Browsing by Author "Tandjaoui, Djamel"

Now showing 1 - 16 of 16
  • Thumbnail Image
    Item
    A Lightweight Key Management Scheme for E-health applications in the context of Internet of Things
    (CERIST, 2014-03-15) Abdmeziem, Riad; Tandjaoui, Djamel
    In the context of Internet of Things where real world objects will automatically be part of the Internet, ehealth applications have emerged as a promising approach to provide unobtrusive support for elderly and frail people based on their situation and circumstances. However, due to the limited resource available in such systems and privacy concerns that might rise from the capture of personal data, security issues constitute a major obstacle to their deployment. Authentication of the different entities involved and data confidentiality constitute the main concerns for users that need to be addressed. In this paper, we propose a new key management scheme for an ehealth application to allow sensors and the Base Station (BS) to negotiate certain security credentials that will be used to protect the information flow. Our prtocol provides a strong level of security guaranteeing authentication and data confidentiality while the scarcity of resources is taken into consideration. The scheme is based on a lightweight Public Key Infrastructure (PKI) where the sensors have to perform only one Elliptic Curve Cryptography (ECC) decryption in the key establishment process. Data exchanges are then secured by the use of symmetric encryption. In addition, Time Stamps are used to prevent replay attacks along with Message Code Authentication (MAC) to ensure integrity.
  • No Thumbnail Available
    Item
    A Novel transport protocol for wireless mesh networks
    (Journal of Networking Technology, 2011-04-10) Kafi, Mohamed Amine; Tandjaoui, Djamel
    Throughput is the main concern in Wireless Mesh Networks (WMNs). The standard congestion control mechanism of TCP[7] is not able to handle the special properties of a shared wireless multi-hop channel well. Given that the unreliable wireless links and congestion are likely to be the source of throughput degradation in the network, reliable transport protocol conception dealing with wireless links properties can significantly improve the performance of such networks. This paper presents a novel transport protocol called MTCP, which covers these needs. Simulation results show that MTCP outperform TCP and its ad-hoc wireless variants in terms of reliability and congestion control.
  • Thumbnail Image
    Item
    An Authentication Scheme for heterogeneous Wireless Sensor Networks in the context of Internet of Things
    (CERIST, 2016-02-21) Khemissa, Hamza; Tandjaoui, Djamel
    The evolution of Internet of Things (IoT) is changing traditional perceptions of the current Internet towards a vision of smart objects interacting with each other. Wireless Sensor Networks play an important role and support different applications domains in the IoT environment. However, security issues are the major obstacle for their deployment. Among these issues, authentication of the different interconnected entities. In this paper, we are interested to the case of the interconnection of a sensor node with a remote user. We propose a new lightweight authentication scheme adapted to the resource constrained environment. This scheme allows both of the sensor and the remote user to authenticate each other in order to secure the communication. Our scheme uses nonces, exclusiveor operations, and Keyed-Hash message authentication to check the integrity of the different exchanges. Moreover, it provides authentication with less energy consumption, and it terminates with a session key agreement between the sensor node and the remote user. To assess our scheme, we carry out a performance and security analysis. The obtained results show that our scheme saves energy, and provides a resistance against different types of attacks.
  • Thumbnail Image
    Item
    An Authentication Scheme for Internet of Things
    (CERIST, 2015-07-10) Khemissa, Hamza; Tandjaoui, Djamel
    Internet of Things (IoT) is changing traditional perceptions of the current Internet towards a vision of smart objects interacting with each other. However, security issues are the major obstacle for their deployment. Among these issues, authentication of the different interconnected entities and exchanged data confidentiality constitutes the main concerns for users. In this paper, we propose a new lightweight authentication scheme for an e-health application in Internet of Things. This scheme allows both of sensors and the Base Station (BS) to authenticate each other in order to secure the collection of health-related data. Our scheme uses nonces and Keyed-Hash message authentication (HMAC). In addition, it provides authentication, and it terminates with a session key agreement between each sensor and the Base Station. To assess our scheme, we carry out a security analysis. The obtained results show that our scheme is resistant against different types of attacks.
  • Thumbnail Image
    Item
    An end-to-end secure key management protocol for e-health applications
    (Elsevier, 2015) Abdmeziem, Mohammed Riyadh; Tandjaoui, Djamel
    Key distribution is required to secure e-health applications in the context of Internet of Things (IoT). However, resources constraints in IoT make these applications unable to run existing key management protocols. In this paper, we propose a new lightweight key management protocol. This protocol is based on collaboration to establish a secure end-to-end communication channel between a highly resource constrained node and a remote entity. The secure channel allows the constrained node to transmit captured data while ensuring confidentiality and authentication. To achieve this goal, we propose offloading highly consuming cryptographic primitives to third parties. As a result, the constrained node obtains assistance from powerful entities. To assess our protocol, we conduct a formal validation regarding security properties. In addition, we evaluate both communication and computational costs to highlight energy savings. The results show that our protocol provides a considerable gain in energy while its security properties are ensured.
