Under-Water Sensor Networking (UWSN) is a novel network paradigm that is being proposed to explore, monitor and protect the oceans. The unique characteristics of the aquatic environment, namely huge propagation delay, absence of GPS signaling, floating node mobility, and limited (acoustic) link capacity, are very different from those of ground sensor networks. Since underwater networks are mostly autonomous and very difficult to directly monitor by humans, a very important requirement is the built-in protection from automated malicious attacks. In this paper we show that the aquatic environment is particularly vulnerable to attacks and security must be integrated into the UWSN architecture to protect its localization, synchronization and packet delivery services.

In this paper, we describe group key management protocosl for hierarchical sensor networks where instead of using pre-deployed keys, each sensor node generates a partial key dynamically using a function. The function takes partial keys of its children as input. The design of the protocol is motivated by the fact that traditional cryptographic techniques are impractical in sensor networks because of high energy and computational overheads. The group key management protocol supports the establishment of two types of group keys; one for the sensor nodes within a group, and the other in a group of cluster heads. The protocol handles freshness of the group key dynamically, and eliminates the involvement of a trusted third party (TTP). We have experimentally evaluated the time and energy consumption in broadcasting partial keys and group key under two sensor routing protocols (Tiny-AODV and Tiny-Diffusion) by varying the number of nodes and key sizes. The performance study provides the optimum number of partial keys needed for computing the group key to balance the available security and power consumption. The experimental study also concludes that the energy consumption in SPIN [9] increases rapidly as the number of group members increases in comparison to our protocol.

Trust - “reliance on the integrity, ability, or character of a person or thing” - is pervasive in social systems. We constantly apply it in interactions between people, organizations, animals, and even artifacts. We use it instinctively and implicitly in closed and static systems, or consciously and explicitly in open or dynamic systems. An epitome for the former case is a small village, where everybody knows everybody, and the villagers instinctively use their knowledge or stereotypes to trust or distrust their neighbors. A big city exemplifies the latter case, where people use explicit rules of behavior in diverse trust relationships. We already use trust in computing systems extensively, although usually subconsciously. The challenge for exploiting trust in computing lies in extending the use of trust-based solutions, first to artificial entities such as software agents or subsystems, then to human users’ subconscious choices.

In a cellular network, if there are too many data users in a cell, data may suffer long delay, and system’s quality-of-service (QoS) will degrade. Some traditional schemes such as dynamic channel-allocation scheme (DCA) will assign more channels to hot (or overloaded) cells through a central control system (CC), and the throughput increase will be upper bounded by the number of new chan- nels assigned to the cell. In mobile-assisted data forwarding (MADF), we add an ad-hoc overlay to the fixed cellular infrastructure and special channels–called forwarding channels– are used to connect mobile units in a hot cell and its surrounding cold cells without going through the hot cell’s base station. Thus, mobile units in a hot cell can forward data to other cold cells to achieve load balancing. Most of the forwarding-channel management work in MADF is done by mobile units themselves in order to relieve the load from the CC. The traffic increase in a certain cell will not be upper bounded by the number of forwarding channels. It can be more if the users in hot cell are significantly far away from one another, and these users can use the same forwarding channels to forward data to different cold neighboring cells without interference. We find that, in a system using MADF, under a certain delay requirement, the throughput in a certain cell or for the whole network can be greatly improved.

A key inhibitor to effective distance education in Information Technology is providing a “hands on” laboratory experience that allows students to acquire the application and problem solving skills expected of IT graduates. While there are instances of universities developing and deploying remote labs where students are able to perform labs through the Internet using “virtual machines” and other technologies, many have found the complexity and time required to maintain labs problematic and therefore prohibitive. This paper analyzes current trends in remote lab design and explores a design that intends to increase utilization between courses, lower costs, ease management, and reduce the time needed to implement remote labs.

Educators who have been through accreditation are well aware of the need for outcomes-based learning and assessment. However, there are misunderstandings about what outcomes based assessment is, and how it can improve teaching and learning. We understand that accreditation requirements can be a reason for adopting outcomes-based assessment, but our real goal is to convey to our readers how outcomes-based assessment can provide meaningful and useful feedback to the instructor regarding student achievement, assessment, and the quality of the instruction.

The IT2005 model curriculum describes Information Assurance and Security as a pervasive theme that must be integrated throughout the IT curriculum.  The associated knowledge area provides a minimum set of outcomes associated with this important subject.  Implementing a knowledge area that is required across the entire curriculum is a significant challenge, since security has historically been given weak coverage in computing courses.  In this paper we introduce the approaches used in two IT programs for implementing the IT2005 requirement for IAS as a “pervasive theme”.  We also include a brief introduction to IT2005 and to the Information Assurance Education community.  It is our belief that any program that is preparing students to deploy computing technology in the current world environment should include security concerns in the curriculum.  We hope that our experience can help others achieve this important goal.

