الفهرس 
abstractOnly 14 pages are availabe for public view
 |  | from | 162 |  |  |
| | | from | 162 | | |
Abstract
The trade-off between security and quality of service (QoS) in wireless networks has attracted great attention in recent years. This dissertation presents a hardware implementation of a novel framework for realizing the trade-off between security and QoS in wireless sensor networks (WSNs) regarding the hostility of the operating environment, the required security services, and the available resources of WSN objects. For evaluating the hostility of the operating environment, we developed an effective Intrusion Detection System (IDS) that sends an alert signal to a control unit that also collects the data-carrying information about the available resources. As our work is concerned with WSNs as a significant type of wireless network, we focus on the power consumption of sensor nodes as the considered object resources. According to the collected data from the IDS and a resources’ status unit, the control unit can evaluate the situation of the object in the operating environment and sends control signals to a security unit to select the appropriate level of security among three levels (low, medium, and high) available in our framework. The three security levels consider different combinations of the cryptographic algorithms Hash-based Message Authentication Code (HMAC) and Advanced Encryption Standard (AES), with different key lengths, regarding the required security services (confidentiality, authentication, and integrity) and available resources.
For guaranteeing effective intrusion detection, we developed an effective signature-based IDS. Our developed IDS includes two main databases of attack signatures and blacklists of IP addresses. The main database of the signatures is classified into three sub-databases regarding the protocol type of the packet. Also, the main database of the IP blacklist is classified into sub-databases according to the most significant four bits of the IP address. This database classification helps in reducing the time of searching and comparison processes, where we direct the searching process to the appropriate sub-database instead of the whole database. The incoming packet is processed to extract the source IP, protocol type, and payload. Regarding the protocol type, the payload is compared with the stored signatures in the databases. Simultaneously, the source IP is compared with the IP blacklist database. If there is matching with the signatures database or IP blacklist database, an alert signal is sent to the control unit in our framework. Furthermore, our developed IDS is automatically updated, where if there is a signature matching only, the IP blacklist database is updated with the source IP address of the current packet. If there is an IP address matching only, the signatures database is updated to consider the current payload as an attack signature. The main core of the signature-based IDS is the string-matching unit that is used in the comparison processes. Hence, for ensuring the development of a high-speed IDS, we proposed an enhanced hardware implementation for the binary search algorithm as the string-matching unit of the IDS.
As our work is concerned with the trade-off between QoS and security, we have considered the hardware implementation of our framework for ensuring strong physical security with reliable performance. In general, Field Programmable gate Array (FPGA) or Application-Specific Integrated Circuits (ASIC) platforms are used to perform hardware implementation. Unlike ASIC, FPGA can continually be reconfigured through and after the design. The hardware implementation of our framework, using Virtex-7 (xc7v585tffg1761-3) FPGA, has manifested effectiveness with a maximum operating frequency of 206.838MHz and a throughput of 2.3Gbps. Furthermore, we succeeded in realizing perfect performance for the algorithms AES and HMAC as stand-alone algorithms with maximum frequencies of 540.212, 483.062, 294.837 and 206.838 MHz for AES-128, AES-192, HMAC-SHA256 and HMAC-SHA512 respectively. Also, a throughput of 69.15, 56.07, 2.6 and 2.3 Gbps respectively. This has been achieved by applying some efficient techniques to improve the performance of these algorithms such as loop-unrolling, sub and full pipelining techniques for the AES algorithm. This helps in increasing the operating frequency of our developed framework. Also, we applied an efficient implementation for the Mix-Columns and S-Box operations in AES that does not require significant processing time. We also applied the concept of the operation rescheduling in the Secure Hash Algorithm (SHA) to reduce the data sequentiality and have the ability to apply the pipelining technique to speed up its performance. Also, our developed IDS and Binary Search Algorithm achieved a maximum operational frequency of 479.66MHz and 653.339MHz, and throughput of 15.35Gbps and 20.09Gbps respectively.
This dissertation is organized into six chapters, the overview of all the chapters is as follows: -
Chapter 1 introduces the motivation, research problem and our contributions.
Chapter 2 gives an overview of wireless networks, their benefits, limitations, and their security requirement. It also gives an overview of some cryptographic techniques such as HMAC and AES. Furthermore, it presents an overview of IDSs and their types. It also introduces an overview of WSNs.
Chapter 3 presents an overview of some existing work related to the tradeoff between security and QoS considering their contributions and weaknesses. It also introduces a hardware implementation for an effective framework for the trade-off between security and QoS in WSNs.
Chapter 4 presents an overview of some existing works related to IDSs considering their contributions and drawbacks. It also introduces a pipelined implementation of an effective signature-based IDS using the Binary Search Algorithm as a string-matching unit.
Chapter 5 introduces an overview of FPGAs and discusses the simulation and implementation results of the developed framework. It also presents a comparison with other previous works.
Chapter 6 summarizes our conclusions and points out some suggestions for future work.