  • Thumbnail Image
    Item
    Architecting the Internet of Things: State of the Art
    (Springer International Publishing, 2016) Abdmeziem, Mohammed Riyadh; Tandjaoui, Djamel; Romdhani, Imed
    Internet of things (IoT) constitutes one of the most important technological development in the last decade. It has the potential to deeply affect our life style. However, its success relies greatly on a well-defined architecture that will provide scalable, dynamic, and secure basement to its deployment. In fact, several challenges stand between the conceptual idea of IoT, and the full deployment of its applications into our daily life. IoT deployment is closely related to the establishment of a standard architecture. This architecture should support future extensions, and covers IoT characteristics such as distributivity, interoperability, and scalability. A well defined, scalable, backward compatible, and secure architecture is required to bring the IoT concept closer to reality. In the literature, several architectures have been proposed. Nevertheless, each architecture brings a share of drawbacks, and fails covering all IoT characteristics. In this chapter, we review the main proposed architectures for the Internet of Things, highlighting their adequacy with respect to IoT requirements. Firstly, we present IoT building blocks. Then, we introduce the high level architecture of IoT before diving into the details of each proposed architecture. In addition, we introduce a classification of the reviewed architectures based on their technical aspects, and their ability to match IoT characteristics. Finally, based on the main shortcomings of the proposed architectures, we conclude with some design ideas for shaping the future IoT.
  • Thumbnail Image
    Item
    Evaluation of the impacts of Sybil attacks against RPL under mobility
    (CERIST, 2014-06) Medjek, Faiza; Tandjaoui, Djamel; Djedjig, Nabil
    The Routing Protocol for Low-Power and Lossy Networks (RPL) is the routing protocol standardized for constrained environments such as 6LoWPAN networks, and is considered as the routing protocol of the Internet of Things (IoT). However, this protocol is subject to several attacks that have been analyzed on static case. Nevertheless, IoT will likely present dynamic and mobile applications. In this paper, we introduce potential security threats on RPL, in particular Sybil attacks when the Sybil nodes are mobile. In addition, we present an analysis and a discussion on how network performances can be affected. Our analysis shows, under Sybil attacks while nodes are mobile, that the performances of RPL are highly affected compared to the static case. In fact, we notice a decrease in the rate of packet delivery, and an increase in control messages overhead. As a result, energy consumption at constrained nodes increases. Our proposed attacks demonstrate that Sybil mobile nodes can easily disrupt RPL and overload the network with fake messages making it unavailable. Based on the obtained results we provide some recommendations to tackle this issue.
  • Thumbnail Image
    Item
    Fault-tolerant AI-driven Intrusion Detection System for the Internet of Things
    (Elsevier, 2021-09) Medjek, Faiza; Tandjaoui, Djamel; Djedjig, Nabil; Romdhani, Imed
    Internet of Things (IoT) has emerged as a key component of all advanced critical infrastructures. However, with the challenging nature of IoT, new security breaches have been introduced, especially against the Routing Protocol for Low-power and Lossy Networks (RPL). Artificial-Intelligence-based technologies can be used to provide insights to deal with IoT’s security issues. In this paper, we describe the initial stages of developing, a new Intrusion Detection System using Machine Learning (ML) to detect routing attacks against RPL. We first simulate the routing attacks and capture the traffic for different topologies. We then process the traffic and generate large 2-class and multi-class datasets. We select a set of significant features for each attack, and we use this set to train different classifiers to make the IDS. The experiments with 5-fold cross-validation demonstrated that decision tree (DT), random forests (RF), and K-Nearest Neighbours (KNN) achieved good results of more than 99% value for accuracy, precision, recall, and F1-score metrics, and RF has achieved the lowest fitting time. On the other hand, Deep Learning (DL) model, MLP, Naïve Bayes (NB), and Logistic Regression (LR) have shown significantly lower performance.
  • Thumbnail Image
    Item
    Gestion de clés et sécurité multipoint: étude et perspectives
    (Springer-Verlag, 2003) Seba, Hamida; Bouabdallah, Abdelmadjid; Badache, Nadjib; Bettahar, Hatem; Tandjaoui, Djamel
    La communication multipoint (ou communication de groupe) est un moyen efficace pour envoyer des données aux membres d’un groupe. Plusieurs types d’applications utilisant les communications multipoint nécessitent un certain niveau de sécurité: authentification, intégrité, confidentialité et contrôle d’accès. Comme les techniques implémentant ces services dans les communications point-à-point ne peuvent être appliquées telles quelles aux communications de groupe, la sécurité des communications de groupe a fait l’objet de plusieurs travaux. La gestion de clés qui constitue la brique de base des services de sécurité a été largement étudiée et a donné lieu à plusieurs publications. Dans cet article, nous décrivons les différentes approches existantes pour gérer et distribuer les clés dans un groupe. Nous discutons les avantages et les inconvénients des protocoles proposés dans la littérature et présentons une classification et une étude comparative de ces protocoles. Nous terminons cet article par quelques critiques et perspectives.
