Open Access
Gu, Qijun
Graduate Program:
Information Sciences and Technology
Doctor of Philosophy
Document Type:
Date of Defense:
June 27, 2005
Committee Members:
  • Chao Hsien Chu, Committee Chair
  • Peng Liu, Committee Chair
  • C Lee Giles, Committee Member
  • Tracy Mullen, Committee Member
  • Guohong Cao, Committee Member
  • key management
  • denial of service
  • ad hoc network
  • wireless network
  • security
  • broadcast service
Wireless networks are becoming more and more important in our lives. However, due to the fact that wireless communication is on air, an adversary can easily eavesdrop on packets, imitate other wireless devices, forge packets, and so on. Hence, enhancing the security in wireless networks has become of vital importance. In this thesis, we mainly study two security aspects of wireless networks. One is service confidentiality and access control, that is to ensure only legitimate users can access service data according to their privileges. The other is the prevention of denial-of-service (DoS) attacks, that is to prevent injection of junk packets in wireless networks. To this end, we investigate the following two topics: key management in wireless broadcast services and hop-by-hop source authentication in wireless ad hoc networks. Wireless broadcast is a convenient and effective approach for disseminating data to a number of users. To provide secure access to broadcast data, key-based encryption ensures that only users who own valid keys can decrypt the data. Regarding various subscriptions in broadcast services, a key management system for distributing new keys efficiently and securely is in great demand. Hence, we propose a key management scheme, namely KTR, to address this need. KTR uses a shared key structure which exploits the overlapping relationships among different subscriptions and allows multiple programs to share a single key tree so that users who subscribe to these programs can manage less keys. KTR further reduces rekey cost by identifying the minimum number of keys that must be changed to ensure broadcast security. Wireless ad hoc networks have very limited network resources and are thus susceptible to attacks that focus on resource exhaustion, such as the injection of junk packets. These attacks cause serious denial-of-service via wireless channel contention and network congestion. Although ad hoc network security has been extensively studied, most previous work focuses on secure routing and cannot prevent attackers from injecting a large number of junk data packets into a route that has been established. We propose an on-demand hop-by-hop source authentication protocol, namely SAF, to defend against this type of packet injection attacks. The protocol can either immediately filter out injected junk packets with very high probability or expose the true identity of an injector. Unlike other forwarding defenses, this protocol is designed to fit in the unreliable environment of ad hoc networks and incurs very lightweight overhead in communication and computation. In summary, this study presents two security aspects of wireless networks. First, a key management scheme is proposed to address secrecy and efficiency in broadcast services, where keys are used for service confidentiality and access control. The proposed approach performs better in terms of communication overhead, computation load and storage in mobile devices. Second, a hop-by-hop source authentication approach is proposed to prevent the packet injection attack, which is a type of denial of service attack based on resource exhaustion. This approach provides source authentication in the unreliable environment in ad hoc networks without interfering with the delivery of legitimate packets.