In this paper we present the context of the work of the Curriculum Committee on IT2005, the IT curriculum volume described in the Overview Draft document of the Joint Task Force for Computing Curriculum 2004. We also provide a brief introduction to the history and work of the Information Assurance Education community. These two perspectives provide the foundation for the main thrust of the paper, which is a description of the Information Assurance and Security (IAS) component of the IT2005 document. Finally, we end the paper with an example of how IAS is being implemented at BYU as a “pervasive theme” that is woven throughout the curriculum and conclude with some observations about the first year’s experience.

An adequate level of trust must be established between prospective partners before an interaction can begin. In asymmetric trust relationships, one of the interacting partners is stronger. The weaker partner can gain a higher level of trust by disclosing private information. Dissemination of sensitive data owned by the weaker partner starts at this moment. The stronger partner can propagate data to others, who may then choose to spread data further. The proposed scheme for privacy-preserving data dissemination enables control of data by their owner (such as a weaker partner). It relies on the ideas of bundling sensitive data with metadata, an apoptosis of endangered bundles, and an adaptive evaporation of bundles in suspect environments. Possible applications include interactions among patients and healthcare providers, customers and businesses, researchers, and suppliers of their raw data. They will contribute to providing privacy guarantees, which are indispensable for the realization of the promise of pervasive computing.

Continuous monitoring of a network domain poses several challenges. First, routers of a network domain need to be polled periodically to collect statistics about delay, loss, and bandwidth. Second, this huge amount of data has to be mined to obtain useful monitoring information. This increases the overhead for high speed core routers, and restricts the monitoring process from scaling to a large number of flows. To achieve scalability, polling and measurements that involve core routers should be avoided. We design and evaluate a distributed monitoring scheme that uses only edge-to-edge measurements, and scales well to large network domains. In our scheme, all edge routers form an overlay network with their neighboring edge routers.  The network is probed intelligently from nodes in the overlay to detect congestion in both directions of a link. The proposed scheme requires significantly fewer number of probes than existing monitoring schemes.  Through analytic study and a series of experiments, we show that the proposed scheme can effectively identify the congested links. The congested links are used to capture the misbehaving flows that are violating their service level agreements, or attacking the domain by injecting excessive traffic.

Security, flexibility, and scalability are critical to the success of wireless communications. Wireless networks with movable base stations combine the advantages of mobile ad hoc networks and wireless LAN to achieve these goals. Hierarchical mobile wireless network (HMWN) is proposed for supporting movable base stations. In such a system, mobile hosts are organized into hierarchical groups. The group agents serve as a distributed trust entity. A secure packet forwarding algorithm and an authentication and key exchange protocol are developed to protect the network infrastructure. A roaming support mechanism and the associated mutual authentication protocol are proposed to secure the foreign group and the mobile host when it roams within the network. The computation overhead of secure packet forwarding and roaming support algorithms is studied via experiments. The results demonstrate that these two security mechanisms only require, respectively, less than 2% and 0.2% to 5% CPU time in a low-end 700 MHz PC.

A mobile ad hoc network is a collection of wireless terminals that can be deployed rapidly. Its deficiencies include limited wireless bandwidth efficiency, low throughput, large delays, and weak security. Integrating it with a well-established cellular network can improve communication and security in ad hoc networks, as well as enrich the cellular services. This research proposes a cellular-aided mobile ad hoc network (CAMA) architecture, in which a CAMA agent in the cellular network manages the control information, while the data is delivered through the mobile terminals (MTs). The routing and security information is exchanged between MTs and the agent through cellular radio channels. A position-based routing protocol, the multi-selection greedy positioning routing (MSGPR) protocol, is proposed. At times due to the complicated radio environment, the position information is not precise. Even in these cases, the MT can still find its reachable neighbors (the association) by exchanging ldquohellordquo messages. This association is used in complement with the position information to make more accurate routing decisions. Simulation results show that the delivery ratio in the ad hoc network is greatly improved with very low cellular overhead. The security issues in the proposed architecture and the corresponding solutions are addressed. The experimental study shows that CAMA is much less vulnerable than a pure ad hoc network.

In a fixed-channel-allocation (FCA) cellular network, a fixed number of channels are assigned to each cell. However, under this scheme, the channel usage may not be efficient because of the variability in the offered traffic. Different approaches such as channel borrowing (CB) and dynamic channel allocation (DCA) have been proposed to accommodate variable traffic. Our work expands on the CB scheme and proposes a new channel-allocation scheme—called mobile-assisted connection-admission (MACA) algorithm—to achieve load balancing in a cellular network, so as to assure network communication. In this scheme, some special channels are used to directly connect mobile units from different cells; thus, a mobile unit, which is unable to connect to its own base station because it is in a heavily-loaded “hot” cell, may be able to get connected to its neighboring lightly-loaded cold cell’s base station through a two-hop link. Research results show that MACA can greatly improve the performance of a cellular network by reducing blocking probabilities.