  • Thumbnail Image
    Item
    Multicast DIS attack mitigation in RPL-based IoT-LLNs
    (Elsevier, 2021-09) Medjek, Faiza; Tandjaoui, Djamel; Djedjig, Nabil; Romdhani, Imed
    The IPv6 Routing Protocol for Low-Power and Lossy Networks (RPL) was standardised by the IETF ROLL Working Group to address the routing issues in the Internet of Things (IoT) Low-Power and Lossy Networks (LLNs). RPL builds and maintains a Destination Oriented Directed Acyclic Graph (DODAG) topology using pieces of information propagated within the DODAG Information Object (DIO) control message. When a node intends to join the DODAG, it either waits for DIO or sends a DODAG Information Solicitation (DIS) control message Multicast to solicit DIOs from nearby nodes. Nevertheless, sending Multicast DIS messages resets the timer that regulates the transmission rate of DIOs to its minimum value, which leads to the network’s congestion with control messages. Because of the resource-constrained nature of RPL-LLNs, the lack of tamper resistance, and the security gaps of RPL, malicious nodes can exploit the Multicast DIS solicitation mechanism to trigger an RPL-specification-based attack, named DIS attack. The DIS attack can have severe consequences on RPL networks, especially on control packets overhead and power consumption. In this paper, we use the Cooja–Contiki simulator to assess the DIS attack’s effects on both static and dynamic PRL networks. Besides, we propose and implement a novel approach, namely RPL-MRC, to improve the RPL’s resilience against DIS Multicast. RPL-MRC aims to reduce the response to DIS Multicast messages. Simulation results demonstrate how the attack could damage the network performance by significantly increasing the control packets overhead and power consumption. On the other hand, the RPL-MRC proposed mechanism shows a significant enhancement in reducing the control overhead and power consumption for different scenarios.
  • Thumbnail Image
    Item
    Un nouveau schéma d’authentification pour le protocole Mobile IP
    (CERIST, Alger, 2006) Chenait, Manel; Tandjaoui, Djamel; Badache, Nadjib
    Le protocole Mobile IP est un protocole de niveau réseau permettant à un mobile d’être joint et de communiquer (avec d’autres mobiles ou terminaux fixes) quelle que soit sa position géographique. Néanmoins, autoriser une machine à se connecter sur un réseau puis à se déplacer de réseau en réseau entraîne de nombreux risques de sécurité. Il sera nécessaire de s’assurer l’intégration des différents services de sécurité en particulier l’authentification Trois procédures d’authentification ont été proposées pour Mobile IP : l’authentification est standard exécutée lors de l’enregistrement où chaque entité incluse la signature de l’émetteur. Le récepteur vérifie la signature, si il la trouve exacte c’est à dire qu’il est sûr de l’authenticité de l’émetteur. L’inconvénient de cette solution est l’absence de l’outil de gestion de clés entre les entités. Le second schéma est l’authentification asymétrique où la clé publique est utilisée pour signer les messages. Le troisième schéma est l’authentification Mobile IP/AAA qui utilise une infrastructure externe AAA pour renforcer la sécurité. L’entité AAAH joue le rôle de centre de gestion de clés. Néanmoins, si cette entité tombe en panne tous le système sera vulnérable aux attaques. Dans cet article, nous avons proposé un nouveau schéma pour Mobile IP, l’idée est la régénération des clés partagées entre les trois entités et cela à chaque intra domaine, nous avons proposé aussi une politique locale de la gestion des clés dans le même domaine pour éviter l’introduction des infrastructure AAA après chaque mouvement du nœud mobile.
  • Thumbnail Image
    Item
    Performance Analysis of Binding Update in Mobile IP during Handoff
    (Springer Berlin Heidelberg, 2004) Tandjaoui, Djamel; Badache, Nadjib; Bouabdallah, Abdelmadjid
    Mobile IP protocol was proposed to handle users mobility on Internet. However, Mobile IP suffers from many drawbacks especially handoff latency. In this paper, we investigate the loss of successive binding update requests and their impact on handoff latency. We show that handoff latency increases in case of successive binding update requests loss. We propose an enhancement of binding update in Mobile IP. It consists on reducing the timeout to half just after the loss of the first binding update. So, the mobile node sends two binding update requests within a timeout. By doing so, we increase the probability that one binding update request reach the home agent. We present an analytical model of handoff latency based on packets loss probability. The simulation shows that our solution reduces considerably the additional handoff latency induced by successive binding update requests loss.
  • Thumbnail Image
    Item
    QoS aware Multiple Spanning Tree Mechanism in Multi-Radio multi-channel WMN
    (CERIST, 2009) Aoufi, souhila; Tandjaoui, Djamel
    A single-channel wireless mesh backbone may suffer from capacity limitations since all the wireless routers share the same channel. A multi-channel broadband wireless mesh backbone may have different capacity. This paper addresses the problem of channel assignment (CA) with differentiated services (DiffServ) to support the quality-of-service (QoS) in the wireless mesh backbone. We propose a novel, simple and yet highly effective enhancement to the Spanning Tree protocol of ‘hyacinth’ to achieve high degree of QoS by keeping in perspective the different characteristics of the various traffic types in the Diffserv framework. We discuss the problems of CA and present in detail our proposed extension to overcome them
  • Thumbnail Image
    Item
    Trust management in IoT routing protocol
    (CERIST, 2015-04-19) Djedjig, Nabil; Tandjaoui, Djamel; Medjek, Faiza
    The Routing Protocol for Low-Power and Lossy Networks (RPL) is the routing protocol standardized for constrained environments such as 6LoWPAN networks, and is considered as the routing protocol of the Internet of Things (IoT). However, this protocol is subject to several internal and external attacks. In this paper, we investigate a trust management protocol in RPL. Our idea of trust management in RPL is to establish a dynamic trust relationship between the different nodes involved in routing. In fact, RPL organizes a logical representation of the network topology using control messages. In our proposed protocol, we strengthen RPL by adding a new trustworthiness metric during RPL construction and maintenance. This metric allows a node to decide whether or not to trust the other nodes during the construction of the topology.
  • Thumbnail Image
    Item
    Trust-aware and cooperative routing protocol for IoT security
    (2020-06) Djedjig, Nabil; Tandjaoui, Djamel; Medjek, Faiza; Romdhani, Imed
    The resource-constrained nature of IoT objects makes the Routing Protocol for Low-power and Lossy Networks (RPL) vulnerable to several attacks. Although RPL specification provides encryption protection to control messages, RPL is still vulnerable to internal attackers and selfish behaviours. To address the lack of robust security mechanisms in RPL, we design a new Metric-based RPL Trustworthiness Scheme (MRTS) that introduces trust evaluation for secure routing topology construction. Extensive simulations show that MRTS is efficient in terms of packet delivery ratio, energy consumption, nodes’ rank changes, and throughput. In addition, a mathematical modelling analysis shows that MRTS meets the requirements of consistency, optimality, and loop-freeness and that the proposed trust-based routing metric has the isotonicity and monotonicity properties required for a routing protocol. By using game theory concepts, we formally describe MRTS as a strategy for the iterated Prisoner’s Dilemma and demonstrate its cooperation enforcement characteristic. Both mathematical analysis and evolutionary simulation results show clearly that MRTS, as a strategy, is an efficient approach in promoting the stability and the evolution of the Internet of Things network.
  • No Thumbnail Available
    Item
    مرسوم مراقبة التنقل للشبكة اللّاسلكيّة المشبّكة
    (2011-05-31) Kafi, Mohamed Amine; Tandjaoui, Djamel
    تعدّ الإنتاجية واحدة من بين الاهتمامات الكبرى بالنسبة للشبكة اللاسلكية المشبّكة. إنّ آليّة مراقبة الازدحام المكوّنة لمراسم مراقبة التنقل النموذجية[7] لا يمكنها التحكم بعناية في القنوات اللاسلكية المشتركة المتعددة الخطوات وهذا نظرا للخصائص المتعلقة بهذه الأخيرة. وبالنّظر إلى أن الصلات اللاسلكية غير الوفيّة بطبيعتها والازدحام من المحتمل أن يكونا مصدرا لتدهور الإنتاجية في الشبكة، فإنّ إنشاء مرسوم مراقبة تنقّل موثوق و فعّال آخذ بعين الاعتبار خصائص الوصلات اللاسلكية يمكن أن يحسّن بشكل كبير أداء هذه الشبكات. تعرض هذه الورقة مرسوم مراقبة تنقّل جديد و المسمّى " مرسوم مراقبة التّنقل المشبّك" والذي يضمن الاحتياجات المذكورة أعلاه. نتائج المحاكاة تبين أن المرسوم المشبك يتفوّق على مرسوم مراقبة التنقل النموذجي ومشتقاته الخاصة بالشبكة اللاسلكية و هذا من حيث الموثوقية والتحكم في الازدحام.