays (IPDs) rather than in the sensor data themselves, hence avoiding the problem of data degradation due to watermarking. Provenance is extracted by the data receiver utilizing an optimal threshold- based mechanism which minimizes the probability of provenance decoding errors. The ability to recover quickly of the scheme against outside and inside attackers is established through an extensive security analysis. Experiments show that our technique can recover provenance up to a positive level against perturbations to inter-packet timing characteristics.
Mobile Ad-hoc network , require no centralized administration or fixed network infrastructure such as base stations or access points, and can be quickly and inexpensively set up as needed. Pictorial representation of MANET is shown in Fig 1. They can be used in scenarios in which no infrastructure exists, or in which the existing infrastructure does not meet application requirements for reasons such as security or cost. Applications such as military exercises, disaster relief, and mine site operation may benefit from ad hoc networking, but secure and reliable communication is a necessary prerequisite for such applications. Industrial remote access and control via wireless networks are becoming more and more popular these days. One of the major advantages of wireless networks is its ability to allow data communication between different parties and still maintain their mobility.
Dr. Ragib Hasan is a tenure-track Assistant Professor at the Department of Computer and Information Sciences at the University of Alabama at Birmingham. With a key focus on practical computer security problems, Hasan explores research on cloud security, mobile malware security, secureprovenance, biomedical device security, social network security, and database security. Hasan is the founder of the SECuRE and Trustworthy Computing Lab (SECRETLab) at UAB. He is also a member of the UAB Center for Information Assurance and Joint Forensics Research. Prior to joining the University of Alabama at Birmingham in 2011, Hasan was an NSF/CRA Computing Innovation Fellow and Assistant Research Scientist at the Department of Computer Science, Johns Hopkins University. He received his Ph.D. and M.S. in Computer Science from the University of Illinois at Urbana Champaign in October, 2009, and December, 2005, respectively. Before that, he received a B.Sc. in Computer Science and Engineering and graduated summa cum laude from Bangladesh University of Engineering and Technology (BUET) in 2003. He also served in the faculty of the Department of Computer Science and Engineering at BUET. Dr. Hasan’s research is supported by the Department of Homeland Security, the Office of Naval Research, the National Science Foundation, Facebook Inc., Google Inc., and Amazon Inc. He is a 2014 awardee of the prestigious NSF CAREER Award for his work on cloud security. Dr. Hasan is also a recipient of the 2013 Google RISE Award, a 2013 Information Society Innovation Fund Award. 2013 Deutsche-Welle Best of Blogs and Online Innovation award, a 2011 Google Faculty Research Award, the 2009 NSF Computing Innovation Fellowship and the 2003 Chancellor Award and Gold Medal from Bangladesh University of Engineering and Technology. He is a founding member of Wikimedia Bangladesh chapter, a long term administrator of Bangla and English Wikipedias, and also the founder of Shikkhok.com – an award-winning online education platform for advancing STEM education in rural areas of India and Bangladesh which has won the 2013 Google RISE Award and 2013 Information Society Innovation Fund Award. His BanglaBraille project has won the 2014 The Bobs award in the best innovation category.
The IAQR algorithm introduces a routing modeling with four QoS constrained requirements associated with nodes or links, and defines four rules besides congestion avoidance rule. The algorithm can find a route in ad hoc networks that satisfies more QoS requirements of the incoming traffic and at the same time reduces constrained resources consumption as much as possible. The multi-QoS routing metric (AntSensNet) is proposed. The AntSensNet protocol builds a hierarchical structure on the network before choosing suitable paths to meet various QoS requirements from different kinds of traffic, thus maximizing network utilization, while improving its performance. In addition, AntSensNet is able to use a efficient multi-path video packet scheduling in order to get minimum video distortion transmission. Finally, extensive simulations are conducted to assess the effectiveness of this novel solution and a detailed discussion regarding the effects of different system parameters is provided.
In order to protect the data transmitted over a wireless channel may several international wireless organizations and wireless equipment providers have put forward some security standards for wireless networks, and the most common are WPA, WEP and 802.1X but a dynamic algorithm for providing security for wireless networks is still in search. In this paper we present a round robin based secure-aware packet scheduling algorithm RSAPS based on the algorithm proposed by Qin et al. 2008 .
Since the concept of sensor networks was invented, several solutions have been imple- mented. Some of these are domain specific prototypes, others are closed source and for in-house usage only and most of them have been discontinued after the project was fin- ished. Just a few aim at creating a generic, publicly available solution. A full assessment will be made of three projects that are at the time of writing the most active projects that aim at providing a sensor network solution that can be applied in several environment de- velopments, namely Global Sensor Networks (GSN) , the OGC SWE implementation by 52 ◦ North  and the Open SensorWeb Architecture (OSWA) . Finally, at the end of this section a small summary of other solutions will be discussed; these solutions are only described shortly by summarizing available literature.
Similarly, we discuss the distribution and update of secret keys in MoteSec-Aware in this section. To keep the confi- dentiality of messages transmitted over the network, there are two types of keys, session keys (used for LN/FNs to broadcast packet to FNs/SNs) and pairwise keys (used for each pair of nodes), used in our system. Here, the session key is distributed in advance. After sensor deployment, pairwise keys are constructed for pairs of sensor nodes by applying our CARPY+ scheme . The advantage of CARPY+ is that it can establish a pairwise key between each pair of sensor nodes without needing any communication. This property is essential in constructing the CFA scheme, because establishing a key via communication incurs an authentication problem, leading to circular dependency. CARPY+ is also resilient to a large number of node compromises so that the complexity for breaking the CARPY+ scheme is Ω(2 +1 ), where is a security parameter independent of the number of sensor nodes. When updating the session keys, we customize stateless session keys update schemes, which organize one-way key chain to facilitate the authentication of future keys based on previous ones. In stateless session keys update scheme, network owner α uses the pairwise key K α,β